Re: Dumb question: Is Windows box behind a router safe ?

[Camilo Uribe <camilo.uribe () gmail com>]

On Wed, Sep 23, 2009 at 1:43 AM, Steven Anders <anderstev () gmail com> wrote:

> Michael, thank you for the explanation. And thank you everyone for the
> thoughts. Appreciate it. My apologies if I get on the nerves of people with
> my dumb question :-) .
>
> Now after further reading, I am now educated of how bad software use holes
> in apps like browser and the plugins to do bad stuff on the user's computer.
> Especially with the fraudsters getting better in SEO-ing their websites and
> malwares to the top of Google Search pages. I think I myself encountered so
> many of such sites for "long-tail" search query.
> 1. Upon further Googling, I also read about Web Attacker and Mpack - which
> pretty much allows everyone with basic programming knowledge, to host their
> own exploits in their own web site. Does anyone have any insights on this ?
> I think this may have been used by the fraudsters to commit credit card
> frauds (with passing AVS checks, CVV2, and IP addresses) - the reason I feel
> so is that some of the email address associated with the order are tied to
> domain registrations for a bunch of scrappy websites with loaded iFrames.
>
> 2.  For the Windows box, I plan to:
>     - ensure the Automatic Updates is ON for that PC :)
>     - install a firewall (ZoneAlarm free version)
>     - install an anti virus (AVG free version)
>     - install Secunia Personal Software Inspector (PSI).
>     - install NoScript firefox add-on
>
>    Having recently run Secunia PSI in both Simple and then Advanced Mode,
> on a relatively-well maintained Windows machine, it found 11 software that
> needs to be patched  (Java, Adobe Reader, Flash player, etc) which leads me
> to wonder..
> Assuming the Windows system is all patched up with all the updates, and the
> software updates (Browser, Flash, Java JRE, Adobe Reader, etc) - and the
> user accidentally came across some novel exploits by browsing some website,
> and then the PC got infected;  will the personal firewall like Zone Alarm be
> good enough to catch that "evilbotnet.exe is trying to access 55.11.22.34 "
> and prevent further damage? Or what are the potential scenarios that could
> happen, depending on the sophistication of the malware?
>  3. A colleague told me of a program for Windows called "Sandboxie" that
> could isolate application - http://www.sandboxie.com/  - Will this ensure
> the security for specific use case of web browsing ?
Steven, your should send your questions to a more adequate mailing list like
security basics http://www.securityfocus.com/archive

"This list is intended for the discussion of various security issues, all
for the security beginner. It is a place to learn the ropes in a
non-intimidating environment, and even a place for people who may be experts
in one particular field but are looking to increase their knowledge in other
areas of information security.

The Security-Basics mailing list is meant to assist those responsible for
securing individual systems (including their own home computer) and small
LANs. This includes but is not limited to small companies, home-based
businesses, and home users. This list is designed for people who are not
necessarily security experts. As such, it is also an excellent resource for
the beginner who wants a non-threatening place to learn the ropes."

http://www.securityfocus.com/archive/105/description

> Thank you all in advance.
> steve
>
>
>
> On Tue, Sep 22, 2009 at 11:42 AM, Michael Fritscher <michael () fritscher net
> > wrote:
>
> > Hi Steve,
> >
> > I hope you haven't caused a storm with aggressive mails here^^
> > This maillinglist is more about now detected holes in soft- and
> > hardware...
> >
> > First, you certainly mean not a normal router (which is on most cases 100%
> > transparent in both directions), but a NAT-router.
> >
> > What the NAT blocks (in most cases) are incomings connections - But
> > expecially since XP SP2 this is a very seldom used way to attack
> > computers.
> > Nowadays, most bad software use holes in apps - browser, office, flash and
> > so on which use outgoing connections - which are NOT blocked by a
> > NAT-router.
> > So, yes, a bot connectiong to a botnet could be installed if Firefox or a
> > plugin like Flash, Java, Quicktime and so on has a hole and you browse on
> > a "bad" site.
> >
> > Btw, please read about NAT, routing, current bad software etc in the
> > internet - this will help you understanding the concerns.
> >
> > Sincerly,
> > Michael
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



-- 
Eventos tecnología, un solo portal con todos los eventos
http://www.eventostecnologia.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/