Skip to content
Home » malware » Page 2

malware

Simple tips to prevent ransomware

Last week at work, I noticed some odd events in an event log, and when I investigated them, I found they were part of a failed ransomware attack. This got me thinking about how to prevent ransomware at home.

Ransomware, if you aren’t familiar, is an attack that encrypts your data and demands a ransom, usually around $300, in bitcoins, and you get a short deadline until it destroys your files. More often than not, paying the ransom is the only way to get the files back, so it’s much better to prevent it.

Read More »Simple tips to prevent ransomware

Why domain squatting works

I lost an afternoon troubleshooting a Websense non-issue. A web site related to Salesforce wasn’t working, and any time something like that happens, Websense goes on trial. About all I can do is make sure it’s a fair trial. Such is the life of a proxy administrator. And in this case, Websense was innocent–the guilty party was a dirty, no-good domain squatter. It’s a business model. And people wouldn’t do it if it didn’t work. Here’s why domain squatting works.

Read More »Why domain squatting works

High side vs low side

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

Read More »High side vs low side

Recommended DD-WRT settings

I’ve been asked a few times now for my recommended DD-WRT settings, or at least my good-enough settings. I think that’s a great idea, so I’ll walk through how I configure a DD-WRT router. Follow these steps and I can almost guarantee you’ll have the most secure network on your block.

For the purposes of this tutorial, I am going to assume you are configuring DD-WRT as your primary router.

Read More »Recommended DD-WRT settings

Easier application whitelisting in Windows with App Locker

Application whitelisting is the holy grail of security, but it’s always at the top of the list of things people should do but haven’t yet. The reason is because it breaks stuff and it’s almost as impossible to anticipate ahead of time what it’s going to break as it is to fix whatever breaks.

I know. I wanted to do application whitelisting way back in 1997 and failed miserably.

I found a good-enough approach recently, though.

Read More »Easier application whitelisting in Windows with App Locker

Using Splunk to find bad guys in your network

I’ve covered event logging before, but the excellent site Malware Archaelogy has some cheat sheets that include Splunk queries you can use to find incidents or malware operating in your network, or even use to create dashboards so you can keep an eye on things. Malware Archaelogy’s list of events to log is a bit different from what I covered before, but there’s a considerable amount of overlap. You probably want what they recommend and what anyone else is recommending.

The key to corporate computer security is situational awareness, and I don’t think anyone sells a blinky box that provides enough of that. But you can build it with Splunk.

And, for what it’s worth, I do recommend Splunk. I’ve used Log Logic in the past, and its searches often take days to finish, which means Log Logic is so slow that by the time you find anything in it, it’s likely to be too late. Splunk isn’t quite real-time, but you can find stuff in a few minutes.

Unchecky is another tool to help with staying out of trouble with malware

I found a mention of a tool called Unchecky as a minor point in a story about something else entirely. Unchecky helps to solve the problem with downloaded programs including a bunch of extra junk you don’t want.

I won’t be running it myself. But the next time I fix a computer, I’ll probably install it on that one.

Read More »Unchecky is another tool to help with staying out of trouble with malware