Thread: OT Malware in news
View Single Post
  #8   Report Post  
Old 06-06-2014, 09:20 AM posted to uk.rec.gardening
news news is offline
external usenet poster
  
First recorded activity by GardenBanter: Jul 2011
Posts: 138
Default OT Malware in news
On 05/06/2014 14:39, Tom Gardner wrote:
On 05/06/14 13:18, News wrote:
On 05/06/2014 12:44, Stephen Wolstenholme wrote:

I don't think I will respond to Symantec marketing.


Agreed. Unfortunately, the hype over all this makes me think that
either the gov agencies or the AV providers are running a marketing
campaign.

Yes, these threats are potentially dangerous - but they have been for
a long time now. There really isn't anything significantly different
about it now. Yes, such malware will increase and become
more effective, as will the means of trapping the unwary. You always
need to be vigilant and this news doesn't change that.

However, the hype over this '2 week window' is largely meaningless.
If you are very recently infected with cryptolocker (like the day the
'command and control' servers were taken down) then you may
have 2 weeks to get it cleaned up before the servers are back and able
to issue the encryption keys. This will be a very small number of
people affected in this way though.

As with all these things, some basic hygiene will keep you safe.
(Particularly relevant for windows users, of course). My view of the
important stuff is as below. Some parts are more important than
others. You can do all the right things with protective software, but
the absolute key is your online behaviour. So...

* Keep programs and operating systems fully patched and remove
programs you don't use;

Yes, but you want to disable/remove services; an installed but
non-running program is not a threat.


The list was intended to be for someone that doesn't know a lot about
how computers run under the bonnet. Having lots of old programs lying
around (and possibly running if they have insinuated themselves into
automatic startup) is no good for housekeeping - and is potentially
another place that an infection could hide (although no more likely than
in a 'wanted' program).


* Have an anti-virus program running in real time, keep it updated at
least once a day and run periodic system scans;

Yes, but one of the AV *vendors* recently said they are becoming
ineffective. At
best they are heuristic and the updates scan for what has recently been
discovered
by the vendor to be active in the wild - which implies some people have
already
been affected.

Which is why it is a tool to assist thoughtful safe computing.



* Have an anti malware program such as 'malwarebytes' or 'spybot
search & destroy' - keep them uptodate and run periodic scans;

I hear good things about MS EMET tool, but I'm not in a position to have
an opinion.

Yes - must have a closer look at that



* Don't click on links in emails (preferably at all, but certainly not
unless you absolutely know the source of the mail and what the link is);
* Don't open any attachments in emails unless you absolutely know the
sender and what they are sending and you are expecting it;

Necessary but not sufficient; there have been drive-by attacks where
opening the
email wasn't necessary.

Again, mine was a basic list that will protect from 95% of attacks via
most vectors.



* Never click on a link in an email to change account details - always
go direct to the correct site and to the correct part of it to change
your details;

Valid, important, but phishing is completely different to malware.

It can be - phish links can also be to sites containing malware - and
whether you get infected or give someone the password to your bank
account, the end result is not good.


* Be very careful about what websites you go to and what you click on;

Necessary but not sufficient; sometimes malware is delivered via advert
networks used by reputable sites. Yet another reason for having an
adblocker
in your browser.

Wouldn't disagree there.



* Remember that social media is a prime location for picking up malware;
... even reputable social media sites!


* Never change any sensitive details on any public wifi network - and
don't use any sensitive log in details;
* If you have home WiFi, make sure it is very secure;
Valid, important, but not a malware phenomenon.


* Preferably have a router to connect your broadband rather than a USB
modem;

Why? Surely it is what is inside the device rather than its method of
connection.

Maybe things have changed, but I've always considered a router to have
more inherent firewall capabilities than a modem. But maybe its not the
case - and certainly it is not for security 101.



* Change your passwords regularly; don't use the same password for
multiple services; have complex, difficult to guess passwords. (A
good password manager such as LastPass can help take away a lot of
the burden of this as long as you know its limitations).

Arguably impractical. There are many alternative strategies.

I find it eminently practical. Strategies depend on what works best for
someone. The only strategy that is really dangerous is very weak
passwords, repeated. (Apart from obvious things such as not remembering
complex passwords and writing them down on a postit stuck to your forehead).


In any case remember the purpose of a password is to shift
responsibility from the website back onto you "if the right
password was given it must have been you"

Sure, but a whole other argument



If you have an eBay account, change your password *NOW* if you haven't
done so in the last couple of weeks.

Doubtless some will disagree with some of the items above. I know
people that refuse to use AV programs, for example - but to take that
step, you need to be super-vigilant, and most people just
aren't. Most people that get hit with malware are not IT
professionals and I accept that from scratch, some of this stuff can
be daunting - unfortunately, that is what the bad guys know and they are
their targets

You forgot what will become very important, especially with
the Internet of Things...

* don't have any "smart devices" where the manufacturer doesn't
regularly update the software. For example "smart TVs", which are
just computers with an aerial

* when visiting any financial website, use the browser in a
"live CD" operating system on either a CD or USB stick.
Turn off the machine, boot directly from the CD/USB, only visit
the financial website, turn the machine off. Since you get a new
original operating system every time you use it, it simply cannot
have been infected with malware. Of course, neither can you store
bookmarks nor cookies between sessions!

The live CD/USB is also helpful in an internet cafe, but won't stop
someone shoulder surfing.


Not particularly forgot - I'm sure I didn't include a lot of things -
but it wasn't intended as a definitive article - just a list of things
that most people could do quite easily.

Perhaps the best thing would be to get someone to print the internet off
for you (the general you, not you personally) and return to physical
bartering

--
regards andy
Reply With QuoteReply With Quote