Best Anti-Virus options?

I feel for you guys who have to support users with admin rights. Without admin and locked down Group Policy users have to try very very hard to break things.

Zodiac_sl said:

I feel for you guys who have to support users with admin rights. Without admin and locked down Group Policy users have to try very very hard to break things.

Click to expand...

We have locked down group policy so users can't make system modifications, access the registry, save to C: drive, etc, but to be 100% honest from my experience removing admin rights is a catch-22. You reduce the amount of malware, toolbars, and self-inflicted user stupidity problems, but also greatly increase the amount of helpdesk tickets from users that need software installed. Even better when Mr. executive attends his Webex meeting at the last minute and can' install the plug-in then lights up the help-desk with all sorts of colorful death threats. No admin rights is the right thing to do from a security standpoint, and is good for IT, but it does impact user perception of IT and forces a higher level of reaction from support staff. If I had started the network from scratch with no admin rights it wouldn't be so bad, but when you inherit a network that has had admin rights for years with a fleet of installed software, switching to a non-admin environment is very daunting.. It's gotten to the point now though that if someone gets infected, we spend 5 minutes running malwarebytes, and if it isn't clean with a quick scan we just push a new OS down over the wire in 10 minutes. Desktop/Mydocuments/appdata all redirected so not much user specific stuff to worry about.

I use Bitdefender Total Security.

BrutulTM_sl said:

Did you guys hear about thatCryptolockertrojan that was going around last fall? It encrypts all your files with strong encryption and then puts up a countdown timer with a button to pay them two bitcoins (worth like $2000 right now). If you don't pay before the timer runs out, they delete the key and even the NSA can't get your files back. Hope you have backups.

Click to expand...

Holy shit that's probably the most destructive virus I've seen in years. The fact that it encrypts network drives is particularly scary-- a single workstation infection can bring down your entire file server. The fact that it can execute without local admin rights and that most AV scanners can't stop the infection makes things even worse. Unfortunately the suggested mitigator, software restriction policies, isn't just something you can roll out. Improperly implemented and planned, software restriction policies can do as much harm as good..

I think Cryptolocker affected some police stations already right?

They locked down our network drives at school, we couldn't send shit - right around finals too! Made my last couple of weeks hell.

Noodleface_sl said:

I think Cryptolocker affected some police stations already right?

They locked down our network drives at school, we couldn't send shit - right around finals too! Made my last couple of weeks hell.

Click to expand...

So they removed all "write" rights from your network drive? That's certainly one way of addressing it lmao.. Yeah, some police station got hit and paid the $750 ransom. How's that for irony..

BrutulTM_sl said:

Did you guys hear about thatCryptolockertrojan that was going around last fall? It encrypts all your files with strong encryption and then puts up a countdown timer with a button to pay them two bitcoins (worth like $2000 right now). If you don't pay before the timer runs out, they delete the key and even the NSA can't get your files back. Hope you have backups.

Click to expand...

"The receptionist could not wait for the backup to complete on the last known backup date, and pulled out the USB drive early.? "


What kind of backup plan is having the receptionist copy shit to a USB drive?

That is one hell of a brutal virus!

Holy shit:CryptoLockers crimewave: A trail of millions in laundered Bitcoin | ZDNet

Wiki_sl said:

Earnings

In December 2013, ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators' earnings. The four addresses showed movement of 41,928 BTC between October 15 and December 18, a value of about $27,000,000 USD per the exchange rate at that point in time.

Click to expand...

This guy is actually roaming the internet and helping people with unencrypting his deed? And yet no one has tracked him down yet? That's absolutely fascinating, if he can get away with that... I'm pretty sure at some point his digital trail will be found and he'll be tracked down.

Frenzied Wombat_sl said:

So they removed all "write" rights from your network drive? That's certainly one way of addressing it lmao.. Yeah, some police station got hit and paid the $750 ransom. How's that for irony..

Click to expand...

Yeah it was bullshit because in the engineering department we use the network drive consistently for everything and even have to run some programs on vms

Damn this thing is fascinating and scarey attthe same time....

It doesn't encrypt the whole drive...otherwise the operating system wouldn't be able to boot without the private key being typed in.

It actively searches for files like jpeg..pdf...xls..doc..docx - files which are typically user generated and people would pay to get back. If you do daily backups it's a nuisance, if you don't - it's a nightmare.

If you are doing daily backups make sure the backup target isn't mounted all the time otherwise it'll do the same thing to your attached backups.