Minimalistic vs. maximalistic - right approach to security

Discussion in 'other security issues & news' started by Mrkvonic, Dec 20, 2005.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,300
    Hello,
    This has been discussed in this or that fashion several times.
    However, I want to try a different approach to this discussion.

    In my personal experience, I have never executed malware on my computer. In the entire history of my browsing, the AVs I used flagged only a single file as trojan. Anti-trojan / spyware programs I use(d) flagged 4-5 entries, all of which turned to be false positives.

    So...

    My question is like this:

    For those with minimalistic approach to security:
    Why do you use your setup? Why do you think so few applications are needed? Do you think the threats are remote or do you think the security apsects are exaggerated? Or do you think you can decide, better than scanning bots, what is good / bad for your machine?

    For those with layered / heavy security approach:
    What is the reason you use this? EXCEPT FUN / HOBBY! Do you really fear a hacker invasion every hour of the day? Or do you do things in such way that every 5 minutes you get rescue alerts from your programs, telling you that you have been saved from threats?
    If this is the case, can you please highlight your habits? I find it hard to believe so much spyware can be so easily contracted, even if you surf the would-be notorious sites.

    Example:
    User A - I get spyware all the time!
    Question: Can you describe your habits:
    - I use Kazaa (you should have opted for spyware-free version)
    - I use IE (switch to FF or Opera, you'll notice the difference)
    - SP2 gives me trouble, I use SP1 (buy legal Windows and patch it up)
    - I download cracks for my downloaded games (buy them like I do)
    - I like freebies (ask on Wilders for advice before you download)

    The sentence I'm blocking spyware / my scanners are finding it all the time is an out-of-the-blue sentence. I'm truly curious to understand how spyware happens to people. I'm not talking about clueless newbies. I'm talking about security-conscious people - the two factions - minimalists vs maximalists.

    If you are afraid, could you please tell why you fear spyware? Why do you think you need 10-20 applications to protect your bits?

    If you get spyware all the time, yet you know what you're doing and it's not for the purpose of experimentation / testing / fun, how does it happen?

    So please people, let's have a good healthy fight ... eh discussion... :)

    My reasons for minimalistic:
    First, I DO have machines with HEAVY setup - for purposes of FUN and TESTING. The everyday machines are minimalistic.
    Reasons:
    I do not think serious harm can come from spyware. Yes, you can be rootkitted, violated any which way, your personal information stolen etc. But these harms are not personal - unlike house theft, injury etc. These can be easily remedied by formatting and starting fresh. And if you fear something has been exposed, you can always contact relevant authorities - credit card agencies, police etc.
    I do not think spyware can easily be contracted. It requires effort. Deliberate effort / input from user. First, you need to find something that is infected. Then you need to download it. Then you need to execute it. Three active steps. In between you may use scanners and reduce the danger. Or you can visit forums and ask for help.
    What about drive-by-downloads, they'll say?
    First you need to go to an infected site.
    Then your browser / OS needs to support the exploit. If you're patched properly, the chance goes down a lot. Then, if you use an alternative browser, the chance goes down even further.
    I'm gonna throw numbers here, so don't kill me.
    Let's say a chance of DbD is 1% in IE, which is a lot (1 in 100 sites capable of executing stuff on your local machine), this 90% due to ActiveX and 9% due to Java / Javascript and 1% to other exploits.
    If you switch to FF / Opera, you reduce the chances to about 1 in 1,000.
    If you use convenient tools for managing Java / Javascript / Flash etc, you reduce the chances to about 1 in 10,000 to those other exploits.
    How much time does it take to visit 10,000 INFECTED sites? A lot I think. Even if you're an avid surfer, and you do 50-100 sites a day, you'll need 3 months to hit a site that will infect you. And this takes a deliberate effort to find these sites.
    How many sites do you normally browse? 10? 60? 100? 500!?
    So, basic firewall for all connections and a good broswer are basically enough. But if you really wanna manage the downloaded content, then perhaps an AV scanner or maybe an AT scanner. But do you really need more?
    For all the guys there who like registry changes prompts:
    You know about these and love them - why not take a step further? Go to policies and edit them manually. Restrict yourself the way you like.

    Thank you for your cooperations, let's have a good discussion.
    Mrk
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    I've always felt that security starts with a state of mind, and the first thing to handle is fear. In more than 14 years of using computers, I've never had any malware get into my computer. Nonetheless, I prepare for the unexpected.

    1) I use a firewall.

    2) Using a White List product (like Anti-Executable) protects me from remote code execution, should I visit a web site where that might happen. Although I would never open an email attachment that contained an executable, anything not white listed would be blocked anyway. No executable not on the White List can be copied across my network.

    3) Using some type of virtual environment (like Deep Freeze) protects the Operating System/Registry, not only against malware, but also against file corruption.

    I use those because I'm never aware they are even there. They just do their job and protect against threats as I perceive them.

    For me, the threats are remote because worms/trojans have to install before they can execute their payload, and White Listing protects against that.

    Many point that you have to disable your white list protection in order to install a program, which then gets put on your white list, and there is the possibility that the program could have a trojan attached to it. This is a valid point. For me, I've never worried about it because I'm always confident of the source where I get the program.

    This question will be answered differently by others, depending on circumstances: using P2P requires a different approach, for example.

    Although I've never had any malware install, my plan always has been that if that did happen, I would just re-image and be done with it. A well-thought out backup plan is an essential part of security.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
    Last edited: Dec 20, 2005
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    At the risk of oversimplifying, just because I have never had my house robbed doesn't mean I'm going to leave the doors and windows open when I go to the store.. I also won't settle for a simple doorknob lock, even when the dog (pitbull) stays home. I've never had anyone attempt to steal my bike while it was locked, but that doesn't keep me from using a Kryptonite lock either - the new kind that can't be picked with a ballpoint pen, at that.

    When it comes to protection, everyone has to find what suits them best. For some that will mean having multiple alerts before realizing that what they're looking at is malware, for others a single alert will suffice. For those that never download anything, execution protection in itself may be the best thing they can get. For those that install a lot, seeing that areas a, b, c, d, e, f, and g are all being triggered may be the needed clue. The less technical users may benefit more from a number of scanners that most here wouldn't consider, because nothing else will make enough sense to make a positive difference in their security.

    Personally I learned a lot using the combo of Prevx Pro, PG, and RegRun. I enjoy having control over what happens with my system, in more ways than just security. I also know how to troubleshoot when something goes wrong. Those that have the time to tweak every little thing can have it even better for less.. if they can create scripts then even better (only have to do it once). IMO they're all valid. Everyone finds their own balance between time and money. The more time you have to put into it, the greater security you can achieve.. if you can become an expert, then maybe you really don't need anything at all beyond what's already provided with the operating system. But if you have to go on primarily free apps, and feel that you need a greater number of free apps than others using commercial ones, then I see nothing wrong with that.

    Things are also constantly in flux. What may work perfectly well today, may not work at all tomorrow. I think that's a good part of why many of us come to places like Wilders. The better you can cover your bases, the less likely you are to be affected by something entirely new- which comes right back around to knowing the tools that you're using, weighing your preferences, experiences, and comfort level with your computer skill and confidence that you will be able to thwart anything that comes through. Without a lot of metrics, it's all pretty much an intuition game.. then where does it leave us when a company like Prevx gets actual metrics that 50% of the HIPS users are allowing the infections to occur? Greater security potential, but lesser security in practice. Look at the new motives behind that malware, and personality traits don't need to be extreme to see why new users might want to have a few extra apps.

    I don't know that I can agree with that anymore. If you primarily make your living on your computer, or you manage your finances with one, that kind of damage can be pretty devestating. I've talked to some people that felt nothing but resistance the entire way, even just from having their credit card number alone defrauded. Cleaning up after full blown ID theft can be very painstaking.. especially when the banks are backing off helping customers, and it's harder than ever to file for bankruptcy. That process can also be fairly expensive, and there's nothing guaranteeing that you will recover all losses. It's also easier for the criminals to cover their tracks online.

    Try using something like StumbleUpon or frequenting blog sites, it will probably add up quicker than you'd think.
     
  4. I would say it's takes either a very brave man (or conversely someone who doesn't care), or a very very knowledgable one (say at the level where you can write your own security apps) to dare to venture with a so called minimalist setup.

    Read the antivirus forum, and you read about dozens of malware not detected by NOD32, KAV whatever. And you read about packers that are not handled, the slow response of antiviruses to new threats...

    Read the antitrojan forum, and you read about how rootkits are super stealthy 'cyber ninjas' that can in theory fool any scanner, even chinese ones. :)

    Holy father or his supporters boasting that his Hackdefender can beat any and all scanners.... Or conversely most Antitrojans are worse than antiviruses.

    Read the firewall forum, and you read about leak tests that bypass firewalls.
    You read about fragmented packages that bypass kerio 2.15, loopback control problems with sysgate, you get linked to security focus's 'firewalls walls of hay'

    Read the other security issues forum, and you read about new vectors of infection like Instant messaging, the number of days windows was left unprotected last year, about how fast exploits are crafted in response to security nofiications.

    Read the privacy forums and you learn about how you no longer have any privacy, that everyone from doubleclick to the FBI are spying on you. You read about the 'dangers of HTTPS', how everything from cookies, to javascript , Java,Activex even CSS can be used to spy on you.

    Read the unoffical HIP forums, and you see people dumping on all and every software that they don't use. Spywareguard isn't updated, MJ registry watcher only polls, OA/bufferzone runs in usermode ...

    You only feel somewhat safer in the indidvual security software forums, but even then, you occasionally get people posting ways to bypass it, or holes in it that could be used. Regdefend doesn't protect it's data filter file,...

    I personally think those of you running minimalistic setups are very brave. Braver than me. Or perhaps you guys know more than me, and how to evalute the seriousness of various risks.
     
  5. Damn Kryponite locks, if you can't trust superman who can you trust :)

    Let me repeat a point made by someone else in another thread, the security is as weak as the weakest point yes? So the question is, with all your security software you got that covered, so the weakest point is probably somewhere else, ie physical access. Perhaps Notok can share with us some of his experiences on that matter.

    From what i gather from above, your house must be a fortress. Do you use motion detectors? How about Em shielding against Tempest attacks? :)



    Indeed. I agree except that I think people who download a lot, should both use a lot of scanners and monitors area a,b,c,d,e,f,g....
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,300
    Hi,
    Devil, you have a unique way of making me respond :)
    I would like to assuage you and allay your fears, even if I myself may be deluded.
    You speak of viruses, trojans, hackerdefender etc.
    How do these files become on your computer? Someone / something must put them there and then, they need to execute. To protect your computer from external threats, you use firewall. As you may notice, there are claims that even the basic windows firewall is enough. So you protect yourself from thousands of bots, scanners etc that prowl the ranges of ips and try to find vulnerabilities.
    Of course, this is not something that will stop the most determined hacker. But the question is: why would a brilliant programmer want to hack a lousy computer owned by some poor guy in southern Albania so he can read useless docs in Albanian? For instance....
    What's the other way of getting payload on your computer?
    IM, browsing and p2p.
    Again, apart from special exploits, you need to download the payload and you need to execute it. Like you said, there are things that are invisible to all scanners. That means scanners will not help you.
    So, here I use the so-called common sense. I will never use something from a source I do not trust. And I mean trust. For instance, I will never download an executable in eMule. So it comes down to your curiosity, greed and habits. Like I mentioned earlier, there is a heavy user input. Many times people click on links, pages, pictures, download cracks for programs and games etc. It does not happen alone.
    OK, back to exploits.
    How frequent are they? Let's say you use Thunderbird, Trillian, Firefox - this covers mail, im and browser. How vulnerable are you to exploits? How many instances of people running Thunder / Firefox have you read in forums telling they have been hit by malware by just opening a page.
    And then, you need to reach the evil page. Somehow.
    And I said the chance is 1 in 10,000. Let's say it's 1 in 1,000. How many sites do you visit in your day to day browsing?
    OK, let's say despite everything you've bit hit.
    Do you use your computer for living? If so, why did you use that computer to browse? Why not separate them. Browsing computer and work computer. I think most people who use computer for living can afford that.
    Let's say you're an average user - your personal things are photos, porn, some docs, maybe a cv, some mails etc. Nothing special. And you've been hit by a nasty.
    Take a cd, burn your stuff to disk and format. Done. Evil's gone.
    What are you afraid of? Do you have dirty secrets that you don't want exposed?
    Now, a special explanation:
    I'm not saying this is true. This is my opinion. My illusion. I think this is the way things are. You cannot embark on my way if you don't feel comfortable with it. If you need 20 apps to feel safe - THAT'S the RIGHT way to do it.
    That's why I started this thread.
    There's no right or wrong.
    There's my way + explanation.
    I explained my way, rich expained his.
    I would like to hear what others thing and most importantly WHY.
    I would like someone who gets hit by spyware once a month to tell how he does it. And so forth. Why have you come to use the setup you use? Is it fear? Habit? Rumors? Knowledge? Lack of knowledge?
    Fun + hobby do not apply as reasons!
    Cheers,
    Mrk

    P.S. Devil, how many real alerts have you had from your security in your internet history? And what were the threats? How did they happen?

    P.S.S. People compare computers to their home. That's not a good comparison. Someone can come to your home and stab you. But no one can stab you through your ethernet card or through web camera. Real world is physical. Computer is ethereal, virtual.
     
  7. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    For the purposes of the general discussion, an operational sense of what minimalist and maximalist is really needed. Minimalist is not necessarily few applications/measures, by the same token maximalist may not be achieved with dozens of measures. If I may offer an operational view:
    • Minimalist = 1 or 2 targeted general measures. That might be a single AV, simple system hardening, or something along those lines. One or two things to handle threats in a broad sweep.
    • Maximalist = Multiple measures to tackle the same threat. Multiple levels of backup and/or approaches targeted for each niche threat. For example, an AV augmented with 1 or more levels of registry protection, execution control, system hardening, dedicated scanners for trojans, spyware, web scanners, e-mail scanning - perhaps at the ISP and PC level. Redundancy built in at every level since, as we all know, none of these products/approaches is infallible.
    Basically why I incorporate a memory scanner (BOClean, Ewido could also fill this role), and you are quite right, malware can get by both of the scanners mentioned, it has on my machine, and was dealt with by the memory scanner.
    They must execute to fool anything, of course the problem is that if a user does not know what to do with an alert, it's a coin toss whether the barrier is effective.
    Obviously, it's an ongoing cat and mouse game.
    It can be daunting, especially if you try to discern the real from the hype.
    This area is young and fluid. Clearly there are gaps in coverage between the various products. The question is whether those gaps equate to a significant vulnerability. That's an answer I don't think anyone knows yet.
    I wouldn't say braver, just a different level of risk assessment and aversion. Someone who is very risk averse will not be comfortable unless well fortified. However, one can become well fortified in a rationale way (for example - having duplicate coverage, knowing full well there is a level of duplication present, and that it is by design and implimented to yield no loss in stability...) or in a very irrationale way (randomly installing the latest application promising a secure surfing nirvana). The main problem I see is that the rationale approach requires a level of user education many are loathe to incur.

    Blue
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm planning to become a minimalist, but I have to learn a few other things first, like partitioning and image backup and I don't have my new computer yet to do this.
    So it will take some time to do this, but my final goal is to protect my computer with "ZoneAlarm Free and ShadowUser".

    The reasons are obvious for me :

    AV/AS/AT/AK scanners
    I explained my thoughts about these scanners in this thread :
    https://www.wilderssecurity.com/showthread.php?p=634872#post634872 post #40
    Security Suites (FW+AV+AS) have the same disadvantages as scanners, except the firewall part.
    IE-SPYAD, MVPS Hosts and other Hosts files have the same characteristics as scanners.
    The bottom line is : I don't want them anymore and they don't have future on long term.

    HIPS softwares
    These softwares :
    - are developped for knowledgeable users, not for average users like me.
    - are even dangerous for average users and security softwares are supposed to be safe.
    I don't say these software are bad, I just can't use them due to my lack of knowledge.
    The bottom line is : I don't want these softwares either.

    Other softwares
    If you put the scanners, suites and HIPS aside, there isn't much left for the average users to protect their computer, except userfriendly firewalls and softwares like DeepFreeze, ... and my favorite one ShadowUser (SU).
    So I don't have much choice, because there is nothing else.
    If the security industry invents another better software, I'm the first one to ditch SU.

    The advantages of SU are too big to be ignored and I admit that the setup won't be easy, at least not for me.
    But the setup is a one-time operation and once it's done, SU will be the most userfriendly, most time-saving and most foolproof (not 100%) protection, I ever had on my computer.
    The basic principle of SU is that whatever you do, it won't change your harddisk.
    Why would I still be worried about any existing, new or undiscovered threat ? They are all gone after reboot.

    That's the theory of course and don't think, I'm blinded by SU.
    That's not the way I look at softwares on the contrary.
    I will try everything to prove that SU isn't that good. Unfortunately, I'm not a security expert.
    My biggest trouble is : how can I see that SU failed. Any advice would be great.

    The MAIN reason why I'm going to use SU, has nothing to do with security at all.
    I want my freedom and fun back on the internet, like in my newbie time, unaware of any threat, without becoming paranoid, without being prudent, without guarding my computer like a hawk with 30+ security softwares.
    Which average user wouldn't like to have that back ? My family and users at work certainly do. :)
     
  9. Personally Blue, I think maximialistic is the wrong name for most of the people we are talking about.

    When you speak of redundancy being built in at every level, you probably mean like how a car is equipped with both seat belts and airbags, so that if one layer fails, the next layer takes over. Each layer is fundmentally different from each other.

    In this group

    I would class you into the 'specialist' group, which prefers to customise solutions and distains suite approaches. So they want firewalls to remain firewalls, antiviruses to remain antivirues. And concentrate on niche products for registry monitors for example. This is the largest group of members here.

    They are opposed of course by the 'suite supporters', who want an all in one solution.

    But both groups generally try to avoid any real overlap in functions. E.g Exeuction protection will be used only once in either PG or SSM, but not both even for a specialist.

    Both groups believe in 'layers', not in the sense that you should have 2 seat belts in a car on one person, but rather that you should have both a selt belt and air bags.

    The true maximalist or maybe we should call Redundanist, would however disagree. He would insist on 5 seltbelts on him, plus several airbags in case one fails.

    This is the guy who insists on running Safe N sec, Appdefend and Online Armor, not because each provides a different function, but because they offer the same protection of the same area. So that if the execution protection of OA fails, the execution protection of Appdefend is still available.

    A lot of new people here fall into this school of thought, when they ask if it's permissionable to run 2 antiviruses or antriojans resident. Still, it's not that rare even among more senior members.

    Based on these classifications (for experienced members only), my estimates are.

    Minimalists -10% - Typical example - Remus, Erikalbert maybe

    Specialist - 65% Typical example - Blue/Blackspear - architect of the 'blue plan'.

    Suite supporters-20% -Typical example hmm isnogood maybe, these members are here, many oldtimers who are tried of balancing different apps but they are not very outspoken. They don't enjoy tweaking, but very technical people. These are the ones who support OA adding firewalls for example and look forward to the day when they can rely only on one solution to cover all the bases.

    Maximalistic/reducantists-5% Typical example- Peter2150

    I consider Mrkvonic more of a 'specialist' with minimalisic leanings. Ditto for me.

    Most newbies, I would class as 'confused' , with maximalistic leanings.
     
  10.  
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Is the discussion between "minimalist" and "maximalist" that important ?
    I didn't even know that expression, until somebody called me a minimalist recently.

    I'm only looking for solutions at Wilders that meet the wishes of the INDIFFERENT users, the worst kind.
    My work is full of these users and they listen to us and nod and smile, but behind our back they laugh at us.
    They consider security as BALLAST and they don't want to learn, because it has nothing to do with their job.
    You will never find these users at Wilders.
    Wilders isn't the real world, even our computer department doesn't know the user world.
    What seems logical in the eyes of a programmer, isn't always logical in the eyes of a user.
    What sounds theoretical right to a programmer is often wrong in practice.
    What a security expert wants, isn't always what the user wants.
    My boss was tired of all these misunderstandings between users and programmers.
    That's why he hired analysts, that act like a buffer between users and programmers.
     
  12. Hackers exploiting vulnerabilities in my software. Buffer overflows or something. I hear they are deadly and no 100% foolproof method against them.

    Heck today I found out about the dangerous vulnerability in Pegasus Mail, which I thought was very secure

    http://www.pmail.com/newsflash.htm#secunia

    I disagree, windows firewall or even no firewall but 100% patched will of course protect you from run of the mill worms. But there are more dangerous attackers out there.

    And even routers can be bypassed by weakness in firmware.
    http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1124857,00.html

    For a challenge. Gavin once warned everyone not to advertise their security setup on this forum, because hackers could use this info against us. Reading between the lines it means a lot of bad guys are reading this forum and maybe targeting us.

    And for money too. You can't be too poor if you have the money to get up with all the security applications.

    See my links above about the exploit against pegasus mail, which till now i thought was the most secure email client.

    .

    Even trusted sources can be subverted. In 2001, didn't a sourceforge server get hacked and a SSH client was replaced with a trojanised copy?
    Or more recently, an adserver got hacked and started serving dangerous content exploiting zero day exploits to BIG sites?

    Among software i'm interested in or use, I see about one major one announced every week. And this only refers to those that are announced, there are many more secrets out there that are not known yet. Some are being sold to the highest bidder.

    About 10 alerts in the last week while surfing. More if you count other times.
    The threats were a process trying to dial out, trying to change my registry, change my files. ,memory inject etc.

    So you saying the real world is more dangerous? Well in the virtual world, you are exposed to more people than in the physical world. A alpha hacker reading this might decide to hack me just to teach me a lesson.
     
  13. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    Wrong, I am not suite supporter, at least not in general. I see, however, a recent trend of software vendors to propose all-in one solution instead of specialized software. They become, or will become in near future good enough to be adopted by majority of users as a sole security platform. That was not the case until recently. It is not my actual attitude yet, but yeah, I think of adopting this approach myself for everyday working platform. Otherwise, I still use quite a lot of different apps with much of tweaking, testing, changing configurations, etc. That's for fun, hobby, dangerous surfing, P2P, all what you want.

    Your classification is not realistic, instead od 65% of "specialists" I would add one more category with more than 50% "lost users" trying to follow contradictory advices. Moreover, personal assignments to any category may be completely wrong, cause many posters here have multiple faces. A lot of people use multiple setups with opposite configs for different pourposes.
    One can be happy with setup like ErikAlbert, surfing for fun only with ShadowUser, or just a backup software. Why not if he doesn't risk anything except loosing 5 minutes to restore his system in case of infection. Simply don't care. If he does online banking, internet buying, managing stock accounts, it would be completely different story. Still, they may be the same person. What you should use depends finally on your knowledge, time to spare, risk assesement and personal attitude on the net.

    The question is what should we propose to someone who comes here and ask for advice. Erik is right, I see everyone's talking from his own position (including me), except from several old members like Blue and few others who try to give a more general perspective to their answers. Le's try to stick to that.

    isnogood
     
  14. Yes, that's why I said "maybe" you. But you don't post enough for me to gauge your attitudes 100%. There are better fits , but it's nice to see I'm not completely offbase in that you are considering the move.

    As i stated above, my category refers only to experienced people. Which I define as people who know (or think they know) enough to start giving advise on what to use.

    'Lost' users hardly count since they don't have a security stance or philisophy yet, or even worse users who don't care abt security and arent here. It would be meaningless in either case to classify them except as confused or lost.

    Yes, of course. I myself surf occasionally with what most would call a minimist setup when i need the computer to do certain memory intensive tasks (abotu once a month). for example,

    But I think my classification does captures some essence of the differences in philisophy and perferences among users. It goes without saying Why exactly they are that way of course depends on various factors like risk adverseness, knowledge and interest.

    I would not claim however that all minimialists are definitely less risk averse then others for example or that they certainly don't do ecommerce. Perhaps they see more clearly the risks are less than we think. Still i suspect it's a factor.


    I think try as we might, it's impossible for any single person to go for and achieve a universal outlook that truly covers all viewpoints. This is where a community of people each with their own viewpoints and philisophies discussing helps.

    Of course, we are far from the bad old days, where some so called expert, would tell a newbie that unless he ran x,y,z, he would be doomed.

    Nobody is that foolish these days. But still as you say people are giving conflicting advise, from their own points of view and this thread started by
    Mrkvonic gives us a chance to thrash out differences and opinions.

    I know people resent being pigeon holed, but I think a framework indentifying certain trends and schools of thought, will help organise thinking. I certainly don't think any approach is always superior to another though we all have our biases.

    Even if no consenus is reached, we can at least ensure that we remain informed about the opposite viewpoints. So for example while being a supporter of specialist niche products, i can acknowledge that some people like all in one suites and if the posters perfences tend in that direction, I would let other people who have similar tastes in that area guide them further, rather than forcing them (subtly) to follow my model by recommending my favourites.

    A open question of course is when such labels/concepts becomes useless , and add mor e confusion rather that help aid thinkings.

    Also I could easily divide posters here among other dimensions. The degree in which user knowledge is important, or preferences among different class of software -Antispyware seems to be falling out of fashion in favour of HIPS and combined scanner approaches I think, while there is a recent strong trend towards virtualization plus Surges in shadowuser/firstdefense disciples.









    Also I have often wondered, whether we could refuse to answer any question along the lines of "do i have enough security?" unless they filled up a comprehensive survey about their skill level, knowledge, interest, surfting habits etc .
     
  15. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It's not the best term, just what the thread started with...
    For me, it's a yes and no. I don't disdain suites as a matter of course and do believe that KIS 2006 has potential to be a suite I'd use - it's a complete solution with a very customizable installation procedure, so you can mix and match as desired. I haven't used the Proactive module since it's too noisy for me. For example, in all probability I'll convert the home machines that currently run KAV WKS 5.0/BOClean/SafenSec/LooknStop to KIS 2006(sans Proactive module)/BOClean/SafenSec when the final KIS 2006 is released.

    There is merit in using distinct products as a given product can crash due to unforeseen events (e.g. corrupted update, some other problem). Use of products beyond a single suite introduce viable backup to this eventuality. I do think it is reasonable to ask whether this type of backup is, indeed, needed. If you do things online like banking, etc., I believe that this level of backup is useful, but I can see where a reasonable person could label it redundant.
    This is where I believe most casual users should sit.
    I do believe in this approach.
    I don't recommend this from both cost/benefit and stability perspectives. I do believe that alert fatigue is real and should be avoided since it encourages an all too automatic approval of any alert issued.

    Blue
     
  16. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Well, do tell. Example?
    OK, a buffer overflows and some planted code gets executed. That code has to do something..., focus on the something, stop it there. A corrollary - not all somethings matter.
    You surely know that's not my approach. I consciously trade-off gaps for my own convenience. I really don't have an obsession over it either.
    You always have something to lose, the question is how valuable is it.
    For many, there is sufficient physical security.
    Good question, obviously anyone can be wildly wrong about one or more aspects of the discussion. That should be self-correcting over time for the self-aware.
    The end result is really the same thing from different perspectives, so it operationally doesn't matter.
    The bar is no higher than that of repairing a car. The difference is that folks do expect a car to work well initially and understand that maintanence and parts are not free.

    Blue
     
  17. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Do you uncritically believe everything heard?

    There's probably less here than meets the eye.
    I don't know why anyone would want to define themselves solely in terms of some things they license, nor do I believe this information is really of substantive use to anyone.
    My ISP has McAfee suite for free. If I was cash starved, it would be that and an inexpensive router. Sounds like a sufficient system to me.
    Why is it not secure right now? After all, that link notes: These exploits have been corrected in the full release of Pegasus Mail v4.3, and versions earlier than v4.2 are not subject to them.
    Which would in all likelihood be adequately handled, at least for me.
    and how precisely will they make the link from your words (posted as a guest) to you?

    Blue
     
  18. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'd be happy if most users undertood this point alone. Further, while a universal outlook won't be achieved, each offering their own outlook enriches all.
    This is such blatantly inappropriate advice, it's difficult to know where to start. I realize it's still a current state of affairs.
    Why not encourage their direction based on your read of the area? Many of us do that all the time, particularly under the guise of the "should I switch" question.
    I wouldn't say antispyware is falling out of favor any more than dedicated AT's are - the area is simply being adsorbed under a generic antimalware monicker. HIPS are somewhat different and still finding their way. Afterall, you are talking about a signature based scanner technology with an action/activity monitor. As for virtualization, despite the power, I feel it will remain a niche for the advanced for the forseeable future.
    I prefer to encourage discourse rather than nip it in the bud with an arbitrary collection of criteria which I'd like to know before offering my opinion. After all, we're not talking about providing psychological or career counseling, we're talking about options for securing your system.

    Blue
     
  19. ettu

    ettu Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    18
    Location:
    Featherston, New Zealand
    The only protection i have running is MS antispyware, normaly AVG Free antivirus (currently trialing NOD32) and windows Firewall running on WinXP Pro.
    About once a month I will scan with scanspyware, Ad-Aware and go through all the tools in MSAS.

    I have Myself, 11, 9 and six year olds using 2 computers, on Broadband

    in the last 5 years I have had maybe 3 infections, with none being high risk

    my main rule is anything important goes onto different partitions, and nothing is read in email with an attachment, unless i know who it is from, the only email that gets to my inbox is from people in my address book.

    So i guess you could call me minamalistc, but then its not the size its what you do with it:p

    Brent
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    ScanSpyware ? The one that is blacklisted on this website ?
    http://www.spywarewarrior.com/rogue_anti-spyware.htm
     
    Last edited: Dec 20, 2005
  21. StevieO

    StevieO Guest

    Hi,

    I stated this the other day

    I think that if ONLY you use your PC, and that you surf Totally safely and don't take risks, then you could most probably get away with just a fully secured OS and Browser, and the only App being a Properly configured Good bidirectional FW !!!

    etc

    https://www.wilderssecurity.com/showthread.php?t=111684&page=2

    There can never be a perfect solution that meets everybodys critieria, as everybodys OS/Browser/Software is not the same, or configured identically either. Also one persons idea of using the internet etc will not be anothers. So there will always be some systems that require more protection in various ways than others.

    As long as people are Fully aware of the choices that are open to them, and any possible dangers, and Understand them both, then they will be much more able to make better and more informed decicions on how to proceed.

    I feel a real possible oversight would be relying on just one App to take care of business. If it failed for some reason, as they can, or was disabled in part or whole by some attack, or maybe in some as yet unknown way, then that would your system open to who knows what !

    Some layering i think is a sensible approach. If it's not slowing you down or causing conflicts, then what have you got lose. The other way you could have plenty to lose !


    StevieO
     
  22. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    I would just like to add a point. Cash starved, and LOW ON RESOURCES.

    Sometimes, these anti-[insert word here.] use up more memory than if I were to be infected by a [insert word here.]. Just a thought.

    I think I would go for a suite that did it all. But the security biggies have just taken their first baby steps in this general direction. I guess like all things, we just have to give it time.
     
  23. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    479
    Hi Mrkvonic

    Thanks for starting off a very interesting (to me) debate.

    In the past I have been hit with a dialler and also a browser hijacker. These events occurred without me clicking OK to anything. I may have inadvertently clicked OK by clicking the X in the top right hand corner of a pop up window (that just happened to be a disguised OK button, I don't know).

    My response was to search the internet in an attempt to find out how to get rid of my problems and how to stop them from occurring again. During that search, I came across Wilders and learned of a whole variety of other problems that I could encounter. I also learned about programmes that stopped processes from executing. These programmes seemed to be good for catching things that got past your AV. I thought why bother having an AV if they miss things. Why not have something that catches everything (the stuff the AV would catch and the stuff that would get by the AV). Then how do you get rid of the stuff that's been stopped? Use Deep Freeze.

    Risk consists of two elements. The first is the probability of an event occuring. The second is the consequence if the event does occur (irrespective of its probability). By assigning values to the probability and consequence and multiplying these two values, you can assign the risk as high, medium, low (or some similar numerical system). If your risk comes out as high, you can attempt to reduce the risk by taking actions to decrease the probability of the event occurring or look at ways to reduce the impact of the consequence.

    I reduced my risk by decreasing the probability of being hit. I did this by blocking unknown exe's from running. My perception is that my probability of being hit is low. This is based on a number of threads here at Wilders. To me, the most convincing argument is given here: https://www.wilderssecurity.com/showpost.php?p=536454&postcount=33

    There are others e.g. buffer overflows: https://www.wilderssecurity.com/showthread.php?t=98274 and

    the breaking of MD5 hashes: https://www.wilderssecurity.com/showthread.php?t=109612&highlight=sha-1

    To me the consequence of being hit was the inconvenience of having to spend a couple of hours with HJT and a couple of antispyware scanners. I reduced the impact of the consequence by installing Deep Freeze.

    So, I go with risk assessment and then decide your strategy. For me, that assessment suggested a minimalist strategy.
     
  24. boast

    boast Guest

    I'm glad I went minimalist. My computer starts and runs much faster, along with games too.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    10,300
    Hi,
    Good job everyone so far.
    A question for Devil - you said you get about 10 prompts a week, if I'm not mistaken. Are these all malicious prompts or normal things? Let me define. If you install software, play with your homepage or such, those are deliberate prompts. I'm talking about you innocently surfing the World Wide Web and getting hit on by e-pimps. If that's so, could you please tell me how you succeed in that?
    I surf lots of porn sites but it's only nude content I seem to get to find.
    Occasionally, I do find various malicious stuff, like exes pretending to pictures, but they need to be clicked, and furthermore, you need javascript for clicks to work. Then again, like with everything, you need to know which sites to go to... :)
    About hackers trying to teach someone a lesson:
    You need to give them more credit. Not all hackers are like in movies, sitting in a basement and cracking into people's computers. Most hackers are serious programmers who know their business. And usually they are the underdog Robin Hood type of guys. They will not hack a poor plebian to teach him a lesson; they'll rather hack a big government institution to fick the system.
    Spike:
    When you got hit, did that happen in the era of pre-SP2 and using IE? And good point about risk assessment.
    Back to approaches:
    Those using heavy security: Is anyone here a victim of past experiences? Or is heavy security influenced by another factor? If so, what is it?
    I would also like everyone to consider another aspect:
    Flexibility
    How flexible is your setup? Regardless if you want it or not, but if you wanted, hypothetically, does your security setup permit you to use IM, online games / multiplayer games, p2p etc? How much have you gained / lost by using your security?
    I have discovered, by using many many little tools on my scapegoat machines that most of patchers, bug-fixers and small applications like safexp, samurai, bugoff etc. can severely impair the use of the OS and subsequent applications, even supposedly simple ones.
    Just to mention few:
    Using WWDC, you can disable RPC locator and services will fail to start.
    Using BugOff, you may not be able to access Windows Update.
    Using HTAStop, you will not be able to access User Accounts.
    And so forth.
    And let's say you're an average user.
    How the hell are you supposed to figure out that you need a certain protocol (mk or its) to be able to use Windows Update? And if you know these things, then you don't need the tools....
    Cheers,
    Mrk
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.