Discussion in 'Computer Security' started by Albert, Sep 17, 2009.

  1. Albert

    as;dl Guest

    Sorry, forgot to munge to the handle I originally had used for the
    posts. (I'm using it this time.)
    as;dl, Sep 20, 2009
    1. Advertisements

  2. Albert

    Albert Guest

    I am an example, am I not?
    Couple years back all I did was install AVG Free and TweakXP to get
    rid of processes I didn't need, switch to Mozilla and then said I was
    You are correct in saying that I have no power in my real life - I am
    16 years old.
    Because I wanted to get _an_ insight into how security freaks secure
    computers from scratch.
    Even if the relative clause in the above sentence can be proven true
    with a watertight argument, there's nothing wrong with its effects.
    _Some_ of the questions I've asked could have been avoided had I
    thought about it for another half hour and I may have written false
    statements in earlier posts, but I haven't done anything wrong.

    I have wanted to learn about securing a computer from the ground-up.
    Albert, Sep 20, 2009
    1. Advertisements

  3. Albert

    as;dl Guest

    Don't answer this shit-for-brains troll. His "I am 16 years old"
    (sic) is just more troll bait.

    (If you wish to speak of things such as a 'relative clause', I'd first
    tell you to learn how to spell. It's 16-year-old, not 16 years old.)

    Bye-bye. (Others may wish to continue with you, but I won't.)
    as;dl, Sep 20, 2009
  4. Albert

    Albert Guest

    Alright - I have two goals:
    1. to have no personal information stolen
    2. to make sure my machine doesn't spread malware to other machines

    I'll have the latest Firefox. PC Tools Internet Security will be
    updated ASAP.
    Any files I wish to personally edit are on an external USB stick ie
    none will be on the hard drive.

    No backup software whatsover - if PC Tools Internet Security does not
    fix any software / OS issues, I'll reformat my hard drive and
    reinstall necessary OS's.

    Will my plan bring success to my goals?
    Albert, Sep 20, 2009
  5. Albert

    1PW Guest

    PCTools? Now It's plain. You're not for real.
    What do you think?
    1PW, Sep 20, 2009
  6. Albert

    Albert Guest

    I think so until notified otherwise. The fulfills 3 of the 4 points
    mentioned in nemo_outis' basic kit (2nd post in this discussion). I
    doubt I'll get a NAT router this Christmas, though.
    Albert, Sep 20, 2009
  7. Albert

    1PW Guest

    Your plan is flawed. You were told.
    1PW, Sep 20, 2009
  8. Albert

    Todd H. Guest

    Who knows how many 0 days it has. It hasn't had a great track record
    the past year.
    PC Tools eh?
    Doesn't matter to malware.
    I'm afraid no product will prevent you entirely from getting malware.
    Antivirus is not terribly hard for custom malware to avoid.

    All you can do is take steps to minimize risk. Web surfing is best
    done in a throw away virtual machine (using vmware, vmware player or
    the like) that gets refreshed at regular intervals back to a known
    clean state. This presents a pretty significant barrier to the
    infection of your host operating system and storage media from the
    threats you're concerned about. If they infect the virtual machine,
    it's blown away and refreshed regularly, and you're in better shape.
    Todd H., Sep 21, 2009
  9. Albert

    Todd H. Guest

    Assuming there's not a kernel mode rootkit involved, Microsoft
    SysInternals tcpview program (free from Microsoft if you can believe
    it) will tell ya.
    Todd H., Sep 21, 2009
  10. Albert

    Albert Guest

    So if they infect the virtual machine which was in a "clean state" a
    few seconds ago, but the virtual machine has no access to hardware
    (except for the mouse and keyboard on the host), then malware is
    restricted to the virtual machine, right? All that's left is to detect
    this malware before I allow the guest access to hardware that stores
    data, right?
    Albert, Sep 21, 2009
  11. Albert

    Todd H. Guest

    Yup. This is how malware analysts take apart malicious or potentially
    malicious code (though malware can detect when its being run in a
    virtual machine and do something different, and there are hardware
    virtualization techniques that are more transparent).
    No need to both with detection. Assume it's infected to high heaven.
    Just roll back the VM to a clean state ever 30 minutes or so.
    Todd H., Sep 21, 2009
  12. Albert

    Albert Guest

    What do people mean when they describe something as 'transparent' in
    this context? I'm not sure what the last phrase means...
    Albert, Sep 21, 2009
  13. From: "Albert" <>

    | What do people mean when they describe something as 'transparent' in
    | this context? I'm not sure what the last phrase means...

    You can see right through their malcious nature and actions bypassing obfuscation
    David H. Lipman, Sep 21, 2009
  14. Albert

    Todd H. Guest

    i.e. there are far fewer clues inside the virtual machine to let a
    program be able to detect that it's inside a virtual machine.

    I'm thinking of Dinaburg and Royal's Xen-based Ether hardware
    Todd H., Sep 22, 2009
  15. before 370 was announced (or even built) there was project at the
    science center to simulate the 370 architecture (in cp67) (which was
    somewhat different than the 360 architecture, some new instructions,
    virtual memory hardware tables had different format, etc).

    the problem was that the science center cp67 time-sharing service also
    had numerous (non-employee) users (students and others) from various
    educational institutions (harvard, mit, bu, etc) in the boston/cambridge
    area. as a result, there was lots of security concerns that the effort
    would leak (confidential) information about unannounced products.

    so the decision was made that the modifications (for 370 virtual
    machines) were made to version of cp67 system that ran in a 360/67
    virtual machine (kept isolated from what the non-employees had access

    then a different cp67 was modified to run on 370 machine (using the new
    instructions and building the 370 virtual memory tables ... rather than
    the 360 virtual memory tables). the result was:

    360/67 hardware
    -> cp/67 running on real 360/67 providing 360 virtual machines
    -> cp/67 running in 360 virtual machine providing 370 virtual machines
    -> cp/67 running in 370 virtual machine providing 370 virtual machine
    -> cms running in 370 virtual machine

    all of this was operational and in regular use a year before there was
    engineering 370s with virtual memory hardware support (circa 1970)
    .... and while non-employees also had online access to the same,
    underlying (unmodified) cp67 virtual machine system (running on the real
    360/67 hardware).

    "real" virtual machine implementations are recursive.

    there was an incident where information about 370 virtual memory was
    leaked ... but it didn't involve the above effort. an internal
    confidential document was copied and made it into the hands of somebody
    from the press. there was an investigation attempting to identify who
    leaked the information. one of the results were that all the corporate
    copying machines were modified so that they left (unique) identifiable
    mark on paper copies (indicating which machine made the copy).
    Anne & Lynn Wheeler, Sep 27, 2009
  16. Albert

    Albert Guest

    1. Can a computer get malware if all it does is get AV and SAS updates?
    2. When I installed SAS Pro I accidentally selected the option for
    allowing just the admin to run it; how do I enable it for all users?
    Albert, Oct 12, 2009
  17. Albert

    1PW Guest

    If talking hypothetically and any computer in general, and not knowing
    any other details, of course the answer will be an unqualified yes.
    Preserve your SAS' personal upgrade licensing information. Then
    uninstall & reinstall.
    1PW, Oct 12, 2009
  18. Albert

    Todd H. Guest

    Certainly. But how likely? That depends.

    How is the machine physically secured? Who can, say, get at its USB
    ports? CD drive? Console? What OS is it? What else is on the LAN
    with that computer? What else can initiate any sort of network
    connection to the computer? What services are running on the
    computer? Have they been kept up to date? Do they have unpatched
    vulnerabilities? How is it known that the computer only does those 2
    things? Do administrators ever do anything else with the machine?
    [cheerfully deferred]

    Best Regards,
    Todd H., Oct 12, 2009
  19. Albert

    Albert Guest

    What do you mean by "physically secured"?
    Only me.
    To be Windows 7.
    Nothing else.
    An AV, SAS and probably Sun VirtualBox.
    Because I said so.
    Albert, Oct 14, 2009
  20. Albert

    Todd H. Guest

    Your original post didn't mention if we were talking about a server in
    a rack, or under a desk, in an office, in a private residence, etc.
    Physical security = who can put their hands on the box. Because if
    someone can touch the box, they can own it.
    Then that cuts out a lot of worries about attacks from people with
    physical access to the box.
    If it's the only machine on the lan, and that lan is firewalled off
    from the Internet, and only getting SAS and AV updates, then indeed
    your attack surface is very very small. You can then basically cross
    network based attacks off the worry list. And as you dont' have a
    user running internet based apps like web browsers chat clients or
    peer to peer stuff on it, that cuts out all client-side attacks from
    the worry list as well. About all you'd have to worry about is the
    security of DNS to the SAS and AV update servers to avoid any arcane
    man in the middle rougue update attack that might possibly be
    envisioned, but I'd say those odds are quite small.
    Sounds like if this is to be Windows 7 and you don't have the OS and
    machine together yet, that you don't know exactly what services are
    really running on the computer, just what things you plan to put on
    the box. So, please, don't be an snide asshole when people are trying
    to help you for free.

    Technically, "Because I said so" doesn't tell you the same things a
    port scan, list of running services pasted into a posting, or network
    vulnerability tool would in terms of what you think you know about
    what services are being offered by this machine (such as SMBv2 and its
    (unpatched by vendor?) vulnerability. Then again we just had a patch
    Tuesday so maybe they fixed that big ah-shit with smbv2. At any rate,
    the services that are listing turns out to be a moot point since
    you're in the very unusual situation of this one box being all alone
    on the LAN, therefore the threats to its listening services from other
    devices aren't really anything to worry about.

    In summary: Your proposed setup seems poised to be a pretty tough
    target, if the assumptions you've put forward all turn out accurate.

    But I suspect that if this is a single machine in your home(?) all
    alone on the LAN, you might be doing some web surfing from it? If so,
    then that'd probably be the primary vector for getting infected.

    Best Regards,
    Todd H., Oct 14, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.