After reading a hacker's blog,I feel it's so hard to be safe.

It's not people like me are hilarious but those hackers and virus writers.They always try to do something impossible.Why do they waste their time?

 

What makes you think it's impossible? As fast as computer technology advances, I wouldn't call anything impossible. Ten years ago, if someone would have claimed that they could control hundreds of thousands of other peoples PCs without their knowledge, then use their combined power to launch attacks that could take anyone offline, people would have said it's impossible. As for why, malware is big money and greed is a powerful motivator. Many things are difficult to accomplish. They're called impossible when someone isn't motivated enough.

Regarding:

"Where would one encounter these threats?"

All the usual places, plus a few methods that are more recent. The recent vulnerabilities found in the DNS system has the potential to be a security nightmare. As best as I understand it, the vulnerability is its design. The "fix" that's been applied is nothing more than a quick fix. The design problem remains. If DNS is exploitable and browsers can be directed to sites that are not the ones the user wanted to go to, how can any site be considered trustworthy if the system that's supposed to take you there isn't?

We're also seeing more instances of legitimate sites being compromised. Look at the Bank of India incident last year. I'd bet that some of their customers have an altered opinion of "trusted sites."

IMO, the entire concept of trusted sites needs to be re-evaluated, now. Obviously, there are not "evil threats lurking around the corners of every website we visit". The internet itself has been proven to be vulnerable, as are the sites we visit and choose to trust. IMO, the internet itself and everywhere it takes you has to be regarded as potentially malicious. No, we won't be getting attacked by every site we visit or trust. We won't be getting attacked daily, or weekly, or monthly. There's no way we can know where or when we'll encounter a malicious site, or a compromised legitimate one, just as we have no way of knowing what method of exploit that site will use or what it will try to infect us with. That doesn't mean we have to worry about every page we visit, every link, media file, etc. "Potentially malicious" can be dealt with by limiting trust. Forget trusted zones and trusted sites. Make all of the internet a restricted zone. The majority of attacks use some form of active content. Block active content by rule, then allow it as needed on a one time basis only when it's something that you want or need to see, not because the webmaster or adserver wants you to see it.

In one respect, we've been very fortunate. How many times has someone found a new way to exploit PCs, software, the web itself, etc, then wasted it? Anyone remember Slammer, the first Warhol worm? Slammer infected 90% of all vulnerable machines within 10 minutes, but carried no real payload! How much worse could it have been if that worms writer had added a payload like an AV killer and released a new rootkit right behind it? The day will come that someone finds a new zero day exploit, then uses it to deliver a brand new type of malware. There will be hell to pay. A new DNS exploit combined with phishing websites would make some criminal hacker very rich. A new method of exploiting the servers for websites combined with some new malware would do the same. When the criminal element stops wasting new exploits, using them to deliver old or known payloads, look out.

 

Hi no1 particular,
You don't see my point when I said "impossible".Someone just want to believe their PCs are impossible to get hacked since they have so many well tuned HIPS and paid antivirus plus SD,SB,DF or whatever.
This thread makes many people here unhappy.They need to have their hands on the wheel.

 

I took this to mean that the hackers and virus writers were wasting their time. You'll get no argument from me on your last statement. The completely secure PC or security package doesn't exist. My security policy is based on 3 assumptions.

1. All software can be hacked or exploited.
2. The software that handles internet and external content will eventually be exploited.
3. Users make bad decisions.

Even if the perfect security package did exist, as soon as it's under the control of a person, it would no longer be perfect.

 

which is why it is good to know that threats are no where near as serious as some would argue. There is no doubt that threats exist and that they can do harm but the idea that we all need fantastic levels of security is misguided.

 

Hi everyone,

Long View: I am 100% agree with you.
I do not smoke, do not drink, not going on bad sites, do not click anywhere.
It is the human factor, which is a determining factor.
Look to my signature.

PROROOTECT

 

the problem is that when security is feeble more and more layers are added and then the desire to test the limits of this so called impregnable cyber castle sets in ....if nothing untoward happens more risky and hazardous challenges are thrown at the poor setup....and forlornly if it fails the set up is again up set and the odyssey for the proverbial fort knox is again begun.......how do i know well i am one of the journeymen.................

 

Thathagat, longview

Although I enjoyed the journey, I am now only using ThreatFire free and XP Pro power user plus some additional SRP rules.

And what when I get busted with malware? I fallback to an older image.

And what when files get infected/corrupted? I recover data from my external (off line) harddisk

And what when this all fails? **** happens, accept it as a fact of life, but it is important to realise that it is not realistic and healthy to let a 0,00001% chance influence your life for 99,99999% of the time. Do the maths and you will accept that the security saga is in fact a journey to learn your own limitation of having control on your virtual world and dealing with it, like in real life.

Zen and the art of fixing security set ups

Cheers Kees

 

or even if something non-malware related corrupts my system, I simply love my image software for the easy and seamless recovery

another wise security measure overlooked by probably too many.

 

What is the url?

can some one please pm me the link or repost it?

 

The malware itself is serious. I wouldn't want to be the one who had to find and remove some of it. Fortunately for us, the ones who write that malware and the ones who look for software and OS vulnerabilities to exploit don't appear to work together very often. Someone finds a new browser exploit, then uses it to distribute a common mass mailing worm, which exposes the new exploit and results in its being patched. We are fortunate that they don't plan ahead more and work together.

The last time I thought I knew what you meant, I was wrong, so this time I'll ask. Can I assume that "fantastic levels of security" refers to large quantities of overlapping security apps? I remember when I took that road. I had 2 firewalls, 3 AVs, many anti-spyware and anti-trojan apps, multiple layers of integrity checking, and several other apps I can't remember right now. Lately I see too many users running multiple HIPS, firewalls, and behavior blockers, and calling it layered security. With some of the setups I've seen posted here, I think their strategy is to use up all the disk space, memory, and processor cycles so that there's nothing left to run the malware! Layered security is not a big pile of security apps. I've never understood the logic of running more than one HIPS, unless you don't trust one of them. Those I'd ask why they use it at all if they don't trust it. If something is so flawed or misconfigured that a single HIPS can be defeated, a second one is just an inconvenience to an attacker.

The biggest problem I see with most of these setups is that the OS, user software, and security apps aren't configured to work together. The user hasn't planned out their strategy, aka developed a security policy. It might take a bit more time and study to put together a good security policy, but it's worth it. Stacking up multiple security apps, adding this one, replacing that one, then trying to make them all get along takes time too. My base security package is 3 apps, a firewall, HIPS, and a web content filter. Everything is configured to work together. There's no way I'll claim that my security package and policy is 100% secure, but it has been good enough to keep my system clean for over 3 years with multiple users. I'm not a safe user. I go anywhere I want. I use P2P for both media and software. I collect malware, attack phishing sites, test exploits, etc. I have full system backups in case my defenses aren't good enough, but I've never had to use them. Sure, I could build up my defenses even more. Thought about making my present OS a virtual system and running it on a stripped down, locked down host system. In theory it would be more secure. In the real world, it would be slower, heavier, more complicated, and would require faster hardware in order to get what I already have. Why bother?

 

either that or a ballistic missile defense system

LOL! well said.

second that, and why even bother running a HIPS if it can't be trusted to serve without help from another HIPS?

and nothing at all wrong with this setup, especially if you run it on a reduced account, even if it's a softened power user account, something I do and I see kees does as well.

imo the pinnacle of a sound security setup.

 

sir..........they need the protection................

 

Noone particular the BEST of the BEST:
'With some of the setups I've seen posted here, I think their strategy is to use up all the disk space, memory, and processor cycles so that there's nothing left to run the malware!'
- I think the same thing!

 

I have never actually suffered from a virus or malware but if I did I would not try to remove it I would simply restore a known good image.

 

On my own system, that would be my choice as well. I was thinking of a service call for a PC I haven't worked on before, where a good system restore isn't available, and neither is an install CD. There's been a few times that fighting the malware was more hassle than it was worth, but there were no other legal options besides buying a windows CD and starting over.

I also run a hardware firewall, an old PC converted to Smoothwall. Best way I know to recycle an old PC, even ones too slow to run Win98 decently. I do also run a software firewall, Kerio 2.1.5. Controlling internet access for each application and process individually is something I consider central to my security policy, default-deny. Very few apps and system components are allowed internet access. Besides, Kerio is so light you wouldn't know it's there if it wasn't for the tray icon.

SSM always runs with the UI disconnected. No user prompts means no bad user decisions. I don't have to worry about what someone else might install because the installer can't run and the browser doesn't have permission to launch much of anything.

Instead of FF, I use SeaMonkey, aka the old Mozilla Suite. It connects through Proxomitron only (thanks to Kerio and its excellent control over local\loopback connections). If malicious code did manage to successfully attack Proxomitron and kill it, most apps will lose internet access, including the browser. A configured failsafe. Proxomitron serves as ad-blocker, script blocker, user agent and referrer modifier, remote proxy switcher, whitelister of site permisions, etc. IMO, it's one of the best apps ever written, of any kind. Too bad that the author died and didn't reveal the source code. The filters are a blend of the default, JD-list, Sidki, and other custom filters and permission lists.

SeaMonkey has several extensions installed that help out too, FlashBlock, Show-IP, User Agent Switcher, Switch Proxy (used with other proxy utilities and TOR), Media Player Connectivity, JSView, all very useful. The browser cache and temp locations are located on a virtual drive from which nothing is allowed to execute, courtesy of system configuration and SSM rules. If I expect problems from sites I'm going to visit, I'll take an Inctrl5 snapshot before I start and another when I'm done. If anything gets changed, I'll know it.

During normal usage, it's easy to forget that there is a security policy in place and being enforced. An Internet Explorer user may notice changes in web pages they know, the lack of banner ads, flash not running, embedded media not playing etc. Most of the time, that's not an inconvenience, but an improvement to the site being viewed.

 

Alex_S - sorry if I confused you . I was the one who wrote the things you seem to disagree with not noone_particular.

2 points - I was simply saying that if I ever did have any malware I would not feel confortable with removing it. Iwould prefer to turn the clock back a few days or weeks.

secondly I wasn't saying that a hardware firewall was the thing which protected me - rather that a hardware firewall, Firefox and Shadow defender are the only things that others might consider as security.

Running something new is something I do almsot every day. Perhaps not running just any old program from the gutter helps keep me safe. My view which I will repeat is that people make too much fuss about security software.
I run up to 7 machines on a regular basis and have done so for years. I might just be lucky

Just curious - how often are you attacked ? when was the last time ? how did you get attacked ? did you go out of your way to get attacked or could this have hapened to a "safe" surfer ?

 

I'm having a hard time determining to whom the different questions and comments are directed in the last several posts.

What is this referring to?

Who are these directed to?

 

Nothing personal

I just opposed the idea HW firewall adds much to security or can replace other "traditional" security tools. It seems recently HW firewalls value is overestimated a bit.

It can be said I'm attacked every day by malicious emails. I can't remember that I was successfuly attacked by web means other than downloading something which then appeared to be not it declares to. It can be also said that I'm attacked by different "probes" when I connect Internet, but I do not regard those attacks as having any potential danger. As long as I'm developer and my system is filled with lot of commercial and NDA things my main concern is leakproof. And here I cannot wait for the attacks to decide either I should be protected or not, I just must be ready all the time. I also often plug my laptop to different networks, and this is why I need good s/w firewall.

 

My own take is that their role is underestimated if anything. All unsolicited net based attacks as rejected with no performance impact on the user PC. This is a fairly significant chunk of potential threats. After all, this is precisely the route followed for virtually all those examples out there of machines becoming infected within x minutes of being placed on a broadband connection.

Many of us never see this anymore - it's handled by server side protection managed by the ISP.

This will invariably remain the route of choice for some time - a user initiated series of events started either by deliberate navigation to an infected site, redirection to an infected site, or launch of a malicious program.

That is quite true of most of those probes, they're benign.

Good advice for anyone regarding a software firewall, particularly for a mobile system.

Blue

 

I just have a feeling that there would be malwares in the future that attack us like the old CIH ever did,and shock most of us.
Maybe because I'm too pessimistic.

 

If that feeling reflects an appreciation and general awareness of what's possible and general points that one should be aware of, then it's a healthy perspective. On the other hand, if it reflects an anxiety over pure hypotheticals that have not been realized in practice and which violate some very basic constraints of reality, it's more of an unhealthy paranoia. I see both extremes floating around out there.

Blue

 

I mean an ordinary virus can't bring me down while if there comes a top attack all over the world one day which I think will probably happen,by then I will definitely be one of the victims.
BTW,(maybe it's offtopic)I also think mankind will ruin themselves like those Hollywood movies.
I myself can't tell if I'm sick.

 

Control of internet access for individual applications is the domain of the software firewall. A firewall has to be installed on an OS in order to be aware of the applications running on it. Except for the fact that both filter inbound traffic, hardware and software firewalls can't really be compared. Hardware firewalls are superior when it comes to inbound protection. They're separate from the OS and are not influenced by anything that attacks via Windows, like malware that kills security software. When outbound control and data leakage are important, a software firewall is a necessity. That's why I use both.

Exactly!