The antivirus industry can feel pretty big, so we’re gonna focus on only two platforms today: Avast and AVG. Both platforms are owned by the same company (Avast Software s.r.o.), but does that mean they’re the same product? Let’s find out.

Avast vs. AVG at a Glance

Let’s compare some basic pricing and features between Avast and AVG in a handy-dandy table before we look at them in more detail below:

Lowest Annual Price*	$69.99 per year for the first year; $99.99 per year for subsequent years	$59.88 per year for the first year; $99.99 per year for subsequent years
Supported Operating Systems	Windows, MacOS, and Android***	Windows, MacOS, and Android***
Maximum Number of Devices Supported	10	10
Firewall	Yes	Yes
Malware Detection Rates**	100%	100%

*While Avast and AVG both have free versions, those are not being considered for this review. Instead, I am looking at Avast Premium Security, AVG Internet Security, and any higher-priced subscription tiers.

**Malware detection rates in this table were pulled from AV-Test.org’s August 2024 Windows test. Detection rates from other websites, including AV-Comparatives, were used to evaluate the products.

*** While Avast and AVG both have iOS products, neither are antiviruses, and neither will be considered for this article.

Avast Overview

Overall Rating: 2.5/5

• Pricing: 2/5
• Core Features: 5/5
• Advanced Features & Integrations: 3/5
• Customer Support: 2/5
• Impact on Device Performance: 4/5
• Trustworthiness: 0/5

With its free version and decades of experience, Avast has become a household name in the antivirus space. That doesn’t mean it’s necessarily good. It has some things going for it. Its impact on device performance was relatively low, it scores well in independent testing, and its office management plan can be nice for businesses that employ many remote workers.

However, that’s where the positives stop, in my opinion. The service is expensive, and the features it does offer aren’t really all that different from most any other antivirus platform on the market. Additionally, while its test results are good, so are the likes of Microsoft Defender, Avira, and Bitdefender, which are all at equivalent prices or are cheaper.

Then we get to trust, which is my biggest issue with Avast. In 2020, the company harvested users’ browsing data, particularly data collected from Avast and AVG’s free versions and browser extensions, to be monetized through company subsidiary Jumpshot.

After being caught, the company defended this data collection as perfectly legal, promising to scrub collected data of identifying information. It did, however, reinforce its commitment to monetizing this scrubbed data by selling it to companies like Pepsi and Google, as reported by PC Mag’s Michael Kan.

While the company was first caught 4 years ago, this was not the end of the story. In February 2024, the FTC ordered Avast to cease “selling browsing data for advertising purposes” and to pay out $16.5 million for doing so. According to the FTC, this data harvesting has been happening since 2014.

While the FTC has banned Avast from continuing its data harvesting ways, I simply cannot trust a cybersecurity company I know has done this. A lot of what an antivirus gives users is peace of mind and a feeling of safety when using their computer. As such, trust is the most essential currency a company like this has with potential customers. Without that trust, why would you ever use software that requires so much data and access privileges on your device?

The bottom line is I wouldn’t trust Avast with my personal data, and I don’t think anyone else should either.

Pros & Cons

AVG Overview

Overall Rating: 2.5/5

• Pricing: 2/5
• Core Features: 5/5
• Advanced Features & Integrations: 3/5
• Customer Support: 2/5
• Impact on Device Performance: 4/5
• Trustworthiness: 0/5

Everything I said about Avast can be applied to AVG. The same company owns them, runs on the same engine, and, as briefly demonstrated in the comparison below, even uses the exact wording on their websites when describing certain features. These two have the same overall score because neither does anything that the other isn’t also doing.

This means AVG and Avast share many of the same positives (good independent test results, relatively low device slowdowns when in use) and negatives (too expensive without providing enough to justify the price).

It also means my trust issues with Avast are the same as those with AVG. The company’s data harvesting and monetization practices used antivirus-free versions and browser extensions. If you want my recommendation, I’d say stay far away from both providers.

Pros & Cons

Best for Pricing: AVG

Lowest Pricing Tier (Billed Annually)	$69.99 per year for the first year; $99.99 per year for subsequent years	$59.88 per year for the first year; $99.99 per year for subsequent years
Highest Pricing Tier (Billed Annually)	$69.99 per year for the first year; $139.99 per year for subsequent years	$59.88 per year for the first year; $139.99 per year for subsequent years
Free Trial	30 days	30 days

Winner: AVG’s first-year annual pricing being roughly $10 cheaper gives it a slight edge over Avast, but this is as close to a tie as one can get without it actually being a tie.

Best for Core Features: Avast & AVG

Endpoint Scanning	Yes	Yes
Antimalware	Yes	Yes
Web Browsing Protection	Yes	Yes
Ad Blocking	Yes, as a free browser	Yes, as a free browser

Winner: Avast and AVG are owned by the same company and run on the same engine. In terms of core features, these two are identical. This includes the store pages for both products using the same wording for several of the listed features.

Best for Advanced Features & Integrations: Avast & AVG

VPN	Yes	Yes
Password Manager	No	No
Firewall	Yes	Yes
Dark Web Monitoring	Yes, as an add-on*	Yes, as an add-on

* Avast dark web monitoring feature is only available as part of the Avast One subscription. It cannot be purchased a la carte.

Winner: Once again, these two are more or less the same antivirus in different skins. 

Best for Customer Support: Avast & AVG

Support Forum/Customer Community	Yes	Yes
Support Hours	24/7	24/7
Phone Support (With a Human Agent)	Yes	Yes
Email Support	No	No
Live Chat Support (With a Human Agent)	No	No

Winner: I’m sure it is a silly coincidence that the two antiviruses using the same engine and owned by the same company have the same customer support features.

Who Shouldn’t Use Avast or AVG?

In my opinion, no one should use either service. While this is a knock on their overall quality as products, it’s also just my recommendation to use antiviruses. The bulk of paid antivirus options don’t provide enough value for your money compared to cheaper options like Microsoft Defender, and the shady history of the free version of these antiviruses makes it impossible for me to recommend anyone use that either.

If you’re looking for a way to secure your business better, I would avoid antiviruses in most cases. The intense consumption of machine resources, high prices, and loads of feature bloat make most antivirus platforms not worth the money. Many antivirus providers also offer endpoint detection response (EDR) solutions that will better scale and suit the needs of most mid-size businesses.

2 Alternatives to Avast & AVG

Avast and AVG aren’t the only antivirus solutions on the market. Here are a couple of alternatives for your consideration:

Microsoft Defender

If you’re a PC user, the Microsoft Defender software with a Microsoft 365 subscription will, more often than not, be just as effective as any of the more expensive, more feature-burdened platforms. It scores well in virus detection tests run by reputable sites like AV-test and AV-Comparatives, and it lacks many bloatware and unnecessary features common in modern antivirus software.

Microsoft Defender is available as part of the Microsoft 365 subscription plan, which starts at $69.99 per year. Microsoft 365 also has features like identity theft monitoring, OneDrive file protection, and advanced email and calendar features for Microsoft Outlook, besides the Defender antivirus. Additionally, there’s Microsoft Defender for Business, which has plans starting at $3 per user per month for up to 300 users and up to 5 devices per user.

Malwarebytes

Malwarebytes is one of the only antivirus programs I would consider using. It scores well in virus detection tests while not, in my experience, causing the sort of intense slowdowns commonly associated with antiviruses. However, there is still a noticeable slowdown while in use. Malwarebytes’ plans can start at $3.75 per month for individuals and freelance users.

Malwarebytes’ Teams plan for businesses and organizations starts at $119.97 per year for 3 devices but can go up to 20 if necessary. Interested business clients can also look into the company’s managed detection response and EDR solutions.

How I Compared Avast & AVG

To grade Avast and AVG on a roughly even playing field, I created a grading rubric with 6 categories that interested buyers should consider when deciding which antivirus to buy. Two categories (Trustworthiness and Impact on Device Performance) did not get a dedicated section due to there not being much to compare within the format of this article. Still, they were briefly discussed in the overview for both products.

Pricing – 15%

I looked at the pricing on the lowest-available paid plans for both services. This was its Premium Security antivirus plan for Avast; for AVG, this was AVG Internet Security.

Core Features – 20%

I evaluated the availability of basic antivirus features for both Avast and AVG. Basic features included endpoint scanning and web browsing protection.

Advanced Features & Integrations – 10%

For this category, I analyzed some nice-to-haves for an antivirus, including a firewall and dark web monitoring. Password Managers and VPNs were also considered, though their impact on my overall grade was minor.

Customer Support – 10%

I checked out this category’s customer support options for Avast and AVG. This included determining if I could contact human customer support agents via phone or live chat, whether customer forums were available, and whether either company had 24/7 support.

Impact on Device Performance – 15%

I looked at how much each software slowed down or affected my experience using my device. This includes looking at browsing speeds and if either product’s web protection features are blocked or affected by any websites I commonly use throughout my day, like YouTube or Spotify.

Trustworthiness – 30%

Finally, I researched both companies’ histories for any notable data breaches or past shady activity, like if they had been caught selling user data. In my opinion, trust is the most important consideration factor with cybersecurity products, which is why it’s weighted so much higher than all other categories.

Bottom-Line: Avast vs. AVG

Avast and AVG are functionally identical antiviruses and are owned by the same company. That company used both antivirus-free versions and browser extensions to harvest user data that a subsidiary monetized. Even if these were the best antivirus products in the world, which they are not, I would never trust this company with my personal data, and I don’t think anyone else should either.

The post Comparing Antivirus Software 2025: Avast vs. AVG appeared first on eSecurity Planet.

While the antivirus industry can feel overwhelmingly large, we only look at two providers today: Bitdefender and ESET Antivirus. Both pieces of software come packed with solid features, and we’ll be comparing the two to see who comes out on top. While this is my opinion, you will ultimately need to decide which antivirus product (if any) is right for you based on your specific needs and those of your business.

Bitdefender vs. ESET Antivirus at a Glance

Let’s compare some basic pricing and features between ESET and Bitdefender before going into more detail below:

Lowest Annual Price	$59.99 per year for the first year; $109.99 in subsequent years	$69.99 per year
Supported Operating Systems	Windows, MacOS, and Android**	Windows, MacOS, and Android**
Maximum Number of Devices Supported	25	10
Firewall	Yes	Yes, at middle and highest pricing tiers
Malware Detection Rates*	100%	100%

*Malware detection rates in this table were pulled from AV-Test.org’s August 2024 Windows test. Detection rates from other websites, including AV-Comparatives, were used to evaluate the products.

** While ESET and Bitdefender both have iOS products, neither are antiviruses and will not be considered for this article

Overall, Bitdefender and ESET Antivirus are fairly inoffensive as far as antiviruses go, in my opinion. They don’t do much to stand out from the broader industry, nor each other. I think that if you were to choose an antivirus product to protect yourself or your business, both are fine options.

Bitdefender Overview

Overall Rating: 3/5

• Pricing: 2/5
• Core Features: 5/5
• Advanced Features & Integrations: 5/5
• Customer Support: 3/5
• Impact on Device Performance: 2/5
• Trustworthiness: 2/5

Bitdefender as a platform is acceptable. Antiviruses are annoying to set up and operate, with persistent notifications and severely impacting device performance. While my device did slow down to crawl while using Bitdefender on Windows, its notifications didn’t have much of the fearmongering you expect from an antivirus platform, which is always nice to see.

Daily scanning can also be a nice touch, even if it’s part of why Bitdefender slowed down my machine. The service also performed well in independent testing from websites like av-test.org and AV-Comparatives.

The product’s cons are fairly noticeable, unfortunately. The aforementioned device slowdown was significant and a pain to deal with, as with most antiviruses. Its add-ons are pricey, meaning any additional features you might want can eat into your wallet as much as the software eats into your speeds. Finally, turning off my subscription’s auto-renewal finally cut off my ability to use some features, mostly in the customer support area. 

Overall, business readers are better off checking out the company’s endpoint detection response (EDR) solutions instead.

As for reputation, Bitdefender sits solidly in the middle of the pack when compared to the rest of the industry: mostly solid but with some bits that give us pause. Although its researchers have done good work, like discovering critical webOS flaws in early 2024, the company’s servers were hacked in 2015, compromising business clients’ passwords.

More damning than the breach itself, these passwords turned out to be unencrypted, which means the company stored this sensitive information without doing even the bare minimum to protect users if a breach occurred. Of course, this was almost a decade ago, and it’s reasonable to believe the company has taken steps to fix this perplexing mistake. However, it makes me wary of trusting Bitdefender with my sensitive information.

Pros & Cons

ESET Antivirus Overview

Overall Rating: 3.5/5

• Pricing: 2/5
• Core Features: 4/5
• Advanced Features & Integrations: 5/5
• Customer Support: 4/5
• Impact on Device Performance: 2/5
• Trustworthiness: 3/5

ESET as an antivirus is alright. Notably, it only registered two false alarms in AV Comparative’s most recent testing, placing it only behind Trend Micro and Kaspersky, each with one false alarm. High scores like these in independent testing are always nice to see.

I was also a fan of its Device Control system when I tested the service. This lets you configure the platform to meet your specific needs, including setting device-specific rules. It can let you block or restrict access privileges for external devices. Theoretically, this could help stop someone using a Bluetooth device to hack your machine. While nice, the platform is fairly expensive, and I’m not sure the whole package is worth the admission price.

Price is one of the key issues with ESET as a product, but it’s not the only one. As much as I liked the Device Control features, they make the service more complicated, which can burden users who lack the technical knowledge to configure it properly. On top of that, ESET’s impact on device performance was significant, which is expected from an antivirus but is never great to see.

Aside from a 2018 antitrust lawsuit, its reputation is mostly fine, which I can’t always say about antivirus providers. There’s no history of major data leaks, aside from its security forums being breached back in 2014. While this isn’t great, you sometimes must grade on a curve with antivirus providers.

Pros & Cons

Best for Pricing: Bitdefender & ESET Antivirus

Lowest Pricing Tier (Billed Annually)	$59.99 per year for the first year; $109.99 in subsequent years	$69.99 per year
Mid-Range Pricing Tier (Billed Annually)	$79.99 per year for the first year; $129.99 per year in subsequent years	$79.99 per year
Highest Pricing Tier (Billed Annually)	$99.99 per year for the first year; $159.99 per year in subsequent years	$179.99 per year
Free Trial	30 days	30 days

* ESET pricing starts lower in the lowest and mid-range pricing tiers but only covers 3 devices. The prices shown above are for 5-device coverage to match up with Bitdefender’s default 5-device coverage.

Winner: While Bitdefender is slightly cheaper in the first year, the significant jump from year two and onward makes it tough to really differentiate between the two in the pricing category. Regardless, both platforms are fairly overpriced for what they offer.

Best for Core Features: Bitdefender

Endpoint Scanning	Yes	Yes
Antimalware	Yes	Yes
Web Browsing Protection	Yes	Yes
Ad Blocking	Yes, at higher pricing tiers	No

Winner: Bitdefender and ESET are nearly identical in core features, but an ad-blocker at higher pricing tiers gives Bitdefender a slight edge.

Best for Advanced Features & Integrations: Bitdefender

VPN	Yes, with limited traffic at lowest-pricing tier; unlimited traffic at middle and highest tiers	Yes, at highest pricing tier only
Password Manager	Yes	Yes, at middle and highest pricing tiers
Firewall	Yes	Yes, at middle and highest pricing tiers
Dark Web Monitoring	Yes, at highest pricing tier	Yes, at highest pricing tier

Winner: Both platforms offer all the features listed above, but Bitdefender offers them at cheaper pricing tiers than ESET Antivirus, giving it a slight edge. However, this is mainly for the firewall feature. While a built-in VPN and Password Manager are nice, I’d recommend dedicated VPN and Password Manager solutions over whatever might come bundled with an antivirus.

Best for Customer Support: ESET Antivirus

Support Forum/Customer Community	Yes	Yes
Support Hours	24/7	6am-5pm Pacific Standard Time Monday-Friday
Phone Support (With a Human Agent	Unclear	Yes
Email Support	Yes	Yes
Live Chat Support (With a Human Agent)	Unclear	Yes, after filling out a ticket

Winner: While Bitdefender’s 24/7 support hours certainly feel better, ESET’s customer support options are more transparent in terms of knowing that you’ll be put in touch with a human. Inconvenient as it may be at times, I’d rather wait to contact the company during business hours than try to deal with a chatbot that is likely working off the same knowledge base I already have access to.

Who Shouldn’t Use Bitdefender or ESET Antivirus?

The short answer is “most people,” in my opinion. Antiviruses can be great for peace of mind. Still, the bulk of paid options, including the stars of this article, usually don’t provide enough value for your money compared to cheaper options like Microsoft Defender. There’s nothing particularly wrong with Bitdefender or ESET compared to the broader industry.

Still, I wouldn’t personally pay the prices asked by these companies to use either on my own device, and I don’t think most other individuals should either. Some businesses might find a helpful antivirus, but in many cases, I would recommend a dedicated endpoint detection response solution over an antivirus.

2 Alternatives to Bitdefender & ESET Antivirus

Bitdefender and ESET aren’t the only antivirus solutions on the market. Here are a couple of alternatives for your consideration:

Microsoft Defender

If you’re a PC user, the Microsoft Defender software with a Microsoft 365 subscription will serve your needs just as well as any more expensive, more feature-burdened platform in most cases. It scores well in virus detection tests run by reputable sites like AV-test and AV-Comparatives, and it lacks many bloatware and unnecessary features common in modern antivirus software.

It is available as part of the Microsoft 365 subscription plan, which starts at $69.99 per year. Alongside Defender, Microsoft 365 has features like identity theft monitoring, OneDrive file protection, and advanced email and calendar features for Microsoft Outlook. A Microsoft Defender for Business plan is available starting at $3 per user per month, supporting up to 300 users and up to 5 devices per user.

Malwarebytes

Malwarebytes is one of the best antiviruses on the market and one of the only ones I would install on my own devices if need be. Much like Bitdefender and ESET, it scores well in virus detection tests while not having as large an impact on your performance as either piece of software. Malwarebytes has plans starting at $3.75 per month for individual users.

Its Teams plan targets businesses and organizations, starting at $119.97 per year for 3 devices. Its Teams plan can support up to 20 devices. Managed detection response and EDR solutions for businesses are also available.

How I Compared Bitdefender & ESET Antivirus

To grade Bitdefender and ESET Antivirus on a roughly even playing field, I created a grading rubric with 6 categories that interested buyers should consider when deciding which antivirus to buy. Two categories (Trustworthiness and Impact on Device Performance) did not get a dedicated section due to there not being much to compare within the format of this article. Still, they were briefly discussed in the overview for both products.

Pricing – 15%

I examined each company’s leading consumer products (Bitdefender’s all-in-one security packages and ESET’s For Home packages) and their pricing plans. Free trials and several supported devices were also considered.

Core Features – 20%

I evaluated the availability of basic antivirus features for both Bitdefender and ESET Antivirus. Basic features included endpoint scanning and web browsing protection.

Advanced Features & Integrations – 10%

For this category, I analyzed some nice-to-haves for an antivirus, including a firewall and dark web monitoring. Password Managers and VPNs were also considered, though their impact on my overall grade was minor.

Impact on Device Performance – 15%

I looked at how much each software slowed down or affected my experience using my device. This includes looking at browsing speeds and if either product’s web protection features are blocked or affected by any websites I commonly use throughout my day, like YouTube or Spotify.

Customer Support – 10%

I checked out this category’s customer support options for Bitdefender and ESET. This included determining if I could contact human customer support agents via phone or live chat, whether customer forums were available, and whether either company had 24/7 support.

Trustworthiness – 30%

Finally, I researched both companies’ histories for any notable data breaches or past shady activity, like if they had been caught selling user data. In my opinion, trust is the most important consideration factor with cybersecurity products, which is why it’s weighted so much higher than all other categories.

Bottom Line: Bitdefender vs ESET Antivirus

Overall, Bitdefender and ESET Antivirus are the same as the other products. The two might be slight differences based on reputation or some small features, but they’re not enough to meaningfully separate one another. I personally wouldn’t pay for either service, but if you’re set on choosing between these two products, I don’t think there’s a wrong answer either way.

The post Compare Antivirus Software 2025: Bitdefender vs ESET appeared first on eSecurity Planet.

I looked at industry-leading remote access software products and selected five of the best, based on their features, pros, and cons, to ensure you can choose the one that most fits your team and their needs.

Before we get to the main list, here’s a table of our top picks, alongside pricing and essential features like multi-factor authentication and secure file transfer.

RustDesk

Visit Website

Overall Rating

3.5/5

Pricing

5/5

Core Features

3/5

Additional Features

2/5

Ease of Use

5/5

Customer Support

1/5

Trustworthiness

3/5

RustDesk is an open-source remote access platform developed by Singaporean company Purslane Ltd. The app contains many of the features you’d expect from this sort of software, such as file transfer, access controls, and audit logs, and is available on all major platforms. It boasts a simple, user-friendly interface and some of the lowest impact on device performance of the products I looked at.

The main downsides of the product are a lack of traditional customer support options and some key features. In particular, its two-factor authentication (2FA) options are limited to email verification or using a 3rd-party authenticator app like Microsoft Authenticator. In terms of customer support options, RustDesk largely relies on email support and the platform’s Discord server and GitHub page. While these options can be beneficial, they might in some cases be lacking in speed or technical know-how.

While there is a free version, its limited features make it less than ideal for business use. Thankfully, RustDesk offers a multi-license Pro Plan with sliding-scale customization, allowing companies to cover 10-500 licensed users and 100-5000 devices off one plan. This Pro Plan starts at $19.90 per month but can hit $999.90 monthly, depending on how many users you need to cover. There’s also an individual plan at $9.90 per month, but it only covers one licensed user and can’t be scaled up like the pro plan. Larger plans are available, but you’ll need to contact RustDesk’s sales team directly for that information.

Pros

• Simple, easy-to-use interface
• Low impact on device performance
• Open-source

Cons

• Somewhat limited features
• Lacking in customer support options

Zoho Assist

Visit Website

Overall Rating

3/5

Pricing

5/5

Core Features

5/5

Additional Features

4/5

Ease of Use

3/5

Customer Support

1/5

Trustworthiness

2/5

Part of the Zoho family of software products, Zoho Assist offers a nice suite of features and integrations for businesses looking for a remote access solution to enhance their network security. Notable features include controlling iOS and Android devices, file transfer, and unattended remote access. Some of the integrations I liked the most included Slack, Google Suite, and Service Now.

Zoho Assist’s UI is cluttered and can be difficult to parse at first, which isn’t great for ease of use. Users have also reported lag when trying to communicate between devices. The customer support options are also unideal. Email support is the only option, with no direct phone call support. This can mean that if you need to troubleshoot Zoho Assist, it might be a full business day before you get a response.

Zoho Assist has a free version, but its limited functionality makes it unideal for scalable business use. In terms of pricing, Zoho Assist is fairly affordable, with its Remote Support Standard tier starting at $10 per technician per month for a yearly subscription. For Unattended Access, its Standard tier starts at $10 per 25 unattended computers per month for a yearly subscription. If you’re not satisfied with the platform, the company does offer a 45-day money-back guarantee for annual subscriptions. 

Pros

• Affordable
• Good features and integrations
• Can control mobile devices

Cons

• Messy UI
• Noticeable lag when communicating between devices
• Lacking in customer support options

BeyondTrust

Visit Website

Overall Rating

3.5/5

Pricing

1/5

Core Features

5/5

Additional Features

5/5

Ease of Use

3/5

Customer Support

4/5

Trustworthiness

4/5

BeyondTrust’s Remote Support tool gets solid reviews from users, citing its ability to integrate well into an existing IT environment and its ability to reduce response times for IT professionals trying to remotely troubleshoot their colleagues’ technical woes. Its reliability was also highlighted as a mark in its favor, and it boasts many of the features you could want out of a remote access solution, including unattended access, comprehensive logs for auditing and compliance, and the ability to create custom integration for your business’s other tools and platforms via its open API.

In terms of drawbacks, users have reported BeyondTrust to be very expensive and complicated. This is fine if you’re an enterprise-level company looking for a remote access solution, but I’d suggest that SMBs look elsewhere for a more affordable, less complex product.

BeyondTrust’s pricing is not publicly available on its website, instead requiring interested clients contact their sales team directly to get a quote and details about pricing. You can also contact the company to get a free trial. Although it’s understandable that a B2B solution like this would likely require bespoke pricing, the lack of even a starting rate is disappointing to see, as it becomes more difficult to evaluate BeyondTrust’s affordability for businesses on a budget.

Pros

• Reliable
• Integrates well within existing IT environments
• Tons of features

Cons

• Lack of pricing transparency
• Expensive according to user reviews
• Might be more complicated than some businesses can handle

Connectwise ScreenConnect

Visit Website

Overall Rating

2.5/5

Pricing

2/5

Core Features

4/5

Additional Features

4/5

Ease of Use

4/5

Customer Support

4/5

Trustworthiness

1/5

Connectwise boasts a variety of software solutions for businesses, but its ScreenConnect service is the one I’m looking at for this article. It’s a remote access platform like the others I’ve looked at with a nice collection of features that work well in most types of network security. It has all the main ones you’d want from a remote access solution, like file transfer and remote printing, and the more expensive the subscription plan you purchase, the more features get piled on top, including VOIP audio during support sessions and a remote diagnostics toolkit to manage software and processes on remote devices.

It’s those pricing tiers where Connectwise kind of falters, however. Even its base subscription tier, as limited as it is, is fairly expensive, and it only gets more so as you move up the tiers. The subscription plan options listed on its website can also be a little difficult to parse and took me a couple reads before I fully understood them. The base plan also doesn’t include the ability to remotely access remote devices, requiring you to shell out extra for what should be a base-level feature for a business-focused remote access solution. Some users have also reported performance issues with the service, noting slowdown on their machines while it was running.

In February 2024, Connectwise was also hit by hackers exploiting two major security vulnerabilities. While the company patched these vulnerabilities fairly quickly, cybersecurity researchers from several firms, including Huntress, found that these exploits had been used on a large scale by hackers like the LockBit ransomware gang to deploy malware on client devices. While these exploits seem to have been fixed up, I’d personally recommend holding off on giving Connectwise a try for the foreseeable future.

Connectwise ScreenConnect has 4 different subscription plans: Remote Support One, Remote Support Standard, Remote Support Premium, and Remote Unattended Access. Remote Support One is a single license for 1 technician to operate 1 remote support session for $28 per month for an annual subscription.

Remote Support Standard costs $43 per technician per month on an annual plan and allows 1 technician to operate up to 3 remote support sessions at once, alongside additional features like mobile device support.

Remote Support Premium allows 1 technician to operate up to 10 simultaneous sessions and costs $53 per technician per month on an annual subscription. Unattended Access exclusively gives you unattended remote access with few other features and offers unlimited sessions for up to 25 technicians at $31 per month on the annual plan. If you have more than 25 technicians, volume-based pricing is available for Unattended Access for up to 2,500 technicians.

Pros

• Great customization options
• Solid features

Cons

• Expensive and confusing pricing options
• Has some performance issues
• Not all plans support mobile devices

RemotePC

Visit Website

Overall Rating

4/5

Pricing

5/5

Core Features

4/5

Additional Features

3/5

Ease of Use

3/5

Customer Support

4/5

Trustworthiness

4/5

RemotePC is a remote access solution that works especially well on Windows devices. It has many of the features you’d want out of a platform like this, including file transfer, access via browser, and security features like the Personal Key, a password set by the user for their computer that is only saved on the computer and not any RemotePC servers. The service performs especially well on Windows PCs, according to some users, and is easy to set up and use.

In terms of cons, RemotePC has a few. Its mobile apps, while they work well enough, have had some performance problems when compared to the fairly-stable performance of the PC platform. On top of that, there can be some stability issues after the first couple uses, according to some reviews. In the worst cases, users were completely unable to get the service to work.

Finally, while you can access video and audio chat on RemotePC, you have to use the RemotePC Meeting client that comes with a subscription. This adds an extra step to a process that probably doesn’t need any more steps, since you’ll most often be using this when your computer is experiencing technical difficulties.

RemotePC has 5 subscription tiers, each of which comes complete with a 7-day free trial. Two of these are for consumer use, with the rest being targeted at businesses. RemotePC SOHO is the smallest business tier with unlimited user licenses and remote access to 10 computers. It starts at $74.62 per year for the first year and costs $99.50 per year in subsequent years.

RemotePC Team starts at $224.62 per year for the first year and $299.50 per year in subsequent years. It bumps the number of accessible computers up to 50, alongside providing additional features like on-demand remote support. RemotePC Enterprise is the highest business tier and increases the number of accessible computers to 100, as well as giving businesses the ability to set roles and access permissions for users.

It starts at $449.62 per year for the first year and costs $599.50 in subsequent years. Scalable pricing for additional computers is also available for all tiers.

Pros

• Performs well when used on Windows PCs
• Easy to use

Cons

• Mobile options can have performance issues
• Some users have reported trouble with stability after first couple uses
• Video or audio chat requires additional tools

Risks of Using Remote Access Software

While any good remote access software should come packed with security features like multi-factor authentication, no security tool is 100% safe, and there are risks to using this type of software.

The primary risk is that any remote access solution your company ends up adopting will become a massive point of failure in the event of a breach. While remote access can be extremely helpful in day-to-day IT and business operations, that sort of connection to other devices, in many cases without even needing the device’s owner to be present, can also be used by hackers to get a near-unimpeded view of your business’s sensitive data. 

This level of access can be problematic. In June 2023, the Cybersecurity and Infrastructure Security Agency (CISA) published, alongside other security agencies, a guide on how to secure remote access software and listed other potential vulnerabilities created by these tools. In particular, one risk is that these services can often be used by hackers to bypass many of the security measures an individual or business might have in place, such as an antivirus, a firewall, or software management control policies. 

They can do all this while also not requiring much work on the hacker’s end, such as forcing them to create custom malware. The CISA guide even draws a direct parallel to the legitimate use of remote access software by IT professionals and the use of remote access Trojan malware by hackers.

Although using a remote access solution can be enticing to many businesses and for many use cases, businesses and the IT experts they employ need to maintain vigilance and solid security policies when implementing and using these tools. The CISA guide recommends, among other things, implementing zero-trust security models and solutions, as well as user training programs to help employees become better able to spot phishing and other social engineering attacks.

How Can I Access Another Computer Remotely for Free?

There are a few different ways to access another computer for free. Several of the providers I listed above have free versions, and video conferencing apps like Zoom can have features that can allow for remote access as long as the other user is present. If you’re using Windows devices, Microsoft has a proprietary remote desktop client that works well with its remote desktop protocol that is also free. Regardless of what you end up picking however, it’s important to take steps to ensure a secure remote connection before using any of these products.

Alternatives to Remote Access Software

While remote access software is great for some teams, others might not need a long-term solution. Zoom and other video conferencing apps let you control another user’s screen while they are using the screen share feature, and in some cases, this might be enough to meet your needs.

This is fine if you don’t require unattended access, as both parties will need to be on the call in order for these features to work. Using Zoom or another video conferencing platform for this purpose also brings with it more lag than remote access solutions tend to.

Windows QuickAssist is also a viable alternative if both users have PCs and Microsoft accounts, though it might lack some of the features you’d want out of a remote access solution.

Bottom Line: Remote Access Software Can Help Secure Your IT Ecosystem

With the rise of remote work, companies’ IT departments have faced a challenge regarding how to safely handle providing technical support to remote employees. One of the most effective tools for this has been remote access software. These solutions allow IT experts to securely access employee devices to better diagnose and resolve any issues that might be plaguing the user. However, this software can have some risks if not properly implemented. As such, it’s important to utilize best practices when setting up and operating remote access solutions.

The post Best Secure Remote Access Software of 2025 appeared first on eSecurity Planet.

One solution many companies, both large and small, have turned to is the utilization of virtual private networks (VPNs). They can route remote workers’ traffic through easier-to-monitor pathways, giving businesses greater safety and control over their sensitive data when used in concert with dedicated endpoint management solutions.

However, VPNs come with a few caveats and hitches that make them potentially unideal for large-scale operations. Chief among them is that VPNs were never designed as cybersecurity products. For example, although many providers tout a VPN’s ability to protect users’ traffic while using public WiFi, attack methods like Tunnel Vision can still leave users vulnerable.

Additionally, VPNs face difficulties during set-up and scaling for more than a handful of users and devices. If not configured properly, a business’s network can still be put at risk, and even when configured the right way, you might still encounter congestion and device performance issues, particularly when remote workers use a VPN for heavy-bandwidth activities like Zoom calls or downloading large files.

Cloud-based network security products like NordLayer aim to bridge the gap between VPNs and proper cybersecurity solutions, giving businesses an added layer of security alongside the strict, controlled access required to implement a zero-trust security framework.

What You Need to Know About NordLayer 

	NordLayer is a business VPN and network access tool that will appeal to businesses looking for a solution with an easy-to-use interface that can help them implement a zero-trust framework for access control.
Overall Rating: 2.5/5 • Core Features: 4/5 • Usability: 3.5/5 • Customer Support: 3/5 • Trustworthiness: 2/5 • Pricing: 2/5	Pros	Cons
	Easy to use Large number of features Options for both small businesses and enterprises	Pricing might be a bit steep for smaller teams or if you want more features Fairly limited number of server locations Company’s servers have been breached in the past 14-day money-back guarantee is pretty small

Who Should Use NordLayer?

NordLayer is a feature-rich, business-focused VPN and network access solution from the company behind two of the most popular VPNs in the consumer VPN market, NordVPN and Surfshark. 

Consider NordLayer if your business meets one or more of the following criteria:

• Enterprises seeking to adopt a zero trust framework: Nord claims NordLayer is built with a zero trust strategy in mind, making it a good choice if you’re trying to implement zero trust in your own company.
• Teams looking for an easy-to-use business VPN: Whatever else you can say about it, NordLayer offers, on the user side at least, an intuitive UI setup. However, I wasn’t able to test the back-end features meant to be used by an IT security manager.
• Businesses that want many features on one platform: From its business VPN to access management to a firewall, NordLayer comes packed to the gills with enticing features. Getting all these features in one place for your business can make your IT manager’s life much easier.

Who Shouldn’t Use NordLayer?

NordLayer looks great on paper, but no product is flawless. Its steep prices and data breach history could make it a less-than-appealing option, depending on your company’s needs.

I wouldn’t recommend NordLayer if:

• You’re a small business on a strict budget: A business VPN can feel like something your small business needs to protect sensitive company data. However, business VPNs do not come cheap, and NordLayer is no exception, especially if you want more features than what the lowest tier offers.
• You care about how a company responds to data breaches: In 2018, NordLayer’s consumer-grade cousin NordVPN, along with TorGuard VPN and Viking VPN, was hacked by an 8chan user. The user did not come away with any sensitive information, and the breach only affected Nord’s single server. However, the company did not inform users of the breach until six months after they initially learned of it.
• You’re looking for a service with a generous free trial period: Business VPNs can be expensive and difficult to fit into your company’s pre-existing IT infrastructure. As such, you might prefer a service with a free trial or a generous money-back guarantee period. NordLayer’s 14-day money-back guarantee probably won’t give you the time you need to know if the product is right for your business or not, unfortunately.

NordLayer Pricing

NordLayer has three subscription tiers, with a fourth tier for enterprises that lets you choose which features you want a la carte. The three main tiers each have a 5-user minimum, while the Enterprise Offer requires you to have at least 50 users. The lowest-tiered plan, Lite, starts at $8 per user per month, while the Enterprise Offer starts at $7 per user per month. All subscriptions come backed by a 14-day money-back guarantee.

These prices are fairly standard for business VPNs, meaning it can get pricey for smaller businesses. The money-back guarantee does not give customers enough time to determine if the product fits their business. I’d prefer if NordLayer took a page out of its cousin NordVPN’s playbook and adopted a 30-day money-back guarantee to give companies more time to test the service before committing.

3 Key Features of NordLayer

Business VPN

NordLayer is, first and foremost, a VPN. While I couldn’t dig into the administrative side of the app, the user side of NordLayer is very similar to its sister product, NordVPN. As a VPN, Nord is fine. It’s easy enough to install and use, though its zero-trust framework gives users a couple of hurdles to jump over before finally connecting. The administrator has to confirm your final connection. I’d recommend sticking to the NordLynx protocol when using the service, as it easily outpaces the other supported VPN protocols within NordLayer for device performance.

Fixed IP on Dedicated Servers

While I personally wouldn’t recommend using fixed IPs with a VPN in most cases, some companies have found it useful to restrict user access to sensitive information to specific IP addresses in lieu of or in addition to traditional login credentials. As part of its Core, Premium, and Custom plans, NordLayer offers fixed IP on dedicated servers in the following locations, according to their webpage on the subject:

• Australia (Sydney)
• Austria (Vienna)
• Belgium (Brussels)
• Brazil (São Paulo)
• Canada (Vancouver, Montreal, Toronto)
• Colombia (Bogota)
• Cyprus
• Czech Republic (Prague)
• Denmark (Copenhagen)
• Estonia (Tallinn)
• Finland (Helsinki)
• France (Paris)
• Germany (Frankfurt)
• Greece (Athens)
• Hungary (Budapest)
• Ireland (Dublin)
• Italy (Milan)
• Japan (Tokyo)
• Latvia (Riga)
• Lithuania (Vilnius)
• Malaysia (Kuala Lumpur)
• Netherlands (Amsterdam)
• Norway (Oslo)
• Poland (Warsaw)
• Portugal (Lisbon)
• Romania (Bucharest)
• RSA (Johannesburg)
• Singapore (Singapore)
• South Korea (Seoul)
• Spain (Madrid)
• Sweden (Stockholm)
• Switzerland (Zurich)
• UK (London, Manchester)
• US (Boston, Seattle, Chicago, Los Angeles, New York, Dallas, Atlanta, Houston)

Built With Zero Trust in Mind

Zero trust network access (ZTNA) is a strategy that protects networks from threats. It emphasizes continuous verification of all users when accessing company resources, lowering the risk of harm a malicious actor can cause by granting all users only the bare minimum permissions needed to do their jobs. It also involves collecting evidence such as logs or behavioral data to track and monitor access to any sensitive resources.

This approach, while effective, can sometimes be difficult to manage, as it can require getting multiple different network security solutions with very different design philosophies to work together as a cohesive unit.

NordLayer’s wide range of access control and monitoring features make it a decent option for companies looking to implement or streamline their zero-trust strategy.

Should You Trust NordLayer?

Whether you’re an enterprise with 2,000 employees or a self-employed freelancer, trust should be a key decision factor when discussing any company you’re considering buying from. This is especially true for companies that sell cybersecurity products, as you often trust them with your data and digital safety.

In the case of a VPN provider like Nord, you’re trusting them with your Internet traffic and the access tunnels to your business’s sensitive data and resources instead of trusting your internet service provider.

In terms of trustworthiness, Nord scores low for me. The 2018 data breach, while seemingly minor in terms of impact on users, casts a shadow on the company for me. Waiting six months to inform users of the breach, and only after it was talked about on Twitter, is simply unacceptable from any company claiming to be good stewards of their users’ data.

I don’t think it’s unfair if you look at the situation and say, “Well, that was 6 years ago. They’ve had time to fix that issue, improve their security infrastructure, and take steps to improve how they communicate with users.”

However, I don’t believe companies, especially cybersecurity companies, deserve second chances when making mistakes like how Nord Security handled its data breach. Why should we potentially put our data at risk by giving a company a second chance when there are plenty of providers out there who haven’t been breached or who responded to their own breaches better than Nord did?

NordLayer Alternatives

NordLayer is just one of many VPN solutions out there for businesses to choose from. Here are  a few more providers worth taking a look at.

ProtonVPN

I would probably recommend ProtonVPN’s business-focused options over NordLayer’s. On top of being cheaper, Proton, while not the most trustworthy VPN provider on the market, is more trustworthy than Nord while packing most of the same features. Outside of Proton’s custom-priced Enterprise subscription, NordLayer does have more dedicated server locations.

Mullvad VPN

While not the best choice for enterprise-level clients, small businesses and self-employed freelancers might find Mullvad an affordable and easy-to-use VPN. It’s one of the most trusted VPNs on the market as well, thanks in part to its unique account system, which means the company never has to store sensitive information like an email address or phone number. In terms of features, NordLayer has Mullvad beat, but if you just need a VPN to function like a VPN, I would go with Mullvad every time.

Perimeter 81

Perimeter 81 is more of a SASE solution than a business VPN, but its VPN component is solid. Its number of countries with server locations is lower than NordLayer’s, but I think the actual security features on display are more impressive, like the threat emulation add-on. The sheer quantity of add-ons Perimeter 81 has means it’ll probably be more expensive than NordLayer, however.

How I Evaluated NordLayer

Ultimately, VPNs as a product are about trust, which is why I assigned the highest weight to the Trustworthiness score instead of Core Features. You don’t need too many bells and whistles to make a viable VPN, and many VPNs share a lot of the same features. This homogenization of the market means it often matters more what a company does with your data or how it’s responded to past data breaches than what shiny features it has out of the box.

Evaluation Criteria

• Core Features (20%): Here, I search for the basic features every VPN needs to be a VPN. This includes split-tunneling, multi-factor authentication, and mobile app support.
  • Score: 4/5
• Usability (15%): This section looks at how easy a product is to use and how accessible its technical documentation is, as well as how easy it is to report bugs and the like.
  • Score: 3.5/5
• Customer Support (10%): For customer support, I highlight the various customer support options available to users, particularly the presence of real human customer support agents in lieu of chatbots.
  • Score: 3/5
• Trustworthiness (40%): When you use a VPN, you effectively trust that provider with your Internet traffic in lieu of trusting your internet service provider. So, I always try to look for how a company has treated its user data in the past. This can include data breach history or if the company has been caught selling user data in the past, among other transgressions.
  • Score: 2/5
• Pricing (15%): Finally, I look at a VPN’s various pricing plans and compare these plans to competitors. I also consider the availability of a free trial or a generous money-back guarantee policy.
  • Score: 2/5

Bottom Line: NordLayer Is an Easy-to-Use Business VPN With Some Nice Security Features

While I have concerns with how Nord Security has handled past breaches and how they’ve informed users, I understand that many potential customers will be more forgiving of something that happened six years ago. Ignoring the 2018 breach, NordLayer is a fine choice for a business VPN. While expensive, the sheer number of features and easy-to-use interface make it a solid enough choice for businesses looking to enhance their cybersecurity strategy.

The post NordLayer Review: Pricing, Features & Specs appeared first on eSecurity Planet.

Common types of rootkits include bootkits, firmware rootkits, and memory rootkits. Once installed, a rootkit provides a hacker with an incredible number of weapons with which to wreak havoc on a system and network, often while remaining undetected until it’s too late to stop them. Depending on the rootkit and the hacker, victims can find their messages intercepted, their data stolen, or even their hardware rendered unusable.

When trying to protect yourself and your business from rootkits, it can be important to understand not only the variety of types of rootkits out there but also steps you can take to keep them away from your devices as much as possible and what to do when you find yourself infected. Here then are the most common rootkit threats, followed by some basic rootkit defenses.

Looking for More About Malware? Check Out What is Malware? Definition, Purpose & Common Protections

Bootkit

A bootkit is a type of kernel-mode rootkit that infects the master boot record, volume boot record or boot section during computer startup. Bootloaders are usually launched by a disc, USB drive, or hard drive, which tells the computer where its bootloader program is. A bootkit will then replace the legitimate bootloader with an infected version. The malware loader persists through the transition to protected mode when the kernel has loaded and is thus able to subvert the kernel.

Bootkits can be difficult to detect and drive out, since they won’t typically be found in a user’s file system. Additionally, removal might cause more damage to the computer if the bootkit has already altered the computer’s boot records.

Examples include Olmasco, Rovnix and Stoned Bootkit.

Kernel-mode Rootkit

A kernel-mode rootkit alters components within the computer operating system’s core, known as the kernel. Some of these rootkits resemble device drivers or loadable modules, giving them unrestricted access to the target computer. This also gives them the ability to deftly evade detection by functioning at the same security level as the OS itself.

Because of how deeply embedded kernel-mode rootkits are within a computer’s system, they can be one of the most damaging types of malware out there. Kernel-mode rootkits generally require a high degree of technical competency to utilize. Any bugs or glitches in its programming leaves noticeable trails for antivirus software to track.

Notable examples of kernel-mode rootkits include Knark, Zero Access, Adore, FudModule, Da IOS, and the deliciously-named Spicy Hot Pot.

User-mode Rootkit

Also known as an “application rootkit,” the user-mode rootkit replaces executables and system libraries and modifies the behavior of application programming interfaces (APIs). It alters the security subsystem and displays false information to administrators of the target computer. It can intercept system calls and filter output in order to hide processes, files, system drivers, network ports, registry keys and paths, and system services.

Examples of this type of rootkit include Vanquish, Aphex and Hacker Defender.

Virtual Rootkit

A virtual, or hypervisor, rootkit hosts the target OS as a virtual machine, enabling it to intercept hardware calls made by the original OS. The rootkit does not have to modify the kernel to subvert the operating system. This type of rootkit was developed as a proof of concept in 2006, but in 2017, researcher Joseph Connelly designed nested virtual machine rootkit CloudSkulk as part of his Masters degree work at Boise State University. In 2021, Connelly and other researchers presented a new paper outlining an approach to detecting rootkits similar to CloudSkulk.

Need an Edge to Stay Ahead of Hackers? Take a Look at Top Threat Intelligence Platforms for 2022

Firmware Rootkit

A firmware rootkit uses device or platform firmware to create a persistent malware image in the router, network card, hard drive or the basic input/output system (BIOS). The rootkit is able to remain hidden because firmware is not usually inspected for code integrity. These rootkits can be used for semi-legitimate purposes, such as anti-theft technology preinstalled in BIOS images by the vendor, but they can also be exploited by cybercriminals.

Examples include Cloaker and VGA rootkit.

Memory Rootkit

Memory rootkits camouflage themselves within a computer’s random-access memory (RAM). While there, it can severely hamper a device’s performance by consuming massive amounts of RAM resources through its toolbox of malicious programs. This is on top of whatever damage they can deal with said toolbox. Thankfully, memory rootkits are one of the easier types of rootkits to manage, as they’re usually deleted when the infected computer reboots.

Notable Rootkit Incidents

Thanks to the amount of control they can exert over a system and the potential damage they can cause, rootkits are a popular choice for hackers from all walks of life. As such, there have been several incidents where rootkits have been used to inflict massive amounts of harm to devices and networks.

Stuxnet is arguably the most prominent example of rootkits being used for malicious purposes. First discovered in 2010, Stuxnet was used to severely disrupt Iran’s nuclear facilities, apparently in an effort to halt the nation’s development of an atomic bomb. All told, Stuxnet managed to destroy 1,000 of the 6,000 centrifuges Iran was using to enrich its uranium.

Though never formally admitted by either nation, Stuxnet is generally agreed to have been a joint effort between the United States and Israel in an operation codenamed “Olympic Games,” as reported by both The New York Times and The Washington Post.

The ZeroAccess botnet, discovered in 2011, hit systems hard with fraudulent advertising clicks and Bitcoin mining malware, infecting at least 9 million computers worldwide. The bot was spread through the ZeroAccess rootkit, an aggressive and difficult-to-detect kernel-mode rootkit. The rootkit itself was spread through a number of infection vectors, most notably social engineering and exploit packs like Blackhole.

In 2012, cybersecurity experts with Kaspersky Labs announced they had discovered another malicious rootkit used in the Middle East, called Flame. Also known as Flamer or Skywiper, Flame was both a worm and a rootkit, being able to duplicate itself across local networks as well as boasting a diverse software toolkit with which to manipulate infected systems.

Flame’s toolkit allowed it to do things like record audio through system microphones, take screenshots without the user’s knowledge, and transmit stolen data via a covert SSL channel. It could also scan infected computers for antivirus software and alter its behavior to better avoid detection by that software.

Much like with Stuxnet, experts generally agree Flame was developed by or with funding from a nation state, though the identity of that nation has not been determined. The countries most affected by the rootkit were Iran, Israel, Palestine, Sudan, and Syria.

Want to Learn About More Malware Incidents? Take a Look at The History of Computer Viruses & Malware

Ways Rootkits Can Infect Your Device

Rootkits are ultimately a form of malware, and like with other kinds of malware, hackers have a number of ways to inject a rootkit into your device. Thankfully, the most dangerous types of rootkits are also often the most difficult to properly install. Below are some examples of common rootkit infection vectors:

• Boot Installation: Bootkits specifically tend to be installed when an infected device boots up.
• Packaged with Other Malware: Certain types of rootkits, such as user-mode rootkits, often find their way onto computers alongside other pieces of malware, such as through mass spam campaigns.
• “Evil-Maid” Attacks: At times, a hacker or team of hackers might send someone to install a rootkit on an unattended device. You’ll see this version of hacking pop up in movies quite a bit.
• Legitimate Software Programs: Rootkits were originally developed as a relatively innocuous piece of software and as a result might be included in certain legitimate programs.
• Other Common Malware Infection Vectors: From spear phishing to social engineering to just opening an infected document, rootkits are just as able to be slipped onto your device through some of the most common methods of malware infiltration out there.

Want to Learn More About How Malware Can Infect Your Computer? Check Out 8 Ways Malware Creeps Onto Your Device

How to Defend Yourself Against Rootkits

To help you protect yourself from rootkits, we’ll be looking to researchers Eugene E. Schultz and Edward Ray and their chapter of the Information Security Management Handbook, Sixth Edition, Volume 2 for some expert guidance.

Prevention

For prevention, Schultz and Ray recommend that enterprises consider the following measures to prevent rootkit infections:

• Network Security
  • Using intrusion detection and prevention tools such as rootkit scanners
  • Deploying firewalls that can analyze network traffic at the application layer
• Patching and Updating: applying vulnerability patches in a timely manner
• Security Best Practices:
  • Configuring systems according to security guidelines and limiting services that can run on these systems
  • Adhering to the least privilege principle (perhaps with the aid of privileged access management (PAM))
  • Using strong authentication
  • Performing regular security maintenance
  • Limiting the availability of compiler programs that rootkits exploit
• Email security to limit malicious attachments
• Browser security, browser isolation, or DNS security to block malicious websites or limit the reach of malicious files on websites.

Detection

Once a device is infected, the situation gets more complicated. The researchers caution that detecting and removing a rootkit is difficult. However, a rootkit can be detected by trained investigators and analysis tools, such as rootkit scanners, which uncover clues to the presence of the rootkit. Major security firms, such as Symantec, Kaspersky Lab and Intel Security (McAfee), offer rootkit scanners to enterprise customers.

Some of the telltale signs that a rootkit is present include unexplained changes in target systems, strange files in the home directory of root, or unusual network activity.

Cryptographer and computer programmer Thomas Pornin noted that the rootkit needs to maintain an entry path for the attacker, creating an opportunity for detection. In a post on Information Security Stack Exchange, Pornin recommends that IT administrators reboot the computer on a live CD or USB key and then inspect the hard disk. “If the same files do not look identical, when inspected from the outside (the OS booted on a live CD) and from the inside, then this is a rather definite sign of foul play,” he wrote.

Another contributor to the Information Security Stack Exchange who goes by the moniker user2213 explained that another way to detect a rootkit is to use spurious device codes on devices that do not normally respond to the codes. “If you get anything other than the relevant ‘Not implemented’ error code on your system, something strange is going on.”

User2213 also suggested mounting the system drive on a different PC to see if an incorrect filesystem size or unexpected files come up. This could be an indication of a rootkit. “Unfortunately, there aren’t generic red flags for rootkits in general — the battle is more cat-and-mouse,” the writer noted.

Removal

Rootkits’ access to full system privileges makes them incredibly difficult to remove. Schultz and Ray recommend making an image backup and then rebuilding the compromised system using the original installation media; otherwise, the malicious code or unauthorized changes could continue even after the rootkit is “deleted.” Security patches then need to be installed and a vulnerability scan performed.

Conclusion

In sum, the best strategy to deal with rootkit threats is to stop the rootkit from infecting computers in your network through security best practices such as patch management and regular maintenance, and specialized tools such as rootkit scanners and firewalls. Should your computers become infected anyway, you need to rebuild the compromised computer from the ground up to ensure that the rootkit is eradicated.

Looking for More Ways to Keep Your Network Safe? Read Best Enterprise Network Security Tools & Solutions for 2022

NOTE: This article was originally written by Fred Donovan in 2016. It was updated by Zephin Livingston in 2022.

The post Top 6 Rootkit Threats and How to Protect Yourself appeared first on eSecurity Planet.

Email and the Web are the primary vectors for malware to creep into an organization, but there are many other ways. Most of the time, it even happens without the user or IT even knowing. Below we discuss some of the most common ways malware can infect your device — along with security measures you can use to stop it.

If you’ve been hit by malware and are looking for help, see How to Remove Malware: Removal Steps for Windows & Mac.

8 Ways Malware Gets on Your Device

Malvertising

Just by surfing the Web, malware can be injected into a system without clicking on any downloads, plugins or intentionally opening any files. Malvertising is one way hackers accomplish that, by injecting malicious or malware-laden advertisements into legitimate online advertising networks and Web pages.

A particularly dangerous example of this comes in the form of ChromeLoader. ChromeLoader is a piece of malware that can hijack users’ browsers to redirect them to pages full of ads. The malware recently evolved into a more dangerous form thanks to variants that can inject users’ devices with ransomware like Enigma.

A good defense against malvertising is the use of ad blockers on your preferred web browser. While many legitimate websites, such as for digital news, ask users to shut off their ad blockers, a good ad blocker can be an excellent way to filter out a lot of malvertising content. Additionally, enabling click-to-play plugins will block malvertising that uses Java or Flash from playing unless you directly click on them.

Spear Phishing

Spear phishing is one of the most common email attack vectors, where attackers disguise themselves as other employees such as your CEO or legitimate entities in an attempt to steal log-in credentials or trick users into sending money. With spear phishing, hackers target organizations for confidential or highly sensitive data. When aimed at higher-level employees like the CEO, it’s called whaling.

QR codes have become a potent new vector for spear phishing attacks. By embedding a malicious QR code in an otherwise innocuous-looking email, scammers have found another way to trick users into handing over their sensitive information. A 2021 spear phishing campaign spoofed legitimate-looking Microsoft Office 365 emails by offering users a QR code to access missed voicemail messages. When victims used the code, they were taken to a page which asked for their login credentials which were promptly stolen.

Employee training can be a big help when dealing with spear phishing. Good training allows users to better spot some of the hallmarks of spear phishing attempts, such as a sense of urgency in the messages and imitating legitimate email addresses.

Want to Protect Yourself Against Phishing and Other Email Threats? Take a Look at Top Secure Email Gateway Solutions for 2022

Web Trojan Download

A pattern has developed with Chrome extensions, WordPress plugins and the like; software that starts out safe is turned into malware, either through exploitation or a software update. The initial download of the legitimate software is used as a Trojan horse. When a user installs third-party software, it’s impossible for existing security mechanisms to detect if it’s malware or not.

A recent example of this malicious behavior was revealed this year by McAfee, which reported that a number of popular Chrome extensions had potentially infected over 1.4 million users with malicious cookies. These extensions included Netflix Party and Netflix Party 2, a pair of extensions that allowed users to sync up movies and shows on the popular streaming service to watch together.

The primary defense against trojans like these is personal vigilance. Avoid downloading software from unwanted sources. Employee training is a possible method for businesses to upgrade their employees’ cybersecurity vigilance.

Weaponized Documents

PDF and Microsoft Office documents such as Word and PowerPoint permeate the Web. This is something that we don’t often notice – until a critical vulnerability shows up. Popular browsers like Chrome and Firefox contain built-in viewers for PDFs, which enable document viewing to blend seamlessly with the native Web experience. But easy document viewing can come at a price. A simple click, (whether on the Web or in an email), can lead to a document that’s potentially weaponized and laden with malware.

This threat is constantly evolving as well. When Microsoft began blocking macros from running on untrusted files by default, hackers found a way around this by using compression files like .zip, .rar. or .iso to successfully smuggle the malware-laden files onto your device.

Like with trojans, the best defense against these sorts of documents is personal vigilance. Only open documents from trusted sources.

Spoofed Websites

A popular way to inject malware onto devices is by setting up legitimate-looking websites to entice users. This can come in a variety of forms, such as changing a single letter in a legitimate website’s url — often called typosquatting — or copying the website’s entire website design and layout but adding malicious links.

Earlier this year, hackers impersonated the Ghanian Oil Company, also known as GOIL, with a fake website claiming that users were eligible for government fuel subsidies. After filling out a short questionnaire involving questions about GOIL and basic user information like their age, users were asked to select a prize box, with three opportunities to select the correct box with their prize. If successful, users were asked to fill in their address and share the false promotion via WhatsApp in order to receive their prize, completing the phishing attempt. GOIL alerted their customers to these sorts of scams in an August 2022 Facebook post.

The best defense against spoofed websites is personal vigilance. Be aware of where the links you are clicking are sending you and, if the website is impersonating a legitimate entity like the Ghanian Oil Company, try contacting the entity first before clicking on any links related to the suspicious website. A good antivirus program can also help ward off some of the malware found on spoofed websites.

Want to Learn More About How Scammers Are Getting Ahold of Your Data? Check Out The Scammers’ Playbook

Fraudulent Mobile Apps

Much like the malicious Chrome extensions and WordPress plugins mentioned above, mobile apps are a dangerous vector for malware. Whether by impersonating popular apps, implementing hidden ads, keylogging, or other techniques, mobile apps possess a number of methods to infect users’ devices. These sorts of apps are nothing new, however, and they typically don’t end up on the Google Play Store or the Apple App Store, the two most popular app marketplaces.

However, an ad fraud campaign, known as Scylla, had managed to get 80 fraudulent apps onto the Google Play Store and 9 apps onto the Apple App Store, resulting in over 13 million downloads as of this writing. Scylla was first discovered in 2019 but is still ongoing. However, HUMAN Security’s Satori Threat Intelligence and Research Team has been working with Google, Apple, and other relevant parties to disrupt the campaign.

Like other infection vectors that rely on fakery and social engineering, one of the best defenses against fraudulent mobile apps is to remain vigilant. Make sure the apps you download come from legitimate sources and verify with those sources that they are selling this app on the app store. Also, be sure to report fraudulent apps you spot on the store, in order to help protect other users.

Remote Desktop Protocol (RDP)

Remote Desktop Protocol (RDP) is what allows two computers to connect with one another via a network. Though developed by Microsoft for Windows, the technology is widely-used and has clients for most popular operating systems, including Linux, MacOS, Android, and iOS.

Unfortunately, RDP is sometimes found vulnerable for exploitation by hackers on older or poorly protected systems, and once they gain access to a computer via RDP, they can inject malware or steal files from the victim’s machine without much trouble.

A growing genre of cybercriminal known as Initial Access Brokers (IABs) have begun making their ill-gotten gains off selling access credentials to RDP and other corporate services like content management systems or company VPNs. These credentials are then used by hackers to implement ransomware attacks on company devices.

RDP, being such a widely and legitimately-used technology, is a difficult infection vector to protect against. However, in cases where hackers are exploiting vulnerabilities on older systems, keeping your system up-to-date will ensure that these vulnerabilities are more difficult to use against you.

Struggling With Ransomware? Check Out Our Guide to the Best Ransomware Removal Tools

Removable Hardware

Finally, removable hardware like flash drives are a viable vector for malware. While remote methods like spear phishing are more common, there is still a danger whenever a user plugs an unknown flash drive into their machine. These flash drives can then inject a variety of malware, such as keyloggers, to get ahold of their data.

If using a device in public spaces, users should also be wary of public USB chargers found at libraries, cafés, or airports, as hackers can utilize these to steal data and infect user devices in a practice known as “juice jacking.”

While simply not plugging unknown flash drives into a device is part of preventing this sort of attack, malware infection via USB is so quick that briefly unattended devices can be vulnerable to attack as well if a hacker is opportunistic enough. When leaving a device unattended in a public space for any reason, we recommend disabling USB ports until you return to your device.

How to Shut Down Attack Vectors

Data breaches and malware attacks are costing enterprises millions of dollars each year, and that number won’t slow down any time soon. Security detection mechanisms look for a finite set of malware patterns, but the number of variations is infinite and impossible to effectively track.

Advanced methods like heuristics, behavioral analytics, or machine learning can detect changes in behavior that can signify malware infection. However, they’re far from foolproof, and infection can still occur even with the best cybersecurity solutions and employee training on the market. For that reason, secure, isolated data backup should be part of every cyber defense system.

Rather than focus on creating signatures for the millions of different malware variants – which is virtually impossible – security solutions should focus on the attack vectors, the paths attackers and malware follow to break into computer and IT systems. Even though there are infinite strains of malware, there are only a handful of vectors, some of which include surfing the Web, phishing emails, Trojan downloads and malicious documents such as portable document formats (PDFs).

Bottom Line

Despite the growing sophistication, infection vectors stay constant. Every breach starts out with the same vectors, and the two largest buckets encompass Web and email. The only difference is what the malware does post-breach. If we are to begin to truly combat malware, we need to start by securing the attack vectors.

Looking For New Ways to Protect Your Business’s Data? Check Out Top Network Detection & Response (NDR) Solutions

NOTE: This article was originally written in April 2016 by Kowsik Guruswamy and updated by Zephin Livingston in December 1, 2022.

The post How You Get Malware: 8 Ways Malware Creeps Onto Your Device appeared first on eSecurity Planet.

When trying to keep your business safe from potential attacks, just as important as any kind of ransomware protection solution is to understand some of the factors and signs a ransomware hacker looks for when picking their next target. These factors can include data value, geographic locations, or a company’s use of remote workers.

What Industries Are the Most Likely Ransomware Targets?

A unifying factor of most of the industries popular with ransomware attackers is their access to incredible amounts of sensitive data that an organization might want or even need to keep private, thus making them more likely to pay the ransom. Here are the most targeted industries.

Banking and Financial Services

The reasons for targeting banking and financial services companies are fairly clear. On top of having access to the capital needed to pay large ransom amounts, they often have access to extremely sensitive client information — and assets.

The world of banking and financial services is especially vulnerable to cyber attacks, and companies in this industry were the most likely to be targeted by ransomware attackers according to cybersecurity firm Trellix’s report for 2021.

Education

Education shares similar vulnerabilities to local government institutions, often lacking the resources necessary to install anti-ransomware strategies. Their access to private information from faculty and students alike also makes them appealing targets.

In recent years, education has become a popular target for ransomware attackers. 2022 research conducted by antimalware vendor Emsisoft revealed that 88 ransomware incidents were reported by institutions in the US in 2021. This led to the disruption of day-to-day operations for over 1,000 schools across the nation. In half of these incidents, personal data from both teachers and students was leaked online.

The total financial impact of these attacks can’t be known with any certainty, but, like any other industry hit by ransomware, the costs are likely severe. A Sophos report on the state of ransomware in education found that lower education institutions spent $1.58 million on ransomware in 2021. Higher education institutions spent $1.42 million.

Want to Find Out More About How to Backup Your Data in the Event of a Ransomware Attack? Take a Look at Best Backup Solutions for Ransomware Protection

Energy and Utilities

Utilities are a popular target both for attackers looking to cause damage to infrastructure and for cybercriminals looking to get paid. In a 2022 report, cybersecurity firm CyberSaint reported that 43% of energy, oil, and utilities companies hit by ransomware ended up paying the ransom.

Because they provide such critical infrastructure, energy, and utility firms are more pressured than other ransomware targets to resolve the matter as quickly as possible, which sometimes means paying the ransom, Colonial Pipeline being the most notable example in recent memory.

Government

Much like utilities, government organizations are a popular target for attackers looking to cause damage to the day-to-day infrastructure needed to keep society running. Government entities also often have some of the most sensitive data ransomware users can get their hands on.

Additionally, government organizations on the local level, such as city or county administrations, often lack the time and resources necessary to implement robust cybersecurity measures and tend to use outdated technology. In some cases, this can lead to them being especially easy targets for ransomware and result in the theft of incredibly personal data, such as land deeds and social security numbers, with less effort on the attackers’ part.

Manufacturing

Of popular ransomware targets, manufacturing companies are also the most likely to have their stolen data leaked online, with cyber criminals posting the data of 45 manufacturing companies in 2020 alone, according to Palo Alto Networks’ Unit 42. IBM reported that it resolved more cyber attacks for the manufacturing industry in 2021 than any other.

There is some good news for industrial companies, however. A 2021 survey of the industry by Sophos found that 36% of respondents were hit by ransomware attacks, and nearly half of those had their data encrypted. However, that same survey also found that only 19% of companies affected paid the ransom. This can potentially be chalked up to the fact that companies in the manufacturing industry are more prepared than other industries to restore data from backups, as decrypting stolen files rarely works.

Need to Know More About Ransomware Attackers and How They Operate? Read The Link Between Ransomware and Cryptocurrency

Key Signs and Vulnerabilities Ransomware Attackers Look For

Like any planned assault, ransomware attackers have certain vulnerabilities and factors they watch for when evaluating targets. Companies with the funds and resources to pay large sums, companies with access to sensitive data, and companies without the security infrastructure to resist a ransomware attack are favorite prey for a hacker. Understanding the key signs and vulnerabilities ransomware attackers look for is a vital part of protecting yourself against future attacks.

Valuable Data

The most important factor to ransomware attackers is the value of an organization’s data. If threat actors can steal or encrypt highly sensitive information, their victims may be more willing to pay a higher ransom. Even if they don’t receive a ransom, more sensitive data will fetch a higher price from Dark Web buyers.

You can see this preference in the types of organizations ransomware attacks have targeted recently. Professional services, financial services, and manufacturing were the most popular targets for ransomware in 2021, with energy, retail, and healthcare not far behind, according to IBM. These industries all deal with sensitive data, like financial information or personal identifiers, making them ideal targets.

Lack of Security Infrastructure

Unsurprisingly, ransomware attackers also prefer targets that lack sufficient cybersecurity measures. Small and medium-sized businesses account for half or more of ransomware attacks. These companies are less likely to have as extensive security as larger corporations, making them easier targets. There are also more businesses of that size than large corporations.

This trend may grow as ransomware-as-a-service (RaaS) expands its popularity. A growing number of ransomware groups have started franchising their tools, letting virtually anyone perform ransomware attacks for a fee. Growing RaaS use means more novice cybercriminals could engage in these attacks, and these newer attackers will likely prefer easier targets.

Companies in industries that are new to cybersecurity, like manufacturing or logistics, may fall victim to this trend. Ransomware attackers may prefer these organizations, as they’re less likely to have sufficient infrastructure to stop them.

A 2021 Twitter thread looked at the most common vulnerabilities exploited by ransomware groups – and found that vulnerabilities in 18 products were the most targeted (image below). As many of these are well-known vulnerabilities, the issue of patching remains a major concern.

Money for a Ransom

Cybercriminals also typically look for targets that can pay a larger ransom. That’s why the entertainment industry, which frequently deals in multi-million-dollar projects, experienced the second-highest number of cyberattacks in 2019, according to Verizon’s 2019 Data Breach and Investigation Report. A successful ransomware attack on wealthier companies may result in a more substantial payday for the attackers, drawing their attention.

At first, this figure may seem to counter the trend of attackers targeting small and medium businesses. However, even a medium-sized business can offer a significant amount of money to an individual or small group. It’s also important to note that while SMBs are the most common targets, that doesn’t necessarily mean new businesses are.

If your business brings in at least a few million dollars in annual revenue, you could be a target. Generally speaking, the more profitable your business is, the more enticing a target you are.

Need Some Good News About Ransomware? Learn About How One Company Survived a Ransomware Attack Without Paying the Ransom

Potential for Damage

Financial motivations are not the only driving force behind ransomware attacks. Some cybercriminals seek to cause as much destruction as possible, especially in state-sponsored cyberattacks. Whether it’s to make a statement or for a feeling of power, some ransomware attackers look for targets with the highest potential for damage.

Software supply chain companies are some of the most at-risk organizations. Take the SolarWinds attack, for example, which affected scores of customers by targeting a single system, or the Kaseya attack, which put thousands of the company’s clients at risk. If you have information belonging to multiple clients or connect to many other businesses’ software, you may be an ideal target.

Software-as-a-service (SaaS) vendors are thus in some ways ideal targets. If you offer IT services to multiple other companies, a ransomware attack on your business could cause widespread damage. That potential could attract attackers.

And critical infrastructure will remain an enticing attack for those seeking to do damage. Colonial Pipeline showed just how effective such attacks can be.

Remote Workers

Amid the COVID-19 pandemic, many businesses embraced remote work. Data shows that these same companies may be at increased risk of a ransomware attack. The software you use to collaborate with remote employees may have vulnerabilities that ransomware attackers seek to take advantage of. And remote employees tend to be less protected by ransomware essentials such as immutable data backups.

Remote desktop protocol (RDP), which remote workers may use more heavily than others, is a favorite of ransomware groups. Cybercriminals leveraged RDP vulnerabilities in 47% of all ransomware attacks in one study, more than any other category.

Virtual private networks (VPNs) are another common target. While these tools can protect you by encrypting your internet traffic, unpatched vulnerabilities or outdated versions can turn them into entry points for cybercriminals. If your business uses these or similar remote collaboration tools, you could be at risk.

Zero trust is one way to secure home-based and remote workers. And enterprise firewall vendors Fortinet and Palo Alto Networks unveiled secure routers aimed at home and small office workers in 2021.

Ransomware Isn’t the Only Type of Malware You Need to Watch Out For. Read What is Malware? Definition, Purpose & Common Protections

Geographic Locations

Interestingly, recent research shows that ransomware attacks are often concentrated in specific geographic areas. In active Dark Web ransomware threads in July 2021, KELA researchers found that more than 40% of threat actors mentioned the U.S. as their desired location of victims. Canada and Australia followed, both around 37%.

This geographic concentration is likely due to the concentration of wealthier or more prominent companies. Political motivations could also play a role. Specific locations like states or cities may follow similar lines, with the largest and wealthiest areas seeing more attacks.

If your company is based in these areas, you may be at higher risk of ransomware than others. This factor is likely less influential than data value and security infrastructure, but it’s worth noting regardless.

How to Prevent Ransomware

Cybercriminals don’t act randomly. Ransomware attacks follow specific motivations, and when you understand these drivers, you can know what level of risk you face.

Regardless of how at-risk you are, protecting against ransomware is critical. However, if you fall into any of these categories, you may want to consider more extensive anti-ransomware measures.

• Data Backups: One of the best protections against ransomware is maintaining immutable backups of your data whenever possible. Decryption isn’t as consistent as it needs to be, but if you have any way to recover and restore your stolen data, you’ve removed a lot of the power ransomware attackers can have over you. However, this isn’t foolproof, as attackers might know of those backups and seek to damage them as well. Also, depending on how long it takes to deploy those backups, it might not be a feasible solution to the havoc ransomware can wreak on an organization’s day-to-day operations.
• Stop Suspicious Network Traffic: Security solutions like Intrusion Detection and Prevention (IDPS) or next-generation firewalls (NGFW) can help block potentially-malicious traffic from your network. Email gateways also have the chance of removing one of the most common vectors of ransomware infection: phishing, spoofing, and the like. EDR and SIEM systems are also core security defenses.
• Think Creatively: Deception technology could give you an early warning of ransomware or another cyberattack. Encrypting data — even in use — can take away the threat of having sensitive data leaked to the public.
• Stay Alert: Ultimately, however, these tools are only as effective as the individuals using them. As such, personal vigilance remains a key factor in preventing any malware attack. Whether it’s not opening suspicious email attachments or keeping your passwords secure, your good cybersecurity hygiene will be an effective deterrent against ransomware. This is why one of the simplest defenses against ransomware is to administer solid employee awareness training.

Need help protecting your organization from ransomware? Rapid7 offers managed detection and response (MDR) and extended detection and response (XDR) to help keep your endpoints free from ransomware. Chat with an MDR expert today.

Bottom Line

Ransomware is one of the most potent threats facing businesses today. Fortunately, knowing what ransomware hackers look for when picking their targets can help companies better prepare for an attack.

Factors such as geographic location, access to sensitive data, or lacking security infrastructure can all increase the likelihood of ransomware attacks, as well as an organization’s presence in certain industries like banking, healthcare, or manufacturing.

While there are ways to defend yourself against ransomware, none of them are foolproof, and even solid defenses are under constant threat of circumvention by enterprising hackers. Still, keeping in mind what ransomware attackers might be looking for in their targets can help you stay one step ahead of ransomware and keep your and your customers’ data safe.

Looking to Learn More About How to Defend Yourself from Ransomware? Check Out Ransomware Prevention: How to Protect Against Ransomware

NOTE: This article was originally written by Devin Partida on September 22, 2021. It was updated by Zephin Livingston on December 1, 2022.

The post Main Targets of Ransomware Attacks & What They Look For appeared first on eSecurity Planet.

Malware has been present in the digital space since the 1980s, with early prank malware like the Morris Worm or the (c)Brain. However, malware is not quite as amusing in a modern context. From ransomware attacks locking businesses out of their data until they pay potentially millions of dollars to spyware tracking users’ every move through their infected device, the effects of malware can be devastating.

Today, malware is a common network threat to the devices and data of anyone who uses the Internet. Since 2008, antivirus and cybersecurity software testers AV-TEST have kept track of the number of newly-developed malware worldwide, totaling at nearly 1 billion as of September 2022. An August 2022 Statista report counted 2.8 billion malware attacks worldwide in the first half of 2022 alone.

With so many attacks and unique types of malware out there, it’s important to have some idea of how malware works, how it can infect your devices, and what to do if you find yourself infected with it.

If you’ve been hit by malware and are looking for help, see How to Remove Malware: Removal Steps for Windows & Mac.

How Does Malware Work?

Malware’s functions vary wildly depending on what type of malware you’re dealing with. Broadly, malware will somehow be injected into a device or network and, if it can gain access to the files or systems it needs to, it will begin its work.

For example, once it infects your device, a keylogger will start tracking every keystroke you make and sending a log of those keystrokes to the hacker, allowing them to reconstruct any sensitive information you might have entered after infection, such as your PIN, password, or social security number.

To better understand how malware works, however, let’s look at some common types of malware and see how they function and what parts of a device or network they usually affect. After that, we’ll offer some techniques and tips to help you prevent malware infection but also what to do if you end up infected.

Want to Learn More About Malware? Check Out The History of Computer Viruses & Malware

Common Types of Malware

Adware

Easily one of the most frustrating types of malware, adware is software designed to harass users with a torrent of unwanted or malicious ads. Adware is often smuggled onto a device, either by users who don’t know what they’re downloading or by hiding it in an otherwise innocuous piece of software like a search engine toolbar plugin for your browser.

This isn’t quite the same as a legitimate piece of software, such as a mobile game from a reputable developer, coming packed with online ads. Usually, those ads will be screened by the developer or whoever published the software online and don’t do anything unusual beyond wasting your time. Adware advertisements might appear in places where ads typically don’t show up; might be completely unrelated to the software or website you’re using, including the depiction of explicit material; and might even begin performing a number of unwanted tasks on your device.

These unwanted tasks can include:

• opening new tabs on your browser without you clicking on anything
• website links redirecting to completely different websites from what you expect
• fully crashing your browser.

Some signs of adware infection include:

• Your browser is noticeably slower than usual
• NSFW ads on otherwise SFW websites
• New toolbars, plugins, or extensions appearing on your web browser without you installing them
• Your browser’s homepage changing without your permission

Ransomware

One of the most dangerous kinds of malware for businesses, ransomware can slip into a network or device and encrypt sensitive files or lock down the entire device unless the victims pay the hacker a usually-sizable fee to unlock it – and even then, decryption fails most of the time. Modern ransomware hackers often double or triple up on the extortion by demanding additional fees to ensure that sensitive files are not leaked to the public.

Ransomware is one of the most virulent forms of malware on the modern Internet. A report from IBM claims that 21% of all cyber attacks the company remediated in 2021 were ransomware, making it the most common type of attack in the report. The method of infection can vary from attack to attack and can include social engineering strategies, such as phishing and email spoofing, or a fraudulent website masquerading as legitimate, among others.

Once a system is infected, ransomware attacks usually come in 3 stages:

• Surveillance: The hackers scan their target for more information on the system they are attacking. In particular, they’ll look for sensitive files which can be used for potential double-extortion attempts or additional access credentials with which to spread the ransomware across more devices.
• Activation: The ransomware begins encrypting sensitive files or locking down the system. In the former case, an attacker will utilize a process called asymmetric encryption to lock down these files, encrypting with a public key but keeping a private key for decryption. This means the files can’t be restored without the attacker’s help. To apply more pressure, the attacker might also encrypt backup files to render them inaccessible. In the latter case, the ransomware will freeze the device’s screen or apply so many pop-ups to the device that it’s rendered unusable.
• The Ransom Note: The ransomware notifies its victims of the infection via a .txt file on the infected device or a pop-up. This note will provide instructions on how to pay the ransom, usually through difficult-to-trace means like cryptocurrency.

If You Need to Learn More About How to Keep Your Data Safe, Take a Look at Ransomware Prevention: How to Protect Against Ransomware

Rootkits

Rootkits are essentially software toolboxes which allow hackers to infiltrate a device’s systems and gain remote control of it. This makes them incredibly difficult to detect and remove, though there are tools like rootkit scanners which can help.

Typically, attackers will use rootkits to spy on users and launch cyber assaults, such as a distributed denial of service (DDoS) attack, but the aforementioned software toolbox contains a variety of malicious implements. This can include programs with which the hacker can disable security software, install keyloggers, or steal sensitive information like passwords or credit card details.

There are a few viable ways to install a rootkit, but they will typically target some weakness in either an application installed on the target device or the target device’s operating system (OS). There are also several different types of rootkits to be aware of:

• Application Rootkits: Application rootkits replace a device’s files, altering common applications like Notepad. Whenever a user uses the infected file, it gives the attacker access to their computer.
• Bootkits: This type of rootkit targets a computer’s bootloader, the software responsible for loading the computer’s OS into RAM upon startup. Bootloaders are usually launched by a disc, USB drive, or hard drive, which tells the computer where its bootloader program is. Bootkits replace the legitimate bootloader with an infected version. This type of rootkit is especially difficult to detect and drive out, since it won’t typically show up in a user’s file system. Additionally, removal might further damage the computer if the bootkit has altered the device’s boot records.
• Firmware Rootkits: Firmware rootkits are usually used to infect a device’s hard drive or basic input/output system (BIOS), but they can be used to infect routers or intercept data written on hard discs as well. Firmware rootkits are also known as “hardware rootkits.”
• Kernel Mode Rootkits: One of the most complicated forms of rootkit, kernel mode rootkits target the core components of a device’s operating system, called a kernel. They often evade detection by operating at the same security level as the operating system itself, making them capable of especially devastating cyber attacks. However, kernel mode rootkits also require a high degree of technical competency, as any bugs or glitches within the rootkit can leave an easy trail for antivirus software to sniff out.
• Memory Rootkits: The final type of rootkit we’re covering will camouflage itself within a computer’s random-access memory (RAM). While there, they can inflict significant damage while also severely hampering a device’s performance by consuming massive amounts of RAM resources with whatever programs they have running. Memory rootkits are also often the shortest-lived type of rootkit, with most being erased when a computer reboots.

Need More Intel on Rootkits? Check Out Top 6 Rootkit Threats and How to Protect Yourself

Spyware

As the name implies, spyware hides on your devices in order to monitor and transmit your data to the hacker or hackers who deployed it. This information can range from what websites you visit to your download history to your bank PIN. This software can function similarly to Facebook or Google’s targeted ad technology which can track which websites you visit and provide ads based on that history, such as getting ads for cribs after looking up baby names.

There are innumerable methods of infiltration for spyware, from social engineering tactics to malicious software concealed in software bundles to exploiting security vulnerabilities in your device’s hardware or software. It’s one of the most infectious forms of malware out there.

Types of spyware are often classified based on what information they’re gathering. Keyloggers track your device’s keystrokes, password stealers’ function is in the name, and infostealers attempt to snatch a variety of sensitive information from its victims.

Trojans

Named for the Trojan Horse from Homer’s Odyssey and Virgil’s Aeneid, trojans function similarly to their mythological namesake by convincing users to install it on their device via social engineering schemes. This can come in the form of downloading free programs such as a game or a screensaver, visiting questionable video-hosting websites, or opening an attachment infected with the trojan.

Since its name more describes how it gets into a system than what it does there, trojans cover a broad range of malware:

• Spyware can often be injected into a device as a trojan.
• Once downloaded, a computer worm can automatically spread itself across connected devices, such as via the Internet or via local area network (LAN) to devastating effect.
• Remote access trojans (RATs) can provide hackers with backdoors into the infected device and allows hackers to control target computers via a remote network connection.
• Downloader Trojans can be used to download other forms of malware onto a device.

8 Common Signs of Malware Infection

While malware comes in a variety of different shapes and sizes, there are some factors which many of the various types can all share. The infographic below isn’t a comprehensive list, and even if your computer hasn’t shown any of these signs, there’s still a chance malware has infiltrated your machine.

Need to Know More About How Malware Can Infect Your Device? Take a Look at 8 Ways Malware Creeps Onto Your Device

Ways to Protect Your Network Against Malware

Thankfully, as scary as malware can be, individuals and businesses have ways to protect themselves against malware.

Both businesses and users alike can benefit from having good antivirus software onhand to detect and remove potential threats. Though, as digital rights group Electronic Frontier Foundation notes, “antivirus software is usually ineffective against targeted attacks.” While it’s still good to have antivirus software to deal with untargeted attacks (such as the links on a malicious website), ransomware and similarly-focused assaults will need additional protections.

An important piece of advice is to maintain a robust series of backups for all your important files and data, usually multiple backups using several different storage methods if possible. An offline storage solution, such as a hard drive or USB drive, is especially helpful, though not necessarily feasible if your business handles enough data to require, say, its own cloud storage solution. Still, maintaining and regularly updating your backups will help blunt a lot of the damage malware typically inflicts on its victims. And immutable backups are a particularly important ransomware protection.

Businesses can implement strategies like a zero-trust framework to help keep themselves safe, as well as adopt more sophisticated security solutions than individual users typically have access to. Examples include Intrusion Detection and Prevention (IDPS) tools to block potentially-malicious network traffic, network access control (NAC) to help maintain network safety with more and more employees working remote, and increasingly-vital next-generation firewalls (NGFW) for defending your data and applications from attack.

Finally, one of the simplest yet most effective tools for keeping yourself and your network safe against malware is personal vigilance. Avoid opening email attachments from accounts you don’t recognize, stay away from shady websites, make sure your passwords are secure and difficult to crack, and don’t download anything from sources you don’t absolutely trust. Indeed, malware can often be avoided by simply not clicking on infected links or files, making employee security awareness training one of the most critical defenses of all.

How to Identify and Remove Existing Malware

If you know your device or network is plagued with malware, there are a few steps you can take to get rid of it before it can do more damage.

• Disconnect from the Internet: Disconnecting can help prevent the malware from sending your data to the hacker who deployed it or from spreading to other devices on the network. If you must download a tool or software to begin removing the malware, disconnect as soon as it has finished downloading. Only reconnect once you’re sure the issue has been dealt with.
• Antivirus Scanning: A good antivirus or malware-scanning software will usually have programs in place to remove detected instances of malware, but that can’t always be relied upon to fix the problem.
• Reboot: If your software solution proves ineffective, the next step is usually restarting or rebooting your machine. It can be good to boot in Safe Mode. Some types of malware, such as memory rootkits, will disappear once your system reboots. How an OS enters safe mode differs between each system, but instructions can usually be found online, such as Microsoft’s instructions for Windows 10.
• System Recovery: If a restart fails to solve the problem, a full system recovery or reinstallation might be necessary to fully rid yourself of malware’s grip on your device. However, this can usually result in significant data loss, which is why maintaining backups for important data is so critical.

Bottom Line

Ultimately, no foolproof solution has yet been found for preventing cyber attacks, beyond disconnecting from the Internet and living up in the mountains away from civilization, but knowing more about malware, how it works, and how to get rid of it can be a big help in keeping your device and data safe.

Want to Learn More About Keeping Your Network Safe from Malware? Check Out How to Prevent Different Types of Malware

The post What is Malware? Definition, Purpose & Common Protections appeared first on eSecurity Planet.

Though often conflated with one another, malware and computer viruses aren’t necessarily the same thing. While all computer viruses are malware, not all malware are computer viruses. The key difference between computer viruses and other types of malware is that computer viruses function, as the name implies, similar to the way biological viruses function. They begin by attaching themselves to programs or files on a computer then spreading to other computers when those infected programs or files are accessed. Computer viruses can also self-replicate to attach themselves to even more programs and files. This isn’t necessarily true of other types of malware. Ransomware, for example, usually doesn’t self-replicate.

It’s important to learn as much as you can about computer viruses and malware, now more than ever. According to a recent Statista report, there have been 2.8 billion malware attacks worldwide in just the first half of 2022. A 2020 study of pentesting projects from Positive Technologies revealed that external attackers could breach 93% of company networks, with 71% being vulnerable even to novice-level hackers.

Even as we focus on current cybersecurity threats and protections, it can be just as important to take a look at the history of these malicious pieces of software and how their beginnings inform the way they’re used and circulated today. The history of computer viruses and malware goes almost as far back as the history of the field of computer science itself.

Looking to Protect Yourself Against Malware? Read Top Endpoint Detection & Response (EDR) Solutions in 2022

From Theory to Reality: 1948-1971

Though they had yet to be named, computer viruses were first conceptualized by Hungarian mathematician John von Neumann, who designed a self-replicating computer program that some consider to be the precursor to computer viruses, even if it was never developed or deployed in the way computer viruses eventually would be. Though this work began in the 1940s, it, along with his other work in the field of self-replication, was eventually compiled and distributed via the 1966 paper “Theory of Self-Reproducing Automata.”

Though von Neumann’s self-replicating program was more or less a thought experiment, computer programmer Bob Thomas developed the Creeper program in 1971, which is often cited as the first computer virus. Named after a character from “Scooby-Doo,” the Creeper was originally intended as a security test for the U.S. Department of Defense’s Advanced Research Projects Agency Network (ARPANET), the precursor of the modern Internet we know, love, and sometimes hate.

As a security test, the Creeper’s effects on infected machines were minimal. It would simply display a message on the computer’s screen: “I’M THE CREEPER. CATCH ME IF YOU CAN!” A polite little virus, the Creeper would also try to remove itself from its host whenever it would infect a new hard drive.

Though polite, the Creeper was still an annoyance to some, and in 1971, Ray Tomlinson developed the first antivirus software, called Reaper. The Reaper would glide across ARPANET, scanning for and removing any instances of the Creeper it found there.

Viruses Get Their Name: 1974-1986

While the Creeper was a relatively benign program, 1974’s Rabbit Virus was one of the first computer viruses developed with malicious intent. Named for how fast it could duplicate itself, the Rabbit Virus would flood infected computers with these copies, slowing down and even crashing machines with relative ease.

1975 saw the creation of a precursor to modern trojan malware. The ANIMAL program, wherein the computer would attempt to guess what animal a human is thinking of via a game similar to Twenty Questions, was popular amongst computer users at the time. John Walker’s version of the program contained a hidden program, called PERVADE, which would search computer directories, find directories without copies of ANIMAL, and distribute copies of ANIMAL into those directories. Like the Creeper, however, this program was relatively benign and took steps to not delete important system files while copying itself everywhere.

University of Southern California graduate student Fred Cohen designed an unnamed piece of malware which could take over a computer’s system operations. He also was the person who first defined the term “computer virus.” Cohen went on to become a pioneer of computer virus defense techniques.

Cohen also believed in the idea of “positive viruses,” beneficial programs which could spread like a computer virus. Cohen designed the compression virus, a virus designed to not damage or delete infected files but instead make them smaller.

In 1986, the first PC computer virus, Brain, was released into the wild. Spread via infected floppy disks, Brain would replace the boot sector of the floppy disk with a copy of the virus. Created by the brothers Amjad Farooq Alvi and Basit Farooq Alvi, the virus was meant to track pirated copies of certain disks. When booted up, it would display a message that varied from copy to copy but usually began with the phrase “Welcome to the Dungeon,” a reference to an early programming forum. The brothers’ names, addresses, and phone numbers were also listed with request that the victim contact them for virus removal. Like many early computer viruses, the Brain was relatively benign and wasn’t designed to be much more than a nuisance.

Want to Learn More About Malware? Check Out 8 Ways Malware Creeps Onto Your Device

Worms and the Dawn of the Internet Age: 1987-2000

As the Internet began entering public use, the first computer viruses that could be spread via the Internet followed soon after. One of the most popular early instances of computer viruses is the Morris Worm. Launched on November 2, 1988 and named for its creator, Robert Morris, the Morris Worm was also not intentionally designed to damage infected machines. Instead, it was meant to point out weaknesses present in networks of the time.

However, a coding error resulted in the worm replicating itself regardless of a computer’s infection status, leading to computers being infected with multiple copies of the worm and eventually resulting in the infected machine crashing. Robert Morris ended up becoming the first person convicted of a felony in the U.S. under the 1986 Computer Fraud and Abuse Act.

As malicious viruses became more the norm, countermeasures were being developed to mitigate the damage these viruses caused. One of the first pieces of antivirus software, McAfee’s VirusScan, was released in 1987. It would soon be followed by other antivirus pioneers, such as ESET’s NOD program, G Data’s Anti-Virus Kit, H+BEDV’s Antivir, and Avast Antivirus.

1992’s Michelangelo virus was one of the first computer viruses to garner mainstream attention, as some vendors inadvertently sold hardware and software infected with the virus.

As the Internet grew in popularity, new vectors of infection began popping up. From chain emails to suspicious websites, modern malware techniques began developing as the world approached the 21st century.

Macro viruses — viruses which could infect documents created via programs like Microsoft Word — rose in popularity in the mid-to-late 1990s. One of the most prominent was 1999’s Melissa. Spread via email, the virus would use the subject line “Important Message From [infected user].” Upon opening the email, victims would see the message “Here’s that document you asked for. Don’t show anyone else ;)” along with a Word file titled “list.doc.” The document contained a list of pornographic sites, along with passwords for access to said sites and would then spread itself and its NSFW content by emailing the first 50 people in the victim’s contact list.

Social engineering attacks soon found use in the digital space. One of the first instances was the Love Letter virus of 2000. Though it followed similar patterns to macro viruses like Melissa, Love Letter utilized an infected Visual Basic Script (VBS) file, not a Word file. With a subject line reading “I Love You,” Love Letter would entice victims to click on its VBS file, releasing the virus onto their computer. Once inside a computer, Love Letter would replace and overwrite existing files on the machine with copies of itself.

Read More: Top Secure Email Gateway Solutions for 2022

Going Mobile and Going Global: 2001-2010

As the Internet and computers became integral to society’s day-to-day existence, computer viruses and malware exploded in both popularity and potential disruptiveness.

In July 2001, the Code Red Worm attempted to subject the entire Internet to a distributed denial of service (DDoS) attack. Named for the flavor of Mountain Dew its discoverers were drinking at the time, Code Red would disfigure infected websites with text reading “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”

Due to the virus’s name and the above text, many at the time believed the source of the malware to come from China. However, despite claims from U.S. officials at the time that the virus had been traced to China, no evidence has come to light linking Code Red to the nation. In fact, China itself would fall prey to the second iteration of Code Red in August 2001.

At its peak, Code Red had infected over 359,000 computers, according to analysis from the Center for Applied Internet Data Analysis (CAIDA). Eventually, the infected computers were all directed to attempt a DDoS specifically on whitehouse.gov, though the White House managed to sidestep the assault.

In 2003, one of the first pieces of malware designed to make money was discovered. Fizzer was a worm spread via email attachments that, once it found its way onto a machine could perform a number of malicious tasks. It could install a keylogging program, allowing the hacker to gain access to sensitive information like bank account details, passwords, and physical addresses as long as the victim typed that information into their computer at any point. It also would actively shut down antivirus processes to evade detection and removal. Finally, it could even act as a backdoor through which hackers could gain remote access to the infected machine’s resources.

2004 saw the first worm designed to infect cell phones in Cabir. Once it infects a phone, text reading “Caribe” would be displayed whenever the phone was turned on or used. It would then attempt to spread via wireless Bluetooth signals. Phones looking to evade infection by Cabir could do so by turning Bluetooth off or going into invisible mode.

Stuxnet, discovered in 2010, was the first documented attempt by sovereign nations to use malware to attack other sovereign nations. Stuxnet was designed to disrupt Iran’s nuclear facilities, in an apparent attempt to slow the country’s progress on developing an atomic bomb. This attack successfully delayed Iran’s efforts, managing to destroy 1,000 of the 6,000 centrifuges the nation was using to enrich uranium, but it neither stopped nor slowed Iran’s build-up of low-enriched uranium.

Though both governments have formally denied responsibility for the attack, Stuxnet is today commonly known to be the work of a joint effort between Israel and the United States, as reported by both “The New York Times” and “The Washington Post,” among others.

Looking to Learn More About How to Defend Yourself Against Malware? Read How to Prevent Different Types of Malware

The Rise of Ransomware: 2011-2022

The 2010s and early 2020s have been marked by an increased prevalence in ransomware attacks. Though around for decades, with the first documented instance being 1989’s AIDS  Trojan, ransomware has really blossomed on the modern Internet. The advent of untraceable digital payment methods like cryptocurrency was a boon to hackers looking to extort as much money as they could from their targets without being caught.

The CryptoLocker Trojan, launched in 2013, was one of the first major instances of ransomware being used on a large scale, hitting about 250,000 victims and extorting around $27 million in Bitcoin.

Though CryptoLocker was eventually isolated and neutralized by cybersecurity experts, it served as an effective proof-of-concept for ransomware as a business model. Copycat ransomware like TorrentLocker and CryptoWall starting springing up. CryptoWall in particular was enough of a menace for the FBI’s Internet Crime Complaint Center (IC3) to issue an alert warning citizens about the malware.

2015 saw a ransomware group known as Armada Collective hit three Greek banks with DDoS attacks, demanding a ransom paid in Bitcoin from the banks to cease fire. The group also claimed responsibility for a DDoS attack on Swiss email provider ProtonMail. However, DDoS attacks on ProtonMail continued even after the ransom was paid. Armada Collective were not so lucky with the Greek banks, who bolstered their cybersecurity measures and managed to continue operating without much disruption.

In March 2016, the Petya family of ransomware was first discovered. Unlike its predecessors, who would only encrypt files, Petya would replace the computer’s master boot record with a ransom note, effectively rendering the computer unusable until a ransom was paid. It later evolved to also include file encryption. 2017 saw a pirated version of Petya, called “NotPetya,” hit multiple European countries in a major cyber attack, most notably Ukraine and Germany.

Petya was initially developed by a group called Janus Cybercrime Solutions as part of its ransomware-as-a-service (RaaS) platform. Essentially, cyber criminals could pay Janus to use Petya on their targets, with Janus providing a number of additional services to ensure the attack was a success. In exchange, Janus took a cut of the paid ransom. RaaS quickly became a major force in the world of cybercrime thanks to both Petya and other major ransomware like LeakerLocker and WannaCry.

WannaCry is especially notable for both its 2017 attack on users worldwide and its method of propagation. The attack was massive, hitting over 230,000 computers in more than 150 countries in the first day. NHS hospitals in the United Kingdom were among the largest organizations hit by WannaCry. The UK branch of automobile company Nissan was another notable victim.

The way it spread was not through more traditional ransomware vectors like email phishing but instead through EternalBlue, a Windows exploit initially developed by the U.S. National Security Agency (NSA) and subsequently stolen and leaked by hacker group The Shadow Brokers.

GandCrab burst onto the scene in 2018. Though not impressive alone, GandCrab was soon integrated with an info-stealing Trojan named “Vidar,” after the Scandinavian god of vengeance. Thanks to Vidar, GandCrab provided a potent combination of both stealing and locking down victims’ files and rapidly became the most-used RaaS on the market in 2018 and 2019.

A partner of GandCrab, known as “Team Snatch,” helped popularize the practice of publicly leaking victim data to further pressure targets to pay the ransom. This was likely an effort to better extort companies who might sufficiently back up their data to the point where deletion isn’t much of a threat.

One of the first major public ransomware data leaks occurred in November 2019 when ransomware group Maze leaked 700mb of stolen data from American security and janitorial services provider Allied Universal.

Public leaks like Allied Universal’s and major attacks like 2021’s Colonial Pipeline Attack have led to ransomware’s increased prominence and visibility in the public eye. The Colonial Pipeline Attack is also notable for potentially being one of the first known instances of an infection vector coming from a compromised employee password found on the dark web and not an external attack on a company’s systems.

Today, ransomware continues to plague businesses and individuals at all levels of society, provided that level includes regular Internet access. IC3’s 2021 Internet Crime Report found that ransomware inflicted more than $49.2 million in losses in the United States alone, and that’s just the instances of ransomware attacks that were reported to the FBI.

The FBI isn’t the only one with worrying statistics on ransomware. IBM’s 2022 Security X-Force Threat Intelligence Index found that ransomware was the most common type of malware attack the company remediated in 2021, comprising 21% of the total. Around 37% of those attacks could be traced to a specific strain of ransomware known as both “REvil” and “Sodinokibi.”

Second place in IBM’s index belonged to a ransomware strain called “Ryuk,” which made up nearly 20% of attacks by itself. The name “Ryuk” could come from either a romanization of the number 6 in Korean, a romanization of a North Korean surname, a village in Azerbaijan, or a character from popular Japanese media franchise “Death Note.”

Ryuk and REvil are especially notable for how long they have stayed in operation, having first appeared in April 2019 and August 2018, respectively. IBM’s report notes that ransomware operations usually have a lifespan of about 17 months. REvil shut down in October 2021 after 31 months. In January 2022, Russia’s Federal Security Service announced that the group behind REvil had “ceased to exist” and that its information infrastructure had been “neutralised.”

Read More: Best Cybersecurity Awareness Training for Employees in 2022

The Impact of Computer Viruses and Malware on Cybersecurity

The cybersecurity field as it is probably would not exist without the threat of computer viruses and malware. There would still be a need for cybersecurity, of course. Data leaks, compromised access credentials, theft, and damage to hardware and software are all threats that would still exist if malware weren’t an issue.

However, the spectacle of and fear generated by major malware attacks like the Code Red Worm or the Colonial Pipeline Attack have undoubtedly helped to propel cybersecurity into becoming the over $150 billion industry it was valued as in 2021. The vast array of frameworks, tools, and solutions like zero-trust, SIEM, and IDPS would likely not exist in the forms they do now, with the price tags they do now, without the relevant threat of hackers and malware.

The ongoing development of cybersecurity technology by both businesses and governments alike is maintained with a healthy dose of fear toward the ongoing development of malware technology by both criminal groups and governments alike. As the Internet itself has helped shape our modern world, the evolving threat of computer viruses and malware have helped shape modern cybersecurity.

Computer Viruses Are Dangerous, But You Can Fight Back. Take a Look at the 4 Best Antivirus Software of 2022

The post The History of Computer Viruses & Malware appeared first on eSecurity Planet.

From facial recognition to surveillance cameras to time trackers to just having a couple guys standing over employees’ shoulders, there are a multitude of ways to make sure employees are staying on-task and being productive. With the massive shift toward remote and hybrid workplaces in the wake of the COVID-19 pandemic, employee monitoring software became bigger than ever. According to a study conducted by StandOut CV, 1 in 5 companies are using some sort of employee monitoring tool.

However, some techniques are more questionable, expensive, or impractical than others, and it can be difficult to figure out which is which in isolation. Below, we’ll cover the good, the bad, and the just plain creepy of employee monitoring — along with consequences, both intended and unintended — to help you find the best way to make sure your employees are on-task.

What is Employee Monitoring and Why Use It?

Employee monitoring’s definition is in the name: it’s the surveillance of your workers using a variety of techniques and tools. These can come in a variety of forms we’ll discuss in more detail below, but the most common in a modern office setting is software monitoring, where a piece of software is installed onto employees’ computers, which can then track things such as web activity.

There are a number of reasons to implement employee monitoring in an organization. The most obvious is performance tracking. If you’re worried your employees aren’t doing their jobs correctly, employee monitoring techniques can help relieve those anxieties. There are also security concerns, such as to protect trade secrets or to avoid legal liability in the event of a workplace injury or incident.

Want to Find a DLP Solution That’s Right for You? Check Out Top Data Loss Prevention Solutions

Benefits of Employee Monitoring

The benefits of employee monitoring can vary depending on the needs of the organization. For example, a 2014 article for Forbes laid out the benefits semi-truck companies can have when implementing employee monitoring systems, specifically a potential reduction in the frequency and severity of crashes. It also allowed companies to adapt to a then-recent tightening of hours-of-service (HOS) regulations.

There can also be health benefits of employee monitoring, when extended to out-of-work programs like Castlight Health’s healthcare navigation platform, which analyzes employee’s self-reported behavior, self-assessments, and health-related online searches to help employees make healthier decisions in their day-to-day life. Fitbit and similar technology can be used to track employees’ exercise routines, with some companies even offering rewards like extra days off for good behavior. Healthy employees tend to be sharper and more productive; so the benefits in encouraging healthy activity can be great for a business.

Want to Make Sure Remote Workers Can Access Your Network Securely? Check Out Secure Access for Remote Workers: RDP, VPN & VDI

Does Employee Monitoring Increase Productivity?

The big question for many organizations is whether employee monitoring tools make employees more productive. This is a common selling point of the technology, but is there evidence backing up these claims?

This question has been studied in depth since computers and the monitoring capabilities they provide first entered the workplace in the 1980s. In short, the results are mixed. In a 1986 study published in “Communications of the ACM,” the authors noted, “Some [managers] see positive effects, such as increased productivity, a more accurate assessment of employee performance, and greater organizational control over workers.”

However, they also go on to state, “the introduction of computerized performance monitoring may result in a workplace that is less satisfying to many employees . . . [and] creates a more competitive environment which may decrease the quality of social relationships.”

For a more recent example, Akron-based Afton Manufacturing implemented RFID sensors in the late 2010s and reported saving a minimum of 300 work hours in the first year, providing the company with $6,000 in increased productivity.

However, Susan Schumacher’s 2011 article published in ESSAI titled “What Employees Should Know About Electronic Performance Monitoring” calls the oft-claimed productivity increases into question:

“…studies show that while monitoring may produce some positive short-term results on productivity, the long-term negative effect on the workplace deteriorates the relationships between management and workers and causes unnecessary stress, and emotional and physical health problems for employees.”

Schumacher also noted:

“The majority of the quantitative information written about EPM weighs heavily in favor of businesses: companies protecting themselves from information leaks, non-company related internet usage that reduces employee productivity, increases in a company’s risk of network crippling viruses, and breach[es] that threaten confidential information. In contrast, few reports have quantified the emotional and physical effects on employees or offered suggestions to help relieve or reduce the stress-related symptoms.”

While the article was written in 2011, the lion’s share of information on the topic of employee monitoring still belongs to businesses. Whether it’s companies like Afton Manufacturing praising the number of work hours saved or this 2014 service industry study claiming that monitoring makes employees work harder while also admitting that these systems can have an adverse effect on employees’ ability to make ends meet: “The loss of even small amounts of income can substantially impact the worker’s ability to meet basic living expenses.”

This imbalance in information can make it difficult to quantify how much of a positive effect employee monitoring has on productivity in the long-term, as the information coming from businesses rarely balances the detrimental effect these tools may have on employees’ mental and physical well-being and job satisfaction compared with any short-term gains in productivity they report. Employees’ job satisfaction, it should be noted, is something with well-documented positive effects on their productivity.

Want More Ways to Keep Your Remote Workers Secure? Take a Look at Remote Work Security: Priorities & Projects

Disadvantages of Employee Monitoring

The main disadvantages of employee monitoring involve the effects it has on employees. Employee monitoring in modern workplaces is often compared to the concept of the “panopticon,” a hypothetical prison proposed by 18th century English philosopher Jeremy Bentham. The concept behind Bentham’s “panopticon” is a prison which would allow a single security guard to maintain observation of an entire prison population without prisoners knowing they are being watched.

This comparison, common though it is, remains apt. The sheer number of options employers have at their disposal in the modern employee monitoring space makes it difficult for employees to fully understand when they are being monitored and why.

An example of this is found in the case of Myrna Arias, detailed in a 2018 study on “Evidence-Based Recommendations for Employee Performance Monitoring.” Arias was hired by American money-transferring firm Intermex, which required her to download Xora, a “mobile resource management application… that provides useful on-the-go web services for employees that often engage in client-related communication and travel.”

While the app’s use during work hours provided useful data on employee activity, Xora collected location data from users 24/7. When Arias objected to this constant monitoring of her life and asked for the feature to be turned off outside of work hours, her manager was insistent that the app remain on 24/7 in order to efficiently function. The manager went on to boast that he could use the app’s tracking features to see how fast Arias was driving at any time, which speaks to tracking apps like Xora’s potential for abuse by management and others with access to its data.

After management denied her request to turn off Xora’s tracking capabilities outside of work hours, Arias turned the app off herself, which led to her being fired for noncompliance. The resulting lawsuit between Arias and Intermex resulted in an out of court settlement. While the details of the settlement weren’t disclosed, Arias was seeking $500,000 in damages due to lost wages in the lawsuit.

A large amount of academic literature, both past and present, purports that any benefits of employee monitoring are outweighed by the disadvantages. In a 2000 article published in “Business Ethics Quarterly,” Professor Adam D. Moore states, “While this kind of employee monitoring may yield some benefits, the preponderance of the evidence would suggest otherwise. Some studies have shown that these monitoring systems produce fear, resentment, and elevate stress levels.”

A central problem with employee monitoring and specifically modern employee monitoring software, is its potential for the dehumanization of workers into collections of statistics. As Ivan Manokha put it in his 2020 paper published in “Surveillance & Society”: “…what we are dealing with is the process of the transformation of human workers into things with objective indicators such as productivity levels, physical shape, cognitive characteristics and various aggregates of these measures that compute a comparative worth of each employee with respect to other.”

How to Monitor Employee Productivity Right

In short, it would probably be best if you didn’t monitor your employees too much, but, if you feel you must, there are some steps you can take to do so ethically and to minimize harm. The previously-mentioned study “Evidence-Based Recommendations for Employee Performance Monitoring” provides a number of excellent suggestions in this area:

• Be transparent with your use of employee monitoring: Employee monitoring software can look very similar to spyware, a type of malware used by hackers to track user activity and steal their data. The main difference is that, unlike a hacker, companies have an ethical obligation to secure employees’ consent before implementing this software and, ideally, would not put this software onto employees’ personal devices. Securing informed consent from employees, making them fully aware of the monitoring you will be performing on them, is an absolute must.
• Make sure it’s necessary: Only implement monitoring if it “is crucial to organizational functioning because monitoring typically elicits negative responses regardless of implementation.”
• Development, not punishment: “Use EPM for learning and development rather than deterrence,” the study cautions. Using the software purely as a punitive tool can increase the adverse effects employee monitoring can potentially inflict on employees. Utilizing it instead to provide developmental suggestions and to engineer employee growth can produce the productivity increases you want with less potential for harm.
• Restrict EPM use to work-related behaviors: As the above Myrna Arias-Intermex case details, it’s important that you “restrict EPM to only work-related behaviors.” Avoid using employee monitoring when employees aren’t on-site and not engaging in work-related activity.
• Keep your organization’s structure in mind: This can include the size of your company, the sort of work the company does, and the characteristic duties your employees carry out on a day-to-day basis. Make sure, especially for larger businesses, that the system is clearly communicated and described at all levels of the company, top to bottom. This is not the sort of system you should be implementing on a whim. You will also need to “[c]onsider the characteristics of the job—complex jobs that require more freedom and autonomy for core tasks will need EPM systems that do not block crucial activities.”

Overall, monitoring can be a dangerous game to play with employees because your workers are people with their own thoughts, desires, and lives outside of the workplace. They are not abstract bodies of productivity scores and performance evaluations to be analyzed by artificial intelligence, and if they are capable of doing so, they will leave if they feel they are being mistreated or dehumanized.

Running a business can be as much an emotional effort as it is an analytical one, and it’s ultimately up to you to determine if the potential gains that monitoring techniques may bring are worth the potential harm they can inflict on your employees’ well-being and morale.

Read Next: Businesses Secretly Pentest Partners as Supply Chain Fears Grow

The post What is Employee Monitoring? Full Guide to Getting It Right appeared first on eSecurity Planet.