Solved

Do I need additional protection from ransomware?

Posted on 2016-10-07
13
122 Views
Last Modified: 2016-10-09
I have Vipre Internet Security and Malwarebytes Antimalware installed on my system.   Do I need additional protection from ransomware?
0
Comment
Question by:DoctorK12008
  • 3
  • 3
  • 2
  • +5
13 Comments
 
LVL 33

Expert Comment

by:paulmacd
ID: 41833611
No prevention product is 100% effective.  Overlapping your defenses as you've done is a step in the right direction.  

That said, having several good, current backups is the only way to be sure you can recover from any potential threat(s).
0
 
LVL 23

Expert Comment

by:Brian B
ID: 41833625
Having security at different levels is important and it appears you are doing that. Just keep in mind putting two solutions on the same system is sometimes counter productive. Just be sure the vendors support what you are doing.

Most security measures are reactive, so ensuring you have the ability to restore your files and systems if anything goes wrong is also critical.
0
 
LVL 20

Expert Comment

by:netcmh
ID: 41833626
Agreed! Good daily backups are crucial in combatting ransomware. That and useful and rewarding employee education! Use the NCSAM as an initiative to start and run the trainings focusing on social engineering, rewarding safe internet citizen practices.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 125 total points
ID: 41833629
You have the baseline but it is always preferably to adopt layered defences though it is not foolproof of user vigilance is lacking and the basic regime in patching is done.

Go for application whitelisting like Applocker for Windows. This deter Ransomware ease of executing their exploits. May also consider Microsoft EMET.

Backup is important and do not save it on local or network accessible drive in the machine as those files will also be encrypted by Ransomware - Have them Offline.

Augment anti malware with anti exploit and anti ransomware, check out Malwarebytes further as it has those too. Another is Winpatrol WinRansom.
0
 
LVL 23

Assisted Solution

by:Eirman
Eirman earned 125 total points
ID: 41833636
Don't use 'admin' as a user name.
Make sure that you only log in as an administrator when you need to.
Otherwise, perform your normal day to day activities as an "Ordinary User"

Consider installing this excellent software.
It works through your group policy and is great for white/black listing.
Use it for free and update manually, or pay a once-off fee of $15 for automatic updates.
-------------------------------------------------------------------------------------------------------------------------------------------
NOTE: I removed PHP & Excel as Topics for this question and added the 4 above.
0
 

Expert Comment

by:BWA IT
ID: 41833674
I'd also recommend adding "Gateway Antivirus" to your firewall if available.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 26

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 250 total points
ID: 41834471
Agree with btan. Also check out hitmanpro.alert now rebranded intercept x by Sophos. Regular backups.  There are some enterprise solutions,  like cylance. Kaspersky rates highest against everything according to SE Labs, a UK firm. (They didn'the test mbam).
0
 

Author Comment

by:DoctorK12008
ID: 41834981
I looked at Malwarebytes Endpoint Security bundle, which includes Anti-Malware and Anti-Exploit.   Since I have Vipre Internet Security, can I use both or will Malwarebytes substitute for it?
0
 
LVL 61

Expert Comment

by:btan
ID: 41834987
Viper Internet Security pro states it has below and from it description it is close to MB anti exploit. They would be equivalent.

Edge Protection™
Defends against Zero-day threats by protecting web browsers and their components against drive-by download attacks and known and unknown exploit kits.
0
 

Author Comment

by:DoctorK12008
ID: 41835829
Eirman recommended not logging in as an administrator unless it is required.   That seems like a wise move.   Is there any way to change my user from the administrator's group to the non-administrator's group so I do not have to set up everything as a new user?
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 250 total points
ID: 41835839
If the user is s local admin,  add to the local user group and then remove from local admin group. On Windows 10 just change from administrative user to standard user.

Read some stuff on the Principle of least privilege (polp) there are articles all over the web describing best ways to implement this.
0
 
LVL 61

Expert Comment

by:btan
ID: 41835867
Yes indeed least privileged principle is the gist of giving non-admin rights to user. Esp not as default in administrator group, the user should be removed as member in this group. This applies even for existing users.
Adding on, consider validating on the changes also use of AccessChk which is a tool that shows you the accesses the user or group you specify has to files, Registry keys or Windows services.
https://technet.microsoft.com/en-us/sysinternals/accesschk

As a whole strategy consider
Utilise a role based approach when allocating privileges @ Remember to allocate access according to roles or function rather than to users. This is easier to manage in the long run, if you are implementing Role Based Access Control (RBAC) remember that role creep is possible so roles and access need to be reviewed on a periodic basis. I typically recommend once every quarter or at a minimum once every six months. Maintain, review and revise privileges on a regular basis to keep them up to date and effective


Revise access to legacy applications @ Isolate the application and only allow the necessary access to the application, to the users and systems that require access. Administrative access should be limited down to exactly the function that is required. So that domain admin accounts that have been used for years should now be locked away and the password changed so that no-one can abuse that level of privilege.
2
 

Author Closing Comment

by:DoctorK12008
ID: 41836226
I am running Windows 7 Professional and was able to activate Administrator so as to use it as needed in the future.   I changed my default administrators group user to a standard user, so I was able to keep all my settings.   Many thanks to all who responded to my question.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
Read about achieving the basic levels of HRIS security in the workplace.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now