How to protect privacy when using "community" apps?

Discussion in 'other firewalls' started by bellgamin, Nov 5, 2006.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    The goal of this thread is to get advice as to HOW I can set my firewall so as to protect my personal data when I am using so-called "community-based" HIPS programs such as Cyberhawk.

    I am asking for this advice based partly upon an ongoing discussion of the "intrusiveness" of Cyberhawk over at THIS Wilders forum page, beginning at Post #113. Here are some PARTIAL quotations...
    I have been told that when I allow any application to have ANY kind of internet access, it is possible for that app to transmit personal information without my permission or knowledge. Therefore, every app which I configure for automatic update, or to automatically send info to a "community," COULD be sending out my private information.

    Yes, I trust the organizations behind the apps where I have granted such access (DrWeb, Avira AntiVir, Cyberhawk, etc), but what if they get bought by someone who is NOT on the up & up?

    QUESTIONS-

    #1a- How can I configure a firewall in order to prevent my antivirus program (for example) from changing or accessing any of my data except its own folder? #1b- Also, is a firewall the best & easiest way to obtain this kind of security?

    #2- Would it be fairly *bullet-proof protection* if I (a) centralized all my personal data into one folder, then (b) password protected that folder, and (c) encrypted it? In other words -- WILL these 3 actions (a,b,c) enable me to give a HIPS app (for example) an "open ticket" to send whatever data it wishes, but still I would not need to worry that my personal data could be compromised?
     
  2. Roger_

    Roger_ Registered Member

    Joined:
    May 7, 2006
    Posts:
    89
    Location:
    Portugal
    Here are the first ideas that crossed my mind:

    #1
    You can only use your 'firewall' features to stop processes from connecting out (like I did with CyberHawk). Once you allow any proccess to do it, you never know what data they are sending out (unless you use software for network packet inspection but even so, most data are encrypted).
    Also, it might not be any practical to stop them from accessing 'system' folders (like Windows, programs, Documents and settings), where your most concerning personal info is kept, as they need a lot of other pieces in there in order to work properly.

    #2
    As I have mentioned, the personal data you should be really corcerned about are not the ones you can put where you wish, but those kept internally by your OS and other Software.
     
  3. BILL G

    BILL G Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    80
    Location:
    MN USA
    How about AppDefend
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Are you saying that AppDefend is a community based program? Or are you saying that it could be used to block community based communications?
     
  5. BILL G

    BILL G Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    80
    Location:
    MN USA
    I use AppDefend to Moniter + Block vsmon.exe for example.
     
  6. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi guys,

    This is an issue close to my heart and I'd like to bring some of the experiences of my involvement with Prevx Home/Pro and Prevx1 to the table.

    Prevx Home/Pro was one of the first community apps. The data from it aimed at one thing - allowing us to understand the decisions that the user made when prompted with a HIPS query. We knew from the word go that some people wouldn't like the idea of a phone-home security application, so we made a few important decisions:

    1. We ensured that the data we gathered was directly related to the HIPS event that occurred and the user's action - did they allow/deny it etc. We collected nothing else. We also provided a means for the user to see that data in the application.

    2. We did our utmost to remove any personally identifyable information. e.g. if blah.exe was created in you %TEMP% folder (c:\documents and settings\ghiser1\local settings\temp\blah.exe for example) we "normalized" this data to remove the username and disk location. So it was sent to the database as %TMP%\blah.exe. We don't care what you username is, the import element of this event was that a file called blah.exe was created in a user's temporary folder.

    3. We asked an independent body to review the content of our communications with the database. In our case, we used Fred Piper's team at Royal Holloway as we hoped Fred's reputation for security expertise and independence would help greatly with it's credibility as an independent review. We also published that review.

    4. The data collected wasn't published or handed to any third-party for any reason.

    5. We used clear-text HTTP-based protocols to pass the data so that the user could see for themselves what we were sending.

    6. The Pro option allowed people to opt-out if they wished - though less than 3% of Prevx Pro users opted out of the phone-home in the end!!

    When we reviewed this data, we got a very big shock. More than 50% of the Prevx Home/Pro userbase (more than 1 million agents) were allowing HIPS events to occur that we knew were Bad and should have been denied. There was one obvious conclusion to this - the users didn't understand the questions being asked of them. We realised that traditional HIPS for the home consumer was next to useless at providing real security - hence the rewrite in the form of Prevx1.

    We realised that the user needed information to help them make decisions. We realised from the 3% of opt-outs on Prevx Pro, that the vast majority of user's didn't actually care about the phone-home element, so we decided the time was right to launch a product based entirely on that phone-home functionality - extending it to a two-way conversation.

    There have been a few compromises that we've had to make to the original data gathering in order to produce Prevx1, but they are fairly minimal and the majority of the original decisions still stand. The differences are:

    1. As the dataflow became two-way, we needed to uniquely identify each Prevx1 agent to ensure it is was correctly licensed and legitimate. This allows us to prevent license fraud and also allows us to prevent fake data being injected and data being extracted by anything other than a legitimate Prevx1 agent.

    2. We decided to publish the data gathered directly to the web to help the general public research malware; primarily in places like Spyware Files, Spyware DLLs, Virus Info and Insight. We did this to be more open about the data gathered and to allow the user to see the data we have on their processes - double click from the jail or recent program activity. It also provides a very useful resource for users who don't have Prevx1 but have malware problems; as it allows them to locate data about files that may not yet have been classified as malware by the big AV vendors. All files are published, both good and bad.

    3. We had to add an element of obfuscation to the event data transmitted and recieved to help thwart the risk of data-feed manipulation attempts that we expected to see from the malware community. At the end of the day you have to put a level of trust in the vendor that produces the app that "phone's home" and we believed that we had earned enough trust with the community at large to be able to take this step to ensure the integrity of the community database. There's no point having a community database if its at risk from data manipulation.

    In terms of what you can do to protect your privacy with community/"phone home" apps?

    Actually, IMHO, there is very little other than to only use vendors you trust or have been recommended to trust by others. There are a few tools out they that claim to protect your privacy by stopping things like your credit card numbers from being transmitted. Get real! These apps are completely bogus - IMHO. Real malware will not tarnsmit your credit card number IN THE CLEAR. They will encrypt it and obsure it to ensure it isn't detected or seen. These apps are there to give the user fake assurances and sell security suites.

    The only sensible approach is "Do I trust this program to do what it authors say it will and nothing else?" If you don't know the authors, or what the program is supposed to do, then what? One approach is to deny it internet access completely - ah now update checks don't work for it - hmm. The other approach is to research what the program does and then decide. Most people don't have time for that - so you could pass the buck to somebody else you trust to do the research for you...

    There are users that don't like phone-home at all and that's fine and we respect that view, we just can't protect them the way we would like too. But the majority of users are happy with appropriate data collection providing they see a benefit. We strongly beleive that the benefit of the protection gained from community data collection (in the malware research area at least) greatly outweighs the risk to personal privacy. I can't comment on the data gathered by products other than Prevx1, but I can assure you that at Prevx we do out utmost to ensure that personally identifyable data is not collected.

    Just my 2c.

    ghiser1
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks for ur post.
    I have two Qs.

    1- There can be ways to bypass the firewall?
    2- What if encrypt ur data on ur PC?

    Thanks.
     
  8. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Hi aigle,

    In strict security terms, the quick answers are YES your firewall can be bypassed and YES, encryption MAY help a little.

    The longer answers are:

    1. A firewall is bypassed by every legitimate application that is approved to communicate through it. This might sound like an obvious statement but it is fundamental as to why firewalls are not solid walls but holy walls - holy as in full of holes. Let's take an example of malware breaching a firewall.... Let's assume that you have your firewall locked tight to allow you email client SMTP access to one host (your ISPs email server). Nothing else is allowed to send SMTP traffic anywhere. Is it secure? No. A firewall only blocks unauthorised applications and communications at the network layer. We can perform an application layer attack against the firewall and it wont see it. If we can get a rogue DLL loaded into your email client in some way (and there's lots of ways of doing that) then that DLL could send email on your behalf to any email address it wishes. Such emails would appear to come from you, using your email client and would be sent from your email client to your ISPs email server straight through your firewall. Such a rogue DLL could easily send small emails every couple of hours (or days) to varying email addresses (anonymous remailers that eventually get the data to the same place) without placing those emails in your outbox. In this way your data could be leaked out of your system bit by bit. Unless you are actively monitoring the content of your network traffic you probably wouldn't even see it happening...

    2. Encrypting your data will help, but will not keep it secure. At some point the data has to be decrypted in order for you to access it. Once it is decrypted you are at risk from any rogue process or DLL that can get access to the display or the memory of the app that decrypted your data. Encryption only helps while data is in transit or in storage. Once you decrypt it it is accessible and can be stolen.

    There's an interesting paper written by some of my former colleagues on using Outlook/MAPI routing tables and email for covert channel data streams and remote access trojans - the so called Bunratty Attack. Note the date - 1996!! Such attacks are still possible.

    Hope this helps,

    ghiser1
     
  9. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Thanks a lot for ur explanation. So let me say that the only way is to trust the the software company itself. If u don,t trust, don,t use it.
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This would depend as to what firewall you are using, a number of firewalls now include a check on loaded dll`s/injections.
    This blanket statement is incorrect.
     
  11. ghiser1

    ghiser1 Developer

    Joined:
    Jul 8, 2004
    Posts:
    132
    Location:
    Gloucester, UK
    Despite the marketing from company's that sell such things, I would disagree that such an application can be called a firewall. IMHO a firewall can be either "on the box" or "on the network". Any "firewall" that does a job that cannot be done "on the network" and can only be done "on the box" is not a firewall in the sense that I was referring to. That is why I referred to a network-layer firewall. Any application that analyses an application is not working at the network-layer.

    We're both right but in different ways, so I'll guess we'll have to agree to disagree :D
     
  12. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    As most firewalls do this job now-a-days so I think it doesn,t matter what a firewall means in reality. Practically it is true that u can see the dll loaded into browsers etc by a capable firewall.
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I can, at the moment, only think of "coreforce",.. to set a global system policy to block access to the files/directories you want secure. Then allow the programs that require the access permission via a specific policy.
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    If data is in one folder, u can just protect it wih GesWall as well. U can infact protect more and more folders but u might get pop ups and functionality issues depending upon location of these folders. I think u might protect individual files as well but never tried it.
    BufferZone has such an option also but never tried that.
    In general I am not at all sure how well these confidential folders work while u are browsing on internet and at the same time u open such a folder to read some ot its contents.
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I thought Geswall would only protect a folder from an isolated program. You could not isolate a program this is meant to protect the system.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Oh right, just forgot this point. U are exactly correct.
    But may be some advanced rules can be made just like CoreForce but I am not sure.
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I did make a request (some time ago) to SSM to include a protected folder (from access etc.) they said it was on their "to do" list.
     
  18. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    I'm not aware any firewall which could set the access rights of the folders/files.

    Nope!



    Yes, this is the best and very safe way to do.
    But the step should be:
    a) Put all personal folder in one place --> b) Encrypt your data (you will be asked to set a password/passfile during the process)

    Encrypt any important personal data and put them all in one folder (for easy management purpose). To further improve the security, put them in a removable device (eg DVD-RAM, USB). Remove them when you don't need them. This can prevent a hacker from exploiting the vulnerabilities of your encryption software or try to crack your password of the encrypted data.

    But beware of the following:
    - when you decrypt your data, it is possible for the hacker to access and so steal the data.
    - encryption is as secure as the weakest link. The encryption method itself (not the software) is next to impossible to crack (it would take more than thousands or billions of years to brute-force the encryption) (unless the developer of that encryption method has implemented a backdoor behind). To steal your encrypted data, a hacker may need to either exploit the weaknesses of your encryption software or steal your password.
    - please create a strong password. Unlike what most people think, it is a misconception that only complex password is strong. No, definitely not. Length is much more important than complexity. Create a fairly simple but long (eg 15-20 character long) is much better than a complex but short password (eg 8 character long but uses all sorts of random letters/numbers/symbols). If you wish to know the details, please ask.
    - as far as encryption goes, don't go for any proprietary encryption methods. Go for any established public encryption methods. Some of them have undergone years of peer reviews and so are extremely safe to use.
    - beware that it is possible that encrypted data may get corrupted (eg power cutoff when data is being encrypted), so you may wish to make backups too.

    Here's another concern when you try to put all personal data in one folder, that is it makes it very easy for a hacker to spot all your personal/important data. However if you take proper care of your computer and the encrypted data, it makes the hacker much much harder to steal them (even if it can spot your personal data easily).

    And the limitations of this approach:
    - there are still personal data stored in your "documents and settings". "program files", "windows" folders etc.
    - you may not even know where to protect these personal data
    - and you cannot move the data to another place, or you will encounter some problems or break some of the functionality

    In this regard, you can try to set the access rights of the folders in Windows XP Pro, or use any software which can set access rights of each folder. However since HIPS mostly install itself in the kernel level, I wonder if there is any point to do so.

    Hope this helps.
     
  19. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I got to agree.

    Seems very strange to use a *security* app that you don't trust to do what it says.

    Or are you guys thinking of a situation where you install 5-10 security apps you don't trust, but expect each one to watch the other? :)

    Personally, when I install and keep a HIPS or someother security program on my system, I will trust it fully, what is the point otherwise?

    The security program is supposed to help make you feel more secure, not create more worries about whether it is doing something behind your back.
     
  20. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    I totally agree.
     
  21. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,887
    Location:
    Stockholm Sweden
    :thumb: ...well said.
    Yes we all know what "layered" security is but sometimes it is drawn to the extreme :D
     
  22. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I think you have both missed one of the main points of the original post:
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Well! Hypotheses can never end. Its, easier to work in reality.
     
  24. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    This to me is a possiblility, we have seen products pass over to other vendors,.. maybe the user of the product may have a personal problem with the new vendor,...... such an hypothetical question (which is certainly possible), is still a question.

    Should we simply discard this question/possibility?
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,164
    Location:
    UK / Pakistan
    Well atleast until it doesn,t happen!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.