lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Sep 2009 23:43:13 -0700
From: Steven Anders <anderstev@...il.com>
To: Michael Fritscher <michael@...tscher.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Dumb question: Is Windows box behind a router
	safe ?

Michael, thank you for the explanation. And thank you everyone for the
thoughts. Appreciate it. My apologies if I get on the nerves of people with
my dumb question :-) .

Now after further reading, I am now educated of how bad software use holes
in apps like browser and the plugins to do bad stuff on the user's computer.
Especially with the fraudsters getting better in SEO-ing their websites and
malwares to the top of Google Search pages. I think I myself encountered so
many of such sites for "long-tail" search query.
1. Upon further Googling, I also read about Web Attacker and Mpack - which
pretty much allows everyone with basic programming knowledge, to host their
own exploits in their own web site. Does anyone have any insights on this ?
I think this may have been used by the fraudsters to commit credit card
frauds (with passing AVS checks, CVV2, and IP addresses) - the reason I feel
so is that some of the email address associated with the order are tied to
domain registrations for a bunch of scrappy websites with loaded iFrames.

2.  For the Windows box, I plan to:
    - ensure the Automatic Updates is ON for that PC :)
    - install a firewall (ZoneAlarm free version)
    - install an anti virus (AVG free version)
    - install Secunia Personal Software Inspector (PSI).
    - install NoScript firefox add-on

   Having recently run Secunia PSI in both Simple and then Advanced Mode, on
a relatively-well maintained Windows machine, it found 11 software that
needs to be patched  (Java, Adobe Reader, Flash player, etc) which leads me
to wonder..
Assuming the Windows system is all patched up with all the updates, and the
software updates (Browser, Flash, Java JRE, Adobe Reader, etc) - and the
user accidentally came across some novel exploits by browsing some website,
and then the PC got infected;  will the personal firewall like Zone Alarm be
good enough to catch that "evilbotnet.exe is trying to access 55.11.22.34 "
and prevent further damage? Or what are the potential scenarios that could
happen, depending on the sophistication of the malware?
3. A colleague told me of a program for Windows called "Sandboxie" that
could isolate application - http://www.sandboxie.com/  - Will this ensure
the security for specific use case of web browsing ?

Thank you all in advance.
steve



On Tue, Sep 22, 2009 at 11:42 AM, Michael Fritscher
<michael@...tscher.net>wrote:

> Hi Steve,
>
> I hope you haven't caused a storm with aggressive mails here^^
> This maillinglist is more about now detected holes in soft- and hardware...
>
> First, you certainly mean not a normal router (which is on most cases 100%
> transparent in both directions), but a NAT-router.
>
> What the NAT blocks (in most cases) are incomings connections - But
> expecially since XP SP2 this is a very seldom used way to attack
> computers.
> Nowadays, most bad software use holes in apps - browser, office, flash and
> so on which use outgoing connections - which are NOT blocked by a
> NAT-router.
> So, yes, a bot connectiong to a botnet could be installed if Firefox or a
> plugin like Flash, Java, Quicktime and so on has a hole and you browse on
> a "bad" site.
>
> Btw, please read about NAT, routing, current bad software etc in the
> internet - this will help you understanding the concerns.
>
> Sincerly,
> Michael
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists