Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Updating "Best Practices" information?


  • Please log in to reply
3 replies to this topic

#1 saluqi

saluqi

  • Members
  • 622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:03:12 PM

Posted 25 September 2016 - 08:19 PM

I don't know whether this is the right place for this, but if not perhaps someone can send me there.  I worded the title generally but in fact I am looking to update my own understanding of "Best Practices" (and related topics) in respect of two different and quite specific situations.  The first concerns my 2 computers at home; the second concerns the 2 computers at work.  The computers themselves are all rather similar.  There is one Dell XPS 8700 desktop in each place; they are AFAIK identical out of the box, though now of course running different software.  These each have an i7 4790 processor, 16 GB of RAM and a 1 TB HDD.  Also a 4095MB NVIDIA GeForce GTX 745 graphics card.  There is one Dell Inspiron 15 laptop in each place.  The one in the office has an i3 processor and originally 4 GB of RAM (I've since upgraded it to 8 GB) and a 500 GB HDD.  The one at home has an i7 processor, 12 GB of RAM and a 1 TB HDD.  All 4 are now running Windows 10 - the Pro version on the desktops, the Home version on the laptops.  Each has at least two external HDDs, of 1 TB or more capacity, that are not attached except when doing backups.  My desktop at home also has a 2 TB external that normally stays attached.  It's also hardwired to a Nikon slide scanner and a printer/scanner (HP Photosmart 6525).  Internet is provided via a Linksys EA2700 router, to which the desktop computer is connected by an Ethernet cable.  The home laptop is connected to the router and the printer via WiFi.

 

The setup in the office is basically the same, except there are 2 printers (much bigger ones of course) of which only 1 is hardwired to the computer.  I think the office router is the same as mine, just a couple of years older.  Those routers come with a setup utility that creates new random passwords and SSID names.  The connections thus display as "Secured".  

 

Being Dell, these machines came with pre-installed McAfee Live Safe.  When those expired I replaced them with Avast Premier, which includes a software firewall.  I gather that Avast is no longer quite the top of the heap, but I have so far had no problems with it (except their abysmal third-party billing system).  On my system at home I have MBAM and MBAE (both Premium) installed.  I also use SpywareBlaster, the MVPS hosts file, WOT and WinPatrol.  Emsisoft and ESET scanners for occasional use (update first . . .).  CCleaner Pro a couple of times a week to clean out Internet junk.

 

My 2 computers at home are used by myself alone.  Likewise the laptop in the office.  The office desktop is used by the current Admin Assistant (changed 3 times in the past 9 months) and by a second employee who works both in the field (we are a small public water district) and in the office.  That also is a new hire.

 

Reading especially about the proliferation of ransomeware has scared me into thinking I'm probably not doing enough to protect either my data at home (thousands of more or less irreplaceable photos, for example) or those of the Agency in the office.  My own Web browsing is pretty much limited to looking up scientific stuff (I do a lot of that) and, well, the many other fields I'm interested in (music, horses, hunting, food, art, mathematics, history, languages, and so on).  In the office I don't have time for browsing, but the kids do.  From my experience a few years ago running the computer lab in the local school I learned that the kids (including my office staff) will easily bypass anything put in place to limit their browsing.  The school had a full-time IT security guy - and every kid who came into that lab already knew the master password and bypassed all the "parental restrictions" as if they hadn't been there.  I have no reason to think it is otherwise in our office.  Staff are not supposed to use computers for their personal amusement, but that's impossible to enforce.  A waste of time and effort to try.  So what else do I need to be doing to protect our data?

 

I have looked at - among others - Quietman7's tutorial on "Simple and easy ways to keep your computer safe and secure on the Internet" and the more recent "Best Practices for Safe Computing".  The first is now 14 years old, the second about 5 years old.  Surely some of the details have changed, even if the principles have not?  For instance Avast Premier includes a software updater.  Is that as good as the one in Secunia PSI?

 

And specifically I am interested in knowing what one needs to do nowadays to keep the ransomeware wolf from the door.  A carefully thought-through backup plan (that''s actually executed), group policies that prevent malware being executed from specific locations, what else?  and what is the most current version of those things?

 

I guess what I'm saying is that there's now so much information on these topics that my old brain is in danger of getting confused.  I also have friends who, being even less informed than I on these subjects and also inclined not to take them altogether seriously, are constantly asking me "what should I do" or even "why should I bother doing this?"  The one that scares me most is "why should I back things up, it's too complicated and time consuming!".  

 

Thanks for any enlightenment anyone can throw my way, even if it's only the admonition to "go read this!".



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:12 PM

Posted 26 September 2016 - 05:12 PM

...I have looked at - among others - Quietman7's tutorial on "Simple and easy ways to keep your computer safe and secure on the Internet" and the more recent "Best Practices for Safe Computing".  The first is now 14 years old, the second about 5 years old.  Surely some of the details have changed, even if the principles have not?...

Simple and easy ways to keep your computer safe and secure on the Internet was written by Grinler (aka Lawrence Abrams), the site owner of Bleeping Computer. Although written in 2004, the information in that topic is still applicable today.

My Answers to common security questions - Best Practices for Safe Computing topic was written in 2011 but it is constantly updated to keep things current. In fact, I made an edit update today.

For the best defensive strategy to protect yourself from malware and ransomware (crypto malware) infections, see my comments (Post #2) in this topic...Ransomware avoidance.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 saluqi

saluqi
  • Topic Starter

  • Members
  • 622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:03:12 PM

Posted 29 September 2016 - 10:53 PM

Responding to Quietman7: Thanks!  I must have been in a fog when I wrote that - I did actually know who wrote "Simple and easy ways . . . "  Apologies to Grinler, this old man blew a fuse . . .

 

Before writing this I spent a short time looking especially at your Post #2 comments and the various threads to which they led.  One thing that struck me was the possibility that different anti-exploit products might interfere with one another, as antivirus products do. As noted, I use MBAE Premium, so now I am wondering to what extent that might interfere with other things not always explicitly labeled "Anti-Exploit".  For instance I have long used WinPatrol, and see that they now also offer an "Anti-Ransomware" product.  It got high praise from some commenters - and I certainly have a high opinion of WinPatrol which I have used almost since it first appeared.  Would that conflict with MBAE?  How about CryptoPrevent? which takes a different approach to warding off ransomware.

 

I have two objectives here: 1) to arrange the best possible protection for my computer system at home, where the "priceless contents" are mostly stuff I have written (material for future books) and photographs/videos, also book material as well as stuff for scientific publications.  Then there is 2) which is to arrange the best possible protection for the data of our water district, where I cannot realistically expect entirely to prevent staff members from indulging in more or less risky browsing behavior.  Trying to prevent today's teenagers (and post-teenagers <G>) from visiting "forbidden" parts of the Internet is IMHO a futile endeavor.  Been there, done that, while running computer labs in a couple of local school systems, we had full-time IT people and the kids ran rings around them.  Embarrassing, actually - in the classroom I could hardly dare say what I thought <G>.  Hey, we were the "experts" supposed to know what we were talking about.  Oops! <G>  Funny once you got over the punctured ego part <G>.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:12 PM

Posted 30 September 2016 - 08:23 AM

Comments from Fabian Wosar, a Security Colleague and developer who works for Emsisoft.

EMET, HMP.Alert and MBAE can all be useful under certain circumstances. The most effective step to fending of exploits is to reduce your attack surface. Keep the software you use up-to-date and try to get rid of Java and Adobe plugins. If you can't get rid of them completely, at least turn them on only for the sites that you know won't work without them. All browsers that I have used in the past year have features which makes it very easy to limit plugins to just a few sites. If for some reason you can't do either of that, then adding exploit protection can be somewhat useful.

HMP.Alert & MBAE, Post #7

Comments from Elise, a Security Colleague and Emsisoft Employee.

Technically speaking, your computer is sufficiently protected by Emsisoft Anti-Malware/Internet Security. However, if you prefer an extra layer of security you could use this without any negative effects on your system.
The difference between the products is that they intercept potential malware attacks at different points. The result with or without HMP Alert is however the same, our behavior blocker will intercept threats resulting from exploits once they become active on the computer and eliminate them.

HitmanPro.Alert worth as a companion?, Post #3

Keep in mind that some security researchers have advised not to to use multiple anti-exploit applications because using more than one of them at the same time can Return-oriented programming (ROP), and other exploit checks. This in turn can result in the system becoming even more vulnerable than if only one anti-exploit application is running. In some cases multiple tools can cause interference with each other and program crashes.


While you should use an antivirus (even just the Windows Defender tool built into Windows 10, 8.1, and 8) as well as an anti-exploit program, you shouldn’t use multiple anti-exploit programs...These types of tools could potentially interfere with each other in ways that cause applications to crash or just be unprotected, too

How-To Geek on Anti-exploit programs

ROP is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as non-executable memory and code signing. It is an effective code reuse attack since it is among the most popular exploitation techniques used by attackers and there are few practical defenses that are able to stop such attacks without access to source code. Address Space Layout Randomization (ASLR) is a computer security technique involved in protection from buffer overflow attacks. These security technologies are intended to mitigate (reduce) the effectiveness of exploit attempts. Many advanced exploits relay on ROP and ASLR as attack vectors used to defeat security defenses and execute malicious code on the system. For example, they can be used to bypass DEP (data execution prevention) which is used to stop buffer overflows and memory corruption exploits. Tools with ROP and ASLR protection such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) use technology that checks each critical function call to determine if it's legitimate (if those features are enabled).


 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users