Random Blog
Wednesday 5th July, 2006 15:02 Comments: 0
I came across a blog that raised some interesting ideas (I\'ll save the email one for later):
Sure you can encrypt the drive, you can install firewalls, web application firewalls, and anti-virus, but can you protect it from spyware? Lots of spyware is not detected by anti-virus for some reason (to this day, I really don\'t get why). Instead they sell different products which are not standard, or worse, let the user fend for themselves. So they end up downloading stuff like Microsoft's Defender or Ad-aware (if they know to be paranoid about it). I haven\'t yet seen one corporate laptop with anti-spyware installed by default for users.
So true, I didn\'t have anything on my work laptop, so I stuck Windows Defender on it, which means I installed software on here, which I\'m not allowed to do. I was also told by my office that I should use encryption - again, this involves installing software. This wouldn\'t be too much of a problem if they didn\'t give us admin rights on the machine to install software, but that's exactly what you get, so I created a local account that isn\'t an Administrator.
And the other point, is why don\'t anti-virus products detect and remove spyware? There seems to be a very fine line, some AV products remove things I would call spyware, while others don\'t (some spyware just spys, some are partly malicious, some propogate [like a viral infection?], some do everything). Some people market suites of software that do both as two separate products, but why not consolidate them? Otherwise your anti-spyware tool will scan the files, which will first be scanned by your AV software if you have on access scanning enabled (and I hope you do?), assuming the AV software doesn\'t remove the nasty virus first.
The other entry that I liked was this one:
Forgive me because I can\'t find the source, but the jist of it was, "Hello, we are your bank. Your token has expired. Please mail us your username, your password and your token so that we can insure that it gets replaced."
...
Can we stop talking about this now? You can\'t save your users from stupidity by asking them to adopt security. They\'ll find a better way to bypass your security with their ignorance. Trust me!
I\'m surprised by how many users will fall for a popup browser window saying something along the lines of "You\'ve been infected by spyware, run our free tool to [remove the infection/scan your computer for spyware/infect your PC with even more spyware]". Okay, where to start. If a browser window says you\'ve been infected by spyware, stop and ask yourself this: "If it's detected spyware on my computer, why do I need to run an additional program to scan for more?". Okay, the less stupid of you will want to ask yourselves: "It's a browser window, how does it know what's on my computer?". It doesn\'t (well, short of running an ActiveX control, which it should have prompted you to do unless you\'ve messed with your default settings - although spyware/viruses may well do that). It's guessing that most people are stupid enough to just believe what people say. And you know what, it works most of the time! Oh, and if you have to pay for a tool to fix your computer, don\'t do it. There are plenty of free ones that\'ll do the job for you. Okay, and finally, don\'t trust everyone that says they know what they\'re doing. Sometimes it's sensible to admit defeat and reinstall Windows (because, almost invariably, you\'ll also be running Windows) and copy your documents back across from trusted - and virus scanned - backups. Possibly off a CD, to avoid any NTFS nasties. If you have questions, as this is a fairly random post, leave comments.
Sure you can encrypt the drive, you can install firewalls, web application firewalls, and anti-virus, but can you protect it from spyware? Lots of spyware is not detected by anti-virus for some reason (to this day, I really don\'t get why). Instead they sell different products which are not standard, or worse, let the user fend for themselves. So they end up downloading stuff like Microsoft's Defender or Ad-aware (if they know to be paranoid about it). I haven\'t yet seen one corporate laptop with anti-spyware installed by default for users.
So true, I didn\'t have anything on my work laptop, so I stuck Windows Defender on it, which means I installed software on here, which I\'m not allowed to do. I was also told by my office that I should use encryption - again, this involves installing software. This wouldn\'t be too much of a problem if they didn\'t give us admin rights on the machine to install software, but that's exactly what you get, so I created a local account that isn\'t an Administrator.
And the other point, is why don\'t anti-virus products detect and remove spyware? There seems to be a very fine line, some AV products remove things I would call spyware, while others don\'t (some spyware just spys, some are partly malicious, some propogate [like a viral infection?], some do everything). Some people market suites of software that do both as two separate products, but why not consolidate them? Otherwise your anti-spyware tool will scan the files, which will first be scanned by your AV software if you have on access scanning enabled (and I hope you do?), assuming the AV software doesn\'t remove the nasty virus first.
The other entry that I liked was this one:
Forgive me because I can\'t find the source, but the jist of it was, "Hello, we are your bank. Your token has expired. Please mail us your username, your password and your token so that we can insure that it gets replaced."
...
Can we stop talking about this now? You can\'t save your users from stupidity by asking them to adopt security. They\'ll find a better way to bypass your security with their ignorance. Trust me!
I\'m surprised by how many users will fall for a popup browser window saying something along the lines of "You\'ve been infected by spyware, run our free tool to [remove the infection/scan your computer for spyware/infect your PC with even more spyware]". Okay, where to start. If a browser window says you\'ve been infected by spyware, stop and ask yourself this: "If it's detected spyware on my computer, why do I need to run an additional program to scan for more?". Okay, the less stupid of you will want to ask yourselves: "It's a browser window, how does it know what's on my computer?". It doesn\'t (well, short of running an ActiveX control, which it should have prompted you to do unless you\'ve messed with your default settings - although spyware/viruses may well do that). It's guessing that most people are stupid enough to just believe what people say. And you know what, it works most of the time! Oh, and if you have to pay for a tool to fix your computer, don\'t do it. There are plenty of free ones that\'ll do the job for you. Okay, and finally, don\'t trust everyone that says they know what they\'re doing. Sometimes it's sensible to admit defeat and reinstall Windows (because, almost invariably, you\'ll also be running Windows) and copy your documents back across from trusted - and virus scanned - backups. Possibly off a CD, to avoid any NTFS nasties. If you have questions, as this is a fairly random post, leave comments.