Security
Albert
anything?
nemo_outis
8f49-098...@f20g2000prn.googlegroups.com:
> I've just installed XP and need to surf the web. Do I need to install
> anything?
>
Question far too broad, vague and ill-defined - please refine and resubmit.
Regards,
Albert
> Albert <albert.xtheunkno...@gmail.com> wrote in news:33d368a5-5be1-4dc4-
> 8f49-098cb6514...@f20g2000prn.googlegroups.com:
>
> > I've just installed XP and need to surf the web. Do I need to install
> > anything?
>
> Question far too broad, vague and ill-defined - please refine and resubmit.
What do I need to install so that I can't get malware? If you choose
to specify a particular company, please add why you chose that company.
Todd H.
> "nemo_outis" wrote:
>> Albert <albert.xtheunkno...@gmail.com> wrote in news:33d368a5-5be1-4dc4-
>> 8f49-098cb6514...@f20g2000prn.googlegroups.com:
>>
>> > I've just installed XP and need to surf the web. Do I need to install
>> > anything?
>>
>> Question far too broad, vague and ill-defined - please refine and resubmit.
>
> What do I need to install so that I can't get malware?
I'm afraid no product will prevent you entirely from getting malware.
Antivirus is not terribly hard for custom malware to avoid, there is
no patch for human stupidity (i.e. you respond to phishing emails,
install a trojan), or fall victim to a 0day attack via unpatched
issues in your browser, IM program, media player, pdf viewer, flash
plugin, what have you.
> If you choose to specify a particular company, please add why you
> chose that company.
av-comparatives.org tests antivirus software. Eset's NOD32 is a
worthy combination of fast performance and strong signature based and
heuristic based malware detection. Symantec Client security (a
business aimed product) isn't awful either, but it's not cheap
either.
--
Todd H.
http://www.toddh.net/
nemo_outis
news:b0ae4222-21c3-4acf...@f20g2000prn.googlegroups.com:
Still outrageously broad, vague, and ill-defined!
I say this not only because I'm a cranky curmudgeonly old bastard (which
I am) but because sloppy thinking, carelessness, and laziness - even
after you were chided and prodded - does not bode well for your chances
of staying secure. The appropriate skills and attitudes, not just
mindlessly installing a few programs, are crucial to computer security.
For instance, it is quite uncommon to become infested with malware unless
one connects to the internet (at least browsing and emailing, but
possibly also torrent, irc, etc.) - but you don't even mention that you
do that, let alone how! We are left to infer that you are not a complete
novice by the fact that you asked the question here, a relative backwater
of the net. This smacks of either intractable stupidity or trolling.
With that said, the basic kit is as follows:
1) use a router
2) use a decent software firewall
3) use a decent antivirus
4) use programs with reduced suceptibility to security breaches (e.g.,
firefox), addons which increase security (e.g., noscript, flashblock,
betterprivacy) and - especially important! - configure all software (OS,
firewall, browsers, email, etc.) appropriately.
Much more can be done (depending on specific threats, needs, and skills -
such as using tor or mixmaster or a virtual machine) but that's the core.
Regards,
Albert
> <snip intro>
> ...there is no patch for human stupidity (i.e. you respond to
> phishing emails, install a trojan), or fall victim to a 0day attack
> via unpatched issues in your browser, IM program, media player, pdf
> viewer, flash plugin, what have you.
I don't respond to phising emails. I plan to install the bare minimum
so I can scan exe files for being trojans. I don't use IM. My pdf
viewer is portable and as long as I copy three files to a computer in
the same directory it'll work - so I doubt malware would get through
via this program. I don't need the flash _plugin_.
So if I install NOD32 and don't do anything stupid, I can't get malare?
Albert
> <snip _top-post_>
> For instance, it is quite uncommon to become infested with malware unless
> one connects to the internet (at least browsing and emailing, but
> possibly also torrent, irc, etc.) - but you don't even mention that you
> do that, let alone how!
I browse, email with gmail, use utorrent, don't use irc.
> With that said, the basic kit is as follows:
>
> 1) use a router
> 2) use a decent software firewall
> 3) use a decent antivirus
> 4) use programs with reduced suceptibility to security breaches (e.g.,
> firefox), addons which increase security (e.g., noscript, flashblock,
> betterprivacy) and - especially important! - configure all software (OS,
> firewall, browsers, email, etc.) appropriately.
I use a router. I don't have a firewall nor antivirus. After I post
this I'll go get firefox with the addons you've listed.
But, could you please narrow down what you mean by 'configure all
software appropriately'?
Leythos
098cb6...@f20g2000prn.googlegroups.com>, albert.xtheunknown0
@gmail.com says...
>
> I've just installed XP and need to surf the web. Do I need to install
> anything?
Where have you been for the last 10 years?
You need ALL Windows Updates, Antivirus software, the most current Java,
and I would suggest that you use FireFox, the latest version.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam9...@rrohio.com (remove 999 for proper email address)
Albert
> You need ALL Windows Updates, Antivirus software, the most current Java,
> and I would suggest that you use FireFox, the latest version.
If I choose to not visit any website requiring Java, do I still need
the most current Java?
I've got Firefox now - just need NOD32.
as
What a great answer. NOT!
Here's some starting advice;
1. Download an AntiVirus Program - A free version to see if it works
on your machine without screwing up other software. Try Avast. If it
works on your machine for a week and doesn't interfere with other
software, BUY IT! Don't listen to the cheapskates who think the
freebie version is all they need.
Get the Professional version here:
http://www.avast.com/eng/download-avast-home.html
UPDATE IT EVERYDAY!!!
2. Download the freebie ERUNT.
http://www.larshederer.homepage.t-online.de/erunt/
This will save a a copy of your registry in case some junk program
screws it up. Always use it before you install any new program.
3. Download its companion NTREGOPT - on the same page. It'll keep your
registry neat.
4. Forget everything you heard about Windows RESTORE POINT. It sucks.
If you can afford a few bucks, buy Acronis True Image. With
incremental backups it will assure you are able to go back to a past
image of your hard drive before some virus or crappy program destroyed
your Windows.
Use Win Restore Point if you have to, but *really* try to get Acronis.
Everything doesn't have to be gotten immediately with the same
paycheck.
http://www.acronis.com/homecomputing/
5. Get the free versions of SuperAntiSpyware and Malewarebyes
AntiMalware. Make sure you back up with Acronis or at least your
registry with Erunt because the two mentioned pieces of anti spyware
are notorious for screwing up machines.
http://www.superantispyware.com/
6. Get a firewall. Sunbelt's is a simple one for a beginner.
7. Download the freebie WinPatrol. It'll keep you apprised when any
program tries scrwing with your files or registry.
8. Install the freebie InstallSpy.
InstallSpy v2.0 [1.23 MB]
This is not spyware, but a program to help you discover spyware! Track
any and all changes to the registry and file system, and also record
all shell notification events (e.g. media inserted), when a program is
installed, uninstalled, or run. This can warn you of programs trying
to install new services, programs that are set to run on reboot,
changes to your home page, etc.
InstallSpy is a highly configurable program that allows you to catch
any change to your system. Filtering lets you zoom down to the details
that are most important to you.
http://www.2brightsparks.com/freeware/
SyncBack Freeware on the same page is a simple backup program that
works great until you want to move up to something more sophisticated.
It's dang near foolproof to use.
9. Install a HOST file. It's a freebie you can get here.
http://www.mvps.org/winhelp2002/hosts.htm
It'll keep you from loading many Web pages which have been created
with one thought in mind: to screw the viewer with viruses, trojans,
spyware, etc.
10. Install the freebie Fingerprint - You can keep track of files such
as the HOST file to see if anything has changed them.
It's on the same page as SyncBack and InstallSpy
http://www.2brightsparks.com/freeware/
FingerPrint v2.1.3 [1.46 MB]
A utility to see if any files in one or more directories have been
created, deleted, or changed since the last scan. It's useful for
checking if a program, e.g. viruses and trojans, has changed your
all-important Windows files (this is similar to such security software
as Tripwire).
11. Forget using MS Internet Explorer as your browser. Use free
Firefox.
http://www.mozilla.com/en-US/firefox/personal.html
10. Download the freebie Spybot.
http://www.safer-networking.org/en/index.html
Use the Advanced items such as Tea Timer at your own risk. It screws
up too often on too many machines. If it does work for you, great.
Again, backup with Acronis or System Restore before Installing. But
don't trust System Restore to truly install every system that might
get screwed up. It doesn't cover everything. At the least, backup
your registry with Erunt.
------------
This should keep you busy for a while. It's not the end, but a good
beginning.
Have fun.
as
>On Thu, 17 Sep 2009 23:21:22 GMT, "nemo_outis" <a...@xyz.com> wrote:
>
>>Albert <albert.xt...@gmail.com> wrote in news:33d368a5-5be1-4dc4-
>>8f49-098...@f20g2000prn.googlegroups.com:
>>
>>> I've just installed XP and need to surf the web. Do I need to install
>>> anything?
>>>
>
>7. Download the freebie WinPatrol. It'll keep you apprised when any
>program tries scrwing with your files or registry.
>
They kind of hide the freebie WinPatrol, trying to sell you the
pay-for one. Here's the page for the freebie.
http://www.winpatrol.com/download.html
It's the WinPatrol 2009 that you want.
1PW
> "nemo_outis" wrote:
>> <snip _top-post_>
>
>> For instance, it is quite uncommon to become infested with malware unless
>> one connects to the internet (at least browsing and emailing, but
>> possibly also torrent, irc, etc.) - but you don't even mention that you
>> do that, let alone how!
>
> I browse, email with gmail, use utorrent, don't use irc.
Get the full paid version of MBAM if you're going to use uTorrent.
Without it, undesirable peers will show up within mere seconds! Fact!
You'll want MBAM's IP Blocking turned on before you do anything.
<http://www.malwarebytes.org/>
>
>> With that said, the basic kit is as follows:
>>
>> 1) use a router
NAT router.
>> 2) use a decent software firewall
>> 3) use a decent antivirus
3a) use several overlapping antispyware applications. MBAM & SAS
>> 4) use programs with reduced susceptibility to security breaches (e.g.,
>> firefox), addons which increase security (e.g., noscript, flashblock,
>> betterprivacy) and - especially important! - configure all software (OS,
>> firewall, browsers, email, etc.) appropriately.
>
> I use a router. I don't have a firewall nor antivirus.
Are you going to turn off XP's firewall and use a personal fire wall?
> After I post this I'll go get firefox with the addons you've listed.
>
> But, could you please narrow down what you mean by 'configure all
> software appropriately'?
Means harden your OS and applications so they aren't likely to expose
you to intrusion. Turn off services you are never likely to use.
I hope you aren't using the very system you're trying to protect, to
send these posts!
--
1PW
nemo_outis
news:cbac0dfa-e866-4e1b...@z3g2000prd.googlegroups.com:
> "nemo_outis" wrote:
>> <snip _top-post_>
>
>> For instance, it is quite uncommon to become infested with malware
>> unless one connects to the internet (at least browsing and emailing,
>> but possibly also torrent, irc, etc.) - but you don't even mention
>> that you do that, let alone how!
>
> I browse, email with gmail, use utorrent, don't use irc.
HOW & WHERE you browse matters. (Are they low-risk BBC news type sites,
or high-risk porn & warez sites? Not to say I never go to high-risk
sites but I "suit up" before doing so.)
gmail, while convenient, is questionable from a security standpoint
(except for low-risk throwaway uses). For serious uses you should post
through mixmaster, and for serious newsgroup use mixmaster and a
mail2news gateway (none of which is necessary for light-duty stuff - but
it's surprising how what you thought was light-duty stuff can sometimes
bite you in the ass a few years later)
utorrent (which i use and love) can open you to significant risks (e.g.,
RIAA) depending on your jurisdiction, etc. Some downloads may carry
malware payloads (at minimum this requires anti-virus scanning; more
serious approach adds virtual machine).
In fact, ANY downloading from the net (as opposed to plain surfing) is at
least medium risk (some might say *high* risk *even* for 'respectable"
sites). This especially includes 'stealth downloads' such as when you
mindlessly click yes to a message like "This video requires a codec that
is not presently installed - Install it now?" or similar invitations to
self-infection.
>> With that said, the basic kit is as follows:
>>
>> 1) use a router
>> 2) use a decent software firewall
>> 3) use a decent antivirus
>> 4) use programs with reduced suceptibility to security breaches
>> (e.g., firefox), addons which increase security (e.g., noscript,
>> flashblock, betterprivacy) and - especially important! - configure
>> all software (OS, firewall, browsers, email, etc.) appropriately.
>
> I use a router. I don't have a firewall nor antivirus. After I post
> this I'll go get firefox with the addons you've listed.
>
> But, could you please narrow down what you mean by 'configure all
> software appropriately'?
Because it's once again a very broad topic I'll give you one example to
let you get the "flavour" of what I'm talking about: Your email program
default MUST be configured NOT to display html.
Or for a second example: Your browser should be configured with java and
javascript off as the default and only enabled on trusted sites
(Noscript, etc. can help manage aspects like this).
Lastly (well not really lastly - there's lots more - but lastly for this
post) you must "configure yourself" not to do stupid things thoughtlessly
or from laziness or carelessness. You may not go to the trouble of
developing formal protocols but you should have at least rough and ready
ones - and you must religiously follow them. YOU are the greatest risk
to your security.
Regards,
Albert
> I hope you aren't using the very system you're trying to protect, to
> send these posts!
I am.
1PW
Pity
--
1PW
Albert
> Your email program default MUST be
> configured NOT to display html.
How do you do that in Gmail?
Albert
> I've just installed XP and need to surf the web. Do I need to install
> anything?
To sum up, I need to _install_:
1. Erunt (use before installing anything)
2. NOD32 or Symantic Client Security or Avast (updating everyday)
3. NTREGOPT
4. Acronis True Image
5. SAS
6. MAM full for IP blocking
7. Sunbelt
8. WinPatrol 2009
9. InstallSpy
10. SyncBank Freeware
11. A HOST file
12. Fingerprint
13. Spybot - don't use TeaTimer
14. Mixmaster
15. Mail2news gateway
15 things!!!
[pause]
What if I wanted to allow malware to wreak havoc on my computer since
there's nothing important there but _make sure_ I don't send out
private, personal, important etc. information?
nemo_outis
8231-c15...@z4g2000prh.googlegroups.com:
At last the light begins to dawn! You may recall that I was less than
enthusiastic about gmail.
You may also wish to consider critiques such as the one at the following
site (nothing special - I just picked it as one of many out there -
ironically, you can google to find zillions more). Such things as the 180
day lapse of protection, targetted ads based on profiling one's email, etc.
make my flesh crawl. YMMV After all, it *is* very convenient (and why let
privacy stand in the way of convenience?)
http://www.google-watch.org/gmail.html
Regards,
nemo_outis
a453-3d2...@m33g2000pri.googlegroups.com:
I gave you the basic kit - the others are part of a more complete
toolbox. But, useful as all the others are (I too use many of them or
something close) you must learn to walk before you run. Master the
basics, then add. Otherwise even the best tools are mostly useless.
However, with respect to your question about not sending out information,
the problem is if you let malware *in* you then have a traitor in your
own camp that can leak sensitive info *out.*
Regards,
PS There is more to this than just getting the kit - you must know how
to apply it. For instance, even an ordinary router can be configured to
prevent most things getting in that you do not voluntarily (where
"voluntarily" has a very broad meaning) bring in. A software firewall,
while it does add some incremental protection against inbound threats is
mainly useful for (at least partially) blocking outward channels. The
router and software firewall work synergistically.
The anti-virus program (and malwarebytes, superanti, etc.) are mostly an
admission that we will (at least sometimes and to varying degrees) FAIL
to keep shit out. They're there to minimize the damage by early
recognition, threat neutralization, and removal. (Backup - as with
Acronis, etc. is also part of a harm minimization approach, one not just
limited to malware threats)
None of the kit - in fact, not even ALL of the kit gives total
protection. We're in a race with clever, capable and motivated
adversaries (at the high end) concealed within mases upon masses of
lesser threats arranged in tiers of capability. (Some of) the opponents
are very good indeed, and they need only find ONE workable exploit to get
you while you must block ALL possible threats to be totally secure. The
odds are with them.
The full bore approach is threat and consequence assessment followed by
selection and use of tools and procedures (yes, procedures and not just
tools) that will reduce the threats. All within constraints imposed by
our resources (not just money, but time, trouble, skills, etc.). It's an
exercise in risk management. But sadly, risk management seldom achieves
the holy grail of risk elimination.
Ain't life a bitch?
~BD~
"Albert" <albert.xt...@gmail.com> wrote in message
news:0f52881a-0081-4edf...@m33g2000pri.googlegroups.com...
<snip<
> What if I wanted to allow malware to wreak havoc on my computer since
> there's nothing important there but _make sure_ I don't send out
> private, personal, important etc. information?
Hello Albert :)
Maybe you have *already* allowed malware to wreak havoc on your computer!
Viz:-
"Albert" <albert.xt...@gmail.com> wrote in message
news:50b375c5-e573-48bb...@v15g2000prn.googlegroups.com...
> 1PW wrote:
>> I hope you aren't using the very system you're trying to protect, to
>> send these posts!
>
> I am.
Maybe you are simply unaware that malware is present!
Some here will advocate that you should now "flatten and rebuild" your
machine and make sure that you have installed basic protection *before* you
reconnect to the Internet. I support that approach! I also support the use
of Acronis True Image (to 'turn back the clock' in future).
However, have you considered that your BIOS may have been/could be infected?
A whole new ball-game!
Some may wish to review here:
http://www.phrack.org/issues.html?issue=66&id=7
An interesting subject - ask Google!
HTH
--
Dave
1PW
> Albert wrote:
>> I've just installed XP and need to surf the web. Do I need to install
>> anything?
>
> To sum up, I need to _install_:
>
> 1. Erunt (use before installing anything)
I believe SCS is no longer offered. SAV Corp Edition v10.2 & $36 per
seat is giving way to Symantec End Point Protection v11.0 soon.
Avira AntiVir Personal (Freeware)
> 3. NTREGOPT
> 4. Acronis True Image
> 5. SAS
> 6. MAM full for IP blocking
You probably meant MBAM.
> 7. Sunbelt
> 8. WinPatrol 2009
> 9. InstallSpy
> 10. SyncBank Freeware
> 11. A HOST file
You probably meant HOSTS not HOST
> 12. Fingerprint
> 13. Spybot - don't use TeaTimer
> 14. Mixmaster
> 15. Mail2news gateway
>
> 15 things!!!
16. Would you like the best tool for rootkit detection & remediation?
GMER: <http://www.gmer.net/#files> (Freeware)
>
> [pause]
>
> What if I wanted to allow malware to wreak havoc on my computer since
> there's nothing important there but _make sure_ I don't send out
> private, personal, important etc. information?
How would you answer your own question if someone asked you if it's OK
to provide a home for mailbots, spambots, Conficker, malware bots,
etc? What's the name of this newsgroup Albert?
Have all of us wasted our time here Albert? I sincerely hope not.
--
1PW
nemo_outis
news:Xns9C8A667F...@69.16.185.247:
...
> But sadly, risk management seldom achieves the holy grail of risk
> elimination.
>
> Ain't life a bitch?
>
Before I transmit my rampant privacy paranoia to you, perhaps it might
help to get a little perspective on risk. The internet is overblown!
Life is a risky business - no one gets out alive!
The most dangerous thing I do (or did) was drive to work every day. The
internet is trivial by comparison.
As for the internet, say, stealing your credit card numbers, consider
this:
I have often gone out for dinner with friends, ate and drunk my fill, and
finally blithely handed my credit card to the waiter (whom I don't know
from Adam) who disappeared in the back for a few minutes before coming
back with the bill for me to sign. He could have gotten everything there
was to get from my card in terms of info if he was so inclined. And I
didn't worry about it. Mostly I worry even less for the internet.
Yes, I take precautions, but I don't obsess about them.
Regards,
PS For instance, if you are worried about internet leakage of sensitive
personal info, you could do the following: Have two computers, one for
"ordinary" surfing including some high-risk surfing (porn, warez, etc.)
and a completely separate system (air gap to other one) for sensitive
surfing (online banking, etc.) Or, if you can't afford this, then
approximate it with two virtual machines for low and high risk surfing
(each could be as simple as, say, JanusVM).
I don't do this, but it's not because I don't know how. I know that I
won't put up with the PITA of adhering to the protocol (less charitably
you could say I lack the self-discipline to do so).
I will even tell you that I DON'T use a antivirus full time (I scan
selectively). Why? Because the totality of my protections coupled with
my risk exposure doesn't require it. Anti-virus programs (even the best
using their super-duper heuristics) aren't worth shit except against OLD
exploits and script-kiddie variants (although there's lots of that out
there). Any good virus writer TESTS his new virus against all the major
antivirus programs before issuing it. Anti-virus makers are always
playing catchup. Their brag is that they stop, say, 99.4% of the viruses
out there, but what they don't tell you is that it's the residual 0.6%
hot new ones that only have to be unstoppable for a day or two to do
their work that always get by.
I am reminded of certain folks I know in the "recreational
pharmaceuticals" business who adopt parallel measures. Some for instance
have their own kennels of highly trained sniffer dogs (not overworked
ones like customs) The product doesn't ship until it passes the Fido
sniff test - with multiple dogs! And so with good virus writers.
as
wrote:
>
>av-comparatives.org tests antivirus software. Eset's NOD32 is a
>worthy combination of fast performance and strong signature based and
>heuristic based malware detection.
He can do better than NOD32.
Here for his perusal is the latest Virus Bulletin AV tests.
as
<albert.xt...@gmail.com> wrote:
>What if I wanted to allow malware to wreak havoc on my computer since
>there's nothing important there but _make sure_ I don't send out
>private, personal, important etc. information?
You don't seem to understand the situation. If you "allow" the above
to happen, you will be sending out viruses, trojans, all types of
malware, because your machine will probably turned into a 'bot' by
some of that malware. You will not only be responsible for infecting
god knows how many other machines, but if your ISP has a half of a
brain, you'll end up tossed from their system.
How can you say "...there's nothing important there..." and then say
you're worried sending out "...private, personal, important etc.
information?"
You need an education in exactly what can happen to an infected
machine. An infected machine can end up little else than a doorstop.
There are a myriad of scenarios as to what happens to an infected
machine. You *really* need a general, basic education on the subject.
1PW
Albert
> How can you say "...there's nothing important there..." and then say
> you're worried sending out "...private, personal, important etc.
> information?"
I don't want my email account or any other account that I've set up
for forms hacked into. If I ever purchase from ebay or amazon, I don't
want my details made available to people. Information need not be
stored on a hard drive.
1PW
Start on your list of 16. The list will probably "improve".
HTH
--
1PW
Albert
> <snip _top-post_>
> > What if I wanted to allow malware to wreak havoc on my computer since
> > there's nothing important there but _make sure_ I don't send out
> > private, personal, important etc. information?
>
> How would you answer your own question if someone asked you if it's OK
> to provide a home for mailbots, spambots, Conficker, malware bots,
> etc?
I apologise for asking that question. I didn't think that malware went
into one system and used _that_ system to spread to other systems. I
hadn't realised that making one's system less secure can affect other
people's security. Alright - so my new goal is to minimise the risk of
getting malware on my laptop so that others have less of a chance of
getting the same malware :)
> What's the name of this newsgroup Albert?
alt.computer.security
David H. Lipman
| However, have you considered that your BIOS may have been/could be infected?
| A whole new ball-game!
| Some may wish to review here:
| http://www.phrack.org/issues.html?issue=66&id=7
| An interesting subject - ask Google!
| HTH
| --
| Dave
Pure FUD.
The BIOS is NOT infected and should not be considered tobe infected or become possibly
infected!
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Albert
> I've just installed XP and need to surf the web. Do I need to install
> anything?
Now let's stop thinking about this until notified otherwise.
I also have a remaster of PCLinuxOS installed. If I plan to use this
for anything related to the internet and XP for everything else, what
do I need to install on the linux distro?
1PW
OK! You're back on track. You have quite a bit of work to do now.
The sooner, the safer.
Best wishes,
--
1PW
1PW
Although many hold that the world of malware is mostly confined to
Microsoft based systems, I would be most distressed if my Linux system
was passing malware my Windows user friends.
Every few months it seems as if the major antimalware players release
a Linux version of their wares. I've used freeware versions of F-Prot
& ClamAV for a long time. ClamAV has frequent virus signature updates
during the day. Better Linux AVs are on their way.
I see that PCLinuxOS has a Mozilla Firefox 3.5.3 which is good. Then
you can use the same plugins that were mentioned to you before. Add
to that, the latest version of Mozilla's Thunderbird.
PCLinuxOS is not super popular like Fedora and Ubuntu. If SELinux is
part of or can be made part of your distro, that would be excellent.
IF PCLinuxOS has an Intrusion Detection System (IDS) use it. Very
little is published about security hardening that particular distro.
Some folks will compile the latest kernel in an effort to keep up to
date. Many prefer to compile from trusted source repos, any new
applications they're interested in.
If you're really into Linux after running your PCLinuxOS for a while,
look into Fedora 11 (Leonidas). Virtualization may look attractive to
you if you've given any thought of running XP as a guest on a Linux
system.
--
1PW
Leythos
@j9g2000prh.googlegroups.com>, albert.xt...@gmail.com says...
Not sure about the list in the other reply, but if you don't visit
questionable sites as a practice:
Quality Active Anti-Malware/Virus software
FireFox - latest version
Updated Sun Java
Adobe Flash, Shockwave, Reader
All Critical and most all Optional Windows Updates - do a custom update
to see the Optional ones
A simple NAT router to block unsolicited inbound traffic
Do not run as an Administrator level account.
nemo_outis
4ax.com:
It's worth looking at such guides when selecting an antivirus program but
one shouldn't get too caught up in it. Anything in the upper right
"cluster" on the graph at http://www.virusbtn.com/vb100/rap-index.xml
will do in terms of core functionality. Final selection requires broader
criteria.
In short, there are a dozen or so programs at the top level (Avira, AVG,
G-data, Webwasher, etc.) and quite commonly there are shifts in their
relative rankings. But there's a lot more to choosing a program than
just the rankings - Norton, for instance, despite being moderately good
functionally, is a bloated pig, has a well-deserved rep for interfering
with other programs, and puts down roots so deep that it is a bitch to
completely uninstall (Norton has a separate specialized program to help
deal with this). Avira on the other hand is quite lightweight and seldom
generates false positives (a huge problem especially for novices!) while
Kaspersky is superb at unravelling packing schemes to look inside packed
programs (very handy for warez downloaders), etc., etc.
Note also that there is a considerable difference between the malware and
spyware rankings in some cases (e.g., bitdefender) at
http://www.virusbtn.com/news/2008/09_02.
Moreover, I am quite a proponent of - ahem! - "extended evaluation"
software - I don't think I have bought any software in at least 5 years
(more like 20 :-) Some programs (Nod32, kaspersky) are a pain to keep
thwarting their protections when updating, etc.; others, like Avira, are
easy and convenient to keep up to date (and there's even a free version
that's pretty good for the honest cheapskates).
Finally, one should keep in mind my previous post - antivirus programs
provide little protection against new (not variant) viruses and malware.
For instance, no program on the RAP index graph gets over 80% on
proactive detection - 20% missed is a huge hole!
In a similar vein, "elite evil hackers" now plan their month around
Microsoft's "second Tuesday" security releases. Hackers rush to reverse
engineer the security releases to discover the vulnerabilities and then
release malware to exploit them. Woe to him who is slow in upgrading! -
an example of my earlier "configuration point." The very process of
patching vulnerabilities has given hackers a highly convenient exploit
methodology.
Regards,
David H. Lipman
| as;d...@dasfkjl.com wrote in news:06l6b5p23jusmteo3cm3pf54edkblqol3m@
< snip >
| In a similar vein, "elite evil hackers" now plan their month around
| Microsoft's "second Tuesday" security releases. Hackers rush to reverse
| engineer the security releases to discover the vulnerabilities and then
| release malware to exploit them. Woe to him who is slow in upgrading! -
| an example of my earlier "configuration point." The very process of
| patching vulnerabilities has given hackers a highly convenient exploit
| methodology.
| Regards,
An interesting observation that I had not considered.
Albert
> Although many hold that the world of malware is mostly confined to
> Microsoft based systems, I would be most distressed if my Linux system
> was passing malware my Windows user friends.
I think that I comprehend the meaning, but I don't know why you begin
with 'Although'...
> <snip>
>
> IF PCLinuxOS has an Intrusion Detection System (IDS) use it. Very
> little is published about security hardening that particular distro.
What if I run Damn Small Linux from the RAM?
> <snip>
1PW
> 1PW wrote:
>> Although many hold that the world of malware is mostly confined to
>> Microsoft based systems, I would be most distressed if my Linux system
>> was passing malware my Windows user friends.
>
> I think that I comprehend the meaning, but I don't know why you begin
> with 'Although'...
The word was leftover in my left brain. Now it's not there. 8-O
>
>> <snip>
>>
>> IF PCLinuxOS has an Intrusion Detection System (IDS) use it. Very
>> little is published about security hardening that particular distro.
>
> What if I run Damn Small Linux from the RAM?
>
>> <snip>
Hello Albert:
The subject is "transmission of malware through Windows vs Linux based
systems". Our Linux systems enjoy some added security through
obscurity over Windows based systems. However, I might be storing
Windows executables on my Linux system in an effort to transmit them
innocently to relatives, friends or associates with whatever intent
you might imagine.
I feel an obligation to assure myself that I am not spreading malware.
I also need to keep my ISPs from disconnecting my service.
Therefore I run several feel good AV programs that check my Linux
systems. I also keep the AV applications current in case the bad
folks shift more effort in our *nix direction.
I believe you could take great comfort in knowing that your PCLinuxOS
or Damn Small Linux would probably keep you safe if you aren't moving
Windows executables in and out. However, repos' offer some security
enhancements that harden the Linux side of my systems nicely.
I wouldn't limit myself to any small Linux. Personally I'd like a
full service Linux that allows me to explore all manner of personal
computing. A few of the larger distros suit me fine.
HTH
--
1PW
Kyle T. Jones
> (Todd H.) wrote:
>> <snip intro>
>> ...there is no patch for human stupidity (i.e. you respond to
>> phishing emails, install a trojan), or fall victim to a 0day attack
>> via unpatched issues in your browser, IM program, media player, pdf
>> viewer, flash plugin, what have you.
>
> I don't respond to phising emails. I plan to install the bare minimum
> so I can scan exe files for being trojans. I don't use IM. My pdf
> viewer is portable and as long as I copy three files to a computer in
> the same directory it'll work - so I doubt malware would get through
> via this program. I don't need the flash _plugin_.
>
> So if I install NOD32 and don't do anything stupid, I can't get malare?
Nobody and nothing on the planet can make that promise, friend... but,
methinks the appropriate response here is SHINEY!!!@! <you are just
trolling, right?>
Cheers.
Albert
> Albert wrote:
> > <snip _top_post>
> > So if I install NOD32 and don't do anything stupid, I can't get malare?
>
> Nobody and nothing on the planet can make that promise, friend... but,
> methinks the appropriate response here is SHINEY!!!@! <you are just
> trolling, right?>
No.
Is it possible on a Windows system to find all the exe's that are
accessing the internet? Can you provide an example?
m...@here.and.there
I kind of figured that out when the jerk said he had dual partitions,
one with Linux on it. How can someone be so ignorant as his original
question portended and then know enough to have dual OSs on his
machine?
He has no life and no power in his real life, so he comes here to
manipulate people who are rather gullible because they go to great
lenghts to help the naive. It shows what a pathetic jerk he is.
as
Sorry, forgot to munge to the handle I originally had used for the
posts. (I'm using it this time.)
Albert
> <snip _top-post_>
> I kind of figured that out when the jerk said he had dual partitions,
> one with Linux on it. How can someone be so ignorant as his original
> question portended and then know enough to have dual OSs on his
> machine?
I am an example, am I not?
Couple years back all I did was install AVG Free and TweakXP to get
rid of processes I didn't need, switch to Mozilla and then said I was
secure.
> He has no life and no power in his real life,
You are correct in saying that I have no power in my real life - I am
16 years old.
> ...so he comes here to
> manipulate people who are rather gullible because they go to great
> lenghts to help the naive.
Because I wanted to get _an_ insight into how security freaks secure
computers from scratch.
> It shows what a pathetic jerk he is.
Even if the relative clause in the above sentence can be proven true
with a watertight argument, there's nothing wrong with its effects.
_Some_ of the questions I've asked could have been avoided had I
thought about it for another half hour and I may have written false
statements in earlier posts, but I haven't done anything wrong.
I have wanted to learn about securing a computer from the ground-up.
as
Don't answer this shit-for-brains troll. His "I am 16 years old"
(sic) is just more troll bait.
(If you wish to speak of things such as a 'relative clause', I'd first
tell you to learn how to spell. It's 16-year-old, not 16 years old.)
Bye-bye. (Others may wish to continue with you, but I won't.)
Albert
> <snip>
> I'm afraid no product will prevent you entirely from getting malware.
> Antivirus is not terribly hard for custom malware to avoid
Alright - I have two goals:
1. to have no personal information stolen
2. to make sure my machine doesn't spread malware to other machines
I'll have the latest Firefox. PC Tools Internet Security will be
updated ASAP.
Any files I wish to personally edit are on an external USB stick ie
none will be on the hard drive.
No backup software whatsover - if PC Tools Internet Security does not
fix any software / OS issues, I'll reformat my hard drive and
reinstall necessary OS's.
Will my plan bring success to my goals?
1PW
> Todd H. wrote:
>> <snip>
>> I'm afraid no product will prevent you entirely from getting malware.
>> Antivirus is not terribly hard for custom malware to avoid
>
> Alright - I have two goals:
> 1. to have no personal information stolen
> 2. to make sure my machine doesn't spread malware to other machines
>
> I'll have the latest Firefox. PC Tools Internet Security will be
> updated ASAP.
PCTools? Now It's plain. You're not for real.
> Any files I wish to personally edit are on an external USB stick ie
> none will be on the hard drive.
>
> No backup software whatsoever - if PC Tools Internet Security does not
> fix any software / OS issues, I'll reformat my hard drive and
> reinstall necessary OS's.
>
> Will my plan bring success to my goals?
What do you think?
--
1PW
Albert
> Albert wrote:
> > Alright - I have two goals:
> > 1. to have no personal information stolen
> > 2. to make sure my machine doesn't spread malware to other machines
>
> > I'll have the latest Firefox. PC Tools Internet Security will be
> > updated ASAP.
>
> > Any files I wish to personally edit are on an external USB stick ie
> > none will be on the hard drive.
>
> > No backup software whatsoever - if PC Tools Internet Security does not
> > fix any software / OS issues, I'll reformat my hard drive and
> > reinstall necessary OS's.
>
> > Will my plan bring success to my goals?
>
> What do you think?
I think so until notified otherwise. The fulfills 3 of the 4 points
mentioned in nemo_outis' basic kit (2nd post in this discussion). I
doubt I'll get a NAT router this Christmas, though.
1PW
Your plan is flawed. You were told.
--
1PW
Todd H.
> Todd H. wrote:
>> <snip>
>> I'm afraid no product will prevent you entirely from getting malware.
>> Antivirus is not terribly hard for custom malware to avoid
>
> Alright - I have two goals:
> 1. to have no personal information stolen
> 2. to make sure my machine doesn't spread malware to other machines
>
> I'll have the latest Firefox.
Who knows how many 0 days it has. It hasn't had a great track record
the past year.
> PC Tools Internet Security will be updated ASAP.
PC Tools eh?
> Any files I wish to personally edit are on an external USB stick ie
> none will be on the hard drive.
Doesn't matter to malware.
> No backup software whatsover - if PC Tools Internet Security does not
> fix any software / OS issues, I'll reformat my hard drive and
> reinstall necessary OS's.
>
> Will my plan bring success to my goals?
I'm afraid no product will prevent you entirely from getting malware.
Antivirus is not terribly hard for custom malware to avoid.
All you can do is take steps to minimize risk. Web surfing is best
done in a throw away virtual machine (using vmware, vmware player or
the like) that gets refreshed at regular intervals back to a known
clean state. This presents a pretty significant barrier to the
infection of your host operating system and storage media from the
threats you're concerned about. If they infect the virtual machine,
it's blown away and refreshed regularly, and you're in better shape.
--
Todd H.
http://www.toddh.net/
Todd H.
Assuming there's not a kernel mode rootkit involved, Microsoft
SysInternals tcpview program (free from Microsoft if you can believe
it) will tell ya.
Albert
> <snip>
>
> All you can do is take steps to minimize risk. Web surfing is best
> done in a throw away virtual machine (using vmware, vmware player or
> the like) that gets refreshed at regular intervals back to a known
> clean state. This presents a pretty significant barrier to the
> infection of your host operating system and storage media from the
> threats you're concerned about. If they infect the virtual machine,
> it's blown away and refreshed regularly, and you're in better shape.
So if they infect the virtual machine which was in a "clean state" a
few seconds ago, but the virtual machine has no access to hardware
(except for the mouse and keyboard on the host), then malware is
restricted to the virtual machine, right? All that's left is to detect
this malware before I allow the guest access to hardware that stores
data, right?
Todd H.
> Todd H. wrote:
>> <snip>
>>
>> All you can do is take steps to minimize risk. �Web surfing is best
>> done in a throw away virtual machine (using vmware, vmware player or
>> the like) that gets refreshed at regular intervals back to a known
>> clean state. �This presents a pretty significant barrier to the
>> infection of your host operating system and storage media from the
>> threats you're concerned about. � If they infect the virtual machine,
>> it's blown away and refreshed regularly, and you're in better shape.
>
> So if they infect the virtual machine which was in a "clean state" a
> few seconds ago, but the virtual machine has no access to hardware
> (except for the mouse and keyboard on the host), then malware is
> restricted to the virtual machine, right?
Yup. This is how malware analysts take apart malicious or potentially
malicious code (though malware can detect when its being run in a
virtual machine and do something different, and there are hardware
virtualization techniques that are more transparent).
> All that's left is to detect this malware before I allow the guest
> access to hardware that stores data, right?
No need to both with detection. Assume it's infected to high heaven.
Just roll back the VM to a clean state ever 30 minutes or so.
Albert
> <snip>
> Yup. This is how malware analysts take apart malicious or potentially
> malicious code (though malware can detect when its being run in a
> virtual machine and do something different, and there are hardware
> virtualization techniques that are more transparent).
What do people mean when they describe something as 'transparent' in
this context? I'm not sure what the last phrase means...
David H. Lipman
You can see right through their malcious nature and actions bypassing obfuscation
attempts.
Todd H.
i.e. there are far fewer clues inside the virtual machine to let a
program be able to detect that it's inside a virtual machine.
I'm thinking of Dinaburg and Royal's Xen-based Ether hardware
virtualization. http://ether.gtisc.gatech.edu/
Randy Yates
> Yup. This is how malware analysts take apart malicious or potentially
> malicious code (though malware can detect when its being run in a
> virtual machine and do something different, and there are hardware
> virtualization techniques that are more transparent).
I wonder if you can install a virtual machine under a virtual machine?
A la "Thirteenth Floor"? If so, could it be somehow leveraged to
this problem?
--
Randy Yates % "Watching all the days go by...
Digital Signal Labs % Who are you and who am I?"
mailto://ya...@ieee.org % 'Mission (A World Record)',
http://www.digitalsignallabs.com % *A New World Record*, ELO
Anne & Lynn Wheeler
Randy Yates <ya...@ieee.org> writes:
> I wonder if you can install a virtual machine under a virtual machine?
> A la "Thirteenth Floor"? If so, could it be somehow leveraged to
> this problem?
before 370 was announced (or even built) there was project at the
science center to simulate the 370 architecture (in cp67) (which was
somewhat different than the 360 architecture, some new instructions,
virtual memory hardware tables had different format, etc).
the problem was that the science center cp67 time-sharing service also
had numerous (non-employee) users (students and others) from various
educational institutions (harvard, mit, bu, etc) in the boston/cambridge
area. as a result, there was lots of security concerns that the effort
would leak (confidential) information about unannounced products.
so the decision was made that the modifications (for 370 virtual
machines) were made to version of cp67 system that ran in a 360/67
virtual machine (kept isolated from what the non-employees had access
to).
then a different cp67 was modified to run on 370 machine (using the new
instructions and building the 370 virtual memory tables ... rather than
the 360 virtual memory tables). the result was:
360/67 hardware
-> cp/67 running on real 360/67 providing 360 virtual machines
-> cp/67 running in 360 virtual machine providing 370 virtual machines
-> cp/67 running in 370 virtual machine providing 370 virtual machine
-> cms running in 370 virtual machine
all of this was operational and in regular use a year before there was
engineering 370s with virtual memory hardware support (circa 1970)
... and while non-employees also had online access to the same,
underlying (unmodified) cp67 virtual machine system (running on the real
360/67 hardware).
"real" virtual machine implementations are recursive.
there was an incident where information about 370 virtual memory was
leaked ... but it didn't involve the above effort. an internal
confidential document was copied and made it into the hands of somebody
from the press. there was an investigation attempting to identify who
leaked the information. one of the results were that all the corporate
copying machines were modified so that they left (unique) identifiable
mark on paper copies (indicating which machine made the copy).
--
40+yrs virtualization experience (since Jan68), online at home since Mar1970
Albert
2. When I installed SAS Pro I accidentally selected the option for
allowing just the admin to run it; how do I enable it for all users?
1PW
> 1. Can a computer get malware if all it does is get AV and SAS updates?
If talking hypothetically and any computer in general, and not knowing
any other details, of course the answer will be an unqualified yes.
> 2. When I installed SAS Pro I accidentally selected the option for
> allowing just the admin to run it; how do I enable it for all users?
Preserve your SAS' personal upgrade licensing information. Then
uninstall & reinstall.
--
1PW
Todd H.
> 1. Can a computer get malware if all it does is get AV and SAS
> updates?
Certainly. But how likely? That depends.
How is the machine physically secured? Who can, say, get at its USB
ports? CD drive? Console? What OS is it? What else is on the LAN
with that computer? What else can initiate any sort of network
connection to the computer? What services are running on the
computer? Have they been kept up to date? Do they have unpatched
vulnerabilities? How is it known that the computer only does those 2
things? Do administrators ever do anything else with the machine?
> 2. When I installed SAS Pro I accidentally selected the option for
> allowing just the admin to run it; how do I enable it for all users?
[cheerfully deferred]
Best Regards,
Albert
> How is the machine physically secured?
What do you mean by "physically secured"?
> Who can, say, get at its USB ports? Console?
Only me.
> What OS is it?
To be Windows 7.
> What else is on the LAN with that computer? What else can initiate
> any sort of network connection to the computer?
Nothing else.
> What services are running on the computer? Have they been kept up
> to date? Do they have unpatched vulnerabilities?
An AV, SAS and probably Sun VirtualBox.
> How is it known that the computer only does those 2 things?
Because I said so.
Todd H.
> Todd H. wrote:
>> How is the machine physically secured?
>
> What do you mean by "physically secured"?
Your original post didn't mention if we were talking about a server in
a rack, or under a desk, in an office, in a private residence, etc.
Physical security = who can put their hands on the box. Because if
someone can touch the box, they can own it.
>> Who can, say, get at its USB ports? Console?
>
> Only me.
Then that cuts out a lot of worries about attacks from people with
physical access to the box.
>> What OS is it?
>
> To be Windows 7.
>
>> What else is on the LAN with that computer? What else can initiate
>> any sort of network connection to the computer?
>
> Nothing else.
If it's the only machine on the lan, and that lan is firewalled off
from the Internet, and only getting SAS and AV updates, then indeed
your attack surface is very very small. You can then basically cross
network based attacks off the worry list. And as you dont' have a
user running internet based apps like web browsers chat clients or
peer to peer stuff on it, that cuts out all client-side attacks from
the worry list as well. About all you'd have to worry about is the
security of DNS to the SAS and AV update servers to avoid any arcane
man in the middle rougue update attack that might possibly be
envisioned, but I'd say those odds are quite small.
>> What services are running on the computer? Have they been kept up
>> to date? Do they have unpatched vulnerabilities?
>
> An AV, SAS and probably Sun VirtualBox.
>
>> How is it known that the computer only does those 2 things?
>
> Because I said so.
Sounds like if this is to be Windows 7 and you don't have the OS and
machine together yet, that you don't know exactly what services are
really running on the computer, just what things you plan to put on
the box. So, please, don't be an snide asshole when people are trying
to help you for free.
Technically, "Because I said so" doesn't tell you the same things a
port scan, list of running services pasted into a posting, or network
vulnerability tool would in terms of what you think you know about
what services are being offered by this machine (such as SMBv2 and its
(unpatched by vendor?) vulnerability. Then again we just had a patch
Tuesday so maybe they fixed that big ah-shit with smbv2. At any rate,
the services that are listing turns out to be a moot point since
you're in the very unusual situation of this one box being all alone
on the LAN, therefore the threats to its listening services from other
devices aren't really anything to worry about.
In summary: Your proposed setup seems poised to be a pretty tough
target, if the assumptions you've put forward all turn out accurate.
But I suspect that if this is a single machine in your home(?) all
alone on the LAN, you might be doing some web surfing from it? If so,
then that'd probably be the primary vector for getting infected.
Repelsteeltje
"Albert" <albert.xt...@gmail.com> schreef in bericht
news:33d368a5-5be1-4dc4...@f20g2000prn.googlegroups.com...
> I've just installed XP and need to surf the web. Do I need to install
> anything?
How about this?
1 Anti-virus
2 Firewall
3 Anti-Spy
4 Anti-Spam
Is this enough?
Root Kit
You don't need all kinds of anti-this and -that.
What you need is to surf the web in a sensible way using a robust
browser. And keep both your OS and installed applications patched.