Author Topic: What can be learned?  (Read 2790 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
What can be learned?
« on: October 05, 2005, 11:06:47 AM »
Hi antivirus friends,

What can we learn from an infection.? Well the general advice given is patch, patch, patch. But this is only part of the story. Worms will find holes, that cannot be patched (bad file share protection, poor user policies, etc.) Some comments blame the end-user entirely. Irritant malware now carry a payload like a backdoor, a Trojan or open a session on the malcreant's server (IRC).
A real virus infection gives you more insight than all human driven testing can do. Hear I am not propagating you must infect your computer or network with a worm, far from that, but it will show you a narrow and deep vision of where your hole(s) are. They also come to show how well your system is guarded against various types of traffic. Can your internet host be reached on TCP 445, you are shocked and compromised. Your firewall, ACL or host filtering should be under scrutiny, something is desperately wrong. Host protection must be good, IDS and your client antivirus policy OK. Floppy disks, Web downloads and USB device must not infect. Weak internal security provokes File sharing worms and trojans, drop your rights on all boxes. Your browser habits are problematic when you get trojan infections through malicious code not being blocked. You must have direct controls on what ports are open. This story shows that this is a dual problem, a technical part of the story on the one hand, and a non-technical on the other. Solving the one problem to tackle the other creates only more frustration,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: What can be learned?
« Reply #1 on: October 05, 2005, 05:15:32 PM »
Don't browse the internet or collect email whilst logged on as a user with administrator rights as the virus then inherits those same rights and can use them to reap havoc. A limited user account is less vulnerable, but you don't want to keep switching user accounts, a pain. The solution use MS DropMyRights (free) to limit the rights of you browser, email, etc. see the link in my signature.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security