Discussion in 'other security issues & news' started by Brandonn2010, Jun 11, 2013.
The weakest link is the human using the system....
HM: I know you don't advocate a walled garden approach, but I think any OS that can effectively make a large number of decisions for the user leads right into... a walled garden. If the OS can deny you the ability to make a stupid decision, it can also deny you the ability to make a smart one. And to be honest, I'm afraid that this is where Windows 8 is heading - towards sacrificing power and versatility for ease of use and security. I do not see that as a good thing. Perhaps I'm being somewhat elitist in rating content creators as more important for the computing ecosystem than consumers; OTOH... consumers don't create content. (Unless Facebook and Twitter qualify as content.)
tl;dr I'm very much in favor of exploit mitigation and sandboxing up the wazoo. For social engineering though, the problem is the user, not the OS, and trying to fix it through the OS is at best a shoddy workaround.
Edit: also, a belated response...
The major issue is that (AFAIK) most Windows security software, in most cases, works by preventing or terminating the execution of bad binaries somehow or other. (Blacklisting, whitelisting, behavior blocking, etc.) On Windows 7 this complements the native memory protection and access control mechanisms. On XP those mechanisms don't exist. Between that and updates officially ending, I would want to avoid said OS if possible.
(For those who can't avoid using XP for whatever reason, I'm not sure what I'd recommend. Maybe get a big USB stick, install Linux on it, and relegate as many tasks as possible to the live system? That's also security through obscurity, to some degree, but your chances are IMO a lot better than way.)
Anyway that's why I indicated whitelisting as a sole defense - because from what I've seen on these forums, that's probably how it would be used. Or close enough at any rate.
It's not about denying the user anything, at all. It's about creating policies that work *with* the user, not against them. Restricting the user only ever leads to jailbreaking/ rooting, and bypassing overly annoying policies. Policies need to be built with the user being tricked in mind - not built on the assumption that users will make proper decisions.
Again, it isn't about taking away users freedom.
Social engineering can certainly be "solved" (as well as any security issue can be solved) by policies.
Again, look at Android. Because of Androids *policies*, not some magical intelligent userbase, socially engineered malware is incredibly easy to remove. That's the operating system protecting the system, not the user.
But, again, I don't expect anyone to believe it yet. And hopefully in 1.5-2 years I'll just be able to prove it.
Policies at least in corporate/enterprise environments aren't meant to allow users to make decisions - proper or not; they're meant to strictly enforce what users are only allowed to do.
Those aren't the policies I'm talking about. A policy can be anything - one policy could be to always tell a user to use a strong password. Another could be to enforce 8 character passwords, and a password change monthly. Another policy could be to load all signed executable files with ASLR enabled. Only allow execution if the file doesn't meet our malicious signature, etc.
All of those are security policies.
I'm advocating policies that don't restrict users but allow them to stay safe, even in the case where a socially engineered malware is at play.
Although a seemingly wonderful and ideal scenario, I can't fathom how that could ever become reality
Unfortunately it's going to be a lot more difficult because Microsoft is closed source, and a developer can't just patch support for what's necessary straight into the kernel. But with slight compromises it should be possible.
Doing it for Linux would be a lot cooler and eaesier, but less relevant, since this type of security program is way more geared to Windows.
Either way, I've said way too much as it is. Hopefully I'll be able to prove all of this in either 1 or 2 years (depends on what my workload is between job/ school, I'm not writing anything until next Summer at the earliest as it is). I hope it works, but maybe not!
Touching again on this Topic's title.
AFAIK, windows 7 and now 8 are soon to be far more likely to be exploited then XP for the simple fact that most all exploits have already been exhausted for that platform to be of any real significance considering the trend & attention toward the newer models as well as ending support.
Always just assume that there is an absolutely inexhaustible number of vulnerabilities in an operating system. There are many millions of lines of code.
edit: This topic was a nice break, but I'm going back to studying. If you want to message me feel free, I still check PMs, but I'm too lazy to check this topic.
Oh yeah, and that!
And, here we go... You're talking about removing malware once it gets into the system. You're not talking about preventing it, you're talking about remediation.
I'm not familiar with Android, since I use no such devices that use it, but that's how I interpret what you mentioned - that it removes malware after it gets into it.
But, how does preventing social engineering come into play?
How is the operating system going to protect me against such? I know this is an old matter, but if I recall well the Anonymous group (or some part of it) managed to get access into a security company's (don't recall which one) server (part of the attack) through social engineering, by making one of the administrators believe the e-mail was sent by another security company member. The real e-mail account had been accessed to send the e-mails (they got it after initial attacks on the website, I think). After this, they got access to the server, because this other admin provided the needed passwords.
How is the operating system suppose to protect against such? That is social engineering.
How are you going to come up with something that protects against such situations? What if I convince someone at this forum to give me access to their e-mail accounts? Let's say I could pull that. How is the operating system going to protect those users, or even some application?
Because, social engineering doesn't only imply a way to trick somebody to install malware, which could then be removed if found.
It's a dream. A nice one, but still a dream. I can't see it in any other way.
We'll just have to wait 1-2 years for HM to release his super duper AntiEverything
Even though i've had a "few" clashes with him on various topics, i "think" that he "might" actually come up with something tangible. I wonder whether it'll be free or not though ?
lol I'm not giving any details on the implementation. You'll see it when you see it. I'm very confident that it will do what I've claimed with very few shortcomings (only due to Windows)
I don't ever plan on charging for security software.
But my day is starting, so cya.
""If the OS can deny you the ability to make a stupid decision, it can also deny you the ability to make a smart one""
Exactly, an OS should be just a shell where you put in the components and build it at your will
I agree, as long as xp still works after the updates stop my pc will be fine cause I'm extremely careful and I have plenty of protection
my pc's aren't crazy about newer OS's cause they simply weren't designed to run them, so xp will stay.
If you read more carefully my quote I was referring to SP2 not SP3
A very blanket statement that means nothing to a knowledgeable user. All things being relative, with the conditions being: OS's out of the box, and average and/or dumb end users (IMO one in the same)... the numbers are probably accurate.
But it means nothing to me. Almost everyone I know now uses Windows 7 or 8, with a few on Vista. And they are about 100 times more likely to be exploited than I am on XP. I know because they bring their boxes to me to fix. And in the same time period I've been compromised 0 times.
I'd like to see what the odds are of having your privacy or anonymity compromised on a post XP OS compared to on XP... for any type of end user. That and amount of backdoors present (one leading to the other). So if a user is able to lock down their XP box to prevent exploits/viruses, I could argue all things considered they are safer than a Win 7/8 user.
This thread is months old. But what the heck, I'll bite.
XP has ~30% of the desktop OS market right now. Most XP users probably still rely on an antivirus for protection. Antivirus software (for the most part) works by identifying malicious executable files and preventing them from running.
HIPS software works in the same way, only more general. Sure a HIPS uses whitelisting, but the whitelist is of known good executables. It can't block exploits, only payloads.
Given the current market share, there is a lot of money in developing malware droppers that bypass AVs on Windows XP. Especially as it's much easier than on Windows 7 (because 7 has memory protection up the wazoo).
There are a lot of ways you can do this of course. Encrypted/compressed executables, polymorphic code, and good old social engineering all work against AV but not against HIPS. OTOH, running a privilege escalation exploit before you launch your payload will probably work against both.
Will it become common? I would guess not; manipulating users, or using preexisting executable packers, is probably the path of least resistance for most malware authors. But I would not be willing to bet anything important on that... Which is why you won't see me using XP for anything important.
[noparse]TLR:[/noparse] most antimalware products are designed to deal with lazy, poorly thought out attack methods. This is okay (for now) because most malware is lazy and poorly thought out. But using XP + HIPS for anything serious is betting on the blackhats being lazy every time, and I really don't think you want to do that.
I am one of those users sill using sp2. Over ten years of tweaking an OS, applying registry hacks and software installs makes someone very hesitant to leave XP for the likes of Vista, Win 7 or 8. I still see no reason to leave XP for another MS operating system. A natively secure OS like linux? Yes/. Absolutely! Within probably two months I am making the plunge. It seems to me post Snowden that we have entered into a new era. Besides with Mark Rusinovitch's Disk2VHD Sysinternals app I just make the cherished old OS into a VHD usable by VirtualBox once the migration is complete. Is it obvious despite using their product that I am not a fan of MS?
Microsoft to Windows XP users: your operating system is a major security risk
Windows XP infection rate may jump 66% after patches end in April
Problem is people will say, "Well duh Microsoft would say that, they want to sell us Windows 8." And those people would be right, there is a conflict of interest.
However, "conflict of interest" just means that Microsoft does not particularly care if they are wrong. It does not mean that Microsoft is in fact wrong. A broken clock is right twice a day...
Edit: @siljaline, re the use of realtime AVs - did other security software figure into those statistics? I'd be interested to know comparative infection rates for users of e.g. HIPS vs. realtime AV users.
Again though, you are looking at this from the POV of an average user. In which case I agree you're much better off with Win7 or 8. I have no real-time AV though, or the attack surface that comes with it. And there is absolutely no whitelisting in my HIPS. I've removed my trusted vendor list in D+, and have it on Paranoid Mode. And over time have had it remember actions I know are legit/pose no harm, and alert me to anything else.
I could go on and on about other measures I employ. The bottom line is I don't represent the type of user you reference at all. And that's the type of end user I'm talking about here. There's very little reason for someone like me to upgrade. And in fact, due to reasons I mentioned, my security may actually decrease overall by doing so. I doubt I can disable all the potentially exploitable attack surface on 7/8 that I can on XP, and close the associated ports (all of them) and keep it functioning. My privacy would be inferior. And who knows what backdoors are in there lurking... many people believe it's just a way of life and a concession the user must make now with Windows OS's. Would using a VPN even do me any good on Win8?
Your words ring true to the average Joe, but mean little to me personally. I'm in no hurry to see XP's EOL come and hope to God some people keep banging out (unofficial) updates to keep it alive. IMHO XP Pro SP3 is the best OS ever created... MAC OS's included.
Report can be fully downloaded for offline reading.
The first thing I do after a fresh install is create a new Admin account then disable the built-in one. This creates a substantially safer Admin account that greatly limits what you can fudge up, and/or what liberties you can take.
Combine this with a user friendly default deny SRP... one with a thorough white list with your necessities, or maybe a black list instead to make it more user friendly. Good Local/Group Policies. Folder permissions (unsimple file sharing) that prevents changes to your OS, trimmed back only when updating Windows once a month
... and you've got a pretty darn safe Admin account.
And if you're not making a ton of changes often you can even create a LUA, make the folder permissions tighter, allowing you only a dedicated partition to make changes/download things. Then switch to the Admin account only to update Windows. And make use of the Run as Admin feature and enter your password when needed.
I really don't find all this that difficult to maintain. I used to use the 2'nd option but now just use the safe Admin method. Both ways end up with the same end result... uncompromised.
@siljaline: Just read it, thanks. Unfortunately it doesn't seem to mention application firewalls, etc.
@luciddream: I don't think a "safe admin account" is possible in XP (or in Vista/7/8 for that matter).
- I'm pretty sure all admin accounts are "created equal," with a privilege level a bit below that of the System account. There are security issues associated with dropping privileges from an admin account, but that's why you're supposed to create a new user for a limited account.
- SRP whitelisting is largely useless for an admin account. Sure e.g. temp folders are threat gates, but admin has full write access to the filesystem; sticking an executable in C:\Windows is trivial. ACLs are likewise not very helpful for admins.
- SRP works in userspace, and can likewise be overridden in userspace without any privilege escalation. Some ITW malware can already bypass it (mostly as a side effect of otherwise sneaky infection mechanisms, but still). IMO one should not place any trust in SRP for security at this point.
Edit: also I would politely suggest that your paranoid HIPS settings make you more vulnerable to social engineering, by creating a false sense of security and encouraging thoughtless yes-clicking. I have avoided overly chatty HIPS software when on Windows, for exactly that reason .
Separate names with a comma.