This is the second part of my layered security for home users topic. Please read the part 1 first to get the full background.
Recently my father purchased a new laptop for both personal and work use. And like many parents, he is decent when it comes to technology; he is able to perform many of the basic computer functions such as email, YouTube, Skype, social media and online searches. But when it comes to security, like many others he simply relies on the anti-virus software. I usually install the anti-virus software and configure schedule scans for him but this time he was away and had his computer setup from the store he purchased it from. The store tech support installed the Norton 360 Suite. Now, even though I have my preferences when it comes to different anti-virus software vendors but when it comes to layered security it does not matter.
My father used his new laptop for roughly two months before he had me look at it. At first glance the system looked fine; the Norton 360 was not complaining about anything and the system performance was also fine. But when I opened the browsers (IE & Chrome) it was hard to locate the address bar – because the browser windows were covered with numerous advertising toolbars. Also, both browsers had a different homepage and default search engines had changed as well. At this point, I knew that some clean up was needed.
I started with my go-to-software: Malwarebytes. I used it to perform a full sweep of the system and after 3hrs it came back with more than 200 findings. And when I looked at the scan logs I found something interesting. Beside a hand-full of malicious executables, everything else was categorized as PUPs -Potentially Unwanted Program: “is a piece of software that is also downloaded when a user downloads a specific program or application.”
Now I have a previous experience responding to malicious activity generated by PUPs. Usually, this was done through an IDS alert when one of these PUPs beacon out. But in this case, my father’s system did not generate any IDS alerts; maybe because it had only been on the network for less than 3hrs. Regardless, I decided to remove all of the findings and then confirmed their removal by doing a subsequent scan.
And this is where the fun part begins. What do you do when you have cleaned up an infected system? Well, it’s time to place few protective measures. Most tech support personals perform this step by simply selling and installing a different anti-virus software. But this measure fails immediately because they do not take the time to understand how the system got infected in the first place and how the user uses his/her system.
In my father’s case, the system got infected due to his careless behavior while surfing online; this usually happens when he is searching. He has a hard time differentiating between legitimate links versus advertisements. And because of this, he tends to click on popups. Now, in a perfect world, you would do some security knowledge transfer and hope for a change in the behavior. However, this is not that easy so we have to complement this with something else. This is what has worked in my case: ad blocker.
I installed the AdBlock browser extension for both IE and Chrome on my father’s computer. This was in compliment to activating browsers built-in pop-up blocking functionality. The Adblock “blocks banners, pop-ups and video ads – even on Facebook and YouTube” – which is perfect for someone who surfaces the web most of the time.
However, in addition to ad-blocker, I also installed the DoNotTrackMe extension. The reason for this was because even though Adblock does a great job in blocking popups and other online advertisements but there is only so much that it can do due to today’s smart-advertisements. It is no surprise that online advertisement these days is very targeted – your online browsing behavior is tracked and based on this behavior you are presented with advertisements. This makes it extremely difficult to differentiate between legitimate search results versus advertisements.
During the time that I monitored my father’s machine (~3 weeks) with both of these extensions enabled, I noticed a significant decrease in the number of malware and PUPs installed on the system. In fact, during this time I ran 4 Malwarebytes scans and it came back with between 5-8 findings. Interesting enough, by the end of my monitoring the Adblock extension had blocked 6,370 ads and DoNotTrackMe blocked 4,269 trackers.
In conclusion, layered security has proven to be effective in our enterprises and now its time that we take this idea and implement it in our home systems. The free browser extension solution that I present here is by no means complete or elaborate, however, in my test above it has proven to be effective in blocking drive-by downloads (at a basic level) at a $0 cost!