One way I kept my PC from worms since WannaCry is just the beginning

in #worm8 years ago

We just got a wakeup call with how much we rely on technology these days. If you recall the 2008 conficker affected a bunch of Windows systems throughout the globe. I remember it was around Thanksgiving when we were doing a bunch of patch work on the Windows systems because of the conficker worm. Well we all know the wannacry ransomware had a worm went that into Windows systems and crawled up on other Windows systems.

I work in the IT field for some time now and pretty much do a little of everything from hardware, network/wireless, cybersecurity, and systems. Grew a bunch of gray hairs from it and learned a lot with lessons learned. I just wanted to write this to help everyone out.

One of the biggest things to have is data backups when SHTF. Hardware can always be replaced with newer shiny ones. I notice that the conficker worm and many other worms designed for Windows like to exploit the File and Print services. By default this is turned on all Windows Servers and workstations. Therefore if you have it turned on your workstation and you’re not sharing any folders or printers on the network then it should be off. I have had this setting off for 10 years at work without any issue. This is just one step to securing yourself from the worms – obviously antivirus, patches, firewalls and other software will help defend against these attacks which in a later article I will cover.

The good thing with this being turned off too is you can keep unwanted users to view your data remotely if your work has the same local username and password or if they are all admins throughout the network. They will exploit it by using the \computername\c$. You can then view the users surfing habits by looking at their cache and so forth. I had to do this to do these investigations for HR.

Here’s an example of an end user’s PC where you can see the default hidden Windows share:

0.png

So if you’re not sharing file/folder and or printers turn it off…

To turn it off, all you have to do (in Windows 10) is to go to Control Panel and Choose Network and Sharing Center (view by Small icon)

1.png
From here, click on Change adapter setting

2.png

  1. You should now see your LAN or Ethernet adapter. If you have wireless, then it would be your wireless Network card.
  2. Right click on your adapter (it may be called Local Area Network or Ethernet)
  3. Choose Properties

5.png

  1. Uncheck ‘File and Printer Sharing for Microsoft Networks’
  2. Click OK

Remember these steps below should only be done on PCs that are not sharing any files or printers. You can still connect to the server. Obviously you don’t want to do that to your file/print server or all the users that connect to that server will be calling.

So this is the service that worms like to exploit since it is enabled by default.

If you like these types of info give me an upvote and or a reply.

Sort:  

Very informative and a good reminder for us all to be aware of potential cyber threats. Have had mine turned off for years as well.