Discussion on:
View:
Show:
What if Evilgrade takes over one of your app's auto-updater and it's one you let bypass NoScript?
everything is set to manual or disabled
I don't allow updates of anything automatically
Flash, Acrobat Reader, etc doesn't get any permissions to do anything update related
when it's time to update Flash
I remove it first, then get the offline installer to install the newer version
every other app I install, I disable the check for updates if it has the capability to check for updates
even the add-ons for Firefox are set to be checked manually
and only while on a trusted network (namely: home, or office, never on "public networks")
do I check
Firefox itself is also set to not look for updates automatically
windows update is set to DL & notify only
then I check the KB numbers first thing after I get the notification balloon
(and I get a little grumpy when I get the balloon for out of band updates, good thing those are rare though)
it looks like a lot of work but it really isn't
it's actually less work than letting everything go automatic, and having things
foisted upon me while in the middle of doing something else
it stinks to have a bunch of things open and be forced to close the browser or windows
or both etc.
especially the junk windows update pulls if the group policies aren't changed
to disable the install updates and shut down from the shutdown menu
no security model is perfect,
and I can see how maybe the "Possible exception(s)"
could catch someone off guard though
so we do our best,
and I have yet to get a system infected through my own web activities
have had many infected systems handed to me from DOS to win7
but never any of my own
one day it could happen, never say never
and in that case my tool of first choice would be last month's Backup Exec full system drive image
I don't allow updates of anything automatically
Flash, Acrobat Reader, etc doesn't get any permissions to do anything update related
when it's time to update Flash
I remove it first, then get the offline installer to install the newer version
every other app I install, I disable the check for updates if it has the capability to check for updates
even the add-ons for Firefox are set to be checked manually
and only while on a trusted network (namely: home, or office, never on "public networks")
do I check
Firefox itself is also set to not look for updates automatically
windows update is set to DL & notify only
then I check the KB numbers first thing after I get the notification balloon
(and I get a little grumpy when I get the balloon for out of band updates, good thing those are rare though)
it looks like a lot of work but it really isn't
it's actually less work than letting everything go automatic, and having things
foisted upon me while in the middle of doing something else
it stinks to have a bunch of things open and be forced to close the browser or windows
or both etc.
especially the junk windows update pulls if the group policies aren't changed
to disable the install updates and shut down from the shutdown menu
no security model is perfect,
and I can see how maybe the "Possible exception(s)"
could catch someone off guard though
so we do our best,
and I have yet to get a system infected through my own web activities
have had many infected systems handed to me from DOS to win7
but never any of my own
one day it could happen, never say never
and in that case my tool of first choice would be last month's Backup Exec full system drive image
You have raised some helpful points. You are obviously in a Windows environment (no complaints, just observation). Any experience with Linux (Fedora)? yum -update requires a lot of trust for installing updates, but the alternatives seem quite time consuming.
Unless using the application update is more efficient. With the exception of my browsers and my AV/AM, I don't let a lot update automatically either. However - this is a honey pot, so I can't find out how good my defenses are if I don't take a chance on those factors you relate. My clients won't do what you do, so I run the minefield in anticipation of what they will do.
So far, with extensive blended defenses, I've been pretty successful. Michael has been a big help with the solutions that run best even if in an infected environment. With the right tools, even the "stealth" attacks can be monitored.
In the case of No Script; I'm not sure if it can always tell if everything that downloads with a page is a script, especially with the new Zeus variants. I hope I'm wrong. Those files wait until a reboot or shutdown to inject into the startup folder so they can survive to the next session. They can be active during the session in man-in-the middle attempts, keylogging, screen capture, etc. I would think that would be detected as a script, but then I'm no expert on code. Of course running CCleaner can dump temp files so they have no ability to install, if that is the word to be used. I find CCleaner is way more thorough than using the system cleaner. Also, of course that won't help what is already running is session, that could manipulate files and do everything previously mention in the session.
Since running a task manager or a sysinternals type program, is not practical, I prefer pure behavioral heuristics to detect them. The free ones(some that are kernel based) are Comodo Firewall's Defense+, WinPatrol, or Threatfire. I haven't tested the PCTools product yet. I've tried Online Armor Premium, and Emisoft Anti-malware suite without success - it ripped the guts out of IE9 on my machine. However the paid solution of Emisoft's Mamutu is God's gift to computing as far as I'm concerned! Even the government and DRM spies can't get past it!!
The problem is, that you eventually have to allow some scripts to use a site, and no site is invulnerable to infection. So really you are back to square one.
Avast scans everything on the page to see if it is a dangerous script - everything else it allows. It has been 100% reliable so far, and amazingly it hasn't slowed down my site usability. Only once in a blue moon do I get an inactive page control, so I reload the page to activate it. I suspect this is because of momentary SQL injection, or other similar attack, which only loads a bad control every five or so page loads. These are the things that drive web-masters and managers crazy. This, from what I read about the problem, that is. It can be difficult to catch the culprits in the server data base operations.
So far, with extensive blended defenses, I've been pretty successful. Michael has been a big help with the solutions that run best even if in an infected environment. With the right tools, even the "stealth" attacks can be monitored.
In the case of No Script; I'm not sure if it can always tell if everything that downloads with a page is a script, especially with the new Zeus variants. I hope I'm wrong. Those files wait until a reboot or shutdown to inject into the startup folder so they can survive to the next session. They can be active during the session in man-in-the middle attempts, keylogging, screen capture, etc. I would think that would be detected as a script, but then I'm no expert on code. Of course running CCleaner can dump temp files so they have no ability to install, if that is the word to be used. I find CCleaner is way more thorough than using the system cleaner. Also, of course that won't help what is already running is session, that could manipulate files and do everything previously mention in the session.
Since running a task manager or a sysinternals type program, is not practical, I prefer pure behavioral heuristics to detect them. The free ones(some that are kernel based) are Comodo Firewall's Defense+, WinPatrol, or Threatfire. I haven't tested the PCTools product yet. I've tried Online Armor Premium, and Emisoft Anti-malware suite without success - it ripped the guts out of IE9 on my machine. However the paid solution of Emisoft's Mamutu is God's gift to computing as far as I'm concerned! Even the government and DRM spies can't get past it!!
The problem is, that you eventually have to allow some scripts to use a site, and no site is invulnerable to infection. So really you are back to square one.
Avast scans everything on the page to see if it is a dangerous script - everything else it allows. It has been 100% reliable so far, and amazingly it hasn't slowed down my site usability. Only once in a blue moon do I get an inactive page control, so I reload the page to activate it. I suspect this is because of momentary SQL injection, or other similar attack, which only loads a bad control every five or so page loads. These are the things that drive web-masters and managers crazy. This, from what I read about the problem, that is. It can be difficult to catch the culprits in the server data base operations.
"Those files wait until a reboot or shutdown to inject into the startup folder so they can survive to the next session"
on my systems, "Those files ..." would have to survive a browser close,
or a "clear recent history" in the current session
I set up Firefox to store absolutely nothing at close and/or clear recent history
thus I have no cookies, cache, LSO, DOM storage, DL history, site history, etc.
that can survive beyond the current session
which is why I asked previously if "Those files ..." were capable of being downloaded to anywhere outside of the standard cache locations.
on my systems, "Those files ..." would have to survive a browser close,
or a "clear recent history" in the current session
I set up Firefox to store absolutely nothing at close and/or clear recent history
thus I have no cookies, cache, LSO, DOM storage, DL history, site history, etc.
that can survive beyond the current session
which is why I asked previously if "Those files ..." were capable of being downloaded to anywhere outside of the standard cache locations.
Noticed on the list that one of the biggest culprits is Apple. I guess it adds to the notion that Apple products aren't so secure.
I use TeamViewer. It will tell you when there is an update [as far as I know the only way] with a message to the right of the Help menu.
I use TeamViewer. It will tell you when there is an update [as far as I know the only way] with a message to the right of the Help menu.
It seems odd that Skype is on the list since it became a Microsoft subsidiary late last year.
Which surprised me. I'm trying to find out what that's all about.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
