Workstation Troubles

Main Menu

Members

Login

Security News Feed

CERT Announcements

Announcements: What's New on the CERT web site

FloCon 2010 Proceedings Available
Proceedings from FloCon 2010 have been released.
Software Assurance Curriculum Materials Available
A Master of Software Assurance Reference Curriculum and undergraduate course outlines are now available for download.
New Podcast Released
Internet-connected mobile devices are becoming increasingly attractive targets.

Workstation Troubles

Articles - Articles

Written by Don Reaves

Friday, 04 April 2008 07:04

Compromised workstations.

Compromised workstations are a serious problem for the office worker. I haven't looked at a customer PC in the last 180 days that wasn't hijacked, infected, or running too slowly. This is despite being behind firewalls, and running current anti-virus and anti-spam software. So where does this stuff come from? In most cases I have identified three sources.

1. Downloading 'free' programs from the internet like weatherbug, world time, toolbars, search helpers, screensavers, media players. All these promise great benefits to the PC user, but many it not all of them have a payload you don't want. Besides taking up bandwidth and resources silently and without your knowledge, their operation is suspect. The disadvantages outweigh any advantages.

2. The most crippling problems come from downloading music files using one of the 'free' music swapping sites. Besides the legal issues, these programs have a hidden payload that essentially makes your workstation into a server for spam, ads, pop-ups, and a robot to infect other PCs. In worst cases your PC will cease to boot, in benign cases, your PC is contributing to the ongoing problem. Usually the person who has downloaded this stuff had to bypass safeguards to or allow these programs to self install.

3. Instant messaging is the most insidious source of trouble. What starts as innocent usage becomes a PC user's nightmare. In mere moments and two mouseclicks a PC can go from clean to highly infested. These problems arrive sitting atop the instant messaging data and go undected by firewalls, and antivirus software until its too late.

So, what should you do to keep your business critical PC from being harmed?

1. Keep your antivirus software current. That means you pay attention to whether it is running and active and has current dates on the virus database. Let it update daily. Once a month or once a week is too infrequent.

2. Install and keep current an antispyware program. The internet suite packages from Symantec, McAfee, and Trend Micro have filtering and web scrubbing. Microsoft has a built in program called Windows defender but many question its effectiveness.

3. Prohibit users from downloading music files. Make doing so grounds for employee disciplinary action. Sites can be placed in a list of prohibited sites but new ones pop up every day so its hard to maintain a denial list. Its an employee problem rather than a computer problem.

4. Don't let your kids or guests use your business computers unattended. If you must allow guests to use your workstation, set up a guest account, with restricted rights for them.

5. Make user accounts password protected, restrict user access if possible, and keep your employees aware of the problems.

6. Use a dedicated Firewall. If you are on an office network and not behind a strong firewall with an active intrusion detection system your network and systems are at risk. Home users can use the built in firewalls in common DSL/Cable routers, or upgrade to an office quality unit.