Hacking experience

Other opinions sought:
It has been my experience that there are so many holes in XP and IE, that there is no such thing as real security.

Between rootkits, trojans, viruses, and all the holes, the BEST you can expect is to spot a hacker on your system after they have gotten in.
You can get around any firewall or AV.

Firewalls and AV are fine for automated attack systems and kiddy scripts.
But won't stop or spot a hacker on your system with a rootkit.

The exploits are numerous, and available.
Once on a system I can make your task manager lie to you about what is running and corrupt the op sys. even make firewalls and AV lie, I can even listen in (bug) to you via your MIc.

There are exploits out there even MS doesn't know about them yet.

Security is an Illusion.

Bobreny

[LowWaterMark]

Oh come on.

Just what are any individual person's chances of being the direct target of some super-hacker? The threat the vast majority of people must defend against are the automated worm attacks and script kiddy level garbage. Secure settings, patches and AV plus FW will make almost every system safe given the odds here.

There are always those that warn people of the super-hacker who is unstoppable and coming after you!!, and that they might as well not even try to secure their systems. But that just opens the door to the lame attacks that people are actually likely to see.

[bigc73542]

All I can say is that I run XP Pro sp1 and numerous security apps. software and hardware. I have had in the last nine years I virus on my computer's and that was my own fault. Xp may not be 100% secure but it is the most secure os that microsoft puts out. It took that spot away from win 2000pro. With common sense and good security practices you are relatively safe. My malware infection record is proof of that. Unfortunatly there are a lot of people out there that thru ignorance or the thought that they will never get infected do feed the theory that xp is not a secure os. But that is not the fact, xp is pretty secure if the win updates are kept current and you run a (good) av and firewall. and a dedicated antitrojan app. this is not just my opinion this is fact. And windows (xp) is getting more secure all of the time. But it is a constant chore keeping all security systems updated and current.

the russian natiz hangup gang is doing over $100,000 a month in Internet theft. Russian Mafia, and working on the latest virus.
They are after your id , ID theft, what is your credit reputation worth?, thjey get new credit cards in your name, and you never know about it till it shows up on your Credit report or skip tracer contacts you.

Internet theft is billions $$$ a year, Romania is famous for their hackers,

super hackers working alone are a thing of the past, orginized crime is on the internet now.

the most common and disastorous threat is ID theft and its growing around 30% a year.

Think again.

Bobreny

Listen to your selves, "keep up with the patches"
What does that mean, ITS NOT SECURE?

There is no end in sight to the patches.

HOLES, holes, you are not safe, I know you don't like to hear it, and you will fight it but think about it.

Bobreny

[LowWaterMark]

In all these posts you've yet to say what you think people should do. Go hide under their beds? What? Or are you only interested in trying to scare people into not even trying to secure their systems?

[ronjor]

Quote:

Originally Posted by olds

Listen to your selves, "keep up with the patches"
What does that mean, ITS NOT SECURE?

There is no end in sight to the patches.

HOLES, holes, you are not safe, I know you don't like to hear it, and you will fight it but think about it.

Bobreny

They are working on it.

[bigc73542]

Quote:

Originally Posted by olds

Listen to your selves, "keep up with the patches"
What does that mean, ITS NOT SECURE?

There is no end in sight to the patches.

HOLES, holes, you are not safe, I know you don't like to hear it, and you will fight it but think about it.

Bobreny

It might not be secure but it has worked well so far. well enough of this bull.I'm out of here

Your right Sorry.
First I want to see what opinion was.

We have a false sense of security based on the programs we use and buy.

There are methods to track if a hacker is on your system.
None of the stop a hacker.

And its not to just scare you, we need the stuff we have now, I wouldnt tell any one to get rid of their security,

Some of the methoids to spot a rootkit are online scanners (ie not on your computer), that haven't been corrupted, crc checks for all key files,
On line port scans. not from your own computer.

The risk is in not knowing the risks.
Its not to scare, its to educate, I got hit by a sloppy hacker and managed to spot it. which started my research.

How many have an emergency plan for a discovered hacker?
Most just panic. and run corrupted programs looking for it.

I don't have all the answers but hope to point the way, cause its comming.

Bobreny
ps some ideas for emergency procedure is to disconnect from Internet, and just relax till panic passes. find another computer friend to run a port scan on your computer from theirs, oog back on knowing your being watched, and try to try online scanners.

Its not bull and you ignore it at your own risk.
The hostility does surprise me.
Everything I've said is true, you can look it up in Google.

We have not acheived Security yet.

There is a huge threat comming.

widers sound like a good place to let people know,

The IT engineers and network admin. already know about it.
They fight this war every day.

We need something for the pc's

And I think I havesome good ideas.

Bobreny

[LowWaterMark]

Quote:

ps some ideas for emergency procedure is to disconnect from Internet, and just relax till panic passes. find another computer...

Ah, good beginning.

Another idea is to scan your system from a safe scan media, which is also outside the context of your current computer environment. If a real root kit is on your system, then it exists within the disk structure there. The methods you've mentioned about it masking itself only work because it is running embedded within Windows on your system, loads itself into memory under Windows and intercepts things because it is already in memory running...

So, try using one of the available CD based scan and repair utilities available via many AV providers. (You certainly would need to get such a thing from a safe source, not an already infected computer.) Boot the system from that secure media, so that any infections resident on the suspect hard drive can't run, and have it scan that disk. No, not a 100% solution, but very high up in the 99.XXX% range based upon what people are going to see in the real world.

Ahh a voice in the dark.

there are holes in that also, which I'm not going to go into.
But yes its a considerable increase in present, security.

Currently its a threat that is being ignored completly.

But there are ways to address it.
Bobreny

[bigc73542]

The administrators and moderators and and security experts are here for that reason to help the average pc user face the ever growing threats. We realize that there is no perfect security but we do try to help them achieve the best security that they can. It is an uphill battle but the people on this forum are volunteers and I believe that the job they do is almost miraculous .

[LowWaterMark]

Quote:

Originally Posted by olds

Currently its a threat that is being ignored completly.

Ah, but consider this... There are among the forces of good, (for lack of a better phrase ), people that know exactly what you are talking about. These people know how these attacks work and they are constantly improving both protection and detecion techniques. Consider just DCS and the products represented in their forums here. Process Guard is one tool meant to be used to combat such things. But, it is not alone.

Another approach is application sandbox. While this thread shows an older product, just look at the incredible protections such a tool can provide. Imagine having that running on a clean Windows install, and see how difficult it would be to even infect such a system with that in place:

http://www.wilderssecurity.com/showthread.php?t=11871

There are newer and more powerful tools, as well.

Yes I run two sand boxes, but it only closes two holes, down loads and excuting new files.
but it is a good start

Bobreny

This looks good:

http://cigars.bravepages.com/antispy.htm

Bobby

[Brent]

Quote:

Originally Posted by olds

This looks good:

http://cigars.bravepages.com/antispy.htm

Bobby

lol I am not purchasing a product that the company can not even afford their own web hosting and domain name. Not to mention the fact that I created better web pages than that when I was 10

[stalker]

Quote:

Originally Posted by LowWaterMark

Oh come on.

Just what are any individual person's chances of being the direct target of some super-hacker? The threat the vast majority of people must defend against are the automated worm attacks and script kiddy level garbage. Secure settings, patches and AV plus FW will make almost every system safe given the odds here.

Well, I would have to agree with that.



I don't have recent patches (actually I do not have any patches at all, they supposely just slow you system - some of them), but I do have a good FW and AV.

Firewall: Zone Alarm Pro, version: 4.0.146.029
Antivirus: CA EZ eTrust Antivirus, version: 6.1.7.0


Yeah, and if you again look in lines above, I wrote FW first, before AV, cause I think it needs to be placed there - it is much more important that AV imho, cause of various reasons.



But maybe to that's the "theory" of my for another topic.

[nick s]

Quote:

Originally Posted by stalker

I don't have recent patches (actually I do not have any patches at all, they supposely just slow you system - some of them).

I would patch. My system benchmarked the same before and after XP SP2 RC2.

Nick

Does anyone know if SSM's application firewall is as good as TTT's application sandbox? If not, could they be used together? Thanks.

[optigrab]

Quote:

Originally Posted by stalker

I don't have recent patches (actually I do not have any patches at all, they supposely just slow you system - some of them)

My machines are fully patched, and I have no complaints. It is an interesting position you have, though. It might make for a good thread topic, and maybe we all can learn something.

Not patching your system?

I guess you have to be a real expert to know which patches are required and which are not because you have covered your bases another way. In any case, I would rather close a security hole rather than hope another software can block it,

The point about scanning your computer using a online scanner that resides on another computer/website is interesting to defeat rootkits is not really new, but it just occured to me that while there are such services for antivirus like Panda,Trend etc. But there doesn't seem to be a equalavant service for real anti-trojans.

I'm talking about TDS-3 , Trojanhunter and BOclean (well guess not since it's not on demand scanning) , why don't they provide such services to their registered customers?

Is it their belief that their users will never ever need such services because they will never get infected in the first place? But what about the first time customer who suspects he is infected and then buy TDS-3? I'm sure TDS-3 has a lot of sophiscated matters of detecting rootkits, but surely allowing a scan from their website would aid greatly in bypassing the rootkit defences?

Also, everybody seems to be admitting that yes, all this new fangled antimalware software you buy will only protect you from scriptkiddies and not real hackers. But that doesn't look like what is being promised on all the websites hawking such products.

Are they breeding a false confidence that is so common on these forums?

"I run KAV/NOD,TDS-3/BOClean/Trojanhunter,PG, ZAP,WG,Opera, fully patched and I'm proof against all the hackers and throw at me! "

[ronjor]

Quote:

Originally Posted by Ronin

Not patching your system?

Also, everybody seems to be admitting that yes, all this new fangled antimalware software you buy will only protect you from scriptkiddies and not real hackers. But that doesn't look like what is being promised on all the websites hawking such products.

Are they breeding a false confidence that is so common on these forums?

"I run KAV/NOD,TDS-3/BOClean/Trojanhunter,PG, ZAP,WG,Opera, fully patched and I'm proof against all the hackers and throw at me! "

If everybody were confident, they wouldn't be here. Looks like everyone is trying to learn more.

A "hacker" most likely isn't going to mess with home computers. It's too easy to use social engineering not only on home users, but big biz too.

If you are talking malware, which covers a lot of bases these day, these programs probably don't hurt anything.

You also have to use common sense.

[stalker]

Quote:

Originally Posted by Ronin

Also, everybody seems to be admitting that yes, all this new fangled antimalware software you buy will only protect you from scriptkiddies and not real hackers. But that doesn't look like what is being promised on all the websites hawking such products.

1. Sad, but this is true for many software, and for many sites out there. I mean things like:

"you defenitely need this, it will speed up your PC for 200 %"
"this is the best software world-wide" for worm prevention"
"this is a "must" for everyone connected to internet"


But hey, that's advertising.



2. About all that anti-spyware (not cleaner, like Ad-aware, or Spybot), but those "real-time" oriented (program execution, and other file-access monitoring) like for instance Spysweeper, or SpywareGuard, that I used and run for some period - they are completely useless, at least in my case.


Spysweeper - not needed at all cause of both, firewall (cookies) and antivirus (worm/trojan execution)

SpywareGuard - not needed at all cause of antivirus (worm/trojan execution - my "powerful" CA EZ eTrust Antivirus)




3. Further, I am actually seriously considering not to use AV at all (since "great" developement of my knowledge I hadn't any virus any trojan/worm(only those I saved from e-mail attachments to encrypted folder for "personal archive"), or whatever malware thing - ZA java/ActiveX, MIME, and other cookie/mobilecode and adds control prevents all)



Greetings, all ...

Quote:

Originally Posted by ronjor

If everybody were confident, they wouldn't be here. Looks like everyone is trying to learn more.

Or trying to show off, oops help others

Quote:

A "hacker" most likely isn't going to mess with home computers. It's too easy to use social engineering not only on home users, but big biz too.

Yes, an excellent example, would be someone posting a link to some new super antimalware tool, I bet it would snare many of the people here, who are always looking for the perfect defence

Quote:

If you are talking malware, which covers a lot of bases these day, these programs probably don't hurt anything.

I'm not talking about common malware, but buffer overflows, custom trojans designed to avoid detection. IS the typical "senior member" here who runs the "ideal" setup recommended by wilders (practically the one I posted) really protected?

Quote:

You also have to use common sense.

I think most of us here have common sense and some knowledge besides, but I'm talking more than that. I'm talking about a level beyond that, a level alluded to by the original poster of this thread.

You must admit if you wish to progress to that level, this doesn't seem to be the right place to learn (links to dubious sites are disallowed by the TOS I believe). There are many experts no doubt, but they seldom discuss anything concrete. The irony is, the threads most frowned upon by moderators where vendors of antimalware bash their competitors products, are the ones where I find you really learn the most. Not much, but you do get some hints.