Mailbag - "Attacks"
We got an email to the list today that got me to thinking. Alyce was concerned because of "Attacks" toward her computer that were being logged by the firewall that is part of the locally installed antivirus suite. Alyce wisely checks the history and logs section on a fairly regular basis but admits to being a novice. Recently Alyce observed that about every ten minutes the same IP was trying different attacks to gain access to the computer. As was stated in the email "I know that no one is going to jump through my computer screen, but it is scaring me..."
It is scary to know traffic coming toward your system is not friendly. The internet is not a safe, nice place where you can leave your computer open and no one will bother it. However, if you keep your system patched, run antivirus software and have your firewall turned on, you are pretty safe from the externally initiated attacks that are aimed at your system. Most tools are automated and are looking for home systems with vulnerabilities. There are far to many open and unprotected system's out there to go after then trying to compromise one that takes effort.
The bigger worry actually comes from what the user at the keyboard is doing. Currently as I write this, I have to make a decision as to whether I should rebuild my box. I keep it patched and locked down to what I need. I don't run as administrator and I run a firewall and antivirus software. All of this it seems, could not save my computer from one of my kids who got on it to surf around the internet. It appears they have picked up something on their travels as my computer is not running right. Even through all the lectures of not clicking on every link out there just because Google returned it, the message still did not get through. The attackers don't have to break in if you open the door for them.
Trying to teach the user community to be careful of where they go and what they click on seems to be a never ending saga. How many years have we spent trying to educate the end users? I have a couple of family members that unintentionally keep creating their own malware zoo on their computers. No matter how much I try to caution and explain, it obviously isn't getting through. I'm sure many of you have the same problem and similar users. The problem is trying to bridge the gap between those who work in the computer world and those who just use it. So, I would like to compile a simple, best practice list for safe internet travels for the "non computer savvy" home/work user. If you have any recommendations for best practices/advice for this list, please send them in and I will compile the results. I'll post the results of this in a diary next week.
Comments
Moriah
Jan 23rd 2012
1 decade ago
Watcher60
Jan 23rd 2012
1 decade ago
Next is to advise on getting good AV that includes a Sandbox feature (the recommendation of Sandboxie above is also good of course). If they get in the habit of using those disposable sessions for most work it can be very effective, and greatly removes context (like site types, links they shouldn't trust etc.) from the equation, thus reducing complexity and tech induced brain-freeze.
Ahriakin
Jan 23rd 2012
1 decade ago
Period !
MrClarke
Jan 23rd 2012
1 decade ago
I also tell them to not install Facebook apps and to be weary of links. I tell them it is better to sound like a dummy by asking a question than it is to look like a fool when your computer spams your buddies in your name.
Lee
Jan 23rd 2012
1 decade ago
1) Install AV and set it to update/ Full Scan (I start with MSE, but move to Kaspersky for those who need more advanced protection)
2) Install Malwarebytes Free as a secondary check (train the user to update/run it once every week or two)
3) Install Secunia PSI to lower the vector of infections (this keeps their tools up-to-date in the back ground)
4) Verify that Windows Updates are set to auto update
5) Setup OpenDNS (as noted above by another poster - I love this service)
6) When ever I use their machine (remote or local) I tend to recheck to make sure things are setup and running correctly - scans are run, etc.
Performing just these steps I rarely have had to help with malware issues. There was a recent event where one person opened a "DHL shipping receipt" from an email and they tagged... but the PDF vulnerability was a known one and Adobe had not been updated yet.
gduquette
Jan 23rd 2012
1 decade ago
In addition I remove Java, all PDF readers and have them use Chrome for browsing and PDFs, which auto updates and eliminates a separate flash install. I also disable Java Script and have them allow for sites they use that require it. There are plugins that do a better job. Also run WoT and tell them to only click on sites with a green circle.
If they are open to new things and are just using the browser, then I try and get them browsing from a USB Backtrack, Ubuntu or other distro.
alasken
Jan 23rd 2012
1 decade ago
1) MSSSP Microsoft Standalone System Sweeper http://connect.microsoft.com/systemsweeper
2) Malwarebytes
alasken
Jan 23rd 2012
1 decade ago
First off – for internet only – think about making a bootable USB drive – you can use Fedora, Ubuntu, Backtrack – it will boot fast and if done right the OS will be untouched by any changes that happen while browsing.
If he/she MUST surf from Windows then
1) OS
1a) Surf from a limited user account
1b) Keep UAC enabled with a password and come install stuff if he/she needs it
2) BROWSING
2a) Download Sandboxie and run Chrome from within the Sandbox (set Chrome as default browser and delete all shortcuts from her desktop except Sandboxie)
2b) Surf using Google Chrome – keep it updated and it will keep itself updated for PDF and Flash
2c) Think about disabling javascript in Chrome (will definitely impact browsing experience – but can rt-click enable on any site)
2d) Firefox with plugins
2d1) No script
2d2) ABP ad block plus
2d3) Ghostery
2d4) WoT – Web of trust
3) Reduce attack surface Uninstall any software not needed – especially
3a) Java (most exploited)
3b) Adobe reader (use Foxit if you need a reader and do not want to open PDF’s in Chrome)
3c) Adobe Air
3d) Shockwave
3e) Flash (remove for all browsers – Chrome has its own)
4) PATCH - Keep the rest of the apps updated
4a) Secunia.com PSI – this will tell you if you are patched (do not trust it for Windows patches – use Windows auto update)
4b) Windows Update (set it to automatic)
4c) iTunes – run the updater
4d) Chrome – update outside of Sanboxie occaisionally – then delete the default container
5) Cardinal rules
5a) Do NOT install any software you did not go looking for (e.g. if the site says – Plugin XXX is required to view this page – do you want to install it? Exit the screen without clicking anything <alt><F4> - then if you REALLY need to see that screen go download the file from the correct site (Oracle.com for java, adobe.com for shockwave, flash, air)
5b) Do NOT run as administrator – run as a limited user account
5c) Run AV – preferably security suite set it to auto update – tweak settings to be aggressive – this will auto block a lot of malicious sites
5d) Occasionally run MSSST from a USB stick to validate no rootkits/malware
5e) Occasionally run MalwareBytes to check for other nasty bits
5f) Don’t click on links, copy and paste link to a notepad and see where it goes – if it goes to a URL shortener like Bit.ly or QR code – do not follow it – you have NO idea where it goes (there are service you can paste the link into to see where it goes)
hav0c
Jan 23rd 2012
1 decade ago
I have also started using Foxit. I use it because their MSIs actually work well[1], but I figure it adds a layer of protection.
Dan
[1] Why can Adobe make working MSIs for Flash and not for Reader?
ComputerX
Jan 23rd 2012
1 decade ago