The Elephant in the Room
by Street
Addressing the metaphorical elephant in the room is crucial when it comes to permitting untrusted users access to your networks.
Allowing unauthorized entry to your system can lead to severe consequences. It is imperative that only authorized individuals have physical access to your computers. This is just as important as using strong passwords. But security measures like biometric authentication, smart card systems, and surveillance cameras are not always feasible.
End-users primarily depend on anti-virus and Windows Defender for their security needs, and there is an abundant amount of malware that antivirus does a good job protecting them from. Do a search for [remote access trojans] on GitHub, and it will turn up hundreds of examples that anti-virus will probably detect.
However, if you have physical access to a computer, you can completely bypass anti-virus. By turning anti-virus off before you install the malware, and then creating an exception for your malware directory, you can resurrect old code that has already been flagged by anti-virus.
This is a great way to learn more about malware, and can be safely done in a virtual machine.
Here is a step-by-step guide to do this for Windows Defender:
To turn off Windows Defender:
- Type windows security in the Windows search bar and select the app.
- Click on Virus & Threat Protection in the Windows Security window.
- Under Virus & Threat Protection settings, click on Manage Settings.
- Toggle the switch under Real-Time Protection to the Off position.
- Confirm that you want to turn off real-time protection.
To create an Exclusion:
- Type windows security in the Windows search bar and select the app.
- Click on Virus & Threat Protection in the Windows Security window.
- Under Virus & Threat Protection settings, click on Manage Settings.
- Scroll down to the Exclusions section and click on Add or Remove Exclusions.
- Click on Add an Exclusion and choose the folder you installed the malware in.
Then turn Windows Defender back on.