EvilBevel

OK, I use Kasperski and pay good money for it.

I use Webwasher, ZoneAlarm and wash my hands before I go on the internet

Still got infected with a spyware that is known to CA but apparently not to Kasperski

See http://www.spywareinfo.com/forums/in...8&t=7979&st=15 for more details/discussion about the spyware I as infected with.

Also
http://www.spywareinfo.com/articles/cws/

Known as:

Win32.Startpage.C
JS.CSSPopup.B,
JScript/IEstart.Trojan,
Win32/IEstart.Trojan

So ... even with webwasher, zonealarm, av-prog, daily updates ... my system isn't fully protected

I now installed SpywareBlaster as well. What's next ?

Not amused.

Theo

[Edited by EvilBevel - 8/29/2003 10:48:08 AM]

Gedi

your system will never be 'fully protected'

don't be deluded by the software manufacturers into thinking your safe.
programs like zonealarm are easy to bypass, even for skript kiddies.

I always find for non technical users, Norton internet security 2003 is one of the best ways to go. You'll get AV, firewall and IDS rolled into 1. Make sure your updates are set to every few hours, or at least every time you switch the machine on. As for spyware, the best prog I have seen for windows is spybot - search and destroy.


If you use software security and your gonna run them on the local machine, your always gonna be a target. All you can do is tighten up as much as possible.

For extra protection buy a router with packet inspection and NAT. Only allow ports that are nesesary. Switch of java. Don't allow outlook to connect to computers on ports other than 25 and 110....esspecially 80. This is where many known exploits can come in as the preview windows can run scripts.

There is too much to go into on security. I have been doing it for about 18 years and am still descovering new things as technology progresses and new ideas arise.

Better still, switch to Linux

[Edited by Gedi - 8/29/2003 11:55:00 AM]

leeps

Theo

I gave up trying to go for complete security cos like Gedi
said its not really worth the expense in the end. What u really
gotta do is put a value on the information that ur trying to protect and then cost out how much ur willing to spend to protect
that info. If its just for ur peace of mind then really a basic firewall and antivirus will keep out the average threats. Spyeware is an increasing problem nowdays with companies getting more aggressive, the only way to combat this is to limit the amount of information that u send out, but that also limits your freedom to move around the net. So all in all its really finding out how important is what ur trying to protect otherwise if u really wanna be secure just make a ghost of ur system then reinstall once a week :>

leeps

leeps

Theo

I gave up trying to go for complete security cos like Gedi
said its not really worth the expense in the end. What u really
gotta do is put a value on the information that ur trying to protect and then cost out how much ur willing to spend to protect
that info. If its just for ur peace of mind then really a basic firewall and antivirus will keep out the average threats. Spyeware is an increasing problem nowdays with companies getting more aggressive, the only way to combat this is to limit the amount of information that u send out, but that also limits your freedom to move around the net. So all in all its really finding out how important is what ur trying to protect otherwise if u really wanna be secure just make a ghost of ur system then reinstall once a week :>

leeps

EvilBevel

Point taken, complete security is near to impossible, carrying a cellular phone may also give away more of your privacy than a spyware laden PC

I did some reading up on this in the mean time, and it appears AV companies are seriously looking into spyware, but have not really acted on it (publicly I mean).

I'm not completely lost when it comes to PC's (have been programming for 13 years now, mainly in Pascal/Delphi), but it seems that you need to know quite a few things to even be moderately protected. Not complaining, but realizing most users won't even get to that level.

Linux... hah Tried that (with Suse 6.0, bought the whole lot, not just a "free download") but it was less than, erm, a nice experience. I want to *keep out* virii, not install them as an OS (just kidding just kidding, it's just that it would be a different ballgame when say 95 % of the PC's were linux/other unix variant, I'm sure virus kids would have a ball with that too.)

Not defending MS mind, stuff like webbugs should have been removed from Outlook/OE yonks ago.

Gedi, would be interested in more references re: ZoneAlarm vulnerability ? I know there has been a media storm over it, and I know that Kerio is the flavor of the day when it comes to free software FW's, but I'd be grateful for some links.

EvilBevel

Forgot to say: agreed leeps, the more securing you do, the less freedom you have (websites using javascript not working etc).

I guess what bugged me is, despite being moderately "up to date", that I didn't realize how vulnerable my system still is/was, and how AV programs do nothing at all about spyware.

My biggest fault probably was (willingly ) installing Xupiter... I found a great site about photography, with some valid information, but it asked me to install this tripe... Thought "fine, will dump it afterwards". Erm... nope

Gedi

EvilBevel, I wasn't attacking ZoneAlarm in particular, but virtually all software firewalls running local.

These are aimed at joe public and are a compromise for everyday computers. Everyday people can't be expected to hack indepth configuration scripts to meet the needs of their own home networks. These software packages guess about certain aspects and then apply rules accordingly.

e.g. if you were to put in place a true firewall like IPTables and lock it down to web browsing and email only, when you come to use Kazza or do some online gaming for instance, your packets are gonna get dropped.

People need the software to have the ability to understand what it is the user wants and then try to create rules automatically.

e.g, when your newly installed firewall senses that you want to use a browser it will start to create rules for all possibilities.
(at a guess ports 20, 21, 80, 81, 82, 88, 443, 594, 6970, 8080, 8081, 8383) This is to cover all eventuallities which are hardly ever required. In the process, your firewall just opened up many ports which will it allow you to connect on, opening up your system to more possible explotations than needed. (but it knows that if you decide to use your browser for FTP (20,21), it will work and the users won't be calling the firewall a load of ****e, more recomendations to friends, more money in the bank)

In strong firewalls this port range will be greatly restricted and other software such as 'snort' will be running inspecting each packet using these ports to ensure they are either http or ssl, and have no 'nasty' signatures embeded.

I could go on for ever about packet injection, hacking new signature backdoors to bypass IDS, active and passive attacks, bypassing packet filters / circuit level gateways / application level gateways / statefull multilayer inspection firewalls, protocol spoofing etc etc etc.

When you go into it this deep, you can see the need to try and keep home firewalls as simple as possible, yet still effective enough to make people want to use them.

Just to end this on an interesting note, for anyone interested here is an OLD exploit to create a backdoor on unix systems.
http://hysteria.sk/sd/f/junk/bindshell/bindshell.c

Or how about the code used within MSBlast to exploit the windows DCOM RPC buffer overflow which should now be patched by everyone.
http://downloads.securityfocus.com/v...oits/dcomrpc.c
(you didn't think I was gonna give you a new one did ya )

Gedi - CISSP, CCNA

[Edited by Gedi - 8/29/2003 4:59:24 PM]