PDA

View Full Version : Best Practices for staying safe on the Internet


RyanMeray
12-04-2008, 03:41 AM
Every day, I get asked a question I still haven't found an answer to. "How do I stay safe?"

They usually ask me after I've returned their formerly virus-ridden computer to them. A year ago, I'd have said frankly, "Stop browsing porn, clicking links in spam, and downloading music on Limewire."

But nowadays, you don't need to do that to get infected. The most common stuff I see, it seems like there are dozens of infection vectors. It gets in through compromised ad networks located on legitimate websites. It gets in through hacked websites that show up in the top 20, 10, even top 5 search results for common stuff on Google. They get in through legit-looking "ecard" emails, or infected PDF files.

Virus software constantly lags behind the threat. There's at least a 3 to 7 day Window on the vast majority of threats, and these malware mavens are constantly updating their software to avoid detection.

Tools like Virustotal don't just help us identify malware, they help the makers themselves make new strains that can't be detected. Every tool we have becomes a tool for them.

So what do you tell people? Do you tell them that Anti-virus software is the only band-aid they need, or that the Internet is a Typhoid Mary and the best you can do is reduce their risk marginally?

There's the obvious:

1. Run up-to-date Anti-virus. I think we all agree than almost anything is better than McAfee and Norton, even we'll argue which of our boutique products is the best until the cows come home.

2. Run spyware scans frequently and keep up to date.

3. Don't click on anything from popup ads, or download anything from an untrusted website.

4. Run Firefox, since the malicious domain blacklist gets updated faster than virus definitions do.

Stuff I did in the past I've given up on. Active protection software like Teatimer and Spyware Terminator are great for an expert-level user, but a novice is just going to click "Allow" on everything that pops up. Ditto for Firewalls that require user input.

What else can we tell people? What else can they do that doesn't involve becoming intimately familiar with the inner workings of their computers?

Or can we do nothing better than preparing them for the worst?

I may do a ton of business in spyware removals, but I'd rather it be from new clients. I hate nothing more than to have to go back onsite 2 months later to fix them because they got infected again.

doortodoorgeek
12-04-2008, 03:46 AM
only 1 way to be absolutely safe, disconnect from any network and never insert and media of any kind, no cd's, no dvd's, no thumbdrives, no floppies no media at all

but since that is impossible I do agree with RyanMeray, I will also add running sandboxie can help with being safe or running your browser in a VM with XP SteadyState

gunslinger
12-04-2008, 12:11 PM
Get a Mac and run firefox. Your chances of getting infected just dropped by about 99%. :D

Sound advice RyanMeray, problem is most people wont fallow it and thats what keeps us in business.

MHCG
12-04-2008, 01:15 PM
I usually tell them to do some of the things you mention. The number 1 thing they can do IMO is to log on as a limited user. If the user doesn't have administrator rights, he can't install software and neither can the trojans.

I show them how to do "Run As" so they can install software.

RyanMeray
12-07-2008, 04:55 AM
Can you guys think of any websites that offer email alerts about curent threats? Hopefully ones that don't rhyme with Horton or McTaffy.

techytype
12-15-2008, 03:01 AM
i like to setup a non-admin account for net use. i turn off file sharing when not needed and install applicable updates. then i install firefox, with the adblock plus and noscript plugins and respective subscriptions. if the computer owner seems to be less than proficient in dealing with personal computer security, i'll install an antivirus if a good one isn't already present on the machine. i also like to ask if the users of the computer use any file sharing software. if so, i inform them of the risks in doing so.

nonchalant
12-15-2008, 05:02 AM
install firefox,

Tried that approach recently. Customer said he hated the browser & went back to IE..you can lead a horse to water..

RyanMeray
12-15-2008, 05:17 AM
Has anyone tried Threatfire? The behavioral approach seems like a nice add-on to Avira or NOD32, but I wonder how it is for non-PC-saavy folk. Most of my clients can't make informed decisions about popups from Teatimer or firewalls, so any product that relies on them interpreting security prompts is usually a lost cause.

techytype
12-15-2008, 06:11 AM
Tried that approach recently. Customer said he hated the browser & went back to IE..you can lead a horse to water..

he probably didn't like the configuration. i typically install all needed plugins like flash, media player for fireox, quicktime, etc. as well as stuff like ietab, adblock, etc. i also let the user look at a few themes rather than picking one myself. then i'll strip down the toolbar. last import ie bookmarks.

did your customer mention why he didn't like firefox?

techytype
12-15-2008, 06:16 AM
Has anyone tried Threatfire? The behavioral approach seems like a nice add-on to Avira or NOD32, but I wonder how it is for non-PC-saavy folk. Most of my clients can't make informed decisions about popups from Teatimer or firewalls, so any product that relies on them interpreting security prompts is usually a lost cause.

i haven't tried it myself, but i'll check it out. the best defense against crapware is showing people how not to get it in the first place. my friends and family used to call me constantly about this type of stuff. not any more.