Daily Archives: October 27, 2019

Hard Drive Recycling and Destruction

Published by:

Hard Drive Recycling and Destruction

Companies with sensitive data should always establish clear policies for storage media disposal. There are two choices available when a storage media is no longer needed.

Hard Drive Recycling and Destruction

The media can either be:

  • Recycled – Hard drives that have been wiped can be reused in other computers. The drive can be reformatted, and a new operating system installed. Two types of formatting can be performed as described in the figure.
  • Destroyed – Destroying the hard drive fully ensures that data cannot be recovered from a hard drive. Specifically designed devices such as hard drive crushers, hard drive shredders, incinerators, and more can be used for large volumes of drives. Otherwise physically damaging the drive with a hammer is effective.

A company may choose an outside contractor to destroy their storage media. These contractors are typically bonded and follow strict governmental regulations. They may also offer a certificate of destruction to provide evidence that the media has been completely destroyed.

The image describes methods of hard drive recycling and destruction. Low-level format definition, the surface of the disk is marked with sector markers identifying tracks where the data will be physically stored on the disk. Most often performed at the factory after the hard drive is assembled. Standard format definition, also called high-level formatting. Process creates a boot sector and a file system. A standard format can only be performed after a low-level format has been completed.

Securing a Computer

Computers and workstations should be secured from theft. This is a standard practice in a company as computers are typically secured in locked rooms.

To prevent unauthorized users from stealing or accessing local computers and network resources, lock your workstation, laptop, or server when you are not present. This includes physical security as well as password security.

If you must leave a computer in an open public area, cable locks should be used to deter theft.

Data displayed on your computer screen should also be protected. This is especially true when using a laptop in a public location such as an airport, coffee house, or customer site. Use a privacy screen to protect the information displayed on your laptop screen from prying eyes. A privacy screen is a clear plastic panel attached to the computer screen that only permits the user in front of the screen to see the information displayed.

Access to your computer must also be protected. There are three levels of password protection that can be used on a computer as described in the figure.

The image describes Three Types of Password Protection. BIOS password prevents the operating system from booting and changing BIOS settings. Login password prevents unauthorized access to the local computer. Network password prevents access to network resources by unauthorized personnel.

Data Wiping Magnetic Media

Published by:

Data Wiping Magnetic Media

Protecting data also includes removing files from storage devices when they are no longer needed. Simply deleting files or reformatting the drive may not be enough to ensure your privacy.

For example, deleting files from a magnetic hard disk drive does not remove them completely. The operating system removes the file reference in the file allocation table but the actual data remains on the drive. This deleted data is only overwritten when the hard drive stores new data in the same location.

Data Wiping Magnetic Media

Software tools can be used to recover folders, files, and even entire partitions. This could be a blessing if the erasure was accidental. But it could also be disastrous if the data is recovered by a malicious user.

For this reason, storage media should be fully erased using one or more of the methods listed in the figure.

Note: Data wiping and degaussing techniques are irreversible, and the data can never be recovered.

The image describes three different ways to wipe data from a hard disk drive. Data wiping software definition, also known as secure erase. Software tools specifically designed to overwrite existing data multiple times, rendering the data unreadable. Degaussing wand defintion, consists of a wand with very powerful magnets which is held over exposed hard drive platters to disrupt or eliminate the magnetic field on a hard drive. Hard drive platters must be exposed to the wand for approximately 2 minutes. Electromagnetic degaussing device definition, useful for erasing multiple drives. Consists of a magnet with an electrical current applied to it to create a very strong magnetic field that disrupts or eliminates the magnetic field on a hard drive. Very expensive but fast (erases a drive in seconds).

Data Wiping Other Media

SSDs are comprised of flash memory instead of magnetic platters. Common techniques used for erasing data such as degaussing are not effective with flash memory. Perform a secure erase to fully ensure that data cannot be recovered from an SSD and hybrid SSD.

Other storage media and documents (e.g., optical disks, eMMC, USB sticks) must also be destroyed. Use a shredding machine or incinerator that is designed to destroy documents and each type of media. For sensitive documents that must be kept, such as those with classified information or passwords, always keep them locked in a secure location.

When thinking about what devices must be wiped or destroyed, remember that devices besides computers and mobile devices store data. Printers and multifunction devices may also contain a hard drive that caches printed or scanned documents. This caching feature can be turned off in some instances, or the device needs to be wiped on a regular basis to ensure data privacy. It is a good security practice to set up user authentication on the device, if possible, to prevent an unauthorized person from changing any settings that concern privacy.

File and Folder Encryption

Published by:

File and Folder Encryption

Encryption is often used to protect data. Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives.

File and Folder Encryption

Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked to a specific user account. Only the user that encrypted the data will be able to access it after it has been encrypted using EFS. To encrypt data using EFS in all Windows versions, follow these steps:

Step 1. Select one or more files or folders.

Step 2. Right-click the selected data >Properties.

Step 3. Click Advanced…

Step 4. Select the Encrypt contents to secure data check box and click OK. Windows will display an informational message stating that it is applying attributes.

Step 5. Files and folders that have been encrypted with EFS are displayed in green, as shown in the figure.

The image shows a Windows File Explorer window with encrypted files and folders that have been encrypted with EFS are displayed in green.

Windows BitLocker and BitLocker To Go

You can also choose to encrypt an entire hard drive using a feature called BitLocker. To use BitLocker, at least two volumes must be present on a hard disk. A system volume is left unencrypted and must be at least 100 MB. This volume holds the files required by Windows to boot.

Windows BitLocker and BitLocker To Go

Note: BitLocker is built into the Windows Enterprise editions, Windows 7 Ultimate, Windows 8 Pro, and Windows 10 Professional.

Before using BitLocker, the Trusted Platform Module (TPM) must be enabled in BIOS. The TPM is a specialized chip installed on the motherboard. The TPM stores information specific to the host computer, such as encryption keys, digital certificates, and passwords. Applications, like BitLocker, that use encryption can make use of the TPM chip. Figure 1 lists the steps to enable TPM on a Lenovo laptop.

To turn on BitLocker full disk encryption in all versions of Windows, follow the steps listed in Figure 2.

Once the steps are completed, the Encryption in Progress status bar is displayed. After the computer reboots, you can verify BitLocker is active as shown in Figure 3. You can click TPM Administration to view the TPM details, as shown in Figure 4.

BitLocker encryption can also be used with removable drives by using BitLocker To GoBitLocker To Go does not use a TPM chip, but still provides encryption for the data and requires a password.

The page has four figures. Figure 1: Lists the 5 steps to enabling TPM. Step 1. Start the computer, and enter the BIOS configuration. Step 2. Look for the TPM option within the BIOS configuration screens. Consult the manual for your motherboard to locate the correct screen. Step 3. Choose Enable or Activate the security chip. Step 4. Save the changes to the BIOS configuration. Step 5. Reboot the computer. Figure 2: Steps to Enabling BitLocker. Step 1.Click Control Panel > BitLocker Drive Encryption. Step 2. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume. (If TPM is not initialized, follow the instructions provided by the wizard to initialize the TPM). Step 3. The Save the recovery password page enables you to save the password to a USB drive, to a network drive or other location, or print the password. After saving the recovery password, click Next. Step 4.On the Encrypt the selected disk volume page, select the Run BitLocker System Check check box and click Continue. Step 5. Click Restart Now. Figure 3: Shows the BitLocker Drive Encryption window verifying that BitLocker is on. The BitLocker Drive Encryption window can be reached from the System and Security category view in the Control Panel. Figure 4: From the BitLocker Drive Encryption window you can click TPM Administration to view details.

Data Backups

Published by:

Data Backups

Backing up data is one of the most effective ways of protecting against data loss. A data backup stores a copy of the information on a computer to removable backup media that can be kept in a safe place. If the computer hardware fails, the data can be restored from the backup to functional hardware.

Data backups should be performed on a regular basis as identified in the security policy. Data backups are usually stored offsite to protect the backup media if anything happens to the main facility. Windows hosts have a backup and restore utility. This is useful for users to backup their data to another drive or to a cloud-based storage provider. The macOS includes the Time Machine utility to perform backup and restore functions.

Data Backups

Click each + button in the figure to learn about backup consideration.

The image has clickable buttons to learn more about different Data Backup Considerations: Frequency definition, perform backups on a regular basis as identified in the security policy. Full backups can be time-consuming, therefore perform monthly or weekly full backups with frequent partial backups of changed files. Storage definition, backups should be transported to an approved offsite storage location on a daily, weekly, or monthly rotation, as required by the security policy. Validation definition, backups should be protected using strong passwords. The password is required to restore data. Storage definition, always validate backups to ensure the integrity of the data and validate the file restoration procedures.

File and Folder Permissions

Permissions are rules you configure to limit folder or file access for an individual or for a group of users. The figure lists the permissions that are available for files and folders.

To configure file- or folder-level permissions in all versions of Windows, right-click the file or folder and select Properties > Security > Edit…

Users should be limited to only the resources they need in a computer or on a network. For example, they should not be able to access all files on a server if they only need access to a single folder. It may be easier to provide users access to the entire drive, but it is more secure to limit access to only the folder that is needed to perform their job. This is known as the principle of least privilege. Limiting access to resources also prevents malicious programs from accessing those resources if the user’s computer becomes infected.

File and Folder Permissions

Folder redirection allows a user with administrative privileges to redirect the path of a local folder to a folder on a network share. This makes the folder’s data available to the user when they log into any computer on the network where the network share is located. With user data redirected from local to network storage, administrators can back up the user data when the network data folders are backed up.

File and network share permissions can be granted to individuals or through membership within a group. These share permissions are much different than file and folder level NTFS permissions. If an individual or a group is denied permissions to a network share, this denial overrides any other permissions given. For example, if you deny someone permission to a network share, the user cannot access that share, even if the user is the administrator or part of the administrator group. The local security policy must outline which resources and the type of access allowed for each user and group.

When the permissions of a folder are changed, you are given the option to apply the same permissions to all sub-folders. This is known as permission propagation. Permission propagation is an easy way to apply permissions to many files and folders quickly. After parent folder permissions have been set, folders and files that are created inside the parent folder inherit the permissions of the parent folder.

Also, the location of the data and the action performed on the data determine how the permissions are propagated:

  • Data is moved to the same volume – It will keep the original permissions
  • Data is copied to the same volume – It will inherit new permissions
  • Data is moved to a different volume – It will inherit new permissions
  • Data is copied to a different volume – It will inherit new permissions

The image is a list of File and Folder Permissions and what they mean. Full Control definition, see the content of a file or folder. Change and delete existing files and folders.Create new files and folders. Run programs in a folder. Modify definition, change and delete existing files and folders. Users cannot create new files or folders. Read and Execute definition, see the contents of existing files or folders and run programs in a folder. Read definition, see the contents of a folder and open files and folders. Write definition, create new files and folders. Make changes to existing files and folders.

Securing Computers and Network Hardware

Published by:

Securing Computers and Network Hardware

Organizations must protect their computing and network infrastructure. This includes cabling, telecommunication equipment, and network devices.

There are several methods of physically protecting computer and networking equipment as listed in the figure.

Network equipment should only be installed in secured areas. As well, all cabling should be enclosed within conduits or routed inside walls to prevent unauthorized access or tampering. Conduit is a casing that protects the infrastructure media from damage and unauthorized access.

Access to physical switch ports and switch hardware should be restricted to authorized personnel by using a secure server room and locking hardware cabinets. To prevent the attachment of rogue or unauthorized client devices, switch ports should be disabled through the switch management software.

Factors that determine the most effective security equipment to use to secure equipment and data include:

  • How the equipment is used
  • Where the computer equipment is located
  • What type of user access to data is required

For instance, a computer in a busy public place, such as a library, requires additional protection from theft and vandalism. In a busy call center, a server may need to be secured in a locked equipment room. Server locks can provide physical chassis security by preventing access to power switches, removable drives, and USB ports. Where it is necessary to use a laptop computer in a public place, a security dongle and key fob ensure that the computer locks if the user and laptop are separated. Another tool for physical security is the USB lock which is locked into place in a USB port and requires a key to be removed.

Security policies can be applied to mobile devices in a corporate network through Mobile Device Management software. MDM software can manage corporate-owned devices and Bring Your Own Device (BYOD). The software logs use of devices on the network and determines if it should be allowed to connect, known as onboarding, or not based on administrative policies.

The image shows a door with security keypad entrance. Below the image there is a list of best practices to Securing the Computing and Network Infrastructure: Use webcams with motion-detection and surveillance software. Install physical alarms triggered by motion-detection sensors. Label and install RFID sensors on equipment. Use locking cabinets or security cages around equipment. Fit equipment with security screws. Keep telecommunication rooms locked. Use cable locks with equipment.

Data – Your Greatest Asset

Data is likely to be an organization’s most valuable assets. Organizational data can include research and development data, sales data, financial data, human resource and legal data, employee data, contractor data, and customer data.

Data can be lost or damaged in circumstances such as theft, equipment failure, or a disaster. Data loss or data exfiltration are terms used to describe when data is intentionally or unintentionally lost, stolen, or leaked to the outside world.

Data Loss

Data loss can negatively affect an organization in multiple ways as listed in Figure 1. Losing data regardless of circumstances can be detrimental or even catastrophic to an organization.

Data can be protected from data loss using the methods listed in Figure 2.

Data loss prevention (DLP) is preventing data loss or leakage. DLP software uses a dictionary database or algorithm to identify confidential data and block the transfer of that data to removable media or email if it does not conform to predefined policy.

The page has two figures. Figure 1: The image shows what Data loss can result in: Brand damage/Loss of reputation. Loss of competitive advantage. Loss of customers. Loss of revenue. Legal action resulting in fines and civil penalties. Significant cost and effort to notify affected parties. Significant cost and effort to recover from the breach. Mitigating Data Loss. Protecting Data. Data backups. File and folder permissions. File and folder encryption. Figure 2: an image of a Venn diagram where Protecting data is the intersection of Data Backups, File and Folder Permissions, and File and Folder Encryption.

Securing Devices and Data

Published by:

Securing Devices and Data

The goal of the security policy is to ensure a safe network environment and to protect assets. As shown in the figure, an organization’s assets include their data, employees, and physical devices such as computers and network equipment.

The security policy should identify hardware and equipment that can be used to prevent theft, vandalism, and data loss.

Securing Devices and Data

The image depicts a pie chart divided into 3 equal parts: Data, Employees, and Equipment (Hardware)

Physical Security

Physical security is as important as data security. For example, if a computer is taken from an organization, the data is also stolen or worse, lost.

Physical security involves securing:

  • Access to an organization’s premise
  • Access to restricted areas
  • The computing and network infrastructure

The level of physical security implemented depends on the organization as some have higher physical security requirements than others.

For example, consider how data centers, airports, or even military installations are secured. These organizations use perimeter security including fences, gates, and checkpoints posted with security guards.

Entrance to a building premise and restricted areas is secured using one or more locking mechanism. Building doors typically use self-closing and self-locking mechanisms. The type of locking mechanism required varies based on the level of security required.

A visitor accessing a secure building may have to pass through a security checkpoint manned by security guards. They may scan you and your belongings, and have you sign in an entry control roster when you enter the building and sign out when you leave.

Higher security organizations have all employees wear identification badges with photographs. These badges could be smart cards containing the user information and security clearance to access restricted areas. For additional security requirements, RFID badges can also be used with proximity badge readers to monitor the location of an individual.

The image shows a man holding up a security smart card RFID badge to a proximity badge reader to enter the door’s security entrance.

Mantraps

In high-security environments, mantraps are often used to limit access to restricted areas and to prevent tailgating. A mantrap is a small room with two doors, one of which must be closed before the other can be opened.

Typically, a person enters the mantrap by unlocking one door. Once inside the mantrap, the first door closes and then the user must unlock the second door to enter the restricted area.

The figure illustrates how a mantrap is used to secure access to a restricted area.

Mantraps

The image is of a Mantrap Floorplan which consists of an insecure (public) area, there is a locked door with a smart card scanner to enter the mantrap, inside there is a locked door with a biometric scanner to a secure internal area. The user must enter the building using a smart card to open the locked door to the mantrap. Once the user successfully enters the mantrap, the first door locks and they must now unlock the next door using the biometric reader. The user must have their thumbprint scanned to unlock the locked door to the secure internal area.

Social Engineering

Published by:

Social Engineering

To secure networks and hosts, organizations often deploy the network security solutions and latest anti-malware solutions for their hosts. However, they still have not addressed the weakest link … the users.

Social engineering is likely the single most serious threat to a well-configured and well-secured network.

Cybercriminals use social engineering techniques to deceive and trick unsuspecting targets to reveal confidential information or violate security gain information. Social engineering is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information.

Social engineers prey on people’s weaknesses and often rely on human nature and people’s willingness to be helpful.

Note: Social engineering is often used in conjunction with other network attacks.

The image depicts a pointing finger highlighting a button on a digital screen titled Social Engineering.

Social Engineering Techniques

Social Engineering Techniques

There are many different ways to use social engineering techniques. Some social engineering techniques are used in-person while others may use the telephone or Internet.

Social Engineering Techniques

For example, a hacker could call an authorized employee with an urgent problem that requires immediate network access. The hacker could appeal to the employee’s vanity, invoke authority using name-dropping techniques, or appeal to the employee’s greed.

Protecting Against Social Engineering

Enterprises must train and educate their users about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person.

The figure lists recommended practices that should be followed by all users.

The image is a circle of text bubbles surrounding the main concept: Protecting against social engineering attacks. Never give your username / password credentials to anyone. Never leave your username / password credentials where they can easily be found. Never open emails from untrusted sources. Never release work related information on social media sites. Never re-use work related passwords. Always lock or sign out of your computer when unattended. Always report suspicious individuals. Always destroy confidential information according to the organization policy.

Zero-Day

Published by:

Zero-Day

The following two terms are commonly used to describe when a threat is detected:

  • Zero-day – Sometimes also referred to as zero-day attacks, zero-day threat, or zero-day exploit. This is the day that an unknown vulnerability has been discovered by the vendor. The term is a reference to the amount of time that a vendor has had to address the vulnerability.
  • Zero-hour – This is the moment when the exploit is discovered.

A network remains vulnerable between the zero-day and the time it takes a vendor to develop a solution.

Zero-Day

In the example in the figure, a software vendor has learned of a new vulnerability. The software can be exploited until a patch that addresses the vulnerability is made available. Notice that in the example, it took several days and a few software patch updates to mitigate the threat.

How can networks be protected against all of the threats and zero-day attacks?

The image is a timeline of the response to a zero-day attack. The timeline starts with a vendor software vulnerability being discovered which starts the timeline at the zero day and zero hour. Day 16, the first patch is released and a security advisory is issued by the vendor. Day 17, the second patch is released and the vendor software is patched. Day 18 the third patch is released.

Protecting Against Network Attacks

Many network attacks are fast moving, therefore, network security professionals must adopt a more sophisticated view of the network architecture. There is no one solution to protect against all TCP/IP or zero-day attacks.

Protecting Against Network Attacks

One solution is to use a defense-in-depth approach also known as a layered approach to security. This requires a combination of networking devices and services working together in tandem.

Consider the network in the figure. There are several security devices and services implemented to protect its users and assets against TCP/IP threats.

All network devices including the router and switches are also hardened as indicated by the combination locks on their respective icons. This indicates that they have been secured to prevent attackers from tampering with the devices.

The image is a topology diagram of a campus area network showing a defense in-depth approach to network security. The image has 5 interactive buttons on the diagram for more information about important network security devices in the network: a VPN edge router which is used to provide secure VPN services with corporate sites and remote access support for remote users using secure encrypted tunnels. An ASA firewall router which is a dedicated device providing stateful firewall services. It ensures that internal traffic can go out and come back, but externally traffic cannot initiate connections to inside hosts. An intrusion prevention system (IPS) which monitors incoming and outgoing traffic looking for malware, network attack signatures, and more. If it recognizes a threat, it can immediately stop it. An email security appliance (ESA) which filters spam and suspicious emails, combined with a web security appliance (WSA) which filters known and suspicious internet malware sites. There is also an Authentication, Authorization, and Accounting (AAA) server that contains a secure database of who is authorized to access and manage network devices. Network devices authenticate administrative users using the AAA server and database.

Remediating Infected Systems

Published by:

Remediating Infected Systems

When a malware protection program detects that a computer is infected, it removes or quarantines the threat. However, the computer is most likely still at risk.

Remediating Infected Systems

When malware is discovered on a home computer, you should update your anti-malware software and perform full scans of all your media. Many anti-malware programs can be set to run on system start before loading Windows. This allows the program to access all areas of the disk without being affected by the operating system or any malware.

When malware is discovered on a business computer, you should remove the computer from the network to prevent other computers from becoming infected. Unplug all network cables from the computer and disable all wireless connections. Next, follow the incident response policy that is in place. This may include notifying IT personnel, saving log files to removable media, or turning off the computer.

Removing malware may require that the computer be rebooted into Safe Mode. This prevents most drivers from loading. Some malware may require that a special tool from the anti-malware vendor be used. Be sure that you download these tools from a legitimate site.

For really stubborn malware, it may be necessary to contact a specialist to ensure that the computer has been completely cleaned. Otherwise, the computer may need to be reformatted, the operating system reinstalled, and recover your data from the most recent backups.

The OS system restore service may include infected files in a restore point. Therefore, once a computer has been cleaned of any malware, the system restore files should be deleted, as shown in the figure.

After remediation, you may need to fix some issues caused by viruses, it may be necessary to boot the computer using the Windows product disk and then use the Windows Recovery Console, which replaces the recovery console from Windows 2000, to run commands from a “clean” command environment. The Recovery Console can perform functions such as repairing the boot file and writing a new master boot record or volume boot record.

The image shows the System Protection for System (C:) window, which can be used to configure restore settings, manage disk space and delete restore points. It is located the control panel system utility program by clicking the Configure button in the System Protection tab.

Anti-Malware Programs

Published by:

Anti-Malware Programs

Malware is designed to invade privacy, steal information, damage the operating system, or allow hackers to take control of a computer. It is important that you protect computers and mobile devices using reputable antivirus software.

Anti-Malware Programs

This is the seven-step best practice procedure for malware-removal:

1. Identify and research malware symptoms

2. Quarantine the infected systems

3. Disable System Restore (in Windows)

4. Remediate infected systems

5. Schedule scans and run updates

6. Enable System Restore and create restore points (in Windows)

7. Educate the end user

Today, antivirus programs are commonly referred to as anti-malware programs because many of them can also detect and block Trojans, rootkits, ransomware, spyware, keyloggers, and adware programs, as shown in Figure 1.

Anti-malware programs are the best line of defense against malware because they continuously look for known patterns against a database of known malware signatures. They can also use heuristic malware identification techniques which can detect specific behavior associated with some types of malware.

Anti-malware programs are started when a computer boots checking the system resources, drives, and memory for malware. It then runs continuously in the background scanning for malware signatures. When a virus is detected, the anti-malware software displays a warning similar as shown in the figure. It may automatically quarantine or delete the malware depending on software settings.

Anti-malware programs are available for Windows, Linux, and macOS by many reputable security organizations such as McAfee, Symantec (Norton), Kaspersky, Trend Micro, Bitdefender and more.

Note: Using two or more anti-malware solutions simultaneously can negatively impact computer performance.

The most common method of malware delivery is through email. Email filters are a line of defense against email threats, such as spam, viruses, and other malware, by filtering email messages before they reach the user’s inbox. File attachments can also be scanned before they are opened.

Email filtering is available on most email applications or it can be installed at the organization’s email gateway. In addition to detecting and filtering out spam messages, email filters also allow the user to create blacklists of known spammer domains and to whitelist known trusted or safe domains.

Malware can also be delivered through applications that are installed. Installation of software from untrusted sources can lead to the spread of malware such as Trojans. To mitigate this risk vendors implement various methods to restrict the ability of users to install untrusted software. Windows uses the system of Administrator and Standard user accounts along with User Account Control.(UAC) and system policies to help prevent installation of untrusted software.

Be cautious of malicious rogue antivirus products that may appear while browsing the Internet. Most of these rogue antivirus products display an ad or pop-up that looks like an actual Windows warning window, as shown in Figure 2. They usually state that the computer is infected and must be cleaned. Clicking anywhere inside the window may begin the download and installation of the malware.

When faced with a warning window that is suspect, never click inside the warning window. Close the tab or the browser to see if the warning window goes away. If the tab or browser does not close, press ALT+F4 to close the window or use the task manager to end the program. If the warning window does not go away, scan the computer using a known, good antivirus or adware protection program to ensure that the computer is not infected.

Click here to read a blog about rogue antivirus malware.

In Linux, users are prompted if they attempt to install untrusted software. The software is signed with a cryptographic private key and requires the public key for the repository to install the software. 4

Mobile OS vendors use the walled garden model to prevent installation of untrusted software. Under this model, apps are distributed from an approved store, such as the App Store for Apple or the Windows Store for Microsoft.

There are 2 figures on the page. Figure 1: The image shows the Microsoft Security Essentials program window with a completed scan of a PC and the potential threat details window showing a detected item classified as HackerTool:Win32/Keygen. Figure 2: the image shows what appears as a Windows Security Alert but is actually a rogue antivirus program trojan horse.