How might I get infected....?

Discussion in 'malware problems & news' started by wat0114, Nov 16, 2013.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    That isn't really my experience. One thing often brought up is the fact that we spend more money than ever on security and we lose more money than ever on compromises - not exactly great returns.

    I think it's fair to say that someone's doing something very wrong when the numbers constantly show worse returns on investment every year.
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,527
    Location:
    Texas
    Education is still the key. Be it home user or business user. Social engineering, phishing, byod, and so on, contribute to most of the problems we experience today.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,047
    Location:
    Canada
    That's really what I think comes down do, at least with the present threat landscape.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Whether that is the case or not, the response to the issues has been a complete failure - compromises are larger and more costly than ever.
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,527
    Location:
    Texas
    Cite your examples for discussion.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    As I said, we spend more money every year than the previous year, but compromises are costing more money than ever. Canalys has a report on it.

    Cost per incident:

    2006 - 168,000

    2008 - 500,000

    2010 - 1.5m

    2013 - 5.4m

    I'm not going to dig through the entire report but part of it should be discussed here:
    http://www.canalys.com/newsroom/it-security-spend-reach-301-billion-2017
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    59,527
    Location:
    Texas
    Yep, no change there. The criminals will always try to find ways to bilk people out of their money. Be alert and educate yourself.
     
  8. Windchild

    Windchild Registered Member

    Joined:
    Jun 16, 2009
    Posts:
    571
    This would be a good time for me to point out that running this

    - Firefox with NoScript plugin on a Windows XP SP3 limited account behind a firewalled router -

    configuration is actually pretty safe, assuming the user is "smart" (that is to say, smart about computer security).

    What kind of attacks would be effective against that config? Most, perhaps all, of the social engineering attacks would fail due to superior user. "What, I should click on this random link to see some celebrity private parts? Sounds legit. Oh wait, and I should download some file to see them, too? Boobies.gif.exe? Yeah, sure I will, not like it could possibly be malicious, naaah." Since the user is smart, they'll be patching their browser & other software in a timely fashion, so anything that targets a patched vulnerability will also fail spectacularly. So, that leaves us with unpatched stuff, perhaps stuff that cannot be patched due to end of support issues for some software or another, maybe even the OS itself. Interestingly, much of that unpatched stuff is quite likely to work against much more cumbersome security configs as well. Especially if we assume it's not just a random blind attack, but an attacker that actually intends to succeed against targets that actually take some protective measures and don't fall into the traditional lowest-hanging fruit segment. AVs and such will not reliably stop such attacks - obviously such a dedicated attacker would double-test to make sure most AVs fail to detect his malicious code before starting the attack. To reliably improve security against such attacks, you'd have to skip AVs and go for the sandboxing/HIPS/virtualization type of solutions, which are pretty much as heavy as anything is likely to get for most even remotely regular users.

    So, where I'm going with this all is, that setup isn't half bad in terms of security, if the user is smart. I know a lot of people who run a setup similar to that, without issues. Would I recommend it to everyone, or the average user? Hell to the no. Would I recommend it after XP's support ends? Not really, no.
     
  9. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,047
    Location:
    Canada
    Thanks for your feedback, Windchild :)

    Yes, although I feel I could probably get by unscathed with this setup, I would not use it only, and nor would I recommend it to other seasoned security conscious XP users, and there are a few in these forums. So after taking all things into consideration, I would likely add the following:

    • Sandboxie - tightly configured of course using many of the typical recommendations found in these forums.
    • EMET - apply mitigations to all internet-facing apps.

    With XP Pro I would also use SRP with a whitelist approach, including dll's.

    And of course it goes without saying an image routine would be in place as well, just in case of a breech.

    None of this actually applies to me anymore, as I have migrated away from my XP setup (although I still have it installed + one VM) and replaced it with Linux as per my signature. I'm just interested in how the XP diehards might continue with the O/S long after it's been left abandoned on the side of the road by MS :)
     
  10. LMHmedchem

    LMHmedchem Registered Member

    Joined:
    Feb 8, 2012
    Posts:
    28
    I don't know if this would interest you or not, but I now run XP in virtualbox. I have comodo ISP installed there, but most of the time I have the nic disabled so there is no internet access inside the vbox. I use this to run windows based applications like office. On the outside, I run mint linux (an ubuntu variant) and all of my web based applications run from there.

    This setup works well for most things except for gaming. If you want to keep using xp, this might be the best way to go. You don't have to worry that much about security on rigs that aren't connected to the internet and you can create that inside the vbox. Even if you do get your xp infected from a flash drive or something like that, you can just revert to a clean snapshot of the VM.

    Just a thought or two.

    I see that many here have referenced Software Restriction Policies. Is not Comodo defense+ the same thing more or less? I also have a rule that internet access from my computer is white list by hash, so if a non-listed program attempts to connect out, the connection is blocked and I get an alert.

    LMHmedchem
     
    Last edited: Nov 21, 2013
  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,047
    Location:
    Canada
    @LMH,

    yes, I'd say you have yourself an ultra-secure setup :thumb: As long as the hardware isn't noticeably strained running the vm on the Linux host, you're laughing.

    As far as CIS, yes, similar, although 3rd party, but even more granularity to restrict. It looks as though you know what you're doing, for sure. Very nice setup. Not everyone could go this route, of course, because hardware would have to be up to snuff to handle the additional load of the vm, but it's a nice approach if the resources are available.
     
Loading...
Thread Status:
Not open for further replies.