Security Basics mailing list archives
Re: How to Protect against Rootkits?
From: Erin Carroll <amoeba () amoebazone com>
Date: Fri, 31 Mar 2006 17:56:06 -0500 (EST)
Syed, What works for me may not work for you but here are some suggestions for a home user (I assume this is a Window machine).
What precautions etc can a home user (or anyone else) take to protect against Rootkits http://www.f-secure.com/weblog/archives/archive-032006.html#00000841? Is it a simple case of don't open any dodgy attachements, or is there anymore to it? Is there any decent virus detect/cleaners out there? How about Sony DRM style Rootkits that arrive from a "trusted source"? I just want some ideas and Best Practices to adhere to in this regard.
Aside from minimizing the chances of web-install drive-bys via IE holes by using a relatively more secure browser like Mozilla/Firefox/opera. In addition to being somewhat more secure by default, the alternative browsers tend to have much more configurability and useful plugins. Ad-block, privoxy, etc. I would highly recommend ditching IE unless you have specific needs which require it. I would recommend a solid software-based firewall with executable and port-blocking capabilities. I personally use Kerio but there are others out there (ZoneAlarm etc). The bonus of application-level filtering allows you to see what app or component is attempting to make a connection somewhere and to what executable/library or remote host. A lot of people make the mistake of setting up a firewall that blocks all but port 80 or other common ports and think they are safe. Many viruses or rootkits take advantage of this by using those commonly unblocked ports as communication channels for their purposes. Rootkits can be attached to just about anything (i.e. the Sony debacle you mentioned). However, if you have a way to see and selectively block outgoing/incoming connections by application (not just port) to your machine you can have a greater awareness of what's going on. Kerio is one such that has that functionality. In regards to Anti-virus, stick with the Best-of-Breed options. I tend to steer clear of McAfee or Symantec as they tend to be large resource-hogging apps. I've been happy with AVG Anti-Virus personally but there are others out there of the same quality. As a pen-tester and security freak I tend to visit rather... shady... sites and use applications with nasty stuff in them to see what makes them tick. However, I've yet to be hit with a virus or rootkit (knock on wood-shaped packet) excet on purpose. As long as you keep your system up-to-date with current patches, run a firewall of some sort, and a good anti-viral app, you should be 99% secure. There is no such thing as a truly safe networked computer but by having some minimal safeguards in place you make it unlikely to become a victim. You can't be bulletproof but you can wear enough kevlar to make it a waste of bullets for Bad People<tm>. Erin Carroll Moderator - SecurityFocus pen-test mailing list amoeba () amoebazone com --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: How to Protect against Rootkits? Erin Carroll (Apr 03)
- Message not available
- Fwd: How to Protect against Rootkits? Tomas Korcak (Apr 04)
- Re: How to Protect against Rootkits? Yousef Syed (Apr 11)
- Fwd: How to Protect against Rootkits? Tomas Korcak (Apr 04)
- Message not available
- <Possible follow-ups>
- Re: How to Protect against Rootkits? revnic (Apr 03)
- Re: How to Protect against Rootkits? pabrantes (Apr 03)
- Re: How to Protect against Rootkits? Anthony Ettinger (Apr 03)
- Re: How to Protect against Rootkits? Kelly Martin (Apr 03)
- Re: How to Protect against Rootkits? Anthony Ettinger (Apr 03)
- Re: How to Protect against Rootkits? Kelly Martin (Apr 03)
- Re: How to Protect against Rootkits? Anthony Ettinger (Apr 03)
- Re: Re: How to Protect against Rootkits? ano (Apr 04)