Anti Virus

What prompted this article wasn’t search engine optimization, but my unpleasant experience with the Cryptolocker Trojan (difference between a virus, trojan, worm & bot). This article will show you what you can do to prevent losing your photos and data whether personal or business.  I thought I was too smart for this to happen to me!  I was wrong.

Previous viruses and malware attacked your computer, used it for malicious purposes or stole passwords.  The new breeds do that and then encrypt your files so you can’t use them unless you pay money.  This is called ransomware.

If you’re fortunate enough not to know what Cryptolocker (this link goes to Wikipedia-not Cryptolocker) does, don’t wait to find out. Once infected, it will “phone home” to the server or command-and-control center of its maker. It calls home to obtain a public key needed to encrypt the files on your computer and all other computers it can reach on your network.

Think this is illegal and they can’t do that?  That’s what everyone tells me!  They’re in Russia so you can file a complaint with the police in Russia.

Once you find out about it, it’s too late. Your files have already been encrypted. Transferring your files to another computer will not help. Don’t even think about trying to decrypt your files unless you’re the director of the NSA.

You will never be able to use your files again unless you can get the private key from the people who encrypted your files. This will cost you a lot of money and may not be successful. I tried to pay $500 but because law enforcement agencies temporarily stopped the criminal, my files never got decrypted.

Finally, don’t take comfort in the news that international law enforcement agencies seized the command-and-control servers. The criminals were not caught and the malicious servers may be restored. Also, copycats like Cryptolocker 2.0 are already sprouting and future viruses will not only continue but become even more sophisticated.

Fortunately, it’s fairly easy and inexpensive to protect yourself. There are several things you can do (explained in detail below):

  1. Backup your files
  2. Use the right antivirus software
  3. Protect your Internet connection
  4. Alternatively, you can use Linux instead of Windows (Linux is even more secure than Apple. I recommend Ubuntu Linux)
  5. What I use

1. Backup your files

Types of backups:

  • Copy your files to a shared folder in the cloud
  • Back up just your files without your software and operating system in the cloud
  • Back up just your files without your software and operating system on a local drive
  • Back up a mirror image of your hard drive locally or in the cloud

The least expensive way to backup your files is to your own storage drive such as an external hard drive; portable hard drive; and/or a USB flash drive. Make sure you keep multiple copies so you don’t overwrite the good files with bad ones. You should know that using a RAID (simultaneously using two hard drives), which I have, will only protect your data if one of the hard drives fails. A virus will infect both drives.

You can also backup your files to off-site storage “in the cloud”. However, use a backup service, not a file syncing service. Don’t think that your files are safe if you’re using a syncing service like Dropbox which is only for convenience.  A Trojan like Cryptolocker will seek to encrypt those files and the good files stored in the cloud will be overwritten with the bad ones anyway.  Online backup services now offer file syncing, so don’t take that option and use a separate service.

Use a backup service like Mozy.com or Carbonite.com. Make sure that you are backing up all of the files and folders that you want backed up and not just the ones that are backed up by default. Mozy keeps 60 versions of your backups so when you overwrite good files with bad ones, you can go back until you find a good copy.

Fortunately, my server with all my law practice and client files were backed up with Mozy.com and almost all of my personal files were backed up on external storage but not the last few months!  I lost three months worth of scanned receipts and invoices for my business and some personal files which were on my desktop computer. I’m now using Mozy.com to back up all of my files.  I also us Amazon S3 to backup my websites. Did you know Amazon S3 can secure your data? Amazon S3 now offers server side encryption with customer-provided keys (SSE-C).

Backing up a mirror image of your hard drive allows you to restore the operating system together with all of your software and data files. Mirror image backups should be checked monthly to make sure that they are not corrupt. You should never rely on backing up only a mirror image and should also backup your data files. Most mirror image software like Ghost will not allow you to restore the backup to a different model motherboard. However, Genie9 claims that they can restore your mirror image back up to a different motherboard. Genie Backup HomeGenie Backup Manager Server.

Mirror image back up software (not in any order):

BackupReview.com – in-depth reviews of cloud backup and storage services and backup software.

Mirror image copies of your hard drive can be large but can be backed up in the cloud with an inexpensive service such as Amazon S3 or on site to reduce cloud storage costs. To increase security for on-site storage, take a look at ioSafe which is a fire resistant, water resistant and theft resistant enclosure for your hard drives.

2. Anti-virus software.

I was using AVG free edition which did not stop me from getting Cryptolocker. There is no way to determine which antivirus software is best because it changes at any given time. However, the antivirus that consistently performed best in the tests below is Kaspersky.

I don’t need all the features of Kaspersky PURE so I bought Kaspersky Internet Security to replace AVG. I didn’t buy the small business version because my server does not go on the internet and I don’t want to slow it down.  Hopefully, I didn’t make a mistake. 

After installing Kaspersky Internet Security, it slowed Outlook terribly and crashed it when I tried to reply to an email.  The solution is to turn off spam protection by opening Kaspersky; click on Protection Center; scroll to the bottom and move the Anti-Spam slider to the left so it is red. Outlook is back to normal.

Kaspersky’s customer service is consistently excellent.  I called them and and was transferred to a knowledgeable person immediately without waiting.  I later contact them by chat and was transferred to a chat with a knowledgeable person immediately without waiting. That person offered to call me and did so immediately.

You can see a comparison of Kaspersky Anti-Virus, Internet Security & PURE. Kaspersky claims to also have anti-malware and anti-rootkit which is what Malwarebytes’ Anti-Malware does.

Malwarebytes ‘ Anti-Malware (also known as MBAM) is great anti-malware software which works real well but it is not meant to be anti-virus.  It is designed to work with and in addition to your antivirus software.  Malwarebytes stops and detects trojans, worms and spyware (not viruses). NOTE:  Malwarebytes free does NOT provide real-time protection (I found out the hard way!). The free version is only meant to be used to clean an infected computer.  You must buy Malwarebytes for real-time protection. The question is will Malwarebytes work with Kaspersky?

Malwarebytes Anti-Exploit protection for browsers provides real-time protection. Not part of MBAM, it is separately installed in seconds and is free for personal use.

I recommend that you use a paid version of your antivirus software and make sure that you keep it updated. Many people purchase computers with a free trial and then never pay for the software and don’t get the updates.

The anti-spyware I found to be the most effective is SUPERAntiSpyware.  Kaspersky says it removes spyware but it may only remove the most dangerous spyware or it’s just not effective at removing spyware. SUPERAntiSpyware removes a lot of spyware every day. The free version of SUPERAntiSpyware does the same work as the paid version but has to be manually updated and run while the paid version is automatic. I have been using the paid version for the last two years which updates and runs automatically.

Anti virus comparison

http://www.av-comparatives.org/dynamic-tests/

http://www.av-comparatives.org/wp-content/uploads/2013/12/avc_prot_2013b_en.pdf

Infected with a root kit?  Malwarebytes (MBAR) can help

http://www.techrepublic.com/blog/it-security/rootkit-coders-beware-malwarebytes-is-in-hot-pursuit/

https://www.malwarebytes.org/antirootkit/

http://blog.malwarebytes.org/news/2012/11/meet-malwarebytes-anti-rootkit/

3. Protect your Internet connection.

Make sure that you or someone using your computer or any computer on your network is prevented from being infected from a malicious website before your antivirus software can even look at it. I am now using Cisco Umbrella formerly OpenDNS.com and wish I was using it before, because it would have prevented me from getting Cryptolocker.

OpenDNS.com inexpensively provides enterprise protection that you can get from companies like Infoblox or Fireeye without the substantial cost of those companies. You can get it for as little as $20/year per user with unlimited computers/devices and they even have a free version.  Their pricing is confusing, so you should call them.

OpenDNS.com does not replace antivirus software but is a very important addition. OpenDNS.com works by changing the DNS settings from your Internet service provider to OpenDNS.com.  Not only can OpenDNS.com help protect you from getting a virus but it can also speed up your Internet connection.  OpenDNS.com can even protect your devices off-site.

I got Cryptolocker by clicking on a link in an email which came from a friend. I never do that unless it’s obvious that the email was sent by someone I know. The email contained a link to a website about an unusual topic which my friend knew I was interested in, so I thought the website was okay. When I clicked on the link, I found a Google warning that the website may be infected. I closed the browser but it was too late. You should know that even legitimate websites get hacked and will infect your computer when you visit the website.

OpenDNS.com would have prevented me from getting Cryptolocker two ways. First, OpenDNS.com would have prevented me from reaching the website. Second, OpenDNS.com would have prevented the virus from contacting its command and control center had I been infected.

I started a trial account with OpenDNS.com in the morning (after disinfecting my computer) and by the afternoon, I had my second incident of going to a malicious website! I was trying to go to the website of a well-known memory manufacturer and accidentally left out one letter while typing too fast. OpenDNS.com immediately notified me that it was preventing me from going to a malicious website.

I called a friend of mine who uses Linux instead of Windows and I asked him to visit the website to see what was there. He told me that it was definitely a malicious website trying to infect him with a virus and said “but I don’t care because I’m using Linux.”  I was sold on using OpenDNS.com on the first day!

My trial account was with their enterprise Umbrella Cloud-Delivered Web Security which protects all of my devices behind my router and also protects my off-site devices for $370/year. The router service allows me to protect my server without installing their software on my server. I simply changed the DNS setting on my router and everything was immediately protected.  For off-network devices, you install their roaming software.

After the trial, I purchased Umbrella Prosumer with the same protection for only $20 per year per user (if you have less than 6 users) by installing their roaming software on all of your devices. The charge is annual per user instead of per device. You can see the prices at http://www.opendns.com/enterprise-security/packages-and-pricing/. The prices shown in the large boxes are for six or more users. For less than six users, look below the large boxes at “Want a package for 1 to 5 Users?”

To check if your setup correctly and protect by OpenDNS:

http://welcome.opendns.com > An OpenDNS Web page with a large checkmark and wording that says, “Welcome to OpenDNS!”

http://www.internetbadguys.com > An OpenDNS Web page with a warning icon and wording that says, “Phishing Site Blocked!”

My questions about how to set up Umbrella Prosumer

4. Use Linux!

Avoid all the trouble and just use Linux instead of Windows.  There are very few viruses written for Linux and you can’t get a virus when you use Linux unless you manually enter an administrator password and install it.  I recommend Ubuntu Linux and it’s free!

5. What I use:

  • Microsoft operating system
  • Microsoft Office 365 email
  • Kaspersky Internet Security
  • OpenDNS.com
  • Malwarebytes Anti-Exploit
  • Backup: Mozy


Comments

  1. Grahme Fischer says:

    Phil,

    Great article! Thanks for sharing it. I didn’t understand everything but it provides me with a great starting point for learning.

    In the past I didn’t trust Kaspersky because of my 25 years in the Aerospace industry and the Soviets (a/k/a Russians) were the enemy. Now we are in a new world.

Speak Your Mind

*

Time limit is exhausted. Please reload CAPTCHA.