Sunday, August 16, 2015

Even more Crypto-paranoia

This class of threat remains very, very prevalent and extremely dangerous. The measures noted in my previous post remain relevant and helpful - but not 100% effective. Antivirus programmes remain essential; and the ones built into Windows for free are actually quite fine. If you really want to pay for something, then Kaspersky is probably the best option.

But; these do not protect you from “zero day” threats; i.e. ones that have not yet been categorised and profiled by the AV software. These are the main vector for crypto viruses. Further, it is quite possible to browse mainstream sites today and be hit by these viruses that have piggy backed on top of ads being shown on the site without you clicking on or doing anything actively yourself. (Known as “drive-by” attacks). Ensuring you are not running as an administrator (not always practical) and the registry policy changes noted in the previous blog are another level of protection - but also not infallable.

One means to mitigate this threat is to use a combination of ad blockers (uBlock Origin on Firefox is currently the best regarded) and script blockers (which prevent anything from the web site running on your machine). The latter can work well – but are extremely difficult to use; so much so that most people stop using them a couple of days after installing them as they are too much trouble.

At this point in time, the best way to deal with this class of threat is to sandbox your web browser. i.e. have it run in an environment that is actually separated from the rest of your computer, so that anything that “infects” it, actually only does so in the sandbox – affecting nothing in your “real” computer. Your AV software may or may not pick up the threat. But even if it does not, the infection is limited to the sandbox – and automatically deleted when you exit the browser. current programme of choice is Sandboxie (with a new version in beta form for windows 10 – for those who have upgraded). This works extremely well at preventing the crypto-viruses from getting to your system. I have bought their perpetual license bundle for all our computers – and it just runs now invisibly and automatically anyone runs a browser. You have to go into the sandbox settings and tell it that you want it to run automatically by the way!

I would note that if you are concerned about data privacy, Sandboxie in its current version and without AV does not necessarily prevent a very specialised virus exfiltrating data from your system. The sandbox only prevents data being written in your real system and data file areas. However, the risk of a virus just aiming to snoop your data and being able to sidestep AV systems is very, very low.

In summary:
  1. use an anti-virus programme and keep it up to date. Under windows, the free Defender programme is actually fine. If you want to pay $, then Kaspersky is probably the current front runner
  2. use an ad blocker with your browser. My current browser of choice is Firefox in terms of speed, resource efficiency, flexibility and security. Keep it up to date. uBlock Origin is my current ad-blocker of choice; Adblock Plus has been regarded in the past as the best - but it will let ads through if they are paid!  
  3. run your browser in Sandboxie; keep it up to date too! Ensure the settings make Firefox (or other browser of choice) run with it every time.
  4. additionally, if you are concerned about the privacy and security of your data online, the from the Electronic Frontier Foundation has two excellent Firefox add-ons:
    • Privacy Badger to stop sites tracking you, and
    • HTTPS everywhere to force secure connections to the sites you choose - to the extent that this is possible.

No comments:

Post a Comment