LUA+SRP setup or the like with a file-drive?

Discussion in 'other anti-malware software' started by raven211, Aug 22, 2009.

Thread Status:
Not open for further replies.
  1. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Okay, I simply can't make up my mind how to set this up... with LUA+SRP, the system itself is as good as secured from malware - but what about my file-drive? I've a secondary drive on 1TB which is used only for files. I want to execute programs that I've saved there, I want to be able to download stuff to there through things like torrent-clients (which means it's to also be able to modify my files) - apart from browsers, ofc... I want to be able to create and modify documents, etc., etc. The list goes on...

    So... how do I set up an environment which keeps my files safe as well? My initial thought was a LUA+SRP setup as I know the basics and why that increases my protection a really big lot, but since I've to give my file-drive at least close to full-control to not drive me insane when it comes to usability, there's a big, BIG hole left on that particular drive at the same time. Malware which deletes files on partitions that it's able to, etc.


    I think you get the picture, and I'm in desperate need for advice.

    Thanks a lot
     
  2. dell boy

    dell boy Registered Member

    Joined:
    Apr 13, 2009
    Posts:
    240
    Location:
    uk, england
    i think, your overkill already, to be honest and you dont need to worry about a big hole. IMO simple safe-hex and an isolation program and your done.
     
  3. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    With SRP you won't have any problem saving or modifying files on that drive, by default they can't execute, of course. I'm guessing that you are referring to installation files for apps that you have downloaded that you want to run. Since you have SuRun (in your sig at least), just right click an installation file and select start as administrator. If you have some stand-alone apps in directories on that drive you can just make a path rule for them in the group policy editor.

    I have Avira on one crate and Avast on another (on-demand only) to scan files I download, which is not a bad idea just to be on the safe side.
     
  4. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Hehe - thanks guys. I definitely spoke too soon. I noticed how restrictive the stuff that I've applied really is - it's a killer. :D Most amazing security I've ever "run". :D Now I'm considering, as I run with this setup, what to use - or if to use. :)
     
  5. Johnny123

    Johnny123 Registered Member

    Joined:
    May 4, 2006
    Posts:
    548
    Location:
    Bremen, Germany
    Good stuff, isn't it? Makes you wonder why there is so much resistance to it here, in a security forum of all things. I think some of them are afraid that their testosterone level will sink to critical values if they aren't running as admin.

    Are you referring to a security app? If so, the only thing I have is an on-demand virus scanner (which never finds anything).

    I don't use any of these "personal firewalls" either (what's an "unpersonal" firewall?). I have an IBM ThinkCentre SFF that I picked up on eBay for €68 (with 1 yr. guarantee) that's running the IPCop firewall distro. Works great and you have banned yet another resource hog from the system. *puppy*
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    In interesting question and one I have pondered myself. I am currently looking at some options to use not from LUA but could also apply.

    What you have to realize is ownership. Say you create d:\SavedFiles with your account, you become the owner. This means, even if you are a User, you have rights to change/modify/delete this custom directory. It would be the simplest (although not in practice) to simply make the permissions on d:\SavedFiles that ownership is transferred to the group ADMINS. This way, as a User, you cannot modify, only read and execute. If you then, as a User were to run Firefox, get a virii that wanted to bork everything in d:\SavedFiles , Users would not have rights to do that, only someone in the group of ADMINS. This would neatly take care of this event.

    However, you still now must elevate yourself to group ADMIN to actually create/modify anything in d:\SavedFiles. Here I am playing with just a simple solution. I start Firefox as a User, download something to d:\temp, which is owned by my account, whether user or admin. Then, as Admin, I move/save things from d:\temp into d:\SavedFiles. It is one extra step, but not a big deal really condsidering unless a program has root privelage aka ADMIN rights, data is safe from modification in d:\SavedFiles but still accessible (both read/traverse/execute) to the User and also the d:\temp files are available for modification by the owner, which would be the user who created it.

    There are ways that can be empolyed into the security scheme that can handle situations like you describe, it only takes understanding the security policies windows has at hand to use and applying them in perhaps an unorthodox fashion.

    Sul.
     
  7. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Unless I haven´t misunderstood your reasoning, it has nothing to do with ownership Sul. If you want to secure your file drive in a simple manner Raven, uncheck the user accounts write/change permission for your file drive and use the SuRuns explore option for accessing the drive as an admin "automagically". Thereby you can only read your files as a limited user, but have full access as an admin.

    /C.
     
  8. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Well, it has everything to do with ownership. The question is, if I understand it correctly the question is how to not let files on a drive be destroyed/deleted by some nasty etc, whilst still being able to use the said drive. Whether you do it with SuRun magically or with permissions, the only native way I know of to stop access to some file-drive is to set permissions of the item(s) in question to admin group, and then deny user accounts ownerships at all. This leads to any user account, in any group, not owning the file-drive in question, but only a member of the admin group.

    How is what you stated different? Wondering if I read you wrong but it seems you are using SuRun to do the same thing? Or something like that ?? And of course, you can do what you suggest for the whole drive, where you could also as I state have more granular approach of specific objects/containers only.

    Sul.
     
  9. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    1. How safe am I from Keyloggers when running LUA+SRP? No difference in case a Keylogger gets in, or... ?

    I only ask for Keyloggers since that's where I see the biggest risk - other stuff that's trying to hurt the system and not compromise my privacy is not something which I'm too concerned about, considering my precautions (LUA+SRP and even no Autorun, that's). I've now also removed my write- and modify-permissions for my file-drive, so overall the content should be safe from attacks. I'll give permissions for specific folders in there as needed...


    2. What are the Special Permissions that are enabled by default even for LUA on my system drive? Is it safe to have it enabled since it's indeed by default, or what do you recommend? I've tried to figure this out, but I'm still not completely sure, so it would be great to hear it from you guys. :D


    3. Even with those modifications to my rights on my file-drive in place, I'm able to send folders and so on to the Recycle Bin (delete stuff, that's) - why is that? :doubt: Will the changes take place after a reboot, or? I just consider that a major risk since that's one of the things I was trying to avoid happening.


    Don't hesitate to ask me questions or ask for elaboration! ;)

    Thanks a lot! :)
     
  10. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    A keylogger will need to run/execute at some point on your machine to work.

    So it down to :

    1. Preventing unwanted execution
    2. Care when installing application

    So with LUA , no new files can execute in your windows folders ( unless your installing them ) .

    With SRP you can set it up a few ways.
    If you go this way http://www.mechbgon.com/srp/
    then files ( new or old )cannot execute in your users folders either.

    So your pretty tight against 1.


    For 2 , I'd run any new install in sandboxie first. If anything looks a bit odd ,
    then you can have a re-think about if you trust the software or not.
     
  11. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    From http://www.sandboxie.com/index.php?DetectingKeyLoggers
    My emphasis

    Nothing we can do about that !
     
  12. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Not if the site required Scripting to be enabled.
     
  13. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    With Noscript you can of course enable individual scripts within a web page while blocking everything else.It does require that you can differentiate between good and bad though.
     
  14. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Ok , so we're looking at the risks of key-logging with a LUA&SRP setup.

    1.
    Most keyloggers try and install malware on your PC.
    LUA & SRP offer very good protection against this.
    Diagram http://www.mechbgon.com/srp/

    2.
    Script based keyloggers require that the website your visting is compromised.
    This is pretty much a whole seperate topic in itself :)
    LUA & SRP can help if the overall "malware package", of the script based keylogger,
    tries to download malware to the users PC.

    There are other ways to reduce the dangers posed by script based keyloggers.
    However ...
    if the website you are visiting is compromised , there is a limit on what a person can do on their PC , and, at the same time "use" the site.

    Whew.
     
    Last edited: Aug 27, 2009
  15. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Awww... why I still have equal to Full Control on my file-drive? :doubt: The options for "Security" look the same to me when I compare my file drive with my system drive - it didn't even have the possibly dangerous Special Permissions that my system drive had at first.

    EDIT: This is just brainstorming... can the "SYSTEM" user name, which has Full Control in terms of rights, be the possible cause for my Full Control of my file drive and its contents?

    EDIT2: Okay, so I found the culprit; the Authenticated Users group. For some reason, I was apparently a member of that group as well, even if I don't know why - maybe you have the answer for that? :) Also curious why that group was there in the first place, but not on my system drive in comparison. Hmm... :rolleyes: Quick EDIT3: I did not remove the group, just to be sure I do not create any problems by doing so - I only gave that group the same rights as the Users group, and it seems to work like I wanted. That's, allowing me (and the system) to normally only read the contents (execution is ofc blocked, thanks to SRP).
     
    Last edited: Aug 26, 2009
  16. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Is it safe to run games with elevated rights? I'm asking this since I have two games - and that's also only ATM - which can't run properly without having elevated rights. Not just the free MMO that I've talked about previously, but the demo for Batman: Arkham Asylum as well.

    I have my own point of view that the games themselves shouldn't be dangerous to run with elevated rights, as long as malicious stuff around them (malware) does not compromise the system - but I've to ask you guys simply because I don't have the knowledge to know that this is true. It's simply logical to me, but not more than that.
     
  17. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I'll try to keep the rights as low as possible, but for the MMO - which is ofc a Internet facing app. - I'll have to let it Write to and Modify its own folder. I dunno why this method didn't work now for GameGuard when it did before, but I'll apply that compromise in terms of rights again and see tomorrow on a new boot if things are better.
     
  18. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Re the games , I guess its no harm to run them with limited rights.

    Its asking a lot from a malware writer for them to be exploited in the first place , though.:blink:

    How do you think that would happen ?
     
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    With legitimately sourced games unlikely,with warez of course a much greater possibility.
     
  20. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    Yeah but thats a whole other question.
    Then your running something you don't 100% trust.

    I think the OP is talking about legit games
     
  21. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    Absolutely - free MMORPGs and demos right now, time will tell what's up next. Got Dragonica (the free MMORPG) working again now through LUA and only rights to modify its own folder - nothing else.
     
Loading...
Thread Status:
Not open for further replies.