Posted on 06/13/2012 9:39:00 PM PDT by OldEarlGray
Do you want to be totally safe for free with minimal skill and little fuss? Boot your Windows PC from a Linux demo CD to browse the web or check your webmail. Yeah, it will be kind of slow. Just don’t mount your hard drive while running Linux. If you must download a file, use a memory stick to save it.
how does anyone determine which update are vaild or not??? I guess I wonder just how invaild updates would get into the microsoft update server in the first place
[OK I have a windows 7 vm, windows 7 on a laptop and windows 7 on a netbook... am I save enough?]
If you/we were, would MS have re-engineered the process between bios-boot and OS load for Windoze 8?
Horses out. Check.
Barndoor closed. Check.
Same Ol’ MS, the geniuses who thought enabling Email with VB Script was a good idea. Check.
>>Something is out-of-whack in this scenario.
You mean like how the McSheeple may not be able to change the pads on their Hundai’s disc brake, or identify a suspicious process in a task list on the PC they use to surf por err “download music” with, but at least they can tell us who’s winning American Idol and Dancing with the Starz in between commercials for Viagra and sleeping pills -— that kind of out-of-whack?
en.wikipedia.org/wiki/Flame_(malware)
| Version | V3 |
| Serial number | 3a ab 11 de e5 2f 1b 19 d0 56 |
| Signature algorithm | md5RSA |
| Signature hash algorithm | md5 |
| Issuer | CN = Microsoft Root Authority,OU = Microsoft Corporation,OU = Copyright (c) 1997 Microsoft Corp. |
| Valid from | Thursday,10 December 2009 11:55:35 AM |
| Valid to | Sunday,23 October 2016 6:00:00 PM |
| Subject | CN = Microsoft Enforced Licensing Intermediate PCA,OU = Copyright (c) 1999 Microsoft Corp.,O = Microsoft Corporation,L = Redmond,S = Washington,C = US |
| Public key | 30 82 01 0a 02 82 01 01 00 fa c9 3f 35 cb b4 42 4c 19 a8 98 e2 f4 e6 ca c5 b2 ff e9 29 25 63 9a b7 eb b9 28 2b a7 58 1f 05 df d8 f8 cf 4a f1 92 47 15 c0 b5 e0 42 32 37 82 99 d6 4b 3a 5a d6 7a 25 2a 9b 13 8f 75 75 cb 9e 52 c6 65 ab 6a 0a b5 7f 7f 20 69 a4 59 04 2c b7 b5 eb 7f 2c 0d 82 a8 3b 10 d1 7f a3 4e 39 e0 28 2c 39 f3 78 d4 84 77 36 ba 68 0f e8 5d e5 52 e1 6c e2 78 d6 d7 c6 b9 dc 7b 08 44 ad 7d 72 ee 4a f4 d6 5a a8 59 63 f4 a0 ee f3 28 55 7d 2b 78 68 2e 79 b6 1d e6 af 69 8a 09 ba 39 88 b4 92 65 0d 12 17 09 ea 2a a4 b8 4a 8e 40 f3 74 de a4 74 e5 08 5a 25 cc 80 7a 76 2e ee ff 21 4e b0 65 6c 64 50 5c ad 8f c6 59 9b 07 3e 05 f8 e5 92 cb d9 56 1d 30 0f 72 f0 ac a8 5d 43 41 ff c9 fd 5e fa 81 cc 3b dc f0 fd 56 4c 21 7c 7f 5e ed 73 30 3a 3f f2 e8 93 8b d5 f3 cd 0e 27 14 49 67 94 ce b9 25 02 03 01 00 01 |
| Enhance key usage | Code Signing (1.3.6.1.5.5.7.3.3) Key Pack Licenses (1.3.6.1.4.1.311.10.6.1) License Server Verification (1.3.6.1.4.1.311.10.6.2) |
| Authority identifier | Certificate Issuer: CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.| Certificate SerialNumber=00 c1 00 8b 3c 3c 88 11 d1 3e f6 63 ec df 40 |
| Subject key identifier | 6a 97 e0 c8 9f f4 49 b4 89 24 b3 e3 d1 a8 22 86 aa d4 94 43 |
| Key usage | Digital Signature Certificate Signing Off-line CRL Signing CRL Signing (86) |
| Basic constraints | Subject Type=CA Path Length Constraint=None |
| Thumprint algorithm | sha1 |
| Thumprint | 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70 |
What percentage of Stuxnet was installed via neither WebBrowser nor Email?
Does your freeware prevent Sand from getting in the Boxies of folks who play with their funky “musical” thumbdrives whilst doing their chores at the local nuclear facility?
I’ve never needed a VM to download music files. But then, all of the music on my devices was obtained via legitimate methods and sources. Why are your experience and prophylactic requirements so different?
Reply
Meanwhile, in USB-enabled, non-mathimaticaly impaired reality land:
Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.
Yeah, that is an accurate description. Internet devices have become like more appliances, but still require a fair level of technical knowledge to operate securely. And the security risk affects others. Or to paraphrase you: a lot of idiots are out there oblivious to risk.
So it's out-of-wack in my opinion. Two obvious possible solutions are to either make them not require the skill level or not allow their use by those without the skill level.
The second I think is impractical and the first still doesn't seem to be happening.
A third option would be to secure them on a different level not involving the user. Government would love to do that, with a high price and low effectiveness. Some have suggested ISPs. Or maybe some type of secure internet neighborhood, the equivalent of a gated community.
I dunno the answer.
Thanks for your reply.
>>Some have suggested ISPs.
Aye, isn’t that the emperor strolling down the internet in his clouded (fancy ISP) underwear?
Holy Balls... I really didnt know!.. thanks for the info
That's your asinine argument.
Seriously, get back on your meds.
Also, I told you I don't even download music. You can't even keep track of the people you are lashing out at. I suspect you are one of those people who subscribed to PC Magazine and now you're an expert, right?
Stuxnet was installed by a user... by allowing autoplay to execute. Yes, a sandbox can stop that if used properly. Of course, all of the home users out there are still battling stuxnet, aren't they? Oh, right... it was never a problem for them. There are currently over 8600 windows devices on my network and to date, not a single one of them has been infected with stuxnet. The bigger danger to a typical PC user is people like you who mock solid advice.
Oh, and you can bloviate all you want... it's somewhat entertaining, but don't ever insinuate that I participate in illegal activity again. I don't appreciate it.
No Wiley, I think if you want to play in a sandbox, then it makes more sense to use the one created by the folks who wrote the operating system, instead of some ACME freeware thing you found on the internet.
Got VM?
[I suspect you are one of those people who subscribed to PC Magazine and now you’re an expert, right? ]
Tell us Wiley, what did you learn at TechEd this week? Were you in the penetration testing session? Did you attend the sessions where Stuxnet was injected into a VM network as a livefire demonstration? No?
Have a nice day, Wiley.
Welcome FRiend.
>>Stuxnet was installed by a user..
But not via 90% Web Surfing or 10% Email.
You don’t digest facts well. Perhaps there’s a freeware ACME gas reducer you could try to help with the cranial flatulence you seem to be experiencing?
The encryption bit depth can impact performance as system load increases. The tradeoff between performance and security can lead to a preference for 1024 bit keys over 2048. If thread affinity to processor cores does not induce a performance penalty then increasing the key strength to 2048 seems most appropriate. Otherwise “throw more hardware at it” becomes the loudest mantra in the organizations that I have developed software for and supported in production.
According to the NIST, that was one of the reasons Rijndael was chosen during the AES selection process over Twofish. It was faster in hardware implementations. These days, hardware acceleration can encrypt data streams at pretty insane speeds. These days cpu is cheap enough that even software implementations can do some decent throughput. Personally, I think all traffic on the internet should be encrypted, including email. It would stop a lot of casual snooping. Of course, this won't happen because the real snoops (the governement) would be inhibited as well.
I think that's largely because you probably don't run nuclear centrifuges located in Iran. Stuxnet was an extremely targeted virus.
Not arguing the other points about sandboxing. I think it's a great idea. I go further and recommend VMs that can be easily reverted to known good states. Personally, I don't allow windows systems on my home network, but that's because I'm a Unix bigot, and it's my network, so I get to make the rules. :-)
Running a VM is a good alternative and just as effective, but my argument here has been for the masses of home users who generally do not have the resources or knowledge to deal with virtualization... as simple as it may seem for us.
My point on Stuxnet was directed at the ridiculous rantings of the OP... it was one of his (incorrect) "examples" of why a sandbox won't help. I was merely trying to make some who may not be aware that there is an application available to them (It's not freeware, by the way) that can defeat almost every virus and malware application that they might encounter.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.