Computer Security

[slinger]

There's a new(ish) threat to P.C. users in the wild, and I thought it might be a good idea to draw people's attention to it. The name of the little bugger is GOZeuS (or just plain GOZ) / Cryptolocker. The way it works, as I understand it, is that it will sit on your system once acquired and monitor your activity, trying to capture information such as bank details. If that's not 'profitable' enough it fires up Cryptolocker which locks your computer and displays a message detailing how and where to pay to get it unlocked. This is appropriately named ransomware. British investigators have been working with the FBI to trace the hackers behind ongoing attacks, and the botnet system used by the targets has been temporarily disrupted. The UK's National Crime Agency says people have just two weeks before the system could be functioning again, and urged people to protect their computers from an expected "powerful computer attack". Between 500,000 and one million machines have so far been infected worldwide, according to court documents.

There's no need to panic, but I do know some people don't take their security very seriously...until their system is compromised, so 'an ounce of prevention...' and all that people. I know we have I.T. professionals on the board and I'd be grateful if they'd chime in with their thoughts on security both generally and specifically.

There are free firewalls and there is free antivirus software, make use of it.

Here a link to some info on the GOZeuS threat, and it includes a link to a free cleaning tool.

http://blog.trendmicro.com/cryptolocker-gozeus/

Here are some links to some free antivirus software.

http://free.avg.com/gb-en/homepage
http://www.avast.com/en-gb/index
http://www.bitdefender.co.uk/solutions/free.html

And finally, a couple of free firewalls.

http://www.comodo.com/home/internet-sec ... rewall.php
http://www.zonealarm.com/security/en-us ... ivirus.htm

P.S.
If your bank /credit card company / insurance agency / etc. want to get in touch with personally THEY WILL NOT EMAIL YOU!!!
Consequently THEY WILL NEVER ASK YOU TO CLICK ON A LINK IN AN EMAIL!!!!
If you get such an email then that email is without a doubt complete and utter

'Nuff said?

[Oldpinkman]

Thanks Slinger. These things are a bloody nightmare. I get a regular barrage of phising emails - some puporting to be from Companies House or HMRC are seriously convincing. It is only details like asking you to open a zip file which give them away. So - in addition to firewall and anti-virus - never click on links unless from KNOWN reliable sources, and never open attachments unless from known reliable sources (which would not include something looking like your bank, credit card or HMRC - ask yourself - why have they asked me to open an attachment??)

Finally, Malwarebytes is a good tool for cleaning up https://www.malwarebytes.org/

[terrybooth]

The other type of attack I've experienced is the so called 'helpdesk' company. What they try to get you to do is to go to a specific web site ('so that they can help with your PC problem') the web site only exists to download a pile of malicious code. The same thing is attempted with eMails. If you don't know who the caller or sender is - be suspicious.

[Oldpinkman]

Yup - we've had the help desk 3 times. The first time they told me they were from microsoft and their systems had detected a fault that would soon cause my computer to crash seriously. i thanked them for the information and asked them to confirm the mac code of the PC with the problem. "It's your microsoft PC" was the reply. "I have 15 of them on this site" I lied "Which one is it?"

They told me to ferk off. Sue tried the same when they called her and they told her to ferk off too

[Lindsayt]

Linux is better than Windows for having fewer annoying viruses.

For my home PC's I never have any data saved on it that I couldn't afford to lose. I don't bother with anti-virus software. Too annoying. Slows my PC's down too much. At the first sign of any trouble I do a complete software rebuild. Takes 15 minutes of my time, 2 hours of the computers time. But then I do PC software rebuilds for a living, so it's easy for me to say that.

I still think, in this day and age that everyone should know how to do a software rebuild. Same as everyone should know how to cook supper, iron a shirt, change a wheel on their car.

I never open emails from dodgy sources. I don't go on unkown websites taking care to particularly avoid pornographic sites and sites offering cracks / cheats for games.

[slinger]

I still think, in this day and age that everyone should know how to do a software rebuild. Same as everyone should know how to cook supper, iron a shirt, change a wheel on their car.

Amen to that!

My soapbox subject is how some people think that re-installing Windoze cures all computer ills. I got made redundant from a company and the guy that "replaced" me was a lovely fellow, but an O.S. re-install was the only arrow in his quiver. He was at a total loss if a problem was hardware related...or pretty much anything else really, so they were paying for a support company to do what I was doing as a part of my job most of the time. I won't even go into him trying to take on the Unix side of things there

A little knowledge can be a dangerous thing at times.

As an aside, 3 years after I left them I could still access and alter the website I'd built them (if I'd wanted to, and it WAS tempting ) despite leaving written instructions about password changes before I went and several follow-up emails over the next six months. After that I gave up.

[Oldpinkman]

I have a good buddy, who sometimes bails me out of IT fixes, who is a computer consultant and very good. He goes on about Linux too. But I have the following software which needs to run on Windows, and is essential to my business
Digita Integrated accounts
Sage Instant Accounts and Line 50
Quickbooks

2 of those rely on a direct interface to Microsoft office products, one of them to Outlook (" a Trojan collector masquerading as an email client" according to said IT buddy). So what use if Linux to me?

Regarding the software rebuild, how, practically does one acquire the skills? I have done several complete hard drive and system reinstalls over the years, and they always cause tears. First, they take a day of my time, not 15 minutes. 2nd, I always forget to back up or have the necessary codes for something. A lot of my software arrives as v1, and a series of upgrades I keep and then have to apply on a reinstall (its not as bad as it was). Then there are drivers, and program defaults and configurations. If it were only easy

[Oldpinkman]

Just received the best phising email yet. So good I clicked on the link and was only saved by Webroot Secure Anywhere blocking the page. A totally authentic looking ebay email, with a link to a totally authentic looking ebay website page (until you look at the URL).

Bastards

[Lindsayt]

If you're running accounting software on a PC then that makes it more of a business PC than a home PC. In which case I would recommend that you have 2 PC's. A dirty one and a clean one. The clean one is for the business software. With this one you only go on highly official websites - EG Sage for software updates. You don't open emails either on this PC. The dirty one you use for web browsing, email opening etc etc, and you rebuild this at the first sign of trouble.

Software rebuilds on small business PC's can be a right pain - unless you use something like Symantec Ghost.

Always have any important data / folders / files saved on at least 2 places. One thing for sure is that your hard disk will fail. And you never know for sure when it will fail.


Usually it's easy to know if you've got a software fault or a hardware fault.
EG Web broswing not doing what it's told = software fault
PC won't power on = hardware fault (power supply or motherboard fault most likely)
Referenced memory errors = most likely hardware fault (Ram memory or dust in memory slots)
Operating system won't load, corrupt operating system error message = software fault
Operating system won't load, can't find boot device = probable hardware fault (hard disk failed, could also be connection to hard disk, hard disk controller on mother board fault or CMOS (AKA BIOS) setting fault if someone's pissed about with the CMOS settings)
PC works fine apart from 1 application = software fault
Can't connect to Internet = could be hardware or settings (software) depending on nature of fault and connection
etc etc etc


What slightly annoys me is that there are so many people that buy home PC's with an operating system installed on it, with an operating system license sticker, but no operating system CD / DVD. So that when their PC starts playing up and really needs a software rebuild, they're stuffed. It's like buying a car with no spare wheel, no jack and no run-flat tyres and no breakdown recovery service.