Link to home
Start Free TrialLog in
Avatar of pititsonson
pititsonson

asked on

how to protect workstation from ransomware

how to protect a computer against ransomeware
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Stampel
Stampel

Just secure your working files frequently on a NAS, CLOUD or whatever you will choose.
Keep a few backups over weeks/monthes.
You need nothing else, you can always reinstall softwares but never loose your data.

When you hit a ransomware problem, format, resintall software, restore your working files from backup :)
Avatar of rindi
I don't agree that you need paid anti-virus tools. There are free AV tools available that are just as good or better than many paid for tools. Panda Cloud Free is one of the best such tools. But, most of the free tools are only for use in private environments, so when used in a company, use the pro version of panda, which isn't free. As said above, backups are the best way to protect yourself. But make sure that after the backup is done that you disconnect the backup destination from the PC. Also don't map network shares to drive-letters. Current ransomware can only infect network shares if they are mapped to a drive-letter. If you use the full url, using \\IPOfServer\ShareName the files are safe at the moment.

As already mentioned, never use admin accounts, and user education for web activity are good precautions.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
How might pititsonson know the difference between "after the fact" protection and heuristics protection?
My sense is that a file scanner with heuristics is looking for patterns which are indicative of parasites without being as specific as a signature dictionary - and thus, not so much "after the fact".  Granted, they have to start somewhere.

Other suggestions are "be careful what you do" and "do adequate maintenance".  I clean up lots of computers and there is strong correlation between the "user type", "user habits" and the presence of parasites.

"Do adequate maintenance" means don't let your security software some how lapse.  I have seen too many computers with Norton or (take your pick) which has expired.  This leaves the computer in an unknown state regarding protection.  Generally, the Windows firewall is turned off because the other software is there.  etc.

"Be careful what you do" means don't be too adventurous on the web.  If you are then be very careful what you download and what you allow to be installed.  Many "good" websites present a very confusing array of download buttons.  It's worth spending some time figuring out where and how you will download things.
DON'T be attracted by anything that pops up!!
DON'T be attracted by the latest and greatest video player!!
etc.
When you install a program, look carefully at the checkbox options and if in any doubt at all, opt to NOT install anything that comes along.
Even Adobe software installs come with "extra goodies" that I don't want on my computer.  Uncheck them all.
MAKE SURE that what you're downloading is what you want and not something that's been named similarly.
Google top hits are ads that can lure you into places you'd rather not go.
Make sure the names and the download sites are OK by doing some research.

Some notorious site types:
- looking for a driver for your computer?  Be careful.
- adult sites
You are talking about "Norton which has expired". My experience in particular with norton (symantec products) is that it doesn't matter whether they have expired or not, they are terrible products all the way, and I regard them as "almost malware". Symantec products are always the first things I replace with better products from any PC.
rindi:  Well I rather agree with that but "expired" seems to create a much worse situation.  I'm thinking of the firewall status for one thing...
I've requested that this question be closed as follows:

Accepted answer: 500 points for thinkpads_user's comment #a40396839

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
With all due respect, but the proposed solution, though it mentions important things, lacks many of the most important proactive and countermeasures there are against ransomware (for example the 4 I mentioned). A split would be much more appropriate. How that split should be? Only the asker could tell, so I am not begging for any credit.

 Merry X-mas.