the problem as i see it
-
biggerabalone last edited by
Originally posted by Krake:
Originally posted by biggerabalone:
i, for one, grow tired of wasting my life on these pursuits. i used to spend hours (a year) looking up the independent testing of antivirus companies (firewalls, etc) and changing my systems to maximize protection (for freeware). lifes too short for this. i could have used that time to have sex:)
I have also been through that. However, I had also time for a girlfriend. It was enough time for sex too, certainly not for 5 hours the day
I learned what a FW & AV does and how it works. I had a nice malware collection and also learned how to trick AVs with a weak unpacking engine or weak signatures. Then I gave up testing with malware and some time later also gave up to use a FW and an AV. With other words 'I grew up'
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
Now I am on Win7. I've left its firewall enabled but I have disabled the AV. So I am unprotected and still waiting to get hit by some malware.
BTW, I have also disabled in Opera Presto "Enable Fraud and Malware Protection" and so did I in Firefox with "Block reported attack sites" and "Block reported forgeries".@scratchspaceredux
Your favorite argument seems to be the term "dodge". Good luck with iti know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected. you might notice a system slowdown, but not likely (considering you have no av which eats resources). i suspect you don't do online banking or purchase things online with your credit card, 'cuz that would be asking for trouble. i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:) at the end of the day though, you might want to try running linux. i'm using xubuntu to write this. linux is pretty hard to infect and doesn't require antivirus protection (if your system is stronger than mine, which it is, you might prefer mint or ubuntu) - but i'm digressing into nerdville here. time to go find the mrs.:)
-
Deleted User last edited by
Originally posted by biggerabalone:
i know what your saying, but without protection, you wouldn't know if you had a rootkit, trojan, etc because they wish to be undetected.
I could ask you the same question although you are 'protected'.
Ask the Iranians or picking a more trivial example - was the Sony rootkit detected by an AV?
As for being unprotected, my protection consists in common sense and now and then a forensic check.To make it clear for everybody - I strongly recommend for every eaverage user to use an AV!
However I found your recommendations to make a browser secure funny to say the least.Originally posted by biggerabalone:
i might be able to set your computer up as a slave bot for some nefarious activity i've been contemplating, please post your email:)
krake@myopera.com
Please feel free to set up my computer as a slave for whatever activities you like. Take this as my official allowanceOriginally posted by biggerabalone:
at the end of the day though, you might want to try running linux.
Or OpenBSD (if your hardware supports it) for that matter.
BTW, did you know that UNIX rootkits were the first? Windows rootkits came many years later.
-
frenzie last edited by
Originally posted by Krake:
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.
-
Deleted User last edited by
Originally posted by Frenzie:
Originally posted by Krake:
For the last 7 years I was using W2k without a firewall and without an AV. Guess how often I got hit by malware?
I assume you were still behind a router's firewall, or you'd have been hit by the Blaster virus.
Wrong assumption
I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed. -
Deleted User last edited by
Originally posted by scratchspaceredux:
Another example of your impeccable reasoning: Citing a spectacular example involving the world's most sophisticated malware to imply that AV software doesn't really protect a user.
You did understand nothing. Doesn't surprise me taken into consideration the way you argued till now.
My point was that a forensic check would have revealed even the most sophisticated malware. Same applies to the Sony rootkit which was far less complicated.Originally posted by scratchspaceredux:
Current security software is totally ineffective against rootkits?
Where did I said that?
However mostly ineffective against rootkits/malware it doesn't have signatures for or against rootkits/malware packed with an unknown packer.
Some AVs have also memory scanners but once the harming code is in RAM it could be too late.
Behaviour scanners are FP prone and thus can do more harm than benefit.Originally posted by scratchspaceredux:
But rationality had to take a back seat to your most important point, which was that "real men" (such as yourself) don't use AV software.
My point was that the weakest link in a chain is always the user. It's not about using or not an AV.
I even strongly recommended using an AV. See my post above.
Some of those who know what they are doing (not only men but also women) will prefer to make a forensic check now and then.You can 'enhance' a browser by routing every request around half of the world before it reaches destination (data collectors will enjoy it) to make users feel safer. I couldn't care less how many security layers people would choose to add. My point is that basic education (safe hex) is as valuable (if not the most) than any of the security layers one might choose to add.
Originally posted by scratchspaceredux:
Sensible people are not impressed.
Nice to meet such a sensible person, scratchspaceredux
-
frenzie last edited by
Originally posted by Krake:
I was behind a simple DSL modem. With closed ports/services you don't need turned off, Blaster had no chances.
Among other ports/services I had port 135, DCOM closed.It can be hard to tell what you don't need if it's all enabled by default. But yes, back in those days I was definitely trying to turn off as much as possible. Primarily for memory and performance reasons, although additional security was a nice bonus.
-
Deleted User last edited by
Originally posted by Frenzie:
It can be hard to tell what you don't need if it's all enabled by default.
There were nice instructions that most people could understand and follow.
-
j7nj7n last edited by
I agree with Krake, except that I would not recommend to use an antivirus because of their ever increasing requirements for CPU and RAM. A computer is never "too fast", which is why we upgrade after all. I can't see sacrificing any significant part of this limited performance to a questionable sense of security. I also fear that there will be "acceptable" computer viruses made by the government to a) fight copyright infringement, b) give them general control over my system. I can't rely on an anti-virus for protection from them.
A good security policy when dealing with Microsoft software used to be switching to alternate protocols or programs to those included with Windows, such as FTP over Network Neighborhood. I've had Samba & NetBios completely off for many years without knowing anything about the Blaster worm.
Back in the 2003, consumer routers were utterly unreliable or slow. I suppose performance concious users might have chosen not to use one. I remember I had a router which could only sustain 20 megabits, and then crashed into endless rebooting cycles.
I noticed that since XP Service Pack 2, it is no longer possible to disable as many services without breaking seemingly unrelated functionality. These instructions are good for versions below that. Right now I have an SP1 and SP3 PC with similar set of enabled services, where the newer one is unable to browse a list of computers in the "neighborhood" (now enabled again). They made the new OS more of a package deal.
-
blackbird71 last edited by
Originally posted by Krake:
Originally posted by biggerabalone:
your point seems, in light of blackbirds post, to disagree that ...
My point is that there is no protection against ignorance/stupidity. Period. ...
Since my post seems to have been the center of some disagreement, let me explain what I meant. In an earlier post, @Krake responded to a still-earlier post of mine, stating:
Ignorance combined with fear is a great mixture to take average users for a ride...
Wonder which of the two articles is more creative:
Chrome Is Most Secure of the Top Three Browsers, Study Finds
Firefox burns Chrome in our trustworthy browser pollTo which I responded:
Which is why I mentioned "really, seriously" emphasizing security. If a browser were able to specifically address many of these security issues inherently in its design, to the extent that Old Opera addressed configurability, standards-compliance, and user features, then users wouldn't be taken for a ride - the browser would actually "deliver".
My understanding (misunderstanding?) of your (@Krake's) post, to which I was responding, was that security features in a product (or security products generally) can be over-hyped and misrepresented by vendors or reviewers. My response was that if a browser actually delivered worthwhile and creative security elements, that would nevertheless be a good thing, and if the product "worked as advertised", there would be no need for hype and users would not be 'taken for a ride' in that regard.
I am a firm believer in layered security (including safe-hex), but whether one uses layered security or relies on forensic checks, anti-executables, daily system restores, or whatever as a strong single layer, it seems to me that there can be no argument that making everything that faces the web (especially a browser) much more secure is better than the alternative of not doing so. I believe there would be a significant market for such a product - I would certainly consider it. And it's further my belief that there are a number of things that could be done with browsers to greatly improve their security in meaningful ways. Those were the simple points I was trying to make originally.
-
biggerabalone last edited by
my my, we're having too much fun on this topic, it's time for leushino to reappear and tell us we should all be banned:)
but something does puzzle me about krakes train of thought. while he does dismiss security and relegates it to the ignorant, he himself does practice it. safe browsing is not truly safe unless you remove all the fun associated with it. you can turn off java and adobe, turn off java scripts, best turn off mp3, gif, jpeg etc from being viewed (they could be infected), you can stop using large sites like facebook etc, but then why use the internet? and all you are doing is limiting your chances of infection, not stopping it. i like torrents: i'm canadian so spare me the legality of downloading copywritten material (its nice and grey here). with torrent use comes an heightened chance of infection (as does with email use). some like social media, which while fairly safe, is not completely safe. some like porn (you sinners). the web is for our enjoyment and what we enjoy is not always safe. safe web habits do not equate to being safe (my grandpa only uses email, no web surfing etc, and he gets infected). we all know this. i would rather have security in my system and enjoy the internet (though i do practice safe surfing, but it is greatly enhanced by wot, bitdefender trafficlight, mcafee sitechecker, avg linkchecker, opendns, etc, etc. these are great tools, pick one). but there is a problem. how can you walk in the downtown in the eve without fear of getting robbed? don't carry any money. i think that's krakes argument? but if your reason was to go get groceries, how is that a solution?
we can do forensic checks. i can check my system later to see if its ok (which some of us do via vulnerability scans, antimalware demand scanners, etc, etc), but this only informs us after the fact that we have been compromised. but why care if you're compromised? because you're buying groceries and are carrying your wallet. i have a friend that uses xp, doesn't use antivirus (normally by antivirus, we mean a comprehensive suite of protection against multiple attack surfaces - whether a paid suite, personalized layered system, visualized system, whatever. he actually didn't have anything and thinks a trojan is for your weiner). he's never updated xp, so it had all its original security holes. and he never cared and he was safe. why? because he never did online banking, didn't purchase things online, etc, basically, there was nothing on his system that could hurt him. but this is the problem and krake didn't answer this question: do you do online banking? or do you pay your bills online, do you do online trading? or do you purchase things online? the internet is more than just having fun. some use it to simplify life and by doing so, free up time to enjoy it. perhaps these are the ignorant he is referring to? perhaps, ironically, he is so paranoid about the threats online that he doesn't believe you should do any financial transactions, or input any incriminating information. surely if you check your system after the fact and find zeus, it's to late. it's likely you were never at the banking site, it was fake. it's likely your account has been compromised and needs immediate attention before you're cleaned out (i know, you can have a specific banking account just for internet use, and transfer the money into it, or a dedicated credit card just for the internet that you check regularly, use paypal etc, but these things are still security measures for your protection and don't stop theft). this is the irony, krake says to not use protection because the hyped threats are largely illusionary and used to frighten the ignorant. yet he doesn't back up this assertion by sending his account numbers into cyberspace. so while he doesn't believe in hardening his system, he is too fearful to risk his bank account (i hope he's too fearful, considering his position on system security). i like to use linux. it's hard for me to get infected. yet, i am still susceptible to numerous threats regarding transactions: threats that my browser can and does minimize.
lastly, i'd like to point out the obvious: browsers already have protection integrated into them. the logical extension to this argument seems to indicate we don't need the existing protection already built in, such as encrypted connections, site verification, certificates, etc. but it is my contention that the "ignorant" need more protection, not less. and that means it has to be integrated into their systems, unbeknownst to them, protecting them, despite their ignorance (such has been the pattern in browser security). to think you can educate the whole world on the nuances of security and have them protect themselves is naive ... and perhaps a little ignorant (sorry, that was just too much fun to not try and bring around full circle).
-
Deleted User last edited by
You should all be banned! It's an outrage - do you hear! (there, now I've done my deed for the day) :p
-
biggerabalone last edited by
Originally posted by leushino:
You should all be banned! It's an outrage - do you hear! (there, now I've done my deed for the day) :p
bravo, lol
-
opera1215b1748 last edited by
It is silly to expect security from any software while running an undisciplined OS configuration.
No AV will save if you work as an administrator.Here are the simple rules:
1) administrator's account is used solely to perform administrative tasks - and NEVER for everyday jobs;
2) software restriction policies (similar to those) must be implemented;
3) all available OS-hardening measures (DEP, ASLR, SEHOP, etc) must be enabled;
4) all current patches installed for OS and usable software;
5) non-administrative account (LUA) must be used for everyday jobs;
6) safe HEX must be followed.The current Opera's (v12.16) efforts to "secure" the search engines are futile - provided the enough clever root-kit is already running on the client's machine.
As of me - I'm not using those anti-somethings since I've installed winXP-PRO in the I-already-forgot-which-year-it-was.
Regular forensics (by the MS's file checksum checker launched off a LiveCD) prove I still was not hit by a malware so far.
My understanding of the SaveHEX includes using Opera Presto instead of any other - inferior - browsers. -
fluxrev last edited by
Originally posted by opera1215b1748:
software restriction policies
You may find Win 7's AppLocker (secpol or gpedit) to be of interest. I've not gotten around to using it, but it seems to be an improvement on SRP.
http://content1.catalog.video.msn.com/e2/ds/494a1eb3-8969-4b47-87f9-91c52bb2cc86.mp4
The more useful details are generally in the second half of the video.
-
opera1215b1748 last edited by
No, according to the knowledgeable people review, AppLocker is not on par with SRP.
There is just a lot of MS's spin about the AL.(Unfortunately the article is in Russian)
-
fluxrev last edited by
Not so sure that it's all spin. "New" (or even "new and improved", for that matter) does not always mean "improved" (Opera Blink, anyone?), but
when it comes to Microsoft and security technology, "newer" does generally translate to "better".Here's one (Microsoft) AL/SRP comparison that indicates that AppLocker has some advantages:
http://technet.microsoft.com/en-us/library/dd759113.aspx
Anyway, just thought I'd mention it. I'm not in a position at this point to say which one is better.
Cheersβ