Thank Dog Microsoft has...
... .saved us from ransomware. It says...
Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft. Some 2114 infections have been discovered from December to January on corporate endpoints operating Windows 10 Enterprise, an operating system that Microsoft boffins says breaks the …
'an operating system that Microsoft boffins says breaks the ransomware exploit chain thanks to its embedded Advanced Threat Protection exploit mitigations'
'Windows Defender Advanced Threat Protection (ATP), which provides a post-breach layer of protection':
'Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service: Endpoint behavioral sensors .. Cloud security analytics .. Threat intelligence' ...
Just pointing out, that M-shaft's anti-ransomware solutions (apparently) aren't very effective.
But here's what I think WOULD be: what I like to call 'safe surfing'.
a) don't surf the web or read e-mail from an ADMINISTRATOR login (this means create at least 2 logins on every machine, one with admin-level access that you RARELY use, and the other with 'guest' level access that's your main login with e-mail, etc.
b) do NOT use Intarweb Exploiter nor 'Edge'. Use a TRULY safe browser, one that's open source, and can have the NoScript plugin running for even MORE protection against rogue things.
c) do NOT view e-mail "as HTML". better still, don't view attachments "in line".
d) do NOT use Virus Outbreak (aka MS Outlook) for e-mail.
e) if possible, do ALL web surfing with a NON-WINDOWS operating system
f) *NEVER* "click on a link" in an e-mail
g) *NEVER* 'just open' or even preview documents attached to an e-mail. If you can do an 'open with' instead, this will mitigate MOST problems caused by mime type forging. Letting the OS decide what to do with the attachment, however, is likely to get you INFECTED at some point.
(the best way to handle attachments is to save to disk, use a utility to scan it and verify what it REALLY is, and then open it directly with the application that you want to view it with)
anyway, those are the 'rules' I can remember at the moment. Practice that, and get everyone on your network to do the same thing, and you SHOULD be fine, or at least BETTER OFF than "not doing that" and relying on Micro-shaft's "solutions" to "prevent" ransomware.
Biting the hand that feeds IT © 1998–2019