My 1 and only philosophy thought for 2012!

Discussion in 'other firewalls' started by Escalader, Jan 2, 2012.

Thread Status:
Not open for further replies.
  1. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Happy 2012 to all firewall and fellow tweakers!

    What IF? I just kept my:

    1) KeyScrambler SW
    2) two way firewall software (currently OP FW Pro 7.5 & it's ip block list)
    3) The HOST file from MVP

    AND used web site based scanners for AV and ASW 1/week rather than on my PC at all times

    AND hid behind my router


    Would my security be in any real way compromised?

    Go ahead prove me to be a reckless %^&&R%$E!
     
  2. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    Happy 2012 too you also Escalader, yes, good 1 and only philosophy thought for 2012! :thumb:

    Personally, I believe that you would only prove yourself to be an reckless %^&&R%$E! if you never ran those
    Online Antivirus/Antimalware scans at least once an Week.


    HKEY1952
     
  3. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I think you be fine with your philosophy,but you may still want to have a OD Scanner on board since some malware block internet access to secuirty sites or products if one happen to slip through.Hitman Pro or MBAM OD, I would think should suffice just in case.
     
    Last edited: Jan 2, 2012
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    You're assuming that your two way firewall would catch the bad stuff, but in reality, it may or may not. I think I'd drop your #2 and #3 since you have the router, and instead use a realtime AV. But that's just my preference... :)
     
  5. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi Escalader and Happy 2012!

    I've abandoned realtime AV solutions about 4 years ago.
    At the very beginning after that step I scheduled (in my mind) to do AV/AS/AM on demand scans once per week. During this time my security approach pretty much evolved – I removed AV (Avira Free) and used to use only on demand AM scaner and Dr.Web CureIt! (which doesn't require installation on hard disk). After all these tests during the years I've bulit security protection based on three main layers – from first line of defense:
    1. Prevention (HIPS, firewalls, sandboxes, policy based sandboxes, EMET, etc)
    2. Detection (AM/AS/AV software)
    3. Cure (Image backup/data backup, ISR software)

    My security config after many years looks like:
    1. DefenseWall HIPS + L'n'S Firewall + EMET + UAC (high) + Router Firewall (NAT)
    2. MBAM (scan once per few months)
    3. SPD + SyncToy (once per day documents data backup to another partition)
    Note that this config is very light and doesn't need to be up to date very often. Protection based on these three layers is much better that relying only on one or two from above list – I think it's obvious.

    In mentioned by you security list (in my opinion) there is something missing – what will protect you against so called drive-by download threats or other running eg. from removable drives exec? HOSTS file is not good enough in this case and it need to be updated often since most of infected website are created to be online only for limited (often) very short amount of time (I wrote article about it in the past).
    Keyscrambler - is good if you are infected, it's not very optimistic approach, but it's also lightweight so it can be running realtime.
    Scanning once per week without good prevention config means nothing - you did scan yesterday today you've been infected so 6 more days to next scan (and remove/delete threat - of course if your scaner has appropriate signature for this kind infection...). It doesn't look good isn't it?

    If your computer is using by other person I would consider to add second account with installed MS Parental Control where you can create whitelist. Other option could be added something like ShadowDefender with password protection. Since we are on passwords topic it would be also great to have password manager.

    You are not reckless you just searching for optimal security setup for yourself - I know this feeling, you are on right path :)
     
    Last edited: Jan 3, 2012
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    As already suggested by others you seems to miss a bullet proof protection from web surfing, this is where most infections comes nowadays. IP blocking is ineffective for this purpose. DW or sandboxie should be able to cover that. :thumb:
     
  7. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Thanks to you all who have commented! Some very thoughtful replies IMHO.

    This thread is a brainstorming / learning from each other thread. It cannot degenerate into my tool is better than your tool or we all know what would happen to it!

    Let's accept the consensus that I'm still exposed to drive-by malware if I removed my RT AV from my setup. 1/week is NOT enough.

    Let's do a bit more work on the notion of layers! and the threats they target...

    I personally really like Creer's Layer design description and suggest we adopt it.

    1. Prevention
    2. Detection
    3. Cure

    Can we agree to modify 2 to read Detection and Repair/Quarantine?

    1. Prevention
    2. Detection, Repair and/or Quarantine
    3. Cure

    These 3 layers help analysis and classify 2 items (IMHO)

    A) Threats we all face on the www, eg: drive bys, Trojans, intrusion attempts, privacy leakage etc.
    B) The techniques available to us to deal with these threats. (no tools yet)


    Let's do threats first by simply making a list of them with no classification attempt yet (avoids me from jumping to conclusions)

    So far we have:

    1. Drive by o_Oo_O
    2. Virus
    3. Spyware
    4. Existing infected files
    5. Spam
    6. Evil Websites
    7. Attempts to access your setup by hackers
    8. Loss of private data to via 1-7
    9. Hooking
    10. memory injection
    11. process termination
    12. registry access
    13. screen,clipboard logging
    14. root kits
    15. DNS request by non network enabled applications
    16. Launch network enabled process
    17. Keyboard logging/intercept keystrokes

    Go ahead add your favourite threat (no solutions yet!)




    Fire away, no way we can lose by working this thread
     
  8. BrandiCandi

    BrandiCandi Guest

    My "favorite" threat is visiting a mundane website that's been turned evil by a malicious party (a good website that was written badly & cracked by a bad guy). That's different than visiting an Evil Website (#6 on the list), which would have been born evil.

    You didn't ask for solutions, but mine is simple: block scripts. That way the bad guy can't run his code in my browser :D
     
  9. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    18. Human Error in Security Decision(s)


    HKEY1952
     
  10. wat0114

    wat0114 Guest

    Hi Escalader,

    more info is needed:

    1. What's your O/S?
    2. Are you running as Standard user or Admin?
    3. What browser are you using?
    4. Which options are enabled in Outpost?

    Also, some recent literature on drive-by download attacks Part 1 & Part 2
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Thanks a good one... tough but good!:thumb:
     
  12. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    I've changed my tone since I got bitten by sality awhile back. I use something stronger, but I cannot see how anyone can say something as lite as Pandacloud in anyway hampers them, even one skerick.
     
  13. Joeythedude

    Joeythedude Registered Member

    Joined:
    Apr 19, 2007
    Posts:
    519
    How about looking at the possible impacts on a person


    Major Life Impact

    • Full Identity Theft , where someone subsequently used your Identity
    • Loss of irreplaceable digital items . photos / work etc
    • Large Financial Loss
    • Theft of Private Data which was subsequently made Public
    Serious Impact
    • Credit card accessed with Financial Loss
    • Bank Account accessed with Financial Loss
    • Fraudulant software causing Financial Loss
    • Loss of use of PC a critical time , e.g work deadline
    • Private data was lost , victim uncertain how it will be used.
    Minor Impact
    • Credit card accessed - No Financial Loss
    • Bank Account accessed - No Financial Loss
    Impact would vary depending on Individual
    • Loss of use of PC , due to malware
    • Tracking of Online Habits .
    • Unauthorized use of PC , e.g as part a botnet

    Looking at this throws some new angles for whats most important:
    • a backup ,
    • keeping some data secure from physical and malware access,
    • and knowing what are the policies of your bank and credit card company .


    Thoughts ?
     
  14. BrandiCandi

    BrandiCandi Guest

    I agree, Joeythedude. The only way to know how to respond to an incident is to understand the risks and the impacts they would have on you. Corporations (that aren't stupid anyway) will assess the risks and create a recovery plan based on their risk tolerance. Why spend time, effort, & money securing something that isn't worth much to begin with? It's smart for ordinary users to do the same.
     
  15. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Escalader - you surprise me asking that queestion ^^

    from my POV: secure system and all is done. any other like a software firewall or hosts or hips is hicing ;)

    i can say for me that any av or any software firewall can not protect me more than without. av assists me, but virustotal can do same. firewall suppresses unwanted update request form some software i like but cannot change - just a annoying item. (eg notepad++)

    dont get confused with my icon, mbam is not really installed here.

    anyway - your setup is quite impressive small in comparison with some other overkilling people here - whyever they think that more software would be more secure - which ist definitely wrong.

    i assume you only execute programs you let in yourself. any actual browser is safe enough itself, plugins causes the issues (like pdf, java or flash)

    so - well done.
     
  16. newline

    newline Registered Member

    Joined:
    Dec 3, 2010
    Posts:
    38
    Location:
    .au
    You didn't answer the questions of wat and hkey.
     
  17. 3inchblue

    3inchblue Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    49
    Escalader you probably be secure.
    It is very safe to say you are experienced and knowledgeable about these things.
    My self just using windows fw. avira and peerblock plus security features from browsers and thus seems more than sufficent for my own needs. More importantly using a limited user account for daily uses. Win 7 has a built in backup feature.

    another thread with a similar concept:

    https://www.wilderssecurity.com/showthread.php?t=156441&highlight=sygate
     
  18. BrandiCandi

    BrandiCandi Guest

  19. 3inchblue

    3inchblue Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    49
  20. wat0114

    wat0114 Guest

    Yep, those are two excellent threads, not ot imo, the author of whom I used to feel was overly casual about his security approach, where I'd sometimes scoff at his suggestions, but in recent years I've embraced his approach completely. Whether he realizes it or not, Mrk has lots of positive influence on me :)

    *EDIT*

    That's okay, Escalader will discuss this when he's good and ready ;)
     
    Last edited by a moderator: Jan 5, 2012
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Sorry, but tell me what "sality" is threat wise, a trojan?
     
  22. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    This is great! Brilliant! I'm going to incorporated these into our analysis with IMPACT as a column and the various threats as rows. Will take a day or so to complete this work. The extra additional threats I will include and this impact concept! :thumb:
     
  23. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Agreed!

    To do a risk analysis we need to know the threats and if everybody is patient we will end up with a pretty good classified threat check list.

    Let's be clear here I'm not trying to say these threats are NEW but the list will be consolidated in one place.
     
  24. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    That's fine (my RT AV hasn't really been removed in case anybody thought it had been)

    Are you saying a threat may be TOO many security products like they might conflict with other?
     
  25. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    That's 100% right I'm going step wise here in this thread there is no rush to produce silver bullet set of solutions.

    PS: I like Mrk's stuff as well! Make me think.
     
Thread Status:
Not open for further replies.