To what end do you desire security?

Discussion in 'other security issues & news' started by Sully, Jun 19, 2010.

Thread Status:
Not open for further replies.
  1. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Having spent the better part of the last 2 years seeking to unshackle myself from the yoke of prompts like HIPS throw at you, and come to grips with some form of security that is more simplistic, I wonder, what are your thoughts?

    For myself and what I do typically from day to day, I just cannot concede to use LUA. LUA is the best method, whether you go very stringent with a default-deny policy or the more standard implementation.

    But all you Wilder "fan-boys", what do you really want these days, I am curious?

    Do you want to see all the pop-ups from your security tools? Do you want absolute control still? Have you become tired of the constant game of which security tool is best for the latest threats? Do you still prescribe to using a mechanism such as AV which relies on definitions that must be current to maintain a whisper of absolute assuredness of the integrity of your files?

    Or, like me, are you simply tired of employing many tools for a threat that never really strikes you?

    I have settled with not using an AV at all. If in doubt I will submit a file to an online scanning house. I choose instead to use Sandboxie as my only 3rd party tool. I segregate everything that touches the net with it if possible. I have ran it through so many tests that I just plain and simple trust it like no other tool.

    For my use I employ DropMyRights or SRP in Basic User mode for applications I deem as susceptible to compromise. This is essentially putting my internet facing apps in the same realm as LUA, while still leaving me without the restrictions LUA imposes for my common daily uses, such as futzing with the registry.

    I rely heavily now on Macrium to handle my imaging needs, which for me has replaced most of what is left of security.

    What do you feel is the direction you are headed? Do you still want everything under your thumb and willing to go through strict configurations to achieve this? Or, are you now knowledgable enough to use much less that you used to, with hardly any configuration, and be more secure that you used to be?

    Sul.
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi Sul,

    The same direction I started out 20 years ago!

    Early in my computing experience I conlcuded that user error is responsible for most problems. This can be confirmed by perusing the hijack forums.

    When I began to look closely at exploits in the wild, I concluded that all I really needed was a properly configured inbound firewall and a properly configured browser. I saw these as the 2nd and 3rd weak points in a security strategy, the first being user stupidity and ignorance.

    I became interested in White Listing when I began to do some home consulting, mainly for parental control over what the kids could download and install. Faronics had FreezeX - later Anti-Executable - and it was a suitable product.

    While I've used it mostly for testing, in all the years, I never had an alert during normal internet usage. Why? Because nothing gets by the properly configured firewall and properly configured browser.

    All software I install is purchased/downloaded from reputable sources, so I've never felt the need to upload something to scan. I always check around for user feedback before installing something.

    In the years of poking around security forums, I've concluded that there is more emphasis on products than a well-thought out security strategy. A similar phenomenon exists on the photography forums, where such people are referred to as gear-heads: always changing camera systems, never satisfied with what they have.

    There is nothing wrong with that, of course, as long as one realizes it has nothing to do with the art and craft of photography!

    regards,

    -rich
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Exactly! I let go of all the security apps several years ago. All I use now are an AV (mostly out of habit), and Chrome. Nothing else. Router also of course. No LUA, although LUA in Win 7 is quite pleasant to use now.

    I have been on the internet doing literally everything for over 15 years now, and have never been hit by any threat. So for me, it simply doesn't exist.

    The day I do get bitten, perhaps I'll reconsider. But until then, it's all a waste of time.. I keep it simple.
     
  4. malexous

    malexous Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    828
    Location:
    Ireland
    I ditched Norton 2011 Beta a few days ago in favour of LUA, Applocker and Sandboxie.

    For my current computing practices, it is generally unobtrusive, extremely effective and the main reason for changing, super light.
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Boy this is all near and dear to my heart. I've done without any AV/AS stuff for quite a while.

    Even ditched 2nd HIPS, and now all I run is Sandboxie and OA ++. True it has an AV, but it's not real time, and I've never done a scan. I only have it if I occasionally want to check something I've downloaded.

    As for wireless, only have a think pad tablet, and use it wireless here. Network Magic alerts if an unknown is on the network, so that's covered. If not home, I use the Verizon Broadband to connect which is much more secure, then unsecured networks.

    Pete
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I think I've reached my limit :)
    Only thing that can break though is an intelligent hacker imho.
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    Security that will make me feel safe online using the least computer resources as possible.
     
  8. katio

    katio Guest

    I've only recently registered here at Wilders, you might think I'm not qualified yet but I'm quite a security veteran actually. They do exist outside of this forum too :p

    I never bought into the "security through products". Blacklisting and signatures stroke me as an incredibly stupid method and I literally hate bloated and slow or obtrusive nanny software, which, to add insult to injury, usually hooks deeply into the system thereby increasing attack surface, bugs and instability. Like Rmus I analysed the real an realistic risks and came to the conclusion that I didn't need any of that.

    Through this forum I learned about SRP and Applocker. That's what I'm using now together with LUA which doesn't impose any limitations for my day to day work. Add to this a "properly configured browser and firewall".
    I'm a cautious user and tend to think I know what I'm doing. Never had a security breach to my knowledge. I feel save enough, that's all I want and need. I think I also got this from here: "Security is a state of mind".
     
  9. wat0114

    wat0114 Guest

    Long ago I ditched the av (although do keep MBAM on-demand for rare usage) and hips and have used with sheer joy: lua, AppLocker or SRP depending on the machines and built-in Win fw behind a router, with Sandboxie as the only 3rd party security solution on two desktops plus a laptop the kids will use. In the last 6 months or so I feel I've also pretty much mastered the fine art of properly imaging drives for safe keeping. I don't mind occasional UAC pop-ups.
     
  10. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    I've been antivirus free for 2 years now,and never will go that route again.
    Never jumped on the HIPS bandwagon.

    I run what I have in my sig,nothin more,nothing less,period.

    I've said it 100-times now and still tooo many people on these forums,still feel the need to pile on the security apps,taking up a half-page of software applications and hey if that makes you feel "secure" go for it!

    For me,I've got life to live :thumb: and not worrying about getting attacked from something thats not gonna attack me anytime soon.
     
  11. kennyboy

    kennyboy Registered Member

    Joined:
    Oct 4, 2006
    Posts:
    404
    This thread is so pertinent. Thanks for starting it Sul.

    When I first joined Wilders, I was in awe of the depth of knowledge and the variety of all the security sotware that is concentrated here.

    Of course, wanting to learn, I plunged in and used everything that I could afford to buy, and then (sort of) enjoyed watching all the pop-ups, while congratulating myself on how secure I had made my machine.

    However, it very soon became pretty boring, and on analysing exactly what my online habits actually are, I came to realise (after I had run out of money and RAM) that my machine was so busy protecting itself from unlikely dangers, that it had little left for the tasks which I needed it to do.

    Out went the HIPS, Anti-Virus, and 3rd party firewalls, together with the real-time anti malware, etc.

    Now, I just use Sandboxie, Shadow Defender (for testing) FDISR (because of the Archive feature) and have on demand scanners if I feel the need.

    For me, this setup, together with a reliable imaging program does what I hope is sufficient, and so far it certainly has been.

    Regards

    Ken
     
  12. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    But, as I found out a very long time ago now, you can go about learning the slow way, what a setup.exe is doing or what a process started is doing, using firewalls and things like process monitor or regmon or diskmon or filemon.. stumbling along the way. Or, you can use a good hips appliance, and excelerate the process.

    I personally believe that those who still use a lot of hips and stuff, like jmonge seems to (hey bud, sorry, but your are the perfect example, (bows low in respect) ) , either love to play with software or are still in the process of really learning.

    But I want to know, from people like jmonge, where are you really headed? Are you content to keep trying out many different appliances, or do you have an end goal of finding the most bestest, most lightest-est, most bodacious-est configuration and be done with these security journies? ;)

    Sul.

    Edit: @jmonge... please do note I am not being derogatory at all..
     
  13. Get

    Get Registered Member

    Joined:
    Nov 26, 2009
    Posts:
    384
    Location:
    the Netherlands
    My pc is pretty bolted down, but hasn't changed a lot in the last few years. Liked to play with it, but that's long gone. I know the chance of getting infected is minimal, but I like to know it when I am. The pc is still fast, so loss of speed doesn't make me feel the need to trim it down.
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Here I want to be both as insecure and secure as possible at the same time so no UAC and full blown admin.

    In other words I want any and all all malware to come through and run unimpeded yet have the capabilty to discard any infection whenever I want.

    The apps in my siggy allow me to do that.
     
  15. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sully, all this is fine if you are one user, one computer, or you set it the way you only allow. Some dont have that luxury and have to trust in "Old-fashioned" apps.

    I have a 64 bit desktop, wife 64 bit laptop, two teens with 32 bit laptops. All with different needs. Kids download music and programs to use, edit and create documents for school.. Yes, I would prefer to zip them all up and use ShadowDefender and LUA, but doing so would take away from the freedom and enjoyment that each get from their computer.

    For me, keeping a clean back image that can be restored when one does, mess up, is the most important thing I do. Having a AV or Prevx allows for some sort of good protection and notification.

    Malware I have found is a learning tool. Each time any one of us have gotten infected, I take the time to explain to that person how it happened and how to avoid it in the future. It works, my having to clean up is a lot less frequent. But I didnt give them computers to make them a object they couldnt fully utilize and enjoy. Though, it does resuilt in a self induced headache for me, from time to time.;)
     
  16. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    My entire family has been hit by malware at some point. Having a program like FD-ISR and FD-SR have been my saving grace and easiest way to fix what is broken. I really dont understand a lot about LUA and how to use it. But even with my limited ability, they have yet to break something I couldnt fix. And malware programs do work, to some degree.
     
  17. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sorry, for all the posts, by security to me isnt about what app you use or how you lock up your computer but more about regular maintenance. Once a week, I grap everyones computer and go in and clean the junk from the week out, make sure everything is updated and defrag. To me this is the one most important thing a user can do. My sons piece of crud, 3 year old Compaq laptop is still as good and fast as the day I bought it. It isnt because of LUA or any malare program, but, weekly maintenance. Plain and simple.
     
  18. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Sully,
    Thoroughly enjoying this post.
    I was mostly computer illiterate when I found Wilders.
    And I knew nothing about pc security except what the ads told me about being at risk.
    So I spent a good bit of money for AV's etc. and invested some time in learning from many of you at Wilders and elsewhere.
    I'm still a novice and hope to remain teachable.
    I've removed most of the software I used to use and now am happily using MSE, W7 firewall, router, Sandboxie paid and Keyscrambler free for everyday use.
    I use Hitman Pro occasionally and have a lifetime license for SD, which I might use if I feel the need.
    Also I make frequent images for backup.
    My pc runs lite and fast.
    Thanks.
    Hugger
     
    Last edited: Jun 20, 2010
  19. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    No resident AntiMalware, HIPS, and Software Firewall here, too.
    -NAT/SPI Router
    -Firefox with WOT and Adblock Plus
    -Rollback Rx
    -Sandboxie (Registered/Paid)
    -KeyScrabler Pro and Trusteer Rapport.

    I weekly check with MBAM, SAS, Emsisoft Anti-Malware, Hitman Pro, and F-Secure Easy Clean
    BUT they find cookies in the worst case. I am without infection since the Fall of 2007.
    I am fond of Security but Not of Paranoia...:D
     
  20. ABee

    ABee Registered Member

    Joined:
    Jun 2, 2010
    Posts:
    330
    A limited account and being behind a router are the two single most significant things a person can do to prevent and/or combat malware.
    Yet so many have a notion that using a LUA is somehow going to put a crimp in their style.

    If their style is allowing malware to have free reign over the system once it manages to get on board, then they're right.
    If their style is spending most of each day installing and uninstalling software, then they're right.

    I've been using a LUA on Windows for years. I use one on Ubuntu Linux when I occasionally use that OS. (Just like virtually everyone else who powers up a Linux OS does.)

    I rarely have need or desire to log onto my Admin. account in Windows. A LUA puts no crimp whatsoever into my style.
    The few apps I run which require Admin. privileges all run perfectly fine from a LUA when given the 'Runas' command.

    Btw-- Once your bank account info has been stolen, restoring an image or rebooting into a new virtual environment doesn't reverse that action. Your bank account info remains stolen.
    Which unfortunately holds true irrespective of user account limitations.
     
  21. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    My idea of a secure system is one that does exactly what I want and nothing more. It saves only the data I want saved and sends out nothing unless I choose to send it. I expect it to let me browse anywhere I choose and not be altered in any way. I don't want it alterable by anyone else who uses it.

    The only security policy I know of that meets these requirements is a strict default-deny. When I first started, I used anywhere from one to three AVs and at least as many anti-spyware and anti-trojan apps. At one point, I had over 20 security apps installed, over half of which were resident or scheduled apps. In 2004, I began experimenting with SSM and default-deny as an alternative to signature based security apps. About a year later, I removed all of the signature based security apps from my system and started using the same security package I'm using now, SSM, Kerio 2.1.5, and Proxomitron. Prompts from SSM and the firewall are not an issue. SSM doesn't prompt with the UI disconnected. There's very little maintenance on these as my system rarely changes. For the most part, testing and experimenting are done on virtual systems.

    For a while, I was experimenting with adding SandBoxie to my default package as an additional isolation layer for the attack surface with more permissive SSM rules for the sandbox. Since then, I've concluded that it's not necessary on a default-deny system. I also make system backups whenever my system is changed. With the exception of reverting to a previous set of drivers, I've never had to use them.

    For the most part, I'm where I want to be, security-wise. The only real improvement I'm considering is strong encryption for the entire hard drive with 3rd party software and combining that with a live CD experiment I'm trying.
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Hopefully not. Folks, let stay on topic and keep in mind that people (the masses that is, where the money is) really don't "use" OS's, they "use" applications. Layered on top of that is first to market and installed base inertia.

    That said - my end desires - 100% system uptime and file/account fidelity. That's it. All occurring quietly in the background, without my intervention or continuous reminders that those goals are being realized.

    I can appreciate that a lot of tools provided by vendors not only try to provide that goal, but attempt to offer some information on the how's and why's of providing those end goals (firewalls are probably the most transparent in this regard).

    However, when all is said and done, I want access to my system and my work without worrying that someone unknown to me is rummaging through it, and I want it available to me on my terms. It doesn't matter what the OS is. That only comes into play indirectly since I tend to work in and need to be compatible with a computing ecosystem that is Windows based. If key applications reside elsewhere, I'll go there.

    Blue
     
  23. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I decided to simplify my approach to security a while ago as well. On my laptop I use an AV, SpywareBlaster & SUPERAntiSpyware (on-demand) & rely on control over Javascript on a browser (NoScript in SeaMonkey) & use WOT.

    My next desktop will run Linux....:thumb:
     
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    So if I get this straight, you guys are saying your desire for security would be even to use an OS other than one from Microsoft to achieve it? Does that sum it up?

    Sul.
     
  25. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    OK folks, let's rewind this thread a bit.....

    Once again, please stay on topic. On topic means addressing the question "To what end do you desire security?" That should be a straightforward exercise.

    Please note that this question is OS neutral. One doesn't need to mention a preferred platform since the answer simply doesn't depend upon it (never mind having the thread devolve into yet another useless discussion of the relative merits of the various OS options one can select amongst).

    If you choose a specific OS because it provides a specific end goal that you strongly desire, that's fine to note. However, keep the discussion centered on that goal (whatever it is) and not your perception of the relative merits of the various OS's floating out there.

    Blue
     
Loading...
Thread Status:
Not open for further replies.