In my first Industry Insight, I wrote about the first three affordable technology foundations for a more secure digital world. To summarise briefly, they are:
1) Use a good router.
2) Implement a reverse firewall.
3) Maintain Windows Update up-to-date.
In this part, allow me to share some preventive measures:
4) Use a not-so-common anti-virus solution. Without naming the anti-virus vendors that take on the majority market share, I think it makes sense that any modern-day virus author will code a virus in a way to first disable or render the anti-virus product useless. This is a fact, not fiction. As a side point, the effort and quality of programs provided by the market leaders are not necessarily inferior in and of themselves. However, because virus and malware authors specifically target market-leading anti-virus programs to be disabled, it makes them much less effective in serving their purpose of protection.
From a business perspective, this is quite ironic as it is one area where companies don`t want to be a market leader anymore.
5) Use Windows Limited User privileges. In Windows, a user can be setup with limited rights. A limited user, for example, is not permitted to install software. A limited user is not able to make changes in the system32 directory. Try, for example, to create a folder, new file, or a rename. It will not be permitted. This is a very important element as most adware or spyware installs itself without even asking the user for permission. If, however, the user does not have permission to install it, it is highly unlikely that an uninvited program will be able to cause any damage.
It is worth noting that although this trick is very effective, there are many legitimate programs that simply will not run with Limited User privileges. This requires investigation into all the required programs and processes to make sure there are workarounds or alternative methods to achieve those needs without resorting back to full privileges.
From a business perspective, this is quite ironic as it is one area where companies don`t want to be a market leader anymore.
David Redekop, co-founder, Nerds On Site
To be honest, I`m quite surprised that this strategy is not implemented much more often. It is quite common that we, the `techies`, end up being the first point of contact for computer troubles for our friends and family. When I personally got to the point where my parents and siblings` computers required a re-install of Windows every few months, this trick changed everything for me! In my case not only did we find a workaround for every single program that required `Administrative` privileges to run, but I`ve never had to re-load Windows for any of their systems again. Moreover, I don`t have to worry about constantly educating them about new threats. The vast majority of them simply will not run on their system.
In order for this trick to work, at least one additional user must be created. Let`s say a computer is used by Joe (with username Joe), which he wants to use for day-to-day operations. Joe is currently an `administrator`, so he can create new accounts.
i) From User Manager, create a new account, call it `Admin` - also with `administrative` privileges.
ii) Log out of `Joe`.
iii) Log into `Admin`.
iv) In User Manager, change `Joe` from an `administrator` to a `limited user`.
All Joe needs to know is to log into user `Admin` whenever a software update is required. This includes most Windows Updates. Granted it is an inconvenience, but for the threats it avoids, I say it is worth it.
6) Implement OpenDNS, a powerful and fast, free DNS server. A DNS server can be likened to the phonebook of the Internet. It helps a computer to find the computer that can display www.google.com. OpenDNS does much more than just answer DNS requests. It also corrects common spelling mistakes and directs the user to the right address. Search for gogle.com (one letter o instead of two), and it will direct you to google.com. However, the single most important benefit to using OpenDNS is that it warns against phishing attacks. Phishing sites are those that look like legitimate sites (usually financial institutions) and entice users to enter their usernames and passwords which are then captured by the thieves and used to extort money and possibly further steal their identity. Did I say that it is free service? In many cases it is even faster than an ISP`s DNS server. Unfortunately, OpenDNS may not be effective if the ISP uses transparent proxies.
I will provide more preventive measures in the next two segments.
Share