Getting infected

I like your suggestions. I have been studying things like Deepfreeze. I am not sure if I will purchase it however. I don't think I will be purchasing a whole lot more security software in the next year or so until after I see what IE 7.0 and Longhorn looks like. Security wise, from the llittle I read, most of the things that I am concerned about might become a moot point and there might be no need for extra software to defend against many of the things people are concerned about now because it might already be built into the Longhorn OS.....have to see how things turn out.....I might not like Longhorn but then again, I might....have to see.

As for Deepfreeze, as far as I know there are no exploits against it but I have run across websites where hackers are actively working to develop a exploit against it.....so who knows...maybe tomorrow....maybe a year from now some deepfreeze user could go around thinking he is 100% safe and run across a zero day exploit that could blow up the Deepfreeze is 100% safe theory.

Me....I have no 100% solutions but look at solutions that can get me as near to there as possible....that is why Deepfreeze has interested me. My biggest concern with Deepfreeze is that I change things on my computer a lot....a whole lot and it might tend to be a hassle for me interacting with the program.....so I wait to see what Longhorn and IE 7.0 brings........



Starrob

 

Hi Starrob,

I too looked at DeepFreeze, and came to this conclusion:

1) It cannot be considered protective. Rather, and easy way to clean a machine and keep it clean.

2) Since there are possibilities for intra-day infection, a user would still need to have security software installed, if there is any need for security software. In some climates this may not be necessary. For example, in schools and libraries, one can pre-suppose that no confidential transactions are taking place. So there is no possibility of breech of confidentially. Under these circumstances, it is merely necessary to "rollback" the machine to a clean state each day. This works very well. (However, the assumption here may be entirely wrong, much to the surprise of a user who is indeed doing private transactions on a public system).

3) DeepFreeze's rollback will also clear any trail of an intra-day infection. This has a fairly risky downside. If a user, by chance, is infected during the day (let's say a keylogger), and has information stolen, then the user will probably never realize this - and there will be no way to ever verify. It is analagous to cleaning out the video tape of a security camera each day. All evidence of an infection is lost. In this fashion, the user never has a clue that his/her privacy has been compromised. In a more typical situation, a user, upon learning of a privacy breach, may decide to change passwords or account information so that all accounts are secured. In the above example, the user would never get a warning to perform such actions.

Therefore, I concluded that DeepFreeze has value, but in my case probably no more value than my image copy, so I decided not to purchase it. However, I do feel it is a very good solution under the right circumstances - e.g. a closed environment with few system updates. I think the company has itself done a good job of determining its target market.

Rich

 

Did anyone mention port scans?

They are going on at all times over the internet.

I on the other hand do think programs like Deepfreeze, Shadowuser are good for home users along with some other software such as a good firewall, AT, AV & a program such as PG, regrun & SSM.
Not saying you need all of them installed at the same time.
Another good one would be to use a drive Image program. I used to Beta for
Drive Image & Ghost.
I find reformating is best in my case along with what I allready own. In my case I don't install a ton of security apps for my protection but rather my curiousity & trying to help the developers when I can.

controler

 

Three people coming to different conclusions, based on what the individual needs are.

This is why it's normally not constructive make a blanket statement, "here's what you need." Rather, showing how and why you concluded that what you are suggesting works for you.

I suggested in another forum, adopt a beginner (or one who will start over and wants to learn good computing habits) - develop your own system of teaching the basics of computing and computing security. Help them set up the security that will meet their needs. If all they do is check email and write letters, they won't need much. (Yes, I know some who don't surf!)

It's a very rewarding endeavor.

-rich
________________
~~Be ALERT!!! ~~

 

Hi Rmus,

As for myself, what I find most useful are the rationales that people use in making a particular security decision. Since the permutations of possibilities are quite numerous, it is useful to know how someone arrived at a particularl decision.

For example, when several forum members explained why they were personally not concerned about Buffer Overflow vulnerabilities on their personal computer, it made lots of sense to me, and I took a similar perspective.

A more rigorous approach to understanding security would be very useful, but as things stand, the PC world is more "network oriented" (no beginning or end) vs. a more hierarchical world, and therefore it is more difficult to find a reasonable "path". But I think a person can sort things out for himself/herself overtime, if they understand the individual vulnerabilities and approaches to securing oneself against these vulnerabilities. In this respect, your essay on AntiX was very useful to many of us forum members. Thanks for taking the time to inform us of your perspective.

Rich

 

I aggree Rich and that is what I have been doing for years.
I don't fix as many computers as I used to But I always run into people that think they know it all about computers. Must be the new generation LOL
Before XP & the newer computers came out, I wrote a nice step by step procedure for partitioning & reformating your hard drive. Even my 7 year old son could follow it at the time. Now all you do is put the Install Cd in and reboot.
You always get those that say oh dear, I have so much on my computer I can't redo it, but really, what do they have that can't be backed to a simple device such as a USB flash drive & if they have a ton of music or movies, they SHOULD be storing that on a seperate HD anyway. Not many people understand how full of crap windows gets even without installing alot of software. For the common user I do aggree, keep it simple. I dought many wilders members keep it simple though. If so, it would be the minority.

For me, my computer knowledge dates back to the late 70's. My electronics dates back to the time when they taught putting a o scope on the I/O lines to troubleshoot physical problems.
Now days things are so cheap, why bother.
It is always fun to reflect back from the early days of computers & the internet.
Not many also remember when a basic computer was the size of a garrage.
The younger generation can't even immagine doing math in school without a calc.
Thsi doesn't mean I live in the dino age but rather have kept up all along and in some cases tried to stay ahead of the game.
Ya, I am old LOL

You can be typing away with a wireless keyboard and if they wanted to, they could pick up all the strokes typed from a block away, encryption not helping. So ya it can all get too deep & paranoid at times if you let it.
I just have fun testing and trying to help in what little ways I can.


controler

 

I just read this article: http://www.eweek.com/article2/0,1759,1826269,00.asp

It appears that Microsoft might be getting the message concerning security. If they are actually able to implement things such as "Low-rights IE" correctly then I am unsure how much added value that a lot of the security software that is on the market today will have.

I am interested to see Longhorn & IE 7.0. If the advantages outweigh the disadvantages then I will be sure to upgrade...

I am not sure if there is much of a need for for a dedicated AS or AT or other malware solutions if they are able to implement the things that are talked about in that article. If they get it right, the threats from malware will go way down...

Here is a quote from the article:



"We are using the same Longhorn security infrastructure to limit IE to just enough privileges to browse the Web but not enough to modify user files or settings by default," Franco said.

Even if an attacker attempts to exploit an IE flaw, the code won't have enough privileges to install software, copy files to start-up folder, or hijack the browser home page or search provider settings, he added.

He said the primary goal of low-rights in IE 7.0 is to "restrict the impact of a security vulnerability while maintaining compatibility."




If a "low-rights IE" is done right, the threats from something like a rootkit goes way down (because the user will have to go through the extra step of granting the rootkit administrative rights)....as well as threats from from things like CWS, IST and lots of other malware. What are the AV, AT, AS companies to do then?

I think there will most likely always be a place for AV's or malware detectors but I have a feeling that the industry will probably consolidate with many of the weaker players fading away under Microsoft's increased emphasis on security.

What are other people's thoughts on this...both positive and negative?



Starrob

 

This is the same effect as running under a limited user account, and exactly the same as using DropMyRights (see the first page in my sig, towards the bottom) It can help tremendously, but it's not a cure-all. For the most part it will mean that the malware writers will just have to try harder and use more exploits. I already use my internet software this way (eMule already even has this built in)

 

Do you also use PIVX or some other system hardening? I am interested in what people think of PIVX.



Starrob

 

Yes and yes I'm currently using PreEmpt beta, which is the sucessor to Qwik-Fix (currently the same fixes, different UI and internals.) I'm pretty happy with Pivx' products, but I've got kind of a hot/cold relationship with their support staff. Nevertheless, Qwik-Fix has been great, works 100% transparently and supports some options that others do not, including protection for 3rd party, and IE hardening that doesn't break anything, and fixes for buffer overflow vulnerabilities. PreEmpt has some alerts for when certain exploits are tried as well.

I also use Computer Security Tool (http://www.getdata.com/) which I have been doing beta testing for since before v1 and will be helping with IE hardening (I'm excited about that ) This one does some of the more basic stuff that none of the others cover, and will be doing some very cool stuff in the future.

After that I ususally use WWDC and HardenIt. Those particular 4 I favor for maximum compatibility with just about everything, but going all free isn't bad either (especially if you don't use IE.) Sometimes I use SafeXP as well, but mainly because I like it's interface. After HardenIt these freebies only offer one or two options that the paid ones do not.. that's set to change, and it should be noted that the paid ones offer a bunch of options that the free ones do not.

I've actually taken some very high risk users and added AV/FW and hardened their system (some with just Qwik-Fix, others with a few free tools) with great results. In my experience, if you add nothing more than hardening to the standard AV/FW setup, you'll be way ahead of the game.

 

It does mean you don't know if they work

You know of a couple zero day exploits to test with?

If there's no difference between a common sense approach and one with tons of security software in terms of being vulernable to a zero day, the choice any rational person would make is simple (except for security hobbyists)