K
x2Education on how and where to surf and what to download and not download is far better. That in itself is a challenging task to tell users as well.
True, but most virtualization software allows for snapshots, which restore much faster than if you were to restore an image of the host.Most users aren't going to want to run linux and then install windows inside of that. It's just asking too much. VMs are susceptible to malware anyway so why run windows in virtual? Sure, you can create and image and re-image when needed but why not image a windows host instead? A host is faster rather than running a guest in a VM. Simple: image your drive and make a couple of copies of it.
Couldn't agree with this more.Education on how and where to surf and what to download and not download is far better. That in itself is a challenging task to tell users as well.
Most users aren't going to want to run linux and then install windows inside of that. It's just asking too much. VMs are susceptible to malware anyway so why run windows in virtual? Sure, you can create and image and re-image when needed but why not image a windows host instead? A host is faster rather than running a guest in a VM. Simple: image your drive and make a couple of copies of it.
Education on how and where to surf and what to download and not download is far better. That in itself is a challenging task to tell users as well.
How does Duqu infect computers? Can it spread via USB devices?
In the cases we have analysed, Duqu infects a computer through a targeted attack involving a Word document which exploits the CVE-2011-3402 vulnerability.
This is a 0-day vulnerability in the Windows kernel component Win32k.sys which allows the attackers to run code with the highest privilege level , bypassing pretty much most of the protection mechanisms from Windows or security software. According to our knowledge, Duqu is the only malware using this vulnerability to infect computers. All Kaspersky Lab security solutions detect this vulnerability under the name Exploit.Win32.CVE-2011-3402.a as of November 6, 2011.
When was this threat first spotted?
The first Duqu attacks were spotted as early as mid-April 2011. The attacks continued in the following months, until October 18, when news about Duqu was made public.
Easy.
Reformat hard-drive and install Ubuntu 10.10
Run Windows in a VirtualMachine.w/ backups.
If it ever gets corrupted, pull out a copy of a previous Virtual Machine backup.
If you ever worry about viruses,the only way to run windows is in a VM. It is like going out in the rain fully protected in a rain coat.
Most users aren't going to want to run linux and then install windows inside of that. It's just asking too much. VMs are susceptible to malware anyway so why run windows in virtual? Sure, you can create and image and re-image when needed but why not image a windows host instead? A host is faster rather than running a guest in a VM. Simple: image your drive and make a couple of copies of it.
Education on how and where to surf and what to download and not download is far better. That in itself is a challenging task to tell users as well.
I never surf on Windows natively. It is either in a VM or I use something else. In fact, it is a household policy.
You can have a hardware firewall, another software installed on the host, and MS Security Essentials, disable all javascript and still be at risk. Sure, block every single port except 80 and 445, and you'd still get infected.
There was a zero day exploit that lasted over 90 days last October before Microsoft was able to contain it. The Duqu zero-day exploit was an inherent flaw in the true-type font engine that could latch itself to the kernel. We have these boot-kit attacks that go un-detected by many of the up-to-date virus software like AVG. They couldn't even detect an infected Word document.
Some info on Duqu
Duqu Trojan revealed to be shape-shifting killer - Technology & science - Security - msnbc.com
7 Facts On Duqu Malware Attacks - Security - Attacks/breaches - Informationweek
Source: Duqu FAQ - Securelist
Since the payload is carried out through a true-type font. You can now browse websites where CSS embeds fonts as part of the HTML5 spec. So basically, no firewall is gonna examine a font for infection (well, they haven't done it before since Duqu).
It was sitting in the wild (April 2011) and Microsoft wasn't able to get a patch out until Dec 13. . Who knows how many variants have mutated.
Microsoft scratches BEAST patch at last minute, but fixes Duqu bug - Computerworld
Do you know what a boot kit is? It goes resident into bios and loads up at boot. The NT (Windows 7) kernel can't even detect it and hence, no anti-virus, malware app is gonna help you. It even effects 64-bit kernels of Windows. It loads up before the operating system.
Here is one that 148k and totally bypasses UAC. (A locked down, non-admin user can infect your system)
Windows 8 bootkit demo | ZDNet
You're gonna need a motherboard that uses secure EUFI to prevent this. How many people still uses BIOS? I bet about 95% of the people out there.
Here is another...
Researchers Release Bootkit Code Targeting Windows 7 - Security - News & Reviews - eWeek.com
All the education in the world isn't gonna help when you get work files and all the software virus scanning isn't going to help when you get a zero-day exploit that has been sitting in the wild for 90-180-360 days un-detected and un-patched. It is like a ticking zombie time-bomb ready to execute code.
We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.