From: Den Haag: The Royal Residence Insane since: Jul 2000
posted 03-21-2006 03:19
There are so much dangerous threads outthere so securing your gear is a good thing nowadays. The only problem i have is how, today there seems to be an software security company grwing under each stone i lift. Some off them have a good rep others i never heard off and some try to force me to install their trojan and virus loaded "security-software." The last category is he most anoying using as the use windowsXP-look-a-like menus and windows. You know what a mean those anoying pop-ups which state that your computer is not secure press yes to install the solution and be forever safe. Sometimes i need to shut down the proces with the windows taskmanager. And even then they might just go along and install whatever they think you need.
So to protect myself and my systems i have taken some measurements:
-My router will not alow inittiating conections from the outside world unless i specify which ports are open.
-Service pack 2 is installed.
-AVG is installed as virus scanner and wil auto update whenever my computer goes online
-In IE ActiveX content is disabled.
-In firefox cookies and javascript are only accepted on whitelisted sites
-In firefox adblock and flashblock keep the most irritating flash pop-ups away.
-Some spyware checking tools are installed
-All mail is shown as text only (scripts and html are disabled)
-I keep my windows and my drivers uptodate
-There is a firewall installed.
etc. etc.
So i do feel pretty safe in my castle but i am wondering what other people do to secure their machines. Which programs do you use and for what reason? Which programs do you avoid and why? What other things do you do to make live safe?
.........................................................................
:: Develop yourself, develop your life, develop the world ::
.........................................................................
Backup constantly.
Use firefox.
Run avast + ad-aware periodically.
Check constantly Process Explorer when something is behaving oddly.
Keep my documents on a separate partition than the OS.
- stealth'd NAT router - configured properly
- AVG
- Firefox (IE for automatic Win and Office Updates)
- software firewall - configured properly
- delete hella buncha mail
- sensitive files are encrypted with keys stored elsewhere
- aware of where I'm at on the web
- don't talk about security much
Let's see now...
Security Software:
Firewall, Sygate at present but I'm still looking around for other brands. Re-investigate Windows firewall is on the "to-do" list. (does anyone have two firewalls running?)
AVG "free" anti-virus.
Ad-Aware.
Spyware Doctor.
It's not just a case of what security software we have installed though is it? It is also important how and when we run checks as well I believe.
Currently I run security scans at least once a week. Then about once a month I do a complete "health check"
To do this I turn off System Restore and set my Virtual Memory to almost nothing. Then I reboot and scan with all the above software for nasties. Then I Defrag all my drives. Once that is done I reset System Restore and my Virtual Memory.
I also use IE 7, the new one, but only for updates, Foxy is my usual browser.
I also use Abexo reg cleaner from time to time as well.
I have another plan though....
I think, If I get enough parts to make another half decent computer, I am going to unplug my "big" usual computer from the net all together and only use the spare one for perusing the internet. Perhaps I may even use the laptop instead but my eyes don't really like laptops.
This way I can keep my beautiful big baby protected, and it runs so much smoother when not connected to the net.
From: there...no..there..... Insane since: May 2001
posted 03-21-2006 16:38
well like most of you I have :
AVG
use FF and Thunderbird
I do keep my winders box updated
I do have the Winders firewall enabled but...
I also have a linksys firewall/router
Ad-aware and spybot running on a scheduled task
I keep the system restore on but i did learn to disable the "Automatic Restart on System Faliure". Got a computer locked in a loop because of this and couldn't do jack.
I've only had one virus and that was a long time ago. Didn't use AVG back then either. Since then I've been clean
Wireless router, integrated firewall.
WEP because it's handy, not because it is secure. Otherwise I'd use WPA.
IP range changed from 192.168.0 to something else, to make it harder to figure out/guess.
Network name (SSID) changed to something weird as well.
Router allows machines only per Mac adress: unknown macs are forbidden.
All systems on XP SP2, firewall is the default Windows firewall, latest updates, auto-updates, Avast because I needed a free antivirus.
Google toolbar for blocking popups on IE.
Passwords for all my users.
Casual Ad-aware.
And that's almost all.
And I still don't feel secure at all (macs can be spoofed, ips can be spoofed, wep keys as well, password reset on Windows is easy from command line, etc.).
But for a home user/setup it's a good security/ease of use balance.
Windows SP2 and Firewall,
F-Prot Antivirus,
Hardware Firewall from my Router
And that's it, my virus cheker runs once a week, I get updates daily, or everytime I turn on my machine, windows alerts me whenever a new update is available, I also have automatic updates turned on.
I've not had a virus on this machine and as far as I can tell it's not been compromised either for months, I do believe that some people have a little bit of overkill when it comes to securing their PC's.
I have 3 computers (OS X, XP, Gentoo) and all use the same fool proof plan - I don't allow other people to use them. The day I stopped sharing a computer with my family was the day 95% of my computer problems disappeared.
I take the usual precautions:
- Hardware firewall
- Software firewall
- Antivirus software
- Spyware software
- Updated "stable" versions of all software
- Use iTunes for music (MOST IMPORTANTLY)
I'm not all that concerned with my security. I'm more concerned with backing up important documents on my computer. All home & office documents are backed up online and on DVD. I never took that stuff too seriously but I've had too many moments where my HD spontaneously combusted and I lost important documents.
Btw, about Wep and Wi-Fi security, I read somewhere, can't find the link now,
that some people had been prosecuted... for crimes commited by other people abusing theyre bandwidth.
Hackers downloading child pornography over an average user's connection or something of that kind.
It sucks, and it's sadly very real: there is a whole security war and buzz around wi-fi lately,
so, once again, watch your wireless routers for ALL possible flaws.
From: there...no..there..... Insane since: May 2001
posted 03-22-2006 01:33
quote: HZR said:
Run as a limited user, not adminstrator.
how do you handle installing programs and such? Log off and log in as Admin, after install log off and log back in as limited user? Seems kind of a bother It would be nice if windows had some type of system like Linux where it just prompts you for the user and pass to do admin features like this.
What's the relevance of that when it comes to security?
I just meant that I purchase all my music and software. I think most computer problems originate with people downloading things from unreliable sources. The first thing I do whenever friends and family ask me to "fix" their computers is delete the latest P2P software and all that junk software that they've downloaded.
first of all, to take out a bit of that sense of security you guys have, you can use Belarc Advisor and see what you get in the security benchmark. It is in relation to what the experts at the Center for Internet Security believe to be a secure machine. My best security settings 'till present were awarded 6.6 out of 10. A bit below that level, things become a bit unpractical.
In anyway, this only refer to OS security, and there's lots to be said about that.
Here are my settings:
passwords on users
fully updated WinXP and drivers;
For easy implemmentation of some system security policies i use a couple of programs, the rest i do manually;
Uninstalling or disabling non necessary network protocols and system services;
Avoid using programs from microsoft (they tend to be too integrated into the system);
Software firewall, antivirus, a good registry cleaner, file cleaner, a couple of spyware cleaners with different searching methods;
The philosophy i try to use is simple - Make it hard to get in, make it useless too.
i don't often scan my system for stuff, as it is pretty much inoculated. When i do, it's usually for spyware. The full system scan for spyware, is watched by the antivirus, so it's a 2 in 1 thing.
But i have no illusions, this is stil windows. But i dual boot with linux
~this is not a signature~
on a side note: What exactly is the advantage of turning off system restore and putting the page file to a minimum, before a full system scan and possible cleaning. i don't completely get that one
Jestah, anything along the lines of "Wi Fi security" on google,
but specifically, here is a simple/short summary of best practices
like the ones I apply.
System restore volumes and your paging file cannot be scanned when you run your systems checks, I don't know about the paging file but with the system restore if it takes a snapshot of your system while it's infected it will hold onto it forever even if you remove it from your current system at a later date.
how do you handle installing programs and such [as a limited user]? Log off and log in as Admin, after install log off and log back in as limited user?
Sorry for the delay, been wondering around almost aimlessly, the way you do
Lacuna, I think Blaise has given the reason why I turn off system restore before a "deep" anti-virus (and other buggerware) scan.
As for the Virtual Memory Malarchy. Well, as far as I know, VM can also become fragmented as the hard drive becomed fragmented. So by turning it off before a defrag' and then turning it back on again afterwards, you get a fresh new fast VM.
AT least that's what I think is happening.
I also clean the fan on my heat sink with a toothbrush, being carefull not to rotate it anti-clockwise, but that is another story.
Turning your system restore off is pretty pointless from that point of view, unless you are trying to avoid system snapshots from being made during the cleaning proccess. You'll never end up with a half-clean system snapshot, true, but will still have plenty of pre-cleaning ones. One more, what difference does it make?
As for the defragmenting of the page file, erhm, that's not happening. It's non movable, and windows writes it the best way it can everytime. Every boot, if you wish it so. You are just defragmenting the free space, so the page file can be accomodated better - and become less fragmentented that way.
A better approach would be to manually set a fixed size to the page file, create a partition or even a hard disk with ~2x that same size, and allocate it there. Zero fragmentation, because you'll only be using the drive for 1 file.
I've got a total of 5 comps currently connected to the Internet since I still live home, one is my own and the rest of them belongs to my bros, sis and mom.
My setup:
-OS: WinXP Pro SP2
-Antivirus: Norton 2005, think I'll upgrade soon cuz this one has been outdated for about a month.
-Win Firewall: OFF, it only bugs me...
-Firewall: Norton too, but turned OFF, annoying little thing...
-Users: Single Admin account, passworded to avoid accidents because my cat walks on the keyboard when I'm afk...
-Router: D-Link, Blocks any unwanted connections, pongs back but not much else unless I tell it to.
-WLAN: Unencrypted, closest neighbour with a comp lives 1km from here...
-System Restore: OFF
-Browser: IE6, Opera, Netscape, and Firefox. Only use IE for surfing, and everything else. :P The rest are for debugging scripts...
-ActiveX: Enabled, but prompts for fishy things...
-JS & cookies: Enabled, except that it keeps prompting me whenever I run a local file... anyone who knows why there's no option to disable it completely in IE?
-Spyware/Adware tools: RegCleaner would come closest to this. Good for cleaning up after messy uninstallers.
Spyware/Adware/Malware count: 0.
Virus/Worm count: 2, I keep the source of Loveletter and another one for fun They didn't infect me, I grabbed them.
The other computers have been "infected" once or twice by adware. I keep telling the others to stop downloading crap, but do they listen?
Oh, we did have a worm that bounced back and forth between two comps running Win 98 and ME a couple of years ago, but that was easily taken care of with the registry editor.
quote:
WLAN: Unencrypted, closest neighbour with a comp lives 1km from here...
...Ooooh... what a terrible idea.
With my PSP and a car, I could sniff your network, and do *anything* to you, tipycally, a man-in-the middle attack, allowing
me to suck your credit card info, all your personal info actually, spam on your behalf, do anything on your behalf,
AND download illegal content on your behalf.
From: Happy Hunting Grounds... Insane since: Mar 2001
posted 03-25-2006 12:54
Yes, Mauro is right - there are many that look for such "unprotected" Hot Spots, just like Mauro has pointed out.
I have a SW Firewall on my main computer. Ad-Aware and Spybot gets run regularly (1~2 weeks). Anti-virus ~1 a month now.
I use FF DeerPark 2.
My little network goes through a Siemens Router - the WLAN is turned off (I don't use it, Wireless is really too easy to crack. I have worked in the WLAN area now for over 6 years. And being on the insides has shown me that Wireless is not safe. It can be cracked relatively easy, when one knows what one is doing, and has access to certain tools. Everyone seens to think that WEP and WPA protects you, but it doesn't. It just makes it harder for the "Crack kiddies" to get in. A determined profi gets in without any real problems).
With these in place, I have not had a virus in over 3 years (knocks on wood) or Spyware.
WebShaman | The keenest sorrow (and greatest truth) is to recognize ourselves as the sole cause of all our adversities.
- Sophocles
quote:...Ooooh... what a terrible idea.
With my PSP and a car, I could sniff your network, and do *anything* to you, tipycally, a man-in-the middle attack, allowing
me to suck your credit card info, all your personal info actually, spam on your behalf, do anything on your behalf,
AND download illegal content on your behalf.
Thank you for using WLAN without encryption.
Knew someone would point that out lol
Yeah, they could do that. But I'm not worried the slightest.
So, you're welcome to use my WLAN connection if you happen to pass by and manage to detect it.
Btw, you actually bought a PSP? When I first tested one I thought "Oh cool, I wonder what this thing can do."
Then I realized it's just an oversized PDA with better gaming capabilities and gave it back to my cousin... :P
Those teenagers it's a ps2 in my pocket, plus I kept the 1.5 firmware, and oh gosh, I can program, can OpenGL, can play Moppi demos,
can pilot devices like tvs over infrared, can vnc, can connect to a personal file server Wi-Fi. And of course, I can keep my tunes with me, or movies, -whatever-
Just a gaming device, to a gfx addict like me? Just the ultimate gem, with power saving options.
I could also hijack unprotected WLAN connections, if I cared to spend the time.
Nah, seriously, going around unprotected like this... what would Durex think? ~sigh...
Everyone seens to think that WEP and WPA protects you, but it doesn't. It just makes it harder for the "Crack kiddies" to get in.
Nothing is perfect, humans are not perfect, programs are not perfect. In the end, it all boils down to a security/comfort balance, because there is no such thing as a perfect security.
quote: WebShaman said:
Everyone seens to think that WEP and WPA protects you, but it doesn't. It just makes it harder for the "Crack kiddies" to get in. A determined profi gets in without any real problems.
WEP, yes. WPA, as far as I know, doesn't have any known security flaws and will certainly keep away even professionals (if you use it with a good passphrase, of course).
Perfect security does not exist. Close a gap, and you'll most likely change the whole balance of an app enough to open a new hole somewhere else.
I have to add that this is theory, and does not apply only to computers, but also to real world security.
Still, any encryption can be decrypted, the question is: how long would it take? Which processing power is required?
But most of the time, decrypting anything that travels on networks is not needed: you can get the clear version by abusing a flaw.
What I've stated and restated above is a core computer science & security concept, live with it, there is no option, and ask other coding doodes around.
And while you're at it, lighten up.
The question you seemed to argue with your JFGI-comment, was whether there are any known security flaws if you use WPA with a good passphrase. As far as I know there aren't.
I agree with the other things you said though. Of course.
Yeah, you seemed to take deeply at heart, it kinda reminded me of a recent discussion in the s-side forum.. anyway.
I am sorry, but yours is a moot point, completely, 100%, isn't anywhere near to making sense.
It's a pain in the arse for me to spend the time to prove you wrong,
but what you're saying is...
Well, there are dozens of WPA flaws prior to 2006 within a single google search -leterraly dozens, so there are known flaws.
AND the most recent flaws haven't been disclosed, for sure, I could't find a "step by step guide to cracking WPA as of today",
but I am sure some research would lead somewhere pretty quick.
I frankyl don't understand your point, have seen nothing in your google search with quotes which is relevant to the topic,
and I am sorry to hurt your feelings, really sorry, but stuff happens: your WPA is as secure as - everything.
Meaning it is not 100% secure.
<sits there, expecting predictable argument about ^nothing and having to dig into stuff I don't care about
to just assess something as natural as "the sky is blue"... go ahead, make my day>
From: Den Haag: The Royal Residence Insane since: Jul 2000
posted 03-27-2006 18:58
<considers that nothing in the sky is blue, maybe something in the ocean.... considers some execptions.. wanders of to do something stupid...>
.........................................................................
:: Develop yourself, develop your life, develop the world ::
.........................................................................
Well, there are dozens of WPA flaws prior to 2006 within a single google search
Flaws in some implemantation, or with bad passphrases, yes, but I challenge you to find information about flaws in the standard itself.
quote:AND the most recent flaws haven't been disclosed, for sure
Maybe, but then they are not publicly known (which is what I obviously meant when I talked about known flaws).
quote:I could't find a "step by step guide to cracking WPA as of today",but I am sure some research would lead somewhere pretty quick.
And I'm pretty sure it wouldn't.
quote:I frankyl don't understand your point, have seen nothing in your google search with quotes which is relevant to the topic
The point was, that a search for [wpa exploit] will find all pages with those words in it, and there will of course be thousands of them. A search for ["wpa exploit"] will find pages with those words written exactly like that. Google shows 10 hits for that search.
quote:your WPA is as secure as - everything.Meaning it is not 100% secure.
Well, actually, I did find one (for WPA-PSK obviously), but this involves bruteforcing and wouldn't be effective if a good passphrase is used. But I've already ruled that out.
In general, instead of decrypting or cracking or brute forcing, refined security wiz tend to do something else
that is a lot "easier" and will lead to obtaining the info without the need for decryption.
This includes ip spoofing, mac adress spoofind, buffer overflows/underflows which put a system in an unpredictable state, etc.
I understand you want to trust WPA, but then just tell me why WPA2 was proposed in first place?
quote:
Maybe, but then they are not publicly known (which is what I obviously meant when I talked about known flaws).
It's the first time you say this explicitely, and it quite differs from the "no known flaws" So now I can agree.
(ok, I am a bitch at times, but you know that, don't you?)
I can't agree with the passphrase bit though: a knwolegeable pro would not give a damn about the complexity
of your passphrase if he has a way to "bypass authentication" by abusing yours for instance, spoofing you means
"being you", spoofing you in the course of a transaction like WPA authentication means "yummy, passphrase for free".
Anyway, thanks for claryfying, all in all, WPA or similar encryption is part of the tools we can use to make a system more
secure, so I recommend them for sure, but my point was: they are not 100% safe, and we all agree I think?
All this to say that best practices are always the best way to limit security risks: in addition to decent encryption,
changing passphrase on a regular basis, passwords, etc.
----
One more point: the best security wiz "skill" is social engineering.
Guess the way the software engineers made theyre software, and you can see the flaws.
Guess the way the user secured his network, and you have one foot in the place.
Guess how the mind which put a given security together works, and you're in.
So comp users should really rely on "being unpredictable", in addition to the known security/encrpytion/protection technologies.
In general, instead of decrypting or cracking or brute forcing, refined security wiz tend to do something elsethat is a lot "easier" and will lead to obtaining the info without the need for decryption.This includes ip spoofing, mac adress spoofind, buffer overflows/underflows which put a system in an unpredictable state, etc.
Agreed.
quote:I understand you want to trust WPA, but then just tell me why WPA2 was proposed in first place?
Well actually, as far as I know, WPA2 (IEEE 802.11i) was proposed when flaws where found in WEP, and WPA is really just something intermediate between them.
quote:It's the first time you say this explicitely, and ["no publicly known flaws"] quite differs from the "no known flaws"
Yes, sorry for being sloppy. (It was implicit, since I can't possibly be expected to know undiclosed flaws).
quote:(ok, I am a bitch at times, but you know that, don't you?)
Yes we've had our discussions
quote:all in all, WPA or similar encryption is part of the tools we can use to make a system moresecure, so I recommend them for sure, but my point was: they are not 100% safe, and we all agree I think?
Yes.
quote:the best security wiz "skill" is social engineering.
posted 03-21-2006 03:19
usual computer from the net all together and only use the spare one for perusing the internet. Perhaps I may even use the laptop instead but my eyes don't really like laptops.
::cell::
