Re: OT Malware scanners fail; Train users to minimize the ri…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan O'Neal
Date:  
To: Main PLUG discussion list
Subject: Re: OT Malware scanners fail; Train users to minimize the risk
no-script is silent now - it will block everything without asking. If
you notice trouble in the page (like it won't render or some element
you think should be there is not) you can go to the tray icon in the
lower right of the browser and turn things on.

A slightly less annoying method is to run your browser in a sandbox.

Basic rules -
Always run virus protection. Perform low level scans periodically.
Never operate as a privileged user
Trusted sites are safer but still vulnerable - even the new your time
can (and was) spreading mall-ware. So don't trust any site completely.
If something asks for permission and you were not expecting the
question deny permission first. If you find out you needed that just
repeat the step and allow permission. You can easily be less
restrictive latter and let something good in. It is hard to get rid of
some bad you already let in.
Use a firewall with in and out bound rules. This is both on your
networks boarder and on the individual machines. On windows most of
personal firewalls are auto learning. Just tell your user to say yes
to everything for the first week. After that if they launch something
new, that has never been launched before, they can say yes. Otherwise
say know and if something does not work they can call you. On the
boarder router you may only get to turn off well know items. No P2P
unless cleared and for legitimate purposes, etc. You can also lock
down all mail server activities to, say, your corporate mail servers.
This one will also help keep you off the spam blacklists when some one
brings in an infected laptop and jumps on your network.
Never accept removable media, or use removable media in, untrusted sources.
If you don't use it uninstall it! - what was it that ShockWave got
caught with 11 different bugs that allowed some one to root kit your
box. If the machine is more then 3 years old it probably has
shockwave, but few people need it any more. [Shockwave is not flash]
Turn off scripting - this is not just for your browser, this is for
every application! There are reasons Word, Excel, and your PDF viewer
have the ability to run other applications on your machine. And some
OEL items require it to work correctly. But you run into one of these
items once ever few years. In the mean time turn off scripting in all
applications. (BTW I love PDF Exchange on windows ;)
Don't open attachments unless you are expecting them. If you buddy
Jane says I'll send you pictures, then when you get them open the
picture and enjoy. If you randomly receive an email from Jane with a
picture attached and a brief non-personal / generic message - trash
it. You can always pull it out of the trash latter if Jane asks if
you got the picture she sent.
But you should also be using an email scanning program!
Quite frankly we should secure our browsers as well. Most come with a
list of known bad sites and will warn us. This is good. In a strange
twist of fate, by default, IE8 is the most secure browser on windows.
However I find it so annoying that I never use it. Indeed, on windows,
I use Chrome most of the time and that Is one of the least secure.
Firefox has the ability to be the most secure, but you have to use a
variety of plug-ins to enhance the security.
Monitor your networks - as a final note, a machine will become
infected. It happens. Monitoring your desktops and network for
suspicious activity allows you to ensure this does not spread.
Personally I like cacti for this.

Did that help for specifics?



On Sat, May 29, 2010 at 7:36 AM, Dazed_75 <> wrote:
>
>
> On Fri, May 28, 2010 at 1:12 PM, Technomage <>
> wrote:
>>
>> http://www.theregister.co.uk/2010/05/28/malware_user_training/
>>
>> I, too have been noticing a significant increase in troubled machines
>> lately
>> (including OS X, Linux and of course the usual Microsoft suspects).
>> Something
>> to keep an eye on guys!
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> Good article.  I must note, however, while he recommends training, he gives
> no sources for same.  Obviously, many things should be well known to his
> immediate audience but I could wish he had included some links or material
> itself.
>
> For example, he recommends no-script or an equivalent and flat out states
> the user needs training in its use.  I count myself among them.  I used it
> for a while and got so tired of it asking whether some totally unspecified
> script should be allowed to run that I gave it up.  Maybe there was some way
> to get information on which to base a decision but I never found it.  Super
> tool made useless for lack of information!
>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
>  - Thomas Jefferson
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss