One Million Infected Users!

This article peaked my interest earlier today given I’ve spent the last 8 years building host intrusion prevention system for a living.

http://www.pcworld.com/businesscenter/article/154378/microsoft_yanks_fake_security_software.html

While we have to applaud Microsoft for cleaning up nearly one million systems infected with W32/FakeSecSen, otherwise known as "Advanced Antivirus," "Spyware Preventer," and many other fake names, don’t we also have to ask why such large-scale infections are still occurring?

As my Gran always use to say "Prevention is better than cure".

Fake security programs have been a major arsenal for the cybercriminal as far back as 2004, helping the criminal deliver countless Trojan’s, Spyware programs and enabling phishing attacks. The interest to the team at PINoptic is the report in June 2008, MSRT sniffed out 1.2 million PCs infected with a family of password stealers.

Implementing a one-time password solution removes the threat of password stealers, especially where you have server side authentication for web applications.

Corporate and consumers alike spent vast sums on complex security applications which fail constantly to deliver the protection required. Programs which generally degrade system performance and take 10 hours to scan systems are not providing the security required, yet still they are top priority for security budgets.

It’s interesting in the case of password security how little is implemented other then “implement best practices” policies relying on users not to implement weak passwords or disclose them to friends and family. Simple one-time password authentication solutions are readily available but few IT solutions make use of this technology.

At PINoptic we aim to address this through the use of a simple visual approach to authentication, making the solution language independent and without the need for costly token devices to be distributed. A simple low cost security solution to integrate into any existing application allowing a much more secure password to be set and used in open spaces without fear of shoulder surfing.

Watch this space!