| DaleB |
Having my PC recently attacked, and my IE homepage hijacked, I did some searches on software firewalls, etc.
I found two very interesting sites that deal with evaluation of such protection, including tests you can have performed on your own system.
If you are serious about protection, I suggest a thorough read on this subject.
http://www.pcflank.com/art21.htm
www.grc.com |
|
|
| renov8r |
I am not "anti-Microsoft" but too many of their applications are frighteningly vulnerable to "hijacking".
It seems that in the interest of interoperability of their browser, e-mail client, update/download functions Microsoft has made it too easy for malicious attackers to alter and/or take over your computer.
I would wholeheartedly recommend using a browser NOT from Microsoft. There are excellent free alternatives as well as some that might even be worth buying. |
|
|
| Warzau |
| Zone Alarm or Tiny Personal Firewall or even a router would help look into these. |
|
|
| DaleB |
quote:
Originally posted by renov8r
I am not "anti-Microsoft" but too many of their applications are frighteningly vulnerable to "hijacking".
It seems that in the interest of interoperability of their browser, e-mail client, update/download functions Microsoft has made it too easy for malicious attackers to alter and/or take over your computer.
I would wholeheartedly recommend using a browser NOT from Microsoft. There are excellent free alternatives as well as some that might even be worth buying.
You may want to read more on the links I provided above. The 'grc' site provides some evaluations as do many other websites. Some of the freebies are as good as the pay ones and some might think even better in some cases.
Especially for home use, businesses could benefit best from other applications.
I am presently using Kerio which seems to work great. Having a router adds additional hardware firewall protection.
And yes, some of the most recent Microsoft applications have security holes MS has been slow in resolving. I don't understand why they don't have better product assurance with all their available resources. It isn't like the wolf is at their door. |
|
|
| TYP |
I know many people don't even care about this.. but..
I use Mac, I use the airport (with 128 enc, and phy. firewall as well as software firewall) no MS at all, and don't open junk mails (even if it says free sex for live! :2: )
scan every e-mail even if it's from your friend.
:4: |
|
|
| amazent |
| Thanks DaleB and mdxxxx. PASSED and secure and safe here. |
|
|
| Dale MDX |
Is the problem really with the way Microsoft products are written, or is it that Microsoft applications are so pervasive and popular that the hackers attack them instead of other stuff? It seems like WordPerfect or other apps. might have vulnerabilities also, but they aren't worth the hackers' time compared to the damage they can do elsewhere.
If this is the case, it still doesn't make the situation any better for us, of course.
I would guess that both factors are involved (popularity in addition to the integrated, complex nature of the MS products causing more vulnerabilities). |
|
|
| DaleB |
quote:
Originally posted by Dale MDX
Is the problem really with the way Microsoft products are written, or is it that Microsoft applications are so pervasive and popular that the hackers attack them instead of other stuff? It seems like WordPerfect or other apps. might have vulnerabilities also, but they aren't worth the hackers' time compared to the damage they can do elsewhere.
If this is the case, it still doesn't make the situation any better for us, of course.
I would guess that both factors are involved (popularity in addition to the integrated, complex nature of the MS products causing more vulnerabilities).
I am hardly a software expert, but I am sure with more time and money even home user software can be made more robust. It's all based on priorities established by the manufacturer, like any other commodity. |
|
|
| rliggayu |
| There's a lot of Microsoft haters out there and they will do what ever it takes to take them down. That's their full time job to hack microsoft. |
|
|
| DaleB |
quote:
Originally posted by rliggayu
There's a lot of Microsoft haters out there and they will do what ever it takes to take them down. That's their full time job to hack microsoft.
That's probably true, and another reason more competition benefits the consumer. |
|
|
| Desant |
BTW, for Windows XP users, here is a pretty good security test tool from Microsoft:
http://www.microsoft.com/TechNet/Se.../MBSAHome.ASP#d
This is even more important tool for Windows XP Enterprise Edition and for people who use XP on their enterprise servers.
Also, I don't like knocking Microsoft, because ALMOST EVERY Operating System has vulnerabilities that can be abused, resulting in breaches. Another interesting point - 90% of hacks are a result of misconfiguration, rather than a software flow. |
|
|
| DaleB |
| I get frequent windows updates, at least once a week. I guess microsoft is correcting my misconfigurations. |
|
|
| renov8r |
...but I do firmly believe that many of the problems that there are with regards to Microsoft APPLICATIONS are a direct result of how they have chosen to allow interoperability.
MS choose to use a weak form of resource isolation and UNIFIED scripting language across IE, Excel, Word, Access, & Outlook. I no longer program every day, but MSFT had the potential to force a much higher level of application isolation within the framerwork of Microsoft Foundation Classes (MFC), instead they have not enforced this (I suspect because too many lazy coders like VB...)While this is handy for slight customization using Visual Basic, it leaves LOTS of gaping holes from one app into another. Additionally the heavy reliance these APPLICATIONS have the Win Registry means that attacks that target well known Registry Keys are common.
Basically, this means that companies that rely on MS Apps have to invest extra effort in securing their networks & desktops.
At work I run MSFT and UNIX operating systems (as well as OS/400 & Z/OS). At home I run UNIX(solaris & linux), Win, and Mac(9 & X). I belive that other than OS/400 (a proprietary OS used on IBM midrange business platform) &Z/OS (mainframe) all have about EQUAL potential for OS vulnerability, but Win MSFT APPLICATIONS are far more susceptible to malicious misuse than th e apps I run on UNIX or Mac (even the MSFT Mac apps...)
quote:
Originally posted by Dale MDX
Is the problem really with the way Microsoft products are written, or is it that Microsoft applications are so pervasive and popular that the hackers attack them instead of other stuff? It seems like WordPerfect or other apps. might have vulnerabilities also, but they aren't worth the hackers' time compared to the damage they can do elsewhere.
If this is the case, it still doesn't make the situation any better for us, of course.
I would guess that both factors are involved (popularity in addition to the integrated, complex nature of the MS products causing more vulnerabilities).
|
|
|
| Desant |
Good point renov8r. Here is a new one:
--------------snip---------------snip-------------
*MICROSOFT REVISES VULNERABILITY RANKING AGAIN
By Carl Weinschenk
For the second time this month, Microsoft is upgrading the severity level
of a vulnerability advisory regarding Internet Explorer (IE).
Microsoft is changing the rating of a vulnerability in the way some
versions of IE run the Portable Network Graphics (.PNG) image graphic from
important to critical.
The exploit delivers malformed code that instructs the computer to
continually re-read a piece of the image file. This can cause a memory
buffer overflow, which could enable an outsider to run code with the
rights of the legitimate user.
"I think it's serious on the level that a lot of people don't realize that
just viewing an image these days can compromise your computer," says Marc
Maiffret, chief hacking officer for eEye Digital Security.
In the original Nov. 20 bulletin--which described several flaws and was
cumulatively rated "important"--the company said the vulnerabilities
couldn't be exploited on its software. Subsequently, eEye Digital Security
informed Microsoft that it used the flaw to gain control of machines
running IE versions 5.01, 5.5 and 6.0, says Maiffret.
eEye released details on the flaw's exploitability Dec. 11. Microsoft is
updating the advisory to "critical," according to a spokesperson for the
company's public relations firm.
Microsoft released an advisory on Dec. 4 stating that a vulnerability to
an object caching vulnerability in IE 5.5 and 6.0 was moderate. The
company was forced to upgrade the warning to severe after being given
information about how the flaw could be exploited.
Microsoft recommends using original patch or a subsequent patch released
on Dec. 4.
http://www.microsoft.com/technet/se...in/MS02-066.asp |
|
|
| Happy_MDX |
Be advised leak test has been recognized as a Trojan by Mcafee AV.
Happy_MDX |
|
|
| rjmitche |
quote:
Originally posted by Happy_MDX
Be advised leak test has been recognized as a Trojan by Mcafee AV.
Let's not jump to conclusions. LeakTest is designed to simulate the actions of a Trojan horse, etc. It does no actual harm. If I search for LeakTest at McAfee's site, I come up with this page:
http://vil.mcafee.com/dispVirus.asp?virus_k=99737
Under "Virus Characteristics", it says:quote:
"LeakTest" is neither a virus nor a trojan. This detection covers a "potentially unwanted application" (under which non-malicious, but sometimes unwanted, programs are detected).
This program is a demonstration of how an application can bypass a firewall. It does no damage and no information leaves the system.
So, while McAfee AV may tell you that it's there, it really isn't doing any harm and it's likely that you (or someone else) put it on the machine in question to check for vulnerabilities.
Gibson Research (makers of LeakTest) describes the program as follows: quote:
LeakTest is a safe and small (27k bytes), completely benign "chameleon utility" which can be used to simulate the presence and effect of Trojan horses, viruses, and adware/spyware running in your computer. It simply and quickly tells you whether it has been able to slip out past your firewall's outbound Trojan/Virus/Spyware protections and establish a standard TCP connection with our NanoProbe server.
|
|
|
| rjmitche |
quote:
Originally posted by laborlitigator
Go Linux
Just happened to be reading this article tonight...
"Most Unsecure OS? Yep, It's Linux"
http://www.wininformant.com/Article...ArticleID=27428
Admittedly, this article is from a Windows information website but, it seems as though the popularity of Linux is also causing the hacker community to to pay attention as well.quote:
"...more than 50 percent of all security advisories that CERT issued in the first 10 months of 2002 were for Linux and other open-source software solutions."
|
|
|
|
