-
Home
-
Knowledge Base
-
Caleb Hill
- Tools of the Trade
Knowledge Base
Tools of the Trade
As every good sensei knows, a journey of a thousand miles begins with a single step. And even if you aren’t going a thousand miles, even the biggest things start small. Redwood seeds can fit in the palm of your hand, 250-pound linebackers grow from 7-pound babies, and black holes come from singularities which have a total size of zero… I’ll admit the last example may not have been relevant, but you get the gist: impressive ends have small beginnings, and imposing outcomes often start small.
The same is true of one’s knowledge of the persistent enigma of information technology, as in, computers are complicated until they aren’t anymore. The mysterious eventually becomes mundane, even for the uncouth creatures we call computers. For example, I didn’t even know what a printer driver was when I started with Intrada. DNS settings were a mystery, and I had only the faintest grasp of what a “domain” was. But, like Monty Python’s deluded newt-man, I got better. Likewise, if I had to take the job of a nurse, accountant, HR director, salesperson, or real estate appraiser, I would encounter plenty of mysteries that would no doubt be plain to some of you.
The goal of this article is to give you that start you need, to begin the demystifying process that will help you operate and protect your computer more competently. I’m going to go through a few tools and methods readily available to any Windows user that will help you be confident about the cyber security of your computer.
 |
Baselining
Before we get into the tools themselves, I wanted to introduce an important concept: baselining. With each of the three tools I am going to introduce to you today, one of the main uses you will have for them is baselining, which is cyber security speak for just looking around. Like a spy in a foreign country, you have to scope out the territory you’re so you have an idea of what’s normal, what’s strange, and what’s unacceptable. For example, in parts of Europe it may be normal to greet someone with a kiss on each cheek. Trying the same shenanigans may get you funny looks (or a more extreme reaction) in America. To get an idea of whether your computer has been hacked or compromised, the first thing you need to know is how it performs when it’s not. After all, if the only picture you have of a person is one with a mask on, you’ll never be able to tell whether they’ve had a nose job.
Tool 1 – Downloads
In classic Sherlockian fashion, we’re going to start with the elementary. Hopefully, unlike Watson, it won’t be too confusing the first time through. This first tool is nothing more than Windows default location for where files pulled down from the Internet are saved. If you’ve ever stored a photo from Pinterest on your computer, installed a computer game, or downloaded drivers for your printer, you’ve probably used your Downloads folder. Chances are, if you encounter adware, strange pop-ups, or some other sign of compromise, you’ll find a strange looking file in your downloads folder.
These files could get there via a myriad of malicious methods. The dark side of the cyber world has a great variety of tools at their disposal with which to deceive, distract, and destroy wherever possible. A link that otherwise would have gone to a real website could redirect (like a bank shot in pool) to a different network locale altogether, one with a much shadier character. These kinds of website can perform what are called drive-by-downloads, in which the site downloads files to your computer in the background as you peruse the site’s contents.
Even on websites that perform neither banks nor barrel rolls on their way to the chosen destination, hackers can insert malicious ads which download malicious content if you click on them. All that said, though an infected download is certainly possible, they are easily avoidable if you take all your Internet adventures with a keen eye on the respectability and validity of the places you give your patronage. However, cyber security is not about removing risk entirely, it’s about managing the risk that will inevitably exist in your environment, which brings us back to the “risk management” tool in question.
Within the context of using the downloads folder as a source of valuable intel about the security state of your computer, there are a few relevant skills that we’ll go through
- File extensions, which tell us what kind of file is listed and can give us a good idea about what it’s used for.
- Online malware scanners, which can check the file against databases of known malicious files to see whether your file is a threat or not
- Malware scans, which can be performed using a free version of Malwarebytes or (using Intrada’s services) with the SentinelOne or AV Defender agent.
We’ll tackle file extensions first. Theses can provide a wealth of information about whether a file poses a threat to your system or not. This module will also introduce us a very important skill, in use every day by IT technicians: Google. Windows has thousands of file extensions, far too many to remember, but we have them all at our fingertips with a few simple keystrokes. To view the extension of the file (and provide fodder for your subsequent Google search):
- Right-click the file in question,
- Select ‘Properties’
- and look under the field that says ‘Type of File’
This will list a file extension in parentheses (.docx, .exe, .txt, for example). You can then simply ask Google (or ChatGPT) what that particular extension does. .Exe files run applications, .msi files can install applications, and .docx or .xlsx documents can contain malicious programs called macros. Additionally, you can check the name of the file (listed above the type of file) to see if it has two extensions. For example, a file could be named something mundane like ‘AdobeAirInstaller132.txt’, but the file extension could be something more sinister like .vbs (a kind of file that runs in Visual Basic, which is a powerful Windows language). This allows the file to look harmless while being anything but.
One more pro tip is this: clean out your downloads folder. It’s hard to get a good picture of anything if your lens is dusty, much less when it’s buried under ten feet of muck. I will confess that my own downloads folder can get fairly full as I shuttle files through my computer’s system for one purpose or another throughout the day. This should prove a good reminder to me (and hopefully to you as well) that a well-tended garden is the easiest to weed.
 |
|
The VirusTotal Landing Page |
The next method that you should use when checking a strange file in the download folder is that of online scanners. The best and most widely used of these is VirusTotal, which allows you to upload the suspicious file to VirusTotal detection utility, which checks the file’s hash and content against known threats.
If you see something unusual in your downloads, possibly with a double file extension or a strange name, checking it with VirusTotal can give you a verdict on its maliciousness with a high level of confidence. If your file comes up clean here, it’s likely that your computer is safe. As a bonus feature, VirusTotal can also be used to check attachments to emails which don’t seem entirely aboveboard. If someone tells you they forwarded an important document for you to review, but the sending address doesn’t seem quite right, you can safely save the document to your computer, then upload it to VirusTotal to check for malicious features, such as hidden URLs, embedded macros, or VBA scripts.
Anti-virus
However, there is one more step you can take that utilizes a more wholistic approach, scanning not only your downloads folder, but also other areas of your computer for the muddy footprints of malware slinking around your system. To find out what kind of virus or threat protection software is already installed on your computer, you can either
- Press the Windows key and search for ‘Windows Security’, clicking on the top result or
- Press Windows key + R to open the Run window, where you can type (or copy/paste) windowsdefender://threat and press Enter.
Both of these methods will open the Virus & Threat protection section of your computer’s Windows Security center, which will contain a pane specifying the type of antivirus currently installed on your computer. This will show the current state of your computer’s security as per the latest scan from your system’s chosen security option. For example, my own computer is protected by the SentinelOne agent, Intrada’s endpoint security solution of choice, which Windows recognizes as its valiant defender.
 |
|
SentinelOne in the Windows Security Dashboard |
If you don’t have any anti-virus installed, Windows has a built-in endpoint security option aptly named Windows Defender. It has decent security capabilities, which you can check out via Microsoft’s official documentation here, but there are better free malware scanning tools that you can and should use if possible.
The most prominent among those is the ubiquitous Malwarebytes, which comes in both a free and Premium flavor. Because you have to pay money for it (not the best argument, but it’ll work in a pinch), Malwarebytes Premium will certainly do a better job of protecting and scanning your computer. For the purposes of those whose wallets are carefully watched, the free edition is much more enticing and accessible; plus, its scanning and anti-virus capabilities are no slouch. If you think of it as a tool rather than a wholistic anti-virus solution, you can get a lot of mileage out of the free version.
Follow this guide to install the Malwarebytes software (notice the .exe extension of the downloaded file) and make sure to choose ‘Maybe later’ to activate your 14-day free trial of Malwarebytes Premium. As a side quest, you could choose to install the Malwarebytes Browser Guard, which can help protect you from the drive-by-downloads, malicious redirects, and sinister ads that we mentioned above. Once installed, you can open Malwarebytes either from the Windows Security center or by search the Start menu for Malwarebytes and giving the signature blue M a couple healthy clicks.
This will open the Malwarebytes app in which you can initiate a threat scan, view previously detected threats, and the types of real-time protection that are currently enabled. The free version only includes one type of scan which is less in-depth than some of the options which come with the heavier-hitting edition, but still does a good job of checking all the usual places for all the usual suspects. Often, the types of malware that you will encounter are not sophisticated enough to leave no traces in your system’s AppData folder, in the registry, or in startup, which are all scanned by the Malwarebytes tool.
Conclusion
I want to end this brief guide the way I began: these security tools are the basics. They are not comprehensive, they won’t make you a cyber security expert, and the CIA won’t come to your door begging you to work for them. Though some students start out snagging flies with their chopsticks, this generally only happens in Hollywood. However, in keeping with the Karate Kid theme, there’s nothing wrong with a well-waxed car and a few tried-and-true martial arts moves. The tools we explored above are meant to provide you with the resources to go about your daily computer business with the canny confidence of someone who can defend themselves. I hope you scroll through your downloads folder, cleaning out the clutter with a gleam in your eye and a skip in your step (or at least in your mouse-hand, whichever that may be). I hope that the next time you get a strange email, you can triumphantly pull up VirusTotal and drop the suspicious sneaker in there, watching the intruder get caught red-handed with a smug smile on your face. To gain confidence and fluency in computer security, sometimes all it takes is learning a few tools of the trade.
Cybersecurity Awareness Poster
 |
Click here for a cybersecurity awareness training poster that Intrada Technologies clients may print and post to meet cybersecurity insurance requirements. |
About the author
Contact Us
|
Contact Information: |
Hours of Operation: |
OUR FOCUS
Intrada Technologies is a full-service web development and network management company with a focus on creating ongoing, trusted partnerships with each of our clients.
We make sure our clients have what they require to run their businesses with maximum efficiency and reliability, as many of their needs are mission-critical.
Our unique, collaborative partnerships allow us to provide our clients with the assurance that we will be there when they need us.