[dba-Tech] Win 10 virus protection

Jim Lawrence accessd at shaw.ca
Tue Mar 15 14:52:07 CDT 2016 

Hi John:

I will make some comments on how to do things and subtle changes in our approach but as you said this group is techs and we are not typical (if ever) users and therefore not prone to making dumb and simple errors.

That said; your over-view is excellent. Below are my comments.

Mail is the most dangerous application on any network. Its port (80) is always open and virtually every bug comes into a PC or network via that address. Some clients are doing their mail via virtual drive or Container on their own PCs. Then there is the server solution where mail is isolated through a Hyper-V and user just connect through a web interface. As Hyper-V is not really Windows, its OS is not as susceptible to the standard viruses. (Then of course there are Linux mail servers which are only prone to a very few pieces of malware.) My ISP (Shaw) runs a copy Zimbra which is a web based mail server which can scale up from a simple client system to a huge internet/network Exchange like server (50 million clients or is it messages a day?)...unfortunately it is Linux based. One of the new trends is to host mail services through a Cloud based cluster of client mail boxes. The over all trend is to isolate client mail from any system but these alternatives are either corporate based or still fledgeling.

Backups are the next most critical point in any system. Cloud based backups are great but in a real catastrophic failure these data sources may become unavailable. To my way of thinking, the best backups are local, varied and continuous. Local; is always faster and accessible. Varied: One; there are a host of synchronization applications out there...when a program or data is changed a backup is kept of the changed information for a defined number of hours...(in the event of disaster, recovery can be time consuming.) Two; a good multiple backup system; daily, with a good range of copies and a high level of password protection (a backup password that is only used for the backup and is encapsulated and automated.). Three; off-site storage...there is no protection against a natural disaster. Four; a good file system design...one that makes client side restore points...but getting clients to do this regularly is difficult.) There is a trending FS called ZFS. For years it has been the domain of servers but now it is becoming a option for all operating systems...even Windows 10. The whole ZFS is designed to guarantee data integrity, with multiple layers of redundancy, auto-restore points, built in encryption for files and directories, expandable across multiple desktops and servers.       

Isolation is one of the best methods to keep malware segregated from the main network. Always isolate the mail system from the companies data. Some network guys keep their mail on a different subnet from the rest of the business. Aside: On one client, I had her mail hosted on a server accessed via a RPD client connection after the fourth time she managed to get her station compromised and the problem disappeared. 

My forte has been to protect a system before it can and does get compromised. You have a great understanding of how to protect a network or PC when to does get compromised. ;-)

Jim
 
----- Original Message -----
From: "John R Bartow" <jbartow at winhaven.net>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Tuesday, March 15, 2016 9:41:56 AM
Subject: Re: [dba-Tech] Win 10 virus protection

Hi Tina,
Disclaimer: we're all very technical people on these lists so my discussion
does reflect people that know what they're doing. ;-)

I haven't abandoned Vipre. After being sold/spun off for the third time in
about 1/2 dozen years, I expected there may have been some staff drainage at
Vipre HQ. But et, I've had no problems with it in my client base. But then I
also don't rely on one program to secure my clients. (Layering is a must.)
Vipre seems to be better than Bitdefender at blocking the annoying crapware
add-ons like conduit based toolbars and such. But Bitdefender had a better
solution for preventing ransomware and that is currently the most damaging
exploit there is and is only getting worse. All it takes is to click on one
email attachment that starts the process and a disaster begins. But even
where I am replacing Vipre on PCs, if they have a server Vipre will stay on
it. That's two AMs scanning the same files. 

For instance I like to have Vipre and HitmanPro web alert. It seems to be
very effective (either that or I have very smart clients) at blocking web
born exploits. Also CryptoPrevent is a good product for small businesses to
aid in resisting ransomware (and there is a free version.) It coexists
nicely with the normal AM like Vipre or BitDefender. And for clients that
have gateways with malware scanning support, it is usually Kaspersky or
Sophos AM scanners.

No AMs can stop the latest exploits immediately, there's a reaction curve.
The problem is the users. Specifically users being duped into doing
something they shouldn't. That is the #1 cause of problems and it's hard to
get people to stop clicking on attachments, advertisements, fake update
pop-ups etc. So, we try to block all of that stuff. For every solution there
is a reaction from the bad guys and the circle continues. I insist on popup
blockers in browsers - currently I install AdBlockPlus on all browsers
because it is the only free solution I know of that works easily, and
supports IE, FF and Chrome. (Most of my client base still have to use IE for
some websites.)

Also mail filtering is SO important. Currently mail filters should remove
any attachment with embedded javascript as that is the latest attack vector
of ransomware exploits. And it needs to strip the, by now, run of the mill
fake UPS or FedEx email with the infected attachments that have been duping
people for decades.

But the biggest thing people need to have is disconnected backup. Sticking
an external drive onto a PC, backing up to it every day and thinking that
will save has been outmoded since the inception of ransomware, encrypting
exploits. Anything they can get to now, they encrypt, including external
devices, mapped and unmapped networks shares,
DropBox/OneDrive/GoogleDrive/SugarSync synchronizations folders (and hence
their cloud counterparts). Disconnected backup includes the old rotational
backups and/or true cloud backup solutions. 

Prevention is much less expensive than reactionary remediation.

I still get a lot of PCs to clean up for people that aren't my RMS clients.
They come in with all sorts of "security" programs installed and mostly
ignored. Hence my attitude towards "free" security solutions. They're only
free until I have to get the PC ;-)

-----Original Message-----
From: dba-Tech [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of
Tina Norris Fields
Sent: Tuesday, March 15, 2016 10:05 AM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Win 10 virus protection

"Bitdefender is what I replaced Vipre with"

Hi John,

Is this just for Windows 10, or have you abandoned Vipre altogether?

TNF

Tina Norris Fields
tinanfields-at-torchlake-dot-com
231-322-2787

On 03/14/16 5:46 PM, John R Bartow wrote:
> Bitdefender is what I replaced Vipre with. Always keep a copy of MWB 
> free onboard for a second opinion.
>
>

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com


_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list