malware

Cleaning a PC when fdisk-format-reinstall isn’t an option

Dave Farquhar Uncategorized , , , , , ,

There are any number of pie-in-the-sky pundits who will tell you when a computer starts to get slow, to format the hard drive, reinstall Windows, and go on your merry way.

Unfortunately it’s not always realistic. I don’t clean up PCs all that often anymore, but here’s what I do when I need to.

Read more

A few more WordPress security tips

Dave Farquhar security , ,

There’s some nasty WordPress malware circulating right now. I haven’t fallen victim to that one, but I caught the very early stages of infection myself all too recently. WordPress itself was just updated to close some vulnerabilities, but the biggest problem is the plugins. Unfortunately, the plugins are the main reason to run WordPress.

At my day job, I’ve had the pleasure of working with a very security-conscious webmaster for the last couple of months, and he and I talk about WordPress security frequently and look into what we, or anyone for that matter, can do to make the best of the situation. Here’s what he and I have found in the last week or so.

Read more

Use this file to find out how much your antivirus is protecting you

Dave Farquhar security , ,

Unlike some security professionals, I still regard antivirus as a necessity. It doesn’t catch advanced threats, and everything it does catch can be caught through other methods, but it is the most cost- and labor-effective way to catch the best-known, least sophisticated attacks. If you put a $100,000 incident responder to work hunting ordinary viruses, you’ll waste a lot of money on salary and quickly lose that incident responder to another company offering more interesting work.

Of course, there’s a great deal of discussion in the mainstream computer magazines about which antivirus is the best. I don’t agree with their methodology though–they might as well be looking for the longest 8-foot 2×4 at the home improvement store. Yes, you can probably find some variance if you get out a micrometer, but what have you accomplished?

SANS has a good real-world test to see how much protection your antivirus software is really giving you.

Read more

Application whitelisting on Windows, even home editions

Dave Farquhar security , , , , , ,

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

  • use application whitelisting to help prevent malicious software and unapproved programs from running
  • patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
  • patch operating system vulnerabilities
  • restrict administrative privileges to operating systems and applications based on user duties.

Read more

Five things security experts do vs. five things non-experts do

Dave Farquhar security , , , ,

There was a fair bit of talk last week about a study that compared security advice from security experts versus security advice from people who are at least somewhat interested but don’t live and breathe this stuff.

There were significant differences in the answers, and a lot of security professionals panned the non-expert advice. I don’t think the non-expert advice was necessarily bad. Mostly it was out of date.

Read more

uBlock settings for better malware protection

Dave Farquhar security , , , ,

I have some easy uBlock settings to improve how it protects you against malware. You don’t think of ad blockers as a security tool? I do. It’s a good idea to use one even if you configure it to allow most ads through.

My favorite ad-blocking extension for Chrome is uBlock, because it’s faster and more resource friendly than the better-known Adblock Plus. It also comes configured by default to block known malicious sites, where Adblock Plus makes you dig for that feature.

But it’s still possible to tweak uBlock to give you even better protection against malware, and that’s a good thing. It’s one thing to detect malware and block it after you download it. But it’s even better to detect and block it before you download it in the first place. That keeps you safe if your antivirus software is slow to update for any reason.

Read more

How to make your online banking more secure

Dave Farquhar security , , , ,

If you want to make your online banking more secure, I have a tip for you.

Due to the increasing amount of malware targeting bank accounts, it’s not a bad idea to dedicate a computer to online banking and only online banking. Of course, who wants to dedicate an expensive computer to that task?

You don’t have to. You can buy a $120 refurbished Chromebook to use. If you don’t want to spend any money but have a seldom-used computer still hanging around that isn’t good for much, load Linux Mint on it and use it exclusively for banking. My experience with Mint on an old netbook has been rather good. Linux Mint is, if anything, easier to get up and running than Windows.

Read more

Why someone would hack a WordPress account

Dave Farquhar security, Wordpress ,

I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.

If you have a WordPress blog, you’re probably in a similar situation.

Read more

Fixing white screens in WordPress

Dave Farquhar security, Wordpress , , ,

I got the white screen of death last week, but it was odd—it only happened if I tried to edit posts that were in draft or scheduled status. Already-published content would edit fine. Here’s my experience fixing white screens in WordPress.

Clearing my cache helped temporarily, but the problem would come back as soon as I saved a post. I ended up doing two other things as well, and then the problem went away. I emptied my spam, which also greatly sped up the site, and I also deleted a mobile plugin that I was no longer using but was disabled. Disabled plugins can still affect behavior sometimes. Read more

Browser extensions are the new adware, and sometimes comes with surprises

Dave Farquhar security ,

I sometimes show my age by making jokes about Bonsai Buddy and Gator and Hotbar, but ads injected in browsers are a problem that’s coming back. And sometimes these ads come with malicious payloads, installing unwelcome software on your computer to maintain persistence.

Problems like this are the reason I tend not to load my browsers down with lots of extensions. Sometimes the functionality is cool, but I’ve always found ways to get what I need done with a stock browser, and then I have a better idea of what I’ve gotten myself into. I’m beholden enough to the agendas of Microsoft, Mozilla, or Google as it is; I don’t need third parties injecting their agendas into the mix, especially when they may be malicious.

And besides that, a lot of extensions tend to be very memory- or CPU-hungry. I have enough memory on most of my machines that I can dedicate 2 GB of RAM to a web browser, but I’m not sure why I should have to.

The fewer extensions you load onto your web browsers, the safer you’ll be, and in the long term, I’d wager the happier you’ll be as well.