School me about Malware

Nonny J. Nonnington III · #1 9th July 2017, 09:49 AM

Consider this a request from a complete tech dummy. No language too simple for me.

The recent malware/ransomware attacks have me worried about my vulnerability. An NPR talk show not too long ago made it clear that this is the new normal. And today I got something in my Spam folder in my Yahoo account, sent from my name from a .tw domain.

So, what do I need to do to protect myself? Does the mere opening of an email (without clicking any links) present a threat (whether with my Yahoo account, or with my Verizon* account that downloads to Outlook)? We used Outlook at the last place I worked; the IT guy didn't allow anyone to even use the preview pane for emails because he said that presented a vulnerability.** Can simply visiting a website cause a problem? In short, what is risky behavior?

And if infected, how do I protect my data? Is it considered good practice to back up your entire system rather than just data files? (i.e. wipe the entire drive and then download the backup back on to the clean drive.) If so, what service should I use.

I'm using Trend Micro AV software which periodically scans my system. I assume that it periodically updates virus definitions in its database. And I am on Windows 10 which recently forced an update after one of the global attacks, so I assume that it patched a vulnerability they discovered.

In short - what should I do, and what shouldn't I do?

*Yeah, I know, Verizon got out of the email business and turned it over to Yahoo, but my domain still says verizon.net.

**But once a month, like clockwork the system would go down and he would send around an email reminding us not to click on suspicious emails. I guess a lot of people were getting spoofed "FedEx" or "UPS" notifications.

Jaglavak · #2 9th July 2017, 10:21 AM

First off you must understand the basic law of security. Effective security is always in the way. The question is, what balance of security vs convenience do you want to make? That applies to any security program, not just computers. If someone tries to sell you an exception to this rule they are lying.

In this case there is no bottom to the technical details. So you have to accept a prebuilt simplified security solution. However if it is truly going to protect you, you as a user must take the time to read the manual and adjust the settings to your chosen level of security. Otherwise the default settings are typically tilted way toward convenience. You need to adjust the settings on your router, your firewall, and your antivirus. The first line of defense is the router. Turn on all the security options and turn off everything you don't use.

It is best to keep your data files separate from apps and system files. Only back up your data files. That way if the OS gets crapped up, your data might still be OK. Keep rolling backups on a spare hard drive until it is full, and then delete the oldest ones. Which should be several years old by then unless you've got a metric crapload of data. If you have large chunks of data that doesn't change like music or movies, you only back those up once and don't include them in the rolling backups. Unplug the hard drive when not in use. No virus has managed to jump an air gap yet.

stormie · #3 9th July 2017, 07:14 PM

Jag knows stuff. Here is stuff in short words. It is unlikely that you will be targeted for ransomeware.

If you are thinking about your work system and you work for a large company, security is their problem. Back up your important documents and such from time to time, to a thumb drive.

If you work for a small tech-ignorant company, talk to whoever is in charge of computers, because you are going to want to do the stuff described below and you will need their OK.

If you work from home, or you are thinking of your personal computer, you can take matters in into your own hands.

You need to decide how serious are you about security. Threats come from connections between your computer and other computers. You will need virus software to check files already on your computer, virus software to make sure nothing is coming into your computer while you are connected to the web, and a safe browser, search engine, and email provider. Fear not! It is easier than it sounds.

-Are you really, really serious? Probably not. You would need a computer that is never connected to the internet, and which does not use Windows. Before you put anything from the internet on your secure computer, check it for viruses on the internet computer. Almost that serious? Use the Tor browser, Dooble,or Epic. No fun at all but veryOr try some of these browsers:

Want a normal, but pretty safe, computer experience?
- AVOID using windows built-in browser or email. Just. Don't. In fact, if you can use a computer that does not run Windows, all the better
- For a secure browser, try out Avira,
Brave, Cocoon, Comodo Dragon or Ice Dragon. See what you like. Avira has a virus software bundled with it, so you don't need to get separate virus software. Of the most common browsers, (Chrome, Firefox, and Opera), Opera seems to be the safest. All have security add-ons
- Use VPN and HTTPS Everywhere technology. Some browsers automatically use VPN and HTTPS. Others let you select HTTPS Everywhere and VPN add-ons. You can also get special VPN software.
Here is a good explanation of VPN..
- You might try the Duck-duck-go search engine. Admittedly it is not as good as Google, but is does have some built-in security.
- You probably want to actually pay for virus protection. I like the Panda and and McAffee security bundles. Avoid Norton.
- For personal email, ProtonMail is a good choice. But if you have an email address you want to keep, you may just want to keep it.

When you have all that and keep it updated, BACKUP your important docs, pictures, and even program installation files (if they are unusual or hard to find.) Run the virus checker on your thumb drive and your computer, then copy your files on to the thumb drive.

So does that make sense?

stormie · #4 9th July 2017, 07:49 PM

To answer your other questions:

Does the mere opening of an email (without clicking any links) present a threat (whether with my Yahoo account, or with my Verizon* account that downloads to Outlook)?
It can. Usually you have to open a link or reply, but you can get in trouble just opening a suspicious email. Suspicious emails include ones from sketchy addresses. For example, the email from Macy's should be blah@macys.com, not blah@macys_honest.com

Can simply visiting a website cause a problem?
Yes. Big problem. That is one of the ways people get malware and viruses and other bad things. Some web sites are very bad, some are fine. Generally, the plainer he site, the safer, like the CDC Metrics site and the Construction Industry Joint Taxation Committee. The more chat, video, and suchlike, the more portals to your computer. Youtube, Facebook, game sites, porn are particularly bad. Some online magazines and retailers are problems.

And if infected, how do I protect my data?
You did a backup, right? Now install, update, and run a virus protection program and do a full scan.

Is it considered good practice to back up your entire system rather than just data files?
No. Just back up what you have put on your computer that you want back. Perform backups often - every week, or even every day. If your computer gets so messed up that you have to wipe the drive, it is pretty damn messed up, and thank goodness you have backups.

I'm using Trend Micro AV software which periodically scans my system. I assume that it periodically updates virus definitions in its database.
Always keep your virus databases up-to-date, including the database you are using as a browser add-on. Always. Do not assume. (I have no opinion about Trend Micro.)

I am on Windows 10 which recently forced an update after one of the global attacks, so I assume that it patched a vulnerability they discovered.
HAHAHAHA. I am using Windows 10 also, because Microsoft employees threatened me until I upgraded. But it has so many vulnerabilities you have to use all this other stuff.

In short - what should I do, and what shouldn't I do?
Remember that the 'cloud' is just a computer somewhere else that is storing your documents and information. Dropbox, Google Drive, and the cloud storage that comes with Windows is practically public. You can get a safer cloud server, or you can encrypt your stuff before you put it on the cloud. Don't use a cloud server for anything that must be seriously secure. Here's a good if old article. (Trend Micro does have a cloud security option.)

Whenever you put your information on a computer you don't control, you are taking a security and privacy risk. Don't store your credit card information with retailers or online bill pay, because it can be stolen. Similarly, don't register for stuff you can complete without registering. Alternatively, use impersonal information (you can set up an email and profile to use on those sites). Don't sync your computer and phone, because your phone is a security sieve.

stormie · #5 9th July 2017, 07:56 PM

HEY JAG
What is this about my router?

Jaglavak · #6 9th July 2017, 09:27 PM

All routers ever created in the history of the universe have a built in web page or two that controls all the security settings and whatnot. That's the local IP address, which can only be accessed from your side of the router and not the internet side. If you lock up all the stuff you don't use and set all the security features to unabomber it makes life difficult for bad guys. If you do it right your system just won't respond to any outside signals at all, only packets coming from your box.

Even that is not necessarily 100% watertight because your own box will play double agent against you. The reason there are all these problems is there's a bunch of security holes built into windows either on purpose or through sloppy coding. Most of them relate to features that do stuff for you, like remote desktop, chat clients, or torrents. You should google on the most common windows security holes and turn them off. Nobody is going to log in and control my box via remote desktop, so I slayed that. Screw universal plug and pray, slay that. Give it the old three fingered salute to pop up the task manager. Go through all of the several dozen running services and find out what they do and if you want your box to be doing that.

But even that is not necessarily 100% watertight because your web browser will play double agent against you. Once again this is because of features that you may want such as playing videos or automatic logins. But if you uninstall adobe flash and install extensions for ad blocking and script blocking and WebRTC blocking and HTTP referer blocking then you can surf in reasonable safety.

tunaman · #7 10th July 2017, 10:44 AM

Quote: