|
Welcome to the "Your Operating System has Poor Operational Security" thread. This is a guide written by those who have a clue about computer security for those who may not. However, we don't want to sugar coat things here and you must bear in mind that there are certain realities to the problems you face. Rule of thumb to consider in this thread: you are your own worst adversary. Chances are that a mistake of yours is going to lead to a problem on your computer. Keep this in mind at all times. Another thing: have backups and keep them up to date. This isn't going to be covered in the thread in terms of what is best, but ensure your backups are safe and are accessible in the event of a problem. Please do ask questions in here regardless of what you think the response may be--any good questions may just get added to the OP in this thread. If you want to offer help, please do but bear in mind at the same time that you may be called out on any bad advice. This guide is not perfect and will be changed and added to as time goes on. If you wish to contribute, respond what you want to add and I'll see about adding.  Let me open up by telling you that anti-virus is by far a dead technology and should never be your only line of defence against protecting you from malware. Back in the days of bulletin boards and floppy disks, anti-virus worked because it was able to keep up with emerging threats as the sophistication of spreading was limited to so few vectors. However, as time had passed and new attack vectors formed, anti-virus began to lag behind--regardless of what the industry tells you.  All anti-virus products at their core operate the same and how they all update is as well. Anti-virus typically relies on signatures to know what is potentially malicious from what is not. However, this is its biggest flaw as those signatures can easily be thwarted by malware creators. As such, a determined attacker can easily create 2,000 different copies (in a single day no less) of the same malicious software and that may require the anti-virus vendor to create multiple signatures in order to successfully thwart it. The vendors know this and last year, Symantec admitted that at best they detect up to 45% of threats although there are suggestions that catching any new threats is at best 5% successful. This is all on the backs of the AV industry's claims of having 'superb' features like suspicious behaviour detection and math-based anti-malware techniques--none of this really has made a dent in stemming the tide. Don't let sites and organisations like AV-Test, Gartner, and whoever suggest that vendor X has the advantage over others. Their methodology either relies on being paid to be put in some "magic quadrant" (Gartner) which allows CIOs et al to just rubber stamp their choices or testing "real world" situations that otherwise are far from such. What you need to consider besides common sense (most infections are the fault of users) is that there are other solutions besides anti-virus. These include simple things like network settings, popup and ad blockers, and keeping your system and browsers up to date. I hope that this explanation lets you know of the problem this section has in terms of protecting your computer using anti-virus software alone, but let's move on. No particular anti-virus engine is going to be recommended here but there will be links to what is available. Which anti-virus product should I use? Keeping in mind what was said before, there are plenty of options both paid and free that will allow you to get an anti-virus product installed on your machine. Here's a tip: are you a student or work at a large company? There is a good chance that your company's or school's AV licence will permit end-users to have a 'home-use' version installed for home. They may require some configuration locally (such as an updating source provided by the licence holder) and usually there is no direct support. If you know who the vendor is then it may be best to consult their knowledgebase or whoever is in charge of running it. The advantage of using a larger company for anti-virus software is that you have access to definitions that are sourced from a wider surface area. Most anti-virus vendors primarily rely on a combination of honeypots and customer submissions which means that there's a good chance the bigger guys have better coverage. If you're not looking to purchase anti-virus software, there are plenty of free options that will allow you to have some coverage on your machine. It is recommended that you stick with Microsoft for your anti-virus as it is built-in with recent versions of Windows. Don't spend money on anti-virus if you can help it; it is not worth any amount of money. Does anti-virus cause performance issues? All anti-virus products are equal but some more are more equal than others. It really boils down to two factors: how the engine is coded and what settings are configured. The settings part is easy to deal with: you need to know what you plan to do with your machine. If you play games, then set your anti-virus scanner to only scan on read. If this is a file server, then set the scanner to scan on write. For general purpose it doesn't hurt to set it to scan on read and write. You can also set up your scanner to scan on rename too, but it is likely worthless. Avoid whitelisting wherever you can. There have been cases where malware were able to read the configurations of anti-virus suites and then just left itself in whatever directory. I have an infection that anti-virus didn't catch. What can I do? Remember what was said earlier: 95% of all infections is user fault; this is an opportunity to learn here. Firstly, unplug the computer from the network. This is so just in case the machine is not under your control that any remote access is cut off. Secondly, you'll want to evaluate what action you'll want to take. If you believe that the infection is something minor like fake anti-virus or something that is creating popups, perhaps you should just do an offline scan of the machine. However, if the machine is severely infected where you are not sure what is going on, are you going to continue to trust that machine with details like your online banking, e-mails, and perhaps your SA forum account? If no, consider a wipe and restore here. If you do choose to do a scan, keep in mind that the scan may not necessarily remove the infection and thus you may need to consider my closing point in the last paragraph. The best advice is to do a completely offline scan. One option is from Sophos, as they provide a bootable solution that dynamically creates an ISO containing the most up-to-date definitions. The ISO created tends to support most environments but if you're in a situation where you have a RAID setup or some other atypical hardware configuration, the disc may not be for you. If you need to do an offline scan with the OS active, consider something like Stinger (McAfee) or Malwarebytes. But again, your machine is now compromised and unless you know what the state was of the machine before the infection occurred (not before you were aware of it), you cannot put any trust into it after attempting remediation. Enough about anti-virus, what is this network stuff you mentioned earlier? This is the one thing you can do without much work and is practically OS agnostic: change your DNS from what your ISP offers to something else. This is a really simple and usually free way to have protection from websites that may be otherwise malicious. The most popular service is OpenDNS, but there are also services from Norton and Comodo. Keep in mind that this may introduce ads if you have DNS failures and that you could have issues with CDNs, but it does the trick. What can I do to protect myself from exploits? Nothing is sure-fire for protecting yourself from exploits. Going back to anti-virus vendors, they'll claim that they'll detect suspicious behaviour and have some level of exploit mitigation, but overall they fail. If you're using Windows, you may want to consider the Enhanced Mitigation Experience Toolkit (EMET). It's tasked with blocking or at least mitigating common software exploits. It can be used to protect older software that predates EMET as well, but it's again not sure-fire. It's worth having on your system and any performance impact would be minor at best. What about using popup and ad blockers? Install uBlock Origin or uBlock, both of which do the same thing. The latter has Safari support. Lain Iwakura fucked around with this message at 20:02 on Mar 7, 2017 |
#
¿
Jun 2, 2015 07:10
|
|
|
|
| # ¿ May 2, 2024 13:28 |
|
|
 Full disk encryption (FDE) is really the best anti-theft mechanism you can get for your machine. It won't necessarily prevent your device from being stolen or from an attacker reading your data while you're using your computer, but it will make it a pain in the rear end if not nigh-impossible to read anything if the drive is removed or read from an alternate boot source. Most operating systems that have been released in the past few years have it built in natively, which means that you likely don't have to shop around. As of this writing, the following is an incomplete list of mainstream operating systems that have built-in FDE:
Where's Truecrypt on this list? It should be noted that TrueCrypt is no longer in development, as the nameless developer left a parting message that the software is likely insecure and shouldn't be used. Said developer yanked all of their code from the website and left a tool to decrypt any volumes--the source code was also removed from the website although people had mirrored previous releases and as a result we now have forks. An audit of the source code had begun before the developer discontinued development and while flaws were found, there was no evidence of wrongdoing such as backdoors nor were these problems unfixable. Having said that, there have been two notable bugs since the audit that were missed because the audit itself focused on the cryptography and not other aspects of the application. Using TrueCrypt (or its forks, CipherShed and VeraCrypt for example) in light of the original developer's statement and the bugs found since the audit cannot be recommended. There is no support for Windows 8 or later with TrueCrypt either. OS X and Windows are closed source and thus cannot have their cryptography audited. What about that? If this is your concern, then why are you even using these two operating systems? There are more attack vectors than the FDE and backdoors can be inserted elsewhere if this is what you're concerned about. Should the above not satisfy you, then consider using Linux with dm-crypt and then run whatever in VirtualBox. Should that suggestion not be of help, then this thread is not for you. What about single/multiple file encryption? Use 7-Zip. The reason for this suggestion is that it works great if you're just trying to send files to other individuals as it uses AES to encrypt the files and you can also encrypt the filenames within to ensure no leakage of metadata--provided you use the 7z format. Because of its simplicity, you can send files to someone who's not very adept at using a computer and all you have to do is get them to install 7-Zip and then let them know of the password. It should be noted that its cryptography has yet to be audited but for the time-being it works. More to come...  Firewalls more often than not work like this:  If you're interested in knowing what process is connecting outbound, there is LitttleSnitch for OS X ($40 USD, sometimes cheaper as I got my copy for $23) or you could try Netlimiter for Windows--I do not endorse either application but LittleSnitch has been useful for testing things. However, these applications assume that you know what you're looking to permit and do not actually do much more than give you a confirm/deny for where a process is connecting. Other than that, an endpoint software firewall is more often than not useless. They're much easier to disable locally than anti-virus in some ways and really just provide a blinky icon in your system tray. At least for Windows' built-in firewall, configure it so it denies all inbound traffic regardless of what network you are on and only enable inbound ports if absolutely necessary. However, you more likely than not have a firewall in front of your network connection. Here are some things you should consider:
I'll add some more later on... Lain Iwakura fucked around with this message at 04:33 on Aug 11, 2016 |
|
#
¿
Jun 2, 2015 07:11
|
|
needs, set BitTorrent to use a static port and do not do anything else.
|
 There are a couple of solutions for password management, all of which can be done without spending any money. There are two products I can personally vouch for:
1Password is available for Windows, Mac, iOS, and Android--no version for Linux exists but there are tools to decrypt the password file--it has been noted that the application works fine under Wine. It also costs $50 USD for a single platform or $70 for a Windows/Mac licence. Keep in mind that if you have an older copy of 1Password, you'll want to ensure that you are using the most recent file format as there are substantial security issues with the older format. KeePass (professional version to be exact) is available for a bunch of platforms, with the general release being written in .NET/Mono. If you're using OS X, it is suggested that you use MacPass, which is native to OS X. In both cases, you can safely synchronise the file using a variety of services including OneDrive, Dropbox, and other cloud-hosting services. In KeePass' case, I can tell you that it will know when you write to the file elsewhere, allowing it to synchronise at your request--MacPass does not do this as of this writing. It is not suggested to use LastPass as there have been constant problems with them keeping internal security at bay and a vulnerability in the past that resulted in exposure of passwords. 
Lain Iwakura fucked around with this message at 19:36 on Nov 4, 2015 |
|
#
¿
Jun 2, 2015 07:11
|
|
|
Crack posted:OK I have a few opinions. First of all, please don't use chrome because gently caress google. Same goes for google search (you can use an anonymising service like startpage or disconnect) gmail, google docs, google analytics (can you even still block this?). At the least delete emails not "archive" them, if you think you might wish to view it later download via a secure protocol to an email client, and backup. Noscript is great! This stuff will be addressed in the OP(s) so don't worry. I just needed to get the AV part out of the way since there's a lot of misinformation floating about.
|
|
#
¿
Jun 2, 2015 18:37
|
|
hat, and I think information security is equally or even more important for many people than pure focus of viruses etc)
|
Mo_Steel posted:Using a password manager is good advice. Any recommendations? I've been using KeePass for ages, but seeing as I am not a security expert I'd be welcome to suggestions for alternatives. Keepass is the one I do recommend. The one catch is that the application is written using .NET so when you run it under Linux or Mac OS X, there's all sorts of headaches that come with it. At least on the Mac there is MacPass which makes use of the native Cocoa libraries.
|
|
#
¿
Jun 5, 2015 23:19
|
|
|
Star War Sex Parrot posted:Could you elaborate on this? What's bad about uBlock and/or better about uBlock Origin? I never understood the fork, but both are being actively developed right now. I am going to change this once I have a few minutes to change the post and add a few extra things, but to be honest there is no difference except one has a Safari port.
|
|
#
¿
Jun 12, 2015 06:26
|
|
|
Just use Keepass. I cleaned up the post a bit and will add another section later this week. I'll also include links to actual products this time around.
|
|
#
¿
Jun 16, 2015 06:09
|
|
|
Erwin posted:Out of curiosity, why not Google DNS? Obviously I'm giving Google statistics on what domain names I'm resolving, but let's say I don't care? https://developers.google.com/speed/public-dns/docs/intro quote:Google Public DNS is a recursive DNS resolver, similar to other publicly available services. We think it provides many benefits, including improved security, fast performance, and more valid results. See below for an overview of the technical enhancements we've implemented.
|
|
#
¿
Jun 23, 2015 15:44
|
|
|
gay picnic defence posted:Might be a silly question but what is the best way to get rid of persistent malware/adware? Here's the thing that is covered in the OP: if you cannot get rid of it through normal means do you think that you'll be able to get rid of it at all? Does this problem persist across multiple sessions? Does it happen in incognito mode? What happens if you change your Google account?
|
|
#
¿
Jul 6, 2015 06:17
|
|
|
gay picnic defence posted:Well thanks for mentioning the incognito mode, I went to try it and the option wasn't there when I right clicked the Chrome icon. I though that was a bit odd so I reinstalled Chrome and the home page is what it was supposed to be again. I guess the icon was corrupted or something, if so its a bit annoying that multiple scans with malware detectors couldn't find it. You shouldn't trust your computer FYI.
|
|
#
¿
Jul 6, 2015 15:27
|
|
|
WattsvilleBlues posted:Is there any virus that formatting and reinstalling Windows doesn't get rid of? https://blog.kaspersky.com/equation-hdd-malware/ There are reasons why I poo poo all over anti-virus and malware re-mediation steps in the OP. One being the link I just posted and the other being that I used to work for an AV vendor.
|
|
#
¿
Jul 6, 2015 21:27
|
|
|
WattsvilleBlues posted:Jesus, that's frightening. The vast majority of the time I can expect a format to take care of things though, right? People I know tend to ask me to sort their computers out when they muck them up, my default action is to format their machines. Yes. In general, most reformatting and destroying of bootsectors (this part is important) will weed out a large chunk of malware you'll encounter. It does not mean that it's 100% effective but it should be sufficient in most cases.
|
|
#
¿
Jul 6, 2015 21:34
|
|
|
Relin posted:Anyone have experience with this (Is this legit?) https://www.reddit.com/r/TronScript/ It doesn't seem popular. I'm having a minor freakout about malware bundled with sourceforge programs (that I just found out about) and want to make sure as best I can. No matter what tool you use (CCleaner or whatever that thing is), you're never going to know for certain what was left behind so as a result it doesn't really matter how effective it is. What got installed on your system?
|
|
#
¿
Jul 9, 2015 07:04
|
|
|
Relin posted:I don't think anything, honestly. This is the level of awareness I'm at. AFAIK I have only used the legit download links (not the trick ones), plus I use noscript+ ABP (with a uni mcafee sub), but the row between GIMP and sourceforge was bothering me. I do suggest asking questions after reading the OP as you should be able to come to a conclusion on what to do. If something is missing I'll edit it.
|
|
#
¿
Jul 9, 2015 07:18
|
|
|
ArgaWarga posted:Odd question: I bought a ThinkPad T450s and decided what the hell, I'll spring for the fingerprint scanner. Are there any password managers that will use it, or is it strictly Lenovo proprietary? Just curious, great thread, really useful information. Fingerprint readers are garbage and shouldn't be used with managing passwords--and they don't work very well so don't bother. If you're paranoid about your passwords, use this: http://keepass.info/help/kb/yubikey.html The key is $25 each. If that doesn't work, make sure to just use a strong passphrase that is strictly for that KeePass file (or whatever password manager you use) and nowhere else. Do not use LastPass.
|
|
#
¿
Jul 29, 2015 04:49
|
|
|
Teaches of Peaches posted:I genuinely can't wait to see the op completed. I recently got a new hard drive an did a fresh I install of windows and made sure I had everything up to standard but it looks like some of my knowledge was out of date. So I replaced a few things I used previously with the new suggestions. OP update is still in the works. Blame work, DEFCON, and my personal project. I can easily answer questions however. I do have some help from others on the OP too. To be honest, let your password manager generate the passwords. A while back I was using my own tool to generate the passwords in the event I ever have to manually type them in, but it's getting less and less common for me to have to do so. I recommend using KeePass as a solution followed by 1Password should it not meet your requirements. KeePass is multi-platform, free, and it's pretty easy to synchronise the file using any file sharing service (Dropbox, Box, OwnCloud, whatever). The Android and iOS versions of the application work great and I have never had issues with the file getting corrupted, et cetera. I use KeePass across Windows, OS X, Linux, and Android with no problems--although on OS X I do recommend MacPass as it is a native application and doesn't rely on Mono. LastPass is complete garbage and the reason for that is that it is entirely cloud-dependent with some exception and the developers cannot seem to get its poo poo straight. KeePass does have some limitations as its browser integration is flakey, but I do suggest using it over LastPass as if you can keep the file secure, then you know you're okay. Keeping the file secure really primarily consists of not having a lovely password for the file to begin with (don't reuse it and make sure it cannot be generated easily) as a primary and then keeping the file away from others as as secondary. 1Password gets a mention as it is as good as KeePass except that it does cost money.
|
|
#
¿
Jul 29, 2015 05:30
|
|
|
froward posted:Thank you for taking the time to do this; it's rare that people have free time AND post on forums AND aren't shitheads. bless & double bless, friend. Not a problem.  ThermoPhysical posted:A friend of mine uses the Panda antivirus which is some kind of cloud-based thing. Anyone know anything about it? Read the OP on anti-virus before you ask this question again.
|
|
#
¿
Jul 30, 2015 15:40
|
|
|
ThermoPhysical posted:Yes, I read it twice before asking and it says nothing about cloud-based AVs or if they're even worth anything. Basically it starts out how antivirus programs are outdated and not worth buying and then some settings for traditional AVs that arent cloud-based. Please tell me how cloud-based anti-virus is different from traditional anti-virus.
|
|
#
¿
Jul 30, 2015 17:28
|
|
|
doctorfrog posted:I guess it's better for this HP Stream I have (with a 16GB drive). You've absolutely managed to avoid answering my question. That isn't any different from traditional AV other than it uses ~*~  the cloud ~*~.
|
|
#
¿
Jul 30, 2015 17:58
|
|
|
Carthoris posted:Can you elaborate on the reasoning for this? Any theoretical vulnerabilities with LastPass? Assuming you have a strong pass-phrase that isn't used anywhere else and use TFA what is wrong with LastPass that local password management like KeePass solves? Constant incompetence: https://blog.lastpass.com/2015/06/lastpass-security-notice.html/ quote:We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised. http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/ quote:The most serious of the defects was uncovered in LastPass, a manager that had at least one million users as of 2011. A bug in a "bookmarklet" feature used to automatically enter passwords into websites made it possible for malicious code planted on one site to steal credentials for other sites. An attacker might exploit the vulnerability by compromising a site a user was using LastPass to access. As soon as the user clicked on the bookmarklet, the attacker could surreptitiously steal plaintext passwords belonging to other sites that were also secured by LastPass. https://blog.lastpass.com/2011/05/lastpass-security-notification.html/ quote:We noticed an issue yesterday and wanted to alert you to it. As a precaution, we’re also forcing you to change your master password. It isn't so much that the application itself could be compromised but the LastPass guys are reckless with their own internal security--two breaches in five years and one vulnerability are the ones I can recall right this moment. There are theoretical attacks on the service but none have yet to surface. I cannot at all recommend their service.
|
|
#
¿
Aug 11, 2015 03:27
|
|
|
Crankit posted:Any advice for momputing? I've got a mom with a 'puter and she's not good at internet, what do I do that makes her less likely to get malwares. To be honest, in your situation, just install any AV and hope that she never gets the machine compromised. For people who are computer-illiterate, I've been recommending that people just simply get tablets (iPads if you can help it) or Chromebooks if you know that they'll be fine with that. If they've already bought a computer, then just protect it with AV and ensure that it automatically installs updates. Additionally, keep them away from any admin account and just offer to install applications for them.
|
|
#
¿
Aug 12, 2015 15:43
|
|
|
The Meat Dimension posted:Hello thread there's a dude who called my mother one time about her computer security and now he can remote into her computer. Wrote him out a personal check and sent it in the mail. Apparently he has some kind of "security" thing with Microsoft. This sounds sketch as gently caress right? That sounds sketchy as hell. Was this cheque written recently?
|
|
#
¿
Aug 19, 2015 02:57
|
|
|
Made an update to the OP regarding password managers.
|
|
#
¿
Sep 15, 2015 18:00
|
|
|
Geemer posted:Serious question: Why is everyone so convinced using a password manager is a good idea? To me it just seems like putting all your eggs in one basket. I think you answered your own question without realising it. Yes. Putting all of your passwords into a password manager can produce a risk, but having all of your accounts with the same password is a far greater risk than if you keep randomly generated passwords for each of them. The trick is to ensure that you don't make use of the password for your password manager anywhere else. There are other ways to protect your password file (specifically KeePass here) using things like keyfiles or YubiKey. If you use a poo poo password for your password manager then you're going to have a greater concern when you have a compromise of your password file.
|
|
#
¿
Sep 16, 2015 19:01
|
|
|
pr0zac posted:These aren't bad, and are comparable to other password managers, though in general they use less secure methods for storing the passwords. Like hooah alluded to, last I checked Chrome stored the passwords in plain text unless you're on OSX where it uses Keychain. Safari uses Keychain on OSX as well. Firefox uses a master password with 3DES which is a bit better as its not tied to the system password. IIRC Chrome doesn't use Keychain anymore due to the excuse that "Safari doesn't share its passwords so why should we use the Keychain?"
|
|
#
¿
Sep 16, 2015 20:54
|
|
|
John Lightning posted:
Thanks for reminding me to edit the OP about this.
|
|
#
¿
Oct 22, 2015 04:10
|
|
|
Wiggly Wayne DDS posted:Advice on that is just going to lead to people breaking their own systems, but it should be talked about of course. If someone wants to write something on this, please feel free and I'll consider adding it to the OP.
|
|
#
¿
Oct 22, 2015 17:34
|
|
|
Khablam posted:The easiest way of achieving this, is also the most secure. You can create a Truecrypt* volume within your dropbox and simply shove your files there. Dropbox chunks the container like any large file and just uploads the sections that have changed. You can also give yourself plausible deniability (hide the encryption) so that, if someone steals the USB / hacks dropbox and AES is broken in 5 years, they can't go back and open it up. Or at least, they'd have no reason to suspect they could.** TC uses a slightly more secure implementation of AES, and can also chain encryption methods with no appreciable performance issues, so a complete break in one algorithm won't break the encryption. I would never, ever recommend TrueCrypt in light of this statement from the developer themselves: quote:WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues Nowhere does it mention specifically that it is the crypto that is at fault, but it should be noted that while it did go under an audit after it was forked, it only focused on the cryptography, not the OS implementation of which I'd argue is just as important. It has come to light since the audit that there were severe vulnerabilities affecting both TrueCrypt and its forks. This isn't to say that these are the vulnerabilities that the original developer were warning about, but it should be enough to indicate that there are problems affecting more than the crypto. It is right to question 7-Zip's cryptography but truthfully it works for the time-being. Source code is available and I think it's a good point that an audit is needed. If you need full disk encryption, just use whatever your OS provides. Until there is evidence of BitLocker, FileVault, or dm-crypt having crypto flaws or outright backdoors, it's generally best to stick with them if at all an option. For file encryption, rely on 7-Zip for now as it will do the job. If you are looking for a way to backup data that is important, I'd suggest looking at Tarsnap.
|
|
#
¿
Nov 1, 2015 03:04
|
|
|
Updated the OP a bit to clean it up and also added some details on FDE.
|
|
#
¿
Nov 4, 2015 19:39
|
|
|
doctorfrog posted:This doesn't invalidate all concern about VeraCrypt perhaps inheriting any unknown TrueCrypt bugs, but the two issues you cite with TrueCrypt's FDE are marked as fixed (or at least addressed) in VeraCrypt 1.15: https://veracrypt.codeplex.com/wikipage?title=Release%20Notes While fixed it needs to be remembered that the developer killed the original project and left that ominous note.
|
|
#
¿
Nov 4, 2015 21:26
|
|
|
hackbunny posted:While we're at it: the kernel-mode part of anti-virus software is often poorly written, so that having AV actually makes your machine less secure. I can't remember any recent high-profile exploits in AVs, but at the very least there are several tricks to bypass their hooks, sometimes in ways that are impossible to fix (yes, AVs are fundamentally broken, especially those of the behavioral/heuristic kind). Yes, I can elaborate (not from personal experience, but I know a couple of things about kernel-mode Windows) Just look for anything that Tavis Ormandy has written on anti-virus software and you'll find a treasure trove of stuff.
|
|
#
¿
Nov 8, 2015 01:24
|
|
|
sneakymango posted:Thanks for all the info, I'm paranoid now and going to take a bunch of this advice. So you have a couple of options but in the case of a machine where downloading the password file to the machine is not an option, sending the file to your mobile device is definitely one way you can go about doing it. You'll need a copy of KeePass on any machine that you want to read the password database itself. KeePass themselves provide links to portable versions however.
|
|
#
¿
Nov 15, 2015 18:54
|
|
|
Segmentation Fault posted:Hey OSI Bean Dip, I faintly remember you writing a post about how you used to work in an anti-virus firm and how anti-virus is just trash. Do you know where I could find that? If you never wrote this, could you write it? My boss refuses to accept that anti-virus is dead and hearing from an expert might change his opinion. Was it this post? OSI bean dip posted:Traditionally, anti-virus works through a few ways: I should add that almost all endpoint software is really garbage as they tend to just be different shades of poo poo. Lain Iwakura fucked around with this message at 19:31 on Nov 27, 2015 |
|
#
¿
Nov 27, 2015 19:28
|
|
|
Segmentation Fault posted:Thanks! I felt like you wrote a post that specifically mentioned your time working at an AV firm but I couldn't find it. Oh well, in any case that's going to help out big time. I might have but this is the only post that comes to mind.
|
|
#
¿
Nov 27, 2015 23:13
|
|
|
John Lightning posted:Anyone else get a Malware warning from Windows 10 when trying to install the latest version of Keepass v2.31? The website says to ignore it and Malwarebytes didn't get any hits when scanning it so I assume Windows is just being dumb or something right now. What specifics can you provide with regards to the identity et cetera?
|
|
#
¿
Jan 11, 2016 03:18
|
|
|
Melian Dialogue posted:For those travelling on vacation, what are some very basic standard security stuff to go for? I don't mean super crazy encryption or ultra paranoid thwarting secret agents or anything like that, but more like to protect yourself against common theft or bad wifi when you're travelling? I've heard of some options like basic honeypot OS' installed so when your laptop is booted up by someone stealing it, it goes to a clean OS, and installing something like Prey to monitor. I know lots of people go all out paranoid by using a fully clean laptop but I don't have anything important, I just want to deter the most common stuff. I don't want to spend hours setting up my Windows 8 laptop to dual boot Linux or whatever. I know to avoid internet banking and to only use HTTPS for connections, but should I invest in a VPN as well? Anyways, some thoughts from the experts would be great. Always assume that if your laptop or phone gets stolen that it is lost forever and that having it encrypted is the safest thing to do to ensure that at worst you're out a grand or two. I really do suggest going down this road as it'll at least not make you worry about what was on there. As for safeguarding your Internet access, this one is a bit tricky as it depends on your skillset. Many people will automatically jump at suggesting a VPN service but I am always hesitant to do so. Are you travelling on business or is this personal? What's your computer skill level? Can you use SSH?
|
|
#
¿
Feb 5, 2016 23:19
|
|
|
Adix posted:I have OpenVPN to my home router for use on work/public WiFi. Any concerns there I should be thinking about? I actually meant a service that sells VPN access. Having one that exits out of your home or a VPS is a good idea because then you know your ingress and egress points will stay consistent. Melian Dialogue posted:Personal travel, and my computer skill level is alright, but I don't know what SSH is, so no I can't use it. All I'd really like is to prob encrypt my harddrive, and have some sort of honeypot OS that is booted up automatically that has none of my personal files on it. and have one of those tracking programs (like Prey) in case some idiot steals it and doesn't wipe everything. I'm at a house rental with wifi there, and will probably stick to that instead of internet cafes, but I want a good balance between best bang for your buck. What OS are you running?
|
|
#
¿
Feb 6, 2016 03:58
|
|
|
Melian Dialogue posted:Windows 8.1. I'd like to have it autoboot to a honeypot OS if its preconfigured upon shutdown/hibernate. When do you leave? Do you work downtown? I could just sit down with you over a coffee if you'd like and see what can be fleshed out. I assume you live in my neck of the woods.
|
|
#
¿
Feb 7, 2016 07:28
|
|
|
Melian Dialogue posted:I appreciate the help! But, I probably won't have time to sit down before the trip, and am going to try and fit in doing this on my own time. Can you give me a head start with some terms or stuff to google and learn about installing and configuring? To be honest, your suggestion of having an OS that you can boot into that is there for in case you have to show something on your workstation to a border guard or whatever may not be practical. It would be far simpler to just reinstall a fresh OS with nothing on it and then just access whatever is valuable via a remote session. At least then you will not have to be as concerned about your data being stolen and there will be nothing of value to extract from the machine. I don't travel with my main computer mainly because it's full of crap and instead I just keep a spare machine on hand for this very reason. Lain Iwakura fucked around with this message at 21:35 on Feb 9, 2016 |
|
#
¿
Feb 9, 2016 20:03
|
|
|
|
| # ¿ May 2, 2024 13:28 |
|
|
Personally I'd just rather travel light and not take anything beyond a smartphone unless it is completely necessary.
|
|
#
¿
Feb 9, 2016 21:36
|
|