I have an OS security question and it affects everyone in the forum - please participate

My security question is this -

Is this a fact or fiction - say if someone runs windows 7 or vista or linux or os x, she/he browse the internet goes to a website and whamo his/her browser downloads some kind of a code that allowed someone else from the internet to have full control of the laptop ...

the scary thing is if person A does not know that his/her laptop has been compromised and carried on everyday routine surfing of the internet

person B could be stalking person A's every move

Now if this is a fact - my question is - how can we prevent this ?

Perhaps can someone please highlight some of the softwares we should use such as - antivirus - firewall - browsers - etc etc

my other question is this - how do you even know if your being compromised ?

 

one, its FACT, that is the exact way that many machines are comprimised especially with older versions of IE and OSX/Safari ( google Charlie Miller )

I find software such as NOD32 looking for all forms of malware or even MSE work quite well to report browser hijacks. as for preventing them just try to browse safely and NEVER think that your system is immune because of your OS. a more extreme approack is to disable alot of your browsers automatic functionality to prevent anything from loading in.

 

If you run an unpatched OS, simply connecting to the internet and doing absolutely nothing else is enough to become infected but that is kind of a worse case scenario. There are quite a few old Internet worms that use buffer overflows on some of the TCP/IP ports to infect an unpatched system with no user interaction required. A well known example of this is the Blaster Worm which would scan random IP addresses attempting a buffer overflow on a specific Port / Service. This worm was designed to use the infected hosts to mass SYN flood a target computer, however, it could have done anything it wanted to.

Regarding internet browsing, one of my security software intercepted a website trying to download / run ''e.exe'' without my approval. I now use Noscript which would have prevented this but the point is, the layered security approach is a good idea. It was my behavior monitor that caught it but my Antivirus would have also blocked it and if that failed then my other Sandbox type would have done its job. Then I also have regular backups and System Restore as another option.

In my opinion, one of the best security software are behavior monitor / sandbox type but the user needs a good level of knowledge to use them effectively.

I recommend Appdefend, Regdefend (Ghost Security Suite), a good firewall, System Safety Monitor, Noscript, Avast Antivirus, Adblock Plus and common sense. Also making sure your system is up to date will help.

If you think you have been compromised, you can use software such as Drive Snapshot or Acronis True Image, do a full snapshot and then mount this snapshot on an offline computer and scan the mounted image with multiple Antivirus or Antimalware.

You can also check TCP/IP Ports in use with a sniffer, Netstat, Port Explorer etc, look at process lists, scan with Antirootkit software and check the registry run sections.

Offline scans from a recovery / emergency CD are always a preferable since Rootkits will disguise and trick the OS avoiding detection and some other malware will terminate or intercept what security programs may find or stop them from running correctly or at all.

 

Thank you for your participation - I have learned a lot by your reply

would you recommend Avira Antivirus ? since it is able to detect about 99% of the malware and antivirus in the wild ?

and what about comodo firewall ?

how good is Avast ?

 

I recommend Avast Antivirus but I haven't used Avira for years so don't know about that one. I think Comodo is good but quite a few people seem to have issues when trying to uninstall it judging by some forum posts.

However, Antivirus and firewall software can be rendered useless if there is nothing protecting them from being terminated by malware. Some Antivirus do protect themselves but I still think it is a good idea to run a process guard type of software. Again, the issue is the more low level the software is, the more knowledge the user needs to understand and use it effectively.

 

what kind of process guard software ?

 

Comodo firewall is excellent. I love 2 way firewalls and I've had no issues uninstalling because...I don't have reason to uninstall it. I'm using Avast freeware on my brother's gaming computer and it hasn't reported anything detected. I also keep Asquared malware detector on it, again freeware. Avira and Avast have always been pretty much even, TONS of people swear by either but I don't like Avast's Winamp skin looking GUI so it looses my vote.

I've used the Avira free version for a long time on my computer. It catches things once in a while. I also keep Asquared and an older version of Malwarebytes around.

Today I tried to switch to Kaspersky but it doesn't allow you to install the program with Comodo already on the comp so I ditched it. Today I also finished 3 weeks of the NOD32 30 day trial which I liked a lot. It caught something on my USB stick that Avira free didn't. I've had 2 detections with NOD32 in the time I've had it.

I'm now using Avira Premium 30 day trial. I'll buy one of them at the end of the 30 days, not sure which. Avira gets better scores but only very slightly. I like the webguard but I like NOD32's interface and configuration settings better. Avira costs less too..

Get your read on! No matter what, Comodo is a keeper.

 

@RWUK
Did you use Avast! 5? That winamp skin look-a-like is gone..

 

we are doing fine - please if you read this thread and if you have anything to contribute - no matter how it is - please do give your input - any input is always a good input as long as your participating with this thread ...

I have learn a lot by just viewing these few posts ...

and you can too ... learn to be a safer user of a computer

 

The type of Process Guard software that I used to use was DCS Process Guard but they are no longer around. As a simple example of how such software could protect you. You set up the Process Guard and it will usually have a known list of processes that it will automatically protect from modification or termination but if not, you can manually add the programs yourself.

Say your computer some how gets hit with malware that attempts to terminate your Antivirus and firewall, the Process Guard would prevent this and allow your security software to do its job. It is a lot more complex than that but that is the basic idea.

The software you can use to Protect other processes are Appdefend and System Safety Monitor. Both have demos but both can cause problems if not used correctly or misunderstood. There are other programs that do the same job but I only mention the ones I have actually used.

Process Guard software will also prevent Global keyboard hooks which will prevent all keyloggers from being able to function. Process guards / sandbox security software can do a lot more but it is a good idea to read up on them.

 

Most website-based attacks rely on known vulnerabilities in existing browsers, most notably Internet Explorer. Thus, the best protection against website-based attacks would be to use either Firefox or Chrome and install add-ons such as FlashBlock and NoScript that essentially block scripts that the website would have executed on your computer. Once you do that, you're actually half-way to being safe online.

As for AV programs, they don't actually prevent attacks from happening; they are usually just reactive in nature. Once your computer has been attacked and infected, then the AV program will take steps to repair, delete, or quarantine the offending file if it recognizes the threat by use of heuristics.

 

I have seen a few people mention firefox up till now

but I would like to ask if anyone else is using opera and how safe is opera ?



and secondly say if they know of your router's ip address ... how do you protect yourself from a remote attacker then ?

 

I have used Opera for almost a year now but still keep Firefox around for doing scripting forms. Opera is very safe, I've seen it referred to as more so than Firefox and Chrome because of the way it handles packet data and since it's not as popular, not as frequently targeted. Can you believe everything you read? I don't know but do I keep a 2 way firewall and full AV & malware setup and I've never had problems with either browser.

The only things I don't like about Opera is that some (as in nowadays, VERY few) sites don't work with it but any FF version will fix this. Firefox and Chrome both use about half the memory Opera does but on any modern, well maintained machine, this is unnoticeable. I'd like to give Chrome a thorough try sometime though. Maybe soon.

 

Yes Possible..
Turn of Remote desktop sharing. If using Wi-fi have a router with a firewall..
Please download a good antivirus, If you are running genuine windows.. Then you will get Microsoft Security Essentials.. It's free for lifetime, else you
could go for Nod32 or Avast..
Then please install Peerblocker..
Peerblock
All malicious IP addresses are blocked, very useful if you are using downloading torrents.

And make sure you have a good firewall, Zone Alarm is the best..
and run Mozilla or Chrome, Download all updated, run ADblock Plus and cookie protector add-ons in mozilla and make sure you dn't download crappy softwares, like the one they say they are codecs are they are not..

Keep checking for exceptions in your firewall

Update your windows always..

Thank you.

 

Like already mentioned, blocking adds (AdBlockPlus) and different scripts (Noscript) can be very usefull (I use both).
You can also download PrevX SafeOnline (free full version) here and then cranck up (all) security settings for (all) http and https traffic;



Further info and details can be found here.
cheers

 

i was wondering if there is a pervx alternative which is also as good

this is because pervx refuse to install fully on my laptop

it would just download all the installer package and then just quit for no reason

 

one of my big question regards what do you do if you were infected by some kind of a malware or virus or trojan ?

is it better to do a whole format and then re-install ?

or will you just let the antivirus handle the thing ?

 

I am not sure I understand what you are asking. Your router's IP address is of no particular value to anybody. People can't just reach through your router and internet ports on your computer to "attack" you. This is simply not how things work. I see no reason not to post my router's IP address on the internet for everybody to see.

There's no simple answer to this one, it all depends on what infected you. If you're lucky, the virus has already formatted your hard drive for you... The best strategy, of course, is to not get infected.

 

I'd suggest a solid HIPS and sandbox. Process-control alone is okay, but too broad in my book. A person could green-flag an innocuous program that behaves well when you're looking and bad behavior when you're not. HIPS and behavior blocking are getting integrated into more Suites, so it may already be in place. I'm also a fan of sandboxing. Yes, there are issues and they aren't perfect, but they at least somewhat limit access to the system and the network

 

well on youtube ... you can search for a software called metaspoilt ... see how they remotely attack a machine and gain control over it ...

metaspoilt <- spelling may be wrong

metaspoilt is a software used by Security Techs firms to analyze their network and systems ...

there are other more powerful ones out there ... and some are very user friendly and gui based ... having a lot of 0 day vulneberlity modules as well ... these modules may target for a specific service or software that are installed onto your pc ...

that is what i am talking about ... by not letting anyone know your ip ... your attacker is like blind ... without your ip ... they cannot gain access to you ... they cannot see you ...

thats what i meant ...

 

Ellipses aren't a substitute for punctuation. To respond to your earlier Q, if I were infected by anything, I would restore an old known clean backup image.

 

Uhmm, just because there's a youtube video about it, it doesn't make it anymore possible. There's youtube videos showing Superman, too. Doesn't mean he's real.

You're just fantasizing. Yes, zero-day vulnerabilities are the holy grail of crackerdom, but those are exceedingly rare. There is no software that has "a lot of 0 day vulneberlity modules".

Other than that, on a properly maintained system, there's nothing you can do with only an IP address.

You do understand that any website you visit will automatically know your (Router's) IP address, right (unless you use a proxy, anyway)?

 

Thats what I am saying ... if you visit a website ... they know your ip ... that dude at the website gives your ip to a few of his friends ... they run a full scan on you ... and try to come in ... no matter how welly protected you are ... if they are determined enough ... with the right tools and the right situation ... they will come in ...

so thats why i started this thread ... How do you protect yourself when surfing the internet ... the main purpose of this thread ...

well i wouldnt say tons of 0 day vulnerbality ... but i would say they probably have enough to make a good start ... if they dont have it ... they can wait ... till somethings opens up ... you have to understand that some of these Security Auditing tools cost a big sum per license ... if it is that useless ... why would people pay to use them ... google metaspoilt and zero day ... if you are unlucky ... at the right place at the right time ... they dont need many ... they only need that 1 vulnerbility to come in to your system ... that 1 is all they need



metaspoilt was opensource before it was taken over ... and they had many people contributing to its modules ...



so I actually tired it out ... I had 2 vmware XP machines on my system ... I ran metaspoilt on one of them ... and remotely attack a vulnerberlity on the other xp machine ... and well ... I got control of the targeted machine ... So that Youtube movie was actually very true ...

 

If you are proficient enough to run metasploit on a VM'ed XP and gain control over another VM'ed XP, you don't need advice from NBR members (and I do mean that with all due respect).

Just being curious, what exact vulnerability did you exploit and how?

 

Nonsense and fairytales. As an FYI, I have worked in computer security, by the way. My last post in this thread.

 

not sure which one ...

but i believe there is an option in metaspoilt that allows you to cycle through each and everyone of the modules in the metaspoilt database ... so this way your getting your run for the money ...



I just follow the instructions and I got into that other machine in my vmware setup ... I am most definately no security expert ... so I started this thread to see how all the experts protect themselves ... so how do you protect yourself ???

For me - I run a firewall, I run an antivirus and I use firefox ... but somehow I still feel vulnerable ... like something is still missing ...



I kept on worrying that at anytime they can come into my system ...

 

This thread should end. It's turning toward teaching how to exploit machines and vulnerabilities instead of protecting against them.

 

ok ok ... then ... can some mod please lock the thread

Thank you for all the informative inputs from the Thread ...

I have learnt a little bit more than I know ...

Thank you