Dogmas r Unconventional beliefs

Discussion in 'other security issues & news' started by Devil's Advocate, Mar 3, 2006.

Thread Status:
Not open for further replies.
  1. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Here in Wilders we have a wide range of opinions on pretty much everything. People disagree about anything and everything. Is KAV better than NOD32? Is heuristics more important than signatures? Is Online Armor better than Appdefend?

    Nevertheless, it is not unusual for certain opinions to become dominant and become close to universally believed with maybe a few holdouts. In time, they become unspoken assumptions or even dogma!

    Here's examples of beliefs that I suspect is pretty dominant in these forums. Some of the beliefs might even be true of course.

    1. "You need several security layers to protect yourself".

    This usually is accompanied by.

    2. "Hence Antivirus (or signature based approaches) alone are not enough."

    This in turn is normally paired with the 3rd belief

    3. "HIPS are necessary"

    Of course this belief itself is not without its distractors, but the fact is I notice that practically every new member who comes into this forum starts talking and asking about HIPS, there is seldom even a discussion if it is necessary (compare to discussions about whether you need antitrojans) so this appears to be a widely held belief.

    The interesting thing is that you seldom see a post that says outright by itself that HIPS are necessary (with one notable exception which i will explain later) , more commonly you get that impression by

    1) Seeing people 'rag' on antiviruses and the problems with how it misses things ( for some reason the antivirus sub forums tend to stress this less...) . The obvious implication is that antiviruses are not very good or not enough.

    Certain security vendors of HIPS products are 'expert' in this with oneliners that imply that antiviruses are not fool proof, which is true... But neither are HIPS products!

    2) Seeing people talk about nothing but online armor, PG, Appdefend , Winpatrol, Starguard, Safe n sec, SSM, etc etc - Obviously it's necessary right? Why else would people talk about it?

    Still I believe that these assumptions should be examined , and it is precisely in cases where people start doubting the effectiveness of HIPS, that people try to justify HIPS and we get some chance of having the truth emerge

    Here is Mrvonic, doubting the effectivness of HIPS, which later draws a response.


    Are there any more of such beliefs that you think are held almost universally by members of this forum that you disagree with or suspect might be wrong? If so which are they?

    Here are some candiates

    1. Beating leak tests are of primary importance in firewalls.

    Not as universally held as the HIPS one, but popular enough that when you mention a new firewall, the first question most people ask is how it performs on leak tests.

    2. Antiviruses are necessary.

    This is a unique one. Some like Erikalbert would deny this is true because they have totally lost faith in antiviruses but puts his belief in something else.
    Some others however would say antiviruses are not necessary at all if you know what you are doing.

    3. Payware is better than freeware.


    4. You need at least 4-5 pieces of security software running active (no cheating with suites, which are equally heavy anyway) to be reasonable secure.

    5. You need a personal firewall for outbound control even if you have inbound covered.

    6. Opera , Firefox is more secure than IE, OR Opera is most secure because it has the least unpatched holes in Secunia.
     
  2. controler

    controler Guest

    Nicely done DA;)

    I would not say payware is better than freeware unless it is security related.
    Otherwise I use alot of freeware.
    Can you name one security software which might be better than paid?

    Con
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,

    Well I'm going to answer the questions proposed.

    1. Beating leak tests are of primary importance in firewalls.

    I disagree. The most important thing about firewall is the ability to smoothly handle traffic in and out. To defeat a firewall from within, one must download malware and execute it - two critical steps. At the same level with as many clicks, you can right-click and disable your firewall.

    Firewalls need to be able to handle multiple ports, multiple connections at a port, and coexist peacefully with other software / services.

    Firewall is at it implies - a wall. It's designed to stop jumpers - not people who wanna drill through it.


    2. Antiviruses are necessary.

    Maybe. It depends on the user. I find anti-virii more important for checking stuff from people you trust rather than people you don't. Things you don't trust - you don't open. Now, you get a movie or a pic from a friend, here you might check if he did not accidentally send you crap. But to protect against threats - no. To protect against friends, yes.

    3. Payware is better than freeware.

    No. You get what you pay - both ways, for good and bad. Some software is simply excellent for 0 money and excels beyond payware. And some payware is better than freeware.

    A few examples of freeware that is better than counterpart payware - Open Office, Firefox.

    4. You need at least 4-5 pieces of security software running active (no cheating with suites, which are equally heavy anyway) to be reasonable secure.

    No. You need ONE brain that holds no fear of computers, and then reasons out steps needed to deal with situations. I will repeat again and again. Computers are dumb machines. No matter how great the damage, you can always format and start again. Always. Even if it burns down to a puddle, you can buy a new one. Computers are replaceable.

    You feel secure once you know that if you get 'hacked' you can easily solve the problem - unplug the internet line ... And then proceed.

    Quantity of security suites has no meaning. You download a game. You download a crack. You damn wanna run it. So you ignore 20 prompts and go for it.

    HOWEVER ...

    This is a free world, everyone can use whatever they want. Feeling secure is important. We need it. But ... feeling secure is NOT secure. Secure is when you know for sure that the threats do not pose a risk to you. That you can solve them.

    Disclaimer - this does not concern hobbyist, who LIKE to run multiple softwares and / or test them.

    5. You need a personal firewall for outbound control even if you have inbound covered.

    A matter of preference and needs. It's the question of how much in control you like to be.

    6. Opera, Firefox is more secure than IE, OR Opera is most secure because it has the least unpatched holes in Secunia.

    Opera / Firefox are safer than IE (especially out of the box), because they are not an integral part of the OS. IE flaws can propagate to the entire system, which is less true for the other two.

    Firefox is a convenient little thingy with extensions that can make it neat and sweet. Open source and 500$ reward for each hole found offered publicly gives a lesser chance of great damage. Bugs are patched quickly.

    Opera is close-source but it is a stable mature platform. The matter of taste really.

    However, the number of bugs found means little. Bugs found and patched and how quickly means a lot. Discovering problems is natural. But that does not make something better or worse. Let's say FF had 40 minor vulnerabilities discovered. How do you pit them against 1 critical IE vulnerability?

    BIG DISCLAIMER Please don't send me wild flowers. I'm not a guru. This is a personal opinion only. I believe in education and fear removal rather than prevention and spyware removal.

    Or as it is said: Give a man a fish and he'll eat it with chips and white wine.
    Give a man a rod, and he'll beat you over the head for disturbing his fishing.

    Cheers,
    Mrk
     
  4. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Hi DA good topic Boss !

    1. Beating leak tests are of primary importance in firewalls.

    Not primary importance, but if certain FW's prove themselves against all or most of those tests, then i'd rather have one of those any day than one that was more leaky. Yesterdays POC's could quite easily be tomorrows, or even todays actualities.

    2. Antiviruses are necessary.

    It depends on many factors including - are you stupid and surf to dodgy/unsafe sites, and/or click on things that you are unsure of, and or DL stuff from unknown/untrusted sites. Even if you do none of those and you for eg accepted a nice pic from aunty flo in your email, or some mp3/video/pic/scr etc that your friend said was the bomb and you just gotta have it, and because you trust them you DL it and run it, and bang there's your bomb alright as it's a nasty ! Well then you sure do need AV etc. Of course people shouldn't indulge in unsafe practices, but they do and will continue to do so. Especially if there are kids/teenagers etc using the PC. Try and stop them DL all that stuff and file sharing etc etc !

    Most of us on here probably don't need ANY AV/AT/AS/AR etc. I know that if i didn't experiment by going to some of those sites to test my defences, and sometimes trying out new Apps etc, i would have never encountered even one mild case of Anything. As it is my all my defencive Apps and hardening etc have held up against everything i've thrown at my PC.

    3. Payware is better than freeware.

    It can be, and so can the opposite be, and often is. It all depends on the App, and someones personnal experiences and opinion, short of any conclusive indepth tests by a reliable trustworthy person.

    4. You need at least 4-5 pieces of security software running active (no cheating with suites, which are equally heavy anyway) to be reasonable secure.

    Why 4-5, why not 1-3 or even more, and what constitutes heavy ? I bet most people on here have got a faster PC and more RAM than i have, and i don't feel over burdened of bogged down, otherwise i'd do something about it. But as i touched on above, i'm sure i could survive without ALL of my Apps actually, apart from my FW, if i didn't like to experiment. The thing i keep in mind though is, what if. Who knows how the next wave of threats are going to gain ground, and through what vectors/holes/bugs etc. The malware coders are getting more smarter week by week, and it's easier than ever before for people to get hold of code and to be able to manipulate it etc. Not only that bit increasingly to make it stealthy too ! So as i don't trust them one bit, it's better to be as safe as possible rather than take unneeded risks. Especially as we don't have to, and most of what i've done has cost nothing but some of my time, and most of my security Apps are Freeware.

    5. You need a personal firewall for outbound control even if you have inbound covered.

    If you don't dabble and don't surf unsafely etc as noted above, then yes you probably could live without outbound. But that's based on having NO future unknown avenues of attack that could infiltrate a PC and then go walkies out. So i'd rather have than have not.

    6. Opera, Firefox is more secure than IE, OR Opera is most secure because it has the least unpatched holes in Secunia.

    No way Hosay. Who can possibly predict about any future holes to be found in ANY browser. And you can make IE way safe if you want to, i know i have and don't use anything else. And i experiment a lot by visiting unsafe sites and it hasn't failed even once.

    .

    Nothing wrong with HIPS/IDS etc as such i don't think, if you feel you need it and can justify it, then go right ahead. All i would say is, monitor how may times it has ever stopped anything untoward from actually occurring. Even if it hasn't, it may well do at some point in the future, who knows. Again if it's not bogging you down and/or driving you crazy with alerts, then what's the problem.

    Sure it's possible to be and get paranoid if we allow ourselves be, and indeed there are real threats and big nasties out there, But hey, just keep safe as you can and make regular backups, and if the worst happens just do a full wipe and reformat etc. I've always felt better afterwards anyway, and at least you know that you're 100% clean.


    StevieO
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,
    One more thing I wanted to say:
    Despite what we believe or not, we need to try to give a poster with a question or problem the ability to decide for themselves. If we say - use this anti-virus, it's the best - we in fact limit that person's ability to learn and analyze things for themselves.
    We need to offer them an array of choices, and let them choose what they find best suited for their needs.
    Ultimately, it comes down to personal preferences or taste. Someone says avg is better than avast; another say just the opposite. Who's right? Neither. It's all personal opinion and experience based on 1,000 factors. But when someone asks what anti-virus to use - we need to tell them there are both avast and avg.
    This is a security forum, but the posts are projections of our selves, not the softwares.
    What we can all objectively do is try to educate ourselves into the scope of dangers and remedies available and deeper meanings of what each represents.
    I think the principal question coming before anti-virus and firewall ones should be:

    What is computer to you?
    Are you afraid of the computer?
    Do you fear you will be hacked?
    Do you know how hacking happens?
    Why do you think you need xxx software?
    Why do you think you're infected?
    What are your computer needs?
    What risks are you willing to take / suffer?

    Cheers,
    Mrk
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    No, you can't. If there is a vulnerability, you can't fix it, you can just try to avoid encountering the exploit. Pure and simple. You can avoid visiting "unsafe" web sites, and you can use block lists, and you can turn active scripting off. But you can't make a software secure against an exploit if you don't patch the exploitable code yourself, and with IE (as well as a lot of other software), you just can't. An exploitable software is an exploitable software, and without the chance to fix it, you can't make any more "secure"; you can just try turning off default functions and try to avoid encountering exploits.
     
    Last edited: Mar 3, 2006
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    You would make a wonderful candidate for a Dogmas :eek: ;)
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, there's no debate about the fact that you can't fix a vulnerability if you don't patch the code. That's not a dogma, it's just common sense. Yes, you can maybe AVOID using the part of the program that uses the vulnerable code (not always possible, though).
     
  9. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Common sense is understanding there are individuals that have a different view than you when it comes to securing IE but given your past spillage on this topic it does add humor do my rather dull evening :D

    For now I'll simply grab a bag of peanuts and join the gallery.
     
  10. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Frankly, I don't even know what you're talking about here. But it's good that you laugh, hey, I've only been a professional programmer for 8 years and I regularly do pen tests on web applications so I definitely don't know what I'm talking about, right?
     
    Last edited: Mar 3, 2006
  11. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    TNT

    I have no wish or desire to fall out with you or anybody over anything, especially peoples preferences etc or not over a browser ! Maybe you over read what i actually said.

    My original words were "And you can make IE way safe if you want to" as you quoted.

    I was referring to making it safer and much more secure than as it comes in default mode. I have proved time and time again, how as safe as it can be up to this present moment in time, by all the visits i have made and do make to infected sites on purpose to test as i mentioned earlier. If i did not have MS patches in place and secured IE in the ways i have, i would have been blasted with all sorts of crap. The fact that i have further measures in place to deal with them is besides the point of my original words. Those IE tightening up procedures i have done do make all the difference to blocking lots of nasty attacks.

    Are there still potential holes/bugs etc in IE waiting to be exploited ? I don't doubt it, just the same as there must be in ALL browsers. Who knows how many and when they will come ! It would be pointless to speculate on which ones might fare worst, as that's anybodys guess. All we can do is close as many avenues of attack as we know how. If IE had let me down even once doing all those exploit tests, i would reconsider doing them, and also maybe think about changing over to something else instead.

    You said "If there is a vulnerability, you can't fix it"

    Obviously i agree with that, and i wouldn't know how to as i'm not a coder anyway. Nor would i know how to properly do Pen Tests either unlike you. We are all vulnerable in some way/s to unpatched holes/bugs etc in whatever software we have. But the whole point of my above staement was that, people can make IE way safer. Dodging any vulnerabilities, zero day etc, wasn't included in that naturally !

    Regards


    StevieO
     
  12. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I have no doubt that there are unknown (and possibly, known, but not to the vendor) holes in other browsers, too. In fact, I'm not saying other browsers are 'safe'. However, IE has a story of bad holes, some of which stayed unfixed for some time, and this a little uncomforting. Yes, security holes are in every software (at least the ones with some complexity), but not every software is born 'equal': some vendors and developers took time to fix holes and regarded security as a priority, some didn't, and the latter category for years included Microsoft. This is an approach they recently tried to change, and hopefully they will continue this way.

    Are other "alternative browsers" developers security-aware? Who knows. It doesn't seem their approach to security is really strict, actually. On the other hand, however, pieces of complex software with a very strict (security-wise) approach do exist (qmail, the OpenBSD OS). It's a little bit unfair to say "every software has vulnerabilities"; while true, some are result of bugs that slipped through in a carefully though design and after a careful code and testing analysis, others are because the priorities by the developer company did NOT inlcude security.
     
  13. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    TNT

    You didn't mention anything about my questioning your first response to my "And you can make IE way safe if you want to" to which you said "No, you can't"

    Do you still think this can't can be done if people choose to and know how ? Please remember i was not talking about vulnerabilities etc, only making it more secure from default.


    StevieO
     
  14. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    You can make a software more secure than its default, but (a) you need to turn off some functions, and this can prove to be insufficient if the software has some serious flaws in its main components (IE has had some), and (b) you might have to use some additional software or blocklist, but that is not really "making it secure", it's just providing an external layer of protection.

    With these steps you can make IE safer to use, yes.
     
  15. crackman

    crackman Registered Member

    Joined:
    Jul 6, 2005
    Posts:
    24
    Location:
    Southern California
    I don't post frequently here or anywhere very often, but this discussion draws me and my humble opinion into the mix. Being one who uses IE with confidence, I am surprised by the comment, "If there is a vulnerability, you can't fix it, you can just try to avoid encountering the exploit." Friend, that is true of any software. How does this comment draw a distinction, except by implication, between IE and, say, Firefox? The latter may have a history of quick patches, but it certainly isn't bulletproof. Last summer's long list of vulnerabilities, as published in a single Secunia weekly report, is testimony to that.

    "Exploitable software"? If you are aware of a true IE exploit that will hijack a fully-patched IE6/SP2 user with default security settings and without user assistance, then kindly use what Microsoft calls responsible notification to alert them to the vulnerability. Sure, there are a few outstanding bugs in IE (and in Firefox), but none of a critical nature at this time. One can "diss" antivirus as being "unnecessary", but my (paid) provider (McAfee) has been quick to provide detection for such high-profile exploits as the recent WMF vulnerability. As I have a life and don't spend it glued to my computer screen, I don't have time to follow every detail regarding the browser wars, but IE operating under a fully-patched XP/SP2 is quite secure these days. Both script kiddies and unscrupulous professionals are always looking for exploits, and occasionally finding them – not only for IE but for any other browser and any other application that will bring them hijack booty. As Firefox becomes a bigger factor, it will become a bigger target.

    One must understand another aspect of IE. For better or worse, IE's target customer base spans the spectrum from the home user to the corporate giants. The latter often find the more vulnerable aspects of IE to be useful (e.g., silent downloads of ActiveX – sometimes unsigned – for corporate deployment of software, installation of desktop items, scritping the WebBrowser control, etc). Virtually all of this is usually done on a corporate Intranet behind a thick firewall. Only a small subset of IE's capabilities should be available to the home user, and in fact the default IE settings generally (though not invariably) serve to limit IE effectively. These are easily altered to make for even safer browsing, as noted by StevieO. This writer is neither a friend nor a foe of Microsoft, but I am impressed with the fact that they are able to produce such a huge piece of software that more or less "works" in a variety of environments, with such a plethora of options, and with such a mix of added software packages. Two years ago, I bemoaned the fact that they paid too little attention to security, but all that has changed; they seem to be quick to patch vulnerabilities – especially after the high-profile exploits around 2003 and 2004. Certainly, they may not patch as quickly as Firefox, but do understand that each fix must be verified to work for a gigantic customer base. Patches are not always so simple as finding an overlooked 'gets()'.

    Cast my vote with StevieO. IE isn't perfect, but it's perfectly OK when properly configured and properly patched (same for any software).

    CrackMan
     
  16. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    All this sounds very reasonable, but I notice that people who say this, often don't mention what other factors they are looking for in a firewall.

    I suspect if pressed they would say something like " No 1 is pass Shieldsups! test. " But every firewall passes that elementary test , and since they have no other citeria, by default passing leak test IS the primary thing they look out for!

    4-5 is a figure based on observation and on looking at some of the polls conducted here. Personally my guess is the polls are an underestimate (because the way the polls are phrased makes some people afraid of looking paranoid if they post too many) , most people are running more.

    Let me explain the point about security suites. We all instinctly understand that the more security apps we use , the more resources they use and the less we have for other tasks. Ideally, we should run the optimal amount and no more.

    In many polls, people are asked questions such as "How many applications do you need minimum to feel safe". The intent of the question of course is to get a feel of the load your security applications put on the system. How many you use is just a rough guage of this.

    Interestingly , People often intend to evade the question by saying well "In that case I choose to use some super security suite. So I use only one." This types of answers are not productive I think.

    Actually even the surf unsafely part is overrated. I have used a vmware machine with a barebox windows xp sp2 + firefox (both fully patched), javascript off and no protections otherwise gone to the 'dark parts' of the net, nothing happened.

    I suspect i can probably surivive even with JS on, but in many sites, it's simply too irriating with JS on, if you know what i mean.

    Of course, the download and install programs part is much more dangerous ;)
     
  17. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    LOL, given the healthy debate over IE and firefox, in hindsight this isn't a dogma that is universally believed. But it is a dogma that some people learn..

    funny, I thought i would be given heat over other statements, but you guys chose to fixate on this one.

    I don't know which side is near to the truth, is IE fundmentally less safe? I have read all the arguments, but for me I think it stems down to mainly one factor. "Is IE anymore dangerous because it is 'wired' (whatever that means) to Windows? "

    I don't pretend to know how to judge on that one. The people who i respect to know about such issues don't agree.

    From my own know-nothing point of view, firefox does seems to be more tightly configured out of the box and maybe *slightly* better designed than IE in terms of restriction to dangerous activities, but a lot of it stems similarly from firefox being the new kid on the block hence they are designed initally better to avoid mistakes shown by IE in the past.

    Particularly the way they restrict firefox extension installs (whitelisting by default, timer to prevent flash instant downloads plus some other reason i forgot, only display onclick etc) I think owes a lot to IE's (mis)handling of ActiveX controls.

    The experienced they gained watching how attackers tried to subvert IE with regards to ActiveX installation dialog boxes, help them ensure that firefox extensions prompts were not subject to the same problem.

    Of course by now IE SP2 is nearly level in this area. There are some other differences I believe with javascript, such that certain file accesses are just not possible with firefox but are possible in IE (configurable of course) but nothing major.

    One firefox support meme that we use to have is to say that firefox is more secure by default, because we completely disallowed dangerous activities, as opposed to allowing them if they were in a suitably previlaged position (IE's trusted zone).

    The argument goes that historically, a lot of IE problems stemed from attackers finding ways to bypass this zonal system ( exploiting mycomputer zone for example) and given the way the system works, it's not that hard for bypasses to occur which is dangerous of course.

    In theory it is much better is simply avoid the functionality in the first place so if the attacker wants to do that ommited functionality it's not simply available by switching a bit :)

    I used to believe this, but to my knowledge, this isn't really a factor since firefox and IE can do pretty much the same things. And the most dangerous thing firefox can do - install extensions is easily as dangerous as activex.

    Any way, I don't care who is right, as long as people debate these issues, there is a better chance the truth will come to light. It is the unspoken assumptions , the blindspots that are the real dangers.
     
  18. Ailric

    Ailric Guest

    .....AND NOW BACK TO THE TOPIC

    1. "You need several security layers to protect yourself".
    - Not necessarily but this will improve your chances of not getting infected.

    2. "Hence Antivirus (or signature based approaches) alone are not enough."
    - I think an antivirus like Kaspersky can be enough.

    3. "HIPS are necessary"
    - Not really but it's nice to know if something is adding itself to your startup. I find other programs like Process Guard to be a pain in the &%^!

    1. Beating leak tests are of primary importance in firewalls.
    - No. Controlling traffic is of primary importance in firewalls.

    2. Antiviruses are necessary.
    - YES! So are erasers, seatbelts and airbags. If you never make a mistake, then no.
    How would you know if you had an infection without an antivirus?

    3. Payware is better than freeware.
    - For most security programs, yes payware is better.

    4. You need at least 4-5 pieces of security software running active (no cheating with suites, which are equally heavy anyway) to be reasonable secure.
    - No.

    5. You need a personal firewall for outbound control even if you have inbound covered.
    - No.

    6. Opera , Firefox is more secure than IE, OR Opera is most secure because it has the least unpatched holes in Secunia.
    - Probably true.

    MY TAKE ON COMPUTER SECURITY

    Methods of malware infestation and prevention

    NOTE: I don't claim to be an expert. Most of the solutions listed below are free and good common sense.

    1. Email
    This was the most commom form of infestation but is easy to spot and block.
    Solution:
    -Block out attachments that could be a virus (Outlook Express has this option under Security)
    -Use an email service that scans for malware
    -Don't open any unknown attachments

    2. P2P - Kazaa, Grokster, etc.
    Many files on P2P networks are fake or loaded with malware. Bevare!
    Solution:
    -Don't use these programs -> they are getting to be a waste of time
    -If you do, scan every file you download with at least 2 AV's (on-demand backup like BitDefender Free)
    -Use Limewire (instead of the two mentioned-contains no malware)

    3. Internet Explorer
    One of the biggest problems with IE is ActiveX. By default it won't install an applet by itself but an uniformed computer user might just click OK to install malware.
    Solution:
    -Use Microsoft Antispyware, SpywareBlaster and Spybot Search and Destroy
    -Use an alternative browser instead (Opera, Firefox)
    - (Advanced) Uninstall Microsoft virtual machine and use Sun Java (search Google for how to do this)

    4. Worms
    Worms can send themselves to your computer (usually through an IRC port) without you doing anything wrong.
    Solution:
    -Use a firewall (even just Windows firewall included with WindowsXP)
    -Make sure your WindowsXP is updated with Service Pack 2

    5. Trojans
    Fun little "extras" you didn't know came with your program.
    Solution:
    -Make sure you know what you have downloaded (read the EULA)
    -Check to see if the program has been listed as containing malware (Google search)
    -Download from reputable sites (Download.com, Snapfiles, MajorGeeks)
    -Monitor what installs at startup using a program like Winpatrol - (Free)

    6. Dialers
    Mainly from nudie sites. These dial foreign countries instead of using your connection software. Can cost you thousands of dollars... Bevare!
    Solution:
    -Don't go to nudie sites
    -Don't install anything from a nudie site!!!
    -Use Microsoft Antispyware, Adaware, SpywareBlaster and Spybot Search and Destroy - all free!

    -----------------------------------------------------------------------------------------------
    Security Programs

    1. Antivirus
    Every computer should have a competent, up to date antivirus running at all times on their computer.
    My recommendations:
    1. NOD32 - (Shareware)
    2. Kaspersky Antivirus - (Shareware - wait till version 6 is finished)
    Free
    1. Avast - best for newer computers
    2. AVG - best for older computers
    NOTE: Norton is a very competent antivirus, however I have noted on many systems that it appeared to be running fine but was already compromised by a virus. This program is such a drag on computer resources and so easy to bypass that I DO NOT RECOMMEND IT for most users. NOD32 is a far better alternative.

    2. Antispyware
    There are numerous free antispyware programs that are quite good. Spyware is more common than viruses these days.
    My recommendations:
    1. Webroot Spysweeper - (Shareware)
    2. Microsoft Antispyware - (Free)
    3. Ewido AntiMalware - (Free on-demand)
    Other freebies:
    -Spywareblaster - A MUST HAVE FOR INTERNET EXPLORER USERS!
    -Spybot Search and Destroy - A MUST HAVE FOR INTERNET EXPLORER USERS!
    -Adaware

    3. Firewalls
    These block unwanted inbound internet traffic. Some also let you decide outbound internet traffic. These are necessary to block infiltration from network worms.
    My recommendations:
    1. Windows Firewall - (WindowsXP only)
    2. ZoneAlarm Free

    4. Browsers
    These alternatives will prevent most spyware from ever getting on your computer.
    My recommendations:
    1. Firefox - best for newer computers
    2. Opera - best for older computers

    5. Ads
    These are annoying an can sometimes be invasive.
    My recommendations:
    1. Admuncher - (Shareware)
    2. Firefox with Adblock extension - (Free)

    6. Parental Control
    I haven't had extensive experience in this catagory but is really needed for young children.
    1. Cybersitter - (Shareware)
    2. IProtectYou - (Free version still available)
    3. Naomi - (Free)
     
  19. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Another list of new ones to chew on

    1. "Spyware and adware will start targetting firefox in the near future "

    - predicted by a lot of experts and eagerly posted here.

    2. "The internet is getting increasinly dangerous and the security situation is worsing year after year. With malware makers getting better and better, and the malware getting stealther In a year's time, we will all need to struggle a lot harder to stay safe, probably expect to use a lot more security software to stay safe next year".

    -Often expressed on this forum after a link is made to an article by an expert forcasting some trend.


    3. "In the near future, it would take either a lot of knowledge and/or a lot of security precautions/apps to stay safe".

    -often expressed also as "At this rate, The masses have no chance of surivival as it is even the informed are struggling to keep up"

    4. "It never hurts to have more protection". Also often leads to the Anti-KISS rule, "more is better".

    -Often used to justify people running overlapping setups.
    E.g I run both PG and appdefend, because appdefend doesn't do Secure message handling, but appdefend handles certain permissions better and also uses SHA512 instead of md5.
     
  20. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    Nice topic DA! I'll answer the questions :)

    I'm obviously going to be considered a little biased here :D But, I would say that several functions are necessary to protect yourself. Whether these are included in a single app, or in multiple apps is not overly important. A new piece of Malaware may sneak past [antivirus] - conversely a user with HIPS may easily allow a bad program to run. So, if you (or your software) has multiple chances to note something is wrong, this could be a good thing -
    depending on your level of knowledge.

    The problem with foolproof apps is that nature keeps inventing better fools - hope this oneliner meets the standard ;) More seriously, there are not really any foolproof solutions (or combinations thereof) out there at the moment.

    Let's call current HIPS "first generation" HIPS. My view on something such as this is that it gives you the chance to notice something is wrong - be this OA, appdefend, PG, whatever. The first generation HIPS at least will alert the user that something happens. How the user reacts to this is of course, a bit of a lottery. The challenge is to create the "next generation" which will reduce or even elimimate popups for non-technical users without crippling machines.


    Only for marketing purposes. The primary function of a firewall is to filter inbound or outbound data. Obviously, if application-level firewalls can't be fooled this is a Good Thing. But other "chances" such as Antivirus, HIPS, Common Sense (still in beta) should be a part of the solution to let firewall bypassing malware run. Still, I'd say it is important that such facilities are present.

    For the average user, I would say yes - simply put , Antivirus will tell you "this is bad" and clean it up.

    I've run good and bad of both.

    Everybody has different needs. I'd say you need something that covers areas of importance depending on your expertise or setup - for me - hardware firewall, and a certain HIPS. Maybe an AV when the boy uses the computer. For people who are less comfortable with computers - an AV (to identify badness); Perhaps some kind of web proxy (to filter stuff out) and an Antispyware app to get rid of things they accidentally allow. Software firewall - meh.. not so sure. Personally, I prefer the hardware solution (or, a separate box like IPCOP) but again, they can be useful for some users.


    See above. I don't think this is a universal truth.

    Unpatched holes in Secunia is not necessarily an indicator of overall security. FF more secure than IE --- it's a common wisdom, but I wonder how true it would be if FF supported BHO's and ActiveX objects :)

    My 2c. Flame away boys!
     
  21. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Mike Nash speaking up for HIPS? What a shocker! :)

    Seriously, thanks for your input, as you might have guessed I was expecting
    a firestorm on the HIP topic (hence it was first), but instead people focused on the old firefox/IE thing!

    I think i usually have a pretty good feel on what people think in the forum, but seriously the responses so far make me think I have goofed on the HIP thing.

    Maybe people who like HIPS dont read my threads.

    I'm actually talking about comments, where people say Something like "How many people think they are clean because their antiviruses find nothing?"

    In my mind the obvious retort is, How many Wilders member think they are clean because they click yes to everything their HIPS throws up or configures it wrongly?"

    Interestingly enough, I also have used the term "first generation HIP" in the past . And I expressed almost exactly the same sentiments as you did above. But it seems to me you are all but conceding the point that HIPS are not necessary *now* because it's a lottery? :)

    As for the rest of your comments, you basically answered the way everyone else did so far.

    Which abode ills for my thread lol...

    i believe almost everyone believes X, but it turns out everyone believes Y... Sigh... Since i think Y is much more accurate, this whole thread is moot lol.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,696
    Hello,
    Well some more input from me:

    1. "Spyware and adware will start targetting firefox in the near future "

    Not necessarily. As long as Windows is the dominant OS and most people have difficulty even turning their pcs on, IE will be the leading browser. Still, even if the tide turns, FF will not be targeted so much, because the benefit of targeting FF will be much smaller than doing that with IE. The community will respond with fast, rigorous patches, it will be exhausting for malware writers trying to fight that war. So much easier writing an IE exploit - these take about 2-3 months to be answered and usually only a small part of the IE community answers the call to update. Firefox community releases patches to vulnerabilities in less than a week, and in less than a month, most machines are patched.

    I can take my workplace as an example - 40-50 engineers, physicists, all educated people - only 2-3 know what Firefox is. Most of them rely on the IT guy to "give" them patches, as if he's the holy grail of update. Even computer science and software engineers, most of them are totally ignorant beyond their specific code. As a part of the general policy for laptops issued to people in the company, blackice intrusion system is installed. I checked most laptops, out of curiosity, in 90% of cases, the software was stopped, not even doing what it was supposed to do. And these people take them home and surf freely, without firewall, they don't even know what firewall is. It takes the IT guy to update their anti-virus or do windows updates. And even the IT guys get confused when I mention some of the softwares we debate here on Wilders.

    And this group of engineers and scientists is by far a much more refined group of people than most humans oout there. Imagine your super-average guy out there. The huge middle class of PC users will stick to the very limited mantra of IE, OE, anti-virus as any protection if at all (Norton) - never update it, and what the hell is Windows updates.

    It's a magic cycle. We read those nice articles that advise people to:
    Keep your ... up to date, do not ...
    But to listen to this advice, someone needs to read it first, and understand it. How many average people do you think know what a forum is, let alone a security forum...

    Malware writers know this. So they know, out of 100 PCs, 90 use IE, out of 90 about 87 know precisely nothing about PCs, they release a vulnerability, Microsoft releases a patch a month later, 6 months later, the forums still advise people to update, update, you read about vulnerabilities based on that exploit, and urging people to update, update, and out of 90 IE users, 6 have patched the Windows, only because accidentally the updates were turned on, and another does it because a friend told him.

    If you use Firefox - you already know what Windows update is, you know the difference, you know the alternative, you have made a huge leap from the common, you will update when needed, you will listen to advice and read in the right places ... you are not the target they seek. You are disciplined and boring.

    There might be some idealistic malware writers out there who might try to target FF, but for any decent coder, who wants to do his job quickly and efficiently, it's so much more convenient to write a piece of code for IE, and then go play pool with the mates.

    2. "The internet is getting increasinly dangerous and the security situation is worsing year after year. With malware makers getting better and better, and the malware getting stealther In a year's time, we will all need to struggle a lot harder to stay safe, probably expect to use a lot more security software to stay safe next year".

    I feel no change in Internet trends since 99. It's nice to spread panic.

    3. "In the near future, it would take either a lot of knowledge and/or a lot of security precautions/apps to stay safe".

    Same as above.

    4. "It never hurts to have more protection". Also often leads to the Anti-KISS rule, "more is better".

    It hurts. It hurts the pocket. It never hurts to have more education should be the slogan.

    Mrk
     
  23. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I like HIPS and I read your threads with interest. I wasn't sure what you wanted from this thread: a discussion of the assumptions behind the perceived dogmas or our own list of universally held beliefs that we disagreed with.

    I've had a couple of tussles with you over AVs and HIPS and learned from them. With computers there seems to be a lot of different ways to achieve similar results. I guess the ultimate aim of an AV or HIPS is the same, to keep your computer clean. They will both do the job to a certain degree. They just do it in different ways. For me, the HIPS approach is conceptually more satisfying.

    Overall, I don't think a claim for the necessity of any product class is really justified. You can always use a different product class or method to achieve your goal.

    I'm not sure if you have goofed or not. What I did notice though was the tone of your initial post. You have a great knack of stirring peoples emotions and tempting them into a heated debate. This time you weren't as blunt and sarcastic as you can sometimes appear to be. Perhaps that is why you didn't get the response you anticipated.
     
  24. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Passing the Shieldsups test with full ( stealth ) i think is a good thing, and i get 100%. Not only that but i've done all port scans on various sites and passed too. The reason being is that if someone has the Netbios ports open and 445 and 5000 just for eg, then they are open to all sorts of potential attacks. So closing every single unneeded port makes sense, not only that, but if baddies can't see you because you are stealthed, then there's less chance of getting port attacks clogging up your bandwith etc.

    I want a FW that blocks everything possible, both in and out, and asks me for permission to go out, when i choose to. Running lightest is secondary to me, security is No 1 in whatever App i run, within budget of course, as none of us have the NSA's etc bank account ! But even some of them get infiltrated, so we're doing better than them lol.

    I don't think that ALL firewalls do or will pass the Shieldsups test actually !

    I agree some people might feel they will be frowned on etc by running X amount of Apps, i never have bothered if others think whatever they do. This is my PC not theirs, so we all do whatever we feel is best, rightly or wrongly. But i have a nd do learn from what others say and suggest, and am not afraid to try new things and experiment if i think i may benefit in some way's. Doesn't always work out of course, as a very recent try out with a new App i posted about shows. But if we don't make the effort we'll never know for sure on our PC's.

    Haha, well i havn't got vmware etc, i just have everything locked down as much as i know how, and just risk it ! But it's turned out that all the measures i've put in place do in fact work, well up till now anyway lol.

    "How many people think they are clean because their antiviruses find nothing?" Well exactly and not just AV's either, how longs a piece of string ? I think most of us might be aware that something was up though, err hopefully ! But your ave Jo's bless em, well generally the're screwed.

    As to your latest Q's In many ways i would have to say yes to all 4. The ONLY things that can stop all nasties happening in the first place is, informed users and an OS/Browser/Apps with no holes/bugs etc. The informed user is down to each of us, bit most people out there Never will be i'm afraid and that's a simple truth. The other stuff is out of our hands so we have to rely on the vendors to pull their fingers out more often and more quickly !

    What do you mean, goofed ? If you thought you already knew all our answers beforehand, then why start ANY thread !


    StevieO
     
  25. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    No, not at all. If I believed that, I would not be writing one :)

    Of course, I can admit there are weaknesses or limitations of them too, because I don't yet have an enormous PR department that scripts everything I say :))

    Let's talk about the "Program Blocker" found in many HIPS in a Generic sense rather than specifically in my product.

    The objective of this module is to let the users know that a program wants to start, and to give control of the computer back to the user. The theory is that if the user receives a warning, they can make a decision to allow the program to run (or not).

    The logic here is that due to limitations in Antivirus implementation, an Antivirus will not make a peep if it thinks the program is not evil.

    Unfortunately, the assumption made by the user is basically "If the AV doesn't squeak, the program must be good". In a simplistic view of things, there are at least 3 status a program could have:

    • Good - we know this is safe
    • Bad - We know you'd be daft to run this
    • Unknown - we have no idea whatsoever

    Taking my favorite example - the nice email screensaver thing I got many moons ago. Mum double clicks on the screensaver. If it gets past the AV , that's it - her PC is infected, things scheduled to start, whatever just happened happened. And she knows nothing about it.

    Now, with a HIPS - she'll start to get a variety of popups as each component tries to execute. Will she know for a fact that this is bad ? Well, in some cases, probably not. But, does she have a chance to know? Sure! And, if you start to blend in other features (which I won't do now, lest this post get too long) you can make (or the user can make) more intelligent decisions.

    This is the challenge - to improve upon it - reduce not needed popups so that when they do happen, thats an inidicator in itself that something is amiss.

    If you like,I'd be happy to continue this via PM - can't take the comments too much further without going into specifics.
     
Thread Status:
Not open for further replies.