Security, Part 8: Installing new software? You may be getting more than you think.

April 12, 2017


Download progress bar. Download Files Information Technology Sharing Concept.

Whenever you’re installing new software, or even a new toolbar on your browser, you need to be careful that you’re not also installing other programs as well.

 

During the installation process, you may have noticed the wizard asking if you also want to install other software. Cyber security professionals call these Potentially Unwanted Programs (PUPs). These programs are not always malicious, but it’s often not clear what they do. According to cyber security company McAfee, “PUPs modify system settings, browser settings, covertly collect user information, and go to lengths to disguise their presence. What you need to know is that your latest program or application may be collecting more information about you than you expected.”

 

Sometimes installation wizards make it very clear that you have a choice whether to add additional programs or not. However, other wizards can be very sneaky, often having the “Standard (Recommended)” option be the one that includes extra software and the “Custom Installation” option listed with the cryptic word “Advanced” (rule of thumb, always choose the custom option).

 

Recently, these types of PUPs have been targets of cyberattacks and have come under scrutiny. This past fall, the Ask.com toolbar was hacked and cyber criminals added their own PUPs to the installation process. Anyone accepting the extra software unknowingly installed ransomware on their computer. This particular hack was fixed, though the cat (or, in this case, PUP) is now out of the bag.

 

Obviously, this can become a major problem in a facility setting. If one employee accidentally installs a corrupt PUP on their computer, even if it’s from a seemingly trusted source, it can undermine the security of the entire facility.

 

Prevention
With any kind of cybercrime, knowledge is always the first line of defense. Let your coworkers and employees know that this kind of threat exists. Ideally, employees would not install any software on their machines without first consulting your IT department. If this isn’t possible, make sure your employees know to always avoid adding PUPs during any installs. The second line of defense is to ensure employees stay current with updates. That way, the latest security patches are in place.

 

For more help with cybersecurity in your facility, contact Vanguard Resources.