Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Secuirty for disabled adult


  • Please log in to reply
4 replies to this topic

#1 LOTL

LOTL

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 05 December 2013 - 08:41 AM

Just had a friend drop off 2 Desktop PC's and a laptop. All three were badly infected with a variety of Trojans, Malware and Ransomware. 

After following some guides here for removal of the NSA Ransomware, i proceeded to clean the system as best i could. Somewhere along the way, the system became slow and would blue screen when logging off any of the users.

 

They had a copy of Windows 7, so i backed up what files they wanted and did a clean install of Windows 7.

I have done this on 2 of the 3 systems as they were all running Vista and were all badly infected. The 3rd system is still a work in progress and may have hardware issues.

 

On the one desktop that is going back to her autistic son, i have installed Avira Antivir, Hitman Pro Alert and Sandboxie.

I set him up as a limited user (was admin before) and im considering a Firewall with HIPS. My experience with Firewalls with HIPS, is that most if not all of them require a lot of interaction. I think he will just click whatever button is the easiest to click and be on his way. So i think the firewall would be a waste of time and resources.

 

The free version of Sandboxie seems a little limited and easily bypassed if he goes into the list of programs and fires up IE or Chrome (i have made chrome his default browser). I have deleted all browser shortcuts from the desktop with the exception of the Sanboxie browser shortcut. I guess i could delete them from the programs list, but i think he should stick with clicking the desktop icon.

 

What other recommendations would anyone here have to try and make this a more secure system without over complicating things? I will most likely image the system before it goes back, but it would be nice to see him get more than a few months out of this new cleaned up system.

 

I have considered running off of a live CD or USB flash drive, but thats not 100% effective either. His mom is pretty computer savvy, but doesnt have the time to police him and his 2 brothers all the time. They range in age from 14 - 21, so they are into it all. Maybe some rules or restrictions at the router? Using a hosts file with a frequently updated blacklist of nefarious sites?

 

It seems things keep getting worse out there in the wild wild net. How is someone like this to protect themselves?

Maybe setup Ubuntu or other user friendly Linux distro instead of Windows 7? May be less nasties with Linux, but that brings its own support and other issues.

 

Open to ideas here folks.



BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:21 PM

Posted 05 December 2013 - 01:35 PM

Making him a general user is going to go a long way.  The image is also a good idea.

 

Maybe set up the router to use Open DNS



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:21 PM

Posted 05 December 2013 - 03:18 PM

If Hitman Pro Alert provides an actual alert, he will probably not know what to do about it. CryptoPrevent will block things automatically without him having to do anything. It artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 LOTL

LOTL
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 05 December 2013 - 04:28 PM

Thanks Guys,

@RKilroy I ran the OpenDNS app a couple years on my laptop and used it for a while. I ditched it i think mainly due to slower browsing speeds and downloads.

I never tried installing it on the router. Id have to see what they are running for a router to see if its even possible. Might be getting into too much time and trouble than they or i want to deal with.

 

@quietman7 I just read a comparison a couple weeks ago about Cryptoguard VS Hitman Pro Alert. I came away from the discussion thinking HitmanPro Alert was the way to go. Your right though i havent seen any popups yet on my computer, so i wasnt thinking about ti when i installed it on their machines.

I see that CryptoPrevent does not have Automatic updating in the free version, but i guess thats something she could do once a month.

 

Im leaning heavily towards a dual boot setup with Kubuntu on the one machine. Her autistic son just uses it for browsing, watching youtube vids and such. I havent ran Linux for any long period of time to see how much more secure they are, but then again i have never been infected on any of my windows machines.

 

I just finished testing Kubuntu 12.04 LTS Live USB on the system in question and it ran fine. I appreciate any thoughts you folks might have about this.



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:21 PM

Posted 05 December 2013 - 04:59 PM

CryptoPrevent doesn't actually need regular updating unless the tools creator add's new features which then requires updating to add them into group policy object rules. I have the free version which permits manual checking for updates. CryptoPrevent Premium keeps CryptoPrevent up-to-date automatically.

Per the developer: HitmanPro.Alert warns when malware has intruded your browser but the alert will not block malware since the program is not designed to be an anti-virus or anti-malware tool.
1. Alert's Intruder feature is only for web browsers when they are open. Intrusions happening while the browser is open will be detected and an alert will be displayed but the intrusion is not blocked.

2. Alert's CryptoGuard is a system-wide real-time feature that will block encryption of files even when no browsers are open (browsers are unrelated to CryptoGuard anyway. The CryptoGuard feature protects all documents and files on the computer. Alert will not blocked the infection but will block crypto attacks on the documents and files on the computer. CryptoGuard monitors the computer's file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm. CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users