13 Replies Latest reply: Dec 7, 2014 3:58 PM by ChitlinsCC
Philip Fass1 Level 2 Level 2 (185 points)

My low-tech friends got trapped in a scam while using their old white iMac. When trying to find a fix for their printer, they clicked on a fake Canon tech support link. The guy they reached had them go to logmein123 and enter his key number. Then he took over their computer, gave them totally bogus advice, and probably grabbed whatever info he wanted.


Normally Logmein files would be somewhat findable among the visible and invisible files, including in the Application Support folder. But in this case, there was nothing I could find anywhere. Except in the console log, where his footprints were clearly visible.


I finally copied their docs to an external drive, zeroed out the internal HD, and reinstalled Snow Leopard. Also told them to contact all sensitive accounts, like bank, and change passwords.


I doubt they'll make this mistake again, but I'd like to protect them from other online problems. The steps I'm considering:


1. Turn on FileVault.

2. Turn on the firewall, limit connections to signed software, and turn on stealth mode.

3. Have them run normally in a non-admin account.

4. Increase the strength of their passwords.

5. Disable Java and Flash.

6. Disable automatic login.

7. Maybe install some third-party protection like the Intego internet security suite --- preferably something that will work in the background without getting them confused.


Anything else? Thanks.


Mac Pro, Mac OS X (10.6.8)
  • varjak paw Level 10 Level 10 (169,830 points)

    None of that would help if they voluntarily give access to the computer. All those precautions would be bypassed if they give some unknown person such access. But I agree with all your suggested precautions other than:

     

    1. FileVault is only necessary to protect sensitive documents from someone with physical access to the computer and for most people that's easily provided just by keeping the few sensitive documents most normal users have in a password-protected disk image and protecting passwords by not keeping them in an open text file, as many people rather stupidly do).

     

    7. Intego security or any other antivirus or privacy protection; those are usually unnecessary, there being no confirmed viruses or worms and only a handful of trojan-horse programs, and such programs often actually cause systemic problems.

     

    Regards.

  • Philip Fass1 Level 2 Level 2 (185 points)

    Thanks, Varjak. I was also thinking about Little Snitch, which now offers both in and out data monitoring, but I think the information it shows would just confuse them.

  • varjak paw Level 10 Level 10 (169,830 points)

    I agree; Little Snitch causes more problem than it cures unless the user is well versed in using it. It's very easy with LS to make a system just about unusable if you don't know what you're doing.

     

    Regards.

  • WZZZ Level 6 Level 6 (12,650 points)

    varjak paw wrote:

     

    I agree; Little Snitch causes more problem than it cures unless the user is well versed in using it. It's very easy with LS to make a system just about unusable if you don't know what you're doing.

     

    Regards.

    I don't know about the new LS 3, I'm still using the 2. But when I first started using LS some years ago I had hardly any knowledge about using it. I might have unnecessarily prevented a few sites from loading, but that was about the extent of the "damage" I did. Essential system rules are protected. (Although later on, I disabled some of those with no ill effects.)

  • varjak paw Level 10 Level 10 (169,830 points)

    I've seen users completely cut off their Internet access, in some cases disabling applications, by misunderstanding and hence misusing Little Snitch. It's a good tool if you know what it's doing and what it's telling you and can determine whether an application or process should or should not be allowed to connect, but for the average user I recommend avoiding it. In the vast majority of cases it's really unnecessary, IMO.

     

    Regards.

  • Philip Fass1 Level 2 Level 2 (185 points)

    I'm really trying to accomplish two incompatible things: keep them safe, and avoid getting calls all the time about things not working the way they expect. In theory, I'd just live next to their computer and put out fires. In reality, I want to give them the safest possible setup and hope that it will work with little need for my help.

  • varjak paw Level 10 Level 10 (169,830 points)

    I would definitely avoid Little Snitch, then, or you're likely to get a lot of calls on the order of "this is asking me whether to allow or block xxx; what should I do?", particularly when they install anything new. There's so little malware that can infect Mac OS X that instructing them on basic "safe computing" practice is probably going to be just as effective.

     

    Regards.

  • Baby Boomer (USofA) Level 9 Level 9 (56,230 points)

    I would definitely avoid Little Snitch

    I wouldn't.  Give the OP the benefit of the doubt.  LS is very easy to use & understand as long as you read its tutorial. 

    As a long time user of LS, my usage started out exactly like WZZZ and belive me, if I haven't melted my comp or the internet yet, anybody can use it.

     

    I've seen users completely cut off their Internet access, in some cases disabling applications, by misunderstanding and hence misusing Little Snitch.

    Because they did not read the user manual/tutorial.

     

     

     

     

     

     

     

     

     

     

     

    2ue5vgy.gif

  • Philip Fass1 Level 2 Level 2 (185 points)

    Yes, I could use it but my friends are technophobes. I think anything that looked like a warning would cause panic or phone calls.

  • Baby Boomer (USofA) Level 9 Level 9 (56,230 points)

     

     

    Are you the "go to" tech guy?

  • varjak paw Level 10 Level 10 (169,830 points)

    Baby Boomer (USofA) wrote:

     

    Because they did not read the user manual/tutorial.

     

     

    Yep. But how many people read manuals, and of those that do how many understand what they read?

     

    In any case, it's not the OP asking for his own use but his friends, and I again think that he'd get more calls from them in a panic about what LS is asking than the protection will be worth.

     

    Regards.

  • Philip Fass1 Level 2 Level 2 (185 points)

    That's me. I'm on speed dial. They tried a relative of theirs once, and that only led to trouble that I had to undo.

  • ChitlinsCC Level 4 Level 4 (2,175 points)