Tag Archives: Enhanced Protection Mode

Marco viruses on the rise – The Sleeping Beauty slumber is over

28 February 2015

For some month reports about macro viruses are constantly appearing in the IT press. Although the latest report, ‘Macro viruses reemerge in Word, Excel files’, published by Michael Heller on the TechTarget platform SearchSecurity at 24 February 2015, could make us feel somewhat insecure, there is in my opinion no reason to panic.

From the statistics created by security firm Kaspersky, we see that attackers used Microsoft Office in 1% of all cases for the distribution of exploits in 2014. In total Kaspersky products detected and neutralized 6.167,233,068 cyber-attacks in 2014. This means that Word or Excel were used in 61,763,330 cyber-attacks, 2.3 times more than in 2013.

Sounds anything but dangerous. Moreover, we are better prepared than 15 years ago, when macro viruses were most popular. Many protection measures are common sense, but sometimes it’s good to recap.

With that, I suggest:

  1. Please make sure that your anti-malware program is always up-to-date.
  2. Configure Macro Settings in Microsoft Office Trust Center. Choose ‘Disable all macros with notification’ as default:

    Disable Macros With Warnings Settings in Trust Center

    ‘Disable all Macros With Notifications’ in Trust Center

  3. Use Windows Update to keep Microsoft Office and Windows up-to-date with the latest patches.
  4. On 64 bit Windows please activate ‘enhanced Protection Mode’ in Internet Explorer. This will force Windows to run Internet Explorer in Container Mode at low integrity level. In addition, please download all files to the default download location.
  5. Enable SmartScreen Technology in Internet Explorer. Malicious files are downloaded from malicious sites. SmartScreen Technology supports you by blocking downloads from known malicious sites.
  6. Try working with standard user rights. This limits the impact of an attack to the operating system
  7. The last and perhaps the most important rule: Think twice before you click on a word or excel file stored in an untrusted site. As a rule of thumb the entire Internet is an untrusted site, and of course all email attachments.

There’s really no need to panic. Macro viruses are no rocket science. The available protection measures are enough to deal with this old stuff.

Have a good weekend!

Why is Internet Explorer security such a challenge? More tips to minimize the risk

29 November 2014

In his Report ‘Why is Internet Explorer security such a challenge?‘ Stephen Bigelow talks about Internet Explorer (IE) security and attack trends. In section ‘Tips to minimize the risk’ he introduces the standard mitigation measures.

In addition, IE 11 and Windows 8 provide security functions which can be activated or adjusted to make Internet use less risky:

1. Set User Account Control (UAC) to ‘Always notify me’

With UAC set to ‘Always notify me’ you will be notified if malicious code which is executed in Internet Explorer tries to install software or tries to make changes to your computer.

2. Activate SmartScreen Filtering to reduce the risk of phishing attacks

SmartScreen Filtering was introduced with IE8 and was integrated in the OS with Windows 8. SmartScreen Filtering checks web sites and files, after you clicked on the link, against a list of harmful sites and blocks downloads from these sites.

If the SmartScreen Filter blocks a malicious site you will get an error message like

SmartScreen Filter Error Message

SmartScreen Filter Error Message

To activate SmartScreen Filtering check Enable SmartScreen Filter in the IE Advanced Security Options.

3. Activate Enhanced Protection Mode (EPM) in the Internet Explorer Advanced Security Options

With EPM activated IE runs in an AppContainer at low integrity level. Write access to resources at medium or high integrity level, e.g. Windows system resources, is blocked.

4. Try to work without administrative rights

From my point of view this is the most important advice at all. Without administrative privileges it is very unlikely that malicious code executed by Internet Explorer could attack the operating system because this is blocked by the User Account Control (UAC) in Windows.

Even if you activate only SmartScreen Filtering and EPM, Internet use will become less risky.

Moon over Wangalm, Austria. 47°22'54.1"N 11°06'35.4"E

Moon over Wangalm, Austria. 47°22’54.1″N 11°06’35.4″E

Have a nice weekend.