Jump to content

Ransomware attack


betelgeuse

Recommended Posts

Many of us disable our antivirus and antimalware monitoring when running our flightsim programs.

Them that know about these things say that the sim runs better that way - fewer CTDs, better framerates.

 

The current global cyberattack has me wondering if this is a good idea.

 

The sim may run better with those defences disabled but if the PC becomes the victim of a cyberattack it won't run at all!

 

What it comes down to is this:

 

If I disable my online protection whilst running my sim, does this significantly increase the risk of a malware/ransomeware attack? I run W7 x64 and update all 'important' updates from MS.

 

John

http://ivao.websafe.dk/img/promo/promo_sm.jpghttp://status.ivao.aero/R/317780.png

John

Link to comment
Share on other sites

Don't do anything stupid! I would bet your Antivirus program has a "Silent Mode" that can be turned on when you fly. There won't be any scanning or updates taking place but your computer will be protected.

Still thinking about a new flightsim only computer!  ✈️

Link to comment
Share on other sites

the security softwares protect your pc.

disabling them removes that protection.

 

There is a windows update that prevents this specific attack. In March.

For xp an update was issued specifically for this threat as well recently, even though support had ended in 2014.

[sIGPIC][/sIGPIC]
Link to comment
Share on other sites

..........

 

If I disable my online protection whilst running my sim, does this significantly increase the risk of a malware/ransomeware attack? I run W7 x64 and update all 'important' updates from MS............

 

Hi john,

 

As MrZippy has stated, most AV suites will allow you to turn on a 'silent' mode and this is the best thing to do. Silent mode is designed to temporarily disable most background task, (such as scans, update checks, general popup messages etc) but the software will still be monitoring for suspicious activity and firewall connections. Some will inform you of any suspicious activity taking place whilst still in silent mode (via a popup message) but most will only provide a summary of such activity, if nay has taken place, once you switch off silent mode. Some will even allow you to specify programs that will 'force' it to go into silent mode when they are run and then automatically turn off silent mode once the program is closed. If yours doesn't have a silent mode consider getting one that does.

 

Another option would be to disconnect the PC from the internet, especially if you don't use any 3rd party simming apps like wx engines or FPL tools that require a constant internet connection whilst 'flying'. Note that some of these types of programs will only need an internet connection when you first run the session, normally to 'validate' the license and apply any updates - once this is done the internet connection can be disabled.

 

WRT to the updates - Not sure from your statement if you are running with Auto windows update (WU) or if you are manually updating. If manually, you should, at least, be installing all updates that are labeled as Critical and Important. However, it is worth noting that some of the regular updates can also be fixes to known security flaws.

Regards

 

Brian

Link to comment
Share on other sites

Hi john,

 

As MrZippy has stated, most AV suites will allow you to turn on a 'silent' mode and this is the best thing to do. Silent mode is designed to temporarily disable most background task, (such as scans, update checks, general popup messages etc) but the software will still be monitoring for suspicious activity and firewall connections. If yours doesn't have a silent mode consider getting one that does.

It's not called 'silent' in Kaspersky but there is a setting which "disables some functionality when running in full screen mode". A tad vague as it leaves me wondering to what extent the machine is protected. Also, I always run in windowed mode - fewer problems in my system.

I've paid for Kaspersky so I'm not keen to pay again for a different AV suite which overall might be less effective.

 

Another option would be to disconnect the PC from the internet, especially if you don't use any 3rd party simming apps like wx engines or FPL tools that require a constant internet connection whilst 'flying'. Note that some of these types of programs will only need an internet connection when you first run the session, normally to 'validate' the license and apply any updates - once this is done the internet connection can be disabled.

 

I almost always run with an online weather engine.

 

WRT to the updates - Not sure from your statement if you are running with Auto windows update (WU) or if you are manually updating. If manually, you should, at least, be installing all updates that are labeled as Critical and Important. However, it is worth noting that some of the regular updates can also be fixes to known security flaws.

 

No, I do not use auto update. It's the last thing I want when I'm on my last bit of RAM. I update manually when MS tells me updates are available.

 

Thanks for replies.

http://ivao.websafe.dk/img/promo/promo_sm.jpghttp://status.ivao.aero/R/317780.png

John

Link to comment
Share on other sites

see here what update you need to install to protect yourself.

https://www.askwoody.com/

 

Not installing updates regularly is a very bad idea.

I'm not saying you need to set it to automatic. But do set it to: "warn when new updates are available", and when there are, review them, and install unless you have a serious issue with them.

 

You see from the issue you asked about how bad the effects of not installing can be.

 

---

About silent mode. AV does not just scan files that enter your pc. It also scans everything that runs. And stops things from executing and then damaging or editing important files such as system files.

 

When set to silent mode, it no longer scans everything that suns. Meaning something you installed long ago, and that has malicious effects, can now do what it was designed to and damage your pc.

 

I don't use silent mode, and things are not slowed down at all.

 

---

Oh, before you ask, UAC. (User Account Control.)

This protects your system files (/Windows -folder) and program files (C:/Program Files/.. and C:/Program Files (x86)/.. ).

The protection means that no files in there will be edited or deleted without your explicit consent. If a malware (or any other program run by the user account) targets a file in those folders, it is stopped by Windows right away. You are shown a 'popup' saying: "program so and so is trying to change a file in location so-and-so. Are you sure you want to continue. Yes/No."

A very important layer of protection.

Do not switch that off. If system files get affected, you may lose access to the pc altogether, as it could easily become unbootable.

 

Confused? Point was: leave UAC on.

[sIGPIC][/sIGPIC]
Link to comment
Share on other sites

Guest lavochkin
Anti virus has nothing to do with ransomware. Ransomware is triggered by a link in an email or a link on a website. Your anti virus program my have a way to fix the damage, But will not stop it. Be careful what links you click on.
Link to comment
Share on other sites

Anti-virus programs can stop ransomware attacks too if their virus definitions have been updated to recognise it.

 

Of course, the best defence is to not open suspicious email attachments, even ones that appear to have come from family or friends, as well as keep your OS patched.

Link to comment
Share on other sites

Useful info about UAC which I did not realise before. Maybe this is why I've not had a problem in the past.

 

Seems to be no concensus. Some say antivirus is no protection, others say run AV in 'silent', others say keep AV full on. Not sure where anti-malware fits in ( I mentioned it in my first post).

 

I'll continue to leave UAC on, and probably run antivirus full on too. Better safe than sorry.

 

Thanks again, bye!

http://ivao.websafe.dk/img/promo/promo_sm.jpghttp://status.ivao.aero/R/317780.png

John

Link to comment
Share on other sites

About silent mode. AV does not just scan files that enter your pc. It also scans everything that runs. And stops things from executing and then damaging or editing important files such as system files.

 

When set to silent mode, it no longer scans everything that suns. Meaning something you installed long ago, and that has malicious effects, can now do what it was designed to and damage your pc.

 

I don't use silent mode, and things are not slowed down at all.

 

This will depend somewhat on the anti-virus program. Gamer or Silent mode may just stop scheduled system scans, signature databases updates etc., while still leaving the live system protection enabled.

 

http://support.eset.com/kb3330/?locale=en_US

 

Unless you are manually enabling it full time, there shouldn't be any problems enabling it when simming or gaming.

Link to comment
Share on other sites

On the anti-virus vs anti-malware topic, they used to focus on two different areas, but many applications on both sides have been expanding into the other side.

 

The main caveat with anti-virus and anti-malware programs is that they are really only effective against known threats. Brand new viruses likely won't be recognised or stopped until the vendor has had a chance to analyse and push out a virus signature update. Until this happens, the best defence is to be vigilant about what you do on your computer and the internet, and keep your OS patched. Many viruses or malicious programs rely on holes in the OS to run and spread, and will simply fail if the expected hole is no longer there.

 

With modern multi-core CPUs and SSDs, the impact from an anti-virus program running in the background is fairly minimal. If it does cause trouble try game/silent mode.

Link to comment
Share on other sites

  • 3 weeks later...

Ransomware is polymorphic. Meaning an anti-virus definition isn't going to be available to detect an attack. You need to take a proactive approach. I use Sandboxie with my browser. I allow access to the browser profile so it saves bookmarks and addon updates at reduced security. I also use NoScrip in Pale Moon my browser. It's a Firefox addon. You can allow base 2nd level domains by default to lessen the cumbersomeness. Then to make sure an AD that is laced with malware doesn't infect me I use uBlock.

 

The vector for this latest ransomware was through E-mail attachments. And it is E-mail attachments where a large number of hacking and infections originate. If you buy Sandboxie you can protect your E-mail client as well. If something wants to download into your computer you can delete its contents and nothing touches your computer. It all stays in the sandbox.

 

There are other things you can do as well. I made a topic at my forum about ransomware located here: https://techcomputerforum.com/viewtopic.php?f=22&t=437

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...