Jump to content

Hey guys give your advises of my security proposal!


LoBeX

Recommended Posts

You guys seem to really waste alot of cpu cycles instead of actually using the computer :P

Anyway, just wanted to comment on what Rock Lee mentioned about using Threatfire. Just don't use the latest beta version, it is retarded. It has loads of new features that do not work. I have proof because it performed some initial self check of my system when I installed it and it confidently reported to me that Windows Defender was enabled and protecting my system when in reality Windows Defender is turned off and I also had the service disabled. The regular version should be fine. I removed it from my pc though, I only wanted to try it out, it didn't provide anything useful to me.

Linux powered gateway firewall FTW, with custom local DNS server to prevent n00b attacks like dns cache poisoning, and rebind etc. Of course I also have custom iptables rules to catch all DNS requests on udp port 53 in case some smartass trojan decides to use its own dns server address ;). Anyway it makes no sense to do what I did if you only have 1 pc on the network. This way though I leave my cpu cycles for actually doing things on my pc, I only need/have nod32 installed. I tried others but they were never as fast, file transfers even were slower with the rest. I do lots of HD video encoding so I guess it's what you use your pc for as well. In the end it comes down to what Bizarre and others mentioned, common sense. For example no matter how many times I try to explain to people that most free porn sites = malware they never listen. LOL

Link to comment
Share on other sites


  • Replies 37
  • Views 3.9k
  • Created
  • Last Reply
@heath28m

Thanks for your exaustive post about your security!! :rofl: but I can't use it since I'm searching a configuration that don't takes a long time to see if a file is corrupted... =(

Well first of all if a file is corrupted its obvious without security..If you mean malicious.. Then that one is easy and a long time no. That list is not something I run through every time I have a problem. ts a list of tools used for just about every kind of malformed attack. Your only problem will not just come from a file that is malware.. It will come from your registry settings and other files that are otherwise not malicious.. Its the same a bomb maker.. some fertilizer..good for plants, a watch...used to tell time..120 Lives later we realize that each piece was harmless..by itself. I have fought malware, viruses, worms..and other punk attempts at MANY MANY things...since my early 20's..There are many forms... including the reason for a good firewall... DNS Posoning, ARP Poisoning..BHO's, ActiveX...LMHosts file being 'edited' and various other entries being changed...

A good example, User uses Keygen, Keygen alters registry, creates two files in System32, one INI, one DLL file...maybe several of them.. on Startup this harmless DLL is activated, and is replicated and replaced with several other DLL's and INI's... each file doing something else until many pieces to one puzzle have been obtained. This can be done through using the network connection before malware protection startup..or the firewall drivers load. The files lay dormat otherwise..Then all of a sudden your browser opens and starts redirecting, your CPU shoots the roof occasionally.. and your system is being back-doored and being used on a BOT network..Never a service noticed or run..no warnings.. Ads and several redirects later you wind up in the lap of Trojan heaven, where you might as well wipe your hard drive and start over. Or let the mouse go and allow the person to basically take your system from you.

Now a system that will disallow even the packets in containing the code, by cutting and refusing connection to, and even if you exclude and restore, taking a chance that a patcher would be clean..or a Keygen with an identifiable threat...and your wrong.. you have to disable it by killing the registry entries..unlocking the files and shredding all parts.. making sure everything is clean..Othewise your system will remain dysfunctional from its original state.. This whole process.. though sounds thorough can take around 5 Min maybe even sooner if you know what your after and I usually do and not by name..you can clean files all day.. but you have to cover all the place the pieces hide or it becomes easier and easier for them..

Any my point is .. Your going to need to know how to use more than one tool... and be efficient in their use.. I mean maybe I am old school, but I havent had to re-install my system for over two years...and its clean... and my information is safe other than that that can normally be obtained though simple WhoIs query and what I share..

EDIT: You know I have to defend ESS firewall for second too. It filters a lot more than people realize, has options for network allowances, IDS and options for which kind of approved traffic you want to allow..The advanced settings is a good place to start...again the user can make some serious mistakes..You don't believe me, take a look at any of your ESS Firewall logs...14 options for attack block detection.. Service Monitoring, Application Modification detection, Zones and Rules editor...and the logs are extensive.. all full tools to help you identify problems and where they may be coming from..protocol filtering, and Web access protection ( before it gets in ).. and the biggest thing to me is that fact that you can configure each aspect, you don't get that with other firewalls.. a lot of options yes, a lot of options that are truly useful..no...My Favorite before ESS was ISS BlackIce from IBM, which no longer exists..( but i think I have a copy ) but it was GOOD..you have no idea..

Link to comment
Share on other sites


Once again, the lack of understanding of Sandboxie is apparent.

Sandboxie does prevent data from being read on your system - it's just that it only does it in the environment it's protecting. You can easily set "Block Access" to sensitive areas of your computer. I use "Block Access" in all my environments to "My Documents".

My point exactly. Lack of understanding is apparent. Not all sensitive areas are kept in "My Documents". Your registry contains sensitive data as well. What about the folders that contain program settings such as user name and password, what about your internet cache and cookies. Now, Sandboxie does have Block Access to the registry and files. This implies that a user has to know exactly what to block. I must admit, I don't even know, exactly. I suppose I can thumb around the registry and folders and maybe get lucky. (I do get lucky. But I had to see a doctor the next day to get rid of the itch though.) Sandboxie has limitation.

@ssj100:

In Sandboxie, you still have to configure it to do that.

In VirtualBox, everything is pretty much covered.

Also, IMO, Sandboxie in VirtualBox is pretty much overkill.

Of course you need to configure it. That's why it's not for people who don't know what their doing, or can't be bothered taking time to learn about it properly. Most people don't fully understand the scope of how Sandboxie can protect you.

I force sandbox virtualbox.exe to run, and so I am super-secure when I test malware in my sandboxed VM.

Not Sandboxie in VirtualBox mate, but VirtualBox in Sandboxie.

IF a VirtualBox or VMware isn't secure enough by itself, then we have a major problem. How do I know when it is overkilled? When you get BSOD. :dance2:

Link to comment
Share on other sites


Once again, the lack of understanding of Sandboxie is apparent.

Sandboxie does prevent data from being read on your system - it's just that it only does it in the environment it's protecting. You can easily set "Block Access" to sensitive areas of your computer. I use "Block Access" in all my environments to "My Documents".

My point exactly. Lack of understanding is apparent. Not all sensitive areas are kept in "My Documents". Your registry contains sensitive data as well. What about the folders that contain program settings such as user name and password, what about your internet cache and cookies. Now, Sandboxie does have Block Access to the registry and files. This implies that a user has to know exactly what to block. I must admit, I don't even know, exactly. I suppose I can thumb around the registry and folders and maybe get lucky. (I do get lucky. But I had to see a doctor the next day to get rid of the itch though.) Sandboxie has limitation.

It doesn't cure cancer mate, that's for sure.

But it works for me. I don't care about other "sensitive" areas of my computer, except for the stuff in "My Documents". If you're afraid of the "sensitive" areas in your registry, then that's your problem mate.

And go see a Doctor soon again.

@ssj100:

In Sandboxie, you still have to configure it to do that.

In VirtualBox, everything is pretty much covered.

Also, IMO, Sandboxie in VirtualBox is pretty much overkill.

Of course you need to configure it. That's why it's not for people who don't know what their doing, or can't be bothered taking time to learn about it properly. Most people don't fully understand the scope of how Sandboxie can protect you.

I force sandbox virtualbox.exe to run, and so I am super-secure when I test malware in my sandboxed VM.

Not Sandboxie in VirtualBox mate, but VirtualBox in Sandboxie.

IF a VirtualBox or VMware isn't secure enough by itself, then we have a major problem. How do I know when it is overkilled? When you get BSOD. :dance2:

Well mate, I thought it was secure enough too, until some people at Wilders forum started posting evidence of VMware vulnerability and exploits. Since then, I run VirtualBox sandboxed. It's easy enough to do, and doesn't cause me any problems. It certainly has never caused me any BSODs.

Link to comment
Share on other sites


My point exactly! Security is 360 degree. You can't bolt down the front door and leave the back door unlocked. Check.

Link to comment
Share on other sites


@Rock Lee

Post nº7 and nº 15 so are you using a Hips?I'm confused... and why you don't trust comodo's hips,and prefer Threatfire?

Nah not anymore. I don't need that much protection since I know that my downloads are coming from a secure location. Back before my private tracker days & even before my torrent days I had a lot of security. An HIPS, couple firewalls (configured to coexist, not recommended for you though), and Avast for my AV (disappointed by it. I'm hoping that v5 is pretty good though). Now I'm just using Comodo (firewall alone), ESET & Boxie. I have used the HIPS I mentioned though so it wasn't just a guess. Sorry for the confusion ;)

It's not that I don't trust it, it's that I don't need it anymore. I don't use threatfire anymore either. I've used both, ThreatFire is my preference though. We've said it multiple times in the thread now: to each his own.

You should use both & see which one you like. I'm just giving suggestions, it's up to you to use them.

Link to comment
Share on other sites


@ssj100

it's only bypassing ShadowSurfer box...not an entiere VMware...

So I have to thank you guys for trying to make my decision easier, and for explainig me the whole thing!!

Now I have a more detailed description of what's necessary for a little piece of security!!

:battle: :battle: :battle:

and I will make my own tests on this soft and after that I will be back to share my results!!

Pd: What do you think about prevx??and runned with another AV like Ess or Avira??I read from the Crack heads post that demoneye made an auto test with some :evil: codes and it's not detecting it...

Link to comment
Share on other sites


Pd: What do you think about prevx??and runned with another AV like Ess or Avira??I read from the Crack heads post that demoneye made an auto test with some :evil: codes and it's not detecting it...

IMO, to find a malware, an anti-malware needs to know what to look for. Most of the time an anti-malware doesn't know unless it gets updated. I am more worried when my main AV doesn't find any malware on my system. So, what am I to do? Get a second opinion. I usually use a second AV program to do an on-demand scan.

So, the questions become. Do you want your main AV to be the best and the backup on-demand AV to be second best?

Lastly, what is best today my not be tomorrow.

From Prevx:
Prevx 3.0 detects, removes, and protects, helping to keep your PC and personal information safe from malicious software such as rootkits like MBR, Banking Trojans like Zeus, BOTs like Conficker as well as regular viruses, spyware and adware.

The question I have for you is this: Are you using an anti-malware program right now that doesn't do what Prevx states above?

Link to comment
Share on other sites


@ssj100

it's only bypassing ShadowSurfer box...not an entiere VMware...

So I have to thank you guys for trying to make my decision easier, and for explainig me the whole thing!!

Now I have a more detailed description of what's necessary for a little piece of security!!

:battle: :battle: :battle:

and I will make my own tests on this soft and after that I will be back to share my results!!

Pd: What do you think about prevx??and runned with another AV like Ess or Avira??I read from the Crack heads post that demoneye made an auto test with some :evil: codes and it's not detecting it...

Dude, I wasn't talking about ShadowSurfer box. I was talking about VMware mate - the threads about it in Wilders are about 2 weeks old, so you might have a lot of reading to do if you want to find it. VMware has vulnerability mate. That's why I run my VirtualBox sandboxed. Easily done.

Link to comment
Share on other sites


Vunerability or not what little I have used VirtualBox I like a lot over trying to run WMWare..plus its free..( Now I just have to get all my images I want..LOL ) Thats the hard part..

Link to comment
Share on other sites


@heath28m

For sure, downloading buying, mounting and config every image isn't the easiest thing...

@ssj100

Wow...didn't know it!!I saw the shadow's post an thougt you were refering it!!

@box

So no need to have 2 AV running at the same time...just to have it in case for a second opinion(on demand scan)

For those who don't know, there's a usefull tool that uploads any archive to Virustotal from the context menu Send to

it's a free tool and you can find it at http://www.virustotal.com/metodos.html it's a handy one!!

It's a handy one for me!! :rolleyes:

I will try out VBox too!!is it lighter than Vmware?

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...