Search This Blog

Thursday, June 29, 2017

can you do anything to protect your home computer against ransomware threats?

Many security experts claim that the most recent security threat, the worm called "petya", already described as "the next step in ransomware evolution" could have been easily stopped.
How? by constantly applying important security patches. In this case, a patch for Microsoft Windows SMB Server (4013389) that has been published back in March 2017(!)

But what to do now ? Assuming you are a still unharmed windows user, don't wait - go to control panel/windows update and apply the recommended updates. On your day to day update routine, pay special heed to security updates and updates that are classified as important.

The second step you should take is make sure you have an AntiVirus software installed, make sure it is updated, and develop a routine of using it to scan you computer, at least on a weekly basis (preferably on a nightly basis). Some would also advise installing an anti ransomware software. I have provided a link (below, at the "useful links" section, but personally, I prefer a more general security solution.

A step that might specifically help with the "petya" threat"suggested by Israeli security expert Amit Serper, is creating an empty file with the name "perfc" without an extension, under your Windows folder (in most computers it is  located at the C:\ drive). It is important to note that this solution will most likely cease to work if and when the creators of the ransomware update it, but I guess it can't hurt for the time being.

And last two steps that will most assuredly help in keeping you out of  harm's away, if you adopt them:
1) Take care with the materials you allow into your digital world. Don't open documents, don't click links, don't install software, don't view movies, don't listen to music, don't view photos - unless you know their source and have a good reason to believe they are what they appear to be.
2) Backup everything that is important to you. I wrote about backup principles a long time ago on this blog, but the three most basic principles are: a) backup your crucial data often b) keep a relatively recent copy of your backup away. c) periodically verify that your backup is actually useful.

And may god help us all in this new age of evolutionary harmful software.

Useful links



Thursday, June 22, 2017

How to find who locks a file on Windows - and how to release it if a service is the locker

There used to be a time in which finding who locks a file on a windows system was simple. you typed "net files" (or "net file") and found the culprit. releasing the file was just as simple - "net file ID /close" would do the trick. But that , as the song says, was yesterday.  For some reason, a certain folder is locked in one of the family's computer, and net files claims no file is locked.

Searching the net, I came across this lovely thread on the superuser/stackexchange forum dealing with finding the lockers of locked files on windows, and the wonderful solution I learned about is Microsoft/Sysinternals "Process Explorer".

It is as simple as one could ask: you go to Find handle or Dll, type the path in question, and get a list of the locking programs.

But releasing the lock, at least in the case of services, is another thing. It turned out that my specific locking software was the notorious Windows Media Player Network Sharing Service (better known around the net as wmpnetwk.exe - with little enthusiasm and a lot of criticism).
Process Explorer suggests the possibility of releasing the lock himself. I tried doing that by going to the Handle menu, and there chose "close handle", confirmed killing wmpnetwk, and expected that the lock would be released - to no avail.

There was no alternative than to going to services (fastest way I know these days is to run Taskman - choose services - and press the services button), then go over the services till I reached "Windows Media Player Network Sharing Service" and stopped him. And then, finally, my locked folder was released !