Your browser is obsolete!

The page may not load correctly.

Configure it!

Настрой-ка!

Other issues in this category (32)
  • add to favourites
    Add to Bookmarks

Remove the permission to read

Read: 707 Comments: 3 Rating: 8

Please tell me what you think about the recommendation to protect data against encryption ransomware by blocking access to all folders containing user files (making them “read-only”) via parental control. If a file needs to be changed, it can be copied to another folder where a user can work with it. When the work is complete, the folder is also assigned the read-only attribute. And even if ransomware manages to encrypt the new file after it has been saved but before the read-only attribute is assigned, at least the original file (that was copied into the folder) will remain intact.

Littlefish, comment left on the issue Think globally, act locally.

A good recommendation indeed! Let's see how it can be followed and tested.

Create a test folder containing a file. An already existing folder containing documents can also be used.

#drweb

Go to the -> Parental Control settings; select the user account we want to use and go to the Files and folders section.

By default, the feature is toggled off because no files or folders are being protected yet. Toggle it on.

#drweb

The Files and folders dialogue pops up automatically. For now the list is empty; press the plus button, select the folder we want to protect, and press OK.

#drweb

#drweb

The default access mode is Read-Only. That's exactly what we need.

#drweb

Now let's try to delete a file from the folder:

#drweb

It works!

And now for a fly in the ointment. Modern operating systems allow for multiple user accounts. In principle, the responsibility for controlling access to a folder can be delegated fully to an anti-virus and for most users that will suffice. But sometimes it won't. That's why access permissions are set for specific users.

#drweb

The situation seems simple: if only one person uses a particular computer, configure permissions for the administrator and for the user account this person works under, and voilà — everything's fine!

#drweb

What about this TrustedInstaller that exists alongside our known administrator and user accounts?

Starting with Windows 7, new operating system accounts are available that have higher privileges than those of an administrator. This measure is meant to provide protection against the accidental or deliberate deletion of system files and folders. But in our situation it means accounts we normally don’t work with exist in the OS and an attacker can abuse them.

#Dr.Web_Settings #encryption_ransomware #Trojan

Dr.Web recommends

If you want to restrict access to folders for better security:

  1. Create and use a special account with limited privileges. To do something in a system, an attacker will need to elevate them. For example, to delete backups, WannaCry prompted users for permission. If permissions were restricted and minimal attention was being paid to what was happening, the user was able to save their files.
  2. Install all security updates—if you use an account with restricted permissions and no known vulnerabilities are present in your system, an attacker will have a harder time acquiring the credentials they need. Experience shows that in most cases cybercriminals leverage known vulnerabilities, and if security updates are installed, an attack may fail.
  3. Use strong passwords. If a perpetrator does get in, they shouldn't be able to elevate their privileges by trying a dozen popular passwords.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments