Duncan,
I am sorry if I scared you, that was not at all my intention. Though I do understand the frustration you may feel about
the subject, I don't believe in hiding things under the carpet. And, btw, my hat is white and will always be so. Not
even a speeding nor parking ticket in my entire life, and there will never be so, period.
The only picture I'm trying to paint, is the present picture of where things are going. I had my own security business
until about six years ago, plus I've done serious research in harmfull internet traffic for about ten years. Enough to
understand what is emerging, and what to look out for. These days I'm no longer 'cutting edge', though still following
development closely.
During the past six months or so, several new point-and-click exploit kits has evolved. With these kits, anyone can
taylor their own backdoor, virus, or whatever is wanted. What's new about the recent kits of that kind, is that some
core functions/features that are universal for all operating systems, are now attacked very aggressively. This includes
Mac/BSD.
The essence of my original suggestions is: keep your eyes open, and don't trust operating systems nor firewalls, use
common sense instead of blind trust. Also, it's important to understand that keeping one's system/data safe is an
ongoing process.
If you want to setup a firewall/gateway, go ahead, and don't be frightened because it's new to you. All needed is an
outdated system with 256 MB or more RAM, +500 MHz processor, and 2 NIC's - one for Green (local network), and one for
Red (internet), and a +2 GB HDD/SD card/USB-pen, depending on system and preferences.
If you want to play with an easy firewall/gateway, get IPcop 1.4.20 (+ update to 1.4.21), but don't use it for anything
serious, as it's becoming sort of outdated. Safe enough for casual surfing, though. IPcop is very easy and intuitive to
setup, and will give you a basic idea about the subject. Very good documentation, also. Don't be scared of playing
around a bit, we all start somewhere. Btw, Intel NIC's are nice, but Realtek's are cheap, and they work. Just make sure
they are manufactured in Taiwan or Japan, not China (yes, this is a warning).
What you instead *should* be scared of, is the fact that in about two years from today, everyone who doesn't have just a
slightly secure firewall/gateway setup, will suffer the steep learning curve that comes from total exploitation. There
are some very evil people out there that can't be reached or punished by civilized law enforcement.
Also, this is a great oppurtunity to put some of the old, stashed-away hardware into good use, and play around, in the
true hwg spirit.
hth
DSinc wrote:
Soren,
Nice share. But, still you continue to paint a very bleak picture.
I'd like to think I have some grasp of this, but, I do not.
I feel incapable of constructing most of your suggestions.
Any/all reformats suck! I get this one.
Again, nice share........ :)
If I was much smarter, I might suspect that you might be a
Gray-Hat sorta folk. JMHO.
Live well. You scare me.
Duncan
On 05/28/2011 03:14, Soren wrote:
Hello,
A few words about the effects of virus infections.
First, the viruses of today very often contain hidden backdoors.
Back in 'the good old days', a virus was terminated completely by a
reformat. Not so anymore, unfortunately. These days, a complete HDD
wipe is mandatory.
Please, beware that the wipe schemes in proggies like dBan, and so
forth, only follows a wipe standard that conforms to portable media,
like USB pendrives. The Gutman 35x wipe is still the only secure wipe
of a HDD. Also, the drive has to be connected directly to a HDD
controller, and not only via USB. Always check drive situation with
fdisk.
Today most vira also contains either a rootkit or a backdoor trojan,
or both. Say hello to exploits of the NTFS/ext3+ secondary data
streams in combination with Hyper Threading (that transport excactly
secondary data streams). An almost ideal environment for a virus
programmer.
A *very* good way to avoid most Windows vira, is to set up a *nix
gateway containing a web proxy. This form of gateway will filter out
about 95-99 pct. of all Windows malware, vira, rootkits, and other
unwanted stuff. Some *nix gateways also include an option for a full
IPS (Intrusion Prevention System), if one has the hardware to match.
The system for installing such an appliance, is very much one of the
cheap Atom solutions, with Hyper Threading DISabled, that is. There's
still a few Asus/AsRock boards with both ATA and SATA available
(future upgrades), and with a built-in GPU, NIC, and two different
controllers, all for the price of a 4GB RAM stick...
Some of these appliances can run from an SD card (mechanical write
protection!), or from a USB pendrive, even as boot. This enables a
fairly noisefree environment, if combined with a mini-itx case with a
passive PSU - a US company produces some pretty awsome passive PSU's.
hth
