Non-conventional security software

Discussion in 'other anti-malware software' started by masqueofhastur, Jan 22, 2010.

Thread Status:
Not open for further replies.
  1. masqueofhastur

    masqueofhastur Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    109
    By non-conventional, I mean something outside the anti-virus, anti-spyware, firewall range of software that everyone looks at first.

    What I've been looking at is the things which concern me, and that I'm vulnerable to. First off, my main concern is compromised bank account information and identity theft. If my system gets wiped out by a virus and I have to low level format it and lose all my data, it's annoying but I can live with that.

    First thing I did was look at anti-keylogger software. KeyScrambler is a good fit for that, but rather pointless if I'm on an unsecured WiFi connection, so HotSpotShield was the next thing I looked at (or alternatively I can use my university's VPN, but it's nice to have options once I'm done with uni). It makes OpenDNS not work, but I figure it's a worthwhile trade. I've also got PeerBlock running, obviously it's not going to offer much protection against a targeted attack, but in terms of blocking known IP addresses of malware sites, it's something that could handle DNS poisoning to redirect to a malicious IP while still using a safe domain name.

    For browsing, since that's pretty much my main connection to the internet, I've got FireFox with NoScript, Web of Trust, AdBlock, TACO, and as mentioned KeyScrambler. It's by no means airtight, but WOT is particularly handy for mistyped URLs, as well as just not clicking on certain links, NoScript blocks a common infection vector.

    So, what else can I be doing? Most of the things I'm doing now aren't immediately obvious, some I just stumbled upon by accident, so I assume there are still some things I could be doing to boost up security beyond AV, AS, FW and the extra things I'm running as well.

    What are threats out there that normally aren't talked about? Are there any better ways of doing what I already am?
     
  2. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    What provides fresh insights is not to look at all the threats and think of all the possible attack vectors, but approach it from a risk - impact pomt of view

    Risk:
    - what type of measures can I take to stay out of risky places (like phising/cross site scripting/smart screen filter of IE or WOT or using DNS host with with added services)
    - commen sense, the less you bind/connect vulnarable applications to each other the lower the change of others abusing it. Wen you click on a advertisement pop-up from a questionable site, 9 out of 10 times you implicitely allow it to read history, cookies, outlook/mail settings from within your browser. When it finds an e-mail address expect Spam in your inbox. The 'good' programmers make life easy by providing access to your mail from within your browser (like IE, FF, Opera), the less honourable programmers know how to use this, so choosing for less integration and less convieniance also raises the bar a little.
    - An other much forgotten countermeasure is changing passwords every (three) months.

    Impact
    - what measures can I take to reduce the impact of an intrusion.
    - Think of reducing the attack surface by running as non-admin or UAC with Software Restriction Policy, using access control list to reduce user space vulnability)
    - Think of Threat mitigation (sandboxing or virtualisation), like Iron/Chrome provides with its internal sandbox, Returnil, CIS4, etc or simply creating a dust-bin user (simply use this user for browsing only and delete and recreate this user from time to time). Most Internet Service Providers offer e-mail accounts. Often they offer a primary e-mail account and a secondary (alias) mail accounts, use your alias for all non-financial activities, change this alias from time to time (I use name_sequence and delete this account and create a new one with a higher number).
    - Have a backup and a contingency plan to restore to a known good situation/recover your valuable data


    Accept that malware is a fact of life, same way as we accept that driving a car has some risks.

    Regards Kees
     
    Last edited: Jan 22, 2010
  3. dcrowe0050

    dcrowe0050 Registered Member

    Joined:
    Sep 1, 2009
    Posts:
    378
    Location:
    NC
    Well if not sing Sandboxie or some sort of sandbox you might try that. You say the internet or your browser is your main concern so you can use the free version of Sandboxie just to sanbox your browser if you want. Or Prevs SafeOnline is another great tool. DefenseWall or GesWall are great, that way you can keep those threat gateways such as you r browser isolated from the rest of your system so if you do get an infection it will not be devastating to your system or data. As far as your browser add-ons, I think you have the best choices, I always liked Ghostery, it tells you if someone is tracking you and gives you the option to block them. But above all, be smart and practice safe browsing!!
    Like KEES said common sense, that is the best advice.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    or just disable the file download from registry to disable the IE file downloads
    HKEY_CURRENT_USER/software/microsoft/windows/currentversion/internet settings/zones/3 then in line 1806 change the value from 1 to 3 ;)
     
  5. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Can you direct me to a PoC of this?
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    When I recall his explanation correctly it is a click jack, plus some packed (URI ?) code in a page with a text Mime which is stored in the cache as a temp file. This object is triggered by the hidden YES click
     
  7. masqueofhastur

    masqueofhastur Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    109
    That's a good idea. Do any/all of them allow you to run multiple separate sandboxed instances, so I can have one window for exploratory browsing, and another one for browsing sites I know are safe and want to do downloads from?
     
  8. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    The paid version of Sandboxie allows you to have as many sandboxes as you want, all individually configured for different purposes. The paid version also allows you to force specified applications (e.g. browsers) to automatically start sandboxed. The payment is a one-time license fee that covers all future upgrades.
     
  9. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    Sandboxie + Buster Sandbox Analyzer

    http://sandboxie.com/phpbb/viewtopic.php?t=6557
     
  10. Dregg Heda

    Dregg Heda Registered Member

    Joined:
    Dec 13, 2008
    Posts:
    830
    Do you no longer recommend DefenseWall?
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    No, I DO recommend DefenseWall, the V3 with FireWall is the user friendliest and strongest protection one can get on a x32 OS.

    Because so many people are moving to x64 I am just looking for ways to use the policy features of the operating system itself.

    Also DW V3 beta running on my wife's PC steadily (for months now), there is nothing to play with (simply becasue I can not improve anything, most of my DW custom resource rules are now included in the default set). That is another reason why I am trying out other setups on my play machine (an old single core Athlon).
     
  12. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,067
    I would like to see posted in the forum your "killer config" when you finish you investigation for x64 :)
     
Loading...
Thread Status:
Not open for further replies.