Containing untrustable anonymity software

No the goal is not just that.

If the malware uses exploits to take over the VM, the firewall in the linux VM is hopeless because it can be reconfigured. That is why I am separating the firewall in another VM and not bothering with firewalls in the (assumed rooted at worst) ultrasurf VM.

A vectorlinux lite workstation currently. Might switch to another linux if you know anything better. Current one does full X and wine (needed for ultrasurf) with 64 mb of memory.

The VM holding the malware is currently using a non-persistent virtual disk drive so simply powering it off removes everything if needed (or it could be a liveCD in the future). But the idea is not to kill the beast but keep it running in a cage where it can't do DOS attacks to anyone but its daddy (the ultrasurf server). Why keep the beast alive? To milk it. The milk is the anonymity service.

 

There seems to be 2 versions of ultra surf on the web.
The one version is 1.1mb in size Ultra Surf 10.16 downloadable from their website and then there is the 500kb version downloadable from all the freeware sites around the net.

Like this one

http://www.snapfiles.com/get/ultrasurf.html

Version 9.99 <--- It seems to be stuck on that version for a long time. Malwarebytes flag it as a trojan.

But the original ultra surf don't get flagged. Think somebody doobed everyone by sneaking it on the sites under the impression its the real ultra surf version

Ver 10.16 uploaded to Comodo Instant malware Analysis
http://camas.comodo.com/cgi-bin/sub...8afeaaf582f59a0e5fadee607ff048f371b6654237fc4

here is 9.99 analysys
http://camas.comodo.com/cgi-bin/sub...1c909493ea15e544d5f5a9693cab144c673dd6f1cd20d

 

You've completely missed the point of a goal from the standpoint of security from your statement above.

So the questions are;

1. You're running a malware infected box?
2. Why aren't you cleaning out the box and starting from scratch and if it's that bad formatting and starting over?
3. Real security is not about dealing with an infected system like you're going about it, it's about cleaning it out and preventing it from ever happening, not keeping an infected system and trying to work with it...

So either I'm missing the point here and you're saying things that aren't correct, but the real GOAL here is to not get infected and if you are, the next real GOAL is to clean out by whatever means are needed and moving on from there, not sitting around with malware problems tying to contain them...

You contain only to the point of preventing further spread, but you certainly don't keep it contained by trying to run with a solution that is only about containment and nothing else.

What are you trying to tell us that you sit around with infected machines at work and home and you just CONTAIN the problem and still use your system?

Also if Ultrasurf is a problem, then I really don't get why you are even bothering with it. You're acting like it's the only free service out there...

If the malware uses exploits to take over the VM, there aren't going to be any problems if you know what you're doing so it's not hopeless.

The only thing that's stupid is getting to this point in the first place, which should of never occurred...

You're putting the horse before the cart here, it's not what it's all about, you're thinking and approach are all backwards, if you are into security. Dump it all and move on...

By the way Spooony you saying using Sesawe app good?

 

DasFox you are yet another one who has obviously not read anything, every single thing you say has been answered. So no more repetitions to tire you. Just this:

No malware, no fast anonymity.

 

Alright, maybe ultrasurf is innocent then. Can't be sure though. And certainly can't be sure with other free services like this.

Would appreciate some input on this: If you were a bad guy designing malware, how would you break out of this containing scheme of mine? In order to steal my private data kept in the host, or do DOS attacks to American sites?

 

10.6 in BSA heres the log

I notice the smaller version also linked to their site. Maybe they cleaned it up after Steves thread

 

Yes I have been reading and this was your reply before;

Now I will apologize if you are not running malware and have taken care of that, but I did not read anywhere after this that you did this...

So are you running a malware infected box?

Maybe your other reply;

No malware, no fast anonymity, means no malware on the box anymore?


THANKS

 

I do not know whether I am running malware. I am running ultrasurf. There is no alternative that can be trusted and is free of charge. You either get fast anonymity with ultrasurf or similar suspect malware, or no fast anonymity.

If fast anonymity is not important for one, they can either forget anonymity, or stick with slow TOR which is also extremely untrustable at the exit-nodes.

If fast anonymity for free is important for one, a virtual prison for the suspect malware can be built and evaluated (evaluation comments greatly appreciated here).

 

What version are you using? I'm using version 10.6. If you look up the proxies it uses it proxies of A1 Proxy and so on.

 

anyone know if hotspot shield is evil?

Has about 5 or 6 exe's that want to connect to the net, and it puts gigantic flash ads on your desktop which cover whatever program you're using, with no acknowledgement that it's even responsible for the ads.

I bet it's scanning my computer for CC numbers too. Does anyone know of Hotspot Shield evil?

 

What is Sesawe? Its a organization but its not the Free internet Consortium to which Ultra Surf belongs. Sesawe ones have their own Sesawe versions eg Your-freedom Sesawe version. Tor Sesawe package. Do not link Ultra Surf with Sesawe. Unless you can sow me the Sesawe Ultrasurf version

 

Theres no new real test to prove anything is evil. Only tests on outdated version which seemed to stray from its intended path. Thx to guys like Steve it looks like its on the right track again

 

Does anyone have any experience with ProXPN? I was thinking about trying out their free service to get a feel for VPN's, and decide down the road if I wanted to invest in a paid version or not. I heard from a source I trusted that it was reputable.

Another one I was looking at was VPN Reactor. I elected against this one because it seems to have caps on browsing time, as well as speed.

I don't want to put something on my computer that would actually harm my privacy, when my aim is the exact opposite. Now this thread has me reconsidering trialing ProXPN.

 

you mean connectivity service. Why dont you use tor? For browsing its fast enough. To download you dont need to hide your ip

 

I notice a considerable slowdown when using proxies. When you combine every browsing session over a years span, I believe the time saved with the speed of a VPN can add up to a significant chunk. I guess individual results vary, but it didn't seem "fast enough" to me.

I use Ixquick as my search engine, and use it's proxy sometimes, but many sites are broken when you use it. And it's useless if you ever want to sign into a site, and/or allow scripts on the page. And let's face it, those are the situations where you especially want the privacy. So i don't find much use for it. But I do like Ixquick as a whole.

 

You said;

'I am running malware that does dos attacks to others and I am trying to prevent this'

Now you say you don't know, so what made you think in the first place that you are, because I did not read anything about how you made this determination that you are now taking back...

The title of your post even says containing untrustable, so how you know it's unstrustable?

I just skimmed over the post again and I don't see any evidence of any tests you've done to conclude anything...

 

I use Tor and Ultrasurf. What browser are you using?

 

No the OP was referring to the older ultrasurf which is flag as malware and the evidence steve provided. That was with the older version which is a year old almost. The latest version is not flagged and seems to behave itself. Maybe steve can test this version for us as well to clear up the confusion

 

Ok my bad....

Thanks

 

I'm using Firefox 3.6.18 right now. This was a couple years ago when I used Tor, and I may have been using IE at that time. Can't recall. Perhaps I was and it plays better with FF? Perhaps Tor has improved since then? Both?

I notice that all these free VPN services have pretty constraining caps on speed, so I'm not sure how useful it would be to me as a sample considering the increase in speed is my main reason to choose it over a proxy. As much as I browse all that saved time could add up, and I'd be willing to pay $90/year (the cost of StrongVPN's "Lite" package) to get that chunk of my life back.

Maybe I'll get it for myself as a Christmas present this year

You have been very helpful Spooony, not just in this thread but in others. It is much appreciated. I'm not very knowledgeable on this subject.

 

Why not Firefox 3.6.19?

 

When I search for updates it says there are none available. I saw a post saying that .19 was out... but it's not showing it to me.