Avoiding Ransomware

November 11, 2015

There is a newer class of malicious software (malware) known as Ransomware. If your PC gets this nasty package on it, your documents, pictures, and other files are silently encrypted, made unusable, in the background as you use your PC. Then, once all your data is garbled, a message pops up demanding payment to get your files back. The encryption used is strong and cannot be cracked, so your choices are to pay up or lose all your files.

Actually, if you are proactive, you have more options.

The best option is to prevent it from getting on your computer. How?

As of this date, all ransomware attacks PCs running Windows. So, run a different operating system. It's no longer that difficult to switch. Apple's Mac OS or the Free software GNU/Linux OS have not succumbed to any known ransomware infections yet. Nor do they frequently get adware or malware of any kind. Some claim it's because of their lower market share - fewer computers run these operating systems so fewer infections. But the difference is several orders of magnitude. There is more information here on the ramifications of changing operating systems.

Whenever Microsoft's Chief Software Architect Bill Gates had to choose between security and ease-of-use, security always came second. Decisions such as allowing browsers to run native code (ActiveX), auto-running whatever was on inserted CDs and flash drives, putting user-space functions into the OS kernel, etc., meant Windows has always been very permeable (full of holes.)  From the beginning, Windows was not designed for network use. Microsoft discovered the Internet quite late. There has never been a complete rewrite of Windows to make it network secure.

If you choose to stick with Windows, you must also run anti-virus software. Whatever brand you run will catch ninety-some percent of the bad stuff. However, many people victimized by ransomware were running some form of AV, so that is not a guarantee of protection.

Set local security policies on your PC to prevent software from running from temp folders. If your PC is joined to a business domain, set group policies at the domain level to protect all member PCs. Search the internet for "cryptowall Software Restriction security policies" to find help on how to do this, or contact ComputAssist.

Intelligent Internet use is imperative. Don't click on any email links. If, for example, you get a notice from your bank, don't click the link in the email. Instead, use the bookmark you saved in your browser. Don't open any email attachments that you did not request. Don't let curiosity overrule your caution. Common click-bait comes in the form of messages that look legitimate but are not.

If your PC does get infected with this disease, your best defense is backups. But not just an external drive. Not even just a single off-site backup. In order to survive ransomware you need a deep set of versioned archives, and a way to compare and restore them. Why? Because ransomware can hide for days or weeks before you discover it. If you take a periodic backup to an external drive, your files will be overwritten with the garbled versions before you realize they are corrupted. Unless you keep old versions of your backup, you will still lose all your files.

Does this mean backups are a waste of time? No! But a single backup that you overwrite each time you take it, is not really a backup at all. Better than none at all, yes, but against ransomware it is useless.

So, to avoid the problem of ransomware:

  •   Switch to GNU/Linux or Mac OS.
  •   If running Windows, keep AV up to date and set Software Restriction policies.
  •   Be smart when using the 'Net. Don't click random stuff, even if it looks legit.
  •   Make versioned backups. Burn your backups to DVD, or use an off-site backup service that keeps versions, preferably for at least 30 days. Longer is better.

 


Articles by Bill Bardon at Linode.com

October 28, 2015

Linode.com, my favorite hosting provider, recently published a couple of articles I wrote on server-y topics. The first, Install Zimbra OSE on Ubuntu 14.04, details how to set up a mail server of your own using Zimbra. The second article explains how Monit for Server Monitoring can help keep servers and server processes up and running.

Both articles are technical in nature but if you'd like to peer behind the curtain of Internet services and systems they might make an interesting skim-through.

 


Diagnosing Email: How to forward message headers

May 14, 2015

When email goes wrong, one of the things your IT support may ask for is a copy of the full message headers. Headers are the audit trail of how the message was processed and the path it took to get from the sender to your inbox. Normally you don't see most headers. The ones you do see are To:, From: and Date:, but there are many others contained in most email messages. Your IT support can use these headers to diagnose how the message was handled along the way.

Mail headers

Example mail headers

Different mail clients handle forwarding headers in different ways. Here's how to forward headers from some of the common client programs.

Outlook 2013

  1.  Start a new message.
  2. Select Attach Item from the toolbar.
  3. Select Outlook Item.
  4. Browse to the message you are inquiring about, and select it to attach it.
  5. Send the message.

Office 365 Outlook

  1. Open the email message by double clicking it.
  2. Click on the ellipsis (the 3 dots) to the right of "Forward" to open a drop-down menu
  3. Click "View Message Details".
  4. Select all the text (Click anywhere in the text and then press Ctrl-A) and copy it. 
  5. Close the header information window.
  6. Click on the forward icon of your message. 
  7. Paste the copied text at the beginning of the message. 
  8. Send the message.

Thunderbird

  1. Open the message you want to forward.
  2. Select Message | Forward As | Attachment from the menu.
  3. Send the message.

Zimbra

  1. View the message you want to forward.
  2. Click the Forward button.
  3. Click Options | Include original as attachment.
  4. Send the message.

 


What to do about Windows XP BEFORE April 2014

November 15, 2013

Microsoft is halting support for Windows XP April 2014. This includes security patches to fix vulnerabilities. If your office has PCs still running the 12-year-old operating system, you need to mitigate your risk before patches cease to be released. Continuing to run XP after April will expose you to new and unpatched vulnerabilities found not only in XP, but also in newer versions of Windows, as the insecure code is often shared among versions.

So what can you do about Windows XP? Here are several options:

Replace Windows XP with Linux wherever you can. Linux is Free software and runs on pretty much any hardware, including performing well on older machines. There are thousands of applications for Linux, and many offices have successfully made the switch to running their operations, or at least part of them, on Linux. Research the equivalent apps that are available, and test them as replacements for your business apps. You may find, as I have, that you can run your entire office on Free software.

Replace Windows XP on recent systems with Windows 7 or 8. If your PC is less than three years old, it will likely run Windows 7 or 8 well enough. Microsoft will support these newer operating systems with security updates for years to come.

Firewall off systems that don't require Internet access for their job function. Some old PCs may just be providing support for a printer or other equally old hardware, or running software for one aspect of your operation. If you have a firewall at the edge of your network (and you should!) you can block all Internet access to and from that one PC at the firewall, and keep using it for your internal function.

Finally, for systems that are too old to upgrade, do require Internet access, and don't have an equivalent Linux solution, I recommend you replace them with new computers running Windows 7 or 8.

There is one more option, of course. You can keep running Windows XP and hope for the best. If you take this course, it is especially important that you 1. take regular, automatic, multiple, off-site backups, 2. test your backups by restoring from them, and 3. be sure you have an install CD from which to reinstall the system. Such steps are good practice for everyone, but imperative for XP users after April 2014.

 


Two Prompts You Should Not Ignore

September 10, 2013

Our computers can be chatty sometimes, with messages, popups and dialog boxes appearing at seemingly random times, informing us of one thing or another. I know that many people get weary of these messages and just click whatever button will make them go away. But if you have the helper applications Java and Flash Player installed, as most people do, there are two prompts you should never ignore.

A recent article from Websense Security Labs says that a dangerously large percentage of users are running a Java or Flash program that is not up to date.

Oracle's Java and Adobe's Flash Player are two programs that you almost never run directly. They are available to your other programs as helper apps to display or run certain types of content. Your web browser is the usual pathway to a Java or Flash process.

Both of these programs are also very commonly used as entry points for malicious software, viruses and trojans that are trying to get a toehold in your computer. For that reason, Oracle and Adobe release frequent updates to their programs to close the door on these exploits.

If you don't require Java or Flash for the sites you visit, you should disable or uninstall them completely. This is the safest way to manage your exposure to Java and Flash attacks. But if you do need them, then don't ignore the prompts you get about updates to Java and/or Flash. When an update is released for either of them, install it immediately.

If you have User Account Control active on a Windows PC, the prompt for a Java update may be blocked. You will see a UAC question first:

Java UNC prompt

 

If the program name is jucheck.exe, and the verified publisher is Oracle, then click Yes to allow the updater to check for updates. The next prompt will appear:

Java system tray notification

 

When that notification appears, click it to begin the update process for Java, then follow the prompts to download and install the update.

 

Similarly, the prompt for Adobe Flash Player will appear like this:

Adobe Flash Player update

 

When it appears, click Install and get the update.

One caution: watch the installers as they present the install process to you. Often they will offer an additional payload, such as a toolbar. browser, or security software that you don't need. Be sure to uncheck the checkbox to turn off installation of the optional unrelated software.