As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Computer Security Thread] EAC stands for "Easily Accessible Compromise"

TetraNitroCubaneTetraNitroCubane The DjinneratorAt the bottom of a bottleRegistered User regular
Computer Security Thread
Dear Malware: We Hate You


It's a dangerous internet out there. In this thread, let's discuss questions, recommendations, and techniques related to computer security.

Dealing with a nasty infection? Make a post and see if anyone has any advice. Need some recommendations on which anti-virus to use, or just have a quick question about what MBAM is? Check out the software list and ask around for testimonials. The thread's really intended to be a catch-all for any information you might need for security related issues. The OP will be updated as more information fills out, recommendations are made, news breaks, or errors are caught.

On that note, please feel free to contribute to the OP! If you know of a piece of security software overlooked, or take issue with the advice given, post it in the thread and the OP will be modified accordingly. As a major disclaimer I personally am not a security expert, but many people on the forums are very skilled in this field. I plan to give as much help as I can, but hopefully this thread can become a useful info-dump. With luck we can avoid numerous redundant threads on the forum about the same problems, and have a quick-access reference for a variety of questions.

Most of the assembled links and advice are offered for Windows systems, but discussion for all OS flavors are invited.


Big `lo List of Dang-Useful Security Software:

A note on software: No single solution is 100% effective for every person. Depending on how you use your machine, different software will be more suited to your needs. As such, there's no way to tell you exactly what to install, but hopefully you can get some good recommendations about where to start if you're curious.

Current Top Recommendations.
From lurking about the forums, the following pieces of free software have been highly recommended by a large number of people. They're listed here for quick reference, and may change or rotate depending on forum reception and popular opinion. They're lightweight, very effective, and easy to work with. If you're wondering what to get for Anti-Virus or Anti-Malware, these are solid choices. For a list with more options, see behind the spoilers.
Anti-Virus Software:
This post is old and requires some updating. A/V Software is currently evolving quickly. For the moment, the best advice is - Avoid McAfee (if you're running Government machines, Kaspersky) if you can.
[/list]

Anti-Malware:
This section needs updating, but for the time being, useMalwareBytes Antimalware. `Nuff said for now.
Firewalls:
Basic layers of defense against intrusion from internet-based attacks. From Windows XP SP2 and higher, Windows Firewall should be on by default. A large majority of people using computers should therefore already have a firewall on, but these solutions offer more robust options if you're interested.

Interesting note: Windows firewall has caught a lot of flak in the past for not having outbound protection. For XP, it certainly doesn't. In Windows Vista and Windows 7, though, it is possible to configure the firewall for outbound filtering. See here for more details.

Personal Opinion from the OP (Take with a grain of NaCl): If you're worried about nasties, outbound blocking isn't going to help you much. Once the thing is on your system, it's too late, even if you're blocking it's communications. Outbound blocking/monitoring can be useful for privacy's sake, though.


Rootkit Detection:
Rootkits can be nasty, nasty things when put to malicious purposes. I'm not an expert, so I can't explain them fully, but my layman's understanding of them is that they can effectively hide from just about anything - including your A/V and Antimalware software. The following programs are designed to detect, and/or remove rootkits from your system.

Make no mistake, though. If a rootkit gets on your system, the highly recommended course of action is to backup, clean format, and rebuild. It's the only way to be sure you got the sucker.

(Unless specified, these programs are only for x86 machines. 64-Bit Rootkit detectors are a different matter)


Other Protective Software - HIPS (Host Intrusion Prevention System) and Sandboxing:
HIPS and Sandboxing programs add a fantastic layer of first-line defense in addition to Anitvirus and Antimalware software. Most of these programs aim to prevent any software that's untrusted from running or modifying the system, or else will run programs/save files in a virtualized environment where they can't cause harm. Sometimes this means more hassle for the end user in some regards - If you actually want to get a file or program out of the sandbox, or past the HIPS, you have to do so manually - But it's very difficult for nasties to get past these layers if you have them configured correctly.

Keep in mind some of these programs take some advanced configuring, and may not play well with others. I'd recommend further research into each product before taking the plunge.

Note that as of writing this post, there are no functioning HIPS or Sandboxing programs that I know of for x64 Windows machines. Microsoft's Patchguard makes this rather difficult. (EDIT: 64-Bit Sandboxie is available, in release form, as of 2/3)


Other useful software:
Sysinternals Stuff - Tools of great value, now owned by Microsoft.
  • Autoruns - Allows you to see and manipulate/remove all startup tasks and such. Also has a very handy 'Filter Out Windows Processes' option.
  • Process Explorer - Task Manger on Steroids. Allows you to see all running processes, including daughter process relations and in-use DLLs, etc.
  • Process Monitor - More detailed process information, including monitoring of real-time file system, registry, and thread activity.
  • Secunia Personal Software Inspector - Free tool designed to alert you to the presence of outdated and / or vulnerable software on your system. Great for keeping up with third-party programs.
Misc. Tools:
  • HijackThis - Now owned by Trend Micro, HijackThis is a useful program for determining if nasties have their hooks in your browsers. A HijackThis log is sometimes requested if you're looking to remove malware, but not always. It takes a bit of experience to decipher the logs, but if you want to auto-analyze the results there are two OK-ish websites here and here. Just be aware of what you're doing before you remove anything!
  • ESET Sysinspector - Tool for monitoring system changes and status. Sysinspector takes 'snapshots' of your system, and reports back 'risk' levels for each entry it finds. The real power comes from the ability to compare 'snapshots' between different time points, to see what changes have occurred to your system.
  • WinPatrol - System monitoring software. WinPatrol keeps an eye on new additions and changes to your system, and alerts you to when they take effect.
  • [url=Cleanup! - Free tool to remove temporary files from various locations on a Windows XP or earlier system, where malware oftentimes hide after infection.
  • CCleaner - Tool to remove unwanted temporary files and/or old registry entries from a system.

LiveCD and RescueCD options:
In the event that your system becomes infected with a piece of malware, it's often preferable to try to solve the problem from outside the afflicted operating system instead of trying to address the issue from within. The following LiveCD and RescueCD options are bootable images that you can burn to a disk. The tools and available utilities for each vary depending on which you choose, but they will all allow you to boot into a Linux or Windows Environment from which you can address infection, or else take to directly to a scanning utility. This can be particularly useful for backing up files from an existing partition before doing a complete reformat/reinstall.

Other Protective Measures
Having layers of security is always a fantastic idea. It's never a good approach to rely upon one security suite and hope it will keep you one-hundred percent safe. There are actually a number of really great ways to keep your system secure that don't involve additional scanning applications, some of which are built right into most operating systems.

Because I'm a silly, silly goose, you can find this information elsewhere in the thread (I neglected to account for size, and this was a late addition to the OP). Even if it sounds a bit different than usual, this is really important stuff! Take a look and see what works best for your system.

I'm Infected! What do I do?
Even the most vigilant user can get infected these days, thanks to the way zero-day threats and new malware propagate at an alarming rate, and in unexpected ways. If you suspect that you've been infected, there are a number of ways verify a compromise. Try running MalwareBytes AntiMalware, an anti-virus scanner, or an online scanner from the list below. They'll let you know what/if anything hit you. If they come back positive, or you're just sure that the porn-laiden pop-ups / Scareware windows that you're seeing are a good indication that you've been compromised, there are several things you can do. It's hard to give generic advice that will work in all cases, but the following are some basic ways to approach the problem. These options are, in no particular order:
  • The Nuke From Orbit: Backup your data. Clean format your hard drive. Reinstall your operating system and start over. Whatever infected you, it'll likely be gone.

    Yes, it sounds severe, but to be completely honest it's the only way to be sure. Modern malware has deep-digging claws, and if it gets onto your system there's a good chance of it inviting all of its friends. Once an initial infection occurs, most nasties will launch droppers to install other trojans and such, and even deploy rootkits onto your system. There's always a possibility that, no matter how well you cleaned the system, there's something left over that you can't see. Some nasty shit like Virut will also corrupt just about everything of your system, so even removal of the virus will leave damaged files behind that can't be repaired.

    If you take this course of action, be sure to scan your backups for nasty garbage before you restore them. Remember, PDF and .doc files are vectors for infection. Disable autorun for USB devices on XP (it's disabled by default on Vista and 7) before you plug in your backup drive, and ensure your stuff is clean before restoring.

    It may seem like a pain in the ass, but if you're running a modern system on Win 7, reinstallation can be quite fast. And with programs like NLite and vLite it can be a bit easier to manage. Restoring from an image backup can be even more painless, if your backup solution hasn't been compromised.

  • Outsider Assistance: Scan your disks from outside the operating system.

    Booting from a live-CD into another operating system will ensure that whatever crap got its hooks into your machine will be inert. See the "LiveCD and RescueCD options" section in the "Useful Software List" section above for various image files that can assist in either scanning for nasties, or else allowing you to backup your system from outside the OS. Alternatively, you can mount the HDD somehow to an OS X or Linux system with A/V software, and scan through that route. A bit tricky if you go the 'pop the HDD' route, perhaps, but safer than trying to clean from within Windows, if your Windows disk is infected.

  • The Inside Job: Scan in Safe Mode.

    Reboot your system. Once the BIOS POST message clears, mash on F8 until you have the option to load various Windows Safe-Modes. Choose Safe Mode with Networking, and let things load up. Once you're in, download, install, and update MalwareBytes AntiMalware as necessary. Let it run a full scan, and then take action to remove any nasties. Follow this up with an A/V scan from one of the entries on the list below to make sure you're clean. Mix and match removal tools and other anti-malware solutions as necessary (It'll really depend on what you're dealing with). This approach has variable success, but can do the trick in some cases.

    If you're going to try to clean an infected system from the infected partition, one of the strongest, most effective tools to root out the malware is ComboFix. Note that this is extremely powerful software, and inappropriate usage will damage your system. The link above will take you to a guide that's pretty comprehensive, so just be sure you're following along appropriately. In many cases, ComboFix is a pretty stellar way to combat even rootkits.

    A couple of additional notes about this method: First is that sometimes MalwareBytes works pretty stellar in Safe Mode, but sometimes it's not ideal. The creators themselves have said MBAM isn't designed to run in Safe Mode, but anecdotal evidence suggests that's the only way to root out some nasties. Your mileage may vary, so you might want to try scanning both in and out of Safe Mode. Second, if malware is pestering you to the point that you can't even run any security/cleanup software, try using RKill to terminate the nasty process before launching your cleaners. There are several flavors of RKill to try, but you only need to use one. The others are there as alternatives in case one is blocked.



General Tips:
Safe Browsing by limiting what sites you visit is no longer effective. Obviously, you're safer if you avoid porn/piracy/illegal sites on the internet, but that doesn't make you 100% safe. An emergent and popular threat known as "Malvertising" means that ANY website - no matter how safe and trusted - can potentially expose you to malware. The New York Times, National Geographic, Snopes, and other websites have all infected people who simply visited their pages. Of course, there are a number of actions you can take to mitigate the danger.
  • Ensure everything is updated. Obviously you want your OS up to date, so rely on critical updates and service packs from Windows Update. But don't neglect your other third-party programs. Browsers are regularly patched for security purposes. PDF readers and IM clients are similarly patched. As OS patches become more automated, third-party software will become increasingly targeted, so play it safe and up to date.

  • Browser Safety. This is a tricky issue I'm reluctant to weigh in on, so hopefully thread contributors can assist. It's difficult to call any one browser 'more secure' than others these days, so long as we're talking about the latest versions. IE 6 and IE 7 should be treated as ebola-carrying monkeys, and not touched with a ten-foot pole. IE 8 apparently has much better default security, and lower privileges, and has been regarded as much more secure than previous versions. Firefox is imminently customizable, and can be made secure if configured properly. Ditto for Chrome, Safari, and Opera.

    Above all, ensure that you employ some manner of javascript blocking. Exploits are commonly launched via javascript, and blocking them here will ensure such attacks never even reach your machine. On Firefox, get Noscript. For Opera, it's a bit more of a hassle - Go to Preference --> Advanced --> Content. Uncheck "Enable Javascript", "Enable Plugins", and "Enable Java". This will globally deactivate Java and Javascript for all newly visited webpages. When you visit a page where these features are required, right-click on the page and select "Site preferences". Now enable the options you wish. It will save these options on a per-site basis, so you'll never have to do it again for that site. It's a pain, but the advantage is that, if for some reason a malicious redirect lands you on a malware page, javascript won't be able to run, since it's a domain you've never visited before.

    Chrome and Safari should have methods for selective script blocking as well, but I'm unfamiliar with them at this time. I'll fill in this space if someone in the thread can provide details!

  • DON'T PANIC: Modern malware is often 'Scareware' that tries to pressure the user into making an uninformed, rash decision to install malicious software. If you see a popup telling you that it's found a virus on your machine, treat it with suspicion. Do you recognize the name of the software? It is a security suite you're running? If not, you're likely looking at a browser-generated fraud. Clicking anywhere on the dialogue (i.e. even the 'X', 'NO', or 'Cancel' buttons) will launch a download of rogue anti-virus software. The best way to deal with it is to ctrl-alt-del to call up the task manager, and kill the browser entirely. Then do a scan with Malwarebytes just to be sure it didn't do anything nasty. Above all, stay in control. If you're not sure of what you're seeing, find a way to record messages/screenshots before taking action.

    Additionally, remember to apply the same ideals to communications in general. Don't let someone pressure you into thinking your bank account, credit card, or Paypal are being frozen and they need your password right now!! Anyone who asks you for your password and login information over any channel (IM, email, even the phone) is either an idiot or a thief. Regardless of which they are, you don't want them having that information.


News

  • News Refresh Inbound. Please hold


More will be added to the list as time goes on. Until then, be safe!

VuIBhrs.png
TetraNitroCubane on
«13456795

Posts

  • stigweardstigweard Registered User regular
    edited December 2009
    Needs more ComboFix. Also, another good, free option for sandboxing is to use a vmware browser appliance.

    stigweard on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    stigweard wrote: »
    Needs more ComboFix. Also, another good, free option for sandboxing is to use a vmware browser appliance.

    Very good ideas. Combofix is offline for the moment, thanks to a system-breaking bug. I'll be sure to add it into the OP once the author gets the issues sorted out. Their main link explicitly warns against using other versions hosted elsewhere. I gather it's something rather serious.

    I admit that I'm unfamiliar with vmware for sandboxing, but I'll gladly add it in!

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    I added in the vmware links, but ComboFix is still out of commission for the time being, unfortunately.

    I also added a news section, which I'll try to keep up to date without spamming the thread to severely. For the time being, everyone should be aware of the recent exploits to Adobe products and PDF viewers which utilize Javascript. There's more information in the OP.

    TetraNitroCubane on
    VuIBhrs.png
  • HounHoun Registered User regular
    edited December 2009
    Run Linux?

    *ducks*

    In all seriousness, I've kept a Linux router/firewall set up between the Internet and any Windows PCs I've had set up, and I have never picked up anything nasty. No viruses, no hacks, etc. Bottom line, I don't trust Microsoft in the slightest to keep their own product secure, and will never connect a Windows box direct to the 'net if I can ever avoid it.

    Houn on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    Houn wrote: »
    Run Linux?

    *ducks*

    In all seriousness, I've kept a Linux router/firewall set up between the Internet and any Windows PCs I've had set up, and I have never picked up anything nasty. No viruses, no hacks, etc. Bottom line, I don't trust Microsoft in the slightest to keep their own product secure, and will never connect a Windows box direct to the 'net if I can ever avoid it.

    That's one off the list. Now all we need is someone saying 'Buy a Mac!'

    I kid, I kid. Your reasoning is sound in my opinion. Running Linux (or OS X) is a viable solution to many of the ailments that Windows boxes are prone to. I'm not making any accusations otherwise - Windows machines are a prime target in a way that other OS options are not, for a variety of reasons. Unfortunately, it's not everyone knows how to set up a Linux router / can escape to OS X, etc.

    TetraNitroCubane on
    VuIBhrs.png
  • FodderFodder Registered User regular
    edited December 2009
    Linux is almost getting to the point that it's mainstream enough for the average consumer, though probably not quite there yet. If it wasn't for games I would probably have switched exclusively to linux a while ago. I have plans to try to get my grandparents using it when I'm back home.

    I'm using avast now on my laptop windows partition which doesn't get used more than a month at a time or so, so I'm not terribly concerned about it, but does microsoft security essentials do as good a job or better than it? It'd be nice to use that instead just to keep things somewhat consistent, and I don't think I really need an antivirus that badly anyways, but avast doesn't seem bad so I'm ok with keeping it until something better comes along.

    Fodder on
    steam_sig.png
  • DaedalusDaedalus Registered User regular
    edited December 2009
    Far more important that browser security (frankly, IE8 is basically up to bar with the rest of the modern browsers, finally) is website security, i.e. if you stay away from your shady warez and porn sites and don't open e-mail viruses, you'll have a far lower chance of infection than otherwise. This isn't foolproof, of course; legitimate sites get compromised all the time and then used as a vector for viruses, but it sure helps.
    And yeah, run Linux. I recognize when this isn't really an option, though.

    Daedalus on
  • HounHoun Registered User regular
    edited December 2009
    Oh, don't get me wrong; my days of "Anti-M$ Zealotry" are far behind me. I recognize that Windows is an inevitability for most people; I've had Windows around for gaming for ever, and have a Windows box at work for Outlook/Internal Apps. At the same time, only a fool would deny that Windows and IE are, if not just insecure, definitely the juiciest target for virus and malware writers due to it's penetration.

    Taking the simple steps of a seperate firewall, and using ANYTHING other than IE (really, please, pretty please) can reduce your chances of contracting something by, what, 99%?

    Houn on
  • undeinPiratundeinPirat Registered User regular
    edited December 2009
    Hi! I was wondering, my father decided to purchase as a christmas gift a token bundle of software that included Norton 360; I am currently using that for antivirus. Would you recommend I renew the subscription? Or are the free tools good enough that I could switch to them and get the same protection? I'm not worried about Norton being bad, it seems to do its job, I just don't know if it is the best protection that I could get; I have been hearing magic things about MSE.

    undeinPirat on
    [SIGPIC][/SIGPIC] steam: undeinpirat
  • HounHoun Registered User regular
    edited December 2009
    I haven't used Norton in years, but last I did, it angered me greatly with how much of a memory hog it was. I've been using Symantec at work, and it seems to run ok, and AVG at home.

    Houn on
  • DaedalusDaedalus Registered User regular
    edited December 2009
    Norton can be charitably considered to be "not worth the money" and uncharitably considered to be "worse than some viruses". Get yourself MSE or AVG or something.

    edit: oh, and the Norton uninstall program doesn't actually remove it entirely, last I checked. Fun fun.

    Daedalus on
  • Dark ShroudDark Shroud Registered User regular
    edited December 2009
    MSE is a lot better than AVG. AVG has been sucking for awhile now.

    I would also suggest that Zonealarm be removed from the list of Firewalls. That thing is garbage and should not even be acknowledged.

    Dark Shroud on
  • AyulinAyulin Registered User regular
    edited December 2009
    Been running Norton since the 2009 version here, although I'm going to switch to MSE once it expires. It's gotten a lot better in terms of memory use and performance; quick check of Task Manager shows it's running two processes with ~8MB of memory in use.

    I'd still say ditch it and switch to MSE, though :P

    Ayulin on
    steam_sig.png
  • Desert_Eagle25Desert_Eagle25 Registered User regular
    edited December 2009
    Eset's Nod32 wins over most anti-virus software, hands down.

    Desert_Eagle25 on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    On the topic of Norton - A few years back it was widely considered horrible for it's bloated footprint and ineffective detection. I've been hearing that Symantec really cleaned things up with their latest releases, but honestly, I don't think it can compare to MSE. Mostly because MSE is free.

    And heck, MSE is doing really well with detections at the moment. It's picking up stuff that NOD's been missing lately, according to VirusTotal.
    Eset's Nod32 wins over most anti-virus software, hands down.

    I'll certainly agree with this, to a degree. I've been using it for years now, and been pretty happy thanks to the low resource usage and good protection. Unfortunately they seem to be 'slipping' a bit. Most of the latest 'comparatives' studies seem to rank it low against Day-0 threats... but still, the really snappy and repeated signature updates are a big plus. I get two, if not three a day.
    I would also suggest that Zonealarm be removed from the list of Firewalls. That thing is garbage and should not even be acknowledged.

    If this is consensus, consider it gone. The Firewall list is a little brief right now, but I'll try to fill it out soon. I admit I don't have much experience with Zonealarm.

    TetraNitroCubane on
    VuIBhrs.png
  • Desert_Eagle25Desert_Eagle25 Registered User regular
    edited December 2009
    On the topic of Norton - A few years back it was widely considered horrible for it's bloated footprint and ineffective detection. I've been hearing that Symantec really cleaned things up with their latest releases, but honestly, I don't think it can compare to MSE. Mostly because MSE is free.

    And heck, MSE is doing really well with detections at the moment. It's picking up stuff that NOD's been missing lately, according to VirusTotal.
    Eset's Nod32 wins over most anti-virus software, hands down.

    I'll certainly agree with this, to a degree. I've been using it for years now, and been pretty happy thanks to the low resource usage and good protection. Unfortunately they seem to be 'slipping' a bit. Most of the latest 'comparatives' studies seem to rank it low against Day-0 threats... but still, the really snappy and repeated signature updates are a big plus. I get two, if not three a day.
    I would also suggest that Zonealarm be removed from the list of Firewalls. That thing is garbage and should not even be acknowledged.

    If this is consensus, consider it gone. The Firewall list is a little brief right now, but I'll try to fill it out soon. I admit I don't have much experience with Zonealarm.

    I'm personally glad for you that you have no experience with ZoneAlarm, cause you're a lucky man. I'd definitely go as far as to say that ZA is a p.o.s.

    Desert_Eagle25 on
  • HounHoun Registered User regular
    edited December 2009
    Unfortunately, AVG is the only free AV that is approved by my company's VPN. So, if I want remote access... AVG, or buy Symmantec.

    Houn on
  • Dark ShroudDark Shroud Registered User regular
    edited December 2009
    Houn wrote: »
    Oh, don't get me wrong; my days of "Anti-M$ Zealotry" are far behind me. I recognize that Windows is an inevitability for most people; I've had Windows around for gaming for ever, and have a Windows box at work for Outlook/Internal Apps. At the same time, only a fool would deny that Windows and IE are, if not just insecure, definitely the juiciest target for virus and malware writers due to it's penetration.

    Taking the simple steps of a seperate firewall, and using ANYTHING other than IE (really, please, pretty please) can reduce your chances of contracting something by, what, 99%?

    You are so far behind the times. Only Windows has security functions like ASLR (Address Space Layout Randomization). IE is also very secure now, more so by default than most every other browser. In fact only Chrome comes close to all the little settings options that IE has. Chrome is the only other browser to follow IE's example and add a sand box mode. IE also runs at a lower privilege level than any other browser.

    Nothing can install through IE without the user's permission. In the chance that something does slip through it still can't make any changes to the system thanks to the sand box mode.

    Microsoft becomes high priest of secure software development

    OPINION: Pigs Fly! Microsoft Leads in Security

    Dark Shroud on
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited December 2009
    ZoneAlarm has been a POS for years now. I was surprised to see it on the list.

    I tried AVG a while back, didn't like how it auto-installed a Firefox addon that added a bunch of useless shit.

    I am very happy with MSE.

    Shorn Scrotum Man on
    steam_sig.png
  • AegisAegis Fear My Dance Overshot Toronto, Landed in OttawaRegistered User regular
    edited December 2009
    ZoneAlarm always worked fine for me on XP. Though, having moved to Vista and finding that ZoneAlarm and Vista don't get along well I ended up switching to Commodo. I'm not necessarily sad that I don't use ZA anymore as Commodo is much better.

    Aegis on
    We'll see how long this blog lasts
    Currently DMing: None :(
    Characters
    [5e] Dural Melairkyn - AC 18 | HP 40 | Melee +5/1d8+3 | Spell +4/DC 12
  • HounHoun Registered User regular
    edited December 2009
    Houn wrote: »
    Oh, don't get me wrong; my days of "Anti-M$ Zealotry" are far behind me. I recognize that Windows is an inevitability for most people; I've had Windows around for gaming for ever, and have a Windows box at work for Outlook/Internal Apps. At the same time, only a fool would deny that Windows and IE are, if not just insecure, definitely the juiciest target for virus and malware writers due to it's penetration.

    Taking the simple steps of a seperate firewall, and using ANYTHING other than IE (really, please, pretty please) can reduce your chances of contracting something by, what, 99%?

    You are so far behind the times. Only Windows has security functions like ASLR (Address Space Layout Randomization). IE is also very secure now, more so by default than most every other browser. In fact only Chrome comes close to all the little settings options that IE has. Chrome is the only other browser to follow IE's example and add a sand box mode. IE also runs at a lower privilege level than any other browser.

    Nothing can install through IE without the user's permission. In the chance that something does slip through it still can't make any changes to the system thanks to the sand box mode.

    Microsoft becomes high priest of secure software development

    OPINION: Pigs Fly! Microsoft Leads in Security

    I assume you're talking about IE 8, which no one will install, because it's not supported by anything?

    Houn on
  • Dark ShroudDark Shroud Registered User regular
    edited December 2009
    ZA would seem to do a good job as long as you didn't have any problems and you weren't file sharing. I remember 10 years ago having trouble with ZA & Kazaa, this is when Kazaa was still good. In short ZA cannot handle large scale traffic and gets a lot of false positives.

    ZA modified the Windows tcp/ip stack. It did this in 98SE, 2000, & XP. ZA has problems with Vista & Win7 because they use a different tcp/ip stack and a lot more security & system hardening so programs in general can't just mess with the system.

    Then there is the little issues of ZA not disabling, as in you would "disable" it the program would say ok and tell you it's disabled and then keep on running. So if you were trying to diagnose a connection problem you had to uninstall ZA to get proper network info.

    And lastly ZA would leave a lot of trash in your system when you did uninstall the thing.

    So yes the Windows Firewall is just fine, if you want something more use Comodo. I've also had good resutls with McAfee's firewall, I just don't feel like paying for it.

    Dark Shroud on
  • HounHoun Registered User regular
    edited December 2009
    I'm fond of my custom iptables setup myself; perfect firewall. Not recommended for everyone, though.

    Houn on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    The people have spoken: ZoneAlarm is now dead to us.

    On another note, has anyone had any experience with Prevx? It's supposed to be cloud-based malware recognition that doesn't conflict with A/V software, but I'm at a loss as to what it actually does (i.e. if it's signature based, heuristics based, system monitor based). Their website is a little too flashy for my taste, and I can't find any real info there, but it's been recommended to me by word-of-mouth.

    TetraNitroCubane on
    VuIBhrs.png
  • travathiantravathian Registered User regular
    edited December 2009
    Houn wrote: »
    In all seriousness, I've kept a Linux router/firewall set up between the Internet and any Windows PCs I've had set up, and I have never picked up anything nasty. No viruses, no hacks, etc. Bottom line, I don't trust Microsoft in the slightest to keep their own product secure, and will never connect a Windows box direct to the 'net if I can ever avoid it.

    lolz, no, just no, please god no. Stop spouting stupid shit. You can have the best fucking stand alone firewall in the world and it doesn't mean shit when a trusted site is delivering the payload to your web browser, or you open that file from a trusted source, or view that attachment from a trusted email. Secondly, there's that whole cause/effect thing going on, and claiming that your precious firewall has prevented you from getting anything is a joke. But hey if we are trading useless anecdotes, guess what, I don't have a fancy linux firewall and I too haven't picked up anything nasty!

    Oh hey, more stupid shit:
    Houn wrote: »
    I assume you're talking about IE 8, which no one will install, because it's not supported by anything?

    lolz, yeah, not supported by anything, except one of the most popular internet applications around: Steam, maybe you've heard of it? Oh, and here's another shocker, Win7 comes with IE8 by default, so I am guessing there are just a few people using it as their default browser. Really dude, if you want to bury your head in the sand, that's fine, but keep the stupid inside your head.


    Tetra, I totally agree about the client firewall and blocking outbound connections. It is mostly a privacy/control thing and less a security thing. I use one because I want to know what apps are phoning home and decide whether or not to let them out. The other useful aspect is isolating infections to a single computer within your trusted zone. Sure my laptop may get infected, but the hope is that the client side firewall will prevent the virus from accessing trusted resources before I can kill its network access and deal with the infection.

    travathian on
  • Desert_Eagle25Desert_Eagle25 Registered User regular
    edited December 2009
    travathian wrote: »
    Houn wrote: »
    In all seriousness, I've kept a Linux router/firewall set up between the Internet and any Windows PCs I've had set up, and I have never picked up anything nasty. No viruses, no hacks, etc. Bottom line, I don't trust Microsoft in the slightest to keep their own product secure, and will never connect a Windows box direct to the 'net if I can ever avoid it.

    Stop spouting stupid shit.

    Desert_Eagle25 on
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited December 2009
    Yeah, can we chill on the Linux zealotry?

    Shorn Scrotum Man on
    steam_sig.png
  • stigweardstigweard Registered User regular
    edited December 2009
    You are so far behind the times. Only Windows has security functions like ASLR (Address Space Layout Randomization).

    ASLR wasn't even coined by Microsoft. It has existed in OpenBSD, and patched into Linux (now core iirc) for nearly a decade. Like most good parts of Windows, it was licensed, purchased, or otherwise ripped from other operating systems.

    stigweard on
  • HounHoun Registered User regular
    edited December 2009
    travathian wrote: »
    Houn wrote: »
    In all seriousness, I've kept a Linux router/firewall set up between the Internet and any Windows PCs I've had set up, and I have never picked up anything nasty. No viruses, no hacks, etc. Bottom line, I don't trust Microsoft in the slightest to keep their own product secure, and will never connect a Windows box direct to the 'net if I can ever avoid it.

    lolz, no, just no, please god no. Stop spouting stupid shit. You can have the best fucking stand alone firewall in the world and it doesn't mean shit when a trusted site is delivering the payload to your web browser, or you open that file from a trusted source, or view that attachment from a trusted email. Secondly, there's that whole cause/effect thing going on, and claiming that your precious firewall has prevented you from getting anything is a joke. But hey if we are trading useless anecdotes, guess what, I don't have a fancy linux firewall and I too haven't picked up anything nasty!

    Oh hey, more stupid shit:
    Houn wrote: »
    I assume you're talking about IE 8, which no one will install, because it's not supported by anything?

    lolz, yeah, not supported by anything, except one of the most popular internet applications around: Steam, maybe you've heard of it? Oh, and here's another shocker, Win7 comes with IE8 by default, so I am guessing there are just a few people using it as their default browser. Really dude, if you want to bury your head in the sand, that's fine, but keep the stupid inside your head.


    Tetra, I totally agree about the client firewall and blocking outbound connections. It is mostly a privacy/control thing and less a security thing. I use one because I want to know what apps are phoning home and decide whether or not to let them out. The other useful aspect is isolating infections to a single computer within your trusted zone. Sure my laptop may get infected, but the hope is that the client side firewall will prevent the virus from accessing trusted resources before I can kill its network access and deal with the infection.

    1. Obviously no firewall in the world can prevent a trusted client from doing something stupid. I am not stupid. A good firewall will, however, protect you from all manner of worms and scans looking for running services with known exploits. But yes, it's only one piece of the puzzle.

    2. I can't use IE8 due to several of my employer's internal WebApps being completely broken in it; and they are designed to work in IE7. Hell, some of the products we sell still don't have IE8 support. It's growing, sure, and I admit I was exaggerating when I said "anything", but I know I am not incorrect when I say that there are a large number of people out there with non-public applications that will not run in IE8 yet.

    3. Up until last weekend, I was running a Vista64 machine with AVG and Firefox, behind the aforementioned Linux router/firewall. I've been running variants on this setup for, oh, 7 or 8 years now. Combined with good browsing habits and a bit of caution, I have never picked up a virus.

    So, you can stop getting so defensive. I'll trust Windows the day I hook it up straight to the 'net and don't get a worm infection within the first 10 minutes. And for the record, no, I don't trust Linux either, but I DO trust my firewall rules, and I do trust that far, far less malware targets it.

    Operating systems are tools. They each have their strengths and weaknesses. Anything I relate is opinion based on my personal experience; it may not be your experience that Windows is insecure, but it has been mine. I also admit this is colored by my time spent fixing Windows PC, and then my time spent working with Linux servers.

    Houn on
  • Phoenix-DPhoenix-D Registered User regular
    edited December 2009
    I've been running variations on a directly-connected Windows setup for, oh, 7 or 8 years now. Combined with good browsing habits and a bit of caution, I have never picked up a virus.

    Can we quit with the zealotry now? :P

    Windows breaks a lot because a lot of Windows users are complete morons when it comes to security or computers in general. That is why you spend so much time fixing Windows boxes.

    Phoenix-D on
  • Desert_Eagle25Desert_Eagle25 Registered User regular
    edited December 2009
    Phoenix-D wrote: »

    Windows breaks a lot because a lot of Windows users are complete morons when it comes to security or computers in general. That is why you spend so much time fixing Windows boxes.

    P.S. Putting up your own security measures and then berating Windows for lacking their own proper security, without even allowing the Microsoft software an opportunity, is a horrible logic.

    Desert_Eagle25 on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    While I do think that Windows platforms are undeniably more vulnerable that other OS solutions available right now, I have no idea if that's due to developer negligence or just simple market saturation. Regardless of the events of the past, though, I think Microsoft is certainly taking notice in a big way. They know that the Windows reputation of 'Least Secure OS' is damaging their brand, and they're moving to fix it in some ways. MSE is really evidence of that, particularly since it's free.

    Minor Thread Alteration: I've moved Prevx and added Threatfire to a new Anti-Malware category, 'Behavior Blockers'. I'm really torn on these programs, particularly Prevx. After doing some research, they seem like invaluable tools that can run alongside current A/V solutions without much issue, and cloud-based recognition makes them appealing. Prevx in particular has some glowing reviews from sources I usually trust.

    However, I just can't get over the fact that Prevx just feels shady. Their website looks like a scareware site, and apparently the free version of their software may or may not engage in scareware tactics. There have been a number of odd news releases about them, too, including accusations that they've created their own malware to boost sales. These developments, combined with their recent behavior during the 'Black Screen of Death' debacle (details) makes me consider removing Prevx from the list.

    I don't want the list being a collection of my personal opinions, though, and I have no experience with the actual software. Any input on the matter would be greatly appreciated. The problem I always have when researching security issues is the rampant fanboyism that paralyzes some of the discussion venues like Wilder's.

    TetraNitroCubane on
    VuIBhrs.png
  • TychoCelchuuuTychoCelchuuu PIGEON Registered User regular
    edited December 2009
    I'd like to add Dr. Web's free CureIt! as a stupendous option for scanning for viruses if you're not going the nuke from orbit route. That thing catches a ton of stuff. Thank you Russia.

    TychoCelchuuu on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited December 2009
    I'd like to add Dr. Web's free CureIt! as a stupendous option for scanning for viruses if you're not going the nuke from orbit route. That thing catches a ton of stuff. Thank you Russia.

    Consider it done!

    Also, ComboFix is back online, so I added it to the recommended links for reactive malware removal as per Stigweard's suggestion. It's a potent program, and not to be used lightly, but it's very good at what it does.

    TetraNitroCubane on
    VuIBhrs.png
  • GreenishGreenish Registered User regular
    edited December 2009
    I'd like to add Dr. Web's free CureIt! as a stupendous option for scanning for viruses if you're not going the nuke from orbit route. That thing catches a ton of stuff. Thank you Russia.

    Consider it done!

    Also, ComboFix is back online, so I added it to the recommended links for reactive malware removal as per Stigweard's suggestion. It's a potent program, and not to be used lightly, but it's very good at what it does.

    Great to see ComboFix is back. Its my current favorite last resort tool.

    Take Tetra's word that ComboFix is not to be taken lightly. This thing will root out even the most stealthy of rootkits but it can give you major problems with your system files if you aren't careful. See, in the process of removing these rootkits some system files might get caught up in the crossfire and get purged along with the rootkit because of Combofix's detection algorithm. This can turn a hijacked system into an unbootable one quick. Im sure the recent outage was because of this very reason. A new kit was being purged along with system files and it was trashing systems.

    Id also like it if Smitfraudfix were on the list. This little prog is a dynamo when it comes to getting rid of browser hijacks and those fake anti-virus programs. But like Combofix, do your homework and know exactly what you are getting rid of before you use these tools.

    Greenish on
  • theSquidtheSquid Sydney, AustraliaRegistered User regular
    edited December 2009
    While I do think that Windows platforms are undeniably more vulnerable that other OS solutions available right now, I have no idea if that's due to developer negligence or just simple market saturation. Regardless of the events of the past, though, I think Microsoft is certainly taking notice in a big way. They know that the Windows reputation of 'Least Secure OS' is damaging their brand, and they're moving to fix it in some ways. MSE is really evidence of that, particularly since it's free.

    Thank you for the only adult pro-MS response to the Linux users in this thread.

    theSquid on
  • TofystedethTofystedeth Registered User regular
    edited December 2009
    Yeah, saying IE8 doesn't work with anything is pretty hyperbolic where "anything" consists of companies intranet webapps. They never got those working with IE7 either. But for your average consumer (ie, someone reading this thread who is actually in a position to choose what browser he uses) most sites should work just fine, and those that don't you can try compatibility mode. I've not seen a site that didn't work right in IE8 (with the ironic exception of the PA forums, which for some reason say require me to log in twice.)

    edit: Firefox 3.5 user here.

    Tofystedeth on
    steam_sig.png
  • NackmatholnNackmatholn Registered User regular
    edited December 2009
    Yeah, saying IE8 doesn't work with anything is pretty hyperbolic where "anything" consists of companies intranet webapps. They never got those working with IE7 either. But for your average consumer (ie, someone reading this thread who is actually in a position to choose what browser he uses) most sites should work just fine, and those that don't you can try compatibility mode. I've not seen a site that didn't work right in IE8 (with the ironic exception of the PA forums, which for some reason say require me to log in twice.)

    edit: Firefox 3.5 user here.

    I do tech support for a major national bank's web site. Basically I take calls from consumers and explain to them why they screwed up their passwords, etc. One thing that we have noticed since the release of Internet Explorer 8 is it produces many unexplained errors. One of it's favored errors tells us, through an error code, that the IE 6 user needs to apply hotfix to properly use the javascripting of our website. It identifies as I E 6... Most of the time the only way to get IE 8 to 'work' for our site is to get the consumer to find the compatibility button. These are the very same consumers that take 20 minutes to find the address bar. IE 8 is still not supported by my financial institution, and the main response when a consumer has an issue with the site, and they are using IE 8 is to install Firefox, Opera, or Safari.

    Nackmatholn on
    camo_sig2.png PSN - Nackmatholn
  • StarfuckStarfuck Registered User, ClubPA regular
    edited December 2009
    I'm not as tinfoil-hatish as I used to be, but one place I would frequent quite a bit was Wilders Security Forum. I used to use a lot of DiamondCS software as well. These days, I just run MSE and use webmail so I don't download something I don't want.

    Starfuck on
    jackfaces
    "If you're going to play tiddly winks, play it with man hole covers."
    - John McCallum
  • Dark ShroudDark Shroud Registered User regular
    edited December 2009
    Yeah, saying IE8 doesn't work with anything is pretty hyperbolic where "anything" consists of companies intranet webapps. They never got those working with IE7 either. But for your average consumer (ie, someone reading this thread who is actually in a position to choose what browser he uses) most sites should work just fine, and those that don't you can try compatibility mode. I've not seen a site that didn't work right in IE8 (with the ironic exception of the PA forums, which for some reason say require me to log in twice.)

    edit: Firefox 3.5 user here.

    I do tech support for a major national bank's web site. Basically I take calls from consumers and explain to them why they screwed up their passwords, etc. One thing that we have noticed since the release of Internet Explorer 8 is it produces many unexplained errors. One of it's favored errors tells us, through an error code, that the IE 6 user needs to apply hotfix to properly use the javascripting of our website. It identifies as I E 6... Most of the time the only way to get IE 8 to 'work' for our site is to get the consumer to find the compatibility button. These are the very same consumers that take 20 minutes to find the address bar. IE 8 is still not supported by my financial institution, and the main response when a consumer has an issue with the site, and they are using IE 8 is to install Firefox, Opera, or Safari.

    IE has "quirks mode" commands that can be added to a site's code/templates. Basically sites can tell IE8 to open them in compatibility automatically. They could also add a little info bar telling people with IE6 to either upgrade to IE8 or to install the hotfix.

    Example site: http://ie6update.com/#

    I personally do not care for Firefox, a big part of that is the User base. I have no qualms admitting that I'm a MS fanboy. When it comes to web surfing I use IE & Opera in tandem. When IE7 came out I was trying to spread the message, whether you use IE or not you should still upgrade PCs to IE7 even if you install an alternate browser. The moment I mentioned IE I would immediately be cut off with some phrase involving the word Fuck. This was always Directly followed by the proclamation “I use Firefox” like it’s a badge of honor.

    Dark Shroud on
Sign In or Register to comment.