Computer Security, Malware and Internet Poker

[CoccoBill]

I like the first 3 suggestions, the rest are something between optional, recommended and spam. However, arguably the most important suggestion is missing: always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do. Google the Principle of Least Privilege.

"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
- Bruce Schneier

[Hawk]

I like the first 3 suggestions, the rest are something between optional, recommended and spam. However, arguably the most important suggestion is missing: always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do. Google the Principle of Least Privilege.

While this is good standard advice, it doesn't help most home users a whole lot. For most people, their data is all that really matters. OS/software can be reinstalled. Anything that can only fuck up whatever the user has access to can destroy everything that really matters.

"If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology."
- Bruce Schneier

Nice quote. The frustrating part for me, as an especially security conscious geek and "the computer guy" for almost everyone I know, is that people assume that because they installed an antivirus program they have nothing to worry about. Trying to explain otherwise is like trying to explain poker concepts to someone that doesn't really care to learn them. It's useless. All I can really do for them is install the standard security softwares and set everything to autoupdate. Until they lose something that really matters (i.e. more than a few days without the computer) they won't ever really care.

Also, another tool for people to look at is Secunia Personal Software Inspector (PSI) (PSI - Consumer - Products) which scans the software on your computer and tells you what software needs to be updated.

[CoccoBill]

While this is good standard advice, it doesn't help most home users a whole lot. For most people, their data is all that really matters. OS/software can be reinstalled. Anything that can only fuck up whatever the user has access to can destroy everything that really matters.

This is what most users think, because they haven't yet had their identity, credit card and online banking details stolen. Losing the mp3s, family photos and pr0n is a bummer, but those things can actually hurt. In the bigger picture the important thing is that their computers won't become a part of a botnet. If the user account is not able to install bg services and rootkits or modify system files, the likelihood of the bad things happening is lowered dramatically.

[NobleTruths]

always run your computer with a limited account, no matter what OS. Running as root/administrator is that begging for trouble. Most malware you get infected with runs in the context of the logged on user, so whatever you can do to fcuk up your puter, that's what the malware can do.

Please read this article on Limited User Accounts and attack vulnerability.

In part, it states:

No, LUA still leaves computers vulnerable from drive-by download attacks that steal password/credentials, copy data records and documents, destroy files, ransom user content, serve as an attack platform inside an enterprise firewall, and serve as one of thousands of other computers as part of a Botnet. LUA just makes it more difficult for attackers to burrow their malware so deep into a computer (i.e., rootkit) that it may never be detected.

[CoccoBill]

Please read this article on Limited User Accounts and attack vulnerability.

In part, it states:

Yes, I'm aware of this. How is this not completely in line with what I said? Btw I might play poker in my cowboy suit at night, but during daytime I fight crime as a security consultant.

[NobleTruths]

CoccoBill,

I wanted the readers to understand that a LUA does not fully protect them from potentially becoming part of a botnet or having other malicious events occurring. Decrease the probability? Maybe. If you go to an attack site, your computer will be targeted. LUA won't prevent that. It will potentially limit the depth of attack on your computer, but compromising your system is still likely.

The bigger picture is the layers of protection you can create for your system.
Safe Surfing-->Firewall-->Antivirus/Antispyware-->Updated System-->Registry Monitor.

I have not addressed the importance of System Backups; this will be for another post. However, if all else fails, and repair is not possible, having a way to recover via Backup is wonderfully preferable to wipe and reinstall OS from new. Just a brief preview on this: creating an image of your existing system, and storing that image on an external Hard Drive, will save you much grief. My tool for this is Acronis True Image. Another choice is Norton's Ghost, but.....I made my preference clear, i think.

[CoccoBill]

CoccoBill,

I wanted the readers to understand that a LUA does not fully protect them from potentially becoming part of a botnet or having other malicious events occurring. Decrease the probability? Maybe. If you go to an attack site, your computer will be targeted. LUA won't prevent that. It will potentially limit the depth of attack on your computer, but compromising your system is still likely.

Please explain how you're going to create a bot if you don't have privileges to install services, modify the HKLM registry or system files. I mean this in the nicest possible way but unlike poker and many other subjects, regarding computer security I really know what I'm talking about. Of course a limited user account won't fully protect you, nothing will. There's no such thing as 100% secure, there's just appropriate controls and effort to balance the risk exposure to your risk appetite. If you have solutions to make something 100% secure against anything, please let me know.

The bigger picture is the layers of protection you can create for your system.
Safe Surfing-->Firewall-->Antivirus/Antispyware-->Updated System-->Registry Monitor.

I'd rather talk about logical layers than software layers. Security aims to ensure the confidentiality, integrity and availability of resources and it consists of equal parts of processes, technology and the human aspect. It doesn't matter what technological controls you have in place if you actively circumvent them, don't understand how they work or have new emerging exploit vectors that aren't covered by your technology. Patch your computer regularly (not just the OS, all apps and middleware also), be aware of the security threats and have a natural distrust of everything and make sure you always use everything with minimum required privileges, and you're as safe as any home user can be expected to be.

I have not addressed the importance of System Backups; this will be for another post. However, if all else fails, and repair is not possible, having a way to recover via Backup is wonderfully preferable to wipe and reinstall OS from new. Just a brief preview on this: creating an image of your existing system, and storing that image on an external Hard Drive, will save you much grief. My tool for this is Acronis True Image. Another choice is Norton's Ghost, but.....I made my preference clear, i think.

Agreed.

[NobleTruths]

If a user has not installed necessary patches, the LUA will not protect as it should. And spyware, keyloggers and other malicious events can occur.

Boy, I wish I had a 100% solution. Thank goodness I never said I did.

Logical layers and software layers sound good together...after all, multi-prong security is essential.