Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Honey, my laptop is acting funny again InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Honey, my laptop is acting funny again

Published: 2010-04-25
Last Updated: 2010-04-26 11:46:32 UTC
by Chris Carboni (Version: 2)
26 comment(s)

It's a phrase that causes dread in the hearts and minds of many a security professional, including myself.

The firewall is on and tightly configured, AV is is installed .. all the usual precautions are in place but inevitably, somehow, every few months, the system becomes infected.

With three family laptops in the house ... well I think you see where this is going.

My wife and kids have been resistant to move to linux systems so I've been considering running a linux hosts with Windows VMs that I just revert to snapshot as needed.

I know I'm not the only one who is in this situation so if you have a better solution, send it in and I'll add it to the diary.

If you're in the same boat that I am, check back as someone may have a solution for you.

Oh, and, uh .. in addition to fixing the laptop, I have a "honey-do" list so I may take a bit to get back to you, but I will.

Anyone know how to install a built in dishwasher?  ;)

 

UPDATE:

Thanks everyone for the tips, including the step by step instructions for the dishwasher.  :)

Most of the reaction to this diary was via comment but there were a few emails.

It's interesting to note what different people's interpretation of "all the usual precautions" was but there were a few common themes.

Don't run as admin, restrict file sharing, "user education", maintaining router logs, Vista UAC, up to date patching and AV, logging on all PCs.  Yes, these and more are all in place.  :)  It's also interesting to note that these are also the same measures taken on many corporate networks.  I've been toying with the idea of picking up a cheap laptop for the sole purpose of running Snort.  That may be a next step.  :)

To the person who mailed me anonymously, no worries.  Your comments are taken as intended.

In the end, despite what we may want, we can't prevent everything.   Whether corporate or home network, compromises / infections will occur.  It's not a question of if you get compromised, it's when.

Building systems and networks with defense in depth is important but so is having the ability to quickly and thoroughly clean up and incident, whether at home, or at the office.

 

Christopher Carboni - Handler On Duty

Keywords:
26 comment(s)
Diary Archives