What is GRINCH.EXE and What Should I Do About It?

November 26, 2007; 10:45 AM

CAMBRIDGE, MASS. -- It’s Black Monday, the busiest online shopping day of the year. Chances are, if you work in an office, you’re using your company-issued PC or laptop to do a little online shopping in advance of the holidays. You’re not alone. Of the $116 billion expected to be spent on online retail purchases this year, $39 billion of that will be spent during the holiday season, an increase of 20 percent over last year, according to Jupiter Research. Nearly half of that shopping will be done during work hours; in fact, a recent Bill Me/Ipsos Insight survey revealed that 12 million Americans admitted to shopping online during work-related conference calls!

If you are surfing the web, such shopping might inadvertently take you to web sites loaded with spyware, key loggers, and other malicious software, making your credit or identity information vulnerable to theft and / or creating havoc on your operating system. But by the time your PC is infected with malware or unknown files such as Grinch.exe, it’s too late. In fact, every time an employee shops online, they increase their risk, says Brian Gladstein, director of product marketing for Bit9, a leading application control and device control solution provider.

“As we launch into the holiday shopping season, employees will inadvertently expose their company PCs and laptops to potential security threats,” Gladstein noted. “It’s critical that IT professionals proactively protect their endpoints by stopping unknown software from ever executing.”

For example, Gladstein observed that employees are very likely to have vulnerable applications running on their systems, which are easily exploited by the latest attacks. He recently authored a research brief on the top popular vulnerable applications for 2007.

Fortunately there are easy and efficient methods that will help IT professionals guard against these online threats. Gladstein advises a simple five-step approach, including:

1)      Define an appropriate application control policy
This policy should answer questions such as: What applications will we authorize users to install and/or run on their own? What software will not be authorized? Are unknown files that could potentially be malware, such as Grinch.exe, authorized to run in our environment?

2)      Monitor your PCs
Not sure what’s being copied onto the computers you manage? Use a software identification service to understand the true nature of that software. Free services such as FileAdvisor (http://fileadvisor.bit9.com) let you look up and identify unknown files like Grinch.exe.

3)      Understand where the vulnerable applications are in your network.
A complete picture of where the vulnerabilities are on your network is required to ensure you are addressing them. After all, if you do not know a user is running a vulnerable application and they connect their laptop to a public wi-fi spot, you risk a possible intrusion and / or loss of data on that computer.

4)      Be aware of new vulnerabilities

Stay on top of new vulnerabilities by visiting resources such as the National Vulnerability Database (http://nvd.nist.gov), the SANS Institute (http://www.sans.org), and the U.S. Computer Emergency Readiness Team (http://www.us-cert.gov).

5)      Stop unwanted software before it executes

Consider using application control and device control products such as Bit9 Parity™ to help you control what applications and devices can and can not operate. Stopping unwanted software before it can execute will always be your best defense in protecting desktops, laptops, and servers from malware, spyware, zero-day attacks, and any unknown, unwanted, or unauthorized software.

“The bottom line is that you can’t be careful enough,” Gladstein summarized. “We recommend everyone implement application controls to ensure that unknown, unauthorized, or unwanted software that is downloaded, either on purpose or inadvertently, never gets a chance to run.”

About Bit9, Inc.
Bit9, Inc. is the leading provider of application control and device control solutions. The company’s award-winning, patent-pending whitelisting technology prevents malicious software and data leakage by centrally controlling which applications and devices can and cannot operate.
Unlike other application and device control alternatives, Bit9 leverages the world’s largest knowledgebase of application intelligence to achieve Windows lockdown and business-friendly whitelisting, enabling IT professionals to realize the highest levels of desktop security, compliance, and manageability.

Founded in 2002 by the founders of Okena (acquired by Cisco Systems (NASDAQ: CSCO)) and headquartered in Cambridge, Massachusetts, Bit9 is a privately held company. For more information, visit http://www.bit9.com.


Bit9, Inc., Automatic Graylists, FileAdvisor, Find File, Parity, and ParityCenter are trademarks or registered trademarks of Bit9, Inc. All other names and trademarks are the property of their respective owners.