Hardening Forum?

Discussion in 'General Topics' started by Ice_Czar, Dec 22, 2006.

Thread Status:
Not open for further replies.
  1. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    It would be nice to have a forum that was dedicated to hardening operating systems. Since these are techniques and best practices separate form any third party software.

    for example
    Object Security Auditing in w2k\XP\W2K3


    right now useful native security tweaks are spread hither and yon throughout the forums and you come across them then forget where they are.
    I know technically it would be under other security issues, but as its own subforum you could easily assemble a nice repository for a variety of OS's

    just an idea ;)
     
    Last edited: Dec 22, 2006
  2. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Interesting idea. If we are talking about forum reorganization I have the following recommendation.

    I kind of like what they did with the forums in 2006, particularly consolidation of various forums, including anti-malware software forum was a great idea , used to be HIPS posts could be found in 3 different forums...

    I do think that the anti-trojan forum should be renamed to anti-spyware and anti-trojan forum.

    After all there are fewer and fewer products that call themselves anti-trojan. Over here we basically talk about Boclean and A2 squared. Heck even Ewido calls themselves antispyware these days.

    As it stands now most posts about antispyware (spysweeper, superantispyware,Counterspy) are made to the anti-malware software forum, which seems a bit out of place (even if antispyware have some hip like features) as it seems to be HIPS central now.


    I think given that the anti-trojan forum is so underutilitzed , you might as well get more out of it, by making it the antispyware forum as well.
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Thanks for the suggestions, gents.

    In case and when we feel the need to reorganize this board in any way, we will do so and take suggestions made into account.

    regards,

    paul
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    You forgot Trojan Hunter. Kind of a big one to forget plus Gavin updates it.

    I see no reason to rename the anti-trojan forum.
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    There's never been a clear distinction between trojans and spyware (and the differences are getting smaller) so anything that scans for one could generally suffice for the other. Viruses on the other hand did have specific characteristics (replicating by infecting files) but are now quite rare compared to worms and trojans.

    As such, I'd suggest that having anti virus/trojan/spyware application discussions separated no longer serves a useful purpose. Having one general forum covering all signature-based security solutions instead would be better since many of the issues (effectiveness against encryption/obfuscation, file vs memory scanning) are common to all groups.

    Non-signature based security software (process firewalls and monitors, "HIPS", etc) would justify a separate forum since the issues covered would be different, centering more on legitimate versus malware behaviour.
     
  6. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I would agree that makes sense conceptually speaking.

    But my impression is that the AV industry (and the forum here seems to host quite a few vets from there) seems to have its own brand and culture due to historical reasons that sets it aside from the rest of the forums. Diluting that doesn't seem desirable.

    Also I think you can point to a distinct anti-spyware industry though for some reason people from there don't seem to visit here as much (comparitively anyway compared to other vendors of other products), preferring to stay on their own forums..... ??

    On the other hand, there doesn't seem to be enough anti-trojan people around to justify the term industry... though I think traditionally they are closer to the anti-virus side of things..

    Another reason why I don't think it is a good idea is that for good or bad, most people *do* make a distinction between antispyware and antivirus, so it might be a good idea not to confound expectations there just for the sake of conceptual reasons.

    Also I think having just 2 forums signature based and none signature based forums would be consolidating the forums too much , particularly since the antivirus forum is pretty busy already as it is.
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    That could happen - but with existing AV comparison sites including anti-trojan (but not yet anti-spyware) results, it would seem just as likely that the AT/AS side could be assimilated with little ill effect.
    This has puzzled me for a while - none of the existing anti-spyware applications offer anything that a decent web filter and anti-virus scanner can't do, aside from (with certain AS software) a much slower system and Windows crashes. ;)

    While there was a definite need to tackle web-based nuisances a few years ago (AdAware/SpyBot), the traditional AV operators now seem to cover this ground better, though sometimes as an optional feature. The current success of AS software seems to be more due to marketing and history than actually addressing an area not covered elsewhere.
    Or the AV people are closer to the AT side. Very little new malware can accurately be described as a virus (in the sense of spreading by infecting program files) - it is almost all worms and trojans (with the occasional rootkit for company). This probably gives the "specialist" AT vendors some sleepless nights since it is increasingly hard to differentiate their products and almost impossible to keep up with the AV companies' general malware detection rate (hence the TDS-3 shutdown...).
    This, I would suggest, is down to a definition issue with most people not really knowing what either are. Calling the signature-based forum "anti-malware" could help here, not least since anti-malware seems to be a more accurate term.
    You could argue a good case for having major players split into subforums, but that would probably confuse visitors as to whether Wilders was offering official support or not. Traffic could be an issue, though the admins here are better placed to judge on that. Having said that, posters confused about whether their topic is AV, AT or AS are more likely to post in AV by default which would account partly for its higher traffic.

    The main benefit though, is in concentrating similar discussions in one place and, aside from product-specific queries, AV/AT/AS issues seem to be pretty similar.
     
  8. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I think AV forum would absorb the AT side without problems. Also there is some shared history.

    The AS side on this forum is pretty quiet so it might work too.

    I was however hoping that the AS side could develop it's own culture, which is possible given that there is an industry out there.

    It's just that the movers and shakers of AS industry don't seem to come here much, maybe because wilders stopped HJT log services a while ago?

    Well when you have enough players, enough money pouring in, you get an industry.... Or you could blame the AV industry for being slow on the uptake, allowing the creation of this new industry.... :)

    Nah, the smaller slice is more likely to be the breakaway group.

    emember a couple of years back when some people claim NOD doesn't do trojans? That was at a time when real viruses were dead already, so basically NOD was a "anti-worm" program! Even today, i think most avs should be called AWs since it is still their bread and butter.... :)

    Hence Ewido's conversion to "antispyware" from it's inital positioning as an anti-trojan (with a stop at anti-malware in between).

    Actually, it would be interesting to see what the antispyware people would say.

    Would they justify it in terms of better cleaning abilities?

    If i remember correctly the AT guys used to justify their value because of something called a real memory scanner, as well as the general neglect of trojan detection by AV people.

    Even now, I must admit I'm still confused on which AV includes antispyware detection. I think most do, but I seem to recall some wanting to charge for that? if i'm not sure, you can betcha the average person is as well. :)

    Possibly, but my impression is that AS topics are very rare overall anywhere.
    So the proposal to combine them all into one might work, though it would be dominated by AV talk mostly because of the general lack of interest in AS and AT here relatively speaking.

    I suspect if wilders started offering HJT cleaning services again, the number of questions on AS would start rising again. Probably more postings by AS stars as well too.
     
  9. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    As far as hardening goes, I tend to think it would be better to have a more generic "Windows Security" section that would also include things like limited user accounts and such. Anything regarding securing Windows without 3rd party software. I still think we ought to have a Network Security forum as well, just to encourage more discussions along some of the same lines.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Since We are now moving into a side discussion concerning AV and AS....it will be best to let the above Admin post and a recent comment concerning the Forum layout suffice for now. Feel free to continue the AV\AS discussion in possibly our other security issues & news forum if members so desire.

    Since there's no need and reason at this moment in time to keep this thread open....it has been closed.

    Regards,
    Bubba
     
Thread Status:
Not open for further replies.