Troubleshooting Common Security Issues – CompTIA A+ 220-902 – 4.2

System security is the responsibility of everyone who works with technology. In this video, you’ll learn how to address some of the most common system security issues.

<< Previous: Operating System Troubleshooting ToolsNext: Tools for Security Troubleshooting >>

We’ve all been in our browser, and suddenly there’s a pop-up on the screen. This pop-up may be something completely legitimate. It might be coming from an existing application that’s on your computer. It might be part of the browser, or it may come from the website that you’re currently visiting.

Or the website you’re visiting may be attempting to infect you with malware by popping up a message that they’re hoping you’re going to click on. Or you may already be infected with malware, and the pop-up is simply a symptom of the infestation.

It’s important that we have browsers that are running at the latest version, because there are always security updates to these browsers that might prevent some of these well known attacks from occurring. You also have the option within your browser to disable any pop-ups. That way, if someone is trying to present you with something on the screen that really is not appropriate, you will have already stopped it before it had a chance to display itself in your browser.

But if the pop-up doesn’t seem to be related to the site you’re currently visiting, and it doesn’t have anything to do with other tabs that you might have open in your browser, you may want to scan to see if you’re already infected with malware. There are number of really good third-party scanners that can look for all kinds of infection types. So you should consider using those, and perhaps a very good malware cleaner.

I always recommend that instead of trying to clean the malware off your system, which can sometimes not be 100% percent effective, that instead you delete everything on your system, install a brand-new version of the operating system, and restore from backup. Alternatively, you may have a backup that is already an image of your existing system, so it may only take a number of minutes to revert back to an earlier version of your system that was not infected with this malware.

Here’s another common browser problem. You’re typing in a Google search, and the results that come back are not from the Google site. They’re from some other third-party site, which obviously should never happen. If you’re asking for a Google search, then the result should obviously come directly from Google. This is usually caused by a malware infection. It’s often called a browser hijack, because the browser itself is hijacking the results and taking you somewhere else.

One option to fix this might be with an anti-malware or anti-virus cleaner. But of course this is not 100% effective. The only true way to get rid of malware on a computer is, of course, to delete everything and restore from a known good backup.

If you’ve ever been browsing around the internet, and you’ve come across a site that provided some type of security alert in your browser– maybe it tells you that the site certificate is not trusted, or there may be another message relating to the certificate of the server that you’re visiting. When this happens, the browser’s giving you a warning that something is not quite right with this communication. And you should look deeper to find out why this particular error is occurring.

One way to get more information is to look at the lock icon. You’re visiting a site over an encrypted connection, and that’s why you’re receiving this message. So there should be a green lock icon somewhere in your browser that you can click on. The lock itself might be yellow, or it might have a line through it. But by clicking on this, you could get more information about this particular error.

It may be that you’re visiting a site that has an expired certificate, or the certificate is for a different domain name than the one you typed inside of your browser, or the certificate may not be properly signed. It may be a certificate that was not signed by a well known certificate authority. And since it was not signed by something your browser trusts, it’s going to provide you with a message that tells you that this certificate may not be from a safe source.

If malware does infect your system, it can really create a lot of problems with your network connections. It could certainly cause very slow performance when you’re trying to browse the internet. Or it may lock up completely and not allow you to communicate to any particular site.

You might also find that you’re not able to go to certain sites on the internet, or the sites that you go to may be redirected somewhere else. The malware is in complete control, and it can decide where you go inside of that browser.

This obviously becomes a problem if you’d like to download some malware cleaning software, or you’d like to update your operating system so that it no longer has this particular vulnerability. The malware will not let you visit these locations, so that it remains on your system without you being able to download a cleaner. You could try cleaning this malware by downloading a malware cleaner on another computer, and bringing it over to the system. But usually the best way to resolve this is to completely delete everything on this computer and restore from a known good backup.

Malware can wreak havoc with your operating system, because there’s so many different things that they can change once it gets on your system. It can take your system files and rename them to something completely different, or it might delete files completely, or encrypt files and prevent you from accessing the information inside of a file. Your file permissions may change completely, and files that you normally would have access to are suddenly locked out from your particular username. Or you might not have any access at all to these particular system files.

The malware likes to lock itself away and prevent anything from being able to remove it from inside of your system. Obviously, the only way to remove this then is to get a malware cleaner that can really go into the operating system and clean it out, or to completely remove everything from your computer and restore from a known good backup.

One of the most challenging things to troubleshoot is when your system completely locks up. There’s no warning message, there’s no notification that it’s going to occur. Your system suddenly comes to a halt. You’re not able to move your mouse around the screen. Your keyboard is not responding. And you can try even pressing the Caps Lock and Num Lock keys to see if the status lights might toggle on and off, to see if there’s anything that’s happening at all with the operating system.

Even when you have this type of lockup. If the operating system’s still running, you might be able to close certain applications by starting the Task Manager. In Windows and some versions of Linux, you can interrupt the user interface with Ctrl-Alt-Delete and choose the Task Manager. In OS X you can perform a similar function by pressing Command-Option-Esc, and hopefully interrupting the operating system enough to show you that dialog so that you can choose certain applications and terminate them from that dialog box.

Once your system starts up again, you may be able to find out more information about why it locked up by looking at the event logs. This might give you at least a clue as to what was happening prior to the lockup. It might be that you are indeed infected with malware or a virus, and this is what’s causing this instability with your operating system. But it could just as easily be something related to the hardware. You might want to run a hardware diagnostic just to make sure that the hardware is performing as expected.

If you’re in the middle of using an application, and the application crashes, you might get a message that says that the application is no longer working, or the application may disappear completely from the screen with no notice whatsoever. One thing you can do is go to the event log. There’s usually information in there that can tell you why the application happened to fail.

There might also be more information in Windows Reliability Monitor. This could be useful on systems that you’re not familiar with, so that you can see over time how has this application been performing. Has there been a history of this failure in the past? And Reliability Monitor might also be able to check for certain resolutions so that it can fix the problem before you even have to worry about it.

The Windows Reliability Monitor is a great utility, but you have to know where to look to find it. You want to go to your control panel– I’m going to choose Start and Control Panel. And inside of the control panel, choose the action center.

Inside of the action center are a number of different categories listed. There’s a security category, a maintenance category. And you’ll find the Reliability Monitor under the maintenance view. If you click on the Maintenance title, you’ll notice that it expands out, and underneath you have the option to check for solutions to problem reports. And the last option on this line is to view the reliability history. Clicking on that will then launch the Reliability Monitor, and you can find out what’s happening with these problematic applications.

Here’s a screenshot of a reliability monitor. You can see that it shows you information on your system over a number of days. You could also show it over number of weeks. Each one of these columns is a single day. And on this day it shows you application failures, Windows failures, miscellaneous failures, warnings, and information.

And then you can highlight it. And it will show you, for a particular day, what the critical events were. It’ll tell you exactly what occurred with what application, any warnings that might have occurred, any informational events. And you could begin to gather a longer-term view of how this particular system was working, and how the applications might be running in your operating system.

If you continue to have problems, you can try reinstalling the application. And it might be worthwhile to call the application developer and see if there’s a known problem that might be causing this application to crash.

There are also a number of applications you can categorize as virus alerts, or virus hoaxes. Sometimes these are not actual viruses, but they certainly look as if they could be actual viruses. There might be logos that you recognize, and it may be asking you to register or subscribe. And it would certainly ask you for a credit card so that they could bill you for this fake anti-virus.

There’s also a fake type of ransomware that doesn’t actually encrypt or lock down your system, but it does lock it down enough that you can’t normally access the operating system. They usually will ask for money to unlock your computer, or require you to subscribe to a particular service so that you can then gain access back to your computer. Like normal malware, these hoaxes and alerts still need a malware cleaner to remove them from your computer, or of course you could always delete everything and restore from a known good backup.

There is also a number of security concerns associated with the email that you use. One of these concerns revolves around spam. Spam is when you’re receiving unsolicited email messages. These might just be simple advertisements, but occasionally they can be phishing attacks that are asking you for personal information or login information so that they can then gain access to your accounts. These can very easily spread viruses and malware. So it might be useful to have a spam filter or some type of filtering system to get rid of unnecessary email.

Once malware infects your machines, one of the things that it can do is make you a sender of all of this spam. Your machine now becomes an email sending device that is under the control of the malware authors. If you’re receiving replies to messages you didn’t send, or you’re seeing bounced messages come back to you that show that you sent the original message, then you might have a hijacked email application.