OT Malware scanners fail; Train users to minimize the risk
Eric Shubert
ejs at shubes.net
Sat May 29 09:43:46 MST 2010
Bryan O'Neal wrote:
> no-script is silent now - it will block everything without asking. If
> you notice trouble in the page (like it won't render or some element
> you think should be there is not) you can go to the tray icon in the
> lower right of the browser and turn things on.
>
> A slightly less annoying method is to run your browser in a sandbox.
>
> Basic rules -
> Always run virus protection. Perform low level scans periodically.
> Never operate as a privileged user
> Trusted sites are safer but still vulnerable - even the new your time
> can (and was) spreading mall-ware. So don't trust any site completely.
> If something asks for permission and you were not expecting the
> question deny permission first. If you find out you needed that just
> repeat the step and allow permission. You can easily be less
> restrictive latter and let something good in. It is hard to get rid of
> some bad you already let in.
> Use a firewall with in and out bound rules. This is both on your
> networks boarder and on the individual machines. On windows most of
> personal firewalls are auto learning. Just tell your user to say yes
> to everything for the first week. After that if they launch something
> new, that has never been launched before, they can say yes. Otherwise
> say know and if something does not work they can call you. On the
> boarder router you may only get to turn off well know items. No P2P
> unless cleared and for legitimate purposes, etc. You can also lock
> down all mail server activities to, say, your corporate mail servers.
> This one will also help keep you off the spam blacklists when some one
> brings in an infected laptop and jumps on your network.
> Never accept removable media, or use removable media in, untrusted sources.
> If you don't use it uninstall it! - what was it that ShockWave got
> caught with 11 different bugs that allowed some one to root kit your
> box. If the machine is more then 3 years old it probably has
> shockwave, but few people need it any more. [Shockwave is not flash]
> Turn off scripting - this is not just for your browser, this is for
> every application! There are reasons Word, Excel, and your PDF viewer
> have the ability to run other applications on your machine. And some
> OEL items require it to work correctly. But you run into one of these
> items once ever few years. In the mean time turn off scripting in all
> applications. (BTW I love PDF Exchange on windows ;)
> Don't open attachments unless you are expecting them. If you buddy
> Jane says I'll send you pictures, then when you get them open the
> picture and enjoy. If you randomly receive an email from Jane with a
> picture attached and a brief non-personal / generic message - trash
> it. You can always pull it out of the trash latter if Jane asks if
> you got the picture she sent.
> But you should also be using an email scanning program!
> Quite frankly we should secure our browsers as well. Most come with a
> list of known bad sites and will warn us. This is good. In a strange
> twist of fate, by default, IE8 is the most secure browser on windows.
> However I find it so annoying that I never use it. Indeed, on windows,
> I use Chrome most of the time and that Is one of the least secure.
> Firefox has the ability to be the most secure, but you have to use a
> variety of plug-ins to enhance the security.
> Monitor your networks - as a final note, a machine will become
> infected. It happens. Monitoring your desktops and network for
> suspicious activity allows you to ensure this does not spread.
> Personally I like cacti for this.
>
> Did that help for specifics?
Yes, but it's a bit of a blob. Something more akin to source
(paragraphs?) would be nice. ;)
I think it would be nice if PLUG were to develop some guidelines and
techniques for Computer Safety. We should perhaps step outside of the
Linux boundary in doing so, as we're as much about education as we are
about Linux. That's just my take though.
> On Sat, May 29, 2010 at 7:36 AM, Dazed_75 <lthielster at gmail.com> wrote:
>>
>> On Fri, May 28, 2010 at 1:12 PM, Technomage <technomage.hawke at gmail.com>
>> wrote:
>>> http://www.theregister.co.uk/2010/05/28/malware_user_training/
>>>
>>> I, too have been noticing a significant increase in troubled machines
>>> lately
>>> (including OS X, Linux and of course the usual Microsoft suspects).
>>> Something
>>> to keep an eye on guys!
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>> Good article. I must note, however, while he recommends training, he gives
>> no sources for same. Obviously, many things should be well known to his
>> immediate audience but I could wish he had included some links or material
>> itself.
>>
>> For example, he recommends no-script or an equivalent and flat out states
>> the user needs training in its use. I count myself among them. I used it
>> for a while and got so tired of it asking whether some totally unspecified
>> script should be allowed to run that I gave it up. Maybe there was some way
>> to get information on which to base a decision but I never found it. Super
>> tool made useless for lack of information!
>>
>> --
>> Dazed_75 a.k.a. Larry
>>
>> The spirit of resistance to government is so valuable on certain occasions,
>> that I wish it always to be kept alive.
>> - Thomas Jefferson
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
--
-Eric 'shubes'
More information about the PLUG-discuss
mailing list