How to mitigate 85% of threats with only four strategies

Discussion in 'other anti-malware software' started by Minimalist, May 12, 2015.

  1. Locked Admin only has four strategies and my guess is that it will protect against 99,9999% of the threats :D
     
  2. ropchain

    ropchain Registered Member

    Joined:
    Mar 26, 2015
    Posts:
    335
    I still think that common sense and system hardening are two different things, but that is my opinion.

    At least it makes exploitation harder, but I would not be able to verify your given percentage. Eventually with enough resources everything can be bypassed. For a seasoned exploit developer this would be a piece of cake.
    But I am not going to speculate about possible ways of bypassing the 'Locked Admin' set-up. :rolleyes:
     
    Last edited: May 31, 2015
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes I agree with you about percentage. IMO top four strategies described in article would protect against much more than 85% of threats. Of course I have no proof or statistics to support my statement.
     
  4. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,267
    Location:
    Southern Rocky Mountains USA
    There is a big difference between a random exploit let loose in the wild to get whatever is vulnerable to it and a targeted attack from a determined and skilled adversary. The former are very common and the latter not at all. In order to be targeted, you have to have something worth the time and resources required for such an attack. The security measures necessary to keep your personal system from being a random victim of a common exploit are pretty trivial compared to those of a network that holds desirable assets for those that penetrate it.
     
  5. @MisterB

    I agree completely with above post. Malware writers are driven by money, so chances of a random surfer being the subject of targetted attack is near zero, since there is no economic basis justifying that attack. Secondly, most members of this forum have an above average strength security setup. To survive the attack of a group of lions, one does not has to out run the lions, you only have to be faster than someone else in the group of people fleeing for the lion.


    @ropchain

    Interesting viewpoint that hacking is considered a process solely based on time and resources. When you have worked in programming teams, you know that some collegues are better at finding bugs by just looking at the code than others (dry debugging). Like theoretical mathematics have a talent to crack encrypted/transcrypted code, hackers have a talent to find bugs in programming code.

    On security forums I read many posts of people having some or extensive knowledge on programming and telling me it is all that easy (to craft a staged intrusion). Those insiders seem to think, that because they are able to understand how the bypasses are achieved, they automatically are able to craft such creative and staged attacks themselves.

    Being able to understand is not the same as being able to replicate. Being able to replicate is not the same as being able to invent or find a breakthrough. Considering that there are millions of skilled programmers (or people with insiders knowledge like yourself) which are able to understand and replicate, why were only two capable of bypassing Chrome in last Pwn2Own competition? It is easy money when you find a way to bypass Chrome (JungHoon Lee earned $225.000 in last Pwn2Own).

    So I do not challenge your ability of thinking of theoretical bypasses of Locked Admin, I do challenge this ability in practice. Simply because you need to bypass Chrome, MBAE, SecureFolders (ACL)/Cryptoprevent (SRP) and TTF (survive reboot).

    IMHO this "can be done also claim" is as unlikely as an amature soccer player explaining the goal of Messi against Athletic Bilbao in Spain's recent cup final (bypassing four defenders) and claiming he is able to perform the same feat as well (when he had the time and money to practice).

    Regards Kees
     
    Last edited by a moderator: Jun 1, 2015
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Anyone notice that half of the ranks in that list are missing? What is number 4, 9, 10, 11, 14, etc? The categories in that list also appear to be based on their product selection, not security strategies or policies. Example, separating application whitelisting and HIPS. At their core, HIPS are application whitelisting tools. They both enforce the same policy, default-deny.

    The firewall separation is also artificial. How many firewalls manage outbound traffic only? The vast majority do both. The rank will be much different if both were considered together, which is the normal design for software firewalls. What do both of these firewalls do? Allow the traffic that's needed while blocking what isn't? It's the same policy, default-deny applied to traffic instead of applications.

    Numbers 18 and 19, web content filtering and web domain whitelisting. Same thing, default-deny applied to web content and 3rd party connections. Number 26, Removable and portable media control. Again, default-deny applied to devices.

    There's nothing new or special here. While the list centers around their products and services, the core policies behind most them, default-deny has been around forever. It always has been and continues to be the most effective security policy. The only real difference is what options you choose to enforce it, built in tools, 3rd party, integrated packages, separate components, etc. It's not the tools that protect your system. It's the policy that they enforce. Until recently, Windows has been designed to use the complete opposite policy. It permits everything. If you want to mitigate 85%+ of the threats, configure and equip Windows away from that default-permit policy, including the users.
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    You can check whole list by clicking an image at the beginning of article.
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Missed that link. Thanks.
     
  9. Keatah

    Keatah Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    1,029
    Totally correct. Been operating all my workstations that way for years. Got one bit of malware back in 2006-2007 while visiting a nefarious site.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.