Everyone Wants to 'Own' Your PC

Discussion in 'privacy general' started by ronjor, May 4, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Story
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    From that article:

    "Antivirus: You might have expected your antivirus software to detect Sony's rootkit. After all, that's why you bought it. But initially, the security programs sold by Symantec and others did not detect it, because Sony had asked them not to. You might have thought that the software you bought was working for you, but you would have been wrong." (Emphasis mine - Pete)

    I wasn't really aware of that fact - if it is a "fact".

    I'd be quite upset if my anti-virus (NOD32) had taken hush-money (for surely the A/V vendors didn't quash the detection out of the goodness of their hearts) and a dive on the detection.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Good point. That would be an interesting question to post on Bruce Schneier's blog.
     
  4. herbalist

    herbalist Guest

    The only way to be sure that such undesirables are detected is to use security software that doesn't rely on definitions or reference files. While your AV or anti-spyware may choose not to alert to these, apps like System Safety Monitor and Process Guard will. The downside is that you have to know your system and the software you use. Only permit the items you know, and allow them the interprocess activity that is absolutely necessary for them to function properly and no more. When used with a good rule based firewall and web filtering, you can keep all that "big brother-ware" out, providing you don't get Vista.
    Rick

    As for AVs or anti-spyware apps deliberately not detecting such items, would you expect them to admit it if it was true? That would be like asking them to alert to a government keylogger.
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    I couldn't agree more. We'll never know the truth. It does, however, seem very fishy that nobody in those "AV" companies ever noticed (and if they honestly never noticed, it's still somewhat depressing).
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This sensible approach has been written about for several years now, but doesn't seem to invoke much discussion.

    Host Threat Prevention: a New Weapon in the War against Desktop Threats

    "Traditional approaches to PC security-anti-virus software and personal firewalls-only partially address security threats in the form of malicious executables that are becoming more frequent and more sophisticated."

    Also:

    An Ounce of Prevention

    "‘Default-deny’ is an old principle that has deep security roots, relating not only to applications but to user policies."




    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited by a moderator: May 14, 2006
  7. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Rmus

    Re: An Ounce of Prevention link i get a, HTTP 400 - Bad Request Internet Explorer ?

    I agree 'default-deny' and 'white-listing' are a very good extra solution which really does work. I have been running Winsonar for several years, with excellent results, and it's free too. It never fails to instantly block all unknown executables !

    The Apps that Securewave market do seem impressive

    ________________________

    http://www.securewave.com/request_form.jsp?id=32856&metadataId=32856


    StevieO
     
    Last edited by a moderator: May 14, 2006
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I've heard good things about Winsonar - Chris #### uses it, if I remember.

    I thought it was a process monitor. Can you post a screenshot showing blocking of an unknown executable?
     
  9. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    Rmus

    You can choose WinSonar to, kill all unknown processes while connected, online, and/or offline too. If you try to run an unknown process whilst WinSonar is in either mode, then it kills it in milliseconds.

    If you are offline and havn't selected the kill mode, when you first launch something new, then you will an alert like this instead

    http://img339.imageshack.us/img339/8922/wsalert7fi.png

    You can select to include it in the whitelist or reject it, or ignore it for now. But you will get a new alert every time you try to run it again.

    http://img468.imageshack.us/img468/2037/ws7zl.png

    As well as the above it has a very good selection of tools built in, including a port scanner which can always be on alert if you choose. Here's some of the options etc

    http://img468.imageshack.us/img468/7516/wsoptions7ek.png

    Homepage of the free program http://digilander.libero.it/zancart/winsonar.html


    StevieO
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Thanks, StevieO for the informative post and screen shots!

    I noticed this statement in the Security Absurdity article ronjor linked in another thread:

    Winsonar is a product worth checking out.
     
Loading...
Thread Status:
Not open for further replies.