Block untrusted fonts to keep your Network safe in Windows 10


RECOMMENDED: Click here to fix Windows errors and optimize system performance

Fonts seem innocent when on the computer. Most of the time, we do not even pay attention to the fonts on webpages except when they are too hard on eyes. But untrusted fonts on webpages may be misused by hackers to compromise your network. This post explains how to block untrusted fonts in Windows 10.

Windows 10

While working locally, almost all the fonts we use, come from the %windir%/fonts folder. That is, the fonts are installed into the Windows fonts folder when Windows or any other application is installed. These are trusted fonts and do not pose any threat. When we encounter such fonts on webpages, they are loaded from the local fonts folder.

But when the fonts on a webpage are not present on our computer – i.e., the local fonts folder – a copy of that font is loaded into our computer’s memory and that is when a cyber-criminal can gain access to your network.

Dangers of untrusted fonts

When a webpage utilizes a font that is already present in the local fonts folder, the browser picks up the fonts from the local folder to render the webpage. Since the fonts in local font folder are scrutinized by antivirus programs when being installed, they do not pose a threat.

When a website or webpage utilizes a font that is not present in local fonts directory or folder, browsers will need “elevated privileges” to load a copy of the fonts into local memory by downloading them to the computer. Simple downloads are not much of an issue as the antimalware packages will detect if the fonts contain any malware. There is no threat of malware with such fonts. The issue is “elevated privileges” that can be found and exploited by the cybercriminals. If they take control of browser under such a situation, they are capable of doing much harm to not only the computer but to the network as a whole.

The best method is to avoid browsers from using “elevated privileges” and that can be done in Windows 10 by blocking the fonts that are not present in the local folder. In such cases, the website will be rendered by substituting the untrusted website fonts with the trusted fonts in local folder. This may however, cause the webpage to render improperly and create problems while printing.

Three states available for untrusted fonts in Windows 10

There are three options available to you when it comes to untrusted fonts in Windows 10. They are:

  1. Block the fonts
  2. Audit mode: you do not actually block the font but you keep a log that shows if untrusted fonts were loaded and if yes, which website and application used them
  3. Exclusion of apps: You can whitelist some of the apps on Windows 10 to use untrusted fonts if you think they won’t be a problem; For example, if you whitelist Word app, it can utilize third-party fonts originating from the Internet even though you have blocked untrusted fonts

The best method, in my opinion, given the limited number of options, is to block all untrusted fonts and whitelist only those apps that pose less threat via downloading fonts to local memory. Compared to a browsers, apps like Microsoft Word, Excel, etc. pose less of a threat as when the fonts are downloaded, your antimalware is triggered and if it finds anything objectionable, it will give you a message or block the downloaded fonts. Browsers, on the other hand, are a complex architecture (relying on rendering engines and processors etc.) so even if the antimalware blocks fonts in memory, cybercriminals may still be able to take control of the machine easily.

 

***

Visit my Facebook Fanpage;

1235158_582867788432749_1999280796_n TechUpdateAsia images (15)

https://techupdateasia.wordpress.com

https://www.facebook.com/TechUpdateAsia

https://www.facebook.com/LarawanAtKape

Advertisements

Fortinet FortiSandbox Catches Zero-Day


Fortinet FortiSandbox Catches Zero-Day and Advanced Threats Hidden in IE, MS Office Files, PDFs, Web Page URLs, Zip files and Network File Share Locations Further Strengthens FortiGate and FortiMail with New Integrated Capabilities as part of Fortinet’s broader Advanced Threat Protection Framework.

Pasig City- April 23, 2015- Fortinet(r) (NASDAQ: FTNT) – a global leader in high-performance cyber security – today announced the launch of FortiSandbox 2.0, delivering enhanced features to their top-rated FortiSandbox Advanced Threat Detection Appliances and FortiSandbox Cloud solutions with the power to discover and isolate more advanced threats from more places than ever before. Integrated with FortiGate, FortiSandbox Cloud offers the ability to quarantine compromised users and end points with one-click, delivering additional mitigation against zero-day and advanced threats. When used together with FortiMail, previously unknown email threats are proactively and automatically blocked. FortiSandbox 2.0 combined with Fortinet’s Advanced Threat Protection (ATP) Framework ensures a new level of protection from sophisticated cyber threats.

Overview on how FortiSandbox 2.0 works to protect an organization against advanced targeted attacks. http://www.fortinet.com/videos/fortisandbox-2-new-features.html
https://www.youtube.com/watch?v=sXqiFXO2lKo

Protection from Advanced Threats In today’s cybersecurity landscape, what you can’t detect can hurt you; with highly targeted and tailored attacks increasingly bypassing traditional security defenses disguised as innocuous files constantly exchanged in an organization’s day-to-day workflow.

Combatting these advanced threats, Fortinet’s FortiSandbox enhances its independently rated and NSS Labs Recommended 99% breach detection rating with new features that scan more file types including Microsoft Office, PDFs, Internet Explorer, web URLs, shared file repositories and can even unzip and scan archived files so IT departments have confidence that they are protected from malicious code no matter where it tries to hide.

“The number one most exploited vector for attacks within an enterprise has consistently been through an organizational emails.” Said John Maddison, Vice President, Marketing Products at Fortinet. “Our updated FortiSandbox 2.0 and overhauled Advanced Threat Protection Framework were engineered to shine a light on the dark places, like emails and attached documents, where many other security solutions just can’t see. This provides Fortinet customers with the peace of mind that they are protected from the most nefarious threats out there.”

At the same time, procurement and legal departments are assured of license compliance based on Genuine Microsoft Windows and Office licenses that ship with every appliance. FortiSandbox with FortiGate or FortiMail reports the who, when, and where on malicious and suspicious files and makes it easy to block or quarantine any incursion, taking advanced threat protection a step further than just threat detection.

FortiSandbox advanced threat protection is available as physical, virtual and new add-on cloud solutions so customers have the flexibility to select a deployment mix that fits their needs, while seamlessly integrating with existing FortiGate and FortiMail infrastructure to deliver an advanced integrated security solution without the complexity and cost.

A Constantly Evolving Framework of Protection

Part of Fortinet’s newly enhanced Advanced Threat Protection (ATP) Framework, FortiSandbox seamlessly integrates with Fortinet’s FortiGate firewall appliances and FortiMail email security platforms, all backed by the industry-leading FortiGuard threat research lab; delivering continuous and automatic updates with immediate protection against the latest threats whenever they arise. The combination of Fortinet’s Prevent, Detect and Mitigate approach to advanced threats enables organizations to stop known
threats before they infect the infrastructure, discover new threats and then learns to continually evolve and deliver enhanced threat prevention.

Breaking The Kill Chain

Say a malicious email is sent to someone in the network that protected by Fortinet ATP framework featuring FortiGate firewalls, FortiMail email security and FortiSandbox. FortiGate reroutes file elements within the email to FortiSandbox for analysis, while FortiMail automatically holds the offending mail until it can be confirmed clear of malicious intent. If that email is found to contain nefarious elements, FortiMail will block the email and FortiSandbox uploads the data from its analysis to FortiGuard, which then triggers an automatic update to the entire Fortinet security ecosystem across the globe.

That is just one example. Fortinet’s integrated approach to Zero-day and advanced threat protection delivers seamless security designed to break the kill chain in a way that individual standalone solutions never could.

For more information:

Fortinet Advanced Threat Protection Homepage:
http://www.fortinet.com/solutions/advanced-threat-protection.html

Fortinet FortiSandbox Homepage:
http://www.fortinet.com/products/fortisandbox/advanced-threat-protection-appliances.html

FortiSandbox Video:
<
http://www.fortinet.com/videos/fortisandbox-protects-against-advanced-threats-fast.html>
http://www.fortinet.com/videos/fortisandbox-protects-against-advanced-threats-fast.html

Breaking the Kill Chain Video:
<
http://www.fortinet.com/videos/breaking-kill-chain-advanced-attacks.html>
http://www.fortinet.com/videos/breaking-kill-chain-advanced-attacks.html

Improve Mitigation to Address Advanced Threats Video:
http://www.fortinet.com/videos/how-improve-your-security-mitigation-better-address-advanced-threats.html

http://www.fortinet.com/videos/how-improve-your-security-mitigation-better-address-advanced-threats.html

 

Availability
FortiSandbox 2.0 is available for order now from authorized Fortinet channel partners. For more information about Fortinet’s Advanced Threat Protection solutions, please visit:

http://www.fortinet.com/solutions/advanced-threat-protection.html

About Fortinet
Fortinet (NASDAQ: FTNT) protects the most valuable assets of some of the largest enterprise, service provider and government organizations across the globe. The company’s fast, secure and global cyber security solutions provide broad, high-performance protection against dynamic security threats while simplifying the IT infrastructure. They are strengthened by the industry’s highest level of threat research, intelligence and analytics.

Unlike pure-play network security providers, Fortinet can solve organizations’ most important security challenges, whether in a networked, application or mobile environments – be it virtualized/cloud or physical.

More than 210,000 customers worldwide, including some of the largest and most complex organizations, trust Fortinet to protect their brands. Learn more at <http://www.fortinet.com/index.html> www.fortinet.com, or follow Fortinet at the <http://blog.fortinet.com/> Fortinet Blog,
<
https://plus.google.com/+fortinet/posts> Google+,
<
http://www.linkedin.com/company/fortinet> Linkedin or
<
https://twitter.com/Fortinet> Twitter.

 

Copyright (c) 2015 Fortinet, Inc. All rights reserved. The symbols (r) and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates.

Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at <http://www.sec.gov/> www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.

 

***

Visit my Facebook Fanpage;

1235158_582867788432749_1999280796_n TechUpdateAsia images (15)

https://techupdateasia.wordpress.com

https://www.facebook.com/TechUpdateAsia

https://www.facebook.com/LarawanAtKape