Thread: OT Malware in news
View Single Post
  #6   Report Post  
Old 05-06-2014, 02:39 PM posted to uk.rec.gardening
Tom Gardner[_2_] Tom Gardner[_2_] is offline
external usenet poster
  
First recorded activity by GardenBanter: Feb 2009
Posts: 198
Default OT Malware in news
On 05/06/14 13:18, News wrote:
On 05/06/2014 12:44, Stephen Wolstenholme wrote:

I don't think I will respond to Symantec marketing.


Agreed. Unfortunately, the hype over all this makes me think that either the gov agencies or the AV providers are running a marketing campaign.

Yes, these threats are potentially dangerous - but they have been for a long time now. There really isn't anything significantly different about it now. Yes, such malware will increase and become
more effective, as will the means of trapping the unwary. You always need to be vigilant and this news doesn't change that.

However, the hype over this '2 week window' is largely meaningless. If you are very recently infected with cryptolocker (like the day the 'command and control' servers were taken down) then you may
have 2 weeks to get it cleaned up before the servers are back and able to issue the encryption keys. This will be a very small number of people affected in this way though.

As with all these things, some basic hygiene will keep you safe. (Particularly relevant for windows users, of course). My view of the important stuff is as below. Some parts are more important than
others. You can do all the right things with protective software, but the absolute key is your online behaviour. So...

* Keep programs and operating systems fully patched and remove programs you don't use;

Yes, but you want to disable/remove services; an installed but non-running program is not a threat.


* Have an anti-virus program running in real time, keep it updated at least once a day and run periodic system scans;

Yes, but one of the AV *vendors* recently said they are becoming ineffective. At
best they are heuristic and the updates scan for what has recently been discovered
by the vendor to be active in the wild - which implies some people have already
been affected.


* Have an anti malware program such as 'malwarebytes' or 'spybot search & destroy' - keep them uptodate and run periodic scans;

I hear good things about MS EMET tool, but I'm not in a position to have an opinion.


* Don't click on links in emails (preferably at all, but certainly not unless you absolutely know the source of the mail and what the link is);
* Don't open any attachments in emails unless you absolutely know the sender and what they are sending and you are expecting it;

Necessary but not sufficient; there have been drive-by attacks where opening the
email wasn't necessary.


* Never click on a link in an email to change account details - always go direct to the correct site and to the correct part of it to change your details;

Valid, important, but phishing is completely different to malware.

* Be very careful about what websites you go to and what you click on;

Necessary but not sufficient; sometimes malware is delivered via advert
networks used by reputable sites. Yet another reason for having an adblocker
in your browser.


* Remember that social media is a prime location for picking up malware;
.... even reputable social media sites!


* Never change any sensitive details on any public wifi network - and don't use any sensitive log in details;
* If you have home WiFi, make sure it is very secure;
Valid, important, but not a malware phenomenon.


* Preferably have a router to connect your broadband rather than a USB modem;

Why? Surely it is what is inside the device rather than its method of connection.


* Change your passwords regularly; don't use the same password for multiple services; have complex, difficult to guess passwords. (A good password manager such as LastPass can help take away a lot of
the burden of this as long as you know its limitations).

Arguably impractical. There are many alternative strategies.

In any case remember the purpose of a password is to shift
responsibility from the website back onto you "if the right
password was given it must have been you"


If you have an eBay account, change your password *NOW* if you haven't done so in the last couple of weeks.

Doubtless some will disagree with some of the items above. I know people that refuse to use AV programs, for example - but to take that step, you need to be super-vigilant, and most people just
aren't. Most people that get hit with malware are not IT professionals and I accept that from scratch, some of this stuff can be daunting - unfortunately, that is what the bad guys know and they are
their targets

You forgot what will become very important, especially with
the Internet of Things...

* don't have any "smart devices" where the manufacturer doesn't
regularly update the software. For example "smart TVs", which are
just computers with an aerial

* when visiting any financial website, use the browser in a
"live CD" operating system on either a CD or USB stick.
Turn off the machine, boot directly from the CD/USB, only visit
the financial website, turn the machine off. Since you get a new
original operating system every time you use it, it simply cannot
have been infected with malware. Of course, neither can you store
bookmarks nor cookies between sessions!

The live CD/USB is also helpful in an internet cafe, but won't stop
someone shoulder surfing.

Reply With QuoteReply With Quote