What the latest Java exploits teach us about security

I contributed earlier to a disucssion on an article in The Register (Link) on dealing with malware caused as a result of security vulnerabilities in Java. The article discusses how to go about cleaning up the various pieces of Malware downloaded and requires the use of multiple security tools covered in 12 steps. As I and others suggested at this point, given an infection of this magnitude, going for a clean-up should be the last resort.

Virus removals are my least favourite computer repair job since it can be virtually impossible to totally rid a system of a virus, and even if you can, it will likely leave some residual damage. Furthermore, trying to do the cleanup means many hours of work and put curtly, our time is valuable and people just aren’t willing to pay the going rate.

So here’s my quick and handy guide to protecting your computer using a few cheap and simple tricks. This guide is intended for Windows users, and to anybody about to bleat on about how your chosen platform is immune to malware – sod off somewhere else:

1. Engage the brain
While there are some types of malware that can be automatically downloaded from otherwise reputable sites, this is generally the exception rather than the rule. I cannot count how many times I have heard of people having computer troubles after downloading nakedladies.jpg.exe or the “codec pack” for the pirated whatever they’ve just downloaded.

In short, the first line of defense is not to download unknown crap from sites you’ve never heard of. If you’re in doubt, Google it and you’ll get a good idea of how much you can trust the site and/or file.

2. Remove unneeded software
This is really referring to Java. Do you really need to run Java in your web browser. Can you remember the last time you even run a Java browser Applet? No? Well lose the functionality and you close a gaping infection vector. The same is true of flash player and adobe reader, although it’s a lot harder to live without Flash, while you can at least open PDFs natively rather than in your browser.

3. Get some proper security software!
This is your second line of defense after common sense and closing off the infection vectors. In terms of software I like either Kaspersky or Norton. Scan do a three user, one year subscription to Kaspersky 2012 for about eleven quid, and it is a good product which tends to block most of the nasties on your computer.

4. Backup, Backup, Backup.
When I get asked to look at a virus ridden computer the first thing I ask is do you have a backup of all your stuff. Invariably the answer is no, which precludes me taking the easy, but most effective option of wiping the disk and starting again.

The first thing to remember is that anything online and connected to your computer is vulnerable to malware. The best option is something on read-only media like optical disks, however backing up hundreds of gig to DVD-Rs’ becomes very boring very quickly. Therefore, another option is to use an external hard disk which is disconnected from the computer when it’s not in use (That is – Saving a backup to it!).

There are two steps to your backups, the first is your installation media and the second is your data. If you’ve built your system yourself, then you should have the necessary installation media available. If you downloaded it, burn it to a disk so you have an offline copy of it. This is more crucial if you built a pre-built machine since many manufacturers are tight and don’t include the installation media, preferring instead to give you a recovery partition and a tool to burn your own image disk. Remember what I said about online backups – I have had to deal with Malware which infected the recovery partition, I rebuilt the machine and Boom – the thing I was trying to get rid of come back to bite me (In the end I had to do a clean install off a DVD using the machines License key.)

Once your system is working how you like it, you may want to consider taking a system image. You can do this using the Windows tool, or a program like Norton Ghost if you want more control over the whole process. The advantage of this is that it gets all your files and the system, and makes recovery much more simple.

If you want more granular controls over your files then I would consider using a backup tool such as Acronis TrueImage Home which allows you to make incremental backups of your files and restore them accordingly.

However you back up your stuff though, make sure you validate it and test it periodically so if it’s ever needed, you don’t find yourself presented with an error message saying the backup cannot be opened.

5. Rebuild with care
So, despite following the advice, a nasty has made it onto your machine. That’s annoying, but it’s not the end of the world now. First thing you must do is not panic, and don’t go and plug your backup drive straight in, as the last thing we want is for the virus to infect your backups and return you to square one. First, you may want to back up any really important stuff created or modified since the last backup was taken, but don’t back it up to the clean drive. Next, format your hard drive and then scan it with a decent boot level antivirus tool to make sure nothing has been missed. Once you have a blank (and clean) drive then you can begin rebuilding.

Either reinstall your operating system and applications or restore your system from the most recent clean image. Then restore your files after virus scanning the backup files to ensure they are clean. Done properly, you should find that your system is unavailable for just a few hours and that when all is said and done, your files will be no more than a couple of days out of date – it’s still annoying, but at least you haven’t lost everything.

Too much hassle? Well what would you do if your computer exploded tomorrow without warning and took all your data with it? Because the great thing about the above strategy is that not only does it protect you from malware, it also protects you from major system crashes and hardware failures.


Leave a Comment

Your email address will not be published. Required fields are marked *