How quickly the malware/security landscape changes!

2-3 years ago when I started visiting this forum:

1. Process Guard was the king of HIPS...it now appears to be a has been

2. NOD32 was sold to me as a one stop product. My rep told me that I wouldn't need antispyware applications with NOD32, all I would need was a good firewall.

3. Sandbox applications were relatively unknowns or at least not spoken about nearly as frequently

Amazing how quickly things change in the technology world!

 

Ha, you bet!

 

And How Little The Means of Malware Distribution Have Changed

Social Engineering has become much more sophisticated:

An inside look at a targeted attack
http://isc.sans.org/diary.html?storyid=2894

However in the end, same old thing:

And same tried and true solution:

If it can't execute, it can't infect

The triggering mechanisms have become more sophisticated and very difficult to analyze
without the proper tools:

Analyzing an obfuscated ANI exploit
hxxp://isc.sans.org/diary.html?storyid=2826

In the final analysis,same old thing:

And same tried and true solution:

If it can't execute, it can't infect

If you followed the sloantreefarm exploit, you saw how clever and sophisticated it was, with referer heading and redirect means of getting the user to a page which attempted to download a trojan by remote code execution. In the end, it was prevented by the same tried and true solution, as many here demonstrated:

If it can't execute, it can't infect

Appearances are deceiving. PG is still a formidable warrior standing guard at the gate.
Nothing like the above exploits gets past PG.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

I hope that you don't think I was trying to slam Process Guard. I have never even used it. I really can't speak of it's effectiveness or ineffectiveness. I was merely noting that it appeared to be the "hot program" a few years ago and now people rarely speak of it. Other programs like SSM and Prosecurity seem to have replaced it as the "hot program".

And even more than that, just 2 years ago NOD32 + a Firewall was a tight security set up. Now it's not even the bare minimum as the bare minumum seems to be FW + AV + Antispyware.

So I hope that neither Process Guard nor NOD32 users took offense. I was merely pointing out how fast the world of PC security seems to be changing.

 

I'm sure you weren't

But sometimes our views on these things are influenced by the media which loves to hype and sensationalize the world of malware.

It deserves our attention, of course, but often close scrutiny of what is written reveals that tried and true simple solutions are still effective.

Naturally, one needs to evaluate her/his own circumstances and proceed accordingly.

But the blanket statements one reads are often misleading, and deserve a closer look.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

A good AV and Sandboxie will get you through any storm.

 

But for how long?

 

You forgot to mention that Phishing is now a major concern. It's also not anymore that malware's purpose is to screw your computer up. Now malware is there to gather information about you and send it to someone else so that they can use it. If it can't execute prevents malware and keyloggers from being used, but Phishing depends on social engineering, and there's no software solution that cleanly solves it. To spot Phishing you have to have a close eye. You have to be aware that a small icon will change when you're at a secure website. You have to be aware that there should be a security certificate, but usually you just get a warning when the certificate is expired or invalid, which usually means the site is legit but they've let something lap. Now, with URL redirection being quite common, it's easy for them to make a Phishing site that's plausible, if you haven't paid close attention, and maybe uses a spelling like www.micorsoft.com, www.paypall.com or perhaps something like www.cibcvisa.com they could even go a step further and do secure.cibcvisa.com - someone who has a Visa from CIBC might not twig on this. There's no foolproof software that will prevent someone from actually giving their information out. That's the biggest new issue that hasn't caught on yet. Spyware has, because it behaves similarly to Viruses, and it can be prevented with software. Phishing isn't as easily preventable, and it's not talked about nearly enough either.

BTW, don't click on the micorsoft one, turns out it's one of the standard spelling mistake portals. Probably nothing, but don't go there unless you trust your security software.

 

That little trick of social engineering is possibly the easiest of them all to prevent.

DON'T DO NO CREDIT CARD BUSINESS ONLINE! PERIOD! FOR ANYTHING!

My motto goes something like this, if any online busines is really legitimate then they will have already made provision for a potential customer to contact them via the old-fashioned way. TELEPHONE.

Otherwise, they don't get any business from me period.

No matter how safe you think secure site is, your credit card private number is VERY VISIBLE if others want to review for malicious purposes. Think of the internet as a global telephone party-line.

 

how do you know the phone is safe?
do you really know who your giving your credit details to via the phone?
if you shop online it is normaly through acompany suh as element5 which is a known safe company that does onlien transactions.
via the phone its just you and the person on the other end.
i just thought i would chime in.
lodore

 

safest !! but that's ridicilous is go to seller in person,hand over your money ,and get your thingy,greedy world we live in and it seems worser than yesteryear.

 

And even then you have no assurance that the seller won't scam you. But then that may already have nothing to do with malware or computer security.

 

CAUTION, put on your paranoid protection suit...

I hate to even mention this, BUT, there are still a gazillion analog phone connections into a home or business. I am not talking about all the fancy digital stuff in your house or business.

See the physical wire coming into your home/business?

ALL outside telephone techs have a test "telephone" with clips... it is called a "but in". The "but in" looks like the handset from a pay phone with a dial on the back side where the ear piece is.

Telephone wires have only 48 volts and very low current, and can not really hurt you. (If you were holding the two telephone wires when a persons phone rang... zap... zap... 105 volts at 20 Hz with little current. Sure will make you let go very fast!)

Or, just use a simple cheap headset with a 9v amplifier. Just make sure the resistance of whatever you use, is high so the phone company "central office" does not think you have the phone "off hook".

Mike

 

The days of simple malware are over, now we get :
- the sophisticated malware
- the hidden malware
- the quiet malware
- the hard-to-detect/remove malware
to steal your identity data, your money, your private info, etc.

This requires other security measurements, like
- firewalls
- immediate system recovery
- whitelists
- anti-executables
- isolation
- behavior based

 

being a safe surfer is most of what is needed to stop the lastest malware.
a email asks you to give bank details in an email
you just delete it right away or report it to the bank then delete.
i know somepeople where unlucky and got infected by the zero day attack at the asus site but thats the problem of asus.
they should have better secuirty systems.
the main thing is dont go overboard.
next thing you will be telling us is we need retinal scanners on every door.
and if the wrong person trys to access the door then a gun starts shooting
lodore

 

Looks like in the future, it will still be a problem, just have a different name... "unwittingly collaborate to one another's mutual advantage"

Scientific American - Breaking Network Logjams (June 2007)

Page 4, under "Tomorrow's Networks"

(All red highlighting is mine.)

Mike

 

How true

I hate repeating myself, but these "common sense" advices aren't enough yet.
And as you said, no current "anti-phishing solution" can really stop this problem, especially if the domain and the SSL certificate are the true and original ones: speaking of which, I've just been credited on Slashdot by the author of my favorite security tool, who slightly improved my infamous ZoneAlarm PoC

 

just think if you click a link in a email pop client it will open in IE as default.
so it pays to make e.g. opera or firefox tthe default browser to minimize damage if you click the link by mistake.
just remember kasperksy is the only av that can scan secure traffic.
maybe other av's will follow suit.
lodore

 

If I could find a patontheback.jpg, I would post it.

GOOD WORK, elio!

Mike

 

Not really, you're thinking about malware again. Phishing doesn't require malware. Opera is in the default configuration worse (at least when I used it), it doesn't show the URL of the link you're hovering.

What would probably be needed is a program that has a white list (both by URL and by IP address, in case of HOST file infection or DNS poisoning), a black list, and an algorithm that detects likely phishing sites either by similar spellings or dropping URLs and just having an IP adaddess.r

 

what about using something like open dns?
that would help against that sort of thing.
it blocks phising sites.
and say you where at a wireless hot spot and the router was exploited the dns settings changed.
if you went to example hsbc.co.uk it would first look up the ip address from the router then it would be checked by the open dns settings of your connection and you would then go to the right place.
lodore

 

That'll definitely help.

 

Really?

 

Elio...How did you do that with that link? It fooled spoofstick.

I thought spoofstick would prevent me from this sort of thing.

 

Of course I just had to also try it. But, knowing you, I pasted the link into Notepad so I could look at it... 1096 characters.

So, the first screen was leaving BofA, and then to http://www.sipc.org/

Hmmm, should I have seen your "If you did not see it written here ..." message?

Mike