This.

For me, ESET’s USP is that they have an online scanner. It’s utterly brilliant for when a system is so hosed that you can’t actually install any tools.

(Though at that point you should probably be flattening it and starting again…)

That one required a meatware start before it could rampage through SMB.

I don’t think we actually know what the initial infection vector was for WannaCry. Sophos Labs say it probably wasn’t via a phishing email and Symantec said email was unconfirmed. The ENISA said email was possible but the most probable scenario was “Internet scanning for systems vulnerable to a Microsoft Windows vulnerability and remote exploitation of the vulnerable systems.” (e.g. finding badly configured firewalls that allowed internet-facing SMB ports).

Not used one for over six years, Windows Defender is switched off. Suppose it’s not really viable for your average multi user system in it’s default state and depends very much on the kind of interaction and web services you use.

This is good to know, I’ve always recommended Avast, but having come back to Windows after 3 years with a Chromebook (a decision I now regret) I have found Avast is beyond marketing, it is intrusive.

Having a popup every 48 hours starting from an upgrade invite that is now progressing to scare tactics by listing all the security gaps (cookies) firewalls and other nonsense ‘4,800’ vulnerabilities on my PC’ statements, to the point last week where Chrome advised it had installed an add-on automatically and did I want to remove it…

Sandwich – Member
That one required a meatware start before it could rampage through SMB. Don’t click on suspect links or get a grown up to check them for you.

Tell you what though, the phishing emails on some of these are bloody hard to spot now.

We had some with the from address of one of our legit customers, email all correctly spelled, looked like a legit autogenerated invoice, correct logos, no weird links/domains, just a CSV file attached.

Apparently for whatever reason, CSV files in Excel are able to exec stuff using DDE. 😯

Yeah a properly custom targeted mail (spearphish) is a lot less obvious than the usual badly spelt money transfers from Nigerian princes.