LUA effectiveness

View previous topic View next topic Go down

LUA effectiveness

Post by Rico on 25/1/2011, 05:09

How effective is LUA interms of stopping malware out there?
Since the windows directory is offlimits where could malware possibly survive?
Is there a way to tweak LUA to be more restrictive? My OS doesn't have SRP Crying or Very sad

Rico
Advanced Member
Advanced Member

Posts : 118
Join date : 2010-06-18

View user profile

Back to top Go down

Re: LUA effectiveness

Post by ssj100 on 25/1/2011, 08:12

Generally speaking, I think we are seeing more and more malware that can execute and successfully propagate in a Limited User Account. However, that's no excuse not to use one!

Anyway, I think p2u was going to write up a general guide on windows tweaking?

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: LUA effectiveness

Post by MrBrian on 25/1/2011, 08:29

LUA doesn't stop malware from running, but it can lessen the impact of malware that does run. It's best to pair LUA with anti-executable technology to prevent unwanted execution.

I wrote a tutorial on using CIS (v4.x, not v5.x) as an anti-executable - see http://www.wilderssecurity.com/showthread.php?t=279205. Another free option is to use the Parental Controls feature of the operating system, as explained in another topic at these forums.

MrBrian
Member
Member

Posts : 14
Join date : 2010-07-01

View user profile

Back to top Go down

Re: LUA effectiveness

Post by p2u on 25/1/2011, 10:58

ssj100 wrote:Anyway, I think p2u was going to write up a general guide on windows tweaking?
Unfortunately I'm just too busy right now. Maybe somewhere next week I'll be able to do something in that direction.

Assuming that the "enemy" is already inside (in the form of programs that are too trusted and therefore often attacked) and that you cannot rely on your security programs to protect you, some common rules to start with would be:
* deviate from the standard default settings (those are what malware writers count on).
* Untrust the "trusted" (meaning: restrict "good" programs). Disable or remove what you do not need. What isn't available can't be attacked.
* Block all startup locations users can set. This way, malware just can't stay alive; if it launched somehow, it will most likely die after the session.
* Install a good firewall that monitors outbound traffic and set the rules Default Deny: allow a minimum number of programs out with access to a minimum number of remote ports. This is good enough against keyloggers. Do not follow the security vendors' "trusted" - "untrusted", "signed - unsigned" groupings; by default, EVERYTHING is untrusted.
* Do not use any standard MS programs if you don't have to (that includes IE), and block network access for those specifically in your firewall.
* Disable as many services as you can (Black Viper can give you a hint in that direction). If in doubt - ask.
* Remember that NOBODY can force you to use what the system considers to be the default program for certain actions. If you set IE as default browser (system-wide for all users!), for example, disable most of its functionality, don't use it and it is blocked in your firewall, data stealers etc. will fail most of the time.

Paul

p2u
Valued Member
Valued Member

Posts : 211
Join date : 2010-12-14

View user profile

Back to top Go down

Re: LUA effectiveness

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum