Malware Management

By Teresa Anderson

01 November 2013

Print Issue: November 2013

PORTAGE COMMUNITY BANK in Ravenna, Ohio, was founded in 1998 by a group of local investors who wanted to support area businesses and provide an alternative to large, impersonal banks. Portage has expanded since then to add an operations building in Ravenna and a corporate office in nearby Kent, Ohio.

Like all businesses of any size, its computers are connected to the Internet. And recently the bank was seeing some malware get through to its 66 PCs despite having anti-malware software on the network. It’s important to note that customer financial data was never at risk from the malware. The PCs contain administrative programs for employees to complete their work, but all customer financial data is either stored on protected bank servers or offsite at the company’s processing facility.

IT specialist Charles Bevan, the company’s lone IT employee, says that malware infections were occurring on several PCs a week. When this happened, the infected PCs would become sluggish, according to Bevan, and the Internet browser would not navigate to the user’s requested Web sites.

Bevan’s first step was to seek a way to scan individual PCs once they showed signs of a problem. He found SUPERAntiSpyware, a free program, which he could download onto a USB flash drive. He was able to use that to scan seemingly infected PCs.

“In three separate instances, I conducted scans this way,” Bevan says. And in each case, the infections that the network anti-malware missed were detected and deleted. After the scan, the PCs were rebooted and operated normally.

However, malware was still getting through to the PCs, exposing the company’s data. Cleaning up the infections at the PC level was also time consuming. “Each time a PC became infected, it would pull me away from projects or other items that I was addressing,” notes Bevan. It took up to two hours to download the latest version of the software and scan the individual PC. This time included Bevan investigating whether malware was present, downloading the software, scanning the PC, and rebooting.

After contacting the company, Bevan learned that a corporate edition of the software was in the works. This enterprisewide system was not free. It required an up-front payment and monthly service fee per PC. But it would be installed on the bank’s servers and pushed out to the PCs. The product would still work at the PC level, but would catch malware before it had a chance to do any damage. This would offer greater protection than Bevan’s system of scanning PCs for malware, which might have already resulted in compromised data.

The new system also came with a server management console that Bevan could view from his desktop. This feature allowed Bevan to view and eliminate the infections remotely, rather than running the software on individual PCs.

The server management console is password-protected and has an interface similar to Windows Explorer. According to Bevan, the console includes an event log that shows the past 30 days of malware activity on the server and PCs. The log displays where each infection appeared during that 30-day time period and what type of threat it was. According to Bevan, the console is most useful because it breaks the threats down into categories. “The console shows me how many PCs have been infected and what type of malware they are infected by,” Bevan says. “It also shows me unprocessed threats, saying that the software doesn’t recognize this, and I might want to look at it.”

Bevan can view the PCs individually through the console. He can see when each PC was last scanned, how often it has been scanned, and how many infections it had; he can also see which PCs are currently being scanned. Bevan can also adjust how often PCs are scanned via the console.

Bevan is notified via e-mail when malware is detected, but the software can also be configured to provide an update each time he logs on to the console instead of sending e-mails for individual threats. The console also displays when the SUPERAntiSpyware software itself was last updated.

Software updates, which Bevan says occur frequently, are pushed out from SUPERAntiSpyware. Once on the server, the software is pushed out to all PCs that are online. If a PC is offline, the software pushes out as soon as the PC comes online. This means that he no longer has to run manual scans.

Bevan notes that, when the scans are taking place, the PC user is unaware. “The software doesn’t impair performance,” he says. “I looked about 10 minutes ago and the software is scanning on a majority of the PCs without any problem.”

The initial configuration went smoothly, according to Bevan. However, two issues merited a call to SUPERAntiSpyware. Bevan ran into trouble with some of the console settings and had to get clarification. He also had a question about setting up the software for the client PCs. “The software does not automatically find the clients, so it was necessary for me to go to each PC that I wanted to be monitored and install the software,” he says.

Aside from these installation and setup issues, Bevan says that he has had no problems with the software. “Since purchasing the software and service as a secondary anti-malware solution, there has not been a single case of a PC being out of commission due to a malware infection,” says Bevan. “The cost of the software has paid for itself in the time that it has saved me from having to manually intervene when systems became infected.”