Infection through local network

[Eponymous98]

Hey, 

Is it possible for one pc running Windows to infect another pc running Windows on the same network?

If it is, is there any way to prevent that? 

(None of my pcs have been infected, I am speaking theoretically)

Thanks

[Electronics Wizardy]

thats what wormable vunrelabilities are all about. Thats how a lot of ransomware has spread. Look up things like wannacry.

 

This can be prevented by patching systems regularly(the big one), setting up firewalls to block all but needed traffic, limiting access of user accounts, not reusing passwords or using common passwords, using 2fa, and other methods.

[Applefreak]

Yes it is possible and usually what most malware does in the first place. HIPS Firewall and up to date Antivirus will be your first choice. If you suspect on of your systems to be affected, take it off the network by removing the cable. If it's a company computer, best practice is to wipe all data by formatting the drive(s) and reinstalling the OS. Your backups should be kept on a dedicated machine, running unix or linux (mac os will do as well if you have an old mac around). Don't use WiFi if you are concerned about safety. 

In general you want to do some preventive measures like educate people on how to be safe while browsing the web, not opening links from e-mails for example or downloading compressed files unless the source is trustworthy.

Make sure to use an Antivirus with a high chance of detection (you will have to buy a license), look at AV-Comparatives for up to date comparisons. Then make sure every detection setting is set to the highest level. This will be annoying because of all the user interaction needed to open stuff.

 

In short, preventive measures like educating about the risks will be your best option, a Firewall and Antivirus will be your last line of defense. Also make sure your OS is up to date and don't use third party or beta drivers. Don't use any tools you find on the internet, especially if they are offered for free, unless you know them already. If you are not sure about a program, ask the community about it but better, look for a reputable alternative.  

[Eponymous98]

13 minutes ago, Applefreak said:

Yes it is possible and usually what most malware does in the first place. HIPS Firewall and up to date Antivirus will be your first choice. If you suspect on of your systems to be affected, take it off the network by removing the cable. If it's a company computer, best practice is to wipe all data by formatting the drive(s) and reinstalling the OS. Your backups should be kept on a dedicated machine, running unix or linux (mac os will do as well if you have an old mac around). Don't use WiFi if you are concerned about safety. 

In general you want to do some preventive measures like educate people on how to be safe while browsing the web, not opening links from e-mails for example or downloading compressed files unless the source is trustworthy.

Make sure to use an Antivirus with a high chance of detection (you will have to buy a license), look at AV-Comparatives for up to date comparisons. Then make sure every detection setting is set to the highest level. This will be annoying because of all the user interaction needed to open stuff.

 

In short, preventive measures like educating about the risks will be your best option, a Firewall and Antivirus will be your last line of defense. Also make sure your OS is up to date and don't use third party or beta drivers. Don't use any tools you find on the internet, especially if they are offered for free, unless you know them already. If you are not sure about a program, ask the community about it but better, look for a reputable alternative.  

Thank you for your reply! What is a HIPS Firewall? Is there a tutorial that you can recommend on setting it up?

Also can disabling file sharing through the network on Windows help?

[Applefreak]

Disabling smb shares in windows will help of course. HIPS is short for "Host-based Intrusion Prevention System", basically it is an active firewall that checks incoming and outgoing traffic on all ports and can detect programs that are behaving out of the order. I am using the ESET AV package for example and have not had an issue on our our company network (7 machines on the same network). You can either use it like the windows firewall but more efficient because of daily updates or have it ask for user permission every time a program wants incoming or outgoing traffic. At first this can be a bit of a pain because your games will be blocked but long term it does prevent the spread of malware over the network because you would need to click accept on the infected host as well as the new target machine to allow traffic. However you will only be secure if all machines are set up the same way.

[Eponymous98]

 

20 minutes ago, Applefreak said:

Disabling smb shares in windows will help of course. HIPS is short for "Host-based Intrusion Prevention System", basically it is an active firewall that checks incoming and outgoing traffic on all ports and can detect programs that are behaving out of the order. I am using the ESET AV package for example and have not had an issue on our our company network (7 machines on the same network). You can either use it like the windows firewall but more efficient because of daily updates or have it ask for user permission every time a program wants incoming or outgoing traffic. At first this can be a bit of a pain because your games will be blocked but long term it does prevent the spread of malware over the network because you would need to click accept on the infected host as well as the new target machine to allow traffic. However you will only be secure if all machines are set up the same way.

I am already using Norton 360. It should have HIPS firewall right?