Why haven’t you mentioned CryptoPrevent?
While CryptoPrevent is an interesting tool for preventing the CryptoLocker malware from encrypting everything on your machine, I have some issues with it. My issues are not with the software itself, but with some of the side effects of actually using it.
Become a Patron of Ask Leo! and go ad-free!
What CryptoPrevent is
CryptoPrevent is really just a utility that prevents CryptoLocker from running.
It’s fine. If you want to run it, by all means, go ahead and run it. There are a couple of side effects that I discuss below, but they’re probably not the kind of side effects that are going to impact you in any tangible way.
My concern is twofold: One, that we’re spending a lot of effort focusing on only one specific piece of malware. And two, running CryptoPrevent might be giving us a false sense of security when it comes to actually understanding how safe our machines are.
How CryptoPrevent works
A little bit about how CryptoPrevent works.
CryptoPrevent works by blocking the execution of programs from certain locations; locations that are not normally used by legitimate software. Apparently, people have found out that these are locations that are used specifically by CryptoLocker.
As such, for now what CryptoPrevent represents is a way to prevent CryptoLocker from running on your machine and encrypting all your files.
My opinion is that it’s actually the wrong solution to the problem.
The right solution
The issue is that you should not be trying to avoid just one specific kind of malware. Cryptolocker is malware with particularly bad effects, but it’s malware nonetheless. We should be doing what we can to avoid all malware, not just CryptoLocker.
.. if CryptoPrevent were to actually make a difference on your machine it’s because you already allowed CryptoLocker to be downloaded …
In fact, if CryptoPrevent were to actually make a difference on your machine it’s because you already allowed CryptoLocker to be downloaded on to your machine! That is what needs to be prevented, because the things that prevent you from downloading Cryptolocker are the kinds of things that prevent all malware.
The right way to deal with CryptoLocker is to treat it just like any other malware. Remember, only you can prevent malware. Don’t open email attachments that you aren’t absolutely certain are safe, and as I understand it CryptoLocker currently propagates most commonly via email attachments.
In general, remember to use the internet safely and with a healthy degree of skepticism. My article, “Internet Safety: 8 Tips to Keep Your Computer Safe on the Internet” covers the basics of how to keep your machine safe not just from CryptoLocker but from all malware.
If you’re interested, you can find a discussion of CryptoLocker, how it works, why it works, and how CryptoPrevent works, in excruciating detail at bleepingcomputer.com.
I want to provide that as interesting information, but it’s not the approach I want most people to follow. What I truly care about is that people learn to stay away from malware in general. Those techniques will work not just for CryptoLocker, but for all the other malware that’s out there as well.