Discussion on:
View:
Show:
Secunia Personal Software Inspector (PSI) is my go-to app for software and OS updates. I still run Windows Update and subscribe to several security related newsletters to stay up-to-date but Secunia usually has my back. Check it out. Might make another good article!
I've visited some businesses (coffee shops, for instance) that I've visited who use OpenDNS for their DNS. While checking out their networks, I have observed that at times the service actually prevents me from securely connecting to some websites by intercepting the HTTPS traffic and essentially attempting a man in the middle attack on my session. The result is that certs do not agree with domains or with previously cached certs. This is not a problem if, as I generally prefer to do (apart from when I just want to see how their Internet service works or forget to start my SSH proxy), you use some kind of encrypted proxy to protect your traffic from local snooping, but much like the problem with most users not knowing about VMs, LiveCDs, and sanboxing applications, most people have no idea how to set up an SSH proxy, too.
In short, I would not consider availing myself of the services of OpenDNS to be an effective security measure. Quite the opposite: I find the MITM-like operation of OpenDNS quite troubling from a privacy/security perspective.
You mention "WOT". What web of trust, exactly, do you mean? Do you refer to using OpenPGP encryption for email privacy? Do you use MonkeySphere for HTTPS certificate validation (definitely a better idea than just trusting the CAs configured by default with most browser installs)? Do you refer to some other use of the web of trust model of public key or certificate authentication?
In short, I would not consider availing myself of the services of OpenDNS to be an effective security measure. Quite the opposite: I find the MITM-like operation of OpenDNS quite troubling from a privacy/security perspective.
You mention "WOT". What web of trust, exactly, do you mean? Do you refer to using OpenPGP encryption for email privacy? Do you use MonkeySphere for HTTPS certificate validation (definitely a better idea than just trusting the CAs configured by default with most browser installs)? Do you refer to some other use of the web of trust model of public key or certificate authentication?
I've read quite a few articles talking about this issue but I don't know.. I always feel safer with my antivirus (Unthreat Antivirus) working even if it's doesn't block every possible threat as you say.
The cost of AV financially and in computer resources is nominal if there is a chance it might prevent the stealing of anything you value.
I'm not much of a techie person so I can't really vouch as to whether this is true or not, but I always feel safer with my antivirus (Unthreat Antivirus) scanning my computer as it does seem to do a good job of finding threat and so on.
we are close to getting rid of AV. I don't and won't - but increasingly in honeypot tests. The limited rights account and Internet Explorer 9 have kept around 85% of all attacks off my honeypot in the first place. I have to blow through a lot of UAC, DEP, or ASLR protections before I can let my AV/AM solution have a go at it. Lately junk email accounts bypass this with malware riddled spam, but as Chad said, if your email client or webmail is worth anything, they will block most of that too. I always assume the user knows not to click on fake alerts or fall for other social engineering; so for the sake of argument - I'm ignoring that factor - especially since no OS or security can withstand stupid.
I keep finding new ways to improve the built in Microsoft features, and add new ones to make this defense work even better. I recently discovered invoking Parental Controls to applications, creates a whitelist of applications on a clean PC, and alerts to any new ones butting in on the limited account session. Also EMET 3.0 is another mitigation tool that can help prevent applications that may not be modern or properly hardened to modern operating environments. This can go a long way to help block zero day exploits on java and flash vulnerabilities.
As long as you run as a limited user and use these tools and any new ones showing up, and were a careful about where you go on the internet - I could ALMOST say you might get away without any anti-virus. It might be more practical to use a product based on the same technology as steady state to put your system back to normal on each reboot - however what about session riders? Well you really could take care of a lot of them by running CCleaner regularly - but that will not totally seal you against malware dangers. After all you can't be running the file cleaner function every time a page loads, and if you are banking, you run the risk of getting pwned. No Script is usually partially disabled on trusted sites, and, anymore, now, there is no such thing a totally trusted site - maybe not even some banks!
Like Michael posted earlier, keeping the applications and operating system up do date would be a mandate for running like this. So for newbies, running File Hippo or Secunia PSI could avert some disasters. This still does not protect against session riding or other dangers in the browser during SSL sessions; but short of installing Rapport on the PC, you can always ditch Windows and use a Puppy Linux LiveCD and pretty much breath a sigh of relief. There goes the last reason to have AV on the machine at all.
Even if you get hammered doing things this way, it only takes a short while to restore an image from backup, and continue on your merry way - providing no hardware was compromised in the mean time -
I keep finding new ways to improve the built in Microsoft features, and add new ones to make this defense work even better. I recently discovered invoking Parental Controls to applications, creates a whitelist of applications on a clean PC, and alerts to any new ones butting in on the limited account session. Also EMET 3.0 is another mitigation tool that can help prevent applications that may not be modern or properly hardened to modern operating environments. This can go a long way to help block zero day exploits on java and flash vulnerabilities.
As long as you run as a limited user and use these tools and any new ones showing up, and were a careful about where you go on the internet - I could ALMOST say you might get away without any anti-virus. It might be more practical to use a product based on the same technology as steady state to put your system back to normal on each reboot - however what about session riders? Well you really could take care of a lot of them by running CCleaner regularly - but that will not totally seal you against malware dangers. After all you can't be running the file cleaner function every time a page loads, and if you are banking, you run the risk of getting pwned. No Script is usually partially disabled on trusted sites, and, anymore, now, there is no such thing a totally trusted site - maybe not even some banks!
Like Michael posted earlier, keeping the applications and operating system up do date would be a mandate for running like this. So for newbies, running File Hippo or Secunia PSI could avert some disasters. This still does not protect against session riding or other dangers in the browser during SSL sessions; but short of installing Rapport on the PC, you can always ditch Windows and use a Puppy Linux LiveCD and pretty much breath a sigh of relief. There goes the last reason to have AV on the machine at all.
Even if you get hammered doing things this way, it only takes a short while to restore an image from backup, and continue on your merry way - providing no hardware was compromised in the mean time -
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
