Remove the permission to read
Wednesday, July 26, 2017
Please tell me what you think about the recommendation to protect data against encryption ransomware by blocking access to all folders containing user files (making them “read-only”) via parental control. If a file needs to be changed, it can be copied to another folder where a user can work with it. When the work is complete, the folder is also assigned the read-only attribute. And even if ransomware manages to encrypt the new file after it has been saved but before the read-only attribute is assigned, at least the original file (that was copied into the folder) will remain intact.
Littlefish, comment left on the issue Think globally, act locally.
A good recommendation indeed! Let's see how it can be followed and tested.
Create a test folder containing a file. An already existing folder containing documents can also be used.
Go to the -> Parental Control settings; select the user account we want to use and go to the Files and folders section.
By default, the feature is toggled off because no files or folders are being protected yet. Toggle it on.
The Files and folders dialogue pops up automatically. For now the list is empty; press the plus button, select the folder we want to protect, and press OK.
The default access mode is Read-Only. That's exactly what we need.
Now let's try to delete a file from the folder:
It works!
And now for a fly in the ointment. Modern operating systems allow for multiple user accounts. In principle, the responsibility for controlling access to a folder can be delegated fully to an anti-virus and for most users that will suffice. But sometimes it won't. That's why access permissions are set for specific users.
The situation seems simple: if only one person uses a particular computer, configure permissions for the administrator and for the user account this person works under, and voilà — everything's fine!
What about this TrustedInstaller that exists alongside our known administrator and user accounts?
Starting with Windows 7, new operating system accounts are available that have higher privileges than those of an administrator. This measure is meant to provide protection against the accidental or deliberate deletion of system files and folders. But in our situation it means accounts we normally don’t work with exist in the OS and an attacker can abuse them.
#Dr.Web_Settings #encryption_ransomware #TrojanThe Anti-virus Times recommends
If you want to restrict access to folders for better security:
- Create and use a special account with limited privileges. To do something in a system, an attacker will need to elevate them. For example, to delete backups, WannaCry prompted users for permission. If permissions were restricted and minimal attention was being paid to what was happening, the user was able to save their files.
- Install all security updates—if you use an account with restricted permissions and no known vulnerabilities are present in your system, an attacker will have a harder time acquiring the credentials they need. Experience shows that in most cases cybercriminals leverage known vulnerabilities, and if security updates are installed, an attack may fail.
- Use strong passwords. If a perpetrator does get in, they shouldn't be able to elevate their privileges by trying a dozen popular passwords.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
05:10:36 2018-07-23
vasvet
11:33:56 2018-07-21