As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

[Computer Security Thread] Lastpass Compromised (Again)

145791094

Posts

  • MoSiAcMoSiAc Registered User regular
    edited April 2010
    From just a few minutes of looking I wouldn't go near Advanced System Care program.
    http://www.iobit.com/advancedwindowscareper.html

    It looks like BS deep fried in snake oil. There is a good chance this program does more harm than good.

    Advanced SystemCare is built with Turbo Boost to speed up PC by shutting down unnecessary background processes, cleaning RAM, and intensifying processor performance.

    Safely cleans registry junks, compacts registry bloat and defragments the registry for blistering-fast performance

    Registy cleaning, defragging, & compacting are snake oil.

    For security MSE is the best free option and you can throw in Malwarebyte's Antimalware as well as Super Antispyare. For cleaning CCleaner & Revo Uninstaller. Windows Vista & Se7en both actively defrag but if you want to get hardcore checkout Smart Defrag.


    This is pretty much what I thought but I didn't want to just say to him 'dude it's all bull' without some clear explination. He is running XP, but he also has a problem with going to unhealthy sites. I think I need to teach him how to setup a sandbox browser so he doesn't have to worry with it.

    MoSiAc on
    Monster Hunter Tri US: MoSiAc - U46FJF - Katrice | RipTen - Gaming News | Los Comics
  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    edited April 2010
    Firefox was, and still is, considered secure, not because of itself, but because of the plugins you can install to shut a bunch of dangerous shit off: AdBlock, FlashBlock, NoScript. Chrome, nor IE8, has those, and thus, cannot be made as secure as Firefox. Out of the box? No clue, I don't ever use any browser "out of the box".

    GnomeTank on
    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • Dark ShroudDark Shroud Registered User regular
    edited April 2010
    GnomeTank wrote: »
    Firefox was, and still is, considered secure, not because of itself, but because of the plugins you can install to shut a bunch of dangerous shit off: AdBlock, FlashBlock, NoScript. Chrome, nor IE8, has those, and thus, cannot be made as secure as Firefox. Out of the box? No clue, I don't ever use any browser "out of the box".

    Yeah that's a lot of BS. Security firms are already turning on Firefox. But as to the rest, IE does have Adblock and FlashBlock. NoScript I'm not sure off atm but I've been surfing on IE since 5.5 on 98SE and have not once needed it to block infection.

    Furthermore until all of those come in Firefox by default it will never be as secure as Chrome & IE8. And to top it off average people will not use those beyond Adblock. IE8 & Chrome's security features work seamlessly by default.

    Dark Shroud on
  • Dark ShroudDark Shroud Registered User regular
    edited April 2010
    uean wrote: »
    Ayulin wrote: »
    Get rid of AVG, definitely, since you don't need more than one antivirus running at a time. As for Spybot, I'm not so sure it's still relevant; most of the time people seem to just run with MBAM.

    Spybot has some great extra features... and I use it in combination with MBAM to ensure everything is gone.

    I love Spybot's built in file shredder and Startup Process killer., and obviously the immunisation is really helpful.

    I use CCleaner to deal with Startup Processes. But Spybot SD is worth keeping just for the Immunization feature alone.

    Dark Shroud on
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited April 2010
    GnomeTank wrote: »
    Firefox was, and still is, considered secure, not because of itself, but because of the plugins you can install to shut a bunch of dangerous shit off: AdBlock, FlashBlock, NoScript. Chrome, nor IE8, has those, and thus, cannot be made as secure as Firefox. Out of the box? No clue, I don't ever use any browser "out of the box".

    Nevermind that plugin vulnerabilities leave Firefox open to attacks, and people have submitted malware that looks like plugins.

    Also, I seem to remember reading somewhere that several plugins had gotten hijacked.

    Shorn Scrotum Man on
    steam_sig.png
  • GnomeTankGnomeTank What the what? Portland, OregonRegistered User regular
    edited April 2010
    GnomeTank wrote: »
    Firefox was, and still is, considered secure, not because of itself, but because of the plugins you can install to shut a bunch of dangerous shit off: AdBlock, FlashBlock, NoScript. Chrome, nor IE8, has those, and thus, cannot be made as secure as Firefox. Out of the box? No clue, I don't ever use any browser "out of the box".

    Yeah that's a lot of BS. Security firms are already turning on Firefox. But as to the rest, IE does have Adblock and FlashBlock. NoScript I'm not sure off atm but I've been surfing on IE since 5.5 on 98SE and have not once needed it to block infection.

    Furthermore until all of those come in Firefox by default it will never be as secure as Chrome & IE8. And to top it off average people will not use those beyond Adblock. IE8 & Chrome's security features work seamlessly by default.

    No one in this thread is the "average user", and should be able to install fucking FireFox plugins...and if they can't, that's a "them" issue not a "me" issue. You're assumption that because FireFox doesn't come out of the box "as secure as IE8" (which I find suspect at best), and thus, through extrapolation, can never be as secure as IE8 (again, a very suspect statement), is completely bogus logic. It can be made MORE secure than IE8, easily, and quickly, by anyone who has the knowledge (which should be everyone in this thread).

    As far as plugins being hijacked, none of the three I listed have been, and you shouldn't be installing random plugins anymore than you should be installing random software on your system. If you do, and you get infected...welp. You learned a lesson, I guess? I mean, do you run every random MSI and exe you see? If not, why in the hell would you just go around installing plugins you aren't sure about?

    GnomeTank on
    Sagroth wrote: »
    Oh c'mon FyreWulff, no one's gonna pay to visit Uranus.
    Steam: Brainling, XBL / PSN: GnomeTank, NintendoID: Brainling, FF14: Zillius Rosh SFV: Brainling
  • CmdPromptCmdPrompt Registered User regular
    edited April 2010
    Didn't see this in the OP, thought it was worth a mention: Secunia Personal Software Inspector. Basically it scans your hard drive for outdated/vulnerable software and gives you links to updated versions/patches.

    CmdPrompt on
    GxewS.png
  • AyulinAyulin Registered User regular
    edited April 2010
    Oh yeah, that's a good one. Been using that for a while, and it's pretty on the ball when it comes to new updates. I've even had it detect certain games after they were installed.

    Ayulin on
    steam_sig.png
  • AyulinAyulin Registered User regular
    edited May 2010
    Was cruising through the OP, and noticed Firefox is still up as having a vulnerability. It's been fixed as of March 22, in Firefox 3.6.2.

    Ayulin on
    steam_sig.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited May 2010
    Ayulin wrote: »
    Was cruising through the OP, and noticed Firefox is still up as having a vulnerability. It's been fixed as of March 22, in Firefox 3.6.2.

    Updated that, and also the Opera vulnerability, which was patched long ago as well.

    The thread needs some serious attention from me, I know. I apologize, and will be getting around to it. I need to do a bit of research before I make the next addition, but I've been busy with unrelated gobble-dee-gook unfortunately.

    TetraNitroCubane on
    VuIBhrs.png
  • MugsleyMugsley DelawareRegistered User regular
    edited May 2010
    So about a month and a half ago I helped a friend recover from a fairly serious virus (some version of NotAVirus; which would convert his Google search results to Hungarian and automatically return results for porn any time he used the search [entertaining, but I digress]). I helped him put up a few safeguards, but I'm trying to find a nice way to tell him to tell his wife (whose laptop it is) to stop trying to download coupon links and generally being a shitty internet user.

    Mugsley on
  • RandomEngyRandomEngy Registered User regular
    edited May 2010
    RandomEngy on
    Profile -> Signature Settings -> Hide signatures always. Then you don't have to read this worthless text anymore.
  • inspectorwebinspectorweb Registered User new member
    edited May 2010
    I recommend AnVir Task Manager or its free version. It shows everything running on a computer. I've been using it for about 4 or 5 years on a couple of pc's, and never get any problems with viruses or slow PC.

    inspectorweb on
  • TofystedethTofystedeth Registered User regular
    edited May 2010
  • Dark ShroudDark Shroud Registered User regular
    edited May 2010
    People like to rip on MS being bad for security but they have really turned around. The fact that IE8 is extremely secure was proof enough. MSE is pure icing on the cake at this point.

    Dark Shroud on
  • SynthesisSynthesis Honda Today! Registered User regular
    edited May 2010
    Being the primary target of attacks, overwhelmingly in many areas, is going to put you at risk.

    Of course, if anyone has the time or resources to deal with this, it's Microsoft.

    Synthesis on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited May 2010
    Rwise fwom your gwave! Sorry for neglecting this thread for so long. I'll try to get the news up to date soon.

    So, I've put together a couple of new categories that I think are pretty important. Mostly these are methods of security and prevention that don't involve discrete antimalware or antivirus protection programs. I hesitate to truly label all of this stuff as 'passive' protection, but these are some important ways to secure a system. It's more a grab bag of things that the average user might not be familiar with.

    My ultimate goal is to write up a 'Layered Security' guide to explain what each layer does and why it's a good idea to have systems in place beyond simply running a single AV solution. That's going to take a bit more time, though. For now, I'm just going to dump this miscellaneous material here and see what you guys think. I'm far from an expert, so any suggestions/additions/changes/complaints are seriously welcomed. Once polished up enough, I'll drop it in the OP. Thanks guys.

    [size=+2]Data Execution Prevention[/size]
    This is a pretty important feature that's been introduce into the more updated versions of windows. In a nutshell, data execution prevention (DEP) is a security measure which prevents a program from executing code from certain portions of your system memory. This can be a large layer of defense against buffer overflow errors, which are frequently used to launch arbitrary code.

    If you've got the hardware to support this (and most of the more modern systems do), you should ensure that it's configured properly and running correctly. You can use it starting from Windows XP SP2, up through Windows 7. However, note that it's not always set to operate with the maximum level of protection by default. On most flavors of Windows, you'll find the options for DEP under the Control Panel by going to System ---> Performance Options ---> Data Execution Prevention tab.

    DEP operates on two levels, OptIn and OptOut. You should always set DEP to OptOut (Turn on for ALL programs and services). If you use OptIn, DEP is only applied to Windows services and programs. That's good, but you're far more likely to encounter problems with third-party applications encountering a buffer overrun (I'm looking at you Adobe). Some web browsers launch with DEP always on regardless (Like Opera), but it's still a good idea to use OptOut.

    To clarify, on most versions of Windows, you'll find two options in the Data Execution Prevention tab. The upper radio button, "Turn on DEP for essential Windows programs and services only", is the OptIn option. Don't use this. The lower radio button, "Turn on DEP for all programs and servies except those I select:", is the OptOut option, and the one you want to use. Wikipedia has a good screenshot here, but note in that shot, the radio button is set incorrectly.

    You can find further reading at Wikipedia, Microsoft, and Something Awful.

    + Pro:
    • Effective - Several of the last few security holes in various browsers have been rendered harmless by DEP, meaning that if it were in operation at the time of attack, the intrusion would be rendered toothless.

    • Transparent - If you've got a fairly modern CPU, you're not going to see a huge performance hit from DEP. It's pretty effortless and low-cost.

    – Cons:
    • Not bullet proof - It should be noted that DEP is not a perfect layer of protection. There have already been proof of concept attacks which have bypassed DEP. Even in spite of this, DEP is a good idea. Just don't think it will make you invulnerable. DEP isn't there to provide active defense along the lines of A/V software - It's there to prevent crashing and misbehaving programs from serving as a vector.

    • Can cause conflicts - This is really a non-issue, but be aware that some older programs don't play well with DEP. If an application predates DEP, it can perform some memory calls that DEP doesn't like. In these situations, you're likely to see the program terminated. This is easily overcome by adding the program in question to your DEP whitelist, which you can find in the same settings you used to OptIn.


    [size=+2]Limited User Accounts[/size]
    If you install Windows right out of the box, and you don't configure your user appropriately, then congratulations: You're running as Admin. This is typically considered a supremely bad idea, but thanks to the way that Windows has evolved, it's also what we're all used to. It's also the way many programs are expecting you to be operating, too. If you're running Vista or Windows 7, chances are you're a smidgen safer, but if you're running XP it's likely you're a full blown Admin. Day to day operations ought to rely on a limited or standard user account.

    A lot of nasties require Admin privileges to drop their payload. Simply put, if you're running as a lower-privileged user, then it's much more difficult (not impossible) for the intrusions to modify critical system files and locations. If you're browsing the web as Admin, then that flash-banner exploit gets to run as Admin, too.

    A couple of notes: Even with the UAC on in Windows 7 and Vista, chances are you're still an Admin user. These flavors of Windows install the default user as an Admin, but the UAC is still in operation to prevent most Admin-privilege-needing tasks from launching automatically. If you're running from a truly limited/standard account, each UAC prompt will require you to punch in your full Admin password rather than just hitting 'OK'. As a side note, for goodness sake make sure you've got the UAC on. My personal recommendation is to have it all the way up.

    The benefits and costs of using a LUA is a classic example of convenience vs. security, and I'm afraid they're still inversely related. LUAs can be a pain in the ass on any OS, mainly because you'll be needing to run things as Admin all the time (A/V software, updating web browsers, etc). There are a few ways around this, fortunately.

    SuRun - A program that's really only for those of you using XP. Basically, XP sucks at handling LUAs, so SuRun smoothes the edges over. Think of it as a version of Sudo for Windows. There's a fairly detailed walkthrough for setup in that link. This approach is akin to starting at the least privileged option, and then elevating selected tasks which require it.

    DropMyRights - Think of this as the inverse of SuRun. Instead of letting a limited user more effectively launch programs as an Admin, DropMyRights lets you selectively knock down the privileges of any program you wish. This is really a great idea if the day-to-day of your operations requires a lot of Admin access, but you want to stay safer. No matter what your approach, your web-facing applications (Browser, IM client, Email), ought to be running with limited privileges. DropMyRights will allow you to do this.

    Sandboxie - Sandboxie is a sandboxing program, and not explicitly related to user privileges. However, it has a really nice feature, in that you can establish a sandbox within which everything has limited rights. Then it's as simple as launching any program in that sandbox.

    + Pros:
    • Just a good idea - Unix and OS X operating systems have been using this for years, and it's one of the main reasons that their users scoff at the security of Windows. Things are better on Vista and 7, but you still need to take steps to ensure you're limiting yourself correctly. Again, this kind of passive security will stop some attacks dead in their tracks. If you don't have permission to right to C:\Windows\System32\, then chances are neither does the payload.

    • Can be combined with SRP - See below. A software restriction policy in combination with a limited user account is a fantastic layer of security. The only caveat is that you need a truly limited account to make it work - not an Admin account that's using DropMyRights or Sandboxie.

    • Can limit 'family tech support' - If you're tired of fixing mom and dad's (or anyone's) computer, making them a limited user can also limit the damage they inadvertently do to their own system. This is probably only a good idea if they don't do a lot that requires Admin privileges, but if we're talking about someone who treats a computer as a email-checking jukebox, there's no reason they should be running as Admin in the first place.

    - Cons:
    • Can be downright annoying - What? I have to type in my password again?! Yes. Yes you do. And it's the cost of security. Making the move from an XP Admin account to a limited user account is likely to be at least somewhat irksome, but be aware that the benefits are largely worth it. The programs described above can be mitigating to the annoyance, too.

    • Why won't X work? - Again, a lot of older programs were made with the expectation that you'll be running them as Admin. This means you may encounter some privilege errors for applications that self-update. Pretty easy to handle, but just be aware. Also, as a limited user, you'll be restricting the locations to which you can write and modify files without elevating your privileges first. So, you know, don't expect to use C:\Windows\System32 as your download folder.

    • Again, not bulletproof - Even as a limited user, some malware can still do nasty things, like intercept data and steal CC numbers. Not all malware needs Admin privileges, so don't think that using a LUA will make A/V software or other layers of security obsolete.


    [size=+2]Software Restriction Policy[/size]
    A one-two punch of system security which combines the restricted privileges of a LUA with a default-deny layer of application execution. Basically, SRP prevents a certain user from running programs on the machine, save for in very specific places that you've whitelisted. By setting these whitelisted paths to something mutually exclusive from your LUA write-permissible locations, it then becomes impossible for any program to launch from the folders in which you've saved them.

    You can read up on SRP here, which has a pretty good explanation of what it is, and how to set it up on most flavors of Windows. The short story is that you pretty much prevent any program from running if it's not in a specific location. And your user doesn't have permission to put a program into those locations.

    SRP has two different 'frontend' approaches that make the process a bit nicer.

    For XP and Vista, take a look at Sully's Pretty Good Security.

    For Windows 7, a much more robust and user friendly approach is built into the OS in the shape of Applocker. Applocker is fantastic, in that it can restrict programs from running based on options such as Publisher, Digital Certificates, or path name. That's a huge improvement over the old SRP implementation. Unfortunately, you're going to need to shell out for Enterprise or Ultimate to get it to work, making it inaccessible to most users.

    SRP is a really solid layer of protection against the disturbingly popular trend of drive-by downloading malware. In order for a payload to execute (barring some OS or Application exploit that specifically circumvents SRP and LUA), a user would have to (A) knowingly download the payload, (B) move the payload to a location were execution was allowed, (C) elevate privileges to permit the move in question, and then (D) knowingly execute the payload from its new location (which likely would require Admin elevation again). If you're talking social engineering, it's not going to stop it, but for most modern Rogue processes, it's pretty solid.

    + Pros:
    • As secure as you're gonna get inside your own OS - With an LUA and SRP in operation, if you're also running a good A/V suite and have configured your OS correctly to implement DEP, you're pretty much as safe as you could really hope to be against drive-by downloads. It's not impossible to have a payload delivered, but it's damned difficult to do it without needing extensive user input.

    - Cons:
    • High security means low convenance - If you're the type who often downloads and installs a lot of software, SRP might not be worth the increased hassle you'd encounter.

    As a final disclaimer on SRP, I've not fiddled with it much myself, so I don't know the up and down specifics of day to day use. I've often wondered how it would impact the ability of Steam to run smoothly, for example.


    [size=+2]Sandboxing / Virtual Machine[/size]
    Running programs in a sandbox, or running an entire virtual machine, has the distinct benefit of keeping your real hardware excluded from the programs running within. Basically it's a confined environment, and if set up properly, anything that happens to get into the sandbox will stay there. That means if a nasty piece of malware gets loose inside the sandbox/VM, that your actual machine is fine and untouched. You'll have to nuke your sandbox, or reinstall your VM, but overall you'll not have to fret about reinstalling your entire system.

    There are many, MANY flavors of this. It's difficult to delineate them all here, but at least a basic overview is in order.

    Sandboxie - This one again. Sandboxie is what you might consider the 'weakest' option out of all the sandboxing methods, but it's also by far the simplest to use. Essentially, once you install Sandboxie, you can launch any program to run inside the sandbox at any time. This means you don't have to futz with restarting your computer, and also means that you can run non-sandboxed along side sandboxed ones. That means you can browse the web in Firefox in a sandbox while not having to worry about Steam reverting all of your game updates, or something to that effect.

    It should be specified that, while the author claims the x86 version of Sandboxie is practically bullet-proof, the x64 version is somewhat hamstrung due to PatchGaurd.

    Deep Freeze, Returnil, Shadow Defender - These programs/approaches essential run your entire operating system in a virtualized environment. Any changes made or files written while running under these modes will be discarded on reboot, and the entire system will be restore predetermined state on each startup. If you ever run into any problems, restoring your system to a functional state is as easy as restarting the machine. Each program is specific in it's operation, but many allow for various ways to save files outside of the virtualized environment should you wish to. [strike]Windows Steady State[/strike] is another option, but is unsupported on Windows 7 and x64 operating systems (Edit: It looks like Microsoft has fully removed Windows Steady State from the internet).

    VMWare, VirtualBox: Virtual machines are software-based virtual environments running whatever operating system you wish to install (except OS X). By installing the virtual machine software and then installing an operating system within that VM, it's possible to create a 'software' computer which is running inside of your existing OS. This is basically just like the Deep Freeze-type options, except that your primary OS can still be used outside of virtualization. As an added bonus, you can use a different operating system in the VM than your primary OS, limiting cross-contamination possibilities. The really nice aspect of the VM is your ability to dump it at a moment's notice and rebuild it.

    + Pros:
    • Computerized Kevlar - Okay, not really, at all. But running in a sandboxed or virtual environment means that you're adsorbing the fire from malware into an easily-purged container, so any nastiness that happens will not have a hideous impact. This keeps your primary operating system from getting touched, and makes that portion of your computer more secure. It's worth noting that sandboxing/VM approaches are highly effective (and recommended!) for web-facing applications. By browsing under these conditions, you're much, much safer against drive-by attacks or unwanted/unrequested downloads. Depending on the option you appeal to, anything malicious will either be auto-deleted, or can be rooted out by restoration.

    • What if I...? - Not sure what that program's going to do? Uncertain if that executable is malicious? Try running it in the sandbox to see what's up before you put it on your real machine.

    • Have you tried turning it off and on? - When configured properly, programs like Deep Freeze can ensure that you'll drastically reduce the number of family related tech-support calls.

    - Cons:
    • Dude, where's my file? - Each option has it's own method for recovering or transferring files, but if you're not familiar with how that works, you'll risk losing files and settings. Running your entire OS virtualized will mean that auto-patched programs will roll back with every reboot, for example. Browsing in a sandbox means anything you download is likely to get purged after closing that sandbox. This is a very minor point - Just be sure you read up and familiarize yourself with your option of choice before starting normal operations.

    • Clever Girl... - Believe it or not, malware is getting so nasty these days that some strains actually recognize they're being run in a sandbox. In some sense, this isn't terrible. These nasties just look normal while running in a sandbox, so they don't break free and infect your machine - Rather, they look harmless in the sandbox as a way to coax people into thinking they're safe to run outside of one. Cases are very limited, and likely to be quickly patched on discovery, but it's important to know this stuff is possible. Simply put, it's not a threat if you're not moving things outside of the sandbox/VM.

    • Virtual machines are machines too - VM and sandbox approaches are meant to be layers of defense that protect your main OS. They do NOT prevent infection of the VM or sandbox itself, but instead provide a quick escape option to dump malicious files with minimal impact. If a nasty keylogger infests your virtual machine, then it can still operate as normal from within that machine. Using a sandbox that auto-deletes it's entire contents, or one of the Deep Freeze type options above tend to minimize the impact, but again it's important to know what you're dealing with. If your VM gets infected, dump it immediately and restore.

    TetraNitroCubane on
    VuIBhrs.png
  • SynthesisSynthesis Honda Today! Registered User regular
    edited June 2010
    I own 7 Professional, and I wasn't aware of Applocker at all, so this interests me enormously. I will need to educate myself further in this area.

    Synthesis on
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited June 2010
    Good to see you're back on top of things TetraNitroCubane :)

    Shorn Scrotum Man on
    steam_sig.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Synthesis wrote: »
    I own 7 Professional, and I wasn't aware of Applocker at all, so this interests me enormously. I will need to educate myself further in this area.

    As a fellow Windows 7 Professional user, Applocker is also high on my interest list... Sadly, it seems to be only included in the Ultimate and Enterprise versions of 7. Which makes me sad... Applocker is a ridiculously great method to implement SRP, particularly since you can say "Allow all Valve software" and the like.
    Good to see you're back on top of things TetraNitroCubane :)

    Glad to see the thread hasn't completely lost all interest! I'm still neck-deep in the biggest project of my life (Ugh. Thesis.), but I still want to funnel important updates to the thread as I can.

    Here's an unanticipated update to the news section: A new piece of OS X malware is making the rounds on such sites as MacUpdate, Versiontracker, and Softpedia. Intego report the details here.

    Essentially, the user downloads a piece of harmless software from these fairly reputable sites, which does not contain the payload. Upon installation of the downloaded software, a second download is initiated which then attempts to install the malicious files with root access.

    Nothing terribly new here, or threatening. The attack is easy enough to avoid, but it illustrates an important point: Social Engineering attacks are still a big threat. Here's a case where the principle of least privilege really falls apart if you're not careful. Given the number of times I've seen users of all kinds punch their passwords in during software installation without a second thought, I'd say this is something to watch out for in the future. There's no need to defeat security if you can fool the user into handing over the keys.

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Not per say a security news update, but I thought this recent development was enough to spark reasonable discussion.

    Apparently still feeling raw after the high-profile Aurora attacks around the turn of the year, Google has recently announced that it will be abandoning Windows as an operating system on internal machines. Instead they plan to use OS X and linux based machines.
    "We're not doing any more Windows. It is a security effort," said one Google employee.

    "Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks," said another.

    New hires are now given the option of using Apple's Mac computers or PCs running the Linux operating system. "Linux is open source and we feel good about it," said one employee. "Microsoft we don't feel so good about."


    Microsoft employee Brandon LeBlanc then fired back at the decision on The Windows Blog, defending the operating system while taking a few pot-shots at Google's security and privacy record.
    When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.


    In a related article, Ars Technica came down pretty hard on Google, claiming that neither OS X nor linux operating systems will be the defense they're imagining. It's a pretty interesting read.

    For my own part, I feel that this is silly in the extreme. The fact of the matter is that the Aurora attack required one of two points of entry to be effective: (1) Adobe Acrobat PDF exploits, or (2) the use of Internet Explorer 6. Why the hell was anyone with any kind of sensitive data at Google using IE6 in 2009? That's just peculiar, and seems to point toward a human factor in this - Even if that factor is an unwillingness to make internal software/webpages compatible with more updated browsers. I mean, this is Google, for crying out loud. Why they weren't using Chrome is beyond me.

    I also think Microsoft is stepping up their security in a really good way these days. Most of what's out there is targeting third-party applications rather than the core OS, so blaming Windows seems a bit peculiar. Also, as Microsoft's security starts getting more hardened, and as OS X and Linux become more pervasive, my rough estimation is that malware is going to become much more multiplatform moving forward. Combine that fact with the hubris and 'common knowledge' that these platforms are immune to malware, and you've sudden got a crowd that's ripe for poaching... With it's market share and track record, I don't deny that Windows threats will exist for some time to come. I just think it's rather foolish to assume that other OS flavors are completely beyond attack.

    Edit: I forgot - It's also worth mentioning that the Aurora attacks were apparently an example of spear phishing. They were very carefully crafted and specifically targeted examples of social engineering, so at least part of the issue here was that malicious software was folded in with human deception. Obviously that kind of weakness is platform independent.

    TetraNitroCubane on
    VuIBhrs.png
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited June 2010
    Yeah, I thought the Google/Windows things was pretty silly. It was XP running IE 6, on an Administrator account. It's not Microsofts fault that Google was doing something incredibly stupid.

    Shorn Scrotum Man on
    steam_sig.png
  • SynthesisSynthesis Honda Today! Registered User regular
    edited June 2010
    Synthesis wrote: »
    I own 7 Professional, and I wasn't aware of Applocker at all, so this interests me enormously. I will need to educate myself further in this area.

    As a fellow Windows 7 Professional user, Applocker is also high on my interest list... Sadly, it seems to be only included in the Ultimate and Enterprise versions of 7. Which makes me sad... Applocker is a ridiculously great method to implement SRP, particularly since you can say "Allow all Valve software" and the like.

    Yeah, I think you might be right, I went into the Group Policy Editor and found that Applocker was there though (rather than totally absent). Do the restrictions only apply to you enforcing it on other machines maybe?

    Synthesis on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Synthesis wrote: »
    Synthesis wrote: »
    I own 7 Professional, and I wasn't aware of Applocker at all, so this interests me enormously. I will need to educate myself further in this area.

    As a fellow Windows 7 Professional user, Applocker is also high on my interest list... Sadly, it seems to be only included in the Ultimate and Enterprise versions of 7. Which makes me sad... Applocker is a ridiculously great method to implement SRP, particularly since you can say "Allow all Valve software" and the like.

    Yeah, I think you might be right, I went into the Group Policy Editor and found that Applocker was there though (rather than totally absent). Do the restrictions only apply to you enforcing it on other machines maybe?

    I think that the restriction applies to you enforcing the policies period - as in, not even on your local machine. At least, that's the picture I get from the wiki comparison. Seem like you can create policies on Professional, but have no way to use them.

    Fortunately, the old-school method of SRP should still work on 7 Professional, if you're willing to set allowances based on path. It's not as good as using digital signatures or publisher, but it's not as clumsy as hash values.

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    So in the last week or so, a new proof-of-concept for a phishing technique known as tabnapping (or tabnabbing) has been published. Apparently what this attack does is nest itself in a trusted page (via iframe injection or advertisement, I assume), and wait for the user to switch focus away from the tab. Once in the background, the page in question silently redirects to what appears to be a legitimate trusted webpage, like Gmail, or a banking page. The attack hopes to fool users into forgetting what the tab originally contained, and also trick them into thinking they've been logged out for inactivity. Once credentials are entered, users are then silently redirected to the legitimate page, supposedly none the wiser for having their credentials pinched.

    Noscript on Firefox has been updated in such a way to prevent this attack. In addition, from what I saw of the PoC, it didn't look like the attack changed the URL bar or faked any SSL certificates - so if you're still "looking for the lock", you're probably safe.

    I find this pretty interesting, though, for a few reasons. First, it's completely multiplatform, and has been verified to work on pretty much all major browsers to boot. Second, the PoC worked even with a Javascript whitelisting approach on my end (!!), a fact that I find somewhat surprising. Third, once again the human element is the target, with the exploit going to greater lengths to play upon assumption and impulse than anything else.

    That being said, it doesn't look like something that'll be hard to avoid, and right now I don't think there are examples in the wild.

    TetraNitroCubane on
    VuIBhrs.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Another Flash vulnerability is in the wild. This one's operational across all platforms, and also seems to exploit Adobe Acrobat and Reader.
    Adobe wrote:
    A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.

    The only recommendation that Adobe have made is to upgrade to the Flash 10.1 release candidate. If that's their suggestion, I'm not sure we'll see a patch until the new version goes final.

    TetraNitroCubane on
    VuIBhrs.png
  • Lord JezoLord Jezo Registered User regular
    edited June 2010
    My chick's mom's laptop was hit by a fake anti-virus program yesterday, AV Security Suite. I managed to clean it out but it was a pain in the ass.

    Do virus scanners not protect against stuff like this? She is running MSE but still somehow managed to get infected.

    I have since changed her to a guest account on her XP machine.

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Lord Jezo wrote: »
    My chick's mom's laptop was hit by a fake anti-virus program yesterday, AV Security Suite. I managed to clean it out but it was a pain in the ass.

    Do virus scanners not protect against stuff like this? She is running MSE but still somehow managed to get infected.

    I have since changed her to a guest account on her XP machine.

    Virus scanners are terrible at protecting against rogue AV attacks. MSE and NOD32 are at the top of their game, but even they let through more than you'd expect. Basically, you're only going to see definition updates for your scanner once or twice a day (three times for NOD, maybe). But the rogue AV malware tends to get updated on an almost hourly basis, and most variants only have a ~24 hour lifetime. The guys making this crap know just which bits to flip to avoid detection.

    TetraNitroCubane on
    VuIBhrs.png
  • Lord JezoLord Jezo Registered User regular
    edited June 2010
    One comment I have about your DEP section, maybe you should clarify it a bit. The window doesn't say opt in or opt out but gives you two radio buttons. Perhaps put a comment about how people should select the bottom button to pick the opt out choice?

    Lord Jezo on
    Clipboard03.jpg
    I KISS YOU!
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Lord Jezo wrote: »
    One comment I have about your DEP section, maybe you should clarify it a bit. The window doesn't say opt in or opt out but gives you two radio buttons. Perhaps put a comment about how people should select the bottom button to pick the opt out choice?

    Whoop! Good catch. Yeah, the old XP x64 nomenclature seems to make things clear as muck. I made some preliminary edits for clarification. Thanks!

    TetraNitroCubane on
    VuIBhrs.png
  • SatsumomoSatsumomo Rated PG! Registered User regular
    edited June 2010
    It turns out I'm fucking bitter because I don't have enough money to buy myself a MAC.

    That's the response I got when I shared the Ars Technica article on Google's decision on Facebook. Of course, the people who said that are people who know crap about computers and bought a MAC because "It's the best thing in the planet."

    Satsumomo on
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    Satsumomo wrote: »
    It turns out I'm fucking bitter because I don't have enough money to buy myself a MAC.

    That's the response I got when I shared the Ars Technica article on Google's decision on Facebook. Of course, the people who said that are people who know crap about computers and bought a MAC because "It's the best thing in the planet."

    Of course they're the best thing on the planet! They're invincible!

    Seriously, though, that kind of hubris is exactly why the emerging Mac userbase is looking more and more like low hanging fruit to the bad guys.

    The number of threats in the wild for OS X is signficantly lower than for Windows - That's very true. However, OS X is just as vulnerable to exploits and attacks. There are security patches for Mac software and OS X all the time. Social engineering needs no platform. "There is no magic fairy dust protecting macs", as has been said before by people more knowledgable than I.

    A large number of OS X users feel invulnerable to malware, I think. Based on the number of folks I've seen punch in their root password for any old thing that the computer asks, I'd say infection/root compromise is the last thing that they consider possible. A while back when I was looking around for decent antivirus protection for my OS X machine, I remember getting a resounding chorus of 'You don't need any!' from the official Apple forums.

    That's actually a problem, too: Lack of decent AV software for OS X. ClamAV is really a joke, without decent realtime protection, and with wimpy blocking. VirusBarrier is pretty ridiculously expensive, and I've not seen much of their track record. ESET has a beta out for NOD 32 on OS X, but holy garbage does that thing need a whole lot of work. I've been using it for a while, and it's been giving me some tremendous headaches lately.

    TetraNitroCubane on
    VuIBhrs.png
  • blaze_zeroblaze_zero Registered User regular
    edited June 2010
    Tetra, first, thank you for all this delicious information and this amazing thread.

    Like, seriously, thank you for this awesomeness. I'm going to go home and make sure my computer is protected proper.

    Second, if I happen to be running as Admin on my machine with Windows 7 and have files saved under that one, what would be the best way to switch myself over to a limited account.

    I can just cut pasta all of My Documents over to the new file and everything should work alright... right?

    blaze_zero on
  • TofystedethTofystedeth Registered User regular
    edited June 2010
    Yes. Create the non-admin user first, and log in to it so it creates all your folders. As the admin user, copy the contents of the folders in your User folder that you wish to have in your new user. This should create new files with access permissions the same as the User folder for your new user. I don't know about 7, but if I remember correctly, in Vista and XP, moving a file from one folder to another would retain the permissions from the old folder. Copying or creating a new file would inherit the appropriate permissions.

    If it doesn't have the right permissions, you can always go to the folder's security tab under it's properties sheet, and under Advanced, check the box that says "Replace existing inheritable permissions yada yada"

    Should take care of you.

    Tofystedeth on
    steam_sig.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    blaze_zero wrote: »
    Tetra, first, thank you for all this delicious information and this amazing thread.

    Like, seriously, thank you for this awesomeness. I'm going to go home and make sure my computer is protected proper.

    Second, if I happen to be running as Admin on my machine with Windows 7 and have files saved under that one, what would be the best way to switch myself over to a limited account.

    I can just cut pasta all of My Documents over to the new file and everything should work alright... right?

    No problem at all. I'm just glad that the thread is of some use!

    In regard to your LUA question on Windows 7, I certainly think that what Tofystedeth suggested above will do the trick.

    Alternatively, if you'd rather not move files around, and you haven't installed some software for all users, you can take a second route. You can create a new Administrator account, and then simply demote your currently used account to a limited/standard one. Just make sure you do it in that order, or else you'll have locked yourself out of the computer!

    There's a more detailed set of instructions available on this webpage, if you want to take the 'demote' approach. Scroll down the page until you see "Method 2: Convert an already-installed admin user".

    TetraNitroCubane on
    VuIBhrs.png
  • blaze_zeroblaze_zero Registered User regular
    edited June 2010
    That second one sounds incredibly useful, as I was looking through my created account and seeing there weren't any programs or other such things installed on it.

    Thanks!

    blaze_zero on
  • IoloIolo iolo Registered User regular
    edited June 2010
    Hello, Security Thread.

    What would you recommend for security for a new PC with a fresh Win 7 install? Have MSE on disk to install before connecting to the Internet for the first time?

    Iolo on
    Lt. Iolo's First Day
    Steam profile.
    Getting started with BATTLETECH: Part 1 / Part 2
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited June 2010
    Iolo wrote: »
    Hello, Security Thread.

    What would you recommend for security for a new PC with a fresh Win 7 install? Have MSE on disk to install before connecting to the Internet for the first time?

    I don't know if I would go quite that far. It'd certainly be the first thing I downloaded though, before surfing around.

    Shorn Scrotum Man on
    steam_sig.png
  • TofystedethTofystedeth Registered User regular
    edited June 2010
    We're no longer as bad as we were, pre XP-SP2 where if you put an XP machine on a network without AV or firewall you'd be hosed in seconds. If you have it on disc already no point not installing though.

    Tofystedeth on
    steam_sig.png
  • TetraNitroCubaneTetraNitroCubane The Djinnerator At the bottom of a bottleRegistered User regular
    edited June 2010
    As mentioned above, fresh Windows installations are much safer than they were in the old Blaster worm days. The firewall will be up and running on first installation with Win 7.

    Personally, though, I like to have everything necessary for a fresh installation on a disk/flashdrive when putting together a new computer, mostly just for convenience sake. Browser, AV and MBAM, among other things.

    Edit: You can also make your life a little easier after fully setting up Win 7 by using Ninite. Just check off the programs you want, download the package, put it on a disk/flashdrive, and you're ready to go.

    TetraNitroCubane on
    VuIBhrs.png
Sign In or Register to comment.