Malwarebytes and "Really Dark Friday"
Over the years I have used Malwarebytes a lot to ferret out viruses and spyware on Windows machines. Has anyone wondered why the very same program can be used on every iteration of Windows from XP to ...
Forum Discussion
Malwarebytes is the only AV program I'd ever bother with other than MSE. It blocks via IP address (which helps with 0-days that other AV programs will not bother with.)
One recommendation I have is to use either a virtual machine utility (can be tough to get going if not familiar with it), or a sandbox program like sandboxie (easier to get set up, less protection.) Then do your Web browsing under that.
If you then get stung by CryptoLocker, if it is running in a VM, you are completely protected. You restore back to a known good snapshot before the infection took place, continue as before. If the Web browser is running under sandboxie, the ransomware will -think- it has encrypted everything, but in reality, every write and overwrite it has done is stored in a sandbox directory... so you have your original files untouched, and in the sandbox all the corrupted copies. Just stopping and deleting the sandbox will get rid of that mess.
I personally prefer using both a sandbox utility in a virtual machine, because it provides a pretty stiff barrier to getting infected, while not being a major inconvenience.
Of course, I always recommend backups. Mozy and an external HDD are OK, but best of all would be burning documents to a CD/DVD/Blu-Ray disk every so often. That way, they can't be tampered with.
One recommendation I have is to use either a virtual machine utility (can be tough to get going if not familiar with it), or a sandbox program like sandboxie (easier to get set up, less protection.) Then do your Web browsing under that.
If you then get stung by CryptoLocker, if it is running in a VM, you are completely protected. You restore back to a known good snapshot before the infection took place, continue as before. If the Web browser is running under sandboxie, the ransomware will -think- it has encrypted everything, but in reality, every write and overwrite it has done is stored in a sandbox directory... so you have your original files untouched, and in the sandbox all the corrupted copies. Just stopping and deleting the sandbox will get rid of that mess.
I personally prefer using both a sandbox utility in a virtual machine, because it provides a pretty stiff barrier to getting infected, while not being a major inconvenience.
Of course, I always recommend backups. Mozy and an external HDD are OK, but best of all would be burning documents to a CD/DVD/Blu-Ray disk every so often. That way, they can't be tampered with.
