If they want free I point them to security essentials, all the free products are worthless, security essentials is the lightest, so malwayre has less probability of taking advantage of taxed processor/cpu ala anything norton. malwarebytes seems to be the best at catching things if they want paid AV its always kasperky though it causes notable slowness on the interwebs, since it actually scans stuff
Geek squad is actually a great solution, send them there, then you dont have to worry about it since their computer no longer works, better than telling them to unplug the power cord On Tue, Dec 2, 2014 at 10:34 AM, Mike Hammett via Af <af@afmug.com> wrote: > I haven't decided to integrate my idea with SPAM prevention, but I've been > thinking about it. ;-) I'll get the other stuff working first. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > ------------------------------ > *From: *"Ken Hohhof via Af" <af@afmug.com> > *To: *af@afmug.com > *Sent: *Tuesday, December 2, 2014 10:24:59 AM > > *Subject: *Re: [AFMUG] 1. Netflix 2. Hacking > > I've had a similar discussion with customers who manually block the email > address of everyone who sends them spam. So they have a blacklist of > thousands of random fictitious email addresses that sound like the real > names of Batman villains. They feel good blocking the spammers, so I've > given up trying to talk them out of it. > > > -----Original Message----- > From: Mike Hammett via Af > Sent: Tuesday, December 02, 2014 9:36 AM > To: af@afmug.com > Subject: Re: [AFMUG] 1. Netflix 2. Hacking > > I can't force the abuse contact to do anything. > > If you don't try something, you're just as complicit. > > Fail2Ban with custom rules and actions is what I'm working on. > > Just because it is a dynamic pool doesn't mean people don't perpetually > have > the same IP. > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > > ----- Original Message ----- > From: Ken Hohhof via Af <af@afmug.com> > To: af@afmug.com > Sent: Tue, 02 Dec 2014 09:27:58 -0600 (CST) > Subject: Re: [AFMUG] 1. Netflix 2. Hacking > > Just when you put all that effort into it, and talk about throwing > violators > into a BGP blackhole, and forcing abuse contacts to take action, it seemed > inconsistent with the reality. Plus the fact that a lot of those will be > dynamic pool addresses. If you’re talking about something like Fail2ban > and > blocking SSH for 60 minutes, that makes sense. SSH and RDP dictionary > attacks are a big problem, as are DNS amplification attacks. But rarely > does > the source IP actually identify who is behind the attack, just one of > millions of bots. It seems a futile exercise to block them one IP address > at > a time. > > > From: Mike Hammett via Af > Sent: Tuesday, December 02, 2014 9:10 AM > To: af@afmug.com > Subject: Re: [AFMUG] 1. Netflix 2. Hacking > > Yes and I stated so in that e-mail. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > > -------------------------------------------------------------------------------- > > From: "Ken Hohhof via Af" <af@afmug.com> > To: af@afmug.com > Sent: Tuesday, December 2, 2014 8:46:23 AM > Subject: Re: [AFMUG] 1. Netflix 2. Hacking > > > You do understand most of those IPs will be infected computers with a bot > doing the scanning, not a bad guy sitting at his own computer, right? > > As far as customers, we tell them they need to at a minimum have Microsoft > Security Essentials or the free version of a commercial AV. If they ask > for > a recommendation of a commercial AV product, we tell them we use ESET. > Nothing will protect someone who engages in risky online activity or > clicks > before thinking. Those people need a good local computer shop (not Geek > Squad) to rescue their computer and data and to install security software. > And amazingly, I still need to tell people that securing their WiFi is not > optional, and 1234 is not an acceptable email password. > > > From: Mike Hammett via Af > Sent: Tuesday, December 02, 2014 8:39 AM > To: af@afmug.com > Subject: Re: [AFMUG] 1. Netflix 2. Hacking > > No bursting anywhere for anything. > > Currently I firewall all IPs that touch my honey pot IPs or attempt SSH at > my edge. No need to have any of them on my network. I'm implementing a > method to bring all servers, routers, switches, etc. back to a central > syslog where I run my analysis there. That will then capture the more > distributed scansattacks. Other than a whitelist, violators will be thrown > into a BGP blackhole. It'll also fire off an e-mail to the RIR registered > abuse contact. If you're doing any sort of trickery or trickeration > (intentional via script kiddieworse or unintentional via malware), I don't > want simple scans escalating into something more complex and possibly more > damaging. You do the simple stuff, into the blackhole you go. I do > understand that the abuse contact on the other side isn't likely to do > much, > but for the networks that will take action, I'd like to give them the > information to do so. Plus if enough people do it, the abuse contacts are > going to have to do something. > > > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > > -------------------------------------------------------------------------------- > > From: "Tyson Burris @ Internet Communications Inc via Af" <af@afmug.com> > To: memb...@wispa.org > Cc: af@afmug.com > Sent: Tuesday, December 2, 2014 8:28:16 AM > Subject: [AFMUG] 1. Netflix 2. Hacking > > > Two questions for the group this am. > > > > 1. Are you setting burst limits for Netflix or other streaming video > services on your network routers? If so, what rate are you limiting it at? > > 2. With 97% of the US networks now Hackable, what are you doing on your > side > and advising customers to do? Meaning… what front line defenses are you > taking and what software and/or hardware protection are you recommending > to > your customers? > > (It would appear that the majority of hacks these days are actually > Malware > infections inside the network - Employee related errors) > > > > Put your 2 cents in. > > > > Tyson Burris, President > Internet Communications Inc. > 739 Commerce Dr. > Franklin, IN 46131 > > 317-738-0320 Daytime # > 317-412-1540 Cell/Direct # > Online: www.surfici.net > > > > > > What can ICI do for you? > > > Broadband Wireless - PtP/PtMP Solutions - WiMax - Mesh Wifi/Hotzones - IP > Security - Fiber - Tower - Infrastructure. > > CONFIDENTIALITY NOTICE: This e-mail is intended for the > addressee shown. It contains information that is > confidential and protected from disclosure. Any review, > dissemination or use of this transmission or its contents by > unauthorized organizations or individuals is strictly > prohibited. > > > > > > > > -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer. -- IBM maintenance manual, 1925
