| Part II Sadly, last year I did have at least three infections, my first ever. All three were from Web browser usage. I don't know the sources of the first two, but the third infection was from one use of the Akamai download manager software to get a PDF file from an Asus Web site. As I since discovered, that Akamai program is a common source of viruses: There are some obscure parameters in the program with some bugs, and passing the right string from an HTML page to the program can infect a computer. So, again, the problem was that the Web browser and the Akamai software permitted software from an untrusted source to execute. My solution: (1) Except for a few, essential, explicitly trusted Web sites, do Web browsing only in Windows User mode and not Windows Administrator mode. (2) Severely restrict what Web browsers can do. For each browser, spend hours or a few days going over each browser security option in detail and block everything at all questionable until have a browser that barely works on common Web sites. When on some Web sites the security options are too severe, f'get about the sites. For the options, document each click. Of course, must block Java and Active-X as if they were bytes of Anthrax. (3) Disable all Web browser plug-ins except Flash. Due to the security threats of Flash, restrict Web browsing only to 'mainstream' Web sites and hope and pray. In particular, never even entertain enabling anything like the Akamai download manager. If want a PDF file from Asus, then try to get one sent as an e-mail attachment instead of via a browser plug-in. For now and into the future, regard essentially all browser plug-ins as never to be used. Period. (4) For PDF files, let Adobe Acrobat read only files from relatively trusted sources. Disable the ability of a Web browser to call Adobe Acrobat automatically. That is, do not let any PDF reading software be an enabled browser plug-in. (5) After any software changes, review again what browser plug-ins are enabled and again disable all but Flash (many software installations install and enable browser plug-ins without permission or notification). Swat back all those plug-ins like infected insects. (6) Once a month download and run the latest Microsoft Malicious Software Removal tool (MRT). (7) Keep a copy of the boot partition when all the software on it was freshly installed and still virus free, and be able to restore that copy of the partition given any symptom of a virus. With some effort, some careful usage of options, 'decoding' some really obscure Microsoft documentation, some experiments, some guessing, some detective work, and a few days of work, maybe two weeks full time, this saving and restoring are possible via the standard Windows program NTBACKUP. (8) Of course, block all automatic software updates and downloads, and minimize all software updates. When the system is working, essentially FREEZE it -- if it ain't broke, don't fix it. (9) Try hard to block any automatic execution of any software on removable media. Here, Microsoft tries really, really, really hard to keep people from blocking such automatic execution. Microsoft really, really, REALLY wants such automatic execution and wants to sweep under the rug the outrageously obvious security threats. So, have to be very careful about what removable media insert into a Windows system. (10) Have Windows Firewall enabled with severe restrictions. (11) Be very careful about any software source where permit its software to execute. This means, permit third party software to execute only from essentially impeccable sources, e.g., with signed software, etc. This also means, for nearly all third party software, f'get about it. So far these steps have worked. For infections as in the article, that is, via e-mail, I am not concerned. In particular, for some progress on PC computer security, pay attention to my 11 steps above. Also pay close attention to the first rule of computer security. For the article and its "unwittingly" via e-mail and downloads, f'get about those. I'm passing out stuff that is from good up to great; the article is passing out nonsense. You wrote: "It is a fact that there are very competent people behind these attacks." That statement is true but a 'non sequitur' in this discussion and, thus, off the subject. The issue from the article is getting infected "unwittingly" via an attachment via e-mail, and, with anything like a decent e-mail program used in anything like a decent way, that's nonsense even for "very competent people". In particular, the article is pointing people in the wrong direction: The problems were not from e-mail or downloading but, presumably, that is, taking the minimum from the article, from 'opening' a spreadsheet file. That distinction is key, crucial. There's nothing "unwittingly" about it. The problem was that word you claimed was there but was not -- OPEN. "The whole scenario seemed quite plausible to me, without my having to assume that RSA employs a bunch of idiots." It's not "plausible" to me: The problem had to be "open" and not e-mail or downloading. And "unwittingly" had no role. Again, once again, still again, over again, once more, the first rule of computer security is: Never, ever permit data from an untrusted
source to execute as software.
The problem in the article was a violation of this rule.Just what is it about this rule you are having such a really difficult time understanding? Why are you so determined to believe in "unwittingly" instead of rationality? This rule is really good news; why are you being so determined to keep struggling in the 31 F waters instead of reaching for the lifeboat and warm, dry blankets of this rule? "As for your gripe about the quality of the article, think about the target audience." I am: The audience needs to f'get about the article and "unwittingly" and pay close and careful attention to the first rule of computer security. For that rule, did I mention: Never, ever permit data from an untrusted
source to execute as software.
"That said, I thought it was a pretty decent article. It explained in relatively easy to understand terms how the attack worked and the possible rationale behind it."No: That is definitely what the article, deliberately and/or incompetently, did NOT do. The article claimed that "how the attack worked" was via its "unwittingly" and downloading, which are nonsense. Again, once again, to repeat yet again, still again, the problem was OPEN and, in particular, violation of: Never, ever permit data from an untrusted
source to execute as software.
That's enough. If I continue to respond to your writing from not having read what I wrote, I will be just repeating the same, simple, on target points over a dozen times. |