Lovesick malware-spreader hits hospital
Curious George is a bad monkey. He’s spreading malware
Hard disk encryption is one of the best methods for protecting your data. However, it’s not the “be all, end all” of computer data security. And here are a couple of notable cases that show you why.
Ohio Hospital A Casualty
A man was arrested after he inadvertently infected a hospital’s network with spyware. This man, apparently a jealous and obsessive guy, had originally meant to spy on his ex. He sent her a spyware program via e-mail, and somehow convinced her to install it.
However, the ex did this while at work and the program got installed in a computer belonging to the hospital. The lovelorn-man started to get screenshots of the computer’s screen, including “medical procedures, diagnostic notes and other confidential information relating to 62 hospital patients. He was also able to obtain e-mail and financial records of four other hospital employees as well,” according to networkworld.com.
Curious George Is Curious About Your Computer
Earlier this week, the Curious George website hosted by PBS was spreading malware. A pop-up message appeared when visiting the site, asking for a username and password.
This pop-up, however, was a conduit for infecting the visitor’s computer with malware: scmagazineus.com notes that the malware was targeting unpatched software applications (Adobe Acrobat Reader, AOL Radio AmpX, AOL SuperBuddy, and Apple QuickTime were named).
Disk encryption is a great resource when it comes to preventing data theft that results from the loss of a computer or other device. But, it cannot help against the above two instances.
(Perhaps the use of file encryption software, where individual files are protected, would work. But, that, too, cannot prevent a screenshot from being taken while you’re accessing your bank account while on-line).
And, as we can see from the above instances, “trusting” the computer user doesn’t work–either because they’re ignoring the rules or because they don’t realize that something untoward is happening. Especially in the Curious George case…aren’t we asking a little too much from our tykes and tots “to be aware of our computing environment,” advice that is frequently given out to websurfers?
In instances like these, the only method of combating an information breach is preventing malware from installing in the first place. Microsoft, for example, has the User Account Control (UAC) mode in the Vista operating system that can prevent a silent install from taking place.
There are other solutions out there as well, most of them geared towards corporate and SMBs users. These solutions can prevent non-administrators from running certain applications via whitelists or blacklists, including malware installers. They’re especially useful because they allow these “lists” to be managed easily, from a central location (a concept that AlertBoot also uses for its centrally managed encryption software).
Related Articles and Sites: