Published by Kerry Brown on 8th March 2010
These past two weeks have been crazy for malware. I’m getting several phone calls a day about rogue security programs. These programs hijack your computer. The latest version is extremely hard to remove from XP. If Windows is running it’s near impossible. The malware gets into the system files and doesn’t let other programs run. I have to remove the hard drive and scan it with another computer. Then I re-install the hard drive and run more scans. This malware is constantly changing. The anti-malware scanners are always behind. I find it’s best to wait for two or three business days after receiving an infected computer before working on it so the anti-malware scanners will hopefully have the malware in their signatures. Yesterday I received an infected computer that was running Windows 7. Windows 7 was running with the default security settings. All the user accounts had passwords. The malware was the exact same as I’d had all the trouble with on XP computers. It took about five minutes to remove it in Windows 7. Because of the better security in Windows 7 the malware could not get out of the user account that clicked on the wrong web site. I had set this computer up. When I set up a computer I always set up a second administrator account with a strong password. This is especially important in Vista and Windows 7. If you only have one account and it gets corrupted it’s very hard to fix it. I logged in with the second account, loaded the infected users registry hive, deleted a couple of entries, and deleted the files those entries pointed to. I was then able to reboot into the infected users account with no signs of the malware. I waited a couple of days then ran several different scanners just to make sure. They did find a couple of dropper files in some temp folders. If those files had inadvertently been run the computer would have been infected again. I was very impressed with how well Windows 7 protected the computer. It’s impossible to stop every social engineering attack. Some people will always click on the wrong thing. Windows 7 with the default security settings did a great job of limiting the infection and making it easy to remove.
Published by Kerry Brown on 24th August 2008
This morning I was out walking in the rain trying to come up with a good idea for a blog post. I’ve been thinking a lot about computer security lately. As I was walking I realised that walking in the rain was a good analogy to use when thinking about computer security. I have to deal with a very wet climate. I enjoy spending time outdoors. Sometimes I have things I have to get done that require me to be outdoors. This means I have to come up with a way to deal with rain. I actually have several strategies for dealing with rain depending on what I’m doing, how hard it’s raining, and how long I’ll be exposed to the rain.
The simplest strategy is to just try to stay out of the rain. This is OK for very short durations in the rain. If I’m quick I stay relatively dry while going from my door to the car, or from the car to a store. In computer terms this would be like running Windows with minimal security enhancements, nothing but what’s built in. It’s very easy and convenient. Most of the time I won’t get too wet. Occasionally I’ll get caught in a downpour and get soaked to the skin requiring a full change of clothes. Most of the time I don’t use this strategy nor would I recommend it for others as they will inevitably get wet at some point.
The next strategy is to wear a coat. This gives some added protection but when I do get caught in that downpour I may have to change my pants or at the very least my shoes and socks afterwards. If it rains hard enough or I’m outside long enough the coat will eventually soak through. Over time the coat wears out and becomes less effective at keeping the rain out. I have to buy a new coat. There are many different types of coats, some of which give much better protection from the rain than others. There are windbreakers, rain coats, and overcoats. Choosing which coat to use takes experience with the weather and knowing how hard it’s likely to rain. This would be like Windows with an antivirus/malware program installed.
This morning while walking it was raining pretty hard. I took an umbrella and wore a rain coat. I was out in the rain for quite a while. I still got a little bit damp but that was mostly because I was too hot while walking up the hills. The problems were mostly internal caused by the protection I was using. Some of the dampness was caused because the umbrella didn’t protect against splashes from the rain drops on the sidewalk and for a small period of time it was raining hard enough that some of the drops made it through the umbrella (a Microsoft golf umbrella by the way) in the form of a fine mist. This is like Windows with a hardware firewall (umbrella), antivirus software(coat), and anti–malware software (the coat is a specialised rain coat). All that protection may get in the way and cause it’s own problems but in the end it does a pretty good job of protecting me from the rain. If someone was going out in the rain this is what I would recommend, with a warning that it may not be the ultimate in protection. They may get a little damp at times. Some of the dampness may be caused by the protection itself (perspiration).
Last winter I volunteered to work at one of the 2010 Olympic venues (Whistler Olympic Park) for a ski jumping event. One of the perks was a very high tech Halti all weather jacket. This jacket is made of some super high tech material that allows you to work very hard and not get soaked from your own perspiration. At the same time it is completely waterproof even if you are out in the rain for hours on end. I was shovelling snow at the top of the big ski jump in major sleet (mixed rain and snow) for hours. I had a Tilley hat, the Halti coat, similar high tech rain pants, microfibre clothing underneath, rubber boots, and some high tech thinsulate gloves. This would be like running Windows in a virtual machine on a very fast computer that was behind a locked down server class OS that enforced network policies and an enterprise class firewall. I was able to work for several hours in extremely adverse conditions without getting wet at all. I was able to get the work done with no problems caused by either my environment or the gear I was using to protect me from the environment.
What does all this say about computer security? Security is about mitigating risk. You have to assess the risk and come up with a plan to mitigate the risk that is appropriate to your budget and environment. No matter what you do, you will never get the risk down to zero. With enough resources you can get close. The closer you get to zero risk the higher the cost. For most of us the cost/benefit falls somewhere in the middle which means we may have to deal with occasionally getting a little bit damp.
