Locking Down Your Computer

[yogi]

It sounds too geeky for most folks, but in today's world of high tech computer crimes it's a good idea to at least know how to protect yourself. You might think you have nothing on your computer worth stealing, and that may be the case. However, if you become a victim to ransomware, your computer will be unusable until you pay the ransom or restore it from backups. Either way it's a PITA, and could be costly. So, here is a list of instructions regarding how to lock down your Windows computer - most of it works for Macs too.

DETAILS
https://www.bleepingcomputer.com/news/s ... ansomware/

If you are just curious and don't give a hoot about locking out potential invaders, here is the short form of the list in the article:

SUMMARY

• Make sure you are doing backups!
• Install a antivirus or antimalware solution that has ransomware behavior detections.
• Always install operating system updates 
• Keep programs on your computer updated
• Make sure your SPAM filters are working
• Enable the viewing of Extensions
• Do not open attachments without confirming that someone actually sent it to you
• Be careful of what you download from the Internet
• Rename vssadmin in Windows
• Disable Windows Script Host
• Disable Windows PowerShell
• Use strong passwords
• If you do not need Remote Desktop, disable it, otherwise change the port!
• Setup Software Restriction Policies in Windows
• Create a Application White List Policy in Windows

CONCLUSION
Though it may feel like there are a lot of steps, most of them require you to just change your computing habits or perform a task once and not worry about it again. If you follow these steps, not only will you be protected from ransomware, but you will also be protected from almost all other malware.

[pilvikki]

i just dnld the ransomfree program and hope for the best.... whenever i try to get creative, i forget/mix up stuff and then need 3 hrs to sort it all out.

[yogi]

Your approach is what most people do. At a minimum, be certain to scan the download before you install it. https://www.techspot.com/downloads/5547 ... anner.html

[Kellemora]

One other warning to add to what Yogi said.
If you do backups to an external hard drive located anywhere on your LAN.
Ransomware can and will attack those hard drives and NAS boxes.
Even if they are connected to Linux computers, because a single Windows computer may have access to the LAN.
I'm just lucky I had a hard drive for backup that I connected manually via USB only long enough to run backup and then disconnected it.

[yogi]

The article points out that all Windows shares are vulnerable. Their solution is to use cloud storage, which is sensible if you trust the storage provider. I use removable USB memory sticks for my most recent backups and a 1TB USB Solid State Drive to make images for long term backup.

My understanding is that as of the latest fall 2017 update, Windows in their infinite wisdom removed the native ability to make image copies. Since mine is essentially a throw away beta system it's not an issue for me. I will insist on having a way to make images should I use Windows 10 as a default system. Otherwise Linux Mint is looking pretty damned good to me. That's how important I believe image copies to be.

[Kellemora]

Well, as I learned the hard way. Having a Windows machine on the LAN does not protect NTFS formatted LInux drives.

It won't be long before computers will only do one thing, connect to the Internet and use all programs from on-line servers.

[yogi]

You realize Windows is no longer an operating system, according to Microsoft. It is now considered a 'service.' Things like their office suite are indeed available from their (store) server for a monthly subscription price. However, I doubt that Windows As A Service will ever fully replace third party programmers and stop them from selling their apps.

It's not just SMB and it's connection to CIFS devices that are vulnerable. SAMBA has been compromised as well.

[Kellemora]

I think MAC uses SAMBA, so has a lot of hackers working on hitting MAC computers too, even if Windows is the most vulnerable due to so many users. My wife want's her Windows XP back, hi hi...

I think Comcast has been compromised again too!

Opening websites has been painfully slow today, and the frau complained a download that normally takes under 15 seconds has been running for an hour.

Decided to check the speeds using various sites like speedtest.net and a couple others.
Download speed was 0.72 mbps on one, and 0.81 mbps on the other, both had upload speeds of around 4.4, and 4.8 mbps.
It's supposed to be 30 mbps downloads, which means 17 to 20 mbps is the norm.

Apparently Charter does not throttle their downloads. I say that because of the super high download speeds they get, often close to 300 mbps downloads. While Comcast throttles our download speeds based on what we are paying for.
Ironically, Charter is 55 bucks a month, and Comcast is 78 bucks a month for Internet Only at 30 mbps, higher prices can get you more download speeds.
The killer is, on TV Comcast advertises 19.99 per month for 30 mbps, for either one or two years, then they soak you.
I guess like most cities, Knoxville is on the TAKE and only allow ONE cable company per contract area.
Which means, the only one we can get here is Comcast, which is OK, but I think the prices should be more fair, as compared to the other cable companies.