Posible Solutions to "Is security software secure?"

This is the 3rd and final thread in the series Are Security SW Products Secure?

For member’s convenience, here are two previous threads. Suggest a browse or review through those threads before moving on;

Thread 1 https://www.wilderssecurity.com/showpost.php?p=1275795&postcount=1

Thread2 https://www.wilderssecurity.com/showpost.php?p=1291497&postcount=1

Some Possible Alternatives Solutions

Purpose: To identify possible solutions to the threats identified in thread 2
Here is a List of known technology threats identified in thread 2

1) DNS poisoning.
2) Free SW that purports to offer security benefits to users
3) Licensed or paid Security Software that seem to provide the user with the ability to turn off auto updating and / or sharing our technical settings
4) Rogue code in the Security Software products
5) Piggy-back Software
6) Voice Print Technology

7) Untested or Buggy Code in Security Software (vapourware security functions)

The dangers of HTTPS

“Most of us may associate the HTTPS protocol (encrypted web traffic) with security and safety - entrusting it with passwords, credit card numbers and other sensitive information. However, this protocol is being used in links by some advertisers and this has some concerning side-effects” see the thread https://www.wilderssecurity.com/showpost.php?p=172473&postcount=1 for more details.

Possible Alternative Solutions

Users need a vetted written Personal Security Policy (PSP) and a written Technical Security Plan (TSP)

1.Acquire facts and knowledge of the real risks you face on your own set - up/lan, e.g. wireless vs wired, dorm vs house, browsing profile? Banking or not etc. In one case, user concerns may focus on privacy threats in outbound packets from SW on their PC. We should be able to trust the software from vendors that what we knowingly install on our PC’s, but as been demonstrative many times at this forum and others that users can’t and shouldn’t.

2.Using the knowledge from point 1, develop your written Personal Security Policy (PSP) for your set up, not mine not anybody else’s, their own.

3.Then take this PSP and vet it past others you trust and respect for their review and comment. Consider any changes and only make those changes that enhance your PSP. Using only you’re PSP, produce a written technical security plan (TSP) of what H/W and what S/W types and classes you need to implement your PSP. Bear in mind that the tools to best implement your policy today may change and will change over time even though we don’t always recognize that point. Many usres are biased by the tendency to favour (or not) vendors currently or previously used.


General immediate action(s) can be taken by YOU!

As users continue to use SSW, but are worried about outbound data, simply restrict all the automatic outbound communication by using their firewall rules. Insert the vendor update ip’s into the FW update rules one by one. You only have to do it once. Do not use automatic updating unless you KNOW the vendor updates hourly.

1)When installing ANY security application, reference check them as if you were hiring them to work for you since that is exactly what we are doing. Use technical forums and the vendors own sites to gain insight. Some sites list known incompatibilities with the other products you may have.

2) Backup your whole system via image SW before proceeding to do anything.

3) Before installing scan the install/setup exe with your AV and ASW products. In my case this would be Nod32 and SAS but these are here only to make it clear, others would all use your own favorites as they see fit. Use trial versions before buying.

4) Analysis the EULA no matter how long and difficult the wording.

5) If you use a program like EULAlyzer to do this for you, do NOT ignore the privacy and other warnings. The key issues are privacy and sharing of your personal information and waiving of your legal rights. This list is incomplete.

6) Use “custom install” option when available, instead of letting the program install without confirmations. This should allow you to check for everything that it will install, and, often, un-checking things you don’t want or need. Watch for modification of your search bar, home page and start list do not allow those to happen by neglect.

What are your ideas for avoiding, preventing or minimizing the risks imbedded in the following threats?

1. DNS poisoning?
2. Free SW that purports to offer security benefits to users?
3. Licensed or paid Security Software that seem to provide the user with the ability to turn off auto updating and / or sharing our technical settings?
4. Rogue code in the Security Software products?
5. Piggy-back Software?
6. Voice Print Technology?
7. Untested or Buggy Code in Security Software (vapourware security functions)?
8. The dangers of HTTPS ?

 

Guys, I'm asking for ideas, methods to avoid threats. Don't worry about posting. Even steps you have taken that fail would be better than silence.

I am not complaining but I am discouraged, having worked hard to produce these three threads for you that there is so little to show for it.

Provide some feedback please! Ask yourself what you do about each of the 8 threats.

 

I don't have any real solutions to those problems

But i have written something that could be kept in mind while programming software.

http://forums.comodo.com/which_prod...curity_and_attack_vector_theory-t26535.0.html

 

Well, thanks tetsuo55, I read your paper over at CFW forum.

Again, thanks for the link and the post.

 

Okay I'll do some work on IDEAS, not yet recommendations:


1) DNS Poisoning: Switch your DNS server to OpenDNS: http://www.opendns.com/

2) ??

 

Further to the OpenSource DNS service I have obtained from another forum the following test site to see IF in fact users have this problem in the first place.

I just tried it but site was toooooo busy will try later on.

 

I believe there are ways to secure my host file but I can't remember what they are right now? Anybody?

 

Easy. Use a limited account -> no write permission for, e.g., c:\Windows incl. hosts file.

 

Okay! Good point.

Many feel that running with LA is good security practice anyway. Thing is many don't as the install programs and uninstall them so frequently. I'm not saying this is good, just the way things are. Of course Vista is different as LA is the default.

I'm still looking for another way to "lock" my host file!

 

Seems that in my case using Host Manager, it sets my host file to read only.

That's good for tampering but not good enough for spying on it and picking up my bank's web site and ip address. I realize that is easy for people to get with large banks, BUT the point would be that finding it in my HOST file links that bank to ME!

Not good, maybe there is a way to encrypt the host file? Anybody?

There is probably some simple solution to this I just don't know what it is!

 

Hello:

Is this thread doing you guys and gals any good? I don't mind working on solutions, but nobody else (including the heavyweight experts) is helping out?

Are we really alone?

 

Hi Pete:

This is not at all about my set up the intent is as in op.

The thread has already agreed on the 8 threats :

Right now we need specific ideas/ solutions to minimize them.

eg: DNS posioning use opendns, don't use DNS at all.

exposed HOST file use tool that sets it to read only.

We are at a detail level at this stage

So I'm not ready yet to throw in the towel.