My thoughts on malware defense

Discussion in 'other anti-malware software' started by moontan, Sep 19, 2010.

Thread Status:
Not open for further replies.
  1. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    since anyone can "reset" their system by loading a clean system image in a few minutes for me the only problem and dangers lie with having banking infos stolen.
    should'nt the new ways of fighting malwares be mostly about this issue?

    if i wasn't doing online banking i would not even bother with Lua-this, DEP-that, firewall-this, virtualize-that etc and all this crap.
    i'd probably go around "naked". ;)
     
  2. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    You can take into consideration also using password managers for logging into your bank website and use strong passwords.
    There are also softwares like KeyScrambler (helpful when you already infected by software keylogger).
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    also hips and sandboxes help alot in this area:)
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Yes, which is why we have seen a new generation of software that protects this sort of thing - Prevx SafeOnline, Trusteer Rapport etc.
     
  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    I'm not sure it would be safe. Rootkits can make a lot of thinghs, on your secondary partitions, for exemple, on your MBR - ok, you can restore it too - and similar. And how you can be sure - if you don't use security softwares - that your pc is always clean and safe ( see rootkits..): you can also have a first clean disk image saved on an external support, but if you want to make a new updated image of your hard disk, and another, and another again... how can you know that the HD is always clean, and the images will be too ?



     
  6. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    i very much like Trusteer.
    unfortunately it doesn't like Geswall at all.
    or Sandboxie and Defensewall.

    is there an easy way of securing a browser without using Geswall and others like it?
     
  7. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Awww, another member has Finally seen the light ;) So much time and effort wasted on these AV and Anti-malware solutions who are always "fighting a losing battle".

    As you said, it's very simple. Images on hand - a firewall in place - block out "info-stealers" in your browser and your all set. If you want a second opinion on a program or download, use virus total or go ahead a run an AV if you wish. But it"s "absolutely NUTS" having a ton of these security programs installed as some members here do.

    And this
    again, completely overrated and unnecessary.
     
  8. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    The other option could be also use Linux Live CD for online banking only.
     
  9. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    tnx Creer,
    i'll give it a try.

    another possible option for me is just not to do any online banking.
    it's not that i REALLY have to.
    it's just convenient.
     
  10. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    very true, IMO.

    i see your from BC.
    i lived in Vancouver for 24 years.
    until the cost of living pushed me away. ;)
     
  11. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Yes, Prevx SafeOnline for security of your https sessions, if that is what you mean by "securing a browser".
     
  12. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    it doesn't work for me.

    some issues concerning the loss of accents with US English International language input makes it a PITA for me.
     
  13. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    if i didn't do online banking or other sensitive transactions then my computer could be loaded with rootkits to the gills for all i care. ;)
     
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    There should be no problem, as some people suggest that for online banking ur bowser must run out of the Sandbox( GW, DW, SBIE) rather than inside the sandbox. However I am not so sure if it,s true.
     
  15. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I don,t know how can it help a lot. Ur system is clean. Ok, but what about phishing and spoofing attacks, CossSiteScripting etc etc.
     
  16. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    The only thing I've always put first while online,was my banking being secure. After that,I threw care out the window.

    It's worked for me.
     
  17. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    You should see it now :rolleyes: An "outhouse" goes for half a mill :eek: :ouch:
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    mwahahaha! :D
     
  19. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe

    Your pc is in list to become a zombie in a botnet. :D
     
  20. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)

    Have you reported this in the Prevx forum? It could be a simple/quick fix. Worth a try imo.
     
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    You wouldn't care if your PC was pumping out spam to everyone in your address book? You wouldn't mind seeing 20+ adware caused popups on every browser page or if pages started taking a full minute to load? It wouldn't bother you to find out the hard way (your door being knocked down and you arrested) that your PC was being used to spread child porn as part of a botnet? The laws are a good 10 years behind reality when it comes to stuff like this. It wouldn't matter to you if your PC was being used for DDOS attacks? Or to find your online gaming account has been stolen? Yes, there's a market for that too. There's more uses for compromised PCs than most people realize.

    It's one thing to not want to bog down your system with security apps or spend your time answering prompts and alerts, but the consequences of "going naked" can go far beyond your online banking. There's several approaches to security that work. Each has it good and bad points. The most secure might be too restrictive or want too much of your time. The quietest might not be secure enough. Find the one that best fits you and how you use a PC.
     
  22. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Imaging is the ultimate recovery for computers, and it is true in a few minutes a system is up and running again. It is not practical though to use it as anti malware on a regular basis as if you use your machine for productive purposes you'd have to make sure that whatever was written as new data is backed up before restoring a pristine image (appointments, calendar, mail application, any important new file etc).

    Incidentally this is my approach in terms of maximum security: all important data is regularly transferred to physically separated USB hard drives, so that in an emergency I can restore a clean image without worrying about deleting important data. That doesn't mean that I let my machines get infected, noone_particular is right, we are not alone on the Internet.
     
  23. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    ok,

    i get the point.
    maybe i was a little extreme in my comments.

    but like i said, if it wasn't for online banking my concerns would be very low since it takes me the time to have a coffee to load a clean system image.
     
    Last edited: Sep 20, 2010
  24. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    yes i have,

    still waiting for resolution.
     
  25. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I was hoping that your statements were exaggerating. I have run into people on service calls who really don't care what their equipment might do to someone elses.

    System images are fine for making sure that nothing ends up permanently installed to your system, at least until malware starts targeting the BIOS, firmware, etc. That day may or may not come. The weakness in relying on clean images is in real time protection. A while back, the Bank of india was compromised and was serving up malware. Images won't protect you if the financial site you're using gets compromised. Yes, the chance of that is low, but the chance of getting any specific piece of malware is also low. Multiply that low risk by a few hundred thousand pieces of malware and the chance that you'll find one of them isn't so low any more. IMO, relying on clean images with no real time protection is basically playing the odds. You're relying on the odds that the next malware you find is one that won't be a threat to you if it can't survive a reboot. Myself, I wouldn't take that chance, but then I only bet on sure things.

    If you're already restoring the same image on a regular basis, you're running a fairly static system. It would be a good candidate for a basic default-deny setup. It wouldn't have to be complicated. Just whitelist the executables for the apps you're already using and the system executables that run during daily use and you'd have that real time protection, and you wouldn't have to add anything heavy to load down your system to get it.
     
Loading...
Thread Status:
Not open for further replies.