Announcement

Collapse
No announcement yet.

Hotworld

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hotworld

    I received an e-mail from a-squared this morning advising me of the spyware "Hotworld", so I updated my protection, ran a scan and went back to business as usual. I know that many on this forum are security professionals, I address my questions to them. Is there a point where the fence is built too high? Does security have to impede productivity? It took me about 45 minutes to update and scan, time that I could have used for other matters. I guess my question really is: At what point does security become paranoia? It seems that I spend as much time securing my computers as I do actually getting any work done on it. As everyone who has read my posts knows, I am not a security expert, I am a concerned user who joined this forum to learn how to better protect my investment (computers) from malicious hackers. I run Microsoft Firewall, Microsoft (Giant) Antivirus, Kerio Personal Firewall, Norton Antivirus 2004, Spybot S&D, HijackThis, and a-squared. At what point can I say, "This is enough, my computers are protected?" Or am I missing something that is vital to the security of my computers?
    I enjoy talking to myself...it's usually the only intelligent conversations I get to have.

  • #2
    As the official newguy to the DC forums, I can say that no matter how good protection (antivirus) gets, theres always going to be someone who finds a way to bypass it. A chink in the armour if you will.

    Theres viruses/adware/spyware that indivudily can scoot around norton, spybot, adaware, hijack this ect ect ect.

    Comment


    • #3
      CISSP 101 says your almost right.


      The CIA paradigm is a fundation theory that addresses your concerns. You want to insure that (C)onfedtioniallity is preserverd and the (I)ntigrity of data is kept while insuring the best (A)vailibity of the data.

      In your situation, I don't think this threshold is reached, and here is why: This theory pertaints, usually, to large businesses where a team is in charge of the CIA foundation. If your doing this on your own, perhaps if 90% is security and 10% is production, you my want to outsource (pay more money for consoladated solution from one vendor, eg invest in an enterprise product) security to someone else. I think the threshold for home users being higher makes sense, simplily because home users are a larger more current target (phishing, botNots, etc) then businesses RIGHT NOW.
      "Never Underestimate the Power of Stupid People in Large Groups"

      Comment


      • #4
        I have had to deal with a lot of windows and spyware shit for my firends and at work. I deal with a lot of people who have no idea about spyware, let alone how to ever protect from it....
        If I ran windows, I would be really pissed off having to always worry about, anti-phishing, anti-spyware, anti-virus... and each of those is a problem in and of itself..... Plus an importiant note is that these are all (to my knowledge) signature baised tools... thus a new program, malware, virus of some kind is not going to be found at all..... With the growing problem of complexity and kernel level rootkits on windows that send fake signals to scanning tools... it only makes the problem even more complicated. If you take securtiy seriously, and you don't want to bother with all of this BS... Switch to another OS. For someone that doesn't know how to use a computer, i recommend OS X to those looking to switch or upgrade.

        "I run Microsoft Firewall, Microsoft (Giant) Antivirus, Kerio Personal Firewall, Norton Antivirus 2004, Spybot S&D, HijackThis, and a-squared" I'm thinking of a quote.... something like " It doesn't matter how much shit you pile on top of an insecure system, its still insecure." or... "It doesn't matter how much perfume you spray on a pile of shit, its still shit".
        You are also trusting that those products authors will keep them updated, keep the signatures up to date (faster than malware can be created? I don't think so). Plus sometimes you've gotta just reinstall the whole OS.
        Gotta draw the line somewhere....
        The only constant in the universe is change itself

        Comment


        • #5
          Originally posted by dYn4mic
          "I run Microsoft Firewall, Microsoft (Giant) Antivirus, Kerio Personal Firewall, Norton Antivirus 2004, Spybot S&D, HijackThis, and a-squared" I'm thinking of a quote.... something like " It doesn't matter how much shit you pile on top of an insecure system, its still insecure." or... "It doesn't matter how much perfume you spray on a pile of shit, its still shit".
          You are also trusting that those products authors will keep them updated, keep the signatures up to date (faster than malware can be created? I don't think so). Plus sometimes you've gotta just reinstall the whole OS.
          Gotta draw the line somewhere....
          See now, this is OS bashing. No offense, but this does not solve the problem, only show which "camp" your in.

          While an insecure OS can certinly cause problems (especially if it doesn't protect it's own memory space) this is not the current issue. There is a lot of cannon fotter on this issue, but I'll go out and say it anyways: market share dictates most vulnerable applications.

          Notice how many new expoits are coming out for Firefox and Netscape? This is no coenedance. As market share for these browsers increase, so does the amount of expoits. Same applies with other apps and OSes.

          Now it's true that there may be less holes, harder to find, and they patch faster then MS, but the "It's secure because it's not Microsoft" argument is moot. Not only is it moot, it's crap.

          This is not coming from a MS lover. I happen to prefer OS X and FreeBSD. But I prefer these because their core usage fits _MY_ needs.

          If someone wants to run MS Win OS, they should concider the following: Install SPI firewall in front of Internet connection (a device, NOT software). Set rules to only use services you use (just surfing web? Ports 21, 80 and 443 should be only traffic going outbond, period). These firewalls also allow dropping of fragmented packets and spoofed IP addresses (outbound and in). So if you do get Spy/Mal/Ad Ware on your system, chances of it being part of a biger attack is much less, because it never leaves your network. Next install HIDS software (Host based Intrusion Detection Systems) such as Host firewalls like TrendWare and Symantec offer. They help keep this stuff to a min.

          Remember though, the theory of computer security only allows for 95% mitigation. This is the first thing you learn. No one can expect or gurentee 100% mitigation of security threats, period.
          "Never Underestimate the Power of Stupid People in Large Groups"

          Comment


          • #6
            Originally posted by hackajar
            market share dictates most vulnerable applications.
            Correlation is not causation.

            There is a correlation between the two, but I would not want to go so far as to say market share dictates vulnarabilities in applications.

            but the "It's secure because it's not Microsoft" argument is moot. Not only is it moot, it's crap.
            My complaint and admiration of MS is over the same point:

            They will make what sells their product. They act on what causes consumers to switch, or decide to buy the new product.

            However, consumers are erratic and go through cycles where security/stability is important for one week, and the following week, complain when features/ease-of-use is missing. As a result, MS focus on security/stability is unreliable-- as unreliable as a fickle consumer.

            There may come a day where many common security problems IN MS Windows are "resolved" (enough) for people to care less about stability and security. Then consumers will be asking for more feature, which means focus will change again.

            RedHat is not much better. Their focus will change too, to match consumer demands, or they will go out of business.

            Debian has its own problems where decisions seem to be made by commitee or "democracy" which can also be fickle.

            Complaints about MS:
            Violation of standards and undocumented features make estimating risk difficult
            Loose use of networking services to causes filtering or even NAT to break OS function-- some services may use more than 7 ports in normal service!
            Lack (until recently) of an "advanced" system-included network filter
            A history (like Apple) of a single User is admin/root system-- and encouraging that use of their system for home users. (Mac OS 9 and earlier, Windows 95, 98 Me and to some extent XP Home and even Lindows.)

            However, MS is doing better than they were 8 years ago, but that is only because they pay attention to their customer purchases.

            (I have different complaint about security in other OS, but MS has historically had more security complaints than other OS.)

            "Use what makes you more productive."

            Comment


            • #7
              I use Windows because when I am working at home with drilling programs, spreadsheets, etc. I can simply transfer my work to removable media and run it on the computer out at the drilling rig, which is also a Windows OS. I do not have a major network to worry about. I have 2 computers that I use at home and 1 out at the rigsite. So for me, switching OS would be impractical. My prime concern with security is that I often have files that illustrate experimental oilwell drilling tools or drilling methods. My concern is as much infecting the computer at work as protecting my computers while doing research on the net. Perhaps I was just being paranoid about the "Hotworld" malware, but when I got the e-mail from a-squared it got me thinking about the damage that could be done to my companies equipment should I unwittingly carry spyware, malware, virii to their computer. I run scans on all discs that I carry to the rig but I can never be 100% sure that the scans are catching everything. I thank everyone for their input, but as far as switching OS is concerned, I really don't see that as an option at this point. I guess I will just have to keep plugging holes in security and limp along with Windows.
              I enjoy talking to myself...it's usually the only intelligent conversations I get to have.

              Comment


              • #8
                Well, those are good points and I agree with them hackajar. But its just hard for me to talk about a solution, without talking about how I would fix it (and did a while ago). But thats just my experiance for ME... someone else might have different priorities and issues.
                You should use what makes you more productive, as cot said, and also use what you know how to secure well. (if securtiy is a big concern (and should be )).
                Sorry to start a possible OS argument, but unless windows is needed for a good reason, switching OS's would be a good move in my mind.
                Its always a security vs ease of use issue...
                The only constant in the universe is change itself

                Comment


                • #9
                  Yes yes, these are great points. It's always concerned me when software companies make the switch from "developer drivin stratigy" to "marketing drivin stratigy". This seems to be the case with both MS and RH Linux.

                  Here's a couple of quotes from conversations I've had thoughout the years that really drive home what SHOULD be a concern in my mind. All this IMHO of course:

                  "You should not pick your development environment [operating system] based on personal favorites or what's 'sexy', but rather which tool is best to solve the problem" - Operations manager Segate

                  "Microsoft haters remind me a lot of Led Zepplin fans from back in the 70's. Some really enjoyed the music, while others just listened because it was the cool thing to do." - Current Manager

                  Cot, these are some really great chats we've been having. I look foward to meeting you and dYn4mic this July!
                  "Never Underestimate the Power of Stupid People in Large Groups"

                  Comment


                  • #10
                    Originally posted by hackajar
                    Cot, these are some really great chats we've been having.
                    Awww man! I was hoping you might say "nuh uh!" to my correlation is not causation in this case. :-)

                    Here was an example I was going to use:
                    Compare market share of Apache on web servers vs IIS.
                    Examine the number of "web server worms in the wild" for IIS and Apache for the past, say 8 years, and what percent of each brand of web server had been infected at one point of time. ]:>

                    In this case, we have a product that is (by far) the dominant market holder, but a comparison to the new-comer (IIS) shows a the new-comer had more worm/infected traffic and information leakage issues than the market leader.

                    Why is this an exception (and does it help to demonstrate the "not causation") for this? Because Apache is a "mature product" (e.g. 1.3.x) and is at its end of life cycle; many years of attacks have helped to fortify security holes and fix bugs.

                    There are some great papers that discuss this in detail...
                    Content of some papers which were pretty cool:
                    * Why is it that there are high monetary costs for 'new' OS that have more yet-to-be-exposed security issues and bugs, but low or no costs for old operating system that have been debugged into stability or better security? ("Cause it's new!" ? features worth the cost? Old version does not work with new authentication scheme?)
                    * Do commercial application makers (including OS) purposefully not fix security holes on product that are EOL to encourage buying the "new" version? (passive aggressive marketing)

                    Sorry, I do not remember the authors, or much about the sources or I would include them with links. They were PDF though, if that helps.

                    I look foward to meeting you and dYn4mic this July!
                    Oh crap. I must have done something wrong. ;-)
                    /me makes mental note to self... "damn. This neuron is out of ink."
                    /me makes mental note to self... "avoid hackajar... he wants to beat me up for my asshattedness." (heh-heh hrm. Ummm yeah!)

                    Comment


                    • #11
                      Here is an article that deals with "open source" vs. commercial OS. You might find it mildly amusing...I know I did.

                      http://adequacy.org/public/stories/2...131.25814.html
                      I enjoy talking to myself...it's usually the only intelligent conversations I get to have.

                      Comment


                      • #12
                        Re: article

                        Originally posted by Floydr47
                        Here is an article...
                        Short-sighted view.
                        When you connect to a web server to view content, is that web server running apache? Is Apache OpenSource? People "out there" who hate open source may use it without even knowing they are using it.
                        "Worthlessness" is a subjective word that can mean whatever the person making the judgements wants.
                        There are PDA/Organizers that run Linux, and then there is a well known PVR for home users to record, pause, rewind, and replay live TV shows on cable and it was sold with Linux as its OS.

                        Sweeping generalizations like "OpenSource is Worthless" are just as bad as claims that "OpenSource is more secure."
                        Being openSource does not guarantee better security, and it is not worthless to the people who find value or profit in using it.
                        Last edited by TheCotMan; June 5, 2005, 10:40. Reason: Re: article, typo fix

                        Comment


                        • #13
                          Originally posted by TheCotMan
                          Awww man! I was hoping you might say "nuh uh!" to my correlation is not causation in this case. :-)
                          Nuh uh!!!! You are totally wrong with your risk score analysis based on community input and hacks over time. This is no way a possible way for open source to survive! Obvisosly this would not work otherwise MS would be more secure as EVERYONE loves to point fingers, yet they are not secure based on man power, resources and sheer sticktuitiveness!

                          (is that better? )

                          Originally posted by TheCotMan
                          /me makes mental note to self... "avoid hackajar... he wants to beat me up for my asshattedness." (heh-heh hrm. Ummm yeah!)
                          Nah man, I'll pick up a beer for ya! In my work environment we have "brown bag" lunches were people show their new idea, it gets bashed into submission, then at the end, everyone shakes the speakers hand and takes him/her out for a beer.

                          As long as I have an opposing view on an idea, concept or thought process, this lets me know if I'm on track or way off base. And if it takes us thowing pop shots at eachother for everyone to see the light, well so be it! "Proactive not Reactive" is what I always say. Thus far are tech talks have been just that!
                          "Never Underestimate the Power of Stupid People in Large Groups"

                          Comment


                          • #14
                            Originally posted by hackajar
                            (is that better? )
                            Heh-heh. heh-heh, hrm. Oh yeah! This like cool and stuff!

                            And if it takes us thowing pop shots at eachother for everyone to see the light, well so be it!
                            What? Drinking shots will help us we see the light? ...
                            ... OHHHH YEAH! DefCon!

                            What is great about DefCon is alcohol lowers inhibitions, and people who (when sober) might say, "If someone else were to do this, then that would be pretty funny," will instead say at DefCon, "Hey! Let's do this; it will be fun!"

                            Perfect example is a participant of the Scavenver Hunt. They'll do just about anything to win, and when no longer sober, will do even more! I think the Scavenger hunt slogan should be something like, "Breaking the rules and getting away with it, and a 'No' can be changed to 'Yes'-- This is the Social Engineering contest."

                            Comment


                            • #15
                              Originally posted by TheCotMan
                              Perfect example is a participant of the Scavenver Hunt. They'll do just about anything to win, and when no longer sober, will do even more! I think the Scavenger hunt slogan should be something like, "Breaking the rules and getting away with it, and a 'No' can be changed to 'Yes'-- This is the Social Engineering contest."
                              Ahh yes, the Scav hunt this is where all hell breaks loose. It's quickly become dc702's favorite game. Win or loose we still had a lot of fun, and will keep having fun each year. I'm almost afraid to see what they will have us doing this year. A little worried that one (or all) of us might accually get arrested, as we plan to clear the task list by Con's end.
                              "Never Underestimate the Power of Stupid People in Large Groups"

                              Comment

                              Working...
                              X