Re: Safeguard Your PC Against the Downadup Worm

Kayman wrote:

Ablang wrote:

< Is anyone else confused about how to protect their computers? >

Nope!
For Win XP the most dependable defenses are:
1. Do not work as Administrator; For day-to-day work routinely use a
Limited User Account (LUA).

Or run most Internet-facing applications under reduced priviliges.
Also, isolated environments, stricter policy enforcement, sandboxing,
and virtualization can be used on the most susceptible Internet apps.

2. Secure (Harden) your operating system.

Problem there is that hardening can become so severe that the platform
becomes unusable to the user. Security is good but not when it gets in
your way of doing YOUR tasks. The focus of a platform should not be in
piling on tons of security. It should be to provide reasonable security
while NOT interfering with your tasks for why you have that platform.
I've seen users so overly harden the OS that it becomes unusable to
them. At that point, you might want to consider using HIPS to regulate
what can run on your platform. If it cannot load into memory, it cannot
run, and if it cannot run then it cannot effect anything.

5. Reconsider the usage of IE and OE.

Comes back to #1 above. Any e-mail client can be vector for infection
if it utilizes system libraries for rendering HTML or graphics.

7a.If on high-speed Internet connection use a router as well.
Implement countermeasures against DNSChanger.
And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
Wi-Fi Protected Access (WPA).

And now WPA2 since 2002, or 802.11 in 2007.

8. Utilize one (1) each 'real-time' anti-virus and anti-spy
application.

True, only one on-access (realtime) scanner for antivirus should be
running. However, that does not preclude having multiple antivirus
products installed (but not always running) to use them only for
on-demand scanning. The problem, however, is that some antivirus
programs will load a background process that runs (to protect that
program) even when you don't use their on-access (realtime) scanner. A
decent antivirus product has very high coverage so layering on another
antivirus product rarely engenders higher coverage. Anti-malware
products are typically low regarding pest detection coverage so layering
them (for on-demand scanning) is recommended.

Also consider how long you want to spend on disinfecting your host. If
it takes you 3 evenings to wipe the OS partition, do a fresh install of
the OS, install all safe apps, do all your tweaks, and restore your data
files from backups, are you going to waste a week, or more, trying to
disinfect? And if you save image backups, restoring to before the
infection is a lot easier and quicker (but if you save your data in the
same partition for the OS image then you could lose data if not backed
up elsewhere).

10. Regularly back-up data/files and familiarize yourself with crash
recovery tools and re-installing your operating system (OS).

If you don't backup, you deem your data as worthless or reproducible.
If you get infected, you will need to progress backward through your
backups until you find an uninfected backup. If you only do logical
file backups, you'll have to wipe the partition and restore as you
proceed backward through your backups. If you do image backups, you can
restore (with overwrite) to walk backward through them.

If you're infected, don't use System Restore. Stop its service (to
delete its restore points) and restart (after disinfection) to ensure
you don't bring anything of the pest back from there.
.

Relevant Pages

  • Re: Mailbox Backup
    ... The key point is number 12, the Recovery storage group. ... this allows you to restore your entire Exchange store to this special ... > Individual mailbox backups are not supported in ...
    (microsoft.public.windows.server.sbs)
  • Re: All of mount point in lost+found, is there any way Im not screwed?
    ... Unless the client chose to have their backups handled by their Windows ... HP-UX and AIX. ... There are 4 restore options possible. ...
    (comp.os.linux.setup)
  • Re: backup and recover of AD objects
    ... We have been built info on W2K8 backups, we push it out to an external drive on our SAN. ... http://lindstrom.nullsession.com/?cat=7 and i was able to restore a deleted object but i wasnt able to restore any of the attributes of the ... deleted object, the object that was deleted was a user account that had a mailbox on an exchange 2003 server, so not sure if this tool can restore msexchange attributes? ... All the DC have a raid 1 and a raid 5 array, the raid 5 has no data on it and the raid 1 is where the OS lives. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Why update to SP3?
    ... At the first sign of a problem, restore the ... as a Linux advocate and Windows basher not a shill or "paid stooge ... I think you somewhat exaggerate the risk, but then again, I'm not going ... Sure, you should have system backups, that you have tested to be sure can ...
    (microsoft.public.windowsxp.general)
  • Re: Windows Backup Utility Question
    ... Acronis True Image ... If you're just wanting to do backups of the user folders, ... We normally have Backup Plus run at night, backing up incrementally to DVD, ... It's important to periodically verify that you can restore ...
    (microsoft.public.windowsxp.general)