Redefining "Default Deny"

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Redefining "Default Deny"

Post by p2u on 11/1/2011, 14:56

I would like to open a discussion about what "Default Deny" actually is. Some security providers make it their trade mark, claiming they are the One and Only, claiming they have actually invented this approach, although they offer only half-baked versions of this security approach that has its roots in firewalls for *nix systems. What these security providers actually do is try to implement "Default Deny" on a "Default Permit" system, introducing the "Trusted Computing" principle. The assumption is that either you trust, or you don't trust; nothing in between. If you trust something, you should allow it to do virtually anything, and if you don't trust it, you should either remove it, block it or run it in a sandbox to contain it. A practical problem is that you *can't* sandbox the whole system. So here we go: What does "Default Deny" mean to you? How do you implement it?

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 11/1/2011, 23:11

"Default Deny": "Everything, not explicitly permitted, is forbidden".

For my own setup, this is most clearly applied with LUA + SRP - in general, all execution is forbidden unless it is white-listed ("explicitly permitted"). However, given I am also effectively the "Administrator" (and know the "password"), this doesn't really apply haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 11/1/2011, 23:59

ssj100 wrote:"Default Deny": "Everything, not explicitly permitted, is forbidden".

For my own setup, this is most clearly applied with LUA + SRP - in general, all execution is forbidden unless it is white-listed ("explicitly permitted"). However, given I am also effectively the "Administrator" (and know the "password"), this doesn't really apply haha.
So, if I understand you correctly, you apply the idea of "Default Deny" only for third-party executables and only in the sense of execution as such?

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 12/1/2011, 09:04

Well, I suppose I just gave an example of how I apply the term "Default Deny".

As you know, my own security setup/approach relies heavily on sandboxing malware "threat-gates". In this way, I have more confidence when I eg. purposefully surf "high risk" sites or open unknown USB drives. In this context, I may want all pop-ups, flash content etc to be displayed. It's nice to know that after emptying the sandbox, all will be as it was before.

Furthermore, many of these malware "threat-gates" are not allowed to connect to the internet (via Sandboxie's configuration), so I suppose that's another way of applying "Default Deny" in my setup/approach. For example, when I open a newly introduced file, it opens/runs in a sandbox which is unable to connect to the internet. Sandboxie is really much more than a...sandbox.

Also, I guess I also use NoScript with my default web browser - therefore, only white-listed scripts are allowed to run. I suppose this is "Default Deny" too.

I'm sure there are many other attack vectors (both known and unknown) that I haven't covered/remembered, but that's the beauty of the "sandboxing" mechanism and using a relatively unknown/unused third party security program - for every new Privilege Escalation, Remote Code Execution, Buffer Overflow etc exploit, I am fairly certain of containment and subsequent easy disposal of "frozen malware". And at the same time, I (and even others) can enjoy the full benefits of my computer and the internet without apparent restrictions.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 12/1/2011, 09:24

ssj100 wrote:I'm sure there are many other attack vectors (both known and unknown)
You can say that again. I just did a search with Free Commander (it shows me more than the system itself does). Although I have cleaned out my Vista Home Basic SP2 system really rigidly, there is still all this "Trusted" stuff to "protect" the system from:

WINDOWS folder: exactly 72,434 files. Of those:
3735 .exe
17272 .dll
2637 .sys
87 .drv

SYSTEM folder:
0 .exe
11 .dll
0 .sys
10 .drv

System32 folder:
899 .exe
4778 .dll
1096 .sys
18 .drv

Program Files folder: exactly 14066 files. Of those:
256 .exe
2617 .dll
27 .sys
0 .drv

Under standard SRP rules, this is all allowed to run. That's a mind-blowing amount of crap to run my laptop just to surf the Internet, don't you think?

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 12/1/2011, 09:35

That's definitely a lot of crap "just to surf the Internet" haha. So how do/would you personally go about "protecting" yourself from all this?

For me, I view things perhaps a little differently. A clean system needs some form of new code to be introduced in the first place in order to get infected. This is why I treat "newly introduced files" the way I do (eg. I browse/view and open these new files sandboxed with no internet access), and also why I sandbox malware "threat-gates" (eg. web browsers and USB drives).

However, if the user (mistakenly) installs something genuinely malicious, that becomes a different story all together.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 12/1/2011, 13:31

Just checked memory at startup: 26 processes and 213 modules running in memory...
ssj100 wrote:So how do/would you personally go about "protecting" yourself from all this?
You sit like a bean counter, doing inventory and asking yourself: Does my system need that to do what's OK for me? If not, you take the necessary measures to disable it. This involves first of all disabling a lot through the interface Vista provides. I don't like anything twinkling and flashing without purpose, so I set everything to Classic View (Win2000 look). Disabling services (of the 124 services my Vista came with, only 20 are running; even "Themes" went out of the window[s]). Altough you can't disable the Task Scheduler, you can disable a lot of the many tasks (even many hidden!) Vista launches. Disabling devices through the Device Manager. Modifying registry keys, taking care of the 60 or so startup locations (blocking write access), etc. Some of it requires activiating the in-built Admin because the system just won't let you, taking ownership (by default a lot is owned by the rather spyware-esque "TrustedInstaller"). Some of it requires renaming files, removing protocols (I removed "mailto" from the system, for example - regedit; do a search for "mailto" and delete everything you find) and so on, and so on...

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 12/1/2011, 13:36

p2u wrote:I don't like anything twinkling and flashing without purpose, so I set everything to Classic View (Win2000 look).
Haha, that's probably one of the first things I do whenever I install Windows XP or Windows 7. I too can't stand anything "twinkling or flashing". The classic Windows 2000 look is the best, in my opinion. Unfortunately with Windows 7, you can't quite get the Start menu to look as slim and slick as the Windows 2000 one (unless you install/apply a third party program!) - very bizarre move by Microsoft.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 12/1/2011, 13:58

ssj100 wrote:very bizarre move by Microsoft.
It is all so against-the-user, you just can't imagine. Yes, you are a limited user, so you may think you're safe, but behind your back MS is doing its stuff. Some part is collecting user statistics, like determining how many users use the Start menu, etc. (Don't you dare use that face- and fingerprint control login in Windows 8! Very Happy) Some other part is for forensics (yes, yes, you heard that right; we are all potential criminals until proven innocent in a court of law). You think you use a system tweaker with system rights. Haha... Think again. The damned TrustedInstaller returns a "success" code, but 1 minute later it sets it all back. That's if you leave everything as it is... I just feel like Charles Bronson in the "Death Wish" series, you know. Traps all over the place, waiting for the hackers to give them a cold shower... Very Happy

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 12/1/2011, 16:37

ssj100 wrote:The classic Windows 2000 look is the best, in my opinion. Unfortunately with Windows 7, you can't quite get the Start menu to look as slim and slick as the Windows 2000 one (unless you install/apply a third party program!) - very bizarre move by Microsoft.
Don't these instructions do anything for you? If not, then you should be on the lookout for something with "Theme" or "Personalization" or something; maybe in the Control Panel, maybe by right-clicking on your desktop, I don't know. If in doubt, ask a 5-year old in your neighborhood; those probably have the kind of "intuitivity" MS aimed at when they designed this [censored]. Set the theme to "Classic", reboot your computer and see if it holds. If it does, disable the "Themes" service and life is good again. In Windows 7, I saw that in the Control Panel you can get "Classic View" by clicking on the "View by drop-down" (somewhere to the right of the upper menu if I remember correctly) and selecting "small icons".
There are many improvements in security if you could put "Classic" on; doing this turns off the Navigation pane, the Preview pane, and the toolbar in all folders. In the Folder options you should also pick "Classic folders". In those same Folder Options, I added the parameter to show me all paths in the folder headers and to always show me a menu (also a new feature you can see in many "contemporary" programs: hiding menus from users so they won't ruin the wonderful "user experience" by setting something to their own taste). I also disabled thumbnails right from the start + instructed Windows not to show me any icons of the extension handlers on the file icon. As we can see from the still unpatched vulnerability here, I did that for a good reason. You can actually predict what's going to be the next "vulnerability"... Sad

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 12/1/2011, 23:22

From memory, you can get the Taskbar to appear very much like the "Classic View" of Windows 2000 and choosing "small icons" does help with this.

However, I'm pretty sure the actual Start Menu can never be configured to be as slim as the "Classic View" of Windows 2000:

The best you can get it (for Windows 7 anyway) is a somewhat "fatter" version. However, I suspect this won't impact security haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 12/1/2011, 23:41

ssj100 wrote:The best you can get it (for Windows 7 anyway) is a somewhat "fatter" version. However, I suspect this won't impact security haha.
With Vista I didn't even try to get the same old Start menu; that can't hurt you really (except for the search feature that can launch executables as admin [Ctrl-Shift-Enter], but in Classic View that's disabled anyway). It's the active stuff that goes through all the folders that may hurt you.
P.S.: My Start Menu (As you can see: everything removed, except for the Control Panel + access to my own programs). Search from there disabled; I search with Free Commander, which doesn't depend on indexing (disabled on my computer) to search fast:



Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 12/1/2011, 23:46

Gosh, what an ugly Start Menu. Almost a good enough reason to stick with XP haha!

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 01:00

ssj100 wrote:Gosh, what an ugly Start Menu. Almost a good enough reason to stick with XP haha!
That's not the default look. It's just me striving for minimalization with "surgical interference" (+ Themes service disabled). If you hover your mouse over those icons and over all those parameters on the right, something happens "automagically" (thumbnails changing all the time); I don't want any of that. Everything should be static and I want things to move only when I say so. Here is what the default Start Menu looks like in English (mostly programs and functions I personally don't use at all):



Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 06:46

Yes, I know. However, the second picture looks even uglier haha. I'm going to enjoy the slim Windows XP Start menu for as long as possible.

Of course, you can't blame Microsoft too much - they are out to please the "average" user (which is the majority). However, they really should ensure the more "advanced" user can still configure things to their liking. I really don't know why they've abolished the "slim" look (see my picture) of the Windows 2000 start menu. Anyway, as you've confirmed, this specific aspect (the width of the Start Menu etc) isn't really a security issue - just a cosmetic one.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 09:45

ssj100 wrote:they really should ensure the more "advanced" user can still configure things to their liking
One other thing I think we haven't discussed yet about Vista/Win7 is a very important place in the Control Panel: "Windows Features". For added security, it's very important to know how to turn some features off, because those features may turn out to be a lot stronger than your protection is (it's all "Trusted"). Here are 2 tutorials, one for Vista and one for Win7.
P.S.: After you've done this, there are still your programs left to configure before you can go online. This seems to be just a matter of taste, but that is a false impression. Although they may run in your sandbox, there are some aspects you'd have to know about because some risks just can't be undone by a sandbox or by a default-deny executable blocker. Besides, some programs (players, for example) won't ask you and use your Internet connection for the (not always so nice) purposes of their creators. We'll talk about those aspects a bit later. I'll also prepare some sniffer screenshots to show you that this is not mere paranoia; there's a lot going on "under the hood" which is also security-related...

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 12:05

I think the vast majority of users out there would only consider something "malicious" if eg. their bank account PIN got stolen or their hard-drive got maliciously wiped etc. I don't think many users would care if information such as what operating system, programs, fonts, Java version, Flash version, system time zone etc they are using are leaked out.

Perhaps we can compare it to something like whether we should cover our faces when we go out shopping - most people won't care about being recognised and being taped on camera (eg. security video cameras). Given this, I am quite surprised that some of these same people care more about being totally and comprehensively anonymous online!

Also just a few comments about sandboxing with Sandboxie. As we all know, new code needs to be introduced in order to get "infected". One general principle to ensure is that any newly introduced file should always be opened in a sandbox which doesn't allow ANY outgoing connections (easily configured with Sandboxie alone). Furthermore, any (forced) sandboxed application/folder that doesn't need to make outgoing connections should be configured with the same restriction. For example, if you download a video file, you should browse and execute this file in a sandbox which is unable to connect out - I've demonstrated the ease of opening such files with a sandboxed "explorer.exe" many times.

With sandboxed internet facing applications (that is, programs that do need to connect out), always ensure that sensitive areas of your computer (eg. a folder containing files with your PIN numbers etc) are unable to be accessed by anything running in the sandbox (again, easily configured with Sandboxie alone).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 12:21

ssj100 wrote:operating system, programs, fonts, Java version, Flash version, system time zone etc they are using are leaked out.
That's what's usually advertised as info leakage, but that's just a minor part of the story. Hackers *could* get a hint at what you have installed and attack the default settings of those features, that's all.

What I'm hinting at is:
1) Most programs give you a user ID
Most programs give your machine an ID
Most programs combine those two IDs when you download or buy something through their [media] shops or trigger their business schemes with this or that action.
Some (more than you might want) combine those IDs with your real name, your e-mail address and even your authorization credentials unprotected over the Internet. It's really not difficult for the average script kiddie to intercept those data. A little outdated, but here's Steve Gibson's story of his experience with RealPlayer:
http://www.grc.com/downloaders.htm (I really hope you'll read that till the very end of the page)
Not much has changed since then.
2) When I tested GeSWall, for example, it was very good at protecting files and folders already stored on my computer, but it did nothing, and I mean - nothing, to protect the browser's memory and I failed all PoC's that are out there.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 13:11

I suppose it's important to generally not use one's REAL details where possible (for example, I know many people who use "fake" e-mail accounts for various purposes), and also use different passwords for more private matters.

When it comes to making online transactions, it's all up to the user to decide on whether the risks out-weigh the benefits. Clearly, online transactions/banking has a huge convenience appeal to most people - for example, one doesn't need to leave his/her house, thus saving time and petrol etc. Most people probably see it as "making use of technology", while others see it as "a ticking time bomb".

I think the vast majority of people out there perform online transactions/banking with no real/significant consequences and have been doing so for years. And I think most of these people have absolutely no "Windows Hardening" tweaks applied to their system and/or have no decent security setup/approach.

I also reckon the vast majority of people who get their "ID" stolen and abused in the REAL world would not have prevented it with any windows hardening tweak etc. For example, no "tweak" can protect anyone from "social engineering" in general (except a "tweak" in the brain haha).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 13:31

ssj100 wrote:When it comes to making online transactions, it's all up to the user to decide on whether the risks out-weigh the benefits.
I don't think the average user can form an educated opinion (or guess even) about those risks. It may help to know that most giant providers are required by law to collect data on users and store them on their servers. How far this goes can be found easily online (so-called "spyguides" per "service" provider; the infamous "Global Criminal Compliance Handbook" is one example). For your convenience, one resource is here: http://cryptome.org/ For added security, open those pdf documents in your sandbox (just kidding). Makes you wonder how that info got there in the first place with all those super-secure environments the "Trusted Ones" keep creating...
Hackers are after these data. Advertisers are after these data. Hackers parasitize on advertiser's channels, and so on, and so on. Until you've been hit, you won't even realize this. My point: we are up to professionals and unless we learn to swim, nobody will keep us from drowning. Rethink "trust" and stay secure. This is not baby babble of someone who suffers from paranoia; it's a security stance, based on professional experience and lots of good reading. We want to avoid targeted attacks. Tweaking *all* of your applications for security and privacy helps. Blocking those who don't comply with your security policies in a firewall also helps. Smile

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 14:06

p2u wrote:I don't think the average user can form an educated opinion (or guess even) about those risks.
The average user also would not know how (or would not be bothered) to "tweak" or even read forums like this haha.

And by the way, for whatever it's worth (and for the record), I'm still not convinced I personally need a software firewall with outbound control haha. I think I'll be convinced when/if I get my identity stolen (and I'm not talking about stuff like which browser I use haha) despite my current setup/approach.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 14:27

ssj100 wrote:I'm still not convinced I personally need a software firewall with outbound control haha.
Well, in one sense you're right: whatever firewall vendors say to market their products: once you let something out, you no longer have control. Blocking something "Trusted" that may hurt you in an unexpected way BEFORE it gets out is another issue. That's mainly my approach, because I'm convinced that getting hit by a malicious executable is really the least of a client's concerns these days. Wink
P.S.: Security is basically 1) guesswork + 2) religion. Security experts have a hard time convincing clients who don't want to listen, but still want them to protect their interests. That's probably why you always see those disclaimers at the end of a user agreement; "if you get hacked, don't look at us"... +OK... Very Happy

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 14:35

Well, I'm sure you don't try to convince them of stuff like only viewing plain text when they surf the web haha.

p2u wrote:Blocking something "Trusted" that may hurt you in an unexpected way BEFORE it gets out is another issue.
I don't think that's how people get "infected" and require subsequent "help and support" these days. It always seems to be related to the poor handling of newly introduced files and also surfing "dodgy" sites and clicking on all pop-ups etc without using Sandboxie! Anyway, that's my own personal approach with other people, but they just "can't be bothered" to learn new things or change their ways. Happily, most of these people run "just an Antivirus and Windows Firewall", "no windows tweaks whatsoever", and "leave everything on default settings" and yet have never required "help and support" or have had their e-mail/bank accounts hijacked etc. Perhaps they are just lucky...

But realistically, I think programs like Sandboxie can really reduce the chances of significant infection for REAL users in the REAL world. Real-world users want to view (and interact with) most things on a web-site and very much enjoy doing so. With programs like Sandboxie, all this can be done with (relative) safety.

By the way, I just checked the Macro security level in my workplace - it's set to Medium! I'm almost tempted to test out Didier Stevens' POC haha.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by p2u on 13/1/2011, 15:16

ssj100 wrote:I think programs like Sandboxie can really reduce the chances of significant infection for REAL users in the REAL world.
I agree with you COMPLETELY that Sandboxie is one of the best solutions to protect your computer from malicious executables. Let there be no doubt about that, OK? Wink
But, please, don't start me on the REAL world; I live in Russia. Very Happy You can get your identity stolen with other means ("insiders" everywhere, who want to make an extra buck, cross-site scripting and general vulnerabilities on the servers of "service" providers, etc,). I think (haven't seen any hard statistics yet except for the marketing hype of both security vendors and the media) that malicious executables on people's client computers play an insignificant role in the process. Smile

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: Redefining "Default Deny"

Post by ssj100 on 13/1/2011, 15:25

p2u wrote:You can get your identity stolen with other means ("insiders" everywhere, who want to make an extra buck, cross-site scripting and general vulnerabilities on the servers of "service" providers, etc,). I think (haven't seen any hard statistics yet except for the marketing hype of both security vendors and the media) that malicious executables on people's client computers play an insignificant role in the process. Smile
Yes, with the specific malicious action of identity theft, I'm also not convinced that malicious executables play much of a role (despite all the security vendors' recent hype). However, I personally don't know many people who have had their "identity" stolen (in fact I only know of one, and I don't think it was related to the lack of "computer security"), but I know many many people who have had their systems hosed with adware and scareware.

I reckon "social engineering" is the most common method of performing identity theft or similar. In terms of the incidence of genuine sensitive information (not stuff like which web browser someone is using!) being leaked due to hijacked ISP servers, I really don't know. And it's probably not worth knowing because we all have to depend on and trust the security and integrity of our ISP's to some extent. Until this day, I'm really unsure about how much information my ISP can (potentially) access about my surfing habits etc. After all, nothing's stopping them from selling this information to the highest bidder haha.

By the way, on the subject of "insiders", is there any way to be safe from Hardware keyloggers from a software point of view?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Redefining "Default Deny"

Post by Sponsored content


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum