Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dismissing Security Paranoia


  • Please log in to reply
4 replies to this topic

#1 Ragnar Devonin

Ragnar Devonin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 30 May 2011 - 06:35 PM

Hi everyone,

I just wanted to ask: short of formatting and re-installing, is there a way to be relatively rest assured a computer is clean?

On a computer that has never had any infection (unless you count false positives :) ), has no problem getting updates for anything, is not running slowly, is not crashing, is not getting popups, or otherwise having any problems...

And when your AV, MABM, and SAS tell you in normal/safe mode, you're clean.

Is it a safe bet that you are indeed clean so you can tell that constantly nagging super paranoia to just bugger off?

Any tips for keeping that paranoia away?

Also: Are there any security programs being recommended currently aside from SAS/MABM/Firefox w/NoScript? If it requires too much technical knowledge it may be beyond me to use, though.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 31 May 2011 - 05:51 AM

There is a method, but it requires a lot of work and is not 100% reliable.

The idea is that you determine the origin of every executable (i.e. the organization/person that produced the executable) and then decide if you trust each origin. You could, for example, decide that each executable produced by Microsoft is benign (i.e. not malicious). You would also need to ascertain that each executable produced by Microsoft as not been tampered with.

One way to do this is to check digital signatures (AuthentiCode) of executables. AuthentiCode uses PKI signatures to 1) identify the origin and 2) detect modifications to the executable. Sysinternals has a tool to automate this: sigcheck.

But this is a theoretical approach, there are some practical issues that prevent this method from being foolproof.

First issue is that not all executables are signed (not only scripts, but also binary executables).
Second issue is that you have to decide for each origin if you trust it or not. It might be easy to decide to trust Microsoft (which you implicitly do because you use Windows), but it might be less obvious for other origins. Because malware authors have been known to buy code signing certificates to sign their malware. And there is the example of Stuxnet: a component of the Stuxsnet malware was signed with a certificate that was stolen from a Taiwanese company (Realtek). So it was signed with the Realtek certificate because of a compromised key, but did not originate from Realtek.

Edited by Didier Stevens, 31 May 2011 - 05:51 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Ragnar Devonin

Ragnar Devonin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:07 AM

Posted 31 May 2011 - 08:11 PM

You're right in that does sound like a lot of work... and not practical for me. I guess this means I better get myself a Vista disc sometime soon.

As a side, the computer in the OP - is it reasonable to assume its clean? I have checked every part of it I can and nothing points out an infection. I am thinking any belief is a product of paranoia.

Thank you for the response though. If nothing else I can keep it in mind if I ever have a file raise my suspicions.

#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:03:07 AM

Posted 31 May 2011 - 10:26 PM

It's actually not as much work to do that as you think. just gather information, look up stuff that confuses you, and then understand. That's what I do, but at the same time, I think that the more technical things are, the more informative they are. My opinion, and it's nothing against anyone here, is that no longer can we get away with not understanding computers, and no longer can anyone get away with not venturing into the technical world.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:07 AM

Posted 01 June 2011 - 03:06 AM

As a side, the computer in the OP - is it reasonable to assume its clean? I have checked every part of it I can and nothing points out an infection. I am thinking any belief is a product of paranoia.


Who uses this computer? Are you the only user? And would you describe your surfing habits as safe?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users