Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.
He thought he could sneak one by....but we all have good memories! LOL
OS: Qubes 3.0 RC1 with Whoinx workstation & Gateway in seperate Qubes VM's with added Macchanger , 3 X Pfsense Qubes VM's connected to nested chain of VPN's (Thanks mirimir for the guide), VPN's which I'll detail later, Thunderbird with TorBirdy & Enigmail, FireFox 39.00 with NoScript 126.96.36.199 with all aditional restrictions checked and whitelisted sites removed, Adblock Plus 188.8.131.52 with all malware & country filters enabled, Tinfoil 0.7.1 set to full tinfoil mode, HTTPS EVERYWHERE 5.0.5, CanvasBlocker 0.1.6, Disable Plugin & Mimetype enumeration 184.108.40.206, Ghostery 220.127.116.11,
Then I add to the mix OpenVpn 2.3.7-I602, then I add my personal VPN's starting with Perfect-Privacy.com VPN service 4 hops, Prq.se VPN service 1 hop, ZorroVPN.com service 4 hops, Tigervpn.com VPN service 1 hop, IVPN.net VPN service 2 hops, & multi-vpn.biz VPN service 3 hops.
I like my VPN's if you couldn't tell. It's nice to have options
Personal Mail Server
OS: Debian 8.10 Jessie, Fail2ban with country bans on .RU, .RO, .FR, .SK, .IN, & all of Afrika & all of Asia & all of South America & lock out SSH wrong password after 1 wrong password for 48 hours, SSH port changed to different port, Grsecurity patches for the Kernal, SElinux patches for the system, IPtables rules set to strict guidlines blocking any traffic except port 443 & port 9050 & SSH port, Chkrootkit, Snort with updates ruleset, OpenVAS to check the server, I disable root logins i find this helps securing the server, Only allow login by public key NO login by password, TripWire is another tool I use to secure the server.
Server location: China - about as bulletproof as you can get these days. I only use it for a personal email server so bandwith isn't an issue. China has crap bandwith if you didn't know. Server is registered to a .CN citizen so no ties to my personal life. It was a strugle getting them to load Debian 8.10 but I can speak decent Mandarin since I lived in Bejing for 3 years, so after a few emails they relented and loaded 8.10 on my box for 100 yuan fee.
What do people think? Am I paranoid enough? Good? Bad? Room for improvement?
Removed Avast & Adguard for now. I am so used to these extremely light anti-exe/whitelisting/virtualization apps, when I install an AV I notice the change in responsiveness very easily and it drives me nuts! I think for now I'll stick with my current config (laptop) and maybe install HMPA here soon.
Voodooshield is an exception. I do notice a change in responsiveness when it's installed
Have you measured program launch times with Apptimer? When you do launch your browser with lot of home pages, you can also measure the impact on browsing. Modern programs are useally so well developed that they add just 0.3 secs (on my dual core) launch time.
When you stack up programs and the delay exceeds a second, you will start to notice it. The delay of VS and SBIE is probably as much or as little as the delay of AG and Avast. So the thumbs down or up is interchangeable IMO
I would say there is rooom for improvement, how do you check nobody's is fiddling with your mail server?
I will surely try it!
EDIT:Just installed it
Room for improvement? Please explain? I can't know 100%. That is the problem. But I have Iptables so tight that not much can access the server. I also view detailed logs every day to see if anything is strange. At the end of the day that's the best you can do without hosting the server locally in your home.
For paranoids there is always room for improvement. Now I planted this awfull thought in your head: "the best you can do without ..."
Avast Pro Antivirus, Voodooshield Pro, Sandboxie, Malwarebytes on demand scanner
Home computer? Huge waste of resources. & then to trust mail servers offsite/China and addons by some random cat named Chris Antaki.
Cool start for privacy and/or anonymity..but that soon disappears when using the same computer for everything. Honestly, I don't know what you're even trying to accomplish using VMs and VPN chains for everyday usage from your own home.
only Sandboxie on Win10 RTM
That's all you need
What is your Avast tweaks?
will just wait a compatible version of SD.
I had it @ default
I would even dare to say that exploit mitigation software is becoming a bit redundant when looking at Win10. Especially if you realize the following things:
- Edge is now 64 bit and has an even stronger EPM sandbox (Additional hardening seems to have been employed that makes exploiting symlink sandbox escapes harder: https://twitter.com/tiraniddo/status/612948425995386880)
- Flash exploitation using uint Vectors is dead and that was the main exploitation technique. (http://googleprojectzero.blogspot.com/2015/07/significant-flash-exploit-mitigations_16.html)
- Exploiting Font bugs no longer as 'trivial' as in Win 8.1 and lower. (Can not that quickly find a reference anymore.)
The auto-upgrade of Windows 10 will ensure that a large number of consumers will benefit from these changes (especially from the hardening of Edge). It is likely to assume that developing an exploit that targets Chrome or Edge on Windows 10 would now require multiple vulnerabilities. You can already see a shift in what kind of exploits are being found in the wild (besides the ones targeting Flash Player of course) In the past Internet Explorer was maybe the most targeted application out there. What happened a year ago? MS hardened the allocation of heap chunks and since then I am not aware of any - known - APT campaign that used a zero-day targeting IE.
If you look at some of the zero-days that have been deployed in the past year then we can see an interesting development:
- IE no longer seems to be targeted that heavily. (CVE-2014-6332 half-day is the most recent targeted vulnerability iirc)
- Flash player took over the place of IE, but this will also change with the recent changes.
- Logic flaws have even be used in 2014 (cve-2014-4114 and cve-2014-6352)
- The first known Java 0day in two years has been found in the wild (cve-2015-2590)
So which applications will be targeted the most in the upcoming years?
By Exploit kits: I have no idea, maybe we will finally see attacks that employ sandbox escapes.
By nation state actors: Maybe MS Office and Adobe Reader (IE/Edge, Chrome and Flash exploitation is quite hard nowadays)
Wow, you're very optimistic about Win 10. But yes, it's getting harder and harder to exploit browsers. And apps like MS Office should always run restricted or sandboxed by HIPS.
The main reason has to do with IE being replaced by Edge which has a sandbox and is 64 bit by default.
Although the primary focus of exploit mitigation software is of course older systems which do not receive regular updates.
I removed ESET and will go AV-free for some time. My current setup:
OS: Windows 8.1 x64, Windows FW, UAC on max, SRP
Browser: Google Chrome & uBlock Origin
Backup: Macrium Reflect
What on-demand scanners do you prefer?
I use Emsisoft Emergency Kit, Avira PC Cleaner and Malwarebytes AM once a week.
For daily scan I use HitmanPro.
Thanks. I didn't use Avira PC Cleaner from these scanners. I'll give it a try.
The current IE also has a sandbox, at least on Win 8. But it's not as robust as the one from Chrome, from what I've read.
Separate names with a comma.