Friday, March 8, 2013

Got Sidetracked

I was working on Part 2 of my multi-part story about my research into the old rail spur beside Wall Street Storage when I got sidetracked (heh) by some computer issues in Mrs Elliott's company.

It started with the hard drive on Mrs Elliott's computer -- the computer she uses and which also serves the company accounting files with the bookkeeper. It was making some funny sounds, and the machine crashed a couple times.

So my attention was deservedly diverted.

I ran some diagnostics on the drive and, yep, it came up as an unhappy camper.

Paul Spencer (of Paul the Computer Guy) said that the drive needed to be backed up immediately and the data cloned it to a new drive.  I ran the backup, then drove the machine to his shop for the cloning.

That was Friday morning of last week.

Later that same day, they called to say that while the cloning went fine, the machine was running slower than they felt it should, so they were going to scan it over the weekend for viruses.

(Computer viruses are a rather small subset of what is known as "malware" or malicious software: an umbrella term for all sorts of computer nasties. Wikipedia says that malware

[...] includes computer virusesransomwarewormstrojan horsesrootkits,keyloggersdialersspywareadware, malicious BHOsrogue security software, and other malicious programs; the majority of active malware threats are usually worms or trojans rather than viruses.)

This worried me. Were malware found on Mrs Elliott's computer, then other company computers might be infected, too. So over the weekend I scanned the other computers and while most came up clean, one was hosting a kind of trojan called a Browser Helper Object, or "BHO," and another had a malicious rootkit. I scrubbed them both, but I was troubled.

To be fair, I have a good firewall between the office and the big bad wild world of the Internet, I have a  good and strong anti-virus program on all the computers (except for my personal Linux machine which doesn't need it, a-hem), and I recently rebuilt the wireless network in the building so that visitors and employees with mobile devices are restricted to a "guest" wireless network which keeps them from accessing the company computer resources. I thought we were fairly safe.

Anyway, on Monday, when I picked up Mrs Elliott's computer after Paul the Computer Guy's shop, they reported that no malware was found on it. There were a few extraneous processes they found running that might have slowed it down a bit, but nothing malicious.

But still. One computer with a trojan and one with a rootkit. I needed to take a harder look at what IT people consider to be Best Practices for small office/home office (SOHO) computer security.

So, rather than catching my reader up on the fascinating story about the old rail spur that was put in in 1910 to go to the old Bend Flour Mill, I've been geeking about, reading articles, harmonizing the update schedules on all the company computers for such vulnerable software as the Microsoft Windows operating system, and Adobe Reader, and Adobe Flash, and Oracle's (laughably exploitable) Java, and Google Chrome and Mozilla Firefox and Microsoft Internet Explorer browsers, and Mozilla Thunderbird (email), and setting up malware scanners, testing sandboxing applications, Microsoft's Enhanced Mitigation Experience Toolkit (EMET), and secure DNS providers, -- and, just in case I wasn't being thorough enough -- writing up Acceptable Use agreements for the computers and the network for the employees to sign.

The bases, for Mrs Elliott's company, I am trying to cover. Oy.

Railroads, old rights of way, maps and ancient Bend Bulletin stories have been backburnered. I will return to my story soonest.

No comments:

Post a Comment

 
------------ Facebook update page widget added 3/2012 --------------
------------ ends facebook update page widget -------------