Question about mIRC security

Discussion in 'Computer Security' started by Zilbandy, Jun 14, 2006.

  1. Zilbandy

    Zilbandy Guest

    I'd like to start using mIRC to chat with some online friends, but I
    need to know what kind of security issues I should address first. I'm
    currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
    for my firewall. For malware, I use AdAware and Spybot S&D. I don't
    plan on downloading files, especially from people I don't know. Would
    this configuration keep me reasonably safe from viruses and other
    crap? I was using AOL's chat for years, but have recently cancelled my
    account with them.
    --
    Zilbandy - Tucson, Arizona USA <>
    Dead Suburban's Home Page: http://zilbandy.com/suburb/
    PGP Public Key: http://zilbandy.com/pgpkey.htm
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Zilbandy, Jun 14, 2006
    #1
    1. Advertising

  2. Zilbandy

    Matt Hodges Guest

    Honestly, the biggest thing you have to worry about is just downloading
    files. As long as you don't go crazy with all that file sharing and
    such, and it sounds like you keep yourself protected in case you ever
    do. I would be cautious using mIRC scripts that you don't trust the
    maker of, because backdoors are often found in those. Don't type
    commands you don't know what they do, often times people will try to
    trick you into fserv something from them (like a virus). Basically, it
    all comes down to just not doing things you are unsure about, as that is
    how mistakes end up compromising systems.

    Hope this helped,

    -Hooges

    Zilbandy wrote:
    > I'd like to start using mIRC to chat with some online friends, but I
    > need to know what kind of security issues I should address first. I'm
    > currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
    > for my firewall. For malware, I use AdAware and Spybot S&D. I don't
    > plan on downloading files, especially from people I don't know. Would
    > this configuration keep me reasonably safe from viruses and other
    > crap? I was using AOL's chat for years, but have recently cancelled my
    > account with them.
     
    Matt Hodges, Jun 14, 2006
    #2
    1. Advertising

  3. Zilbandy wrote:
    > I'd like to start using mIRC to chat with some online friends, but I
    > need to know what kind of security issues I should address first.


    Not using mIRC. It's bug history is a big mess of a lot insanely dumb
    critical security vulnerabilities.

    > I'm currently using fully patched WinXP Home, AVG Antivirus, and
    > ZoneAlarm for my firewall.


    ZoneAlarm is no firewall, it's a host-based packet filter and a pretty
    lousy one. Why do you even attribute it to security?

    > For malware, I use AdAware and Spybot S&D.


    Fine. But what exactly do you think you can accomplish? Merely detection
    after the fact, if you ever differ it from the load of false positives.
    What about not executing malware in first place and not running any
    defective software that does so automagically, like mIRC?

    > Would this configuration keep me reasonably safe from viruses and
    > other crap?


    No. Actually you're inviting it actively.

    > I was using AOL's chat for years, but have recently cancelled my
    > account with them.


    Woah, you really don't understand what IRC is?
     
    Sebastian Gottschalk, Jun 15, 2006
    #3
  4. Zilbandy

    Roger Parks Guest

    On Wed, 14 Jun 2006 18:50:00 -0400, Zilbandy <>
    wrote:

    > I'd like to start using mIRC to chat with some online friends, but I
    > need to know what kind of security issues I should address first. I'm
    > currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
    > for my firewall. For malware, I use AdAware and Spybot S&D. I don't
    > plan on downloading files, especially from people I don't know. Would
    > this configuration keep me reasonably safe from viruses and other
    > crap? I was using AOL's chat for years, but have recently cancelled my
    > account with them.


    Given that you're firewalled and won't download files, and presuming that
    you will be running unpriviledged whenever it is in operation, your
    primary concern is probably client integrity.

    Some IRC clients are better coded, and thereby safer than other; check
    SANS for the status of yours.

    Some of us believe that anything connected to the net for an extended
    period should be secured as if it were a server...... i.e. IIWU and
    running windows, I'd look for an IRC client that's been built within a
    freeware VM (e.g. vmware appliance). That would afford it overflow
    protection, zero-day attacks, etc.

    A "good" IRC client in a VM is probabably safer than an "excellent" IRC
    running uncontained on your windows box. This is especially true if you
    start weakening it with third-party "plugins" - which could be poorly
    written, or be Trojans.
     
    Roger Parks, Jun 15, 2006
    #4
  5. Zilbandy

    Zilbandy Guest

    On Thu, 15 Jun 2006 02:09:56 +0200, Sebastian Gottschalk
    <> wrote:

    >Zilbandy wrote:
    >> I'd like to start using mIRC to chat with some online friends, but I
    >> need to know what kind of security issues I should address first.

    >
    >Not using mIRC. It's bug history is a big mess of a lot insanely dumb
    >critical security vulnerabilities.
    >


    Ok. Any suggestions?

    >> I'm currently using fully patched WinXP Home, AVG Antivirus, and
    >> ZoneAlarm for my firewall.

    >
    >ZoneAlarm is no firewall, it's a host-based packet filter and a pretty
    >lousy one. Why do you even attribute it to security?
    >


    Well, whatever you call it, it must be doing something. At least I get
    a chance to allow or disallow incoming/outgoing connections to my
    system. Most of them, anyway.

    >> For malware, I use AdAware and Spybot S&D.

    >
    >Fine. But what exactly do you think you can accomplish? Merely detection
    >after the fact, if you ever differ it from the load of false positives.
    >What about not executing malware in first place and not running any
    >defective software that does so automagically, like mIRC?
    >


    You sound a bit terse, but that's ok... I'm used to that. I'm married.
    :) What do I think I can accomplish? If I get majorly 'infected', I
    can simply boot from my Acronis boot cd and restore an image of my
    system from my usb harddrive. I image my drive every three days and
    maintain those backups for a month. I also maintain a monthly backup
    for at least a year.

    >> Would this configuration keep me reasonably safe from viruses and
    >> other crap?

    >
    >No. Actually you're inviting it actively.
    >


    That's not exactly what I wanted to hear, but I'll take your word on
    it. Security is not forte. I do possess some common sense though, and
    that's managed to keep my two computers clean for many years. ::knock
    on wood::

    >> I was using AOL's chat for years, but have recently cancelled my
    >> account with them.

    >
    >Woah, you really don't understand what IRC is?


    Ummmm, I guess not, but lemme think. I type something... someone on an
    IRC channel reads it... they type something and I read it. Sounds like
    'chat' to me. Whatever else IRC may or not be doesn't concern me at
    this time.
    --
    Zilbandy - Tucson, Arizona USA <>
    Dead Suburban's Home Page: http://zilbandy.com/suburb/
    PGP Public Key: http://zilbandy.com/pgpkey.htm
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Zilbandy, Jun 15, 2006
    #5
  6. Zilbandy wrote:

    >> Not using mIRC. It's bug history is a big mess of a lot insanely dumb
    >> critical security vulnerabilities.

    >
    > Ok. Any suggestions?


    HydraIRC, smIRC, Chatzilla, ... there are so many good IRC clients that
    are not f***ek up.

    > Well, whatever you call it, it must be doing something. At least I get
    > a chance to allow or disallow incoming/outgoing connections to my
    > system. Most of them, anyway.


    Why do you think that you need that?
    BTW, it does something: It increases complexity (therefore initially
    decreasing security) and in case of ZA it makes your computer vulnerable
    in first place.

    > If I get majorly 'infected', I
    > can simply boot from my Acronis boot cd and restore an image of my
    > system from my usb harddrive. I image my drive every three days and
    > maintain those backups for a month. I also maintain a monthly backup
    > for at least a year.


    Not that sounds really serious. Still you might understand that these
    tools are pretty unusable when it comes to detecting any serious infection.

    >>> I was using AOL's chat for years, but have recently cancelled my
    >>> account with them.

    >> Woah, you really don't understand what IRC is?

    >
    > Ummmm, I guess not, but lemme think. I type something... someone on an
    > IRC channel reads it... they type something and I read it. Sounds like
    > 'chat' to me. Whatever else IRC may or not be doesn't concern me at
    > this time.


    Well, IRC has been the biggest and so far the only well-defined chat on
    the internet, with public specs (RFC!) of the protocols and various
    interoperable clients. AOL's chat is merely a clone for losers being
    isolated from the IRC world who are even too dumb to know about IRC.

    Second, with IRC you don't need any account at an ISP or at a server to
    utilize IRC, so you won't lose your chatability and built social
    contacts when cancelling any account. (However, you can register your
    nick on servers for better authorization.)

    For the third, I was a bit suspicious about your initial question,
    sounding like you'd see mIRC as a chat platform itself rather than just
    one (lousy) of lots of clients for the real platform IRC.
     
    Sebastian Gottschalk, Jun 15, 2006
    #6
  7. Roger Parks wrote:

    > Given that you're firewalled and won't download files, and presuming that
    > you will be running unpriviledged whenever it is in operation, your
    > primary concern is probably client integrity.
    >
    > Some IRC clients are better coded, and thereby safer than other; check
    > SANS for the status of yours.


    Actually this is a quite strange approach, because integrity problems in
    a IRC client shouldn't be acceptable in any context. IRC is a very
    simple and straight-forward protocol, so the clients should be. smIRC
    gets in right in only 50KB of code, Chatzilla gives an implementation
    with merely 90 KB of code (in very expressive XUL) and shouldn't be
    expected to have any non-subtile issues.
    That's why I don't understand that mIRC gets it so wrong.

    > Some of us believe that anything connected to the net for an extended
    > period should be secured as if it were a server......


    Usually it actually is a server.

    > I'd look for an IRC client that's been built within a
    > freeware VM (e.g. vmware appliance). That would afford it overflow
    > protection, zero-day attacks, etc.


    What about running it with different credentials on a different
    graphical context (WindowStation)?
     
    Sebastian Gottschalk, Jun 15, 2006
    #7
  8. Zilbandy

    Roger Parks Guest

    On Thu, 15 Jun 2006 03:09:33 -0400, Sebastian Gottschalk <>
    wrote:

    > Roger Parks wrote:
    >
    >> Given that you're firewalled and won't download files, and presuming
    >> that
    >> you will be running unpriviledged whenever it is in operation, your
    >> primary concern is probably client integrity.
    >>
    >> Some IRC clients are better coded, and thereby safer than other; check
    >> SANS for the status of yours.

    >
    > Actually this is a quite strange approach, because integrity problems in
    > a IRC client shouldn't be acceptable in any context.


    Heh!.........perfection is ellusive.

    > IRC is a very
    > simple and straight-forward protocol, so the clients should be. smIRC
    > gets in right in only 50KB of code, Chatzilla gives an implementation
    > with merely 90 KB of code (in very expressive XUL) and shouldn't be
    > expected to have any non-subtile issues.
    > That's why I don't understand that mIRC gets it so wrong.
    >
    >> Some of us believe that anything connected to the net for an extended
    >> period should be secured as if it were a server......

    >
    > Usually it actually is a server.
    >
    >> I'd look for an IRC client that's been built within a
    >> freeware VM (e.g. vmware appliance). That would afford it overflow
    >> protection, zero-day attacks, etc.

    >
    > What about running it with different credentials on a different
    > graphical context (WindowStation)?


    IIUC, that would enforce least priviledge - and if there are multiple
    users it would be a good move. But it wouldn't make either the client
    (actually, we agree - the server), OR the OS more robust and resistant to
    overflows, smashes, zero-day Trojans, and other zero-day exploits.

    IMHO, it just makes sense these days to put everything that is WAN-exposed
    into a hardened jail/VM
     
    Roger Parks, Jun 15, 2006
    #8
  9. Roger Parks wrote:

    >> Actually this is a quite strange approach, because integrity problems in
    >> a IRC client shouldn't be acceptable in any context.

    >
    > Heh!.........perfection is ellusive.


    Robustness isn't.

    >>> I'd look for an IRC client that's been built within a
    >>> freeware VM (e.g. vmware appliance). That would afford it overflow
    >>> protection, zero-day attacks, etc.

    >> What about running it with different credentials on a different
    >> graphical context (WindowStation)?

    >
    > IIUC, that would enforce least priviledge - and if there are multiple
    > users it would be a good move. But it wouldn't make either the client
    > (actually, we agree - the server), OR the OS more robust and resistant to
    > overflows, smashes, zero-day Trojans, and other zero-day exploits.


    In such a scenario only a local privilege escalation would be the real
    threat, and this is no different with a breakout from a VM. Actually one
    should be pretty careful because most VM hypervisors run as kernel mode
    drivers.

    > IMHO, it just makes sense these days to put everything that is WAN-exposed
    > into a hardened jail/VM


    Running with restricted privileges with some precautions simply is such
    a jail.
     
    Sebastian Gottschalk, Jun 15, 2006
    #9
  10. Zilbandy

    Zilbandy Guest

    On Thu, 15 Jun 2006 09:01:02 +0200, Sebastian Gottschalk
    <> wrote:

    >>> Not using mIRC. It's bug history is a big mess of a lot insanely dumb
    >>> critical security vulnerabilities.

    >>
    >> Ok. Any suggestions?

    >
    >HydraIRC, smIRC, Chatzilla, ... there are so many good IRC clients that
    >are not f***ek up.


    Ok, I've dumped mIRC and will try HydraIRC. Thanks. :)
    --
    Zilbandy - Tucson, Arizona USA <>
    Dead Suburban's Home Page: http://zilbandy.com/suburb/
    PGP Public Key: http://zilbandy.com/pgpkey.htm
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
    Zilbandy, Jun 15, 2006
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Christoph
    Replies:
    1
    Views:
    1,258
    :: brian ::
    Aug 17, 2003
  2. Network Guru

    Re: Mirc Humor

    Network Guru, Apr 1, 2004, in forum: MCSE
    Replies:
    5
    Views:
    558
  3. Nutter

    mIRC help Please

    Nutter, Sep 29, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    538
  4. James Langley

    MIRC Emergency

    James Langley, Nov 13, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    601
    [ Doc Jeff ]
    Nov 14, 2003
  5. James Langley

    Emergency MIRC

    James Langley, Nov 13, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    531
    anthonyberet
    Nov 14, 2003
Loading...

Share This Page