Virus Scanning

42 views
Skip to first unread message

rapreston

unread,
Apr 22, 2013, 1:34:10 PM4/22/13
to milwaukee...@googlegroups.com
I was using the computer on the larger laser cutter the other day and I noticed that there is no virus protection on that machine. I think having at least something on all of the networked machines is important. Is there a particular product the board wants to us? I'd be willing to come in this weekend to help get things installed and kick off scans.

Jerry [HM]

unread,
Apr 22, 2013, 1:40:18 PM4/22/13
to milwaukee...@googlegroups.com
Malwarebytes Pro?
--

---
You received this message because you are subscribed to the Google Groups
"milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to milwaukeemakers...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.



Tony

unread,
Apr 22, 2013, 2:18:14 PM4/22/13
to milwaukee...@googlegroups.com
Having dealt with this sort of thing for longer than I care to remember,
I have found that the best AV is the one that you never have to touch
after you set it up (no licenses to expire, no "updated versions" for
users to install, no settings for users to tweak, centralized logging
and alerting, and limited ability for malware "removal" which simply
can't be done at a reasonable cost.* For non-managed machines that
aren't part of an organization with an individual whose personal
responsibility is maintaining the machines, I usually use MS Security
Essentials. It's free, auto-updates, requires minimal system resources,
and although it isn't perfect, it catches enough malware fast enough
that the other options aren't really worth the added
time/complexity/monetary cost.

That being said, having an up-to-date (or un-installed) Adobe Flash,
Adobe Acrobat, MS Office, Java, Internet Explorer, QuickTime/iTunes,
Microsoft Updates (NOT Windows Updates,) Internet whatever, etc.
protects you from much more than simply having AV installed and
running. Ad blocking browser plug-ins like AdBlock also protect against
compromised malware-spreading ad networks. Turning off all remote
access to RPC on Windows protects against most LAN-spreading malware:
Turn on the Windows Firewall with no exceptions and un-checking
"Client/Server for MS networks" in the adapter properties

The optimal arrangement for public machines is to have them re-image
themselves from a read-only source whenever they boot. That way you
know (well, mostly) that the machine is clean and the settings haven't
been messed with every time the machine restarts. This requires a
separate data partition if you want persistent storage, but it's well
worth the extra ~5 minutes on boot to have a clean, working machine.
It's also nice to have a working image when the hard drive fails. All
this being said, I don't generally support desktop operating systems ;)

- Tony

*
https://isc.sans.edu/diary/Wipe+the+drive!++Stealthy+Malware+Persistence+Mechanism+-+Part+1/15394



On 04/22/2013 12:40 PM, Jerry [HM] created:

Brent Bublitz

unread,
Apr 22, 2013, 2:22:55 PM4/22/13
to milwaukee...@googlegroups.com
Malwarebytes is malware protection. You need Antivirus, such as Avast. Both should be loaded as we have a lot of people plugging thumb drives in there.

Or we could just upgrade the machines to a supported MS operating system and load Microsoft's solution. Windows XP went out of support some time ago. That's assuming we cant use Linux.

Brent Bublitz

unread,
Apr 22, 2013, 2:23:56 PM4/22/13
to milwaukee...@googlegroups.com
Tony> Or have them run Linux, which auto updates everything automatically.


--

--- You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakerspace+unsub...@googlegroups.com.

Tony

unread,
Apr 22, 2013, 2:25:10 PM4/22/13
to milwaukee...@googlegroups.com
Windows XP SP3 still receives updates for security problems for another year and fully supports the free MS Security Essentials:
https://www.microsoft.com/en-us/windows/endofsupport.aspx

On 04/22/2013 01:22 PM, Brent Bublitz created:

Pete Prodoehl

unread,
Apr 22, 2013, 2:33:13 PM4/22/13
to milwaukee...@googlegroups.com

The machine has to run CorelDraw (yuk) on Windows (yuk) with the supported laser cutter drivers installed.

At least that's always been the excuse. :/


Pete
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakers...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
 
---
You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakers...@googlegroups.com.

Ron Bean

unread,
Apr 22, 2013, 3:31:59 PM4/22/13
to milwaukee...@googlegroups.com
Would be nice to have a solution that doesn't involve the machine
randomly slowing to a crawl when you're in the middle of doing something
else.

I'm not opposed to Windows 7 if someone is volunteering to pay for it...


Pete Prodoehl

unread,
Apr 22, 2013, 3:36:28 PM4/22/13
to milwaukee...@googlegroups.com

I believe Tom Gondek can get Windows 7 super-cheap... if not, I can probably get a copy donated through our non-profit sponsorship... and there's always Ed. ;)


Pete

Shane

unread,
Apr 22, 2013, 3:45:06 PM4/22/13
to milwaukee...@googlegroups.com, ras...@gmail.com
I believe that we'll need a better machine to run 7.

Tony

unread,
Apr 22, 2013, 3:55:18 PM4/22/13
to milwaukee...@googlegroups.com
7 too slow? Most likely.  Easiest solution:

  1. Open:
    http://update.microsoft.com/microsoftupdate/v6/muoptdefault.aspx?returnurl=http://update.microsoft.com/microsoftupdate&ln=en-us
    in Internet Explorer
  2. Set up Microsoft update and turn on automatic updates
  3. Click the "Advanced button" to look for updates
  4. Select "Microsoft Security Essentials" from the list of optional updates
  5. Install the updates
  6. Done with AV
  7. Make sure Flash, Adobe Reader, Quicktime, Java, OpenOffice, and Fred's super coupon plug-in are up-to-date
  8. Cut things


 - Tony



On 04/22/2013 02:45 PM, Shane created:

Vishal Rana

unread,
Apr 22, 2013, 3:58:13 PM4/22/13
to milwaukee...@googlegroups.com
Do we necessarily need internet on these machines?

Vishal
From: Tony <tony...@gmail.com>
Date: Mon, 22 Apr 2013 14:55:18 -0500
Subject: Re: [MakerSpace] Virus Scanning

Ron Bean

unread,
Apr 22, 2013, 4:06:53 PM4/22/13
to milwaukee...@googlegroups.com
>Do we necessarily need internet on these machines?

I would say no, but other people disagree.

Note also that viruses etc can travel on USB flash-drives.
(Although I'd hope our machines aren't auto-running anything off of
flash drives.)

Matt Wittmann

unread,
Apr 22, 2013, 4:13:24 PM4/22/13
to milwaukee...@googlegroups.com

Do we really have sensitive data on the machines connected to the network?

Matt Wittmann

Ron Bean

unread,
Apr 22, 2013, 4:19:03 PM4/22/13
to milwaukee...@googlegroups.com
>Do we really have sensitive data on the machines connected to the
>network?

No, but I'd prefer not to have our machines become part of someone's
botnet.


Tony

unread,
Apr 22, 2013, 4:23:24 PM4/22/13
to milwaukee...@googlegroups.com
If you are using Windows (or any other OS that hasn't hardened itself
against bugs in USB drivers) you always have USB "malware auto-run"
turned on whether you like it or not:
http://travisgoodspeed.blogspot.com/2012/07/emulating-usb-devices-with-python.html
(see various demos scattered around the net for taking over machines via
bugs in USB device drivers)

Long story short:
If you plug something into a computer that is more complicated than a
110/220v power cord, malware can get into that computer via that
interface unless the developers of all the code involved specifically
tried to prevent this from happening. Bonus points for listing all the
possible code that could interact with a given device.

Matt brings up an excellent point that I will paraphrase:
"Provide adequate security for the task at hand."

This machine won't be used for on-line banking, but it might be used to
plug in a USB stick that is then plugged into a machine used for on-line
banking. It might also be used to enter the email/Google/Dropbox
password for someone who uses a very similar user/pass for online
banking (why are you hitting yourself?) We don't need perfect security,
but we should have basic prevention and detection tools that take less
than a few hours/year to set up and maintain.

- Tony


On 04/22/2013 03:06 PM, Ron Bean created:

Brent Bublitz

unread,
Apr 22, 2013, 4:51:43 PM4/22/13
to milwaukee...@googlegroups.com
I would rather not have any USB stick I plug into that machine become infected. We need to secure and scan all our machines one way or another.

It's part of living with Windows and I'm getting rather tired of people taking this lightly. Please listen to the guys like Tony and myself who have been doing corporate IT for over a decade.

XP is dead. We need to develop a plan to move on from there on any machines we have. 7 will run well on a lot of older hardware and any public machines not running a piece of machinery should seriously consider switching to Linux.


--

--- You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakerspace+unsub...@googlegroups.com.

Kevin Crowley

unread,
Apr 22, 2013, 4:55:50 PM4/22/13
to milwaukee...@googlegroups.com
For yet another opinion.  I run all my windexcrement under wine or virtual box. I use AVG for all the virtual environments.


To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakers...@googlegroups.com.

Brent Bublitz

unread,
Apr 22, 2013, 4:58:19 PM4/22/13
to milwaukee...@googlegroups.com
I used AVG, but they got a little naggy with the upgrade stuff. Avast is slightly better that way.

Shane

unread,
Apr 22, 2013, 5:36:25 PM4/22/13
to milwaukee...@googlegroups.com
I always have issues upgrading AVG, so now I'm an Avast! person.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakerspace+unsubscribe...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.


--
 
---
You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakerspace+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Ron Bean

unread,
Apr 22, 2013, 6:36:18 PM4/22/13
to milwaukee...@googlegroups.com
Brent Bublitz <pho...@gmail.com> writes:

>XP is dead. We need to develop a plan to move on from there on any machines
>we have. 7 will run well on a lot of older hardware and any public machines
>not running a piece of machinery should seriously consider switching to
>Linux.

At the risk of sounding redundant--

You and everyone who agrees with you need to come up with a specific
plan to finance the upgrade. I don't care if it's cheap or expensive, I
want someone else to deal with that aspect of it. Once that's
accomplished, I'm all for it.

If you think it's important, make it happen.

Have Blue

unread,
Apr 22, 2013, 7:06:58 PM4/22/13
to milwaukee...@googlegroups.com
Perhaps we could look into this: http://www.techsoup.org/microsoft

I'd volunteer, but I got really confused when Brant tried to explain to
me how we're not a non-profit, but are eligible for non-profit donations
(which has sort of kept me from looking into getting a seat of
SolidWorks for the space).

Pete Prodoehl

unread,
Apr 22, 2013, 7:16:30 PM4/22/13
to milwaukee...@googlegroups.com

Techsoup does not work well... this coming from our fiscal sponsor.

HaveBlue, are you willing to teach a class in SolidWorks or do some sort of training for members? If so, I will pursue (a) license(s).


Pete

Have Blue

unread,
Apr 22, 2013, 7:40:05 PM4/22/13
to milwaukee...@googlegroups.com
I can't promise that I would be any good at it, but yes, I would most certainly be willing to teach a class and/or help train members!
--
 
---
You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakers...@googlegroups.com.

Richard Preston

unread,
Apr 23, 2013, 1:27:29 PM4/23/13
to milwaukee...@googlegroups.com
Seems like I stepped on a landline with my suggestion.  

To be honest upgrading hardware and OS versions is a much larger project than I am willing to take on. As a stop gap measure I will stop by the space this weekend and try to shore up the machines we have.  My plan is to:

- Install Microsoft Security Essentials 
- Run Windows Update and install any missing critical patches
- Enable machines to automatically download and install critical patches overnight
- Enable Microsoft Firewall

The only networked machines I am aware of are the two in the cutting lab and the one at the office desk.  Are there any others?

Richard. 
You received this message because you are subscribed to a topic in the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/milwaukeemakerspace/Jo29lLAtZUs/unsubscribe?hl=en-US.
To unsubscribe from this group and all its topics, send an email to milwaukeemakers...@googlegroups.com.

Shane

unread,
Apr 23, 2013, 1:56:27 PM4/23/13
to milwaukee...@googlegroups.com
The last time someone turned on automatic updates, the computer for the 60 watt was screwed until I messed around with it.  That cost me about 2 hours worth of time on my end to fix something that probably wasn't necessary.

If you want to manually update, fine, just triple check to make sure that you can still send *uncorrupted* files to the laser cutters.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakerspace+unsub...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

--
 
---
You received this message because you are subscribed to a topic in the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/milwaukeemakerspace/Jo29lLAtZUs/unsubscribe?hl=en-US.
To unsubscribe from this group and all its topics, send an email to milwaukeemakerspace+unsub...@googlegroups.com.

Joe Rodriguez

unread,
Apr 23, 2013, 2:36:04 PM4/23/13
to milwaukee...@googlegroups.com
I step on landlines all the time - nothing ever happened, still get calls... ;-)

Ron Bean

unread,
Apr 23, 2013, 5:04:22 PM4/23/13
to milwaukee...@googlegroups.com
>The only networked machines I am aware of are the two in the cutting
>lab and the one at the office desk. Are there any others?

AFAIK all of them are networked, including the one in the woodshop.

I don't know why, but people seem to prefer it that way.

(And of course we have wifi throughout the building)


Jack'D

unread,
Apr 23, 2013, 6:07:18 PM4/23/13
to milwaukee...@googlegroups.com, Ron Bean
If we're going to have "legacy" machines around running windows XP for specific applications, I think it would be better to keep those off the network.  If you have files that need to be transferred, they can be moved by USB drive, from a computer that has antivirus software, so that there is a minimized risk of transferring virii from a patched to an unpatched machine.

I think the PCs for general use that are running windows should have MS Security essentials at the least.

Do we have a server for creating, storing, and deploying images and backups?  This is really nice for upgrades.  Make an image, upgrade, if it breaks, revert.  You can do that with restore points, but I don't trust them as much.  Connecting a computer to the network temporarily for the purposes of imaging is pretty low-risk. 

It might also be a good idea to install an IDS, but that's probably a bit more than we need.

-Jack

PS: I like linux and I think we should use it when possible.

Tony

unread,
Apr 23, 2013, 10:09:43 PM4/23/13
to milwaukee...@googlegroups.com
Admittedly, I don't keep up much with the latest "innovations" in the Windows desktop security, but I was under the impression that Win7/8 didn't reduce the attack surface a whole lot. Canaries, DEP, and ASLR are nice, but not terribly difficult to overcome when users/"helper apps" are happy to assist with malware installation.  There do seem to be saner defaults for users (why would a user need to overwrite arbitrary OS binaries by default?)   I haven't seen security patches released earlier for Win7/8 than XP.  Other than some chuclkehead using IE to browse religious-themed web sites*, what is the risk of having a reasonably configured XP machine on the network beyond the risks of Win7/8?

 - Tony

* https://www.symantec.com/threatreport/topic.jsp?id=threatreport&aid=malicious_code_trends_report

On 04/23/2013 05:07 PM, Jack'D created:

Jack'D

unread,
Apr 24, 2013, 3:07:52 PM4/24/13
to milwaukee...@googlegroups.com
Eh, right now, nothing.  Next year it will start getting problematic: http://windows.microsoft.com/en-us/windows/end-support-help
Assuming of course that they follow through with the threat this time :) 

I should also clarify that when I say "legacy machine" in this context, I'm referring to those computers that run specific applications and are nit-picky and no one wants to do updates in case it breaks something, so they're usually running really old unpatched versions of everything, and in some cases explicitly require them (I'm looking at you, non-updated java applications).  I don't know if we have any machines like that, but it's something I run into sometimes.  One of the people we get services from explicitly requires Java 6r23, for instance.

I don't think there's anything inherent in Windows XP that makes it any worse than Windows 7.  I also think their discontinuation of support is...ill-considered, but hey.

Tony

unread,
Apr 24, 2013, 3:29:42 PM4/24/13
to milwaukee...@googlegroups.com
Gotcha.  Machines with mandated insecure configurations are definitely a PITA.  I have a feeling that the deadline for XP patch retirement will be extended.  There are too many XP machines out there that can't be updated and are central to many businesses... and besides, most of these bugs never should have made it into the product in the first place.  The security fixes are essentially repayment of reduced development costs made possible by using poor coding practices.

 - Tony

On 04/24/2013 02:07 PM, Jack'D created:

rapreston

unread,
Apr 24, 2013, 10:19:46 PM4/24/13
to milwaukee...@googlegroups.com
Shane,
 
Do you happen to remember what got messed up or what you needed to do to fix the problem.   Would help me avoid the same issue.
 
Also since I have not been trained on the laser cutter yet I am not comfortable running test to verify that they are working correctly.   Will you or someone else be around this weekend who could help me test the machines (and maybe train me on their proper use)?
 
 
Richard.

rapreston

unread,
Apr 27, 2013, 11:55:24 AM4/27/13
to milwaukee...@googlegroups.com
Was in the space on Saturday and installed security essentials on a bunch of machines.  I labelled all of the machines I looked at (red font) so that I could keep track of what was done.  Here is a summary

Office 1
- Confirmed auto updates and firewall were enabled
- Installed Microsoft Security Essentials and ran a quick scan.   No risks found
- Running full scan now.

Lasercut 1
- Confirmed firewall was enabled, turned on auto updates, installed missing updates
- Installed Microsoft Security Essentials and ran a quick scan.    No risks found.
- Running full scan now

Lasercut 2
- Confirmed auto updates and firewall were enabled
- Machine already has AVG installed so I did not install Microsoft Security Essentials
- Ran full scan.  1 minor issue found and quarantined.

3D Print 1
- Someone was using the 3D printer so I left the machine alone

3D Print 2
- OS is not Microsoft, so left machine alone.

Electronics 1
- Confirmed firewall and auto updates enabled. 
- Installed Microsoft Security Essentials and ran a quick scan.    No risks found.
- Running full scan now

Meeting Room 1
- Confirmed firewall and auto updates enabled. 
- Machine is not connected to internet, so did not install Microsoft Security Essentials

Wood Shop 1
- Swept pile dust off keyboard (machine desperately needs a protective cabinet)
- Confirmed firewall and auto updates enabled. 
- Machine is not connected to internet, so did not install Microsoft Security Essentials


jason gessner

unread,
Apr 27, 2013, 12:01:42 PM4/27/13
to milwaukee...@googlegroups.com
woo!  Thank you for getting this rolling!

-jason


--
 
---
You received this message because you are subscribed to the Google Groups "milwaukeemakerspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to milwaukeemakers...@googlegroups.com.

For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
-jason

Brant

unread,
Apr 27, 2013, 2:23:35 PM4/27/13
to milwaukee...@googlegroups.com
Thank you soooooo much Richard! We appreciate this a lot.

Ron Bean

unread,
Apr 27, 2013, 5:38:43 PM4/27/13
to milwaukee...@googlegroups.com
rapreston <rapr...@wi.rr.com> writes:

>I labelled all of the machines I looked at (red font) so that
>I could keep track of what was done.

Did you know that they already have names? (Bob, Sam, etc)
There are laser-printed labels on top of most of them
(maybe not all).

>*Wood Shop 1*
>- Machine is not connected to internet...

It was the last time I looked. Did someone unplug it?

Ed Hagopian

unread,
Apr 27, 2013, 7:55:19 PM4/27/13
to milwaukee...@googlegroups.com
I can get 7 or 8 if the board deems it worthwhile. Regardless of what we do on those machines it might be worth spending the time to create an img we can pxe boot and rebuild the machine in about 20 mins back to a pristine state. Just a suggestion. The problem with running Linux IMHO is not everyone understands it. Its gotten a lot better but I'd rather keep it a Mac or Win world for simplicity to our non geeky members.

Ron Bean

unread,
Apr 27, 2013, 7:59:09 PM4/27/13
to milwaukee...@googlegroups.com
>Regardless of what we do on those machines it might be worth spending
>the time to create an img we can pxe boot and rebuild the machine in
>about 20 mins back to a pristine state.

For computers that run machines, "pristine state" has to include
software and config files-- and recent changes to config files.
Otherwise people could discover that their improvements have been
helpfully lost.

Ed Hagopian

unread,
Apr 27, 2013, 8:45:18 PM4/27/13
to milwaukee...@googlegroups.com
You wrap it all up in a wim file and sequence and you can bring everything to the state you'd need.

So far it doesn't seem like this has been a systemic concern however has it?

Ron Bean

unread,
Apr 27, 2013, 9:19:15 PM4/27/13
to milwaukee...@googlegroups.com
Ed Hagopian <edhag...@gmail.com> writes:

>You wrap it all up in a wim file and sequence and you can bring
>everything to the state you'd need.

I'm not sure what's possible with that-- ideally, you'd want to apply it
to system files and executables but not application config files.

>So far it doesn't seem like this has been a systemic concern however
>has it?

There's a difference between what happens when a hard disk dies and the
system has to be rebuilt (Oh well, sh*t happens), and what happens when
someone reloads a system so that it appears normal, but some user's
changes from a couple of days ago mysteriously vanish for no apparent
reason.

I'd hope that in that case, someone would leave a note on the machine
that changes after [date] have been reverted. But I wouldn't count on
it.

Pete Prodoehl

unread,
Apr 28, 2013, 12:41:17 AM4/28/13
to milwaukee...@googlegroups.com

" The problem with running Linux IMHO is not everyone understands it."

I've tried using Windows for nearly 20 years now, and I *still* don't understand it. ;)

Aside from that.. Thanks Ed!

Pete

Ed Hagopian

unread,
Apr 28, 2013, 11:24:06 AM4/28/13
to milwaukee...@googlegroups.com
<shrug> Backups with roll forward snapshots have worked fine for me for the last decade or so. I always carry a week of differentials so if I did get infected and rebuilt I could go back to as close as I could. Windows Home Server actually does an absolutely fantastic job of that. So someone might lose a day of changes or so but better that then a complete wipe I suppose.

Like I said before seems like a solution looking for a problem though. Security Essentials or Avast would be my first two choices. Security Essentials is more hands off than Avast but both are free.

Ron Bean

unread,
Apr 28, 2013, 11:36:03 AM4/28/13
to milwaukee...@googlegroups.com
>So someone might lose a day of changes or so but better that then a
>complete wipe I suppose.

My point was that data loss for an obvious reason is preferable to data
loss for no obvious reason. The difference here is that we have multiple
users who don't necessarily talk to each other. If you can make the
reason for the data loss obvious to someone who wasn't there when you
made the change, then I don't see a problem. But that's a big "if" in
our situation.

It's different when the machine has only one user, or a few users who
talk to each other when they change things.

Reply all
Reply to author
Forward
0 new messages