It's becoming increasingly common on various forums for people to declare which security programs they use in their signature. Just remember that you're making things easier for anyone wanting to target you - not only do they know exactly which programs you DO use, they also know which ones you DON'T use, and can easily analyse your setup to anticipate your 'style' of defence setup - which programs you would go for and which ones you'd avoid. Consider vulnerabilities for example - often the attacker can only use a vulnerability against you if they know you're using the program in which the vulnerability resides, and by declaring your security setup in your signature you're taking the guesswork out of the equation for them.

Anyway, just something to be aware of.

Thanks for the advice. ;)

Good post Wayne, thanks.

Cheers ;D

Good point & thanks for reminding.

Yes, I thought too a while back ....

;)

The answer is simple. Lie a bit in your signatures.

As a good friend reminded me...also good reason NOT to ever post your hijackthis log in a forum :o Then they would know what whacked you last and what you are paying for in Security Products or just running for free.

Primrose

That's true. I thought that was a dead give away compare to Signature really ...

I mean you are going to give all the details on your systems ...

hmmm ...

I am getting really paranoid now ... :o

With all due respect, a couple of points in rebuttal:

1) The advice is really only useful as protection against attack of you as an individual. And unless I'm greatly mistaken, that kind of hacking is extremely rare, compared to more typical malware attacks which are directed against as wide a range of targets as possible on the internet. Sure, I can be hacked, but I've got no reason on earth to believe anyone's out to "get me" personally. I protect myself in various ways from in-the-wild stuff, not personal attacks.

2) It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help, whether with a particular piece of software/hardware or with your system generally, the info must be provided if you want any kind of reasonable assistance.

Best to all,
Mike

A lot of "attacks" are downloaded to computers by users.

If you open the door, they're coming in!! :D

I think Wayne was just making the point that one can make it easier should an attacker go for you and I quote:
-{ Quote: "Just remember that you're making things easier for anyone wanting to target you" }-
Just words of caution that's all ;D

If you don't give "them" your email address, IM, or IP address in either your signature, postings, or Hijack This logs, how can "They" find you and connect your security setup on Wilders with one of the Millions of other interent users out there? (Maybe through some dedicated spyware, but you are blocking those, right?)
You can edit your Hijack This logs to mask IP addresses, DNS servers, email, even revealing directory names. The only reason you would need to post a Hijack This log anyway is because you are already up the creek. Hopefully, after having learned a lesson, you would tighten up security and prevent it from happening again.
That being said, concealing your security suite doesn't hurt. And if program interaction is relevant, the programs can be listed there in the post. It is easier anyway then checking the person's sig.

Well they could break into this site and grab the logs of course.

-{ Quote: "Well they could break into this site and grab the logs of course." }-
Geez, now we have to even view Wilder's with an anonymous proxy just in case?

-{ Quote: "Geez, now we have to even view Wilder's with an anonymous proxy just in case?" }-Some of us already do. :P (though in my case, more to prevent my ISP from logging my online activity).

-{ Quote: "Some of us already do. :P (though in my case, more to prevent my ISP from logging my online activity)." }-
All right fine Paranoid2000 I guess you can't be too paranoid these days ;D
[Devinco reluctantly activates anon proxy and edits profile for an alternate throw away email address]

-{ Quote: "With all due respect, a couple of points in rebuttal:

1) The advice is really only useful as protection against attack of you as an individual. And unless I'm greatly mistaken, that kind of hacking is extremely rare, compared to more typical malware attacks which are directed against as wide a range of targets as possible on the internet. Sure, I can be hacked, but I've got no reason on earth to believe anyone's out to "get me" personally. I protect myself in various ways from in-the-wild stuff, not personal attacks.

2) It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help, whether with a particular piece of software/hardware or with your system generally, the info must be provided if you want any kind of reasonable assistance.

Best to all,
Mike" }-
I fully agree.
If a hacker, I think we are talking about Cracker, is interested in my machine, which I doubt, he certainly doesnt need my presence here at Wilders to look after the progs I use, and knowing that he makes his plan to enter my machine.
And what if he sees we are using top of the bill security progs? Scared him/her?
I doubt.

Mikebcda,
-{ Quote: "unless I'm greatly mistaken, that kind of hacking is extremely rare" }-
Not all hacking that goes on comes in the form of a .exe attached to an email mass-mailed to everyone saying "Hi, please run the attached file", and when individuals systems are hacked they're rarely reported to authorities so statistics aren't reliable and International statistics are virtually non-existant. It happens a lot more than you'd imagine, and when vulnerabilities for particular programs appear you often get hackers that 'fish' for people using that software - not by mass-mailing or other such bulk methods, but by other methods such as using Google to find people who've asked questions about the software, or to find people who post their security setups in their signatures, etc etc - it's really quite trivial, and attacks are very easy to execute, a lot easier than exploits such as shellcodes, buffer overflows and so on.

-{ Quote: "I've got no reason on earth to believe anyone's out to "get me" personally" }-
By informing hackers of what software you're running you're giving them a good idea of which methods of attack they should use and which they should avoid. If they know nothing about your security setup then they've got a lot more work to do, and also you're giving them no reason to target you. You might be the nicest bloke on Earth (and I'm sure you are!) and maybe nobody has any reason to target you as a person, but declaring your security setup may be enough to entice somebody to target you.

-{ Quote: "It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help" }-
Which "experts"? There's a big difference between providing information for trouble-shooting and security, and no _security_ expert will ever tell you to disclose your security setup to the International public. If such information is ever required by somebody trying to help you then you can always send them a private message or emails, and then you won't be disclosing the information to uninvited 3rd parties.

-{ Quote: "the info must be provided if you want any kind of reasonable assistance." }-
Actually you'll find that such information in signatures is rarely (if ever) used by those helping the person - just knowing that a particular program is installed doesn't really tell you anything about a problem on somebodys computer.

Primrose,
-{ Quote: "As a good friend reminded me...also good reason NOT to ever post your hijackthis log in a forum" }-
Spot on, it's exactly the same problem although actually it's even worse in one sense because such logs disclose full directory paths, and there are many vulnerabilities/exploits that can be used to destroy/overwrite existing files but only if the full path is known, but yes - like disclosure in signatures, they usually show exactly which security programs are and aren't installed.

It just seems that a lot of people are quite innocently setting their signatures to disclose their security setups without understanding the posible ramifications of that. It's completely up to you whether or not you disclose such information but it's important to just be aware of it, and it seems not many people are.

Gerard,
Just as one brief example - your signature says that you use Firefox 0.93. If I want to attack you and can execute a vulnerability against that build of Firefox then all I need to do is attract your attention to a webpage to infect you. That might also take a bit of social engineering (say, sending you some friendly emails for a couple weeks to gain your trust), but it's still all trivial. Even if the exploit required scripts to be enabled I could just make it so the webpage required scripts to execute in order to view the page, and I could use a plethora of tricks to help prevent you seeing the exploit in the source code. That's just one simple example against just one program.

Regards,
Wayne

Hi Wayne,

I understand your answer and it has a logic in it. On the other hand the majority of the members and visitors here are using one or another combination of AV/AT/AS etc. So its not a very high secret about that. Also you can read through all the postings if you want to get a more specific idea what someone is using to get all the nasties out.
I had a more or less feeling that I am safe computing using those apps. Is that a false feeling?
If so I agree with I believe Ronjor said to put other apps. in your defence setup than you really have, which will give you an extra safety barrier.
Am I right?

Regards

Gerard

-{ Quote: "On the other hand the majority of the members and visitors here are using one or another combination of AV/AT/AS etc. So its not a very high secret about that." }-
Yes, but an attacker isn't concerned that you have an anti-virus - that's not an obstacle to them. What they want to know is which anti-virus. For example, if they want to modify a trojan so that it slips through detection of your anti-virus then they need to know exactly which anti-virus you're using, because each scanner will detect the file differently so even though the attacker may be able to get the trojan to be undetected by one scanner, another scanner may still detect it. Modifying a trojan so that it bypasses detection of all scanners is unpracticle and would take the attacker more time than it's worth, so knowing exactly which anti-virus program you use is a big advantage to the attacker as it allows them to easily and quickly customise their attack specifically for your defence.

Sorry but I'm not quite sure what you meant in regards to Ronjor's comment ... ?

Hi Wayne,

Thanks for explaining.
Sorry it was not Ronjor, it was Ronin said this:
The answer is simple. Lie a bit in your signatures.

Gerard

I thought the first line of defense was the most effective (against attack), my router - besides, i've got nothing here but a cheap car stereo ane no credit card/online banking used. :D

Lynchknot,

There is an update for Firefox for security issues. Apologies if you know this already.

Thank you ronjor! - :D

Looking good lynchknot!!

-{ Quote: "With all due respect, a couple of points in rebuttal:

1) The advice is really only useful as protection against attack of you as an individual. And unless I'm greatly mistaken, that kind of hacking is extremely rare, compared to more typical malware attacks which are directed against as wide a range of targets as possible on the internet. Sure, I can be hacked, but I've got no reason on earth to believe anyone's out to "get me" personally. I protect myself in various ways from in-the-wild stuff, not personal attacks.

2) It has often been recommended, by experts here and elsewhere, that this kind of info be included in your sig because if you post a request for trouble-shooting help, whether with a particular piece of software/hardware or with your system generally, the info must be provided if you want any kind of reasonable assistance.

Best to all,
Mike" }-

Well I certainly agree with you also ;D Most who do a personal attacks leave a trail in any case. ;)

I still remember when stealth was a biggie but you do not hear much about that these days.


The whole issue about "stealth" simply says that your router or
computer doesn't reply to say "no connection available here", which
would verify to a potential hacker that there is a computer at your ip
address.

Hackers or otherwise hostile agents, that don't care whether there is
anything at your ip address, will attempt to hit you anyway. The
whole issue of "stealth" became less important on January 25, 2003.
http://www.wired.com/wired/archive/11.07/slammer_pr.html

Slammer didn't check for anything at a given ip address. It just sent
itself to that address. It infected 90% of its potential targets in
10 minutes, by simply not caring what it was invading.

Blaster continues to infect hosts constantly. Look at any of the
Microsoft.public.*.* discussion groups, every day somebody asks about
their computer shutting down with "NT Authority..." or "RPC Call...".
http://www.microsoft.com/security/incident/blast.asp

If your computer is vulnerable to an attack, and a Blaster or Slammer
type worm is sent in your direction, you WILL be infected. Stealth or
not.

Stealthing yourself is a good idea. But it does not replace a good
layered defense. Each layer is necessary because no layer produces
complete protection.

The first layer is a NAT router (hardware firewall).

The second layer is a software firewall.

The third layer is good software. This layer contains many parts.

AntiVirus protection.

Adware / spyware protection.

Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/

Harden your operating system. Check at least monthly.
http://windowsupdate.microsoft.com/

The fourth layer is common sense. Yours. Don't install software
based upon advice from unknown sources. Don't install free software,
without researching it carefully. Don't open email unless you know
who it's from, and how and why it was sent.

The fifth layer is education. Know what the risks are. Stay
informed. Read Usenet, and various web pages that discuss security
problems. Check the logs from the other layers regularly, look for
things that don't belong, and take action when necessary.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.


http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&client=googlet&selm=v3lp30hkirjl0sfjgkf5s03ssqjfff3c8d%404ax.com&rnum=13

And if you run WinXP..do it with NTSF and limited accounts.

And to think how I've been lampooned in the past for running a Top Secret combo of little-known European "protection methods". *grin*

I have often mused,though how forums where HijackThis! logs are displayed probably tell "data-miners" all they need to know.

I can just picture them counting all the Nortons,adding how many Mozillas,noting what's hot and what's not in terms of sales,etc.

Lol, never really thought about this, I have removed my sig right away, I hope it isn't too late lol!
On the other hand it can also perhaps scare hackers, sort of like "back the hell up, look at my sig", lol. :)

Rasheed187

I don't think hackers can be scared easily.

In fact it might be the opposite. They might find it more challenging to be the "1st to the summit".

I think Primrose got the right strategy there ... I like the layered defence there.

Chew :)

Yet another thing to consider.

Refusing to disclose exactly what you are using comes close to what people call " Security through Obscurity" isn't it? And that is not supposed to be a good thing.

-{ Quote: "Yet another thing to consider.

Refusing to disclose exactly what you are using comes close to what people call " Security through Obscurity" isn't it? And that is not supposed to be a good thing." }-

I do not think it is the same. When people do not put their security setup in their signature, it is (normally) not for the main purpose to deter hackers from knowing what they use. If one creates software and depends solely (or a large majority) on obscurity to protect itself from vulnerabilities, i think that is when it might not be a good thing.

I have thought about this issue at length as well; mainly in regards to how large a threat it is to disclose information about your setup. The first point i would like to make is that if one is an active participating member in some of the forums here, it is almost impossible to not disclose something about the software you are using. A lot of us have questions (whether it be troubleshooting or just general questions) about the particular software we are using. And while it might be safer to just pm or email the developers with these questions. It is not very practical for the end user or the very busy developer. A lot of us have found very prompt help from fellow board members, and have no further need to contact the developer about the query. If everyone were to just contact the developer about every issue that would be very time consuming for the developer who may have other priorities. Another topic i feel that needs to be addressed in this subject is that of "entry point." If malware were to target and utilize the vulnerabilities of a particular software (which happen to have been disclosed by someone's signature) ... how does it get in? Perhaps social engineering? If this was the case, i do not think it is a problem with the software, but rather the user. If this was the means of entry, i can see how it might help the hacker from knowing what software was running before hand. BUT do not see it as a necessary component to the attack. If the hacker knows the setup he can probably create a tool that poses as a "game" that would get pass certain security programs on the users computer and then ask the user to run it. If the hacker does not know the setup, he can ask the user to disable those same security programs so that this "game" will run properly. Maybe convince the user that he is running the same security programs and found that the "game" does not run properly with those security programs running. The user who falls for running an unknown exe from a stranger is very likely to be a user that could be convinced to run the unknown exe with their security programs disabled. In another situation, let us say that the hacker will try to exploit software to gain access. To do this an attack on windows (as that is what most of us are running) or known software will have to be exploited. In this case we are talking about software that has a vulnerability. And while i do not have exact numbers, i imagine that exploiting a particular AV or AT in this manner is not the easiest way to gain entry inside the computer. And I do not think that many types of these software have this capability to be used in that way after being exploited (without being too obvious). It seems to me that every software has its flaw and has the potential of being exploited. How big of a difference does it really make if one runs established security programs (that have been thoroughly tested) and have windows well patched, compared to one who runs the same things but just makes it known what they are running? Both can be exploited, and if the entry way is not made through exploiting a vulnerability in security software, then they both seem to be equal in risk. I maybe completely wrong in what i think, but hopefully it will provide some interesting thoughts on how i am wrong.

Very interesting Primerose! Also, I may be mistaken on this but, I thought that an attacker (I know that malware doesn't need to use open ports) would actually have to connect to your computer before they can take any serious action. Since obviously stealthing isn't that great a feature anymore manually closing ports underneath the firewall defense would be a good idea. And as some other people have stated if an attacker really wanted to waste his/her time gaining your trust so you'd let your guard down then they've done just that: waste their time when there's so many dumb people out there unprotected. You have no idea how many people's computers I've fixed who haven't even downloaded FREE service packs! I would think that building up quite the impressive portfolio of protection software would have an attacker thinking "screw this, look at this idiot over here". Maybe they wouldn't get scared or back off but it would keep them at bay. I also think the point about "software with vulnerabilities is the same as unknown software with vulnerabilities" is valid because as mentioned before, they'd be wasting precious energy, resources and hacking time. And, I mean, who isn't running exploitable software? I can probably safely say that at least 97% of us users here use Windows. 'Nough said about that.

Another issue brought up was resource sites such as this one. This is where people come for help and information. Some of the best "help" is the HijackThis log analysis. If you don't utilize these sites where you gonna go? Your ignorant friends that know less about computers than you do? No. There is such a word as paranoia you know. I mean seriously, how many of us "security experts" ;) have been hacked? I know I haven't.

Regards,
erikguy

-{ Quote: "There is such a word as paranoia you know. I mean seriously, how many of us "security experts" ;) have been hacked? I know I haven't.


Regards,
erikguy" }-


How do you know? For sure that is ? :)

-{ Quote: "! Also, I may be mistaken on this but, I thought that an attacker (I know that malware doesn't need to use open ports) would actually have to connect to you

-{ Quote: " If you have a firewall or anti-virus program please send me the full address (absolute address) to all the images it has. email the list to b0iler@hotmail.com What the javascript will do is try and load that image, if it does then ie will return a true value, if it doesn't ie will return false and we will know the user does not have that software installed. " }-

This appears to be the crux of the idea, but I'm pretty sure it will not work with Firefox and Opera. I could be dreaming but I thought that IE was also fixed to avoid this problem (accessing local files via javascript).

Wayne is right. Having a known config helps someone craft an attack, e.g. Zone Alarm source port exploit or evading KAV signatures.

Most home machines will not be targetted except for spam and DDOS zombies, which is a generalized attack. The specific attacks are more hazardous since one is being targetted i.e. more time and resources spent.

I'd say those who work for big companies are at risk, since the home LAN presents an entry point into the corp machines. Also security experts are targetted a lot e.g. Projekt Mayhem. I'd always give out expendable info. While the kids generally can't code a stack overflow, they do have unpublished AIM/AOL/Yahoo exploits.

One more thing, use a DMZ (demilitarized zone) if you run servers at home.