RichM

Well-Known Member
Joined
May 9, 2016
Messages
322
Recently Bigbearjedi and I began a conversation in another thread about our beliefs on how ordinary users can stay protected in today's very difficult climate of ransomware and encryption laced infections so lets share our beliefs as we both have active businesses and tell everyone how we protect our clients. Anyone else here is free to join in based on experiences.

My basic protection begins with Emsisoft Antimalware which is both Antivirus and AntiMalware. All browsers are protected with Adblock Plus and WOT (Web of Trust) individually installed in each. Win Patrol used to lock down startup, registry and home page from changes. All users have Spywareblaster installed to further protect browsers and Crypto Prevent (to keep our Crypto Locker Virus) as an additional layer of defense.

Clients are given a paper with instructions on how to update Spywareblaster and Crypto Prevent and reminded to update Java, Adobe Reader and Flash Player regularly. No toolbars are allowed on any browser and they are shown the proper way to search with Google set as the only search engine in all browsers and of course regular updating with Windows Updates suggested on all versions of Windows except Windows 10 which of course is automatic. With "Unchecky" installed half of the attempts to pollute systems by third party software providers are prevented and clients are advised to carefully uncheck all services offered by such vendors.
 
Solution
Every security expert will tell you the same thing. Layered defense or defense in depth. No single product will protect you from everything and typical AV suites are only about 40-60% effective.
  • All client workstations should have some form of AV (even Windows Defender is pretty decent and free)
  • Client side firewall configured (some are included in the AV suite generally called internet security suites instead of AV
  • Current patching on OS and all applications
  • OS hardening, disable or remove any unused Windows services or applications
  • Remove software you don't need or keep it current, If you don't need Java and/or flash remove them they are the two most exploited applications
  • There are some great browser...
Hi! All you big time Geru's that have been using and repairing PCs, BC.(Before Christ) You can post all your experiences and yes; I'll be impressed, but don't be to quick to dismiss this old Oklahoma country boy. If MBAM makes it, I want it.
What is a Rootkit?? Hell I don't really know, but I've been told they are bad dudes and some help forums don't even want to help you with them, and suggest restoring back to factory. Hell I don't know very much. I'm a newbie in the computer world. Only been here 12 years.
Well I don't have any rootkits and I don't have any malware. The title of this thread has some thing about" Windows forum pros"
I guess I shouldn't be posting here. LMAO. As I stated before, "I have forgotten more then I remember"
If you think you will intimate or dominate this old country boy, well I have a whole bunch of bridges I need to sell real cheap.
Yes BBJ. I'm lonely tonight. I'm not to sure about this good Buddy but if that's what you think, that's fine with me good Buddy.
Quoted from BBJ
"Gary: You must be lonely last night. You're so hilarious! Of course you realize that I've forgotten more about computers in the last year than you've learned in your entire lifetime!! "
No rootkits here good Buddy!
Good night all my friends!
Not one mention of rootkits. Well I don't have any rootkits or malware!
 
Rootkits are perhaps the most dangerous infections as they hide deep and are difficult to remove but they tend to come in with most major infections.
Link Removed
Now no one said anything about "gurus" only in this thread, we meant it to be a forum to discuss security and anyone is welcome to participate and a "forum pro" doesn't have to be anything but someone who spends a lot of time at forums.
 
Actually there are worst things than rootkits. Bootkits modify the boot record and load before Windows and can't be seen at all by anything. You also have the very rare malware that can actually infect the firmware of different components such as hard drives. These firmware malware can't be removed and the only way is to replace the component. The other really important thing to remember in anything but here we are talking about security is you can never eliminate risk only reduce it. It's not a question of if you get compromised it's a matter of when.
 
Last edited:
Great thread guys! I enjoy these back and forth, difference of opinions.

I agree with holdum333 that surfing habits, going to legit sites to download software, and having PC security software is a big part of the battle here. But I also agree with Neemobeer, that doing all that does not guarantee you'll have an infection free PC. The only way to do that is, well not get on the internet at all. But even if you did that, your information is being stored on a server somewhere (banking and government). So there really is no way to escape it.

Messing with computers and the internet since Windows 95, I've come to think that it just takes a damn lot to protect yourself online. That's just the way it is today. First it started out that all you needed was a simple anti-virus like Norton (Symantec corp version is still great in my opinion, the home Norton is horrible). Then, firewalls came to be a security standard, the ZoneAlarm days. Then I remember more talk about home router security, especially when wifi routers started hitting the market hard when high speed became widely available.So updating the firmware on your routers. Then the rise of malware. Malware/Malvertising has been the major focus because it's so clandestine and sneaky on how it gets on your system. Anyone remember this guy, ugh! And those bloated spyware email apps that let you put "cool and funny" gifs in your email.



Ad-Aware was great in those days. Now it's junk. HiJackThis! was awesome back then too. (The guy sold out, don't blame him he deserved the money for how great that little tool was) WinPatrol was good too. Then I think more PC users started to become aware of the "services.msc" And I also think Microsoft and software companies started to respond in kind of the push back from tech media and tech users about properly locking down their OS and software.

Our web browsers then needed to be locked down. I'm positive everyone in this forum is using Firefox or Chrome with an adblocker and privacy protection. We'd never think of surfing the web without this type of protection. Yet there's still millions of people that surf without them. And nefarious people are still taking advantage of it. Just like that Yahoo malware injected ads debacle a few years back, smh. That was pretty smooth on the bad guys part. And now the adblocking has led to an entirely new conversation about legit websites being able to create sources of revenue and consumer protection from malware/spyware and the ads taking up bandwidth on their cellphone plans.

And now we've arrived at Ransonware! So I guess what I'm saying is it's not simple anymore. Just having the latest security software isn't enough. One also needs that layered defense that Neemobeer brought up and the safe web surfing habits holdum333 said. I would just add that in today's age of PC security Backing up and Network should be part of that regiment. If one surfs the web a lot their chances just statistically go up for getting hit with something. So having a back up of your files, especially if they get hit with ransomware, is extremely important. And everyone has wifi in their homes. Everyone is quickly adding an internet connected TV or device (wifi security cameras, Amazon's Echo, all the IoT devices hitting the market) to their network. So going checking our router's settings, locking it down, changing the default password, keeping the firmware updated, making sure the router itself doesn't have a hardware vulnerability that calls for upgrading the router itself. There's just so much once you really dive in.

Looking forward to ya'lls reply!
 
Last edited:
Oh yeah I completely forgot to mention how Passwords have become such an important part of PC security. And how email Phishing is still widely used and has become cheaper for email scammers to do.
 
Glad you got rid of the trojan. I'd do a full system scan, the scanning over night kind, haha! Trace your steps back to websites you've visited, any software you downloaded that could have had that trojan. Check your web browser history, maybe there's some bread crumbs there that could lead you to where you downloaded it. Or maybe you got it from connecting an old USB drive that had some old files on it. That happened to be before. I had a bag of some old thumb drives and a couple old external drives. I was going through moving files that I wanted to keep and formatting the drives afterwards, and some of the thumb drives had virus on them and a keylogger. So maybe something like this happened to you?
 
That is a pretty thorough discussion Gary and I do believe the most obvious evidence is system wide slowdown. Search engines are changed as are home pages and then of course the popups telling you you have 5000 Trojans etc....my approach is aimed at first of all the popups. Whether you use products like Ad Muncher which is now free but can prevent internet advertising from popping up as well as adblock plus help make sure the popups never get into the system. Win Patrol warns of home page changes as well as additions to startup or the registry which is why I suggest that one.

Antivirus and Antimalware programs should prevent entry to the system by suspicious logged troublemakers. The only real justification today for Antivirus programs is they can prevent suspicious behavior and they do not have to identify specific problem to do so whereas an AntiMalware program needs to identify the program as "the XYZ" malware program to be able to prevent or remove it and that is the real reason you need both onboard.

Many Antivirus programs proclaim they can prevent ransomware i.e. Crypto Locker and all its "charming" affiliates. The problem is the stuff is so damned dangerous, how can we prove that for ourselves. That is the reason I suggested Crypto Prevent which is from the people who first
categorized the Crypto Locker Virus. Malwarebytes also offers their version called Malwarebytes Anti-Exploit and there are others. What makes that so dangerous is removing the virus is effortless but recovering the damage to files is impossible. As fast as a cure shows up another new strain blocks it.