What is your attack surface?

Discussion in 'other anti-malware software' started by Windows_Security, Nov 23, 2013.

Thread Status:
Not open for further replies.
  1. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    With security there are three diensions determing the security riks:
    a) User behavior
    b) Security software in place
    c) Software used (needed to be defended by B).

    We already have a thread on B, curious what C is at Wilders. I have a straight forward install (only office 2007 + HitmanPro + CCleaner). For reference let's use HitmanPro's report on scanned objects, mine is just over 700.000 total objects with less than 6.000 files objects (see Pic), what is yours?
     

    Attached Files:

  2. tomazyk

    tomazyk Guest

    The list of my non-security related software: Chrome, Firefox, Utorrent, Google Talk, Skype, FeedDemon, Office 2010, Foobar2000, KMPlayer, Foxit Reader, Movie Collector, Nero, Gimp 2, Daemon Tools Lite, Audacity, Total Commander.

    Security related software is in my signature.

    My HitmanPro report is in attachment.
     

    Attached Files:

    • HMP.jpg
      HMP.jpg
      File size:
      12.4 KB
      Views:
      542
  3. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    your hard disk is 15% faster (scan time versus file objects scanned :) )
     
  4. tomazyk

    tomazyk Guest

    :) I didn't calculate that. I'm using SSD. What about you? SSD or HDD?
     
  5. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I would also add D) Settings to increase passive security like UAC at max, disabled services and default task scheduler entries and so on. I have no B, so I use only apps I trust, that are clean. I use CCleaner to turn off PC to clean temp and browser's cache to prevent anything bad in there from starting, if it manages to create startup entries.
    capture_11232013_131057.jpg
     
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I don't see where those scan results are of any use in identifying, isolating, or securing your attack surface.
    The attack surface is the entry points of the PC. It includes but is not limited to:
    1, any application or system component that can connect out from your PC.
    2, any application or system component that can receive incoming connections.
    3, any port or connection point to which another component can be attached.
    4, any application or system component that opens, reads, edits, etc files or data originating from outside the PC.
     
  8. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,984
    Location:
    Canada
    I pretty much agree with this assessment. For the most part the "attack surfaces" are the specific applications or plugins/extensions the attackers are going after such as the web browser or Java and Flash plugins. I think what Windows_Security alludes to is more relevant with kernel exploits because now anything or everything installed on the system will potentially weaken it.
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Total objects to beat:
     

    Attached Files:

  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Those are the most common targets. The services and applications that open ports are regular targets as are files that can contain scripts or active content (PDFs and document files). Even a common text file can be malicious if the file extension is changed, .txt to .bat for instance.
    In theory, every component of the operating system and every part of all the applications installed on it can be exploited, IF the attacker can gain access to it. Access is gained through the attack surface. It doesn't matter if the kernel is made from peanut butter if the attacker can't get to it.

    Most of those exploits rely on a non-hardened browser with normal permissions (everything enabled) and the usual amount of access to other apps and system components. Properly implemented content filtering will remove most of them.
     
  11. guest

    guest Guest

    HMP Scan.jpg

    Enabled scan for remnants, PUPs, and cookies.

    Yup, that's why I adore lower ILs so much. Happily running a web browser with medium IL all the time is soooo 40s. Although it's not everything, limiting access to the system is very important IMO. I wish in the future Microsoft will make all user space apps to run inside a LUA box.
     
  12. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Yep, but that is not the ambition level of my question, just a rough educated guess (through the eye lashes or between thumb and index finger as we say in Holland).
     
  13. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Sampei Nihira, please tell me how you got your registry so small? (1/3 of the objects I have got with roughly same number of files scanned)

    :thumb: )
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    658
    Location:
    Italy
    Maybe for the use of many software in portable version.
     
  15. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,081
    Location:
    Netherlands
    Thx, simple is usually smart :thumb:
     
Loading...
Thread Status:
Not open for further replies.