Securing An Insecure System

Oh... oh... I love when I read exploit kits. Either through an hijacked advertising network or an hijacked website, that silently redirects to the attacker's server hosting the exploit code.

So, if you allow A, but the exploit code in hosted in B, but the browser is forbidden to connect to B, then how will the exploit code be triggered?

Whether or not millions of people would be willing to surf that way, it's a whole different story.

But, even in the eventuality those millions won't do it, and with 100% certainty I can say they won't, they can still have measures that will help protect them against exploit code and block it, and if it gets blocked, then there's no working exploit, which means no code execution, and not even a payload, if it came to that.

 

Tell me how you are meant to protect yourself from a dropper downloading malware in the form of Chrome.exe as soon as open your browser?

And how do you protect yourself from finding adobe reader 8 on your brand new laptop is in fact malware? Yes the laptop came pre infected!

I don't think you can protect yourself in this day and age. Sometimes I feel as though there is no hope and wish I got infected to get it over with, And with the government spy agency wanting powers to hack citizens computers I've nearly lost all hope as I've said before.

 

I guess I'll be the one to go against the grain here.

I don't update or patch my systems generally. Sometimes I'll slipstream a service pack into a new source cd, or maybe include or install a really critical update like the blaster one. But outside of that, I don't generally update anything unless I am forced to. My windows 7 is SP1 because I went through the effort of creating the source for it that way. My browser is still this version

- thats chromium btw, not chrome.

I run as admin 24/7 with UAC off. I use a little bit of Integrity Level and a little bit of Sandboxie. I've never had a virus that I know of, and the only malware came in via installers that I neglected to "opt out" of certain unwanted toolbars/etc.

Now, if things are so dire, why since 1995 have I not had a problem?

I don't disagree that many people have infection/security problems. I have fixed too many machines to think differently. However, I don't think just because you aren't updated or using the correct security scheme you are going to get nailed. Rather, I think if you don't give a crap about what you do with a computer, then you need all the help you can get. If you do care, and realize there are issues, there are many ways you can go about your daily computing without having to compile your own kernel or lock your system down like fort knox.

I'm just saying, threads like this always seem to assume you WILL get infected or compromised if you don't dot your i's and cross your t's, but that just isn't the case. It CAN BE the case, but it doesn't HAVE TO BE.

I'm not advocating anything, just saying that these days I am about as insecure as I have ever been really, yet still as problem free. I just don't see why people who are interested so much, like those here, are so pessimistic about it. How many of you here actually get infected/compromised? Sometimes from the way people talk in here, I wonder how on earth they manage to both know so much and still get infected/compromised.

Not trying to insult anyone, so don't take it that way

Sul.

 

And, how exactly will that happen? Out of magic?

That's all about trust. Either you trust your new machine is clean or you don't. I don't. That simple.

I wonder why those who say they can't be secure try to secure their systems? What's the point? Don't secure it, and whatever happens, happens.

Don't take me the wrong way, but I've seen you mentioning your security setup maybe a couple times at the What is your security setup these days?. Why all the trouble for nothing? It makes no sense to secure something that can't be secured.

 

There's actually a thread in the poll's section, where someone asks whether or not they think will be infected in 2013. I was about to ask in that thread: How do you know you weren't infected in 2012?

 

I agree to some extent. But, the issue also is what if the system already comes infected from factory?

I've seen a few examples over the years, and I'm only talking about people who actually noticed something was wrong. Unfortunately, we're on a time and age where companies have the BYOD idealogy, and most don't even separate the networks, so their employees end up infecting the entire network, including the new computers, supposed to be clean.

 

I see.

 

I can't stop government malware like Stuxnet or Flame, no one can. But I can stop Ukrainian Bob or Russian Jim from getting into my system. At least I hope I can, but I don't hold any great feelings to tell the truth that even run of the mill malware can be stopped. The blackhats and the underground are always two steps ahead of the whitehats and security industry so when the new threats are first spotted the bad guys have already moved on to the next piece of malware. You can't even call this a war, because wars end but malware never sleeps.

Sorry to be a downer but that's just what I feel.

 

Sure, but even the "new" threats seem to be nothing more than mere variants of the old ones. Even looking at the current threats, they're mostly fake av's and exploit kits delivered by means that can be easily stopped with the right security mechanisms in place, and even common sense (think social engineering), most of the former mentioned of which have been readily available for years.

 

Stuxnet was spread via removable drive exploiting a Windows vulnerability, which has been fixed. But, the infection would have been stopped with proper security measures in place. Just saying... because the malicious code first had to be executed, with or without user interaction.

Regarding Flame, I believe I mentioned something in some other thread quite sometime ago, and I got the idea that just because someone can protect a network, that doesn't mean one can be secured. So.. But, to each its own.

 

Yes the LNK. bug was a beauty, but Stuxnet used not 1 but 4 0-DAYS. How are you meant to protect against that? Plug in USB drive and boom! Pwnage!

That's what we know is out there, I'm sure there are other undetectable threats we haven't seen in the wild yet or are just unknown. If you had 0-DAY material and were a blackhat or government I'd suggest you would keep that as close to your chest as possible in order to have a successful campaign.