Security vectors as an Admin

Discussion in 'other security issues & news' started by Sully, Nov 5, 2008.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Wilders is full of people who are knowledgable about computer security. Full of great advice, great tools and great tweaks to help achieve a state of security. I have tried many many different ways to achieve a high level of security. And many of them work. Some better than others.

    However, as my time spent on the computer now approaches 20 years, I tire of continually micro-managing every aspect. So I have been looking for ways to stay secure that require less user interaction. HIPS programs that require a learning time period or tools that require being told everything that is allowed or denied fall into this catagory.

    As an example, I went to a LAN party recently, and since I have been messing with LUA a lot in the last few months, I thought I would just make a 'gamer' account on my freshly installed OS, and use SuRun. It worked, but only after I set a number of apps to start as admin. But SuRun was very flaky. My bud also did this, and we had the exact same issues. Very strange behaviour but almost mirror images of each other.

    Ok, so I think a LAN party is the prime spot to test your security. Since we are file sharing anyway. Since SuRun was flaky, I made my own little interface to RunAs with AutoIt. Yea, it works. Does what I need it to. But next I found out that a simple program like RivaTuner needs some really special care. Not exactly what I want to do, spend hours figuring out how to make my stuff work in a limited account. That is why many don't use it.

    So knowledgable peeps of Wilders, help me out here. What are you thoughts.

    If I have closed all my open ports down except for netbios, which I need, what is left? If I have a good antivirus that is updated, such as Avira Free, what is left? If I use Cyberhawk to watch for dll injection, is there more?

    If is use a modified SRP with the 'Basic User' rights being forced onto internet facing apps such a browsers, is that enough? If using Sandboxie for internet facing apps is done, is this satisfactory? If is use a firewall that allows me to allow or deny all of my internet apps, is that safe?

    That is what I do now. Other than setting up the SRP apps, which are only a handful, and making a Sandboxie config, which is done, and then allowing/denying apps in the firewall, what could be wrong?

    A patched OS. A router using NAT/SPI. All of these things require very little in the way of my intervention, other than the firewall.

    What is your opinion, what holes are left? I feel good about being behind my router with this setup. Any flaws you can think of? How about being behind this setup at a LAN party, where the possibility of another peep having an infection is there? Can there be more holes that need filling?

    I ask because I have more things to do that continually look for that 'Holy Grail' of security. Besides, if it were found, the user inter-action with it would be beyond what I want to invest anymore.

    I still want to be secure. I still think it is my responsibility to not contribute to the bot population.

    What are your thoughts about this. Please, tell me what inherent flaws may be produced by such a setup.

    Thanks for your info.

    Sul.
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Have you considered reporting your issues with SuSun with the developer?
    Everyone would benefit from a more robust program.
     
  3. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Yes, I have that on my agenda to do. Although I am not sure what to report, as just some really strange behaviour, such as random lockups. And strangely, we pulled out of a gig switch that was too small for the group and plugged into a larger 10/100. Both of our computers froze. Having done this a hundred times before with no problems, and us both using SuRun, I can only attribute it to SuRun. Strange stuff that I did not document but will none-the-less report.

    Thanks.

    Sul.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Not much really

    a) Add an Extra Rule (in SRP) to block execution from your temporary locations (temp is needed when uninstalling, often needed for installing also)

    b) Add an extra rule to add your shared directories (path) as a limited user
     
Loading...
Thread Status:
Not open for further replies.