Have Malware, Will Propagate

AAAHHH!!!! Jill was sick and tired of needing to call up BrandName University’s IT Department every time she needed to update Adobe Flash and Java Runtime on her work laptop. Seriously why are they updating so much?! The IT Department always take forever to get back to her no matter how many times she had emailed or called. It was really cramping her style and her youtube experience. She told her supervisor about vague issues of why her work couldn’t get completed on time and blaming IT was the way to go.

Recently her department sparked the Bring Your Own Device (BYOD) initiative. They offered to pay their employees 1000$USD total to pick whichever machine they wanted and use it at least for 5 years. If it had an issue they’d have to take it to wherever they bought it and have them fix it and along with any additional service and replacement warranties. Ideally this took the onus from the university as well as alleviated the thinning IT staff to focus on other projects.

Jill wasn’t too interested in this initiative at first but after being here 5 weeks and dealing with IT issues everyday just to do her job she started to consider it. Her work issued laptop was already ancient by today’s standards and performed sluggishly (even after her second reimage). Frankly she didn’t care for her work laptop anyway as it was a Windows XP machine. Windows 8 is almost out and she even hasn’t seen anyone with Windows 7 in her department. After sleeping on it she picked up the BYOD form from her supervisor and flipped through the terms and policies regarding her responsibilities. After filling out the form and turning it in she was handed a disposable credit card with 1,000$USD on it. She had a week to get her new machine and transfer her data over before turning in her old work issued laptop.

Getting only 1,000$ Jill had to skimp as she didn’t want to invest her own money into a work machine so she opted out for the offered extended warranty and software upgrades. The sales guy asked if she wanted 32bit or 64bit but decided for her she’d be better of with a 32b OS. With the software she just used the default starter packages that came with the laptop… including the 30 day trial antivirus/anti-malware software. The sales guy also made sure she was running as the default local administrator so that she could update things easily when they popped up. He didn’t want her coming back or think about returning the laptop.

The next morning she showed up with a stellar laptop; she preferred smaller and lighter and its performance seemed to blow passed her old machine. She quickly copied her data over the network and then turned in her old laptop. Good riddance!

After 30 days of using her BYOD laptop she started to get annoying messages from the antivirus/anti-malware software expiring and decided to uninstall it. It was 60 dollars and she didn’t want to pay that out of her pocket. After uninstalling it the messages went away and she could work freely without being distracted by ‘this or that was removed, or halted – whatever’, or ‘about to expire, expired’ popping up all the time.

Another 30 days goes by and Jill notices her machine acting slugging now and then. She could swear that she’s seen the mouse moving around by itself when she came back from lunch but figured it was the IT department updating something or another. With all the weirdness she’s been planning to take it to the retailer she bought it from but it’s been a busy time and she

keeps putting it off. She sure isn’t planning on going on her own time to have this issue looked at.

The next morning she reads an urgent email from the IT department explaining that their file servers have been infected with something called ‘pinkslip’. They were looking into the issue but had just started their investigations that very morning. By the afternoon half the machines were infected and crippling the university’s workload. They asked everyone to shut down their machines and they would visit them one by one. Due to the downtime staff members were just walking around their cubicles talking to each other as a few IT staff members ran around like they were on fire. Jill paused a second with her conversation with Sally and rolled her eyes… Those IT guys were always fumbling, how do they ever get any work done?

When putting enterprise trust levels into its own user base BYOD turns into BYOM (Bring Your Own Malware). No matter what type of written policy or agreement is made between the user and their employe; users simply cannot be trusted to maintain and update their client workstations as efficiently and effectively as a traditional infrastructure. For such an adaptive initiative a matching adaptive response needs to be put in place. This is where ANAC (Adaptive Network Access Control) comes into play and saves the day. With an ANAC appliance who cares what the user is running or not running. Adaptive solutions from Milton Security Group quarantine and remediate infected devices and make sure the buck stops at the source.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *