Honey, my laptop is acting funny again

Published: 2010-04-25
Last Updated: 2010-04-26 11:46:32 UTC
by Chris Carboni (Version: 2)
26 comment(s)

It's a phrase that causes dread in the hearts and minds of many a security professional, including myself.

The firewall is on and tightly configured, AV is is installed .. all the usual precautions are in place but inevitably, somehow, every few months, the system becomes infected.

With three family laptops in the house ... well I think you see where this is going.

My wife and kids have been resistant to move to linux systems so I've been considering running a linux hosts with Windows VMs that I just revert to snapshot as needed.

I know I'm not the only one who is in this situation so if you have a better solution, send it in and I'll add it to the diary.

If you're in the same boat that I am, check back as someone may have a solution for you.

Oh, and, uh .. in addition to fixing the laptop, I have a "honey-do" list so I may take a bit to get back to you, but I will.

Anyone know how to install a built in dishwasher?  ;)

 

UPDATE:

Thanks everyone for the tips, including the step by step instructions for the dishwasher.  :)

Most of the reaction to this diary was via comment but there were a few emails.

It's interesting to note what different people's interpretation of "all the usual precautions" was but there were a few common themes.

Don't run as admin, restrict file sharing, "user education", maintaining router logs, Vista UAC, up to date patching and AV, logging on all PCs.  Yes, these and more are all in place.  :)  It's also interesting to note that these are also the same measures taken on many corporate networks.  I've been toying with the idea of picking up a cheap laptop for the sole purpose of running Snort.  That may be a next step.  :)

To the person who mailed me anonymously, no worries.  Your comments are taken as intended.

In the end, despite what we may want, we can't prevent everything.   Whether corporate or home network, compromises / infections will occur.  It's not a question of if you get compromised, it's when.

Building systems and networks with defense in depth is important but so is having the ability to quickly and thoroughly clean up and incident, whether at home, or at the office.

 

Christopher Carboni - Handler On Duty

Keywords:
26 comment(s)

Comments

been using linux myself since the 90s; not going to impose what i see as a security thru obscurity measure on my family. in addition to what you've done and making sure all software on the boxes are updated relatively frequently, i just don't give my family admin rights and haven't seen them get into trouble.
Have them use Macs. User-friendlier and Unix underneath if you need it.
We routinely see current drive-by malware attacking both admin and limited users. Granted, cleanup from an attack against a limited user is typically much faster and simpler, it's by no means a guarantee that you'll be malware free.
We're a Mac family and the only issue the wife has ever seen was an obscene pop-up when a friend of hers got Koobfaced. We use OpenDNS for a little extra protection, and have the occasional lecture on the good the bad and the ugly of the internet...
Implement the free version of the Astaro Web gateway. Best thing I ever did. Stopped random infections across my entire home netwrok
If running Windows, take away the admin privs, enforce updates, load Firefox with AdBlock, WebOfTrust and NoScript (preconfigure this). I've also heard good things about Microsoft's "Steady State" app.

If running Linux, consider the LTSP and centrally-manage the primary image.

For the dishwasher, I found it easiest to set it where it was to be and built a frame around it. I then set a 1" thick butcher block on top for a prep surface and to minimize vibration. Then I just slid it out, drilled holes to drop the power to my circuit breaker box and connected the hoses (you really want it to have its own breaker). Slid it back in, screwed it in place and let it run. I did not connect it to my network. ;)
I have hardened Ubuntu running Sun (Oracle?) virtualBox with Windows XP inside VirtualBox. "Harden" is in the Synaptic Package Manager.
Hopefully the reason the kids are resistant to switching to Linux is not gaming, as there may be some weird driver / graphics problems in a VM...
Making sure they don't have admin rights and keeping everything up to date is a must. You can also install DansGuardian with an AV filter like Clam on it. It is free for personal use and quite effective. I do it at my house and haven't had any issues.
I use a combination of local user with Software Restriction Policies and don't have any issues. They can't write places they can run and can't run places they can't write. Combine that with some decent local hosts files, Firefox with NoScript and AdBlockPlus and it has been problem free.

Diary Archives