Antivirus and other security software

[OwP]

The in-laws managed to fall for a scam phone call, they not only gave the scammer access to a bank account (£4k missing), they also gave him remote access to their PC. The PC in question is old any way so I am replacing it with a Win10 unit, checking their router passwords, removing backup HDs (old usb thing) all the computer stuff is currently unplugged waiting for me to get up there. Going to pull the HD from the old one and physically destroy it, luckily I backed everything up a couple of weeks ago.

Obviously there is no software to mitigate against giving somebody access to you stuff but what would people suggest as a good security setup? Just stick with the std MS security software or go for 3rd party? Thinking of firewall, AV, anti fishing etc.

Cheers

[g8ina]

AVG Free is what I use on the four PCs in our house, never had any issues.

MS Defender is also supposed to be good along with their Firewall, YMMV

D

[Saracen999]

The first security step I would advocate is putting either a Truecall call-/screener on their phoneline (I understand there is a smartphone variant, too, if they got taken on a mobile.

The biggest single advantage is that unless the call is from a known and whitelisted number, the way it works is that they get a pause to sit and consider before even picking up a call. My mother-in-law (now, sadly, gone) was targeted by scammers and while she never fell for it, it made her pegrified of phone calls and she stressed out every time the damn thing rang.

They're pretty configurable, amd I had hers set to, first, block international calls, second, force unlisted numbers to go through the block, and third, force numbers that were not unlisted butnot known to her, to eet through the blocker too.

By "get through the block", I mean the unit picks upthe call, and applies oner of several rules. But it was set to ONLY let white-listed numbers straight through. Anything else HAS to leave an announvement, and wait (muted) while the blocker rings the house phone, announces who is calling and that caller ONLY gets to speak directly to a person if the user accpets the call, havuing herd who it is. They're not faced with picking the call up to find it was a spoofed number.

That meant the mum-in-law no longer stressed out with incoming calls and the number of spmmerrs dropped hugely after that went in. I suspect they realise exactly why that's there, and give uo and move on.

I've had one installed as well for a year or so, and gone from several dodgy calls a weerk, most weeks, to none, at all, in that year. Not a one. So either they gave up on me at a coincidental moment or time, or the blocker is blocking them, because none get through to me.

Not that I think I'm susceptible. I particularly liked listening to the frustrated sigh when the "MS Support Desk" ones were told "Dunno who you think I am but I'm a fully Linux guy, no Windows here, guy." Or alternatively, "no computer here. don't understand them". Or better yet "Dad? Call for you" and put the phone down. One jerk hung on for about 40 mins waiting for "Dad" to come downstairs. Nobody would have been more surprised than me if he had, as he died about 10 years earlier.

But still, it was getting to be a right pain the the proverbial, and dropped to zero calls after fitting that.

I know it's not what you meant by security, but stopping them getting actual people on the phone kills their stunts stone cold dead before they even get to talk to anyone.

[kalniel]

Calls, SMS and emails are the main sources of issues. The software scammers use with remote access is usually legitimate in the first instance, and if they're being talked through installation of anything that isn't then they'll also be talked through ignoring any AV reports, so AV type software isn't going to help here.

So even if it wasn't what you were looking for, Saracen's advice is actually likely to be more effective than software. Most email clients and some mail providers have anti-spam options, ditto smart phones (though they're not super effective and require allowing google etc. to read your texts) - getting that set up, together with user education, is pretty much the only way of addressing this.

There are two software solutions:
1) use linux mint or something other than Windows
2) if they have to use Windows, lock it down with group policy.

Neither will stop a scammer getting them to use legitimate tools like broswers, but it'll stop installation of most malicious software.

[Saracen999]

I get the impresssion, OwP, that the in-laws aren't very computer literate. Is that correct?

Another approach mightbe to lock their machine down quite a bit, but this isn't going to work is they regularly install software. If you, or another relative, are their unpaid tech support, think about making sure that their default user type isn't an admin account. It's never nromally a good idea to use a standard account with admin permissions anyway, probably for anyone who's day-to-day work isn't administration. A very early task in setting up a Windows machine should always be to set up a 'user' level account and use that for normal use. If need be, lock out application installation rights. It might need the group policy editor to do it. TBH, I can't remember. Then, if (as Kal said) scammers are relying on getting remote control software turned on or installed, they're going to be frustrated when the in-laws have to supply admin logon details that they don't have,to get the install to work.

At the very least, even if you do give the in-laws the password for admin rights, the mere fact that they're having to provide that password to the system ought to be enough to make them pause and think about what they're doing. It might not stop them, as not having it would, but will give them a chance to say "I need to call OwP to get the password" to the scammers and the scammers will not want them doing that, for obvious reasons.

What I'm suggesting is that just as scammers try to con, and socially engineer, the unwary into doing things they normally wouldn't, if given a moment to think, you should try to socially engineer the in-laws into pausing and doing some thinking. Do things, like the above, designed to break the scammer's flow and give your relatives the nudge needed to, if need be, force them to pause, and maybe ring for advice.

Another pssobility, jsut to bang the message home, is to sit them down in front of YouTube and get them to watch a few of those 'revenge on the scammers' videos that a number of people do, scammimg the scammers, deleting their files, etc, while pretending to be taken it. Some of those are pretty funny, but also very educational. Again, it's about drumming the message home.

[Saracen999]

Or maybe work out what ports are needed by remote control software, and use firewall rules to close down those ports?? Many/most ISP-provided modem/routers should at least be versatile enough to do that, in the router itself.

[Saracen999]

Oh, and turn off "Allow Remote Assistance" and "Allow Remote Desktop" in System Properties unless you really want them left on.

[OwP]

I need to check the router and change the admin PW when I get there.
Have already picked up a PC from them from CEX, replaced the original SSD with a larger one, installed Win10 Pro, Avast, updated it, etc. Its a Dell optiplex 3040 mini tower, reasonable spec and more than enough for what they need. Do like the way it goes together, totally tool free, the front hinges out to allow easy access to the inside.

Good idea about the admin PW, I shall do that. Once I have it setup they shouldn't need to install any software or hardware, so locking it down shouldn't be a problem.

Thanks for the suggestions. They have also asked me to sort a smartphone for them, thats got me even more worried.

[OwP]

Oh, and turn off "Allow Remote Assistance" and "Allow Remote Desktop" in System Properties unless you really want them left on.

I will definitely do that before I hand the new PC over.

[kalniel]

I need to check the router and change the admin PW when I get there.
Have already picked up a PC from them from CEX, replaced the original SSD with a larger one, installed Win10 Pro, Avast, updated it, etc. Its a Dell optiplex 3040 mini tower, reasonable spec and more than enough for what they need. Do like the way it goes together, totally tool free, the front hinges out to allow easy access to the inside.

One thing to be aware of with non-confident PC users and things like Avast is that they often pop up sometimes quite scary sounding adverts for (say) the full priced version of the package. If they've just been scammed they're likely to get a bit concerned by this and potential mixed messages about not clicking on things yet at the same time being told they should click on something to be secure. It's horrible and self-defeating, so if you have to use windows then I'd either go with the inbuilt defender from MS, or a likely cost-version AV that you know doesn't pop up scary messages. Some free ones have options to disable notifications etc. but they don't always persist over version updates etc.

[OwP]

Good point about Avast, just installed it and it pops up warnings when you scan. Wasnt that long ago that banks offered free AV to get customers to use internet banking, think that disappeared when Kaspersky were seen as being a bit dodgy.

[Tyrannosaur]

Speaking of banks. If you/they are a Natwest customer you can get Malwarebytes Premium for free.
https://personal.natwest.com/persona...warebytes.html

Or if you/they're with BT you can get BT Virus Protect which is McAfee. This has a feature McAfee WebAdvisor supposedly to protect against online scams and remote access tools.

[philehidiot]

For antivirus and firewall I'm actually becoming more enamoured towards Windows Defender. I spent ages trying to build a virus to get past it. The results were actually very impressive. It was excellent at detecting encryption, behaviour and so on of known back doors. It was just as effective against RAT and custom backdoors built with tools as all the other AVs I tested against. Moreso, even when I built a virus that could get past Windows defender and hosted it on my webserver to be downloaded, Windows sent out so many alerts before it could be downloaded and executed that most people would pick up on it.

The downside of Windows Defender is that it's everywhere, which means trying to get past it is a popular passtime. The upside is it's everywhere, which means it gets exposed to threats and reports them back sooner.

I agree that the problem here isn't necessarily virus threats but social engineering. It's very easy to go all out when something like this happens, but as above, I'd go for a call screening service. Malwarebytes is a good adjunct to Windows Defender.

If you're blocking ports, include 3000 as well. That's the default for hooking to beef (or was a while back) and I don't think is used by anything else. A popular way of hooking people is to use a dodgy page you send someone to via a scam or XSS. I'd consider noscript to that end.

Honestly, though, anyone with any sense sets their backdoors to use ports 80, 8080 or 443 which you can't block.

EDIT: I wonder if you can black list installation of any remote desktop tools?