How a flaw in Dell’s SupportAssist software that updates drivers on Dell computers leaves Dell computers vulnerable to attack, and how to protect your network.
About one month after it was revealed that ASUS computers’ update system was breached, resulting in potentially one million computers being infected with malware, it was announced this month that Dell computers may be similarly vulnerable via its SupportAssist software. What the Asus and Dell threats have in common is that a) neither involve email or website infections, b) both involve system software published by major computer manufacturers, and c) neither of them would or could have been detected by conventional antivirus or cyber security software. So the big question for most users has got to be “How can I protect myself and my business from vulnerabilities like this SupportAssist flaw?”
Understanding Malware
There are two things about malware that are relevant here: What it does and how it spreads.
Generally speaking, malware can steal your money, steal your data, hold your data hostage, shut down your business, destroy data, and all sorts of other bad, very bad, and extremely bad things to make your personal life and business operations miserable.
The most common ways that malware spreads are by email and infected websites. But malware but can also spread across networks, thumb drives, mobile devices, outdated software, social networks and many other ways.
The SupportAssist flaw is not malware, but it allows malware to spread in a new way.
How Most Security Software Works
Your common antivirus or security software tries to protect you by guarding the gates of all those known methods, analyzing emails that arrive in your inbox, the code on web pages you visit, files on attached drives, and so on.
The software will also commonly have a list of malware “signatures” -- a library of bits of malware -- that the security software checks new files against. If the security software finds a match to files sent to you via email or the web, it throws up an alarm, deletes or quarantines the files, and notifies you of the problem.
The Dell SupportAssist Flaw Simply Explained
SupportAssist is designed to find and install official Dell software and drivers onto your computer. It does this by acting like a tiny web server that only allows communication from the official Dell website. It allows files to be uploaded, installed and run on your computer.
And all of it is 100% legitimate.
The flaw is that the part of the program that guarantees that only Dell can communicate with your computer through SupportAssist doesn’t do a good job. As a result, a hacker -- or the 17 year old Data Security hobbyist who found the flaw -- could use SupportAssist to install and run any sort of malware and cause all sorts of damage.
Why Most Security Software Can’t (And Didn’t) Catch This Vulnerability
SupportAssist on its own is automatically installed on computers at the factory, and so it never gets analyzed by a web or email filter. And when it is downloaded onto Dell computers from the Dell website, and since the software itself is not malware, it would pass any scans or filters anyway. It is legitimate software that belongs on your Dell computers.
In fact, the primary purpose of SupportAssist is to keep your system software and drivers up to date and is an important part of cyber security, which makes this software important to your overall cyber security plans if you have Dell computers.
But SupportAssist becomes a new method of delivery that most cyber security software doesn’t monitor.
To be clear, there are no reports of actual hacks or breaches using the SupportAssist flaw, but the important part of this story is that…
- There are certainly many more vulnerabilities in other software right now
- There will be other vulnerabilities like this one far into the future
- They will never be fully eliminated
- They are more likely to increase.
So what can you do to protect yourself from legitimate but flawed software and other unknown threats? What can you do to protect yourself from the malware that could be installed via a flaw like this one?
How To Protect Your Business From Unknown Threats
The goal of cyber security is to prevent bad things from happening to your computers, networks and data. Conventional antivirus and anti-malware software does that by looking at what the malware is, rather than what the software does.
The current state of the art for cyber security is “Behavior Based,” which is constantly monitoring what all of the software on all of your computers are doing. This Behavior Based software knows what is a legitimate action and what is not. As a result, when any software tries to do anything out of context, or while lacking sufficient rights, or at an unexpected time or by an unexpected user, it is stopped. An alarm is raised and sent to our Security Operations Center, where it is instantly logged and investigated.
No file signatures are required, which means malware does not need to be known prior to it being detected. In fact, we detected the ASUS megahack on a client’s computer before it had been publicized.
Get the Business Protection Toolkit
Our Behavior Based security is just one part of our Business Protection Toolkit, a service that we provide to our clients to help protect them from cyber attacks of all inds. The Toolkit includes everything a company might need to protect itself from known and unknown cyber threats.
If you would like to find out how the Business Protection Toolkit can help you protect your business, contact us today online or by calling us at 818-913-1335. Your business is too important not to be protected. Let’s talk.
You must be logged in to post a comment.