Security Basics mailing list archives

Re: Protecting Home Machines

From: "AragonX" <aragonx () dcsnow com>
Date: Wed, 26 Nov 2003 07:47:50 -0500 (EST)

<quote who="Cherian M. Palayoor">


I have a remote user whose laptop was severely infected by the trojans
MSBLAST & WiNSHOW.A.

I reinstalled the OS on the machine following a complete reformat, and
installed an anti-virus with the latest update. I ran a complete scan on
the
machine prior to shipping the machine back to the user.

The question is, "What do I do to prevent such occurrences which have
increased of late."


You have gotten a lot of good suggestions so far.  A few areas have been
left out though.  I'll try to wrap it all up.

1)  Reinstall the OS

2)  Install all security patches released by the Manufacturer.  Here is
the key:  Set Windows to automatically download and apply the patches! 
Users are really bad about doing this, so you have to make sure the
machine does it automatically.

3)  Get a hardware firewall to sit between the cable modem and the laptop.
 Again, make sure the software automatically updates itself.

4)  Install a personal firewall on the user's system, configure it and
show them how to use it.  Auto-update!!!

5)  Install a good anti-virus program.  Auto-update!!!

6)  If your company does not use Outlook, uninstall it.

7)  Use Mozilla as your browser.  Actually, use anything BUT IE.

8)  Don't give the user Admin rights.

9)  Use a secure email program that either does not process HTML or is
very selective about what HTML it does process.  It should never
automatically display referenced images.  Even embedded images can be a
security risk but that is rarely exploited.  It should also not process
any scripting languages (like VBA, Java etc).

10)  Continual user education.

That's about all I can think of.  The major point is:  Keep the machine
updated.  Users don't often see the need to do this step.

Following the above suggestions will give you a level of protection but
your user can throw a wrench in the gears.  He/she has to understand what
can cause a compromise on his system etc.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Protecting Home Machines Cherian M. Palayoor (Nov 20)
- RE: Protecting Home Machines David Gillett (Nov 21)
- Re: Protecting Home Machines Vishal (Nov 21)
- Re: Protecting Home Machines Byron Sonne (Nov 21)
- Re: Protecting Home Machines Don Voss (Nov 21)
- RE: Protecting Home Machines Wayne S. Ackley (Nov 21)
- Re: Protecting Home Machines Burak Bilen (Nov 21)
  - Information Security Presentations. John Sm (Nov 21)
    - Re: Information Security Presentations. Johannes B. Ullrich (Nov 23)
- Re: Protecting Home Machines AragonX (Nov 26)
- <Possible follow-ups>
- Protecting Home Machines Sys Sec (Nov 21)
  - RE: Protecting Home Machines Jonathan Pesce (Nov 21)
  - Re: Protecting Home Machines tomasfrota (Nov 23)
- RE: Protecting Home Machines Guillaume Lavoix (Nov 21)
- RE: Protecting Home Machines James Tusini (Nov 21)
- RE: Protecting Home Machines Hays Jim. (Nov 21)
- Re: Protecting Home Machines Carl_Foote (Nov 21)
- Re: Protecting Home Machines Mateus I (Nov 24)
- RE: Protecting Home Machines Nicholson, Dale (Nov 24)