Curse

garethporlest18 · Apr 23, 2008, 11:27 PM // 23:27

Quote:

Originally Posted by Snow Bunny

I agree.

NOD32 is probably safer than the security used for nuclear weapons.

Well then I'm gonna assume we're all doomed.

fenix · Apr 24, 2008, 06:56 AM // 06:56

Quote:

Actually, fenix is correct. Having more than one anti virus is very well known to cause a multitude of issues. The two (or more) tend to conflict with each other, especially when a virus is found that both know of. It's not a pretty sight and it does cause more problems than it's worth.

Yeah, I wasn't just saying it for the sake of saying it. I had that exact thing happen to me.

NOD32 and Avira both detected the same virus.
NOD32 quarantined the file.
Avira removed it from NOD32's quarantine to put it in its own quarantine.
NOD32 removed it from Avira's quarantine to put it in its own quarantine.

Rinse and repeat LITERALLY 30+ times. It was doing it so fast that I didn't have time to do anything, so I had to click like a ninja while mashing ctrl-alt-del to bring up the Task Manager to close Avira. Computer went booom for about 2-3 mins while it was happening haha.

Snow Bunny knows the score. NOD32 is pretty awesome. 49 (at least) awards for virus detection to date? Winsauce.

http://www.eset.com/company/awards.php

Maximumraver · Apr 24, 2008, 07:55 AM // 07:55

1) Avira Antivirus, works great.

2) Yes.

3) Don't need it, delete cookies once a month is enough (tracking cookies). last time i checked i only had tracking cookies, last time i scanned before that was over 300 days before that.

4) Yes.

5) Yes.

6) My password is different for everything, passwords ranging from 13 to 27 characters.

7) Xcleaner once a year.

8) The most important thing on my pc is my music which is about 380 gb, no space to back that up.

9) Nothing, won't help. they will still download The Sims or whatever, even though it's a 70kb exe file, if you catch my drift.

MoriaOrc · Apr 24, 2008, 10:48 AM // 10:48

I'll add answers to the new questions & clarify some other stuff I said earlier

7) Most of this is cleared by Firefox with the "Clear Private Data on exit" setting. My passwords are stored behind a master password, which must be entered to access them in any way.

8) I don't store sensitive stuff on my computer (partly because I don't have much sensitive information to store :P). What little there is, I store in one spot and back up occasionally (usually only if I plan on formatting a drive).

9) I do give good information when people ask for it. Many of my friends refer to me for "computer stuff" and I try to give them good advice, including security, in those cases.

Also, while I said I don't run AV/Anti-Mal stuff, I do have other security measures. I keep my network behind a router (which is a nice first step) which I make sure has sane security settings (Wireless encryption, disable UPnP because I'd rather set server ports myself, a few other roadblocks that should keep the neighbors off). I update my OS regularly. I have most "attack vectors" closed off by things like script white-listing (No-Script plug-in for FF is nice), sane use of email, and an inherent distrust for any link to a domain I don't know (or an obfuscated link like tinyurl).

I don't think this solution works for many people, so I recommend AV/Malware stuff for others who ask about it.

Kamatsu · Apr 24, 2008, 10:49 AM // 10:49

A note to all - if your post gets deleted, don't repost it. If you feel it was deleted in error or deserves to be undeleted, please PM a mod and/or supermod and it will get reviewed. Re-posting deleted post's will only end in the repost being deleted and you facing possible posting suspension.

Once more i will point you all to the Forum Rules ->

http://www.guildwarsguru.com/content...nes-id2030.php

Fril Estelin · Apr 24, 2008, 11:12 AM // 11:12

Discovered today that a new version of AVG will be out shortly, with a nice little inline verification of google links:
http://www.pcpro.co.uk/news/191172/a...s-scanner.html

Also a short security check offered by F-Secure (only works in IE):
http://www.f-secure.co.uk/healthcheck

If anyone knows a free nice "application and driver version tracking" program, let us know. Something like this one:
http://www.download.com/VersionTrack...-10223175.html

Lord Sojar · Apr 24, 2008, 01:01 PM // 13:01

1) Do you have an antivirus and a firewall running at all times (even when playing games)?

Behind a router and I am on a T3 which is auto firewalled via my ISP. So yes.

2) If so, are they automatically and regularly updated?

Router is static firewall, ISP takes care of other stuff.

3) Do you run regularly anti-spyware software, such as Lavasoft AD-Aware and Spybot Search&Destroy (S&D)?

Don't need to, I use Firefox.

4) Do you regularly update your Operating System and all applications?

I use Microsoft Update via their website. Auto updates is annoying.

5) Do you make sure that applications you install can be "trusted"?

I don't install anything that I don't know about, and considering my professional opinion trumps that of most people I know, I need not worry if things are trusted.

6) Most importanly, do you have strong passwords and do you make sure not to use the same passwords for different site/applications?

I use 64bit randomly generated passwords using a powerful algorithm. Good luck breaking them.

7) Do you regularly clean your browser and application data (such as caches, saved passwords)?

I use Firefox.

8) Do you regularly back-up your sensible data?

No, my computers harddrives are kept under a very heavy maintenance schedule. I actually open up my HDDs and tune them up myself. Also, I have 6 different HDDs, 5 of which do not have an operating system installed, therefore, there is a very small likelihood of data corruption. They are also kept in Raid 10.

9) What do you do to raise awareness about security and trust around you?
No one touches my computer, period. As far as passwords go, I don't even know my own passwords. The only person that knows my passwords is the encryption software stored on my jump drive that has each password saved. And that is kept safe.

EDIT: Ah, and I downloaded a lovely cracked version of NOD32 to take a looksy. I am impressed, much less bloated than other Antivirals out there. I very well may purchase NOD32, just because I support companies that actually make good products. (aka, not Norton, McAfree, AVG, or any of the other "Popular" antivirus programs that are so bloated and manipulative and invasive that it makes you want to slit your wrists)

Dark Kal · Apr 24, 2008, 01:38 PM // 13:38

This reminds me of a Simpson episode:

Quote:

Homer Simpson: Not a bear in sight. The Bear Patrol must be working like a charm.
Lisa Simpson: That’s specious reasoning, Dad.
Homer: Thank you, dear.
Lisa: By your logic I could claim that this rock keeps tigers away.
Homer: Oh, how does it work?
Lisa: It doesn’t work.
Homer: Uh-huh.
Lisa: It’s just a stupid rock.
Homer: Uh-huh.
Lisa: But I don’t see any tigers around, do you?
[Homer thinks of this, then pulls out some money]
Homer: Lisa, I want to buy your rock.

Having a decent anti-malware and a half decent firewall and some common sense is all you really need, there's no need to be over paranoid either. I've never even encounter a computer virus in my entire life, you shouldn't underestimate malware/viruses but you shouldn't overestimate them either.

Ctb · Apr 24, 2008, 01:57 PM // 13:57

Rahja... much of your post doesn't seem to make any sense at all...

64-bit encryption? Are you joking? That's a trivial key size, and there's no compelling reason, short of some sort of software or hardware limitation on older systems, to use at LEAST a 128 bit key size these days.

Hell, AESCrypt won't even let you use a key size smaller than 128-bit, and it has no trouble with 192-bit and 256-bit key sizes as well.

And I'd be interested to hear what a "very heavy maintenance schedule" is for a hard drive, or what you mean by opening them up. If you mean you actually open the drives physically, I call BS. There's nothing you could conceivable gain by doing so, and even if you could the time and risk certainly isn't worth it when magnetic mass storage is going for 0.20 USD a gig. Furthermore, if you're actually utilizing your RAID 1+0 capabilities, you have a de facto backup of sorts, even if that's not the primary intent.

Finally, eschewing additional protections because you "use firefox" is beyond silly. Do you also never load images, flash, audio plugins, video plugins, or load anything but plaintext and HTML plaintext? Because practically everything except plain ASCII text has the capacity to harm your machine and load viruses. Even an image file has to be loaded into memory and manipulated by a program, so even that has the capability to trigger bugs in the controlling code and cause overflows, disk-writing, etc.

I'd be interested in hearing a little more about what all this actually means...

cataphract · Apr 24, 2008, 01:59 PM // 13:59

1) Ofcourse.
2) Daily.
3) No, since there is no need. My AV software scans for malware, grayware and other culprits.
4) Ofcourse. Windows are patched with all Critical and Security patches.
5) Yes. There aren't many apps installed on my PC.
6) Ofcourse.
7) Weekly.
8) There isn't any sensitive or valuable data on my PC.
9) The only one that uses my PC is my girlfriend and she logs on under a separate, limited user account.

SnipiousMax · Apr 24, 2008, 02:12 PM // 14:12

For an antivirus App, I've always preferred Nod32 as it's light and lean and catches everything. I used Kaspersky AV for awhile, but it got to where I felt like I was hunting squirrels with an elephant gun. I use mostly the free stuff now. Avira is what I use on my laptop and recommend to all my non techie friends/family. Again, it's light and lean and is the best scanner of the three big three AV's.

For my firewalls, I have a firewall in my Router at home, and I've agonized over the security settings, so I don't have a third party app on my desktop. Windows Firewall is more than enough when it's sitting behind a router. On my laptop (and Mom and Dad's computer) is Comodo Firewall Pro which is an excellent completely free third party firewall. I usually disable the +defense as I don't see much added security that comes with the enormous amount of annoyance, but the basic firewall is excellent.

Anti-Spyware/adware programs I rotate every so often. I always have at least two, and run them one right after another once a week or so. I usually browse sites like Download.com to see what's new or whats been rated highly by the editors/community. I like to change them every couple of months because they have a pretty weak detection rate by themselves and using fresh ones so often increases your chances of catching something. I keep Windows Defender active all the time though. It comes with windows vista and is a free download for XP. It has real time scanning (spyware apps don't clash with antivirus apps) is integrated into the OS, updates automaticlly with windows, and is actually pretty good. I've tried any number of other apps: a-squared, Spybot S&D, Ad-Aware (there's a new version out in beta!), superantispyware, the free version of AVG's antispyware, etc. Just be sure that you download from a reliable site, and that you pay attention to reviews and articles about whatever you want to try. The last thing I keep all the time is HijackThis. It requires a great deal of time and effort to go through every item on the log it prints out, but it catches just about everything. There is now a firefox addon that assists in using Hijackthis.

Finally I'd suggest two more apps to complete your arsenal. Revo Uninstaller and Ccleaner. When you uninstall a program lots and lots of stuff is left on your hard drive or in you registry. Revo Uninstaller assures that every trace of the program is wiped off your computer. Ccleaner's been mentioned already, but it's fantastic.

Ctb · Apr 24, 2008, 02:19 PM // 14:19

Quote:

For my firewalls, I have a firewall in my Router at home, and I've agonized over the security settings, so I don't have a third party app on my desktop

If you're interested in having a limitless level of control over your router and firewall, get an old machine (or an Eepc or something similarly small) and drop FreeBSD on it. Back when I was poor and couldn't afford a router, I used an old machine and two old nics to make my own router, firewall, and DNS cache (with djbdns at http://cr.yp.to/). I dropped SSHD on it too and used PuTTY to connect so I didn't even need a monitor or keyboard hooked up.

With a little more ingenuity, you could do a lot of other things too: honeypots, an email relay with an appropriate retry setting so that you can send e-mails even when your ISP's email server is out or your connection is down, etc. Plus, the default firewall setting for SOHOs that comes with FreeBSD is a pretty darn solid starting point.

The only real downside is that you'll have to also get a switch and put it somewhere since, obviously, two NICs isn't enough for a real "network".

Fril Estelin · Apr 24, 2008, 02:49 PM // 14:49

Quote:

Originally Posted by Ctb

64-bit encryption?

He said "64bits passwords", not encryption key (and it'd rather be 2048 for asymetric ...). But that does not make sense either, nor does the opening HDDs or the "I downloaded a cracked version of NOD32". And forget about creating your own router or honeypots, it's ridiculously complex for the majority of people, and a lot of time lost, unless you're protecting very sensitive data.

I feel the wind of derailment on this thread, as I can already see people not reading it. Just in case, I'll try to refocus the debate on the most important question of the 9 of the OP:

9) What do you do to raise awareness about security and trust around you (e.g., other people using your PC, members of your family, friends, guildies, Alliance members, colleagues)?

Ctb · Apr 24, 2008, 03:11 PM // 15:11

Quote:

But that does not make sense either

That's what I don't get. "64 bit key" makes sense. A 64-byte password would also make sense, though it would be an odd way of saying "my password is 64 characters long). That's why I'm itching for some clarification.

Quote:

And forget about creating your own router or honeypots, it's ridiculously complex for the majority of people, and a lot of time lost, unless you're protecting very sensitive data.

Actually, making your own router with a UNIX system is surprisingly simple and is a very viable step for people interested in going a little beyond the typical setup. Granted, for a normal user, it's out of the question and an unnecessarily tangled mess.

I'll just reiterate what I do for "normal" users with other people's suggestions incorporated into my future endeavours:

1. HOSTS file
2. Privoxy
3. AVG or NOD32
4. Windows Firewall turned on
5. If relevant, disable LANMAN hashes
6. Auto download and install updates turned on
7. Install Firefox and "hide" access to IE
8. Spybot S&D, HijackThis, and Ad-aware sweep and necessary cleanup

I also try to encourage people to set up two accounts: the administrator and a regular user, and to not use the administrator. Depending on the level of activity on the computer, the success of this strategy varies. Some people get tired of their kids complaining about games not working and skip it, others have a great deal of success.

Also, with passwords, I like to encourage people to either use fake words (supergone, littlejive, etc.), or to use entire phrases. I try to steer people away from the "1337-like" password method and create things like "I was born on the ninth of july to John and Marie". Windows passwords can now be very long, and it's much easier to remember a simple, meaningful phrase than it is to try and use a one-word 1337ified password. Plus, you'll never find phrases like that in the dictionary, so dictionary attacks become virtually useless. Plus, I think - THINK - that a password over 16 bytes is not LANMAN hashed even if LANMAN is not disabled.

DarkWasp · Apr 24, 2008, 03:54 PM // 15:54

Personaly I run pretty bare-bones myself, just because I don't get viruses. When I do, they are a pain, but sometimes I have a lil fun with em.

Avoiding viruses just takes street-smarts.. I mean web-smarts.

-No Warez
-No downloading music or videos illegaly
-Porn is a HUGE risk, some sites are trusted though
-Sites with more than one pop-up at a time that bypass your pop-up blocker, pull the plug then reboot and scan immediatly
-Only open EXEs from well trusted site, or scan them first
-Don't open emails that seem out of context
-Don't open viagra ads... go see a doctor or something, it'll be alot less trouble
-Use Peer2Peers ONLY when neccesary

...Stuff like that

(Oh and don't use myspace if you're gonna pick fights with smart kids)

So my computer security is up to date as long as I keep everyone else off it.
(I do run Windows Firewall though, its the least bothersome firewall ive ever seen)

Fril Estelin · Apr 24, 2008, 04:02 PM // 16:02

Quote:

Originally Posted by Ctb

Actually, making your own router with a UNIX system is surprisingly simple and is a very viable step for people interested in going a little beyond the typical setup. Granted, for a normal user, it's out of the question and an unnecessarily tangled mess.

I know perfectly well, and even for a knowledgeable user it's not something you'd like to spend time on unless there's a good reason. I'd rather spend some time researching what's the most secure router out there.

Quote:

I also try to encourage people to set up two accounts: the administrator and a regular user, and to not use the administrator. Depending on the level of activity on the computer, the success of this strategy varies. Some people get tired of their kids complaining about games not working and skip it, others have a great deal of success.

On Vista it's already done for you with UAC, which means you don't get Admin privileges. Nice advice on other systems, but I'm not sure it's worth the effort (you'd have to reloggin to install some programs).

Quote:

Also, with passwords, I like to encourage people to either use fake words (supergone, littlejive, etc.), or to use entire phrases. I try to steer people away from the "1337-like" password method and create things like "I was born on the ninth of july to John and Marie". Windows passwords can now be very long, and it's much easier to remember a simple, meaningful phrase than it is to try and use a one-word 1337ified password. Plus, you'll never find phrases like that in the dictionary, so dictionary attacks become virtually useless. Plus, I think - THINK - that a password over 16 bytes is not LANMAN hashed even if LANMAN is not disabled.

Long password is bad, because it increases the chance of typing it wrong (and then getting locked out because of too many wrong attempts, not on Windows by default) and of forgetting it. Complexity is the most important element, with l33t transformation being very simple: e or E replaced with 3, a or A with 4, etc.

I personally only use three (strong) passwords, one of which is the master password of PasswordSafe.

Don't forget Ctb that to be usefull, security advices have to be understandable. Bear in mind LANMAN, host and stuff like that is as if I was going to start a discussion on cryptography on this board, it'd be pointless.

Ctb · Apr 24, 2008, 04:12 PM // 16:12

Quote:

Bear in mind LANMAN, host and stuff like that is as if I was going to start a discussion on cryptography on this board, it'd be pointless.

LANMAN doesn't store a hash for any password longer than 15 characters which is why encouraging a longer password is so useful in Windows. You can completely defeat the entire LANMAN weakness with a sufficiently long (16 or more characters) password and never even bring up LANMAN to the user.

Furthermore, longer passwords are better than complicated passwords. By virtue of the fact that it's a contextual phrase that has some meaning to the user, a sentence long password offers several benefits:

1. It has meaning to the user and is thus more easily remembered
2. It is not a dictionary word and is immune to 1-1 dictionary attack
3. It is exceptionally long compared to a typical password and, therefore, is unjustifiably difficult to crack timewise.

Something as simple as "I was born on 10/21/1976 in Dearborn Michigan" incorporates whitespace, non-alphanumerics, and different cases, it is long enough to bypass the LANMAN exploit, and it is neither a dictionary word, nor a password short enough to be reasonably cracked by a brute force attack. It is also a password for which a meaningful reminder can be created.

Quote:

Complexity is the most important element, with l33t transformation being very simple: e or E replaced with 3, a or A with 4, etc.

This is trivially defeated by all modern password crackers. They already index tens of thousands of words, adding a few letter mutations to the already extensive list is not a significant deterrent. The difference between cracking "joseph" and "j053ph" may be a matter of seconds depending on how the cracker handles mutations. Unfortunately, simply mutating real words is not a significant measure anymore.

Tarun · Apr 24, 2008, 04:50 PM // 16:50

The Hosts file is not meant to be used to block malware. It is solely to act as a DNS redirect. I have written a detailed article about this in my wiki, which you can see by going to http://wiki.lunarsoft.net and viewing the Blocking Malware article which details why you should not use a Hosts file.

A big problem with the Hosts file is it slows down browsing because every line has to be parsed into the DNS. The DNS can only hold a set number of entries. So if you have a Hosts file with 10,000 lines and the DNS only holds the last 30 used, it has to chug along and process a lot of unnecessary work to try and block malware. To try and get around this, many sites that offer Hosts files foolishly tell users to disable the DNS Client service. You should never disable any of your services. Ever. Your programs have a higher chance of breaking because they rely on services. It has also been debunked that there is no performance gain by disabling services. Even from the very minute amount of memory that you may free, it's not enough to make a noticeable difference. If you believe that it has dramatically helped, I shall refer you to the placebo effect.

Even Microsoft has a segment about why you should not disable the DNS Client service.

Quote:

Originally Posted by MSKB 318803

Note: The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated.

The DNS Client service optimizes the performance of DNS name resolution by storing previously resolved names in memory. If the DNS Client service is turned off, the computer can still resolve DNS names by using the network's DNS servers.

When the Windows resolver receives a positive or negative response to a query, it adds that positive or negative response to its cache, and as a result, creates a DNS resource record. The resolver always checks the cache before querying any DNS server. If a DNS resource record is in the cache, the resolver uses the record from the cache instead of querying a server. This behavior expedites queries and decreases network traffic for DNS queries.

You can use the Ipconfig tool to view and to flush the DNS resolver cache. To view the DNS resolver cache, type ipconfig /displaydns at a command prompt. Ipconfig displays the contents of the DNS resolver cache, including the DNS resource records that are preloaded from the Hosts file and any recently queried names that were resolved by the system. After a certain time period, the resolver discards the record from the cache. The time period is specified in the Time to Live (TTL) associated with the DNS resource record. You can also flush the cache manually. After you flush the cache, the computer must query DNS servers again for any DNS resource records previously resolved by the computer. To delete the entries in the DNS resolver cache, type ipconfig /flushdns at a command prompt.

This segment from the MSKB is why users should not alter their services unless under direct instruction from a technician.

pumpkin pie · Apr 24, 2008, 05:12 PM // 17:12

I have one question:

Is it dangerous to tell people what your security routines are?

Ctb · Apr 24, 2008, 05:19 PM // 17:19

Quote:

A big problem with the Hosts file is it slows down browsing because every line has to be parsed into the DNS.

We've been over this before. The resolver cache issue is only significant for attempts to resolve a non-existant domain. Unless you repeatedly try to resolve those non-existant domains, the tiny increased delay while the loaded HOSTS data is queried is an inconsequential part of the entire transaction. Modern computers have more than enough memory and computing cycles to handle very large HOSTS files in-memory with ease.

Furthermore, the HOSTS file is meant to resolve whatever you want to wherever you want. That is its entire purpose in existing to this day. You can resolve any domain name to any IP, at will, and you are neither violating standards nor causing any significant problems outside of any problems you cause yourself.

I've used large HOSTS files on numerous home PCs and never once did anybody notice any additional slowdown, even on dial up.

Quote:

You should never disable any of your services. Ever.

THIS is entirely false, flat out. Any service you understand and know you don't need can be disabled. Arguing that it "might break something" is no different than arguing that deleting random things under /system32 "might break something". If you don't know what it is, don't mess with it, if you do, go nuts.

I also find it somewhat amusing that your main website is categorized in Websense as "malicious"....

Quote:

Is it dangerous to tell people what your security routines are?

Depends. If you expose a weakness it is, so you shouldn't discuss detailed information about your security system with people you don't trust. Obscurity can offer some level of protection, even if it's nothing more than to slow down the attacker or keep out complete scrubs.

However, you should not rely on obscurity to be a level of security.