Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security suggestions, Post 4 of 7


  • Please log in to reply
20 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 20 July 2014 - 09:54 AM

Please read post 1 of 7 first. http://www.bleepingcomputer.com/forums/t/541637/security-suggestions-post-1-of-7/#entry3426328
Please read post 2 of 7 second. http://www.bleepingcomputer.com/forums/t/541638/security-suggestions-post-2-of-7/#entry3426331
Please read post 3 of 7 third. http://www.bleepingcomputer.com/forums/t/541639/security-suggestions-post-3-of-7/#entry3426335

============
This post - Programs, add-ons, etc that I use
============

Here, I'm going to recommend certain software that I rely on.  I have no doubt that there will be people that will disagree, and that's perfectly AOK.

Because the list is large, it can be accessed here (it is a text file):

https://onedrive.live.com/?cid=1DDB2AE62401E5C8&id=1DDB2AE62401E5C8!120

 

Have a Great Day!

:bananas: :bounce:


Edited by scotty_ncc1701, 20 July 2014 - 10:27 AM.


BC AdBot (Login to Remove)

 


#2 Union_Thug

Union_Thug

    Bleeps with the fishes...


  • Members
  • 2,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:is everything
  • Local time:11:39 PM

Posted 20 July 2014 - 10:39 AM

Nice list, and well structured. One question if I may... why would you not use Kaspersky? I've never used it (not even trial)... I'm very satisfied with Avast free without all the bells & whistles (app updater, browser cleaner, rep service etc.)  but have used TDSSKiller & their Rescue disk to disinfect a couple friends computers.



#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 20 July 2014 - 11:31 AM

Nice list, and well structured. One question if I may... why would you not use Kaspersky? I've never used it (not even trial)... I'm very satisfied with Avast free without all the bells & whistles (app updater, browser cleaner, rep service etc.)  but have used TDSSKiller & their Rescue disk to disinfect a couple friends computers.

 

I have a list of countries that I won't use programs from, and Kaspersky is from one of those countries.

Have a great day!
:bananas: :bounce:



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 23 July 2014 - 06:41 PM

I suggest you take a look at Sumatra PDF for viewing PDFs. Its attack surface is much smaller than any other viewer because it doesn't support JavaScript.

Edited by Didier Stevens, 23 July 2014 - 06:42 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 23 July 2014 - 06:59 PM

 
I have a list of countries that I won't use programs from, and Kaspersky is from one of those countries.
Have a great day!
:bananas: :bounce:

In that case, there's something you should know regarding TeamViewer.

The TeamViewer company operates a worldwide network of intermediary servers. They facilitate communications between 2 endpoints (the TeamViewer software), especially when these endpoints can't open ports on the Internet.

From my own, unpublished research (beginning 2013) I know that:
1) many of these servers are located in Russia and other countries like China, Ukraine, ..., which are probably also on your list
2) these servers are hosted at run-of-the-mill VPS companies
3) not all communication between endpoints and servers is (properly) encrypted.

A bit more info:
http://blog.didierstevens.com/2013/02/14/quickpost-teamviewer-and-proxies/

Edited by Didier Stevens, 23 July 2014 - 07:00 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 23 July 2014 - 07:11 PM

Can you ellaborate on your choice of ethernet access vs wifi for visitors?

Because I consider it safer for me and my systems to give them wifi wpa2 access than wired access.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 23 July 2014 - 11:34 PM

 

 
I have a list of countries that I won't use programs from, and Kaspersky is from one of those countries.
Have a great day!
:bananas: :bounce:

In that case, there's something you should know regarding TeamViewer.

The TeamViewer company operates a worldwide network of intermediary servers. They facilitate communications between 2 endpoints (the TeamViewer software), especially when these endpoints can't open ports on the Internet.

From my own, unpublished research (beginning 2013) I know that:
1) many of these servers are located in Russia and other countries like China, Ukraine, ..., which are probably also on your list
2) these servers are hosted at run-of-the-mill VPS companies
3) not all communication between endpoints and servers is (properly) encrypted.

A bit more info:
http://blog.didierstevens.com/2013/02/14/quickpost-teamviewer-and-proxies/

 

 

Could you expand on this more (even via PM), because this has peaked my interest.  I'm the type that likes to verify things, and presuming the statement is true, then Teamviewer will go away on my list.  I don't have it installed right now.  The whois says it's from Germany, but this is also important.

 

Have a great day!

:bananas: :bounce:



#8 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 24 July 2014 - 12:06 AM

Basically, it's just an extra step I take for physical security.  By using a cable, and denying them access when our computers are on line, the security of our computers are assured (remember they're behind the router/modem that has a basic firewall also).  Our computers have been virus/malware and hack free for 19 and 14 years (note 1).

So by denying them access, except when our computers are turned off, the safety of our computers are assured against them.  There is another situation I could discuss, but it is an extreme case, which doesn't need to be discussed.

There is another example, but I decided not to discuss it, because although still valid, it is an extreme case.

Have a great day!

:bananas: :bounce:



#9 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,999 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:11:39 PM

Posted 24 July 2014 - 12:58 AM

 

Nice list, and well structured. One question if I may... why would you not use Kaspersky? I've never used it (not even trial)... I'm very satisfied with Avast free without all the bells & whistles (app updater, browser cleaner, rep service etc.)  but have used TDSSKiller & their Rescue disk to disinfect a couple friends computers.

 

I have a list of countries that I won't use programs from, and Kaspersky is from one of those countries.

Have a great day!
:bananas: :bounce:

 

 

Wonder why Kaspersky doesn't mention their origin in their sales promos, anywhere on their boxed editions, nowhere? I had a copy of KIS that was given to me from Costco with the purchase of the Dell XPS 8700 in my specs (see my Speccy link in sig). 

 

The security software is rubbish. Couldn't update from 2013 to 2014 on two different computers & neither was a slouch. It was only after turning from their forum for support, I found out where they were from. Other brands, such as Avast, Emsisoft, Norton & others proudly states where they're developed. Why are they hiding their origin? Caused a decently equipped MSI FX603-064US with an i5 480M CPU to run very poor, the same on a Toshiba A665-S6086 with a 370M CPU. 

 

Both notebooks were running Windows 7 Pro SP1 & both has 8GB (2 x4GB) DDR3 1333MHz (10700) RAM of the GSkill brand. And no other security solution has slowed either computer like KIS 2013. Regardless of where it came from, it's no good. Though some has stated it's good for mail servers. Don't have one, so can't vouch for it. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#10 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:01:39 PM

Posted 24 July 2014 - 03:45 AM

Wonder why Kaspersky doesn't mention their origin in their sales promos, anywhere on their boxed editions, nowhere?

The security software is rubbish. Couldn't update from 2013 to 2014 on two different computers & neither was a slouch.

When I had Windows I used Kaspersky Pure and Loved it, Never had an issue with it. And isn't it common knowledge Kasper is Russian?


Edited by NickAu1, 24 July 2014 - 03:47 AM.


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:04:39 AM

Posted 24 July 2014 - 04:11 AM

It's on Wikipedia clear and plain, so no I don't think it's a matter of hiding where they are from. It's more a matter of Kaspersky being multinational now (they have offices all over the world), rather than just appealing to a certain country's market. If you really wanted to know where they were from, you could search it in Google and it will tell you pretty clearly. You can do this with most of the big security companies and google will tell you.

 

IMO, you shouldn't judge software by where it's from, judge it by how good it works for you and how secure the program is. All countries have servers which distribute malware, and the US is actually the country which has the most C&C servers by a large amount it's been found (http://threatpost.com/malware-cc-servers-found-in-184-countries and http://www.trendmicro.com/us/security-intelligence/current-threat-activity/malicious-top-ten/ - they are a year old, but unlikely to have changed much those lists).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 24 July 2014 - 05:51 AM

Basically, it's just an extra step I take for physical security.  By using a cable, and denying them access when our computers are on line, the security of our computers are assured (remember they're behind the router/modem that has a basic firewall also).  Our computers have been virus/malware and hack free for 19 and 14 years (note 1).
So by denying them access, except when our computers are turned off, the safety of our computers are assured against them.  There is another situation I could discuss, but it is an extreme case, which doesn't need to be discussed.
There is another example, but I decided not to discuss it, because although still valid, it is an extreme case.
Have a great day!
:bananas: :bounce:


In that case, the ultimate step you can take in isolating your machines, is to disable wake-on-lan. Unless your machines and visitor machines are on a different subnet.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:39 AM

Posted 24 July 2014 - 06:01 AM

I have a list of countries that I won't use programs from, and Kaspersky is from one of those countries.
Have a great day!
:bananas: :bounce:

In that case, there's something you should know regarding TeamViewer.
The TeamViewer company operates a worldwide network of intermediary servers. They facilitate communications between 2 endpoints (the TeamViewer software), especially when these endpoints can't open ports on the Internet.
From my own, unpublished research (beginning 2013) I know that:
1) many of these servers are located in Russia and other countries like China, Ukraine, ..., which are probably also on your list
2) these servers are hosted at run-of-the-mill VPS companies
3) not all communication between endpoints and servers is (properly) encrypted.
A bit more info:http://blog.didierstevens.com/2013/02/14/quickpost-teamviewer-and-proxies/
 
Could you expand on this more (even via PM), because this has peaked my interest.  I'm the type that likes to verify things, and presuming the statement is true, then Teamviewer will go away on my list.  I don't have it installed right now.  The whois says it's from Germany, but this is also important.
 

Have a great day!
:bananas: :bounce:
When I analyzed the TeamViewer protocol early 2013, TeamViewer clients would first connect to pingX.teamviewer.com (X is a digit, 3 was used at that time).
Then it would make a connection to masterYY.teamviewer.com (YY is a number, between 1 and 20).
And finally, it would connect to serverZZZ.teamviewer.com ((ZZZ is a number that can go into the ten thousands).

It is these serverZZZ servers that are located all over the world.

You can verify this in a couple of ways.

You can use Wireshark, start a capture and then launch TeamViewer and see were it connects.
Or you can start TeamViewer and then look through your DNS cache for teamviewer.com hosts.

Lookup the IP address for your assigned serverZZZ.teamviewer.com server, and then geo-locate it.

I enumerated the serverZZZ.teamviewer.com hosts early 2013, and some of them were in countries like the Ukraine.

Edited by Didier Stevens, 24 July 2014 - 06:02 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 24 July 2014 - 07:23 AM

It's on Wikipedia clear and plain, so no I don't think it's a matter of hiding where they are from. It's more a matter of Kaspersky being multinational now (they have offices all over the world), rather than just appealing to a certain country's market. If you really wanted to know where they were from, you could search it in Google and it will tell you pretty clearly. You can do this with most of the big security companies and google will tell you.

 

IMO, you shouldn't judge software by where it's from, judge it by how good it works for you and how secure the program is. All countries have servers which distribute malware, and the US is actually the country which has the most C&C servers by a large amount it's been found (http://threatpost.com/malware-cc-servers-found-in-184-countries and http://www.trendmicro.com/us/security-intelligence/current-threat-activity/malicious-top-ten/ - they are a year old, but unlikely to have changed much those lists).

 

xXToffeeXx~

 

xXToffeeXx~

Absolutely no disrespect is intended in this reply, but you indicated, "It's on Wikipedia clear and plain..."

I'm not trying to open a bag of worms here, but like I've said on another site, Wikipedia can't be trusted, it's that plain and simple.

When a USA Presidential hopeful during the last USA Presidential campaign messed up about Paul Revere, her followers went in and altered the entry for Paul Revere, although what they changed it to is historically wrong.  I then showed by a video, that anyone can create an account, then immediately make changes to entries.

After the debacle above, Wikipedia did lock down some entries, but most entries can still be changed.  This is proven by the statements in their tutorial area that states:

1.  "Wikipedia is a collaboratively edited encyclopedia to which you can contribute".
2.  "With the exception of a few protected pages, every page has an "Edit " tab which lets you edit the page you are looking at. This feature allows you to make corrections and add facts to articles".

I've looked up sites on Wikipedia before, and the entries said that it was from country "X", when in fact it was country "Y".  This is because people that made the entries were too lazy to research things.  Most likely they used programs like Flagfox (a firefox extension), that displays the server location.  But if they would do a WHOIS, they would have seen the pwner as in another country.  It's like recently a site I was looking at:

1.  The site said they were in FL.
2.  The phone was in NY.
3.  The WHOIS proved the owner was in RU.
4.  The server was in another location.

Wikipedia might be OK to start with, but research, research, research is needed.  People shouldn't rely on just one site, especially when the site is proven to be unrealiable (people can edit the pages, with no proof of their background and knowledge on the subject matter).  The problem is that a lot of people take Wikipedia as the be all that ends all as an authority, when anyone can edit most pages, and you don't know who really edited it.

As for me using the list of "bad countries":

1.  Most of the countries, when I tried to downloaded program, my antivirus program flagged with being infected and blocked them.

2.  Most of the countries, the site was flagged by programs like Malwarebytes as known bad, when going to them.

3.  The remaining countries are a precautionary method.

My "bad countries" list is a personal security issue, just like not allowing visitors on our home network when our computers are up and online.  Both of these things work for me, and its going to stay that way.  My system hasn't been infected or hacked in about 19 years, any my wife's since 2000, when we got back together, so my methods work.

As for your comment of "...and the US is actually the country which has the most C&C servers by a large amount it's been found", keep this in mind.  Like the example I gave above, you'll have people, companies, etc that will get hosting in the USA, and because of that, the stats for the USA will be unfairly inflated, as being the "bad country".

Please remember, that if I think I want to get program "X", "Y", or "Z", I always do a WHOIS, and if the owner is in one of the countries on my list, then I don't use the program, even if the server is USA based.  If I can't determine the owner's location, then I presume that they are on the list.  I don't rely just on a WHOIS, I also use sites like BUSINESSWEEK to help verify the informaton on sites, when they appear to be in one of the countries on my list.

Like I said above, "My system hasn't been infected or hacked in about 19 years, any my wife's since 2000, when we got back together; so my methods work".

Have a great day!
:bananas: :bounce:
 



#15 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 24 July 2014 - 07:29 AM

 

Basically, it's just an extra step I take for physical security.  By using a cable, and denying them access when our computers are on line, the security of our computers are assured (remember they're behind the router/modem that has a basic firewall also).  Our computers have been virus/malware and hack free for 19 and 14 years (note 1).
So by denying them access, except when our computers are turned off, the safety of our computers are assured against them.  There is another situation I could discuss, but it is an extreme case, which doesn't need to be discussed.
There is another example, but I decided not to discuss it, because although still valid, it is an extreme case.
Have a great day!
:bananas: :bounce:


In that case, the ultimate step you can take in isolating your machines, is to disable wake-on-lan. Unless your machines and visitor machines are on a different subnet.

 

 

I was in the USAF for 20 years, and during the entire time, after basic and tech school, I worked high security areas.  As a result, I became hyper vigilant on security.  Add to that, the companies I've worked for, and contract(ed) to since I retired from the USAF are also picky on security.  So if "A", "B", or "C" is the accepted security, I do "X", "Y", or "Z", as extra measures, which have proven effective.

Have a great day!
:bananas: :bounce:
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users