Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 6 - Computer Monitoring Tools

As security professionals we all know when our computers are trying to tell us that there is something wrong.  We also have our own techniques for poking around "under the hood" looking for trouble before it gets out of hand.  Like car enthusiasts, we know what each rattle and noise means and we take steps to correct the problem early.  But what about our parents and extended family members who don't have the same skills?  Like the temperature gauge or "check engine" light in your car, how does a typical user know that something is wrong?

Most newer operating systems have a system health and monitoring capability.  For example, in Windows 7 you do this:

  • Log on as a local administrator on your computer, click Start, and then click Performance and Information Tools.
  • Under Advanced Tools, select Generate a system health report.

And in Windows XP you take these steps:

  • Log on as a local administrator on your computer, click Start, and then click Help and Support.
  • Under the Pick a task, click Use Tools to view your computer information and diagnose problems.
  • In the Task pane, click My Computer Information, and then click View the status of my system hardware and software.

But what else can a non-technical user do that is simple and easy?  We published a diary about this subject a couple of months ago and got some really cool ideas.  Take a look at the comments and see if there is anything else you are aware of.  Use the "comment" link below to add your ideas to this diary.

Marcus H. Sachs
Director, SANS Internet Storm Center

 

Marcus

301 Posts
ISC Handler
I don't think the 'ordinary user' can know. The average Personal Computer is far too complex a machine. And, of course, different people have different agendas, some of them mutually incompatible.
The ethernet cable is like a hypodermic needle. Plug it in, and you really have to trust whoever is pushing the plunger, that what is injected is good for you.
Anonymous
I don't find a Start->Performance and Information option under Windows 7 (Professional). I reach it by right-clicking on Computer and choose Properties. Then it is in the bottom left, under the "See Also" category. In any event, the information presented isn't particularly helpful to an end user. In my case, it claimed there was no anti-virus registered with Security Center, even though Microsoft Security Essentials is installed. It did alert me to a video memory contention issue: the fix was to turn off video features, reduce resolution and use fewer programs. Not all that helpful. And, I've never noticed any video or performance issues. It told me to "investigate why 18% (3,3337) events were lost during data collection." I can't imagine how that helps an end user in the slightest. The rest of the information was more technical, though it was safely hidden.

Our company provides technical support for over 100 Small to Medium Businesses, including a few schools. We also support many of the home users for those companies. We've been doing this for about 30 years. In our experience, even technically knowledgeable users make poor system admins. The end users who try to be their own techs often have the more difficult problems to fix as their attempted repairs, numerous "diagnostic" tools and such have muddied the waters. Those end users who run multiple gauges to continuously check performance and call us whenever the CPU goes to 100%, or ask why adding more hard drives did not reduce disk paging, simply waste their efforts and the support personnel.

I truly wish there was a simple set of things an end user could do without deeper understanding, but I just don't see any such tools really exist.
Rastech

18 Posts

Sign Up for Free or Log In to start participating in the conversation!