Re: OT Malware scanners fail; Train users to minimize the ri…

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bryan O'Neal
Date:  
To: Main PLUG discussion list
Subject: Re: OT Malware scanners fail; Train users to minimize the risk
sorry - writing coherently takes time and effort - both of which I am
using on other projects rite now :\

On Sat, May 29, 2010 at 9:43 AM, Eric Shubert <> wrote:
> Bryan O'Neal wrote:
>>
>> no-script is silent now - it will block everything without asking. If
>> you notice trouble in the page (like it won't render or some element
>> you think should be there is not) you can go to the tray icon in the
>> lower right of the browser and turn things on.
>>
>> A slightly less annoying method is to run your browser in a sandbox.
>>
>> Basic rules -
>> Always run virus protection. Perform low level scans periodically.
>> Never operate as a privileged user
>> Trusted sites are safer but still vulnerable - even the new your time
>> can (and was) spreading mall-ware. So don't trust any site completely.
>> If something asks for permission and you were not expecting the
>> question deny permission first. If you find out you needed that just
>> repeat the step and allow permission.  You can easily be less
>> restrictive latter and let something good in. It is hard to get rid of
>> some bad you already let in.
>> Use a firewall with in and out bound rules. This is both on your
>> networks boarder and on the individual machines. On windows most of
>> personal firewalls are auto learning. Just tell your user to say yes
>> to everything for the first week. After that if they launch something
>> new, that has never been launched before, they can say yes. Otherwise
>> say know and if something does not work they can call you. On the
>> boarder router you may only get to turn off well know items. No P2P
>> unless cleared and for legitimate purposes, etc. You can also lock
>> down all mail server activities to, say, your corporate mail servers.
>> This one will also help keep you off the spam blacklists when some one
>> brings in an infected laptop and jumps on your network.
>> Never accept removable media, or use removable media in, untrusted
>> sources.
>> If you don't use it uninstall it! - what was it that ShockWave got
>> caught with 11 different bugs that allowed some one to root kit your
>> box. If the machine is more then 3 years old it probably has
>> shockwave, but few people need it any more. [Shockwave is not flash]
>> Turn off scripting - this is not just for your browser, this is for
>> every application! There are reasons Word, Excel, and your PDF viewer
>> have the ability to run other applications on your machine. And some
>> OEL items require it to work correctly. But you run into one of these
>> items once ever few years. In the mean time turn off scripting in all
>> applications. (BTW I love PDF Exchange on windows ;)
>> Don't open attachments unless you are expecting them. If you buddy
>> Jane says I'll send you pictures, then when you get them open the
>> picture and enjoy. If you randomly receive an email from Jane with a
>> picture attached and a brief non-personal / generic message - trash
>> it.  You can always pull it out of the trash latter if Jane asks if
>> you got the picture she sent.
>> But you should also be using an email scanning program!
>> Quite frankly we should secure our browsers as well. Most come with a
>> list of known bad sites and will warn us. This is good. In a strange
>> twist of fate, by default, IE8 is the most secure browser on windows.
>> However I find it so annoying that I never use it. Indeed, on windows,
>> I use Chrome most of the time and that Is one of the least secure.
>> Firefox has the ability to be the most secure, but you have to use a
>> variety of plug-ins to enhance the security.
>> Monitor your networks - as a final note, a machine will become
>> infected. It happens. Monitoring your desktops and network for
>> suspicious activity allows you to ensure this does not spread.
>> Personally I like cacti for this.
>>
>> Did that help for specifics?
>
> Yes, but it's a bit of a blob. Something more akin to source (paragraphs?)
> would be nice. ;)
>
> I think it would be nice if PLUG were to develop some guidelines and
> techniques for Computer Safety. We should perhaps step outside of the Linux
> boundary in doing so, as we're as much about education as we are about
> Linux. That's just my take though.
>
>> On Sat, May 29, 2010 at 7:36 AM, Dazed_75 <> wrote:
>>>
>>> On Fri, May 28, 2010 at 1:12 PM, Technomage <>
>>> wrote:
>>>>
>>>> http://www.theregister.co.uk/2010/05/28/malware_user_training/
>>>>
>>>> I, too have been noticing a significant increase in troubled machines
>>>> lately
>>>> (including OS X, Linux and of course the usual Microsoft suspects).
>>>> Something
>>>> to keep an eye on guys!
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list -
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>>> Good article.  I must note, however, while he recommends training, he
>>> gives
>>> no sources for same.  Obviously, many things should be well known to his
>>> immediate audience but I could wish he had included some links or
>>> material
>>> itself.
>>>
>>> For example, he recommends no-script or an equivalent and flat out states
>>> the user needs training in its use.  I count myself among them.  I used
>>> it
>>> for a while and got so tired of it asking whether some totally
>>> unspecified
>>> script should be allowed to run that I gave it up.  Maybe there was some
>>> way
>>> to get information on which to base a decision but I never found it.
>>>  Super
>>> tool made useless for lack of information!
>>>
>>> --
>>> Dazed_75 a.k.a. Larry
>>>
>>> The spirit of resistance to government is so valuable on certain
>>> occasions,
>>> that I wish it always to be kept alive.
>>>  - Thomas Jefferson
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>
>
>
> --
> -Eric 'shubes'
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss