1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Windows AntiBreach Patrol

Discussion in 'Windows - Virus and spyware problems' started by Aliee, Apr 28, 2014.

  1. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    Yes I was using WPA2 encryption.

    My password and ID were similar to yours other than I didn't generate mine and I had more alphas.

    Knowing the security wasn’t brute force hacked I searched the web to discover what he did to get in. I discovered a discussion about a new wireless security ‘hole 87’ or something close to 87 was brought up at a conference a few years before. The number reffered to the line of code for the vulnerabliity of a routine. I googled the security hole and got only a very few hits. One was a very tech article. As I understood and remembered the article, if a device can fake a dropped connection, the router will reestablish the connection without requiring any security validation. To gather all the required information to fake a dropped connection you may have had to be connected to the network before since you to spoof a MAC address of a device on the network. The hole was not considered urgent and was considered very difficult to prevent.

    I tried to find the information a second time to send a link to someone a few years later. I couldn’t find it. Even when I found the articles there were only 3 Google hits. That information was removed from the web. If you don’t want to fix a problem just keep the public in the dark. This year Cisco updated router firmware with several security patches. One was to make the routers harder to infect with the Moon malware the other sounded like a fix for that security hole.

    Enhanced Mitigation Experience Toolkit is a great concept. My read is you need to be browsing with IE. Even though I have read IE is now one of the most secure browsers I will stick with FF. The main reason is that is NOT secure. Am a crazy or what? It is like leaving a $100 bill on the kitchen table. If someone goes through kitchen the bill will be picked up. When they do, I know.

    What I didn’t mention in my mini tirade is along with a few successful attacks that I know of I have hundreds of unsuccessful attacks over the last 5+ years. They go in waves. I start getting attacked more frequently. I start looking for better security. After the upgrade I will see no attacks for at least a year then the cycle repeats. The big problem is I don’t see any major software security improvement I can use if this gets compromised.

    I do intend to stop accessing the internet from my office computer since I have enough spares. I can buy a used desktop for only a few dollars more than the cheapest Win 7 OS disk I could locate.

    I run FF in a sandboxie sand box. So far the bots are not smart enough to detect the sandbox. I figure the app is not wildly used and the bot probably does not know what happened. The process may not fail (a return value of fail) until the user responds to the warning message. That never happens. I disconnect the connection then the sandbox is flushed ASAP.

    Aldan, sometimes I can get volatile. I suspected you might not know much about security threats. If you don't set traps for intruders how would you know they were there if they clean up any trace of a break in?

    McAfee has publicly admitted they don't even try to add all the new found virus info into their databases they only add ones that damage software/hardware. Why would you feel so secure that your computer has no malware on it?


    I have been a senior programmer for about 25 years. I could build my own botnet from scratch except I do not know enough about attack routines. I am sure when a botnet attacks the process takes less than a second using probably many thousands of lines of code. I can say the attack process is mostly probing until an opening is found. I have read even secure systems can be overloaded if the security barrier is oveloaded with a barrage of attacks. This is do-able with a bot net.

    I also don't think you have any concept of how smart a hacker can be. In this day and age there are no dumb programmers. An IQ of 130 is not all that high for a lead programmer and I have known and worked for several geniuses. The hackers come from all over the world most can’t get a decent job doing honest work so they hack. You can have no clue what you are up against. A genius can probably make the smartest person you know look stupid. I have seen just that, a pissing match between a very smart person and a genius. The mismatch didn't last long. The IQ difference between a normal person and a genius is the same as a normal person and an idiot the lowest grade of retardation. So if you are notmal, you look to a genius as the lowest form of retard looks to you. Idots may never learn to dress themselves.
     
    Last edited: May 9, 2014
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    After 50 years as a senior programmer and head of an IT dept, for 25 of it, I have learned, as I have said before, Paranoia is just good thinking but, only when used as a tool, as well as IF, THEN, ELSE thinking to go along with it. My main theory is, “Know Your Enemy” and I have disassembled and traced more hacks than you have probably ever been subjected to, so that I might protect the system I was working with.

    Every computer that goes on the internet is scanned 24/365 every 2 minutes or so. Knowing that you can’t be paranoid to the point of seeing bots come out of the woodwork.

    Here is a scan of me while I am on the internet (I hid my IP address, but it’s me).

    As you can see, I am completely stealth and not seen by any scanner..

    Am I infected? NO
    Can I get infected? YES
    Am I afraid of being infected? NO
    Can I deal with an infection if it makes it though my security? YES

    [​IMG]

    Even though I am connected to the internet, you can see that my connection port 80 is stealth....
     
    Last edited: May 9, 2014
  3. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Evidently you didn't do enough reading. You can set the mitigation in EMET for any program you are running, I use FF. This is where some advanced knowledge of a computer comes in very handy..

    I wasn't recommending that you use it, I was simply pointing out that there are ways to block the "bad guys" that the general public is not aware of. Reviewers will only hype anything they can make the most money on from downloads at their site.
     
  4. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    2old I had no intention of ruffling your feathers...

    I would be dumbfounded to have learned you hadn't stealthed your port many years ago. My ports have been stealth for at least 5. That has not eliminated attacks on my computer but I am sure it reduced them. I think recognize the port display.


    I read when I have time. I am a programmer not a security guy. I do try to read up on security. Oh by the way, I have had 22 programmers under me. Neither of us are dopes and I never took you for one. I think both of us have a good idea what is out there but I suspect others do not. I point I was making was to aldan. There is a huge population of very smart persons trying to infect their computer. If you aren't taking extra ordinary precautions you are PROBABLY infected. Even the article that had 80 hi-test malwares over run the leading security systems didn't assume this spelled doom. Instead a user can't rely on ONLY an AV scanner to protect them.

    I think you have over estimated my paranoia. My own experience has taught me that AV will not pick up everything. If you think differently, I will leave that alone.
     
  5. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,733
    Likes Received:
    39
    Trophy Points:
    78
    dont worry guys,all my ports are in stealth and have been for a few years now.funny how you mentioned iq and genius in the same breath mez.mine was tested at 133 and i am no genius.i catch on to things quickly especially by reading.when i was 12 years old i read at a 4th year university reading level.i can still read a book and a year later tell the story.i think it helps to have a near idetic memory for what ive read.smart?meh,maybe,done some awful dumb things in my time,but genius dont hardly thank so.lol.curious about the op though.hope she got her problem solved and wasnt to scared to come back after we hijacked this thread.lol
     
    Last edited: May 10, 2014
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    It’s extremely difficult to ruffle my feathers… I’m so hen-pecked, I have no feathers. Lol

    As far as eliminating or stopping attacks, a firewall does not do that. You will be scanned 24/7/365 as long as you have an internet connection. The firewall will keep the attacker from seeing your ports and thereby keep you from being infected. They’re out there all the time and not just aiming at you so don’t take it as a personal attack.

    A firewall like ZoneAlarm will record each scan of your IP address and say that it has blocked an attack. There are so many that it can be quite nerve racking if you let it… I prefer using a hardware firewall, that is, a router with an SPI firewall.

    I was confused when you said that your router had WPA2 security and you had a 64 character password. WPA2 will accept a password or pre-shared key of 8 to 63 characters and then will use the WPA2 algorithm and hash it to 256 bits if it is more. 63 ASCII chars. Is 504 bits… The old, worthless, WEP security would accept HEX numbers..

    You are correct, an AV will NOT pick up everything.. A geek can get away with a simple AV because he knows what to look for and stay away from but the average person cannot. The very BEST AV is Knowledge and Common Sense…..
     
    Last edited: May 10, 2014
  7. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    I can't argue with that. That is my main 'parinoia' in my estimation. If I am not sure I will back up what little data I have on C: and re-image. I tend to stay on the safe side but I don't think others are foolish if they don't. I do belive they are foolish if they think they are secure when they have a minimal security system.

    I got you loud and clear about too many warnings. With my browser trap what ever as breached all but my last ring of defense. If this happens a few times a year I don't care. If it happens every hour or 2 when I am browsing I want more security.

    Persons that maintain multiple levels of security are much safer.

    The linked in IT specialist blogs are very active and huge. It is more active than AD. There is a general agreement that if you think you are infected with something and have any doubt, re-image.

    There is a huge difference between the judgement of someone like you and even someone like me who does not have enough backround for expert decisions.
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    True and as FDR once said “The only thing we have to fear is fear itself.”
    When you see a firewall or AV blocking a ton of shit, your first thought is: well if it blocked that many and I know it can’t block 100%, how many got through?? That kind of thinking is what promotes paranoia.

    I agree and that is the basis for my layered security. It must be layered like diversifying your 401K, when one investment goes down another goes up and offsets the lose. Like having a mixture of stocks and bonds. You cannot invest in all stocks or all bonds and expect to come out ahead. You cannot have 2 AV’s running the same kind of scan in order to catch what the other one missed, it just don’t work.

    Layered Security is the Key. Also moving your Data and Desktop to another HD and keeping daily Image Backups...
     
  9. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    2old I only get 'paranoid' when someone breaks through most of my security routinely. They were far enough through where they could leave me a present.

    I don't check how many attacks were blocked.

    Aldan,
    The original poster wasn’t interested in our banter she only wanted to fix her problem.

    You are no dummy either. Funny, due to a reduced capacity as you age from your 30s on I be about as smart as you even though my IQ is a bit higher. I am guessing you are a great deal younger than I. A 70 year old with an IQ of 130 is only as functionally intelligent as a 20 year old with 100 IQ points. I am functionally about as smart as you are +/- a few points unless you are an old fart then I am a good deal smarter. At more than 130 a few points are a big deal. IQ is all about how far out you are on the bell curve of individuals your age.
     
    Last edited: May 13, 2014
  10. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,733
    Likes Received:
    39
    Trophy Points:
    78
    na,not that old mez.im only 56 and i have to come clean on the iq test.it was done over 20 years ago.lol.probably test out at about 100 by now.still have an idetic memory for the written word but,like a slow computer,it takes awhile to retrive the data sometimes.dont think for a moment that because i jab at you for being paranoid that i dont care about what you have to say.i read every post.Al
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Now Mez, what kind of presents are they leaving you? I have asked you several tines to post me a scan and I would maybe be able to give you a clue on how to avoid these attacks but your IQ is higher than mine and you seem to blow it off,,,

    Actually, an IQ test is based on a lot of variables that if the wrong test is administered it will give faults readings. That is to say, if you ask a person raised in the ghetto: When is Mother’s Day? You can get answers like: The day the Welfare Check comes. Or: 9 months after Father’s Day!

    Being an old fart, I think I should be given extra points for Sage Wisdom..

    The last IQ Test I took had me flying high for a short time, I scored a perfect 200!
    Then I found out the test was designed for 4th Graders… [​IMG]

    Aldan, the truth is that your brain is like an Iceberg and your memories like penguins residing on that hunk of ice. When you go over about 60, Global Warming sets in and the iceberg starts to get smaller and the poor little penguins start to slide off. At first they can scramble back up out of the water but as time goes on, they just drown. After some time you are left with only the memories of your childhood…. Known as your Second Childhood…. Look out it’s on the way!

    Also don’t worry about the op, she got good advice and a link to clean up the problem. Not to say she don’t have other problems but most of the younger generation don’t think that far ahead..[​IMG]
     
    Last edited: May 13, 2014
  12. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    2old I said could not did leave a package. I have looked in the sandbox. The beauty of that is only the files added during the session are there. You might not notice a new file in a folder of a few thousand files but when there is only one it is obvious. I have seen common exes some where they belong most somewhere completely different. I have seen dlls and other stuff all in the windows folder or below. Nothing ought to be putting files there during a browse session.

    This is where I tend to be a bit overly cautious except that I no longer look anymore. Looking takes more time than the fix and I will delete the box because it is painless. I always delete my sandbox I have been browsing in. I also do this at the end of a session. I may delete the sacrificial user. I always browse using a limited user that has no data so deleting it and creating a new one only takes a minute or 2. Doing anything more clever takes too much time.
     
    Last edited: May 14, 2014
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Mez, You know that I have given you clues several times on how to "Bulletproof" your computer. There are NO 'perfect' security programs so you must compromise and diversify in order to have the best security possible. No such thing as 100% security; see ireland's post pertaining to Snake-Oil here: http://forums.afterdawn.com/thread_jump.cfm/974963/5954847

    The almost near perfect, security program that I have ever ran across is Faronics DeepFreeze and I have used it for years.. It had a problem in 2005 when a program called Unfreezer by Emiliano Torres (a black hat programmer in Santa Rosario, Argentina) found a hole he could get through but it was fixed fairly quickly and I never had any problems with it. It uses a virtual environment and what happens there, is lost there; it cannot effect your real machine..

    aldan, I gave up on FF v29. The first version was so buggy that I couldn't use at all so I switched to Pale Moon v28 and had some problems there. I then got a 29.0.1 update for FF and gave it another try. They had fixed most of the bugs but it kept crashing. I just got Pale Moon v28.5 and so far I like it, but I guess I'll see. I'm dying here. [​IMG]
     
  14. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,733
    Likes Received:
    39
    Trophy Points:
    78
    gotta ask,what is your candid opinion of comodo dragon.i know its a chrome based browser but is it as bad as chrome?
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Here is a quote from Gizmo. We have had some disagreements over the years but I still consider what he says to be good advice.

    I personally use OpenDNS instead of Comodo DNS because it is much faster and about as Secure as far as I can tell.. With all the other security I have installed, I will settle for a little more speed..
     
    Last edited: May 15, 2014
  16. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,733
    Likes Received:
    39
    Trophy Points:
    78
    thanks 2old,that was kind of what i thought.never used open dns (have to research that),but do have comodo secure dns enabled.meh,lifes to short to worry about the details aint it.
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    Bye, bye cruel world....[​IMG]
     
    Last edited: May 16, 2014
  18. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,733
    Likes Received:
    39
    Trophy Points:
    78
    funny,looks more like a pile of shite than an electric fence.LMAO
     
  19. Mez

    Mez Active member

    Joined:
    Aug 12, 2005
    Messages:
    2,952
    Likes Received:
    9
    Trophy Points:
    68
    Yes, at least 50% of what I do has come from you. I think you have just told me what my next step will be. Right now I am fat and happy. I have not seen anything getting through my defenses in weeks.
     
  20. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,701
    Likes Received:
    39
    Trophy Points:
    78
    That's great, if I can get you converted on the other 50% you can kiss paranoia goodbye.. LOL

    Now don't run out and buy DeepFreeze just because I said it worked. First, do some reading and research on it then if your interested check it out on a 30 day trial. It's about $45 per year. Here's the User Guide:
    http://www.faronics.com/document-library/document/deep-freeze-standard-user-guide/

    And here's the site:
    http://www.faronics.com/products/deep-freeze/standard/
     

Share This Page