Helping attackers by declaring your defence setup in your signature

And to think how I've been lampooned in the past for running a Top Secret combo of little-known European "protection methods". *grin*

I have often mused,though how forums where HijackThis! logs are displayed probably tell "data-miners" all they need to know.

I can just picture them counting all the Nortons,adding how many Mozillas,noting what's hot and what's not in terms of sales,etc.

 

Lol, never really thought about this, I have removed my sig right away, I hope it isn't too late lol!
On the other hand it can also perhaps scare hackers, sort of like "back the hell up, look at my sig", lol.

 

Rasheed187

I don't think hackers can be scared easily.

In fact it might be the opposite. They might find it more challenging to be the "1st to the summit".

I think Primrose got the right strategy there ... I like the layered defence there.

Chew

 

Yet another thing to consider.

Refusing to disclose exactly what you are using comes close to what people call " Security through Obscurity" isn't it? And that is not supposed to be a good thing.

 

I do not think it is the same. When people do not put their security setup in their signature, it is (normally) not for the main purpose to deter hackers from knowing what they use. If one creates software and depends solely (or a large majority) on obscurity to protect itself from vulnerabilities, i think that is when it might not be a good thing.

I have thought about this issue at length as well; mainly in regards to how large a threat it is to disclose information about your setup. The first point i would like to make is that if one is an active participating member in some of the forums here, it is almost impossible to not disclose something about the software you are using. A lot of us have questions (whether it be troubleshooting or just general questions) about the particular software we are using. And while it might be safer to just pm or email the developers with these questions. It is not very practical for the end user or the very busy developer. A lot of us have found very prompt help from fellow board members, and have no further need to contact the developer about the query. If everyone were to just contact the developer about every issue that would be very time consuming for the developer who may have other priorities. Another topic i feel that needs to be addressed in this subject is that of "entry point." If malware were to target and utilize the vulnerabilities of a particular software (which happen to have been disclosed by someone's signature) ... how does it get in? Perhaps social engineering? If this was the case, i do not think it is a problem with the software, but rather the user. If this was the means of entry, i can see how it might help the hacker from knowing what software was running before hand. BUT do not see it as a necessary component to the attack. If the hacker knows the setup he can probably create a tool that poses as a "game" that would get pass certain security programs on the users computer and then ask the user to run it. If the hacker does not know the setup, he can ask the user to disable those same security programs so that this "game" will run properly. Maybe convince the user that he is running the same security programs and found that the "game" does not run properly with those security programs running. The user who falls for running an unknown exe from a stranger is very likely to be a user that could be convinced to run the unknown exe with their security programs disabled. In another situation, let us say that the hacker will try to exploit software to gain access. To do this an attack on windows (as that is what most of us are running) or known software will have to be exploited. In this case we are talking about software that has a vulnerability. And while i do not have exact numbers, i imagine that exploiting a particular AV or AT in this manner is not the easiest way to gain entry inside the computer. And I do not think that many types of these software have this capability to be used in that way after being exploited (without being too obvious). It seems to me that every software has its flaw and has the potential of being exploited. How big of a difference does it really make if one runs established security programs (that have been thoroughly tested) and have windows well patched, compared to one who runs the same things but just makes it known what they are running? Both can be exploited, and if the entry way is not made through exploiting a vulnerability in security software, then they both seem to be equal in risk. I maybe completely wrong in what i think, but hopefully it will provide some interesting thoughts on how i am wrong.

 

Very interesting Primerose! Also, I may be mistaken on this but, I thought that an attacker (I know that malware doesn't need to use open ports) would actually have to connect to your computer before they can take any serious action. Since obviously stealthing isn't that great a feature anymore manually closing ports underneath the firewall defense would be a good idea. And as some other people have stated if an attacker really wanted to waste his/her time gaining your trust so you'd let your guard down then they've done just that: waste their time when there's so many dumb people out there unprotected. You have no idea how many people's computers I've fixed who haven't even downloaded FREE service packs! I would think that building up quite the impressive portfolio of protection software would have an attacker thinking "screw this, look at this idiot over here". Maybe they wouldn't get scared or back off but it would keep them at bay. I also think the point about "software with vulnerabilities is the same as unknown software with vulnerabilities" is valid because as mentioned before, they'd be wasting precious energy, resources and hacking time. And, I mean, who isn't running exploitable software? I can probably safely say that at least 97% of us users here use Windows. 'Nough said about that.

Another issue brought up was resource sites such as this one. This is where people come for help and information. Some of the best "help" is the HijackThis log analysis. If you don't utilize these sites where you gonna go? Your ignorant friends that know less about computers than you do? No. There is such a word as paranoia you know. I mean seriously, how many of us "security experts" have been hacked? I know I haven't.

Regards,
erikguy

 

How do you know? For sure that is ?

 

Wayne is right. Having a known config helps someone craft an attack, e.g. Zone Alarm source port exploit or evading KAV signatures.

Most home machines will not be targetted except for spam and DDOS zombies, which is a generalized attack. The specific attacks are more hazardous since one is being targetted i.e. more time and resources spent.

I'd say those who work for big companies are at risk, since the home LAN presents an entry point into the corp machines. Also security experts are targetted a lot e.g. Projekt Mayhem. I'd always give out expendable info. While the kids generally can't code a stack overflow, they do have unpublished AIM/AOL/Yahoo exploits.

One more thing, use a DMZ (demilitarized zone) if you run servers at home.