Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What do I need to do when buying a used computer from Cragslist?


  • Please log in to reply
13 replies to this topic

#1 GreggWriter

GreggWriter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 31 January 2016 - 05:31 PM

Hey. I work in an office with a Comcast router that my two computers are wired to. I wanted to buy a laptop on Craigslist (with Windows 8.1) for only thirty dollars. A well-meaning friend sort of read me the riot act about how the laptop could have a virus and at the very least I would need Avast free a/v and Malwarebytes https://www.malwarebytes.org/antimalware/premium/ paid version for $24.95/year. (My funds are severely limited.) He said the malwarebytes premium is the only way to safeguard against Cryptolocker and other ransomware. (I'm careful online and from my research it seemed the big risk for getting ransomware was clicking on attachments, which I would never do.)

 

The thing I worry about is if I get a virus that it could spread to the other computers (the business ones) on the network. (Only two of the business computers are wired into the Comcast router and a third is connected via wifi.) That would be devastating. I of course wouldn't be pleased if my newly purchased laptop got infected, but I could live with that. (And you guys would help me clean it up anyway. :)

 

So I'm wondering:

 

#1)If I should get a virus, could it spread to the other computers on the network?

#2) Would I need the Malwarebytes premium?

#3) Is there an effective free anti-ransomware software out there?

#4) What would be a prudent way to safeguard myself if I do buy the laptop?

 

Thanks very much.


Edited by GreggWriter, 31 January 2016 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:03:29 PM

Posted 31 January 2016 - 06:36 PM

Before purchasing the laptop, have it tested so the laptop's hardware is okay?

#1)Yes.

#2) Good to have Malwarebytes premium, but not essential.

#3) Surf the Internet in a delimited account (guest account) with all scripting disabled, and only enabled for trusted sites. FREE AV & #2.

#4) How long is a piece of string?
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#3 Smsec

Smsec

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 31 January 2016 - 08:53 PM

Sounds like a deal if it's in good shape and has adequate performance.

 

#1 Yes

 

#2 If you get a lot of attachments in email Malwarebytes premium extends protection to PDFs and Microsoft Office documents. There's a comparison chart of MB free and paid here: https://www.malwarebytes.org/antiexploit/

 

# 3 Malwarebytes just released an anti-ransomware software beta version for free. Its been reviewed here: http://www.bleepingcomputer.com/news/security/malwarebytes-releases-new-anti-ransomware-beta-software/. You might take a look.

 

#4 Stay on top of all software updates Microsoft and 3rd party software especially Adobe Flash. Flash software vulnerabilities are a very popular way malware gets installed on a pc. You can find out if the Flash version is up to date by visiting http://www.adobe.com/software/flash/about/. 

 

Hope you have good luck with the laptop.



#4 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 01 February 2016 - 10:04 PM

Before purchasing the laptop, have it tested so the laptop's hardware is okay?

#1)Yes.

#2) Good to have Malwarebytes premium, but not essential.

#3) Surf the Internet in a delimited account (guest account) with all scripting disabled, and only enabled for trusted sites. FREE AV & #2.

#4) How long is a piece of string?

Thanks Crazy Cat. Appreciate it.



#5 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 01 February 2016 - 10:06 PM

Sounds like a deal if it's in good shape and has adequate performance.

 

#1 Yes

 

#2 If you get a lot of attachments in email Malwarebytes premium extends protection to PDFs and Microsoft Office documents. There's a comparison chart of MB free and paid here: https://www.malwarebytes.org/antiexploit/

 

# 3 Malwarebytes just released an anti-ransomware software beta version for free. Its been reviewed here: http://www.bleepingcomputer.com/news/security/malwarebytes-releases-new-anti-ransomware-beta-software/. You might take a look.

 

#4 Stay on top of all software updates Microsoft and 3rd party software especially Adobe Flash. Flash software vulnerabilities are a very popular way malware gets installed on a pc. You can find out if the Flash version is up to date by visiting http://www.adobe.com/software/flash/about/. 

 

Hope you have good luck with the laptop.

Thanks Smsec. Thanks for the links too. Very helpful.



#6 Bailifei

Bailifei

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 02 February 2016 - 03:38 AM

Well it's like buying a used couch and not cleaning it first. You have no idea what the people who owned it before did with it so clean it up. If the people selling it have the restore CD's that'll help. Format the hard drive, and re-install the OS.



#7 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 02 February 2016 - 03:26 PM

Well it's like buying a used couch and not cleaning it first. You have no idea what the people who owned it before did with it so clean it up. If the people selling it have the restore CD's that'll help. Format the hard drive, and re-install the OS.

Thanks Bailifei. Formatting the hard drive--is that like formatting a usb drive? You just delete whatever is there and then choose FAT32 or NTFS to replace it? And unfortunately hardly anybody selling stuff on Craigslist has restore CDs. A few do, though. Thanks for responding.



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 AM

Posted 02 February 2016 - 06:00 PM

Depending on whether the computer still has the recovery partition or not (if it is OEM) you can do a reset of Windows 8.1 to clean out everything.

#1. Depends on the type of malware - most common malware nowadays (trojans, ransomware etc.) do not actually spread over local networks. Crypto ransomware do try to encrypt network shares, however.

#2. Emsisoft Anti-Malware is another option - it is both an AV and AM, and performs extremely well against crypto ransomware. However it's paid and quite a bit more expensive than Malwarebytes at first. That said, if you cannot afford EAM then a free AV and MBAM Premium will do.

#3. There is Foolish IT's CryptoPrevent which helps against some ransomware, Malwarebytes Anti-Exploit and Microsoft's Enhanced Mitigation Experience Toolkit which help defend against drive-by attacks (one of the common methods of spreading ransomware). Script blockers and ad blockers also help by reducing the surface of attack. Practicing safe surfing is still important, however - the above software only help closing the gaps that safe surfing might not reach (say, a popular news outlet got hacked).

#4. These might help:
Simple and easy ways to keep your computer safe and secure on the Internet
Answers to common security questions - Best Practices

#9 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 02 February 2016 - 06:23 PM

Depending on whether the computer still has the recovery partition or not (if it is OEM) you can do a reset of Windows 8.1 to clean out everything.

#1. Depends on the type of malware - most common malware nowadays (trojans, ransomware etc.) do not actually spread over local networks. Crypto ransomware do try to encrypt network shares, however.

#2. Emsisoft Anti-Malware is another option - it is both an AV and AM, and performs extremely well against crypto ransomware. However it's paid and quite a bit more expensive than Malwarebytes at first. That said, if you cannot afford EAM then a free AV and MBAM Premium will do.

#3. There is Foolish IT's CryptoPrevent which helps against some ransomware, Malwarebytes Anti-Exploit and Microsoft's Enhanced Mitigation Experience Toolkit which help defend against drive-by attacks (one of the common methods of spreading ransomware). Script blockers and ad blockers also help by reducing the surface of attack. Practicing safe surfing is still important, however - the above software only help closing the gaps that safe surfing might not reach (say, a popular news outlet got hacked).

#4. These might help:
Simple and easy ways to keep your computer safe and secure on the Internet
Answers to common security questions - Best Practices

Wow. Thanks Sintharius. Your post will keep me busy for a while. And great links.

 

Two quick follow-up questions.

 

#1) What about 'https everywhere'? Is having that a good idea?

#2) (In trying to understand the risk of a virus spreading amongst the network.) So most malware will not spread across the network. Only some. Then is it the router's job to protect the network from malware? (In other words, there's nothing for me to do with my individual computer. I should just make sure the router has good a/v a/m protection?)



#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:04:29 AM

Posted 02 February 2016 - 06:32 PM

#1. HTTPS Everywhere forcibly encrypts the contents of your internet browsing. Great for privacy (if you are concerned about it) but can break contents on websites. It does not do anything for malware prevention AFAIK, whether you want to have it or not is up to you.

#2. There used to be worms that spread very fast within networks, but they are uncommon in the modern security landscape. The router's job is not to protect your network from malware infections - see What’s the point of having a firewall? - Emsisoft Blog for a description of what routers do.

That said, to protect your router the best course of action is to give it a strong username and password, disable all unneeded services (especially the ones related to remote access), apply firmware updates if there are any, and keep your endpoints secured with proper AV & AM protection as some malware can infect the router.

Hope that helps.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 PM

Posted 02 February 2016 - 06:40 PM

...to protect your router the best course of action is to give it a strong username and password..

+1 and very good advice.
 

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security

...falling victim to data breaches that resulted from attackers exploiting employees or company vendors. Unfortunately, along with exposing millions of identities these attacks also reveal what is often the weakest link in enterprise data security – the human element...

Social Engineering: Attacking the Weakest Link in the Security Chain
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 03 February 2016 - 01:17 AM

#1. HTTPS Everywhere forcibly encrypts the contents of your internet browsing. Great for privacy (if you are concerned about it) but can break contents on websites. It does not do anything for malware prevention AFAIK, whether you want to have it or not is up to you.

#2. There used to be worms that spread very fast within networks, but they are uncommon in the modern security landscape. The router's job is not to protect your network from malware infections - see What’s the point of having a firewall? - Emsisoft Blog for a description of what routers do.

That said, to protect your router the best course of action is to give it a strong username and password, disable all unneeded services (especially the ones related to remote access), apply firmware updates if there are any, and keep your endpoints secured with proper AV & AM protection as some malware can infect the router.

Hope that helps.

Thanks a lot, Sintharius. Great stuff. It helped a lot.



#13 GreggWriter

GreggWriter
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:29 PM

Posted 03 February 2016 - 01:29 AM

 

...to protect your router the best course of action is to give it a strong username and password..

+1 and very good advice.
 

Security is all about layers, and not depending on any one technology or approach to detect or save you from the latest threats. The most important layer in that security defense? You! Most threats succeed because they take advantage of human weaknesses (laziness, apathy, ignorance, etc.), and less because of their sophistication.

Krebs on Security

...falling victim to data breaches that resulted from attackers exploiting employees or company vendors. Unfortunately, along with exposing millions of identities these attacks also reveal what is often the weakest link in enterprise data security – the human element...

Social Engineering: Attacking the Weakest Link in the Security Chain

 

Thanks quietman7. That's really helpful. I read the Krebs articles. I just got NoScript for Firefox and will re-start my computer so it takes effect as soon as I get done with this. And I will keep in mind that I'm the most important layer of protection. :)



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:29 PM

Posted 03 February 2016 - 08:10 AM

... And I will keep in mind that I'm the most important layer of protection. :)

Yep...you are the first and last line of defense.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users