Seeking intrepid souls to test something...

Discussion in 'other security issues & news' started by Sully, Jun 28, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    Feels like the web is getting safer if anything. Before we had websites going up but no one knew how to secure them. Now they do. The 90's were scary, it was like... lawless haha browsing the web was like walking around the wild west with spam-bandits popping up all over and no one knew how to stay safe.
     
  2. treehouse786

    treehouse786 Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    1,411
    Location:
    Lancashire
    i think moonblood made a good point, it all depends on what needs the person using the computer has, i do not do banking on my '9 on demand scanner' pc, i have a linux machine for that.

    and yes moonblood, hardware firewall :thumb:

    i have not not been infected in anyway since i started this setup a few months ago, i suppose different behaviors require different defenses.

    if sully's experiment works out then i might try to do the same with firefox.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    6,144
    Location:
    Nicaragua
    OK, Sully, here you have one. I have been doing something pretty similar
    to what you are saying during the past six months. Last December 26, I
    dropped my real time AV when MSE2 came out and ever since, SBIE has
    been the only security tool that I have installed and used.
    I don't use HIPS, firewalls or anything else but Sandboxie, I can honestly
    say that I not only feel safe but I know that I am safe. Nothing has ever
    escaped the sandbox since I started using SBIE and for me, doing it, this
    way, with nothing but SBIE, it comes natural. I feel that it is the way that
    I should do it. For me, doing it differently, dont seem right anymore.

    About the browser, I don't use Chrome and have never had it installed so
    my browsing is done with Firefox. I know some people feel that NoScript
    is redundant when we use SBIE but for me, NoScript is very important
    and I actually feel that the AV, HIPS and the firewalls are redundant not
    NoScript.

    Like you, I feel that most problems come through the browser so I have
    gotten rid of all plugins except Flash which is usually disabled by NS. I
    have also kiss Java goodbye since its extremely rare that I ll ever need it.

    I do my mail by sandboxing my Outlook Express.

    Thats my formula, it has worked for me.

    Bo
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Not with the increasing malware growth rate and other associated factors.
     
  5. wat0114

    wat0114 Guest

    Wilders member and Security Expert Rmus also maintains this opinion. So with both Sully and Rmus citing this vector as the primary one to address = Good as gold for those seeking security advice :thumb:
     
    Last edited by a moderator: Jun 29, 2011
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Actually, the primary infection vector is the user. Most infections that have the browser has the infection vector happen because of the people using them.

    It's possible to kill 99% of the problems coming from the browser, using only the browser to address those problems. See, in the end, Sandboxie wouldn't be needed, at all.

    But, stubborn people want to use their browser in a convenient way, and if securing it means losing that convenience, then they don't want that security. They don't want to enable java, javascript, plugins on a per-site basis.

    These sturbborn people don't want to use things like Sandboxie. They want to be the least annoyed possible. Solution? Open holes and more holes in Sandboxie just to give them convenience? What would be the point in using Sandboxie, then?

    If a user uses more his/her e-mail client than the browser, rarely receives links, and only gets funny stuff friends collect from the Internet, leaving aside the user, the e-mail client is the threat gate. Not the browser.

    If we leave the user aside, then the infection vector will change from person to person.

    I mean, what if I rarely browse the Internet, and only communicate with other people using a messenger? What if I simply enjoy listening to illegal music or watching videos downloaded by some friend...etc?

    Won't these become my threat gates? It's not the browser, unless I use it more than anything else.

    P.S: By the way, this wasn't a rant at Sully's test. :D Just my view that the browser isn't always the threat gate. ;)
     
    Last edited: Jun 29, 2011
  7. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I understand what you are saying, and I don't really disagree. But there is no doubt, the browser is the #1 window into your computer today.

    I find it interesting that you define people as "stubborn" who use java or flash. I completely understand why you would look at it like that, as they are problematic, and greatly contribute to why a browser might become compromised. However, I don't know if one is being "stubborn" if they actually want to use a technology that is available and widespread.

    Maybe a better term would be "stubbornly don't default-deny java or flash". This makes more sense to me, that the user does not want to go to the effort of white listing specific websites that are allowed scripting/java/flash. It is a relatively simple thing to do, but due to "stubborness" or more likely "inconvenience", the majority does not utilize such features.

    Inconvenience -- isn't that the crux of it? I don't want to be inconvenienced so I run as admin. I don't want to be inconvenienced, so I allow java/flash. Inconvenience is a key element. Computers are supposed to help make our lives efficient, aren't they? Pay your bills faster. Shop from the "convenience" of your home. Do your taxes easily. I don't know about you, but I am always looking to find "convenient" ways to maintain a certain level of security without the "inconvenience" often associated with actually staying secure.

    Isn't that called a "paradox". lol.

    Sul.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I think that's what I mentioned, or at least meant to say. People don't want to bother to the point of having to create a whitelist of what websites they will allow java, javascript, etc.

    ;)

    That's all correct. But, you do care to know to what certain point you can make a balance between both. You don't neglect neither side. The problem isn't convenience, rather the lack of balancing both.

    The same way you found your way, I've found mine. But, we represent a small %. ;)

    I agree and disagree. I know some people that rarely use the browser. They just use Windows Live Messenger and spend hours talking to other people that way. That would be their threat gate. :eek:

    But, yes... I agree that for most people the browser is the... how to put it... second main threat gate. (The user is #1) :p
     
  9. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Its sort of a moot point, isn't it?

    Without a user, everyone's computer would stay in the off state. Its more or less assumed that we are going to have someone using it, and that they will expose themselves to risks by using it.

    I think what Sully is saying is that the way most people expose themselves to such risks is through computer sources like the web browser.

    I think what you are saying is that users fail to mitigate these risks, and I 100% agree with that... but there has to be a computer based source for these risks as well (just as there needs to be a human source). In other words, you can't have a human introducing risk without having something from the computer that introduces risk (and vice versa)... so in essence, almost every problem is brought upon by both the user and the computer..

    On a side note though, I personally don't use adblock or any whitelists for javascript / java / flash / etc. Why? I visit too many sites that rely on these things for me to actually manage a white list.. Not to mention, you will have sites where you need flash and javascript, but the same site could also have ads that can be malicious or undesirable (even some big name sites are guilty of this - *cough* cnet *cough*).

    Instead of that, I rely on other forms of protection (choice of browser, sandboxing, applocker or SRP, A/V). I could certainly lock it down more.. but in my current state, I prefer usability and comfort over doing so.

    Personally, I think everyone needs to balance of usability vs security in their own way. Its always a question of how much you are willing to compromise to stay safe..
     
  10. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Actually, not everyone's computers would stay off, because there are servers, bots, resource monitors, control centers, etc.
     
  11. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    Well I was talking about their personal computers, but still... without any users around, I doubt most servers would be doing much..

    Either way, I was just trying to make the point that for your average PC, an uneducated user is assumed..
     
  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's correct. But then again, without the user, the browser isn't a threat gate, at all. ;) Just turn on the computer, open the browser in a blank page. What's next? There's no user to provoke the damage. :D The user has the major role, not the browser.

    There are browsers, just like Opera, that have no sandbox. While that would be great, if it was used by the majority of users (average users), because it would save them from a lot, in the hands of the more technical users, Opera is as safe as IE with its Protected Mode or Chromium/Chrome with its sandbox.

    So, it's not the browser, it's the user. The user is the main threat gate.

    I understand why Sully or you and others may think differently, but I don't see how we can consider one has being the threat gate without also considering the other side as well. OK, maybe the best way would be to say that both the users and the browser/etc are the #1 threat gate.

    And, I didn't say otherwise. I just mentioned that the browser isn't the #1 threat gate. It is, but only for those using the browser as their main Internet tool, so to speak.

    As I mentioned, I know people who just practically use Windows Live Messenger and the only times they use the browser is to update their facebook profile. lol But, I'd say 98% of the time is spent on Windows Live Messenger. So, for them, this is the threat gate, not the browser. :p

    The same way, if I only use my e-mail client and no browser for anything, the e-mail client is my threat gate.
    [...][/QUOTE]
     
  13. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    461
    I use SBIE as my only security app. I go to quite a few questionable web sites with Firefox every day too. I have javascript enabled for all sites. Some filtering is done with Proxomitron. I have quite a few Direct File Access permitted to specific uniquely named folders I have created because I like to save stuff directly to more than one folder. Only use only one sandbox and automatically delete contents. Use Restrictions (internet + start/run) and Drop Rights. Force everything not on C:\ to run sandboxed. Forced programs browser, email app, media player, pdf viewer, download manager. I run XPSP3 as Administrator. No one else uses computer. Anything new I intentionally download I run through Virustotal before running it. Once a month I check out MS security bulletins and decide which to manually download and install. Would also like to run a software firewall in conjunction with my router (to give me more info on what newly installed software might exactly be doing, what IPs it might be phoning home to, etc.) but I think the Golden Age of Software Firewalls is gone and haven't found a new one I like so just using SBIE alone for now. It is complicated to discuss all the configuration options without seeing someone's actual sandboxie.ini which isn't the thing you want to share obviously. I know some may think I am living dangerously but haven't had any problems and it is very easy to run like this.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    If you search the forum for sandboxie ini, you'll find a couple threads where some users share their configurations. Not sure if they still have the same... :D
     
  15. hpmnick

    hpmnick Registered Member

    Joined:
    Mar 24, 2011
    Posts:
    186
    [/QUOTE]

    I wasn't so much disagreeing with you, as trying to illustrate its a matter of semantics. Its two different sides of the same coin is what I'm getting at.
     
  16. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I will try this but will be using geswall FREE instead of sbie because i dont have paid sbie.

    + trusteer rapport so I can shop online a little safer? :D



    my threatgate is from the USB ports and I don't feel secure even after disabling autorun/autoplay in gpedit.msc (any suggestions?)
     
  17. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Default-Deny SRP or Applocker will take care of that.
     
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    I'm using Windows 7 Professional 32-bit. (Default Administrator)
     
  19. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    SRP then. Exclude admins if you use UAC, otherwise apply to all users.
     
  20. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557

    I'm on UAC. I don't find SRP in admin useful compared to SRP in Standard User account.
    I don't have anything to back this statement though.
     
  21. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    UAC runs most processes under limited rights, therefore SRP applies to them. It also prompts for admin rights, which aren't covered by SRP (by default).

    It is just as useful.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.