The recent malware/ransomware infection

| No Comments

Perry Metzger has some excellent advice at Samizdata:

How not to be a victim of computer malware
For my friends who don’t know much about computers:

I do computer security work professionally. People always ask in the wake of yet another internet attack “what should I do to protect myself.”

The advice is always the same. Do what computer professionals do. Don’t do what you imagine computer professionals do, because you’re probably wrong.

    1. Always run the latest version of the OS and software.
    2. When security updates appear for your operating system or software, apply them as soon as possible, meaning that day. Configure your system to automatically apply updates if possible.
    3. Back up your computer frequently. Since normal humans cannot remember to do that, get software and/or a service to do it for you.
    4. Don’t use the same password with two different services, period. Since you cannot remember hundreds of different passwords, use a password safe, and remember only the password for it.
    5. If a web site offers two factor authentication (that is, you can set it up so it both requires a password and a code your phone generates), turn that on.

Every professional security person does those things.

If you ignore my advice, you’re going to get screwed one day, period. You might still get screwed even if you do follow my advice because the world is dangerous, but I can guarantee you’ll get screwed if you don’t.

Every organization that got infected recently by the ransomware worm was ignoring (1) and (2). Their suffering was avoidable. Do you want to suffer like them? Those that forgot (3) are really suffering because they have no way to recover. Why do you want to suffer? Every day, people get badly, badly screwed because the password that they use everywhere gets stolen and it is de facto impossible to remember every place you use it. Why set yourself up to suffer?

As to the question “who would attack me? No one is going to attack my computer, I’m unimportant”, the answer is that it isn’t individuals doing the attacks, it’s machines that are programmed to try to attack other machines by the hundreds of millions. You’re not being personally targeted, but that hardly matters when everyone on earth is being attacked. Your obscurity will not protect you. Even if you think there is nothing for the attacker to gain by taking over your machine, they’ll want it anyway, so they can set up a botnet to send spam from it, or use it to bring down other people’s web sites, or to take over yet more people’s machines.

Much more at the site - be sure to look through the comments - lots of good stuff there too.

Leave a comment

August 2019

Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Environment and Climate
AccuWeather
Cliff Mass Weather Blog
Climate Audit
Climate Depot
Green Trust
ICECAP
Jennifer Marohasy
MetaEfficient
Planet Gore
Science and Public Policy Institute
Solar Cycle 24
Space Weather
Space Weather - Canada
the Air Vent
Tom Nelson
Watts Up With That?


Science and Medicine
Derek Lowe
Junk Science
Life in the Fast Lane
Luboš Motl
Medgadget
New Scientist
Next Big Future
PhysOrg.com
Ptak Science Books
Science Blog


Geek Stuff
Ars Technica
Boing Boing
Don Lancaster's Guru's Lair
Evil Mad Scientist Laboratories
FAIL Blog
Hack a Day
Kevin Kelly - Cool Tools
Neatorama
Slashdot: News for nerds
The Register
The Daily WTF
TYWKIWDBI


Comics
Achewood
The Argyle Sweater
Chip Bok
Broadside Cartoons
Day by Day
Dilbert
Medium Large
Michael Ramirez
Prickly City
Tundra
User Friendly
Vexarr
What The Duck
Wondermark
xkcd


NO WAI! WTF?¿?¿
Awkward Family Photos
Cake Wrecks
Not Always Right
Sober in a Nightclub
You Drive What?


Business and Economics
The Austrian Economists
Carpe Diem
Coyote Blog


Photography and Art
Digital Photography Review
DIYPhotography
James Gurney
Joe McNally's Blog
PetaPixel
photo.net
Shorpy
Strobist
The Online Photographer


Blogrolling
A Western Heart
AMCGLTD.COM
American Digest
The AnarchAngel
Anti-Idiotarian Rottweiler
Babalu Blog
Belmont Club
Bayou Renaissance Man
Classical Values
Cobb
Cold Fury
David Limbaugh
Defense Technology
Doug Ross @ Journal
Grouchy Old Cripple
Instapundit
iowahawk
Irons in the Fire
James Lileks
Lowering the Bar
Maggie's Farm
Marginal Revolution
Michael J. Totten
Mostly Cajun
Neanderpundit
neo-neocon
Power Line
ProfessorBainbridge.com
Questions and Observations
Rachel Lucas
Roger L. Simon
Samizdata.net
Sense of Events
Sound Politics
The Strata-Sphere
The Smallest Minority
The Volokh Conspiracy
Tim Blair
Velociworld
Weasel Zippers
WILLisms.com
Wizbang


Gone but not Forgotten...
A Coyote at the Dog Show
Bad Eagle
Steven DenBeste
democrats give conservatives indigestion
Allah
BigPictureSmallOffice
Cox and Forkum
The Diplomad
Priorities & Frivolities
Gut Rumbles
Mean Mr. Mustard 2.0
MegaPundit
Masamune
Neptunus Lex
Other Side of Kim
Publicola
Ramblings' Journal
Sgt. Stryker
shining full plate and a good broadsword
A Physicist's Perspective
The Daily Demarche
Wayne's Online Newsletter

About this Entry

This page contains a single entry by DaveH published on May 17, 2017 2:47 PM.

Fake News - Comey and the New York Times was the previous entry in this blog.

Dirty Hillary is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.2.9