Trojan Circulating the Market

Watchout for something telling you, you have a post card...I have had 3 trojan and 3 worm hits since yesterday..

I loaded a new anti-virus program on Candy's computer yesterday morning. She's already managed to collect five viruses in her quarantine box.

What can I say she's a virus magnet.

lol... well at least you protected.

But careful to those that dont have protection or a decent antivirus... i feel im going to be getting alot of calls soon

I always run AVG as an anti virus and Zone Alarm as a firewall. Zone Alarm asks if a new program that tries to access the internet should be allowed access. So if any Trojans get past AVG, it can be blocked from accessing the net by Zone Alarm. One useful thing about this is that even though it might be running, it doesn't get access and can't be exploited. Then you also know about it before any damage is done and can do something to remove it!

Dave do we have this?

Yes and no. AVG yes. Zone Alert no. However, there is an app running for firewall protection similar to Zone Alert - just can't think of the name of it off the top of my head.

The weakness in firewall apps like Zone Alert is that they report that something's trying to communicate out. It doesn't help if the user allows the communication. And there has to be the potential for a malicious script to disguise itself as a request from a legitimate program.

The tool is only useful if the user has a reasonable sense of what should and should not be happening.

Windows Defender is also a reasonable tool for keeping track of things trying to mess with your registry. Unfortunately again, this requires the user to have an idea what to expect.

Sorry to come in so abruptly but to be honest i need to "educate" you all about how things work in an online environment.

It doesnt matter what Antivirus you are running or firewall..... if you arnt literate enough to not click on an attachement that is a zip/exe/bat or anything of the sorts you are going to be getting a virus/spyware/trojan.

The problem with these types of issues comes from the fact that the error lyes between the keyboard and the chair

Let me explain to you how a firewall works.

The best firewalls are passive ones..... all ports are closed naturally and when you within your network require a connection it asks you and opens the port. Where as services that run on the pc could open up the ports without prior permission.

On a note.... zone alarm... isnt very effective in my opinion.

AVG is also a problem atm as its not coping with the New threats being released. Avg is usually about 4-5 days behind Symantec. In this time you could have picked up the bug and it has done its job.

My personal experience in the IT industry has taught me 1 thing.... no product is 100% efficient.
In saying that its being proactive and using software that reduces the amount of bugs and attacks.

I personally use the following

Windows Firewall (firewall 1)
Sygate Personal Firewall (firewall2) For those services that think they can use windows sublets to gain access
AVG Antivirus
AVG Antispyware (when required)
And personal Intellect.

I have to date had some minor spyware issues of which i could count on 1 hand.

If you not sure or dont understand... ask and ill provide the info where i can.

Maybe just to give a different perspective to the keyboard->chair problem...

One of the things that I've often seen is that people indiscriminately open emails and click through to websites without thinking about the possible implications. I think there should be tools that help you as much as possible, but there are a few basic precautions that you can take.

Think about it in the same way as you would think about being in a strange city that you know has a high crime rate. If you're walking around suburbia and there are children playing in the street you know you are relatively safe. If you decide to go down a dark alley in the middle of the night you are just asking for trouble.

So here are some simple pointers,

• Don't even open an email if you think it looks suspicious. You can check the email that it comes from before opening it - if you don't recognise it then consider turfing it. Also, turn off the preview pane of your mail client (no automatic opening)
• Check the link before clicking on it. If you put your mouse over the link the actual web address it will direct you to is shown in the bottom status bar, check that they match or at least make sense. e.g. text says FNB internet banking, actual link is to "www.imgoingtostealyourmoneyandmakeyoucry.com"
• Be careful with email jokes/forwards and so on. Crackers/worm writers and so forth often disguise their worms and so forth is cute and cuddly or funny emails. Be careful before you click that link, open that joke, etc.

The real challenge here is temptation and curiosity. It's akin to the relationship between moths and flames. I know folks who know they shouldn't be opening strange files from unknown souces, but they do it anyway because they just have to know.

Personally I'm not to worried about what that kind of person does to their personal PC, but if someone clicks away regardless of the consequences in a work environment that can mean days of fixing their PC, and trying to recover lost work. It's their downtime, plus someone else's time to repair the computer...and if it spreads across the network...eish

Practically, how do people deal with this in a work environment? (other than having anal retentive IT people who only allow you to read emails that they approve of)

Don't tempt me.

A simple solution but expensive solution is to set up email and internet communication connectivity (EICC and pronounced eish ) on a seperate network system to a finance, admin and document (FAD) handling system. Traffic from the FAD network to the internet would be purely outbound, such as emailing invoices etc. and passed through a software and hardware firewall into the wild internet world. No incoming requests accepted. And kiss VPN goodbye.

Exposure to incoming would then be restricted to the less critical EICC systems. And when someone says eish, my computer is broken, we can do a one button flush and reset of the entire EICC system.

I can see the corporate beancounter being a bit peeved, though.

Its called a proper mail program that can strip the email attachements out of it. email programs can strip what you tell it to.

No attachment ... no virus

That's fine and well. But sometimes those attachments are important documents. Admittedly probably the minority of attachments, but not suitable for a ruthless cull nonetheless. Solvable, Snoopy?