Steadystate is the nearest thing to a read-only OS that Microsoft do, and it does handle patching and even a drive roll-back after each boot. I always like the VHD's of IE6/7/8 as a machine to test and use for secure access. Consider the VHD of Windows 7 Enterprise, stick it on a datastick and boot to it - now there's an interesting attack vector via a USB slot.
Mike From: Roger Wright [mailto:[email protected]] Sent: 14 October 2009 20:18 To: NT System Admin Issues Subject: Re: Interesting article... I like the idea of a "read only" or temporary OS to be used for these critical or high-risk communications. I'm gonna consider that for my own activities. I've often wondered if our trust in anti-malware vendors could be somewhat misplaced. What would happen if their systems were hacked, and their update servers sent out new DAT files containing evil code? But, as noted, the weakest link continues to be the end-user. An interesting site for internal phishing tests: http://www.jetmetric.com: Email Phishing Social Engineering Tool SocialPET (Policy Evaluation Tool) provides an automated process to test employees awareness of IT policies and common security risks. Email Social Engineering or "Phishing" is a common method used by attackers on the Internet to extract sensitive information, such as passwords, from people via email. SocialPET allows an IT or Security Administrator to craft an email with an embedded link to entice a user to supply their password. After the job is initiated, the administrator can view the results of how many people clicked the link in the email or even worse, disclosed their password. Each test and its results are saved, so improvement can be monitored over time. Even after a single test, success rates often dramatically change on subsequent tests. * Test your employees willingness to click on untrusted emails * See your security grade based on how many employees disclose their passwords * Choose and customize multiple email templates to map the test to your environment * Run multiple tests and track improvement over time * Compare your success rate to others in the industry Roger Wright ___ On Wed, Oct 14, 2009 at 1:41 PM, Ben Scott <[email protected]<mailto:[email protected]>> wrote: On Wed, Oct 14, 2009 at 12:49 PM, Andrew S. Baker <[email protected]<mailto:[email protected]>> wrote: > The malware will be developed for where the majority of people are, no > matter where that is. I agree. And the two biggest competitors to MS Windows right now -- Mac OS X and Linux -- have both achieved enough usage that they are seeing some attacks. But, for a purely pragmatic point-of-view, that does mean that using something other than MS Windows does get one some gains presently, simply because it's a lower profile target. A cabin in Vermont is lower profile than the penthouse in the highest building in New York City. Of course, that cabin in Vermont may be less convenient to other things you want to be near. (Or maybe you really like Maple syrup, so Vermont's a plus. YMMV.) One interesting point, though: A "live CD" does have some advantages over a traditional Windows install, if used only for banking, and persistent state is not saved. It's a read-only medium, so even if something *does* manage to penetrate security, there's little to be captured from saved state, and all one has to do to clear it is reboot. I'm not sure Microsoft could compete in this scenario, given their licensing model and "Activation" requirements. Updates present a problem, though. Firefox hasn't been immune to security exploits. So you're either running software with known vulnerabilities, or you're sucking down updates every time you reboot. The later is time consuming for the user, and expensive for the server operator. Hmmm. Perhaps paid subscription services for a portable, hardened system one can carry around with them on a CD? As long as you can trust the host hardware, and you can trust the provider, why not rent security administration for home use? Essentially, willingly give up admin rights to your own computer, for the sake of letting an expert take care of you. I wouldn't be interested, but maybe Aunt Tilly would. Of course, trusting the provider may be an issue. (Witness the Microsoft/Danger Sidekick fiasco.) But given the sorry state most home PCs are maintained in, it might be the lesser of two evils. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
