Insights For Success

Strategy, Innovation, Leadership and Security

OPSEC - Introduction to Malware

GeneralEdward Kiledjian

What is malware

Malware is shorthand for Malicious Software and has been around almost from the start of computing. Its main purpose is to harm the computer or the user. Malware has been known to steal login credentials, monitor the user, tamper with information (breaking integrity), steal information or just making the system unusable. 

Malware can be designed by a nefarious teenager in his mother's basement looking to make a name for himself or by a state-sponsored threat actor against activists or journalists.

How can I tell if my computer is infected

The first rule of thumb is to use the Antivirus product that came with your operating system. As an example, all modern Windows systems are shipped with a self-updating antivirus supported by Microsoft. Third party products have been known to cause issues (here, here, etc).

To be transparent, antivirus will detect standard run of the mill type of malware but anything more sophisticated will easily get through. Larger companies with well-funded security teams typically eschew antivirus for more advanced malware detection tools based on a series of technologies like application behaviour monitoring, machine learning, artificial intelligence and system baselining. Unfortunately, these are not yet available for small operations but expect them to eventually make their way there.

So the question of detecting malware on your computer is a difficult one and often requires a highly skilled technician with precise tools that knows what he/she is looking for.  At the very least, use the tools available to you now:

warning I received when someone in Sao Paulo tried to log into my Lastpass account.

  • Sign up for services that offer 2-factor authentication (so malware can't log into your account by simply stealing a password) and that will notify you of unusual behaviour (Google, LastPass, etc). 
  • Notice subtle indicators. Pay attention to your computer and look for subtle inconsistencies. Does your webcam light turn on when you are not using it? Does it look like you sent an email you don't remember sending? Does an online service show a login time you know you weren't working?  Pay attention to subtle cues.

How did I get infected?

The most common technique used by threat actors is to trick the user into installing malware pretending to be something else. It can pretend to be a system update. It can pretend to be a holiday card from a family member. It can pretend to be a work file from your boss. It can be a drive-by download where your system is exploited simply by being vulnerable and you visiting a carefully crafted webpage. 

  • Link to a malware site can be disguised as a link to a popular internet site (Apple, Amazon, Microsoft), shared content (a document, holiday card, music file, etc) or a fake system update (flash update, etc).
  • You may be targetted via email. It is common for highly skilled threat actors to compromise the systems of people you trust and use that trust to trick you into running malware, visiting a malware site or performing an action you otherwise would not. Remeber that these are often highly skilled practitioners that understand human psychology and will exploit it as needed. This includes chat apps, email, messages on forums, web pages, etc.
  • You can get infected by connecting purpose-built attack hardware to your computer. We have devices that look normal (like the USB Rubber Ducky from Hak5) but that can run attack code without your knowledge as soon as they are connected to your computer. 
  • Someone can gain physical access to your computer and plant malware without your knowledge. In security we consider it game over if anyone has access to your equipment, This is why companies spend large sums of money physically protecting their servers in isolated access controlled cages inside heavily guarded and secured datacenters. 

The more valuable you are as a target the less likely you are to notice the attack. 

How can I protect myself from malware?

  • Make sure you are running legally registered versions of all the products you use daily. Using legal versions entitles you to the latest updates and every security person will recommend keeping all of your software and operating systems updates regularly. Threat actors will often exploit vulnerabilities that have been patched (aka if you update you are protected). 
  • Only install the software you absolutely need. Remember that every software is a potential attack vector. Install only what you need and only download it from the manufacturer never from a download site like CNET, Download.com, etc (to prevent supply chain attacks like CCleaner.) Many of these download sites make money by bundling garbage apps that get silently installed and these can also be used to attack you.
  • Remember that anything you open or click on can compromise your security. Call a sender before opening a file. Download and scan it first with something like VirusTotal before opening it. Never click on links in email or instant messaging. Always go to the URL yourself (obfuscating a malicious link to look 'good' is easy). If you use Gmail, open questionable attachments in Google docs or sheets as this will often strip the malicious content.
  • Remember that one second of forgetfulness is all it takes. Be extra vigilant when browsing the web. Never run anything on the web. Always know that the web can be faked. Even known sites can be compromised and used to inject malware.
  • When travelling to high-risk areas, I usually travel with a Google Chromebook. It auto updates itself. There are very few known attacks against it. Chromebooks have a feature called Powerwash that factory resets the device image to "like new" within 2 minutes. Often times I will powerwash my device before performing sensitive tasks. Also, data is stored in the Google cloud. Regardless of how you feel about their privacy policies, they have proven to be excellent at protecting their users from targeted attacks. Make sure you turn on 2-factor authentication.
  • Turn off your computer and unplug it from a physical network when not in use.

What can I do if I am infected?

  • The first rule is that if you are infected or even suspect that you are infected, forget about cleaning your device and have it completely reinstalled from scratch using known clean installation media. 
  • If you are infected, immediately unplug your computer from the internet (ethernet or WIFI) and shut down your computer.
  • Use a known clean computer to log into your web services and change all your passwords immediately.  
  • If one of your devices is compromised, and you are a high target, assume all your other devices could be compromised and reinstall everything from scratch including your smartphone.
  • If you have support from a government agency, reach out to them and ask them for support. If you are a journalist or activist, reach out to one of the public security support organizations like the Toronto Citizen Lab
  • If you know when you were infected, make sure you restore files from a date prior to the infection. It is critically important to use a backup service that provides version control (e.g. blackblaze version control). 

Google's FilesGo File Manager cleaner is now available as beta

GeneralEdward Kiledjian

TL;DR : Go here and download this app (while it's available).

Earlier this week, we saw FileGo leak on the Google Play Store but it was quickly taken down. FileGo is specifically built to help users (even novices) manage and clean files from their devices (duplicate photos, application cache files, etc).

FileGo also contains a function (similar to Apple's AirDrop) that allows Android users within close proximity to transfer files to each other. 

FilesGo is still beta software (aka it could still have bugs) but in my testing has been reasonably reliable and hasn't crashed yet (tested on a Nexus 6P and Note 8). 

Keep in mind that Google can change user eligibility once the app is officially released (may be limited to Android One users or restricted to certain regions) but right now it seems to be available to all users globally.

Essential phone get's another $50 price drop at BestBuy

GeneralEdward Kiledjian

I wrote a short article about the merits and issues with the Essential phone here. I wrote that review because dozens of readers wanted to know if the phone was worth it at its newly reduce $499 price. 

Another day and another discount for the struggling Essential phone. Now BestBuy is kicking in another $50 off (bringing the price to $449.99).

For $449, you can buy a beautiful unlocked Android smartphone with the latest specs including:

  • Snapdragon 835
  • 4GB of RAM
  • 128GB of storage
  • Dual cameras

If you read my review, there are some shortcomings but at $449, it is hard to complain. You are getting alot of phone for very little money. 

Is the $499 Essential phone worth it?

GeneralEdward Kiledjian

No other Android smartphone in 2017 has been as polarizing as the Essential phone. Created by the father of Android, many of us (tech reviewers) wanted a no compromise phone we could love. A device that would be a trailblazer showing other manufacturers what is possible and ushering in an new era of innovation through competition.

Instead the Essential phone is a device I want to love but can't. 

Essential recently dropped its Canadian and US price and many readers wanted to know if I could recommend this phone at the new price. Keep reading to find out.

It feels rushed

So Andy Rubin teed the essential phone in March an created a tone of excitement.

Reviewers went wild because it was the first phone with an edge to edge display. Since then, we have been bombarded with a bunch of beautiful, wet designed smartphones with edge to edge displays (like the Samsung Note 8, Samsung Galaxy S8+, iPhone X, etc). 

When I use the phone and compare it to its cousins, I have the feeling the phone was rushed. Since September, Essential has had to release 4 updates to make the device usable and it still has a lot of room for improvement.

One major complaint that seems to affect all users is the camera quality. Even with the hardware Essential used, most of us expected the device to take much better pictures. Then a port of the Google Pixel Camera app was released by an unknown developer and tests (see article here) show that through software, image quality can be greatly improved. This is the perfect example of issues created because Essential didn't take the time to release adequate software to make it's device shine.

If you take too many sequential burst pictures, the native Essential Camera app crashes and won't work until you restart the phone. 

The good

The Essential phone looks and feel amazing. It has a beautiful edge to edge screen that is brights.  The device is slightly heavier than competing products and really feels well built. It is (to me at least) the best looking android phone you can buy today.

It comes with USB C.

It has a camera that doesn't have a hump so the entire back of the device is flat and won't wobble when placed on a table.

It has a fantastic fingerprint reader that is well placed and works very quickly every time. 

It is running a stock version of Android (comparable to the Google Pixel line). This clean version of Android means the phone is extremely fast and responsive. Apps start quickly (often faster than on a Samsung Galaxy S8+ or Note 8). 

Essential has committed to 3 years of security patches and 2 years of major OS updates which is a huge win. Even companies like Lenovo Motorola, Samsung and OnePlus don't commit to software updates like this. I think this is a huge plus for Essential and I wish other companies would follow it's lead.

The bad

The camera is one of the main reasons people buy smartphones and the Essential camera is just "ok". I won't bore you with samples because every reviewer has posted dozens but trust me, the camera will leave you wanting.

As mentioned above, the illicit port of the Google Pixel Camera app does make a significant improvement to the picture quality but it still isn't in the same league as the Samsung Galaxy S8 (which you can now buy around the same price) or the OnePlus 5 (which is out of stock as we wait for its replacement the OnePlus 5T).

It doesn't have any type of water or dust protection.

It doesn't support wireless charging.

You can't buy a second Essential branded was charger yet and the only add-on they released is their $150 360 camera which itself produces "ok" quality pictures and videos.

The speakers on the Essential phone get fairly loud but the audio quality is sub-par. 

Conclusion

The Essential phone was the phone I was hoping to love and was hoping it would become my daily driver (replacing my iPhone). 

So to answer the original question, even at this price, I can't recommend the phone for most users. If Essential released an Android 8 upgrade (we know they are testing it internally) and that version included a massively reworked camera app and they released the charging pad, then may recommendation would likely change.

Important issues with the Google Pixelbook

GeneralEdward Kiledjian

So the Google Pixelbook is the most elegant expression of what a Chromebook could be. There are dozens of review on the internet extolling the wondrous virtues of the device. I think it is a fantastic device for the right user because it is fast, hassle-free and as secure as a mobile computing device can be.  

Instead of just writing another copycat article about the positives, I wanted to share some of the less than perfect elements of the device. To ensure you can make an educated decision.

Image courtesy Google 

Google Assistant 

I love the Google Assistant and was excited when Google added it to the Pixelbook. The problem is that the activation hot words only work when the device is on and the screen is on. If the device is idle and "sleeps", you will have to manually wake it up before you can trigger the Google Assistant. Consumers have come to expect always-on assistants (think Google home and Google Pixel 2 smartphone are always listening). 

I am a Google GSuite user and expected the Google Assitant (at least on their premium laptop replacement device) to integrate better for their business users. As an example, it won't be able to read you your agenda. 

Image courtesy Google

PixelBook Pen

The Pixelbook pen is a great concept but your experience will depend greatly on the apps you are using. Google claims that the Pixelbook Pen API uses a low latency model that should deliver 10ms response times and this is true in certain apps like Google Keep. In Google Keep, using the pen feels akin to writing on paper. In apps like Adobe Draw or Microsoft OneNote, you definitely feel the latency. The latency is so bad that it makes the experience almost unusable. 

Android apps on ChromeOS

With the launch of the Pixelbook, Google finally graduated Android apps on ChromeOS out of beta. This is a push we have seen from Google for many months and they want to encourage ChromeOS (Chromebook) users to leverage the millions of Android apps to make the Chromebook the prefered mobile platform.

Some companies (like Adobe) have worked with Google to make their Android app Chromebook aware and thus using Lightroom on it is actually a great experience. It is fast, fluid and very functionally complete. 

Other apps are the polar opposite. With these less than optimal apps, you will experience:

  • incorrect app orientation
  • the app does not use the full-screen real estate 
  • app performance is sometimes erratic and will crash for no discernible reason

Conclusion

The Pixelbook is a beautifully crafted device that works relatively well. If the device had been a couple of hundred dollars less, I could easily overlook everything written here, but at $US999, my expectations are slightly higher. 

I think the Pen is still a beta experience and they should really provide one for free with each Pixelbook. More customers using the Pen means more telemetry and better design cues for v2 next year. I cannot recommend the $US99 pen right now. The Pixelbook pen is nothing more than a gimmick right now.