Building Your Own Privacy Package

Discussion in 'privacy technology' started by Reality, Aug 5, 2014.

  1. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Did some more testing and found out why Kerio rule wasn't responding to UNPNP utility.
    IGMP filter rule was set correctly, but popup alert wasn't displaying because I set a registry
    key to disable IGMP processing. (IGMPLevel)

    Once I deleted the key, ran UNPNP utility then Kerio showed the alert posted in your screenshot.
     
  2. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Confirmed, Kerio won't work on x64 Windows, it does install, but upon startup does not run. I managed to find a modified x86 XP. I think I will be ditching it because it does not have a registry entry for the Windows Messenger issue (when I loaded WWDC, the WM entry was greyed out.). I guess the key here is to find an untouched XP x86 SP3 ISO?
     
    Last edited: May 1, 2015
  3. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It's possible that WM has already been removed from that copy, not just disabled. Is messenger still listed in the services? Is port 135 open?
     
  4. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Thanks for checking on those reg key locations. Clicking on Seconfig XP status button.
    (Shows Kerio connections)
    Similar to WWDC utility settings (Safely disabled) and shows you the open ports.

    Seconfig.JPG
     
  5. marzametal

    marzametal Registered Member

    Joined:
    Mar 19, 2014
    Posts:
    766
    Upon expanding the side bar, it lists UDP 135 as open. However, before I destroyed the VM, I should've checked the GRC site to see what colors my ports are. I will do that today or thereabouts.
     
  6. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Some settings in Advanced TCP/IP Settings:

    DNS > [ ] Register this connection's addresses in DNS
    DNS > [ ] Use This Connection's DNS Suffix In DNS Registration
    WINS > [ ] Enable LMHOSTS lookup
    Options > Properties > [ ] Enable TCP/IP Filtering (All adapters)
    ○ Permit All
    ○ Permit Only
    TCP Ports
    UDP Ports
    IP Protocols
    // You will need to restart your computer when changes are applied. (TCP/IP security filters)

    // Didn' see these settings addressed in this thread.
     
    Last edited: May 2, 2015
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Sites like GRC are not necessarily scanning your PC. If you have a router, modem, hardware firewall, or any other device that employs NAT, that's the device that will be scanned. NETSTAT will tell you if there's any ports open on the PC itself. So will utilities like WWDC. Given the revelations from the last couple of years regarding modem/router vulnerabilities, exploits, etc, I won't trust them to shield open ports on the PCs and devices behind them.
     
  8. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    I'm thinking of installing Sandboxie on my XP-SP3. I don't understand everything in the enormous Sandboxie thread here, but I like the concept.
    Having never used a sandbox (other than a dedicated box) I could use some pointers for SSM regarding both the installation and key rules for normal use, parent-child and few others. Perhaps noone_particular could offer some suggestions.
    The only security stuff I have here is Acronis10 images, Malware bytes scanner on demand, Sunbelt firewall which is like Kerio 2.1.5, NoScript in SeaMonkey, javascripts off in Opera and SSM. On another computer I have Kerio, SSM, no SeaMonkey.
    I suppose I should sandbox Opera, SeaMonkey, Excel, Word, Outlook at the minimum. Any others?
    What not to sandbox?
     
  9. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    If your planning on installing Sandboxie then I would recommend changing some of the default
    settings in Sandboxie to harden the sandboxes.

    For browser(s) I would dedicate a sandbox for each browser and set:

    Automatically delete contents of sandbox // see other options and settings
    Forced Program > (Opera, SeaMonkey)
    Leader Programs > (Opera, SeaMonkey)
    Internet Access > (Opera, SeaMonkey)
    Start/Run Access > (Opera, SeaMonkey & possibly plugin-container when needed)
    Drop Rights > check this box when running in admin account // Recommend using LUA for everyday use
    and admin account when needed.
    User Accounts > Add an account(s) // If this list is empty sandbox can be used by all user accounts.
    You may want to allow direct access to bookmarks & history database. Depends on how strict you
    want your sandboxes.

    Other options:

    Quick Recovery // You could set your downloads folder here when you need to recover a file out
    of the sandbox. As always take necessary action (scan file(s) before recovering to real system.
    Use Malwarebytes to scan file(s) also since you have it already installed.
    You can also set Sandboxie to open up your downloads folder in a sandboxed Windows Explorer.

    You could install programs inside a sandbox for testing purposes before committing them to the
    real system. There are some limitations to be aware of.

    I would recommend sandboxing what you mentioned. PDF viewer, media players and one could also
    sandbox portable USB/flash drives.

    There are more settings a user can set as one gets more familar and understands the capabilities
    Sandboxie offers.

    As far as SSM or any type HIPS program you'll need to allow certain processes to run.
    The popups I've seen with HIPS apps I've used should be similar to SSM ( don't have SSM installed)
    which include allowing explorer.exe, SbieSvc.exe, Start.exe, SandboxieRpcSs.exe, SbieCtrl.exe
    and the browser used. Could be more or different depending on the HIPS used.

    // Learning mode can set rules, but not recommended to leave HIPS programs in learning mode.
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    My experience with SandBoxie is for the most part limited to the 3.X versions. Beyond installing it on a virtual XP unit, I haven't used the current version. I'm also limited to the options available in the trial version. I haven't purchased it.

    When I ran XP, SandBoxie was very useful from a privacy/anonymity perspective. As long as a browser doesn't include service components that would run outside of a sandbox, it's very good at eliminating any and all browser usage tracks. I like its ability to show all of the locations a browser might use and the files that tracks are stored in.

    Regarding what to sandbox, any files that can contain executable code should be opened in a sandbox. To the applications you mentioned I would add the PDF software, media player, and anything that is commonly attacked or that stores a lot of usage tracks. Applications that add services can be problems.

    I've never regarded SandBoxie as a primary component of my security package. At its core, SandBoxie enforces a policy of containment. My system is built around default-deny. SandBoxie can serve as a secondary layer of protection by providing isolation of the attack surface applications. From a security perspective, it would be somewhat redundant on a default-deny system. When the privacy considerations are included, it can serve a very unique role.

    How useful SandBoxie, SSM, or a package that utilizes both will be depends largely on how you use that PC. That usage should decide your core security policy. SandBoxie is not the best tool for enforcing default deny, just as SSM isn't the ideal choice for enforcing containment. That said, your security policy doesn't have to be based solely on one or the other. Depending on your needs, a hybrid approach can be quite useful. In such an arrangement, the sandbox itself could be default-permit with the emphasis on containment while the rest of the system is default-deny. SSM could accommodate such a policy using folder rules. The folder governed by these rules would be the sandbox itself. With folder rules, you can specify more permissive settings for everything in that folder, including subfolders if you want. You can allow interaction and free parent-child permissions between components and executables in that folder while restricting their ability to affect anything outside of that folder. This description probably sounds a lot like how SandBoxie itself works. With the folder rules, you'd be effectively creating a policy sandbox. For the contents of the sandbox itself, SSM would act as a secondary layer to SandBoxie. In a way, this arrangement would be like a virtual system. SandBoxie would create the virtual system itself while SSM restricts its ability to affect the rest of the OS.

    For anyone considering such an arrangement, I'd like to suggest an additional component, a RamDrive. At a bare minimum, you'll need at least 1GB of RAM. 2GB or more is better. A RamDrive on a system with just 1GB of RAM would require an efficient, stripped down system. How much RAM you can set aside will depend on what you're trying to do and how much you have. With some RamDrive utilities, you can choose how you want the RamDrive formatted. Given a choice, I'd use FAT32. Create the RamDrive, then move the sandbox onto it. Using a RamDrive for the sandbox has several advantages, starting with speed and less wear on the hard drive. The contents of a RamDrive are automatically deleted when the system is rebooted or powered down. If you need the contents to survive restarts, you can use batch files to copy and/or restore the contents of a RamDrive.
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    @Compu KTed,
    Thank you for the detailed tips. I shall use them if I do get Sandboxie.
    I forgot to list other security-related things I have, namely active-x blocks by SpywareBlaster, and domain blocks by the MVPS hosts file. Also my firewall has a behavior blocker similar to parent-child in SSM.

    Not sure if I should be sandboxing things that I already have under gpedit.msc SRP rules - Office, browsers, WMP, VLC, Foxit and Sumatra PDF readers, few others.

    @noone_Particular,
    You just gave me a fabulous overview. Many thanks. I have a sort of default-deny but not as complete as you guys have been discussing here or other threads. Firewall is all set, SSM, well, best as I could, both definitely are deny unless rule exists to permit.
    I may have to install this sandbox and see for myself how it works, where stuff gets stored or not, and all the nasty little details.

    Your comment "For the contents of the sandbox itself, SSM would act as a secondary layer to SandBoxie. In a way, this arrangement would be like a virtual system. SandBoxie would create the virtual system itself while SSM restricts its ability to affect the rest of the OS." is more than helpful as this is where I was totally lost trying to understand. I'll be back after I think about the implications some more.

    I don't think I can do 1gig RAMdrive on a 1.5g (max allowed) system that isn't that stripped down. But I don't know. Which window from ProcessExplorer would tell it best, SystemInfo>Memory? When idle? When doing things?
     
  12. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Act, below is an account of why I so much like Sandboxie. You get great protection to kickstart things off when things are "barebones". KeyPer and Noone, great posts! I believe Bo who is a strong advocate of Sandboxie, has just that and little else. Noscript I think.

    Well, my Computer literally blew up yesterday morning (sparks and all) Oh joy. Just before that, went to boot and nothing. Reseated cords etc and kaboom went the PSU. Spent yesterday dusting off my mums XP SP3 home computer, same vintage. Ironically, the night before, I was trying to get organized to do some neglected backups ... so if my HDD's bit the dust Ive lost some months of work. At this point I don't know if the whole systems bricked or what. I've heard it can be either or. Worst case scenario is it means I'll be back to almost square one here and I'll have to go get most of the installers again. On the good side, some fat has been trimmed and it saves me valuable time having to wade through unnecessary accumulated stuff I don't need anyway. All in all I'm seeing this as a glass 1/2 full situation.There's a few files that are somewhat important but not so much where I wont choose trashing my HDD with an axe before the choosing the alternative. Data recovery. In view of privacy issues I can't think of anything I'd like less.

    So, the first thing I did on the XP Home computer, was clean out a bit of junk. Forget AV's I installed the 2 most important things to me. Kerio and Sandboxie. I just don't feel safe without these, even with very untweaked settings. :doubt:

    FOr now I have to do a work-a-round because STUPID IE refuses to let FF be the default browser. Never had this problem on XP Pro. Ive tried the ControlPanel tweaks and no, it won't stick. So When I click Sandboxie icon it opens IE. In the meantime I just have to manually run FF sandboxed.

    Back to the HDD, I've got it out sitting in an antistat bag, and not sure whether to risk having a go installing it as a Primary Slave on Current computer (never done that before) or pay for an IDE to USB cord/adapter and get the files that way.
     
  13. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Thunderbird on this computer I'm now using has an ancient Version. In terms of security and privacy do any of you have recommendations for the last version to update to or doesn't it matter?
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Depending on what you're going to do in the sandbox, a smaller one may be feasible. If you're primarily using it with the browser, you could get by with a lot less by reducing the size of the browser cache. Instead of 1GB for the RamDrive and 500MB for the OS, why not swap those, 1GB for the OS and 500MB for a RamDrive? When it's not bogged down by an AV and a bunch of unnecessary services, XP doesn't run too bad on 1GB of RAM.
    The most important is the amount used during normal to heavy operation. The swap file can absorb the peak demands. Ideally, you don't want to be using the swap file. The more you can reduce the demand at idle, the more you have available for applications. Registry tweaks like "Always Unload DLL" can help, but are a bit of a tradeoff. While it can help reduce the overall RAM usage, it can slow the system slightly when an application requires the DLLs to be loaded again. What you need to determine is how much your system is using the majority of the time. Use that figure to determine how much RAM you normally have left (if any) and use that figure as a starting point for the size of a RamDrive. Then see if the that amount is enough for a sandbox. There's a tradeoff involved. You just have to find the amount that best serves one without harming the other. You might have to adjust what you want in that sandbox and the amount of space each application or component is allowed to use. Assuming that you're sandboxing the browser, make sure that Flash Player doesn't consume the entire sandbox.

    Dealing with a limited amount of RAM can be annoying. It does make some of the better options unavailable. I have the same problem with this hardware. Running virtual systems gets difficult when you only have 1GB of RAM, the limit of my hardware. The biggest reason that I can is because my host system is extremely light which allows me to dedicate over half of my RAM to the virtual systems. I'd love to have a 1 or 2GB RamDrive that I could run virtual images from. Would make things so much easier. The lack of RAM is one of the reasons that I strip down most of my virtual images. While not the best for performance, most of my virtual XP units function adequately on 256MB of RAM for testing purposes.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    OUCH!! Can you tell if all of the fireworks came from the power supply or does something else look burnt? Pay close attention to the capacitors. It's amazing just how bad something that small can stink. If it were my unit and I didn't see any obvious damage or problems with the hard drive, I'd risk trying it on another PC. A couple of quick checks with an OHM meter should tell you if it's completely shorted. It might be possible to substitute the HD into an external hard drive enclosure if you have one. Got an old PC that's functional but basically useless for current operating systems, such as an old Windows 95 or 3.1 unit? Its BIOS may not be able to work with the hard drive but it could determine if it's still functional, eg does it spin up or just smoke? If nothing else, it might be possible to save its contents as a large zip file. Knock on wood, I haven't had a PC go up in smoke or fireworks yet. So far, that show has been confined to monitors, twice. Lots of sparks, smoke, and stink, but no other damage.
    You should be able to create a new desktop shortcut for a sandboxed FF. Have it point directly to FF instead of your default browser. The last 3.X version had that option. I'd be surprised if the removed it from the 4.X version. Even if they did, you should be able to modify the command line parameters of the shortcut so that it points to FF.
     
  16. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Have you checked the Firefox options to see if Firefox is currently set as your default browser?
    Also go into Windows ' Set Program Access and Defaults ' > choose Custom > Choose a default web browser:
    and check the corresponding box to Firefox [ ] Enable access to this program and use my current web browser.
    IE should not show as default browser.
     
    Last edited: May 6, 2015
  17. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    The fireworks shot out behind the computer where the PSU is. Yes there was a bit of a lingering stink. I don't recall seeing any smoke. I was doing a little looking on the net about it, and I saw capacitors mentioned. I looked and nothing appears swollen, there doesn't appear to be anything that looks burnt. LOL my options are getting more slim. NO more PCs lying around only my dually Mac. When I was in town earlier today, the guy that gave me the used antistat bag, told me the IDE enclosures are getting a bit hard to find and if the HDD is dead it 'd be a waste of money although I have 3 other IDE drives 2 in the Mac and one in the PC I'm using now. What would be the worst that could happen if the drive is dead and I put it in the PC Im using now? I wouldn't know how to use a meter to test it. I know the least risk would be to use one of those adapters. Being a 3.5 it would need to be powered though. I might ring a friend in a nearby city and see if he has an enclosure.
     
  18. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    Done all that. I'll play around with it some more though, as under the circumstances things have been more than a bit hectic.
     
  19. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    If you run IE browser and click on Internet Options > Programs tab then does it say "Internet Explorer is not
    currently the default web browser"? I'm at a loss as to why IE would be set as default if you changed the settings
    in Program Access and Defaults to Firefox.
     
  20. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    If I'm understanding correctly if your running Sunbelt firewall version 4.x and SSM on the same computer, then
    you would be running 2 HIPS programs which is not recommended. There is an option to check/uncheck HIPS
    feature in Sunbelt firewall.
     
  21. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    It's not sufficient to uncheck HIPS in the firewall, because the driver stays (LoadOrder.exe confirms, and long ago Avast installer failed, BSOD, faulting sbhips). Unfortunately, there's no way not install the hips module.
    According to RootkitUnhooker, sbhips.sys hooks two services. But sbhips and SSM worked fine together. First SSM alerts, and then, if you allow, Sunbelt alerts.
    That said, I have sbhips totally disabled by "sc config sbhips start= disabled".
     
  22. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    @Reality
    A couple of possibilities regarding your default browser issue. If I recall, you have SSM pro installed? Are the registry rules activated? The tray menu makes it very easy to activate them by accident. The free version of SSM can have the same issue with the registry module. The keys that control default handlers and applications would be included in their coverage. I'm not familiar with the Sunbelt firewall. KerPer4Life mentions that it has a HIPS component. Does its HIPS also include a registry component? Any type of HIPS that includes registry protection would likely include those keys and could be preventing the change from sticking. If that firewall has a HIPS component, it's also possible that it's interacting with SSM, interfering with each other. You might try disconnecting the internet, then shutting them both off and see if the key can be changed.
     
  23. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    Has been many years since using Sunbelt firewall version 4, but I don't recall the exact version
    number I used. When I did use it I'm pretty sure I had no other HIPS program installed.
    Could be wrong, but I didn't see any registry protection options available.

    Here are some screenshots with one showing HIPS.
    http://www.filehippo.com/screenshot/sunbelt_personal_firewall/
     
  24. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    @KeyPer and noone,

    I'm pretty much starting with a barebones system. I have to go and retrieve most of the installers we've talked about through this thread. I'm on my "other" computer now. I wasn't ready to install SSM so it didn't get installed.

    Now, here's what Ive done, numerous times in varying orders:

    1/ Control Panel, under custom, set FF to be default browser with IE also enabled but NOT the default.
    2/ Same as above with IE disabled.
    3/ Go into IE6 ( :eek:) properties and all I could see was the option to stop it checking to see if it was the default browser, which I did. That setting seems to stick.
    4/ Gone into FF (27) properties where I have checked (enabled), "always Check to see if FF is default browser" , PLUS it tells me it IS the default.
    That setting sticks. (I made sure I did that change OUTSIDE the sandbox)

    Conclusion
    1/ In CP the radio button enabled for FF wont stick, whether I disable IE altogether or not.
    2/ Even if I totally disable IE (in COntrol P) SBIE still loads IE THAT is very very VERY strange.
    3/ The only thing I can come up with (and I'm just guessing) was when I installed SBIE I didn't check to see which was the default browser, and my brother who had this computer last, used IE at the time. So maybe SBIE some how "hardwired" itself into IE.
    4/ Probably unrelated, but the file associations on this computer are a bit skewiff. I saw firefox documents open with IE. Changed that and now they open with FF but it's done squat about the other problem.
     
  25. Compu KTed

    Compu KTed Registered Member

    Joined:
    Dec 18, 2013
    Posts:
    1,411
    @Reality
    Just to be clear in Program and Access Defaults (Custom) the radio button is checked and under
    Choose a default Web browser there should be nothing checked for Internet Explorer.
    ○ Firefox [√] Enable access to this program (box is checked)

    Now you could also try this in Sandboxie:
    Go into Sandbox Settings > Forced Programs and add Firefox.
    Go into Applications > Web browser > Internet Explorer ( nothing should be checked)
    Go into Restrictions and make sure Firefox is only app that has Internet and Start/Run Access.
    // Need to add plugin-container to Start/Run Access when viewing videos. Streaming may require
    Internet Access setting.

    As noone suggested make a shortcut on desktop pointing to Firefox and Sandboxie should start a sandboxed
    Firefox when you click on the shortcut icon.

    Properties shortcut Window:
    Target: "C:\Program Files\Sandboxie\Start.exe" default_browser
    // Should look something like this line.

    Start in: "C:\Program Files\Sandboxie"
    // should look like this line.

    Sandboxie Start Commands:

    "C:\Program Files\Sandboxie\Start.exe" default_browser

    "C:\Program Files\Sandboxie\Start.exe" c:\Program Files\Mozilla Firefox\firefox.exe

    // Hopefully correct install path for Firefox. Try this command if the default_ browser command doesn't work.

    Other extreme option blocking IE browser:
    Go into Resource Access > File Access > Blocked Access > ADD button or Add Programs button
    and add iexplore.exe.
     
    Last edited: May 6, 2015
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.