undefined | Better HN

0 pointsMelatonic8mo ago0 comments

This is true but defense is a multi layered approach and even the built in Microsoft stuff (like Defender AV) have massively improved.

I would argue most malware comes down to uneducated users doing the wrong thing - but that's a whole different can of worms :-)

0 comments

cube008mo ago

> I would argue most malware comes down to uneducated users doing the wrong thing

This feels unnecessarily harsh. Those users are the victims of criminal activity. The protective controls could be a lot better.

Windows doesn't offer immutable local file versions to protect against ransomware running as a non-privileged user. It doesn't offer any protection if a single application suddenly starts to overwrite huge amounts of data.

Instead they choose to try and shove OneDrive down our throats as the only answer to ransomware protection.

ropable8mo ago

As someone working in infosec for a largish 2000 seat organisation - it's honestly not inaccurate. No matter how much accessible information security training we try to provide and the EDR controls we implement, >95% of our incidents involve an end-user following (sometimes extremely obvious) phishing links. And contrary to what you've said, Windows Defender (in conjunction with Airlock) has actually saved us from ransomware attacks.

mr_mitm8mo ago

> No matter how much accessible information security training we try to provide and the EDR controls we implement, >95% of our incidents involve an end-user following (sometimes extremely obvious) phishing links.

That just shows that security training is insufficient and admins need to design their systems and networks to account for that fact. Clicking links is part of everybody's job and should not pose a risk to your organization. Enable 2FA for everything exposed to the internet to mitigate phished credentials.

Stop trying to fix the user: https://www.schneier.com/wp-content/uploads/2016/09/Stop-Try...

supertrope8mo ago

If an entire company can be paralyzed by tricking a single employee it's a process issue. Just like how wiring out $100,000 same day on the order of a single employee should be blocked by internal controls.

BLKNSLVR8mo ago

Where I work has recently implemented Airlock and my laptop feels a lot less responsive since. I'm aware of the whole security trade-off, just wondering how noticeable it has been in your organisation, if at all?

Having said that, two things worth considering in my case:

1. My laptop is relatively old and, I think, overdue for replacement (8GB RAM, really?)

2. Windows Defender + Airlock + CrowdStrike + Netskope + Nessus seems an expectedly heavy load on a system

1 more reply

cube008mo ago

> And contrary to what you've said, Windows Defender (in conjunction with Airlock)

"Contrary to what I've said" while you add in an extra third party product that I didn't mention.

eviks8mo ago

Isn't "Controlled folder access" part of that protection? Also restore points?

cube008mo ago

>Isn't "Controlled folder access" part of that protection?

Difficult to be effective when it's disabled by default.

>Also restore points?

By using System Restore, you can undo these changes without affecting your personal files

https://support.microsoft.com/en-au/windows/system-restore-a...

1 more reply

eviks8mo ago

So you want to make their lives much harder with two passwords for no good reason? Also, those uneducated users will simply enter the admin password when prompted

j / k navigate · click thread line to collapse

0 comments

cube008mo ago

> I would argue most malware comes down to uneducated users doing the wrong thing

This feels unnecessarily harsh. Those users are the victims of criminal activity. The protective controls could be a lot better.

Instead they choose to try and shove OneDrive down our throats as the only answer to ransomware protection.

ropable8mo ago

mr_mitm8mo ago

Stop trying to fix the user: https://www.schneier.com/wp-content/uploads/2016/09/Stop-Try...

supertrope8mo ago

BLKNSLVR8mo ago

Having said that, two things worth considering in my case:

1. My laptop is relatively old and, I think, overdue for replacement (8GB RAM, really?)

2. Windows Defender + Airlock + CrowdStrike + Netskope + Nessus seems an expectedly heavy load on a system

1 more reply

cube008mo ago

> And contrary to what you've said, Windows Defender (in conjunction with Airlock)

"Contrary to what I've said" while you add in an extra third party product that I didn't mention.

eviks8mo ago

Isn't "Controlled folder access" part of that protection? Also restore points?

cube008mo ago

>Isn't "Controlled folder access" part of that protection?

Difficult to be effective when it's disabled by default.

>Also restore points?

By using System Restore, you can undo these changes without affecting your personal files

https://support.microsoft.com/en-au/windows/system-restore-a...

1 more reply

eviks8mo ago

So you want to make their lives much harder with two passwords for no good reason? Also, those uneducated users will simply enter the admin password when prompted

j / k navigate · click thread line to collapse