how-to block ads
|
|
Uniqs:
2627 |
Share Topic
 |
 |
|
|
|
bruzzesPremium
join:2001-04-26
Euclid, OH Reviews:
 ·AT&T U-Verse
| Need convincing argument about security dangers. Computer Associates announced their plan to offer free AV and Firewall software to qualified users of Windows OS. Has anyone ever used their security suite? Is it any good?
I downloaded the suite but kept my free version of Zone Alarm.
Found the following trojans:
BlackBox.class
Dummy.class
VerifierBug .class
Being thoroughly paranoid, I ran the anti-virus programs at PC Flank
http://www.pcflank.com/
and trend micro.
http://www.trendmicro.com/en/home/us/enterprise.htmank
Nothing was found. I also used Gibson's site and a few others to verify that I was stealthed. (I was)
I was then told to run Pest Patrol free evaluation. It found numerous pests, (43) including Adult Links, dyfucs, keenware, QaBar and other BHO's. Of course I need 40 dollars to actually buy the product and remove those pests.
I have SpywareBlaster, Spygaurd, ScriptSentry, Excavator, Startup, POW, GoogleToolbar with pop up filter enabled, all critical updates from Microsoft, a list of 200 sites in my restricted area, Ad Aware and Spybot.(all up-to-date versions)
I am so bloated with these programs and am disappointed none of them prevented this Trojan from installing.
I have XP Home with a cable modem.
I have several questions.
Is there any program I can buy to give me better control? Should I get rid of any of the programs above? Many seem redundant.
The most important question is what is the danger of doing nothing. My wife does not want me to mess around with the computer. She says, so what, if it is running OK, ignore these intrusions. I need a convincing argument to show her the danger.
I would appreciate any help in this matter one can give.
--
"Where am I" I asked. "Your on the Island of Conclusions" he replied. "How did I get here?" said I. "Why you jumped here, of course" | |
 jack bGone FishingPremium,MVM
join:2000-09-08
Cape Cod
kudos:1
1 edit | ARGUMENT NUMBER ONE: Identity theft.
A trojan can give the author access to your files remotely, just like you can sitting right there. And watch what you're doing in real time, everything that you do.
And the Own3r can give his buddies the keys to your computer, so it's not just one little intrusion.
Passwords, no problem. Got 'em all.
Personal info, not personal anymore.
Stable operating computer, if they chose to, they could wipe out your entire system.
You cannot allow this stuff on there. Period.
A full time up-to-date Anti-trojan program is required.
Look in the Security Software updates thread and pick something, anything.
Do it now. 
--
~Help find a cure for cancer~
Proud Member
Team Discovery | |
| With a Remote Access Trojan, you could be uploading child porn without your knowlege. 
--
:] | |
| reply to bruzzes
Re: Need convincing argument about security danger Here's what pest patrol says about Dummy.class:
PestName:
Black Box
Description:
Category:
Key Logger. (Keystroke Logger). A program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a key logger will reveal the contents of all e-mail composed by the user. Keylog programs are commonly included in rootkits and RATs (remote administration trojans).
I wouldn't be too happy, if there was a chance of this on my system. Even if it ran fine. I'd try pretty hard to remove it. | | |
|
 hpguruCurb Your DogmaPremium
join:2002-04-12 | reply to bruzzes
Re: Need convincing argument about security dangers. said by bruzzes:
The most important question is what is the danger of doing nothing. My wife does not want me to mess around with the computer. She says, so what, if it is running OK, ignore these intrusions. I need a convincing argument to show her the danger.
IMHO you should steer far away from paranoid reasoning and make your argument as practical as possible.
For example she maintains you should ignore intrusions if the computer is working "ok", so you need to give her practical reasons for why an infected or rooted computer isn't working ok.
Talk about ownership - explain how that if someone has taken over her system then that person has just as much or more control over the system than she does.
Talk about money - did she put out all that money for her system and monthly internet access so that some anonymous criminal can use those resources for whatever nefarious purpose he chooses? Does she really want to pay out her hard earned money to support his criminality?
--
Blue mountains after rainfall - much bluer. | |
2 edits | reply to bruzzes
Re: Need convincing argument about security danger said by bruzzes:
Found the following trojans:
.....
I am so bloated with these programs and am disappointed none of them prevented this Trojan from installing.
......
I have XP Home with a cable modem.
......
Should I get rid of any of the programs above? Many seem redundant.
......
The most important question is what is the danger of doing nothing.
........
I need a convincing argument to show her the danger.
Security should be a risk assessment: balancing the overall risk magnitude (the _full_ "cost" to you if the event occurs and the probability of the even occurring) with the full "cost" of eliminating the possibility of the event occurring (which in most cases, really is reducing the probability of the occurrence).
Both Jack B and PavTheMan have already stated what should more than sufficient reasons to take reasonable steps to protect your system, which, depending on your use, could mean, in the extreme, protecting your actual finances, possessions, home, details of your personal life, conversations, medical information, insurance, and even person from harm. Whatever you use your computer for!
Generally, folks do not leave the door to their house unlocked, and wide-open. Coming home and finding someone, or more than one, routing around in ones living room, checkbook, day-timer, address book, personal and financial correspondence, medical histories, and other records rarely brings a warm and cozy feeling. Perhaps even worse, would be having this occur, and NOT knowing it, until more damage is done.
Even if your computer use leaves you with little or no exposure, should it be compromised, such an event could have serious negative consequences for others. Once your machine is "owned" by someone other than yourself, it can be used for whatever those who control it want to use it for. This could run from childish games, to storing data, to mass UCE (spam) theft of services, to serving data, to participating in organized attacks on others. Do you really want to be complicit in an attack that slows down, or crashes computers servicing an essential infrastructure(s) like communications, medical, traffic, police, fire, possibly at the cost of the physical health and safety of others?
How about having to defend yourself from the civil and/or criminal charges of participating in such acts? Sure, you might successfully challenge such charges, but why, why, not take the keys out of the ignition, and lock the car door. Once again, the cost of greatly reducing the risk is very very small.
While the chances of the worst happening to _you_ are, fortunately, not great at this time, it does happen, and the potential damage is very high. When weighed against the "cost" of mitigating the risk, protection seems quite reasonable.
»www.informationweek.com/story/sh···16400073
You didn't mention if you have a NAT ROUTER
-If connecting via Cable/DSL, make the very important and small investment in a Router (How Routers Work) with NAT (How NAT or Network Address Translation Works).
One example is the LinkSys Etherfast Cable/DSL BEFSR41. The price has dropped way down (09-2003: $50-$60US), and it will serve well in protecting against the hordes of INBOUND nasties. It is very easy to set, and operation is "set and forget", for the most part. Relevant DSL resources are: The DSL Linsksys Forum FAQ: Tricks, Tips and Firmware, and the DSL Linksys Forum itself. There are other good routers.
Make sure the Router is properly configured (at a minimum, change it's password, block WAN requests, disable "remote management"). On dialup (backup connection perhaps), with no router, be absolutely certain that a solid software firewall is always properly configured.
Most of the programs you listed seem reasonable. Some do not run all the time. | |
bruzzesPremium
join:2001-04-26
Euclid, OH Reviews:
·AT&T U-Verse
| reply to bruzzes
Re: Need convincing argument about security dangers. I cannot thank you people enough.
I am aware of the dangers but needed info to convince her.
The trojans have been removed, and I have the trial version of TDS-3 and Trojan Hunter and both came up clean.
Is the Pest Patrol worth the 40 dollars?
--
"Where am I" I asked. "Your on the Island of Conclusions" he replied. "How did I get here?" said I. "Why you jumped here, of course" | |
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to bruzzes
Why Bother? Good Question!! said by bruzzes:
. . . .
I have several questions.
. . . . The most important question is what is the danger of doing nothing. My wife does not want me to mess around with the computer. She says, so what, if it is running OK, ignore these intrusions. I need a convincing argument to show her the danger. . . .
I want to concentrate on this one part of your original post, which seems to me to be the crucial issue.
Not long ago, another individual (who at least lurks here) posted an extremely similar query on another forum. Upon reconsideration, that post was eliminated, along with several replies that had already been appended to it (including one of mine, I might add!) It's gone, there's apparently nothing that can be done to reconstitute it or reference it.
What your (and his?) query boiled down to is "What the hell can we do to easily convince someone totally ignorant or indifferent to security (on the Internet) that it's crucial not only for themselves but also for others? Is there a website someplace for people like this to which I can refer them where they can quickly and easily learn the answer without having to rummage through a lot of tech speak?"
Now, you've gotten some good substantive answers to your specific query in this thread. I'm just far from convinced that your wife is going to read through them (or understand them, if she does). In my opinion, there is no easily readable website to which we can refer these people to educate them. And that's a big deficiency in what we're trying to accomplish here. It's a deficiency that needs to be corrected. But, quite frankly, it's not all that easy to do. The language used, not to mention the organization of the website itself, is everything here. These people can't simply be referred to a multi-panel scrolling display in "tech speak". They'll simply zone out after the first screen.
For the most part, the individuals we're talking about here don't do anything terribly esoteric on the Internet.
So, the first requirement is that they need to be able to locate sections on what they do use the Internet for, get a very succinct discussion of what could happen if they do this with no security (consequences), and then be provided with possible solutions to this issue. Telling these people that they could get infected with a virus, Trojan, worm or whatever means absolutely nothing to them, for the most part.
The second requirement is that this website be written in plain language (there's a possibility to do this, even in English ), not in "techno-babble" that means absolutely nothing to these people and simply turns them off.
The third requirement, IMHO, is that the website provide hyperlinks (for each of the "I only do this" pages) to a graduated set of increasingly technical websites that go into more detail (and possibly more exotic threats). There's no promise that some of these readers will go beyond this website itself (wherever it may be located). However, if they do wish to do so, then it would be a very nice idea to provide such a graduated discussion of each "I only do this" page. This is not therefore an easy website to develop.
I can only hope that someone will pick up this challenge. (No, a FAQ here at BBR/DSLR ain't gonna cut the mustard for these people, in my opinion. It's gonna take something far more sophisticated than a FAQ.)
We now return you to your regularly scheduled browsing.
--
Regards, Joseph V. Morris | |
 R2R NotPremium,MVM
join:2000-09-18
Long Beach, CA
kudos:1
4 edits | reply to bruzzes
Re: Need convincing argument about security dangers. To address another part of the original question(s): quote:
Is there any program I can buy to give me better control? Should I get rid of any of the programs above?
From what I can tell and in my humble opinion, a vast majority of 'MalWare' is loaded on to your computer through ActiveX. I don't think anything else out there is capable of infecting your system like this.
So, to me, one of the primary goals of Internet Security HAS to address controlling ActiveX. A Firewall isn't going to do it. An Antivirus in and of itself isn't going to be good enough. You need to do something else.
You have a few programs installed that are designed to curtail evil ActiveX. SpywareBlaster and SpyGuard will block some -- although I believe the emphasis of these is more on 'SpyWare' blocking than MalWare blocking and/or overall Security. Also, you seem to have some sites added to your Restricted zone; however, 200 sites is NOT nearly enough.
To prevent further infections, I believe that limiting ActiveX in the Internet zone would be your most useful choice. Additionally, using a larger database of MalWare sites (e.g., Eric's IE-SpyAds) would be helpful.
While both Eric and JavaCool began their projects to block 'SpyWare', I believe they both make an effort to include other evil items as well.
_______________
Dissenting views encouraged.
| |
| reply to bruzzes
Re: Need convincing argument about security danger Bruzzes: I don't have any experience with pest patrol, but there was some discussion about a month ago here. link:
»Pest Patrol vs TDS 3 | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to jack b
Re: Need convincing argument about security dangers. jack,
I'm building off my original response in this thread, because you actually suggest several possibilities here (all of which are quite valid).
However, my point is that not all of these people are necessarily vulnerable to each and every one of these threats. That's one of the reasons I suggested formulating responses in an "All I use the Internet for is ... " format. That's the way these people are going to think and that's the way the responses need to be structured.
said by jack b:
ARGUMENT NUMBER ONE: Identity theft.
A trojan can give the author access to your files remotely, just like you can sitting right there. And watch what you're doing in real time, everything that you do.
Working down by the numbers, the 'audience of interest' needs to get to the Trojan issue by being able to say "This is what I do. How am I going to end up with a Trojan on my own machine in the first place?" Now, "Install a firewall" is not an answer to how you keep Trojans off your machine (nor is it necessarily a solution in the event you do get infected with one -- however that might happen). We need to make it quite clear to these people that "If you do this (very specific itemization, (preferably on individual pages at the website I am recommending as being developed) on the Internet and don't take the following security measures, you could end up with a Trojan on your machine. If you end up with a Trojan on your machine, it could do this -- to you or to others. To minimize the possibility of this happening, we would recommend that you do (another list..., but specific to the function at issue for which the person in question is using the Internet).
While some Trojans have keylogger functionality, not all keyloggers are Trojans (certainly not Remote Access Trojans -- RATs). What should these people do about keyloggers that aren't Trojans (in the classical meaning of the two terms)?
We can't talk (to these people) simply in terms of browsers, NNTP clients, or e-mail clients; we have to talk in terms of what they use these programs to do. (My own kids don't think in terms of programs; they think in terms of what they are doing.)
I seem to be having some problem in getting the List function to work here at DSLR, but let me at least try: • I check out warez/porn websites occasionally (browser). What's the potential problem? • I use chat (IRC) or IM sites on which I can handle file transfers. What's the problem? • I run an FTP file server. What's the potential problems? • I use P2P programs (needs to be better defined). What's the potential problem? • I use a personal webserver or videocam server to 'publish' to the Internet. What's the potential problem? • I accept HTML-based e-mail from anyone who sends it to me. What's the potential problem? • I take e-mail with attachments that are then opened automatically. What's the problem? • I download binaries from NNTP (USENET) newsgroups. What's the potential problem? • Sometimes, I order products online and use my credit card number. What are the potential problems? • For convenience, I use online banking with my checking/savings/credit card/investment firms. What are the potential problems? This is the way these people think. They think in terms of what they're doing; not in terms of what PC app they're using to do it. Now, this listing to which these people can relate is hardly comprehensive or exhaustive and I don't maintain that it is. What I maintain is that organizing the explanation in this manner is critical. For example, I've got two kids here who use HotMail. Do you really think that they know it's going through Internet Explorer? Well, if you do, you're wrong. They simply think they're sending and receiving e-mail. End of discussion.
quote:
And the Own3r can give his buddies the keys to your computer, so it's not just one little intrusion.
Passwords, no problem. Got 'em all.
Personal info, not personal anymore.
Yep, all good points. One question: What the hell does this mean to the OP's spouse? What does it tell her about what security measures need to be on that computer? (And no, simply running a classical firewall, an AV or even an AT (memory-resident, in either of the latter two cases) does not guard against this kind of vulnerability.)
quote:
Stable operating computer, if they chose to, they could wipe out your entire system.
Also true. However the thing these people still need to know is how can what they are using the Internet to do lead to this situation? This is a critical linkage and it needs to be explained to them -- and based primarily on how they use the Internet. Presuming that most of these people are not flaming a**holes running amok in chat sessions, NNTP newsgroups, or whatever, you've simply implied (to them) that it's a random event. (Sh*t happens; learn to live with it.) We need to take this a bit further.
quote:
You cannot allow this stuff on there. Period. . . .
I'm really not bitching at you; I'm simply saying these people need a more explicit description of how what they currently do (whatever that may be and with no security measures whatsoever) can put them into a situation in which they'd probably prefer not to be. They need an explicit set of guidelines (for whatever they're typically doing today) can cause them grievous harm and how they can use security products (whatever's appropriate) to protect themselves against this possibility.
The only thing I see missing from your post is a discussion of what can happen if they are zombiefied, but I think subsequent respondents have picked up on that.
Not a gripe, just an extension on your original posting.
--
Regards, Joseph V. Morris | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA
1 edit | reply to PavTheMan
said by PavTheMan:
With a Remote Access Trojan, you could be uploading child porn without your knowlege.
Indeed, with a RAT (however it got there), you could be either uploading or downloading porn (not just child porn) without your knowledge.
I must admit that I'm not personally interested in having the FBI turn up on my own doorstep and taking my PC(s) away. (Besides, it's really not fun to talk with them if they show up.)
But again, what the OP (and his spouse) need more information on is how they could keep such Trojans off their PC(s) in the first place. Now, some of this involves security software, and some of this involves good ole common sense.
--
Regards,
Joseph V. Morris | |
3 edits | Re: Need convincing argument about security danger said by jvmorris:
... what the OP (and his spouse) need more information on is how they could keep such Trojans off their PC(s) in the first place. Now, some of this involves security software, and some of this involves good ole common sense.
Joseph,
In response to all of your above posts, I think you have hit on an answer with a site design like you propose. It should start of with "funny-paper-simple" explanations, perhaps using drawings. It could go deeper, and more technical, though remaining relatively simple would probably be a laudable goal to be most effective to those who we somehow manage to drive to view it. The advanced already know, or know how, and were else, to obtain the answers.
We would need to develop and fine tune a flow chart, and then start composing the language for each page. The different general solutions to most folks computing and internet usage would not be that numerous.
I can barely operate FrontPage (shhhhh).... , but would volunteer to work on this with others, perhaps to develop a preliminary model.
How to get those who need to see to see it is another problem. | |
bruzzesPremium
join:2001-04-26
Euclid, OH Reviews:
·AT&T U-Verse
| reply to bruzzes
Re: Need convincing argument about security dangers. Some feedback on the wonderful answers I have received...
I gave many people encourage votes and choose a post that had answered many concerns. I hope that does not prohibit further replies.
A web site that has cartoons to keep it simple as an intro would be just perfect. Then maybe simple solutions to at least get some type of minimal security. Then on to the minimum requirements of programs, (anti-virus) pop-up stoppers and equipment. (routers)
One poster is correct in that long drawn out technospeak will bypass all but the most savvy.
I cannot afford a router, and have been using free programs for that reason also. I now feel the need to get at least some sort of Suite that can give me the most for my money. Could someone recommend a product?
I have stayed away from Norton due to questions that are asked in every forum on this site. Perhaps my ignorance is un-justified.
What would be especially beneficial is the baby steps I could take to secure my browser IE 6 right now. An anti virus program CA or AVG and any other program that I do not have.Should I re-download CA? (I thought this free program is only good for a year?) I have AVG now. I am sure I should not have two anti-virus programs.
I have the tds and Trojan hunter trial programs right now, good for 30 days. Should I buy one of them?
I will TRY to get the wife to read this thread, I just hope it is not too technical to keep her interest.
I will provide some more feedback when she reads the info provided.
Thank you all for your expert responses.
You all know that this is the best site on the Internet for problem solving.:)
--
"Where am I" I asked. "Your on the Island of Conclusions" he replied. "How did I get here?" said I. "Why you jumped here, of course" | |
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:4 | reply to bruzzes
she says ignore the intrusions. tell me where you live, so I can stop by. Leave the doors unlocked too so I can just walk in. I wont mess up the house, it'll still be okay. leave me the bank account info so I can get some money, leave me all her personal info as well.
That's basically the way I've had to relate it to people who dont really understand....it usually sinks in then
--
I want to die in my sleep like my grandfather...not screaming and yelling like the passengers in his car ... (posts) ... AIM ... | |
 BubbaGIT-R-DONEPremium,MVM
join:2002-08-19
St. Andrews
 ·DIRECTV
 ·Pickwick Cablevi..
·Comcast
1 edit | reply to bruzzes
said by bruzzes:
My wife does not want me to mess around with the computer. She says, so what, if it is running OK, ignore these intrusions. I need a convincing argument to show her the danger.
Having experienced this same dilemma....I initially had an up hill battle but as we both worked together I was able to have my cake and eat it also. Perhaps for you it will be as easy as knowing some of her surfing habits and allow as much as possible. Placing a number of sites in the Trusted Zone let her have her Martha Stewarts\Food Channel type sites and a compromise was met.
--
"Well, butter my butt and call me a biscuit." | |
R2R NotPremium,MVM
join:2000-09-18
Long Beach, CA
kudos:1
3 edits | reply to bruzzes
quote:
I cannot afford a router
What do you think a router is going to buy you that a good software firewall won't? Do you really think those infections snuck through holes in your firewall?quote:
I now feel the need to get at least some sort of Suite that can give me the most for my money.
Why? What are they going to do for you that other non-Suite tools can't? quote:
I am sure I should not have two anti-virus programs.
Why? Don't you think they look at each other's definitions and then make the same? One good one is enough. quote:
I have the tds and Trojan hunter trial programs right now, good for 30 days. Should I buy one of them?
Certainly you could. But, remember, that is post hoc treatment. Why not prevent the infection in the first place?
You have given a good example of the problem. People feel they must 'buy' something to be safe... OK. Your choice.
Prevention is far easier than cure.
| |
 dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | reply to bruzzes
Pest patrol has issues with too many false positives so with it you really dont know if you have a nasty or not. TDS3 and Trojan hunter are both good. if you're going to buy, go with one or both of those.
--
You can never be too rich, too thin or have too much Bandwidth | |
jack bGone FishingPremium,MVM
join:2000-09-08
Cape Cod
kudos:1 | reply to jvmorris
Eloquent post extension, and valuable additional discussion.
Thanks Joseph. Once again, well done.
| |
| reply to R2
said by R2:
You have a few programs installed that are designed to curtail evil ActiveX. SpywareBlaster and SpyGuard will block some -- although I believe the emphasis of these is more on 'SpyWare' blocking than MalWare blocking and/or overall Security.
[snip]
While both Eric and JavaCool began their projects to block 'SpyWare', I believe they both make an effort to include other evil items as well.
Yes indeed - while the current focus of SpywareBlaster is to block spyware/adware/browser hijackers/dialers (since those are the main threats that are installed via ActiveX these days) if anything comes along that is malicious in nature, and that can be blocked using SpywareBlaster's method, I will certainly add it to the database. 
Best regards,
-Javacool | |
|
