I never saw your last post. Sorry about the delay in responding.
Quote
Where I am in Oz we have limited bandwith so downloading a scanner and database each time I want to check for a virus is out of the question, financially at least. Any significant amount of cloud computing stuff is not going to happen here for quite a while.
I can't say if this applies to all the online system scanners but the last time I ran HouseCall, it updated the previously downloaded scanner, much like a conventional AV would. The main page of the scanner claimed that 2K or newer was required but the scanner downloaded and worked fine. There were a few activities I questioned the need for and decided not to allow, like a specific component that tries to get your MAC address, but the scanner still worked. When I have the time, I'll try to go through the available online scanners and see which ones still work with 98. It will be a while before that happens.
Quote
Another question is "how do you protect yourself from site hijacking?" It happens to banking sites and such so an online virus scanner seems like a pretty inviting target for exploitation. Sure the connection would be SSL but certificates have been spoofed and the incentive for the bad guys to find a way in is in the mega-buck range. Can you imagine the damage if such a site was compromised for even a day? Personally, there is enough to be thinking/concerned about surfing the net. I _never_ do internat banking because of site spoofing and the like. That might be considered paranoid but I'm old (and proud of it) and I'm allowed! ;-)
Paranoid? I don't own a credit or debit card and have never used an ATM. There's nothing paranoid about it. It was just this year that I started using the online facilities of my bank with my checkbook. The problem is that you have to trust that both their end (the financial site) and the DNS system that took you there have not been compromised in addition to knowing that your own system is secure. There's 2 separate problems here. The first is knowing that you're actually at the site you wanted to visit, and that you haven't been redirected to a spoofed site. The second problem is when the legitimate site gets hacked. The
Bank of India was hacked badly a while ago and was serving up a lot of malware, including password thieves.
Other than making your own system resistant to any malware a compromised site might serve up, there isn't much you can do about the integrity of their end, but there are some things you can do on your end to offset some of the problems.
Site Spoofing, making an almost identical copy of a legitimate site for the purpose of stealing your log-in credentials, credit card info, etc. The site may look the same, but its IP address is different. Get the IP addresses of the financial sites you use and add the address and site name to your hosts file. That defeats attacks that use the DNS system. You can also use firewall rules that restrict the IPs you can make secure connections to. If the IP is wrong or changes (redirected), your firewall should alert you.
Part of the solution has to come from the financial site. On the initial login page of my bank, only your login name is entered, which can be anything you choose. The site may or may not challenge me with a security question. The site then has to display an image and a line of text that I selected when I set up the account. If I see those, I know it's the correct site. A spoofed site would have no way of knowing what those would be. If they're correct, I enter the password. If a financial sites login system does not have provisions for you to authenticate them and well as them authenticating you, don't use it. They're not facing the realities of todays internet.
Some browsers allow the same user to have several profiles. With those that do, setting up a profile that strictly for financial or sensitive tasks can help. Any cookies or temp files created are in a different location than those used by the default profile. It's also a good idea to make any financial work the first thing done in a browser session, and to not visit any other sites during that session. Wiping the browser cache, history, cookies, temp files, etc after a session would prevent a malicious site that's visited afterwards from collecting that data. I use the launcher component of
Eraser for this, executed by a small batch file. One click wipes all the locations. Use version 5.7 on 9X systems, not the newer one.
I'm not particularly impressed with the extension system in Mozilla browsers either, especially NoScript. Any security/privacy tool that presumes to whitelist sites without my consent isn't wanted, especially when Google is in the list. I use the FlashBlock extension like a switch for flash content. The actual content filtering is done ahead of and independent from the browser by Proxomitron. This eliminates problems caused by vulnerabilities in security extensions. Firewall rules prevent the browser from accessing the internet without going through Proxomitron.
Regarding attacks on external hardware like routers, DSL modems, etc, I'm convinced that there's a lot of vulnerabilities and possibly even built in backdoors that we don't know about. I've had several DSL modems that have an upper range port open that can't be closed with any of the configuration options. On every one of them, the port number has been different, but they've all had one open port. I can't determine if this is something my ISP has done or if it comes that way from the vendor. I've also disabled UPnP on everything and added blocking/logging rules to Kerio for the UPnP ports.
I've been working on some web pages that detail how to use SSM free on 9X systems to enforce a comprehensive default-deny security policy sufficient to offset the lack of AV support. It's taking much longer to finish than I expected. Too much else to do and not enough time in a day.
Rick
herbalist, on May 14 2009, 07:12 PM, said:
RKU_Report.txt (37.7K)
browseUI.dll.gif (31.02K)
Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
Back to top