If you could create your own security program what would it be?

Discussion in 'other software & services' started by Hungry Man, Oct 27, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you could create your own security program what would it consist of? Be realistic.

    And by realistic I mean don't say "It would have a blacklist of every malicious file ever" instead you would explain how it gets its blacklist.

    Explain it in as much detail as possible.
     
  2. Ranget

    Ranget Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    846
    Location:
    Not Really Sure :/
    i will focus on Rootkit and protection for Bios and firmware
    always deny anywrite to firmware
    antirootkit Real time protection
    and On demand scanner that will Protect both x64 and x86

    and uses various technique and engine in scanning for rootkit
    also it will have a cloud based Rootkit signature scanning
    for quickly submitting suspicious rootkits and detecting new ones

    also it contain a Firmware scanner only that will scan firmware for infection
     
  3. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    An Emergency/Recovery function (something like Reboot and Press R or E)
    Loaded before the main system lunches, a Console could allow users to:

    (a) Safely Extract their Personal Files (e.g. Documents, Images, Music, Video etc.)
    and Save them in external Storage Devices (e.g. USB, DVD ext. HD)

    (b) Restore (Default Options) for All System Files so that the system successfully Boots
    even if it couldn't.
     
  4. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Ultra customization HIPS for beginners or experts. :D
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Mine would be a HIPS style approach. Nothing fancy, just simple monitoring and logging. Of course some abilities would help to test, like:

    1. options that define what to watch for (actions, directories (to monitor execution in or to monitor read/writes in), registry (similar to directories), executable names, etc)
    2. option to monitor for a time, then a simple black/white list
    3. option to "engage" a lock down
    4. option to "engage" free executing anything
    5. option to "engage" pop-up mode for everything (for fine tuning/ testing)

    It would also include a network portion.

    1. option to allow/deny outbound comms per application
    2. option to simply log activities for testing purposes
    3. option to show more granular activities, like dns hits, http addresses, etc

    In short, it would be what most of us have tried in way of HIPS, but more for logging than to actually control things. With a vast array of tools at our disposal, I really feel there are plenty of fine programs available, but no really great tools to explore what is happening except for those security tools themselves. I use Outpost firewall for testing network comms, but don't run it all the time, only when I want to know what a certain application is doing.

    Sul.
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Just remember to keep track of new HIPS systems. Otherwise, others may profit from something you idealized. :D
     
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    It would come with direct-to-credit-card punishment for users making transgressions. For example, 200 dollars for saving a file to desktop. I have this arrangement with my parents and it works beautifully. They get rewarded for doing things correctly and punished for not. Best education ever.
    Mrk
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    How have your parents not killed you? :D Legally nobody could make a program like that (unless the government did), you'd get sued and/or jailed so fast your head would spin like a top.
     
  9. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    200 dollars for saving a file to the desktop? That's extortion! :argh:

    With a son like you, they don't need anyone to rob them. :ouch: :argh: :D Imagine 200 dollars a month. That equals 2400 dollars. :D Make it weekly...

    I wish I could do something like that!! LOL
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Ehh Would be
    a) easy way to switch on deny elevation of unsigned programs
    b) easy way to add mandatory Medium Integrity levels to interfacing apps to internet facing aps and vulnarable plug-ins (java, pdf, flash)
    c) easy way to enable the 1806 deny execute / deny drive by download trick
    d) easy way to remove change rights of home users of the autorun entries located in HKCU
    e) easy way to remove execute option of folders

    Above is all build into windows, switching those locks on and only removing them when required has been the basis of Safe-Admin for two years now (with low rights sandboxes of IE9 and Chrome).

    Waiting for Sully to complete it :D
     
  11. guest

    guest Guest

  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Sandboxie, with the ability to scan new files through an extensive cloud database before being moved out of the box.

    I'd use that, and the project Mr. PC's working on... and feel pretty darn good about things.
     
  13. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    I don't think I would bother creating one. I already have one, my brain. It's worked well me over the years.
     
  14. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Something like Sanboxie,Appguard and processguard all in one with automated hitman pro like scan when recovering from the sandbox to the OS.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I wouldn't build a security app per se. I'm playing with an idea that would separate the core operating system from the installed apps and the users data. The core operating system would be read only, most likely taking the form of a live CD. The security system, user apps, and stored data will be on encrypted partitions that will be completely inaccessible without the live CD. Plans include integrity checking of the live CD before it can unlock the encrypted partitions, a memory wipe at shutdown and (if possible) on-demand, hardware changes that will wipe the drives if the case is opened, plus a few other ideas that I'll keep to myself.

    This isn't something that I need, just something I'm enjoying working on when I feel up to it.
     
  16. x942

    x942 Guest

    You just uncovered a project I have been trying to build! :D

    The entire hard drive is encrypted:
    User partitions encrypted with a static key and password
    OS partition encrypted with a random key every boot and is "reset" every boot
    Swap encrypted with random key.

    The OS partition is reinstalled and ciphered with a random key on boot. I did this in a way it takes the least amount of time to boot. (AKA. small linux kernel)

    The OS is right protected and all programs/files exist on a user partition. (This requires customizing the kernel).

    Boot from a CD/Flash drive - this runs an integrity check on the Drive header (which would be pseudo-random noise) if the SHA256 bit hashes match proceed - Check flash drive/CD integrity if these match proceed to re-image the OS partition.


    On shutdown wipe RAM (similar to how TAILS Live CD does), by calling a kexec to launch another kernel. This prevents Cold boot attacks.

    On demand - Just have a hot key call kexec to do the same thing as above.

    The first major downside is any application that ties into the kernel won't work without some kind of emulation. The kernel is read only.

    Making a read-only kernel isn't hard but making it work with user installable applications is hard.

    ---------

    I would design what I said above and then pre-install popular apps and not allow anything else to be installed. Removing the user from the equation.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Lol. Or you uncovered mine.
    There's quite a few differences between your project and mine.
    That's my biggest gripe regarding Live CDs, can't add or modify anything. I plan on making it possible for the user to add additional applications. They'll probably have to be portables but that still leaves a good selection. I don't want to have to rebuild the whole thing every time a major vulnerability turns up in an application (like the recent one in Tor). It's security setup won't be too much different in principle than what I'm using now (default-deny, admin modifiable whitelist) except that it will be tighter. At present, trying to assemble this into a distributable form isn't in the plans, partly because I doubt there'd be any demand for it, and partly because I have no idea how to do it and make it work on more than one type of hardware.
    Slightly different approach, very similar results. Without knowing the details, the main differences I see is that I'll be using a CD exclusively and eliminate any possibility of an altered boot device being used. Whether it ever gets completed or not, developing it is definitely fun and quite the learning experience.
     
  18. x942

    x942 Guest

    LOL true enough xD

    I think two versions would be good:

    1) with default deny so only installed apps can be run.

    2) with installable apps.

    The first is great for corporate offices where they don't want users to install anything.

    The second is great for users.

    I prefer having it on disk that way you don't need to have the CD in all the time. The down side to having a CD all the time is that you can't easily use another CD if needed.

    I have a kernel that's read -only and can't find any way to get around it. Your way may be more bullet proof but I think for convenience my way works in that regard.

    If we finish we should do a comparison in a thread :p
     
  19. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    And when will we be able to buy it :shifty:
     
  20. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I don't want to get into toooo many details =p but for me it would basically segregate the system into different levels of trust similar to the integrity system but instead of by path it would be by heuristics-score, which would be based on very simple and specific signatures.
     
Loading...
Thread Status:
Not open for further replies.