Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it,
follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given
their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!
[Shields Up] Computer Security Thread
Posts
Which is the best one around? Avast 5 or MSE? Or have AVG and Avira stopped fucking about and actually catching viruses again?
Blog
Twitter
Who knows how long that will last, though. Seems like there's a new top dog every few months. And with MSE being used more and more often, it's bound to be the top priority on most malware author's evasion lists. For the time being, though, I'd throw my lot in with MSE.
EDIT: Additional question - Were you using ESET v4 or the newly released ESET v5? I've heard nothing but complaints about v5.
What about firewalls? Comodo still the best?
Blog
Twitter
I admit I'm no expert when it comes to firewalls. Comodo certainly does get around, and a lot of folks like it. Personally, I use the integrated Windows 7 firewall and a hardware router/firewall combo, and I'm pretty happy with that. It really does depend on what you're looking for in terms of a firewall, though. If you just want inbound protection, the included Win 7 firewall is decent. If you want outbound filtering you're best to look for something else.
They seem to have kind of shoved it to the back burner as they're promoting their paid apps, but it's still available in this thread.
Don't use em'
But I think that several AV vendors have programs that you can install onto a USB stick. I think Panda has one at least, not sure if other companies do.
Blog
Twitter
If you're talking about protecting your own machine from a malicious flashdrive, Sandboxie is great at this. You can force flashdrives to open in a sandbox, so nothing can escape. Sadly, this requires the paid version and some tinkering, so it's not for everyone. Ensuring that autoplay and autorun are disabled will also help tremendously, even in the absence of other programs.
If you're talking about protecting a clean flashdrive from an infected machine, the utility that Lord_Snot was referring to is the Panda USB Vaccine. Not sure how effective it is, but a lot of folks give good praise to it.
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
Whoopdy do da.
The 2012 issue of Fornax. | Steam and Origin: Espressosaurus
The best bet is to trust no flash drive that you've not had total control over. If you plug a flash drive into your computer that's even touched a machine you're not in command of, treat it as if it were infected. Open it in a sandbox or virtual machine, and/or isolate and scan it before trusting it.
For the love of whatever deity or lack thereof you appeal to, if you find a strange flash drive just sitting on the ground, don't plug that shit into your computer and assume everything's going to be hunky-dory. I'm looking at you, Pentagon.
At school, there was a guy who had a laptop that was like a fucking virus zoo, pretty much everything, from rootkits to koobface was on there. Had to share the class' external HDD with him, so that was fun. Every time I plugged it into my machine, BING virus alert.
Don't know why the teacher didn't make him format, since he must've infected most people in the class.
Blog
Twitter
As in, how difficult would it be, on a scale of 1-10, 1 being kittens and 10 being broken bones everywhere?
Probably like 2? You just right click a program and click run in sandboxie. Make sure to delete the contents before exiting.
Blog
Twitter
I've been running the registered version for a while now. Once I got comfortable with the software, it became a really nice addition to my toolbox, so to speak. Setting up different sandboxes for different purposes is awesome. I installed Crysis inside a special sandbox to prevent SecuROM from adding registry entries to my system, for example.
At it's simplest and most straightforward, Sandboxie will allow you to keep your browser isolated from the rest of the system. At its most complicated, it allows you to deny internet and specific file access to any program, or prevent programs from talking to one another. There's a wealth of possible customization, and the developer is actually really responsive to questions and feature requests.
From what I've read, I'll definitely be installing MSE and MalwareBytes right away. Is there anything else that's a Must Do?
Games Finished: 34 Games Added: 15 Total Progress: +19
This is personal opinion, but if you're just making the new system now I'd strongly recommend making a limited user account (sometimes called a standard user account) instead of running everything as Admin. Windows 7 still installs as Admin by default (even if the UAC is on all the way - if you're not typing in your password for admin elevation, you're running as Admin). It's easiest to set up a new limited account immediately after initial setup, rather than rolling back an existing account. Running as a limited user will make you much safer in general.
There are ways to drop privileges from a running Admin account without making a limited account, too. Some people find using a standard/limited account very frustrating, and dropping privileges on an application basis can be easier. Again, the account issue is personal opinion only, and some might disagree there.
Blog
Twitter
Anyone have any knowledge about this iYogi? It seems like some standard scam like CleanmyPC except companies seem to actually point customers towards them, in return for a cut of the sales I would imagine. Oh, this thing cost 139 dollars too. Unbelievable.
All mentions of partnerships seem to indicate Avast, rather than McAfee, but Avast have since cut all ties with the company. There's a Thread over on Wilders about it too.
Bottom line, it sounds like certain bad employees in the company were taking advantage of the situation. Personally, I'd never allow a program like this on my machine.
Additionally, if you installed MSE, and now find it gone, there's a very good chance it was uninstalled incorrectly (because Dell tech support is staffed by pants-on-head retarded chimps). If McAfee is on there now, that's probably why shit is so slow.
commissionsscripts. The McAfee however seems to be some kind of cloud antivirus service called McAfee Security as a Service. They also tried to hide and disable MBytes from running in the background and at start up. I'm hopinh my parents took my word and didn't click things that say "Speed up your PC!" in banners but apparently Dell told them to get it. Its almost not fair, of course people who don't know any better are going to sign up for what the computer company tells them is good.Edit: Looking at the McAfee quickly, it seems to be business orientated, which makes even less sense to put on my parents laptop. What a waste of money, damn it parents.
It's times like this that make me strongly consider using a Software Restriction Policy for my own parent's computer. Can't hurt what you can't change, after all.
I warned ye'. I warned ye', but nae, nae, it's a mac ye said!
When people were installing this game, there were plenty of security suites that popped up to tell them that something was amiss. Complaints about antivirus and antimalware alarms sounding were immediately silenced with those two magic words 'false positive'. Every time a game sets off security software, I see people immediately claim false positive, even if they're not associated with the development of the software in question. This is usually followed by claims of "(Your) antivirus sucks, turn it off".
Yeah, I agree with you about people claiming false positive, all the fucking time.
Another thing that bugs me, is that a lot of support sites for games, recommend turning off your antivirus or firewall, if you encounter problems with the game. No. No, publishers, don't expect me to compromise my computer security because of your bad coding, or because of a bug.
Don't even recommend that, because to a lot of people, that will mean turning off Windows Firewall, on anything from an unsecured wi-fi to a secure network, that's a dangerous thing to do.
Blog
Twitter
And RBach, I'll certainly agree fully with you there. Some of the crappier suites available are completely overzealous, and settings often do make a difference. I've always been pretty lucky myself, I suppose. I've never run into a serious conflict that wasn't obvious and easy to diagnose to date. I have seen plenty of problems from overprotective firewalls, but even those are possible to solve without removing the firewall entirely.
I still remember when I was looking into some mods for Morrowind recently. The mod pack I was browsing said to (A) disable UAC completely, (B) install as administrator, and (C) disable antivirus software. When considering that this was a fan-made pack of mods, that seemed like a remarkably silly collection of requests. There are quite a number of 'false positive' warnings on fan mods, to boot. I just wonder when someone with less-than-good intentions might exploit these trends. But then, I'll admit to being a touch on the paranoid side.
I've had it recommended for simplicity sake but I've never had to disable everything completely. I can't say I've ever had to do it for a game either, though I have seen many request higher rights during installation. I'd think I'd simply pass on any that did..
But now I have a severe case of Fliptoast spyware and Spyware Doctor and now Avast can't get to it. How do I delete Fliptoast or get Spyware Doctor to calm down?
Or the nuke it from orbit option- format...
Blog
Twitter
If reformatting just isn't an option, I'd also recommend grabbing a Linux LiveCD or a rescueCD, and booting from that. Infections tend to be much easier to analyze and remove when you're not trying to deal with them in an infected environment.
Yeah, if you can create a rescue disk, and scan from outside windows, it would have a better chance of removing the infection than from within Windows. A lot of vendors offer a rescue disk, and you could also try a boot-time scan with Avast.
Blog
Twitter
Today the phishers are sending out very official looking "You are close to your bandwidth cap" emails with a link to a login page. My department has it easy since we don't have caps but I feel sorry for the residential support side.
Social engineering is far and away the greater threat to computer users than vulnerable code, in my opinion. You can compromise a completely secure system if you know how to sufficiently fool the user. This is why telling their customers that they're invincible isn't working out for Apple right now.
I halfway wish there were a way to completely disable links in emails, since that would almost certainly eliminate a majority of phishing problems. However, as always, security and convenience are inversely related.
Unrelated to the topic at hand, but getting back to the previously discussed issue of false positives in gaming. I nearly had a heart attack this past weekend when my weekly MBAM scan turned up what it presumed to be a Trojan. I thought something was odd about the report, considering that the trojan was supposedly nested within an EXE file I've had on my computer for two years at this point. Virustotal came back with 0/42 results, but just to be absolutely safe I submitted the file to MBAM's forums for analysis. I was blown away when, within 12 hours, they had looked at the file, verified it as a false positive, and then promised to fix it in the next update. I'm thoroughly impressed with the work those guys do.
Fun aside: The file in question was an EXE patcher for the original Deus Ex that makes the game play nice with modern hardware and operating systems. Easy to see how it got flagged, but I'm still happy that MBAM were so thorough and fast in their response. It set my mind at ease.
The only downside to the whole incident is that it reminded me that I have Deus Ex still installed. Time for yet another play through.
The problems are related. Social engineering is significantly helped by the completely non-existent security that is in place with how email is designed (if I could go back in time I would introduce a few RFC authors to the concept of spam), and definitely aided by poor website code (which leads to sites being compromised and used by phishers).
Disabling links would help but half of the emails against us have just said to reply with the info, and customers did. We managed to get into one of our compromised accounts and see dozens of replies with their account info.
Our server is now set up to automatically change any customer's password that sends a certain number of emails or to a certain # of people a day, and any account that sends out mail pretending to be a financial institution gets an additional block that requires our mail admin to remove.
We've had phishing attempts against our customers before, but it usually only lasts a couple of weeks. I'm guessing we are still getting hit this time around because it has proven very effective.
I'm a little curious about this. So the program installs and everything in a sandbox ok, but where do the necessary reg entries actually go? Is there a mini-registry file or something in that sandbox that gets used every time you play?
I've just never been well informed about the registry in the first place so this is throwing me.
DropBox invite link - get 250MB extra free.
Back in the day, SecuROM had some rather deep hooks that it could get into a system, including some registry entries. I've had hardware not play nice with it in the past, which is why I took this route. That's just in the way of explanation.
In Sandboxie you can set up a number of different Sandboxes that behave as you wish. Anything inside the sandbox makes no changes to your system outside of the sandbox, unless you specifically configure the settings to allow this. That means that if a file gets modified by a program running within the sandbox, the 'real' file on your system doesn't get touched - Instead, a separate 'mirror' file gets altered and used within the sanbox by programs running there. Sandboxie saves its own mini-registry (basically all the changes from your existing regristry made within the sandbox), and stores it there for the programs running sandboxed. You can actually view the registry entries in real time, if you want, and control them through Sandboxie's control panel.
So everything that opens and runs inside the sandbox sees the modified registry (Hence, Crysis sees SecuROM is installed), but outside the sandbox those changes haven't actually occurred to your actual registry.
Yes indeed you can! Actually, just about every sandbox is 'permanent' so to speak - It's just a matter of whether or not you want to purge the box automatically when all programs running within it have terminated. For web browsing, I have an auto-delete call invoked on exit of my browser, so the sandbox folder for my browser is 'empty' whenever I'm not using it. For Crysis, the sandbox doesn't have an autodelete setting active, so the files installed to the sandbox stay put on the HDD in that isolated area. Trying to run anything from that area, by the way, automatically launches it in the sandbox. There's also a few settings you can fiddle with so that when program 'X' is launched, it always opens in a specific sandbox.
It sounds confusing, I realize, but after a little bit of time playing with it, the program feels very nice and natural. The ability to restrict which programs run, and which programs get internet access, is also pretty keen.