Today I was infected by CoinVault, a new malware similar to CryptoLocker I believe. Before today I was unaware of this entire type of malware. Fortunately I was protected by offline backups, but I have been thinking very hard about how to prevent this kind of thing from happening again, and am not sure I am satisfied with what I've come up with.
Regular backups are obviously very important, but I do not see this as the end all solution. Even offline backups are online for the backup process, which means you haven't removed the potential for infection of these backups, only minimized it to a short timeframe. If your system is vulnerable to cryptolockers, so then is your offline backup.
So how to be sure your system is not vulnerable? I've seen it suggested here to configure policies that disallow exe's from running in %AppData% or %Temp%. But how do we know malware couldn't start from another location? Are these the only places malware can inject itself from a browser? Further, the policy configuration mentioned is not available in home versions of Win7. Can UAC help here, or does it only work for installed applications and not simple executable files? Ideally I'd like to have no exe on my system able to run unless I've whitelisted it... is this possible on Win7 home versions?
My current protection plan is:
- put UAC to most safe setting (currently on most risky)
- change my normal user to non-admin privs
Not sure if those two things alone would have helped me here, but I'd like to lock down all arbitrary exe's as well if I can, which is the one area I'm struggling with.
Aucun commentaire:
Enregistrer un commentaire