Re: ZA Trojans & Hijackers
From: Gerald Vogt (vogt_at_spamcop.net)
Date: 03/15/05
- Previous message: Gerald Vogt: "Re: Do I need these services listening?"
- In reply to: Derek: "ZA Trojans & Hijackers"
- Next in thread: Jason Edwards: "Re: ZA Trojans & Hijackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 07:56:39 +0900
Derek wrote:
> A couple of weeks ago I set my daughters PC up with fresh Windows XP SP2 and
> installed Zone Alarm (free) and AVG Antivirus.
>
> I thought it was all going OK, but tonight she called me to say that her
> webpage is being re-directed and Spybot is reporting the following on her
> system,
>
> Trojan.sbi
> URL-Blacklist.sbs
> Hijackers.sbi
>
> Should these have been stopped by ZA ?
> Could I have missed something when I set it up, I'm fairly sure I just used
> the default settings for most things.
Best thing is to setup a the system again from CD.
Any security software does never provide 100% protection. Most security
software can be easily misconfigured when running in default settings
because in particular personal firewalls need a lot of assistence of the
user (all those pop-up questions). Wrong answer to these can be
devastating for the security without any malware close to your system, yet.
A system in default configuration is an easy target if the user is not
experienced. For a beginner user most security software is much too
complex in default configuration and still the user has to be extremely
careful as personal firewall and anti-virus do not detect every malware.
And even if it detects something often the user can override the warning
if he thinks he needs something (or like people that turn off the
firewall for a couple of minutes because some program is not working
properly and only when the firewall is turned off)...
Set up the system again. Make sure that your daughter is only using a
limited user account and don't give her the administrator password.
Enable AutoUpdate for Windows. Install PFW and AV and configure it
completely in a way that she cannot change any settings, and that
security is as tight as possible. Also enable AutoUpdate for PFW and AV
to at least once a day. Only install the software which is absolutely
necessary on the computer. Once you have setup the computer, make a
complete system backup and take it with you. Next time, it may safe you
a lot of time if you have to setup the system again because it still got
infected despite all your efforts.
If you want to take it up a notch, you can read yourself into "Software
Policies" which allow you to define which programs and DLLs on your
system are actually allowed to be used. The easiest way to employ them
is after a fresh setup because you know (O.K. you hope) that the system
is clean. Everything on the system is O.K. then. Software policies are
however quite tricky at times and can be difficult to maintain over the
time. So I would really recommend some extensive reading on the subject.
But AFAIK they are pretty secure. (If users don't use administrator
accounts...)
Also install Firefox and Thunderbird on the system and remove OE and
lock down IE (proxy configuration to localhost). Disable extension
installation in Firefox and Thunderbird.
Bottom line: if the user wants to get infected (even if he does not know
what he is doing) he generally will get infected. There are always holes
somewhere there through which something slips undetected.
Gerald
- Previous message: Gerald Vogt: "Re: Do I need these services listening?"
- In reply to: Derek: "ZA Trojans & Hijackers"
- Next in thread: Jason Edwards: "Re: ZA Trojans & Hijackers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
