Security Basics mailing list archives
Re: Protecting Home Machines
From: Byron Sonne <blsonne () rogers com>
Date: Thu, 20 Nov 2003 21:05:04 -0500
He swears that he had not downloaded anything nor tried any removable media on this machine.
Users lie and exaggerate (for many reasons); maybe it really happened a couple hours after he plugged it into the net and his kids got to the computer first. Perhaps he may not be aware of automatic software updating mechanisms. Or spyware! Never trust what users say, or at the least, treat it as suspect. I've had immediate family 'lie' to me about what they did or didn't install "But it's just Windows MediaPlayer, all I did was download an mp3!" Well, that counts as an install to me.
Maybe you used questionable antivirus software; latest updates doesn't neccesarily make you invulnerable. When I helped run hospital IT infrastructure (lotta users and many vectors for infection), we constantly updated our AV software and used dual scan engines. Stuff still got through. But I do have to give points to dual AV engines, it really did make a difference.
Following a bit of research on the matter, I am now aware that it is possible for machines to get infected on the fly especially through unprotected home internet connections. The question is, "What do I do to prevent such occurrences which have increased of late."
Switch operating systems to something that doesn't allow itself to be so easily attacked or manipulated. Running windows/Microsoft products and being connected to the internet is, simply put, asking for it. Sorry but that's the harsh truth. Their software is designed to be popular, not secure.
You can't prevent all such occurences, but you can take steps to minimize them such as restricting what access and software the client uses on his machine, although this isn't much help on consumer windows boxen which don't adhere to acceptable (my opinion) privilege seperation models.
The standard stuff applies; turn off active content via email, eliminate the preview pane, STOP USING OUTLOOK, use decent proxy/junkbusting software (check out http://www.privoxy.org/), etc. Maybe switch browsers too. Firewall off the appropriate ports (135, 137, etc.) when connecting to the net and implement stateful filtering. If the BIOS has boot block protection or stuff like that, it might be worth turning it on after checking it out. If they're accessing the net through a/your company, and only via that route, then you might be able to impose something on them when they connect.
I would consider it interesting and worthwhile, if allowable in your case, to install some kind of logging software on the machine so you can verify what the user or their machine is accessing, downloading, or installing. Take a baseline of it before you ship it out and compare it when it comes back. Even if it doesn't help you help the user, you'll find it interesting. Real life field returns are excellent educational opportunities; considering making an image of it and creating a library of infections so you can test your own infrastructure or AV software. Just don't infect your own network!
Regards, Byron Sonne -- For good, return good. For evil, return justice. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Protecting Home Machines Cherian M. Palayoor (Nov 20)
- RE: Protecting Home Machines David Gillett (Nov 21)
- Re: Protecting Home Machines Vishal (Nov 21)
- Re: Protecting Home Machines Byron Sonne (Nov 21)
- Re: Protecting Home Machines Don Voss (Nov 21)
- RE: Protecting Home Machines Wayne S. Ackley (Nov 21)
- Re: Protecting Home Machines Burak Bilen (Nov 21)
- Information Security Presentations. John Sm (Nov 21)
- Re: Information Security Presentations. Johannes B. Ullrich (Nov 23)
- Information Security Presentations. John Sm (Nov 21)
- Re: Protecting Home Machines AragonX (Nov 26)
- <Possible follow-ups>
- Protecting Home Machines Sys Sec (Nov 21)
- RE: Protecting Home Machines Jonathan Pesce (Nov 21)
- Re: Protecting Home Machines tomasfrota (Nov 23)
- RE: Protecting Home Machines Guillaume Lavoix (Nov 21)
(Thread continues...)