Are some programs using new tricks to install?
Posted 10 June 2004 - 10:53 AM
But I still get calls back to the same client. Things work great for a month, maybe more, and then . . . New parasites. And this doesn't happen all the time and not to all of my clients. It's actually only a few, but it's a decent number that get reinfected after a period of time - enough to concern me. The clients are usually embarassed and firmly insist that they have followed my instructions. Some people I have doubts about, and others have children that could account for new problems. However, others are old couples that only check email from the grand kids and book flights with Expedia; so I'm baffled as to how some get infected again.
People ask me how it gets back into the system when they haven't downloaded anything, and I honestly tell them that I'm not entirely sure. I can only make the assumption that code is built into webpages or ads that will install it if the computer, for whatever reason, allows it to. But this is only an assumption on my part. There have also been rare anomolies like the toolbar I had posted about that tried to add itself into my system merely by looking at and deleting a file that was taken off an infected computer or one case where a client would have new parasites every day and then discovered a trojan horse on his machine.
So, other than the software bundles and ActiveX downloads (the one that uses the familiar MS Security Warning pop-up - I don't know if I'm referring to it with the proper name), how else can parasites get into a computer? I'm asking because I have great sucess getting systems clean, but I feel that my preventative measures need some work, that or my clients are really dense and not very honest. And by the way, don't hestitate to use technical language if you need to - the more detail, the better. I am really curious as to how these things can install themselves.
Posted 10 June 2004 - 12:02 PM
Also, if the OS is NT-based, set the customers up with a Power Users/User level account for Internet use. Tell them to _NEVER_ use _ANY_ Administrator-level account for Internet access. _EVER_. If you don't have privileges, you can't affect the shell/kernel, and honestly, who wants to do that?
Also, you may want to set the people who just browse the web and check mail up with Linux instead of IE. If that's all they're doing, they wouldn't need gaming or anything, and Linux is a hell of a lot more secure than Windows in every respect - as long as you follow the cardinal rule of not running as root for daily work.
I'd also recommend SpywareBlaster, Ad-Aware (more frequent reference updates than Spybot), and Linux.
If they want to try Linux without formatting, toss them a copy of Knoppix.
Edited by Tuxedo Jack, 10 June 2004 - 12:04 PM.