Yowzers! My dad's infection hell.

OK, I don't know much about LUA/SRP/SuRun.

But if someone is old, not very willing or able to learn, is it really a good idea ?

LUA must have some disadvantages, or else everybody would be using it ?
And let's keep in mind the differences between XP Home Edition and XP PRO, relevant for at least SRP.

So I don't know much about LUA.

partial quote:
'These two statements are contradictory. LUA *is* basic computer security. I don't understand the resistance to it by members of a so-called security forum. It uses no resources, doesn't have to be updated and will still stop the vast majority of malware without any interaction on the part of the user. People like Mark Russinovich and Aaron Margosis just might know what they are talking about when they recommend not running as admin.'

Least privilige, deny by default, allow by exception is sound computer security from a professional perspective. But I'd guess it's not for everyone.

For most people, computer security is not a hobby, and not even a topic of interest, unlike the members of this forum.

 

Let's take it simple... consider making his account a LUA... think through if he's doing stuff that needs an admin-account. Installing new software? Changing the clock a dozen times a day P)? Etc. etc...

The average Joe's that I know about *ehm* my mom *ehm* () doesn't need new software or anything - just using e-mail, FaceBook, documents, etc. When she gets a laptop of her own, I'll definitely set it up with a LUA-type of account.


Let's sum it up... 1. If he doesn't need an admin account to be able to do what he does, LUA is a no-brainer. 2. If he does need an admin account for an unspecified amount of tasks, think through the administration needed from you and if it's worth it - considering what started this very topic.

 

Why not? I would dare to say it's less confusing for some people than the configuration of a security suite. Once it's set up, there's not a lot to do. Just for the hell of it you should try it out yourself, it might be enlightening.

Check out tlu's thread on SuRun, which makes using a limited account a breeze. Mrkvonic also has a tutorial for it on his site. I set up computers for a couple of people with LUA and SuRun and they have no problem with it. These are people who are not geeks and are not particularly security conscious (i.e., they don't give it a second thought). They also have Avira free so they can scan files they download, but that's it. No HIPS, sandboxes, etc. They've been running like this now for over a year with no problems.

 

Well, if someone is old and unwilling or unable to learn, then LUA is certainly a much better idea than trying to educate them (you can't educate someone who is unable to learn), and a much better idea than running any complicated security software. A simple AV set to automatically destroy malware is indeed very simple - until it gets a false positive and thrashes the whole system or fails to remove some malware infection that got past it.

People don't use LUA because of roughly three things: 1) Ignorance - they don't know anything about security. 2) Stupid default settings in Windows - since the account created during installation is not LUA by default, people don't use LUA. 3) Ignorance + stupid default settings in Windows = developers coding a lot of software that doesn't work correctly in LUA, and people not liking software that doesn't work, they move to an environment where it does work. Beyond these three most common reasons there is rarer, more eccentric stuff like the people who don't want to run LUA because they're on some sort of a digital powertrip and don't want to be "limited" in any way, or the people who consider LUA a pain in the bottom but meanwhile find running with three anti-malwares, a sandbox and a HIPS product completely comfortable even though they can't do anything without being prompted by some security software.

Like everything in life, including ice cream, LUA has obviously some disadvantages. But to most people in most cases, the benefits ought to far outweigh those.

Least privilege is certainly much better for "everyone" than complicated security software that requires users to understand things like what DLL files are and why Rundll32 shouldn't be allowed to load random, untrusted DLLs. For the people that have little interest in security as a hobby, but have some interest in not getting owned, least privilege is very good.

If you run LUA, and use some decent AV, you've got protection that is still very simple to use for anyone who can click a mouse, and on the other hand is also a whole lot stronger than just running as admin with some popular security suite.

Honestly, I think anyone who considers security a hobby or interest should at least spend some time learning about LUA. Not knowing about least privilege but still having security as a hobby is like having cars as a hobby but not knowing how to use a manual transmission.

Security is a process, not a product. LUA is a very basic, important part of that process. It's not the complete solution (nothing is), but it's an important part of security.

And if you look at what many security software products actually do, like some HIPS attempting to stop some program from loading drivers (that may be part of a rootkit for example), you'll find that they're just trying to avoid giving dangerous privileges to potentially malicious programs. In other words, they're trying to enforce least privilege, just in a different way than the limited user accounts in the actual operating system go about it.

 

Thanks all for the advice and suggestion's. Think I'll definitely take up some of those suggestion's. especially the LUA. In the meantime I thought I'd update you all on how it's going.

The pc was still really slow, so I swapped out AVG for Prevx. It appears that my dads low spec laptop didn't have enough grunt to run AVG. Now it's running Prevx it's a lot faster!

I've attached the log file of what infected his pc. What do you think. Anything in there to be particularly scared of? Should I still re-format or trust that now SAS, AVG and Prevx have come back with clean bills of health that I shoud move him to a LUA?

Incidently. It wasn't 775, it was 773 infection's. As if that makes much difference!!!

Thanks all for the help.

 

1. Take a backup of the files that he wants to save

2. Reformat the PC (I would never personally trust such an infected PC anymore before at least a reformat...)

3. After the PC is formatted, do the usual maintenance like installing drivers, Windows Updates, etc., then install the Anti-Malware application of choice - yours seems to be Prevx - and make it a LUA setup.


When you reinstall the OS, you should be the one deciding the password for the Admin account since you apparently can't trust his habits. SuRun (found here) makes it more secure and easier to manage a LUA type of account.

Turn off AutoPlay/Autorun of devices by following the instructions found here.


ONLY when you're done with all that, restore the backup that you've made of his files.


Hope this helps!



EDIT: BTW... for an automatic and free, effective AM program, please see Microsoft Security Essentials, which can be downloaded from SoftPedia here. I install it myself on other people's PCs, people who aren't that computer savvy (like your dad ).


The advice that I've just given you in this post is only basic stuff, but you can consult the following which is taken directly from my own list:


"AUTOMATIC FREEWARE SUITE (For other people's PCs)
--------------------------------------------------

Microsoft Security Essentials/Avast! Home / Panda Cloud Antivirus
MVPS HOSTS File
Opera
OpenDNS
(LiberKey *)
(Rising PC Doctor)
(FileHippo Update Checker)
(Seconfig XP)"


If running avast!, you set all modules to "Silent Mode" with answer "No" (default) to make it automatic - you do this where applicable.