ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Be prepared against ransomware viruses..

<< < (9/15) > >>

Giampy:
Another good tip - do NOT run as an administrator.  Set up another Admin account and delete privileges from your account.
Then, when you get a UAC popup, you will have to enter the admin PW rather than just hitting enter.
-hverne (July 02, 2015, 02:10 PM)
--- End quote ---

Yes, but it may be boring. I instead prefer to be administrator and then I start critical programs (like the browser) with limited privileges, for example by DropMyRights.
Convenience and safety at the same time.

wraith808:
^ That's nice!  Thanks!

Giampy:
However we are talking about ransomware and I fear ransomware can't be stopped by limited privileges. Encrypting data is not a system operation, so I think ransomware are allowed to do it even if privileges are low.
I think limited privileges are useful against other kinds of malware only.

wraith808:
However we are talking about ransomware and I fear ransomware can't be stopped by limited privileges. Encrypting data is not a system operation, so I think ransomware are allowed to do it even if privileges are low.
I think limited privileges are useful against other kinds of malware only.
-Giampy (July 03, 2015, 05:57 PM)
--- End quote ---

It can be stopped by limited privileges from accessing backups on the network and other machines.  Which was the most tragic part of the incident in the OP.

SeraphimLabs:
However we are talking about ransomware and I fear ransomware can't be stopped by limited privileges. Encrypting data is not a system operation, so I think ransomware are allowed to do it even if privileges are low.
I think limited privileges are useful against other kinds of malware only.
-Giampy (July 03, 2015, 05:57 PM)
--- End quote ---

It can be stopped by limited privileges from accessing backups on the network and other machines.  Which was the most tragic part of the incident in the OP.
-wraith808 (July 04, 2015, 09:12 AM)
--- End quote ---

Not necessarily.

Mapped network drives can be created and accessed by users without administrative access unless a group policy exists saying otherwise.

And Windows also allows users to access removable devices regardless of administrative access. Including any remote network filesystem that it has read-write access to.

Messing with user privilege would not have any impact at all on the speed of ransomware encrypting files unless that user privelage change also had associated restrictions on CPU and IPOS resource consumption.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version