Sunday, January 21, 2007

Generic Security "Advise"


A serious subject, I shouldn't be so flippant. It has been noted by the more savvy amongst us that visiting IAFF can be a dangerous affair. I can do anything about your blood pressure or beverages spayed all over your screen but maybe these suggestions can be of use to keep your computer safer.

First the situation: Some people report rouge install attempts when visiting Casey's sight. I doubt it is explicit in his code. He doesn't have the skills. I'd suspect some piece of borrowed code or an external reference. Doesn't matter and I'm not gonna muck around in his codeworld for the same reason I don't need to study hydrocarbon chemistry to fill my gas tank. [I did study hydrocarbon chemistry and used it to beat the PA but that's a different story.] The point is respond appropriately.

If you still have only a PC there's a few "shoulds" and a few "musts."

You must not use IE6.
You should not use IE7.
You should use Firefox.

You should consider adblock, zonealarm, noscript. Not everyone always needs all 3.
You must use ad-aware or similar.

Now for a controvertsial recommendation. A hardware firewall. Software firewalls don't work. Software firewalls are a Microsoft product or MS approved product, 'nuff said? Understand, Win xx is an insecure product BY DESIGN. That is not criticism, it is just a statement of technical specifications. orget any of that if it annoys you or even if you disagree. Just think of a hardware firewall as belt AND suspenders or as a performance upgrade. That's the other thing, sofware firewalls, anti-virus, and other system level protections rob cycles. XP with Norton's and built-in firewall, and you don't know how many times I've seen this; plus MacaFee runs at half speed. Nevermind the cash money costs and time to keep them running.

Firefox with javascript off behind a hardware firewall is reasonably secure. It is also easily repaired and fast. It isn't just about secure but how much of your life you want to dedicate to upkeep.

11 comments:

Anonymous said...

...Or you could switch to Ubuntu Linux, like I did! :)

Rob Dawg said...

kw, good point. I was impressed at the ease of install for amatuers and the absolute minimal hardware reqs Pentium anything or Celeron anything runs well with anything more than 256Mb. I suspect 128Mb but I have so many SIMMS lying around I didn't bother.

I've been building NAS for clients with old boxes and FreeNAS lately. Easy and cheap and supports AFP.

Anonymous said...

I went to pcflank.com and ran the simple test on my IE7 ( which I do NOT use to visit IAFF) it came back that everything was stealth with no vulnerability.

Thanks for the headsup on IAFF. I remember Homey a while back saying that CS was up to something with IP's and such.

Has anyone found a trojan or virus yet, and what exactly is the name?

Anonymous said...

Uncle Rob,

I don't see the sitemeter, or Amy's picture? What gives? "Honest" Casey made some changes without letting the us know?

Man, he gives me the creeps.

Rob Dawg said...

Amy's pic is down as noted in the previous thread but her link is still active.

As to sitemeter save the link:

http://www.sitemeter.com/stats.asp?site=s27iamfacingforeclosurecom

It is still there right under the "tip jar." Tip jar? What's up with that crap? If I wanted to balance the books he should be paying us.

Anonymous said...

I'm the guy in the other thread who mentioned running Kaspersky Internet Security along with Firefox and NoScript.

A little extra information is in order here.

In addition to Kaspersky Internet Security suite, I also run Spyware Blaster, Spybot, Ad Aware and Windows Defender. I also run a couple of other antivirus programs in addition to Kaspersky.

After reading comments about "trojan viruses" (which are two different things), I ran a sweep of my machine with Rootkit Revealer. (There are classes of malware that can be hidden from spyware and anti-virus programs)

To make a long story short, I am clean on all fronts.

I saw the same comments in a single thread on IAFF about trojans. There were 4 comments in all.

The first 2 seemed to have been made by functional illiterates. (Superman was one of the posters, and I don't recall the second).

Of the more credible posts, one person mentioned ZoneAlarm catching something on the outbound side, and another mentioned an attempt to connect to something like euro-sw.net.

I did a "netstat -a" and when I read those comments and found nothing to be concerned with.

Though I have pretty good security (for a Winblows machine), I think the comment that someone made about Casey having a big enough audience that people with malware on their machines from other sources may be assuming that it came from Casey.

While I agree that Casey lacks all morals and would be likely to try to do something like that, I also recognize that he isn't the "computer guru" that his fans make him out to be. (In my opinion, he could do nothing more than the average script kiddie with a low IQ is capable of doing)

Though I prefer to remain anonymous, I don't mind sharing the fact that I am a computer professional, I do write code, I am not a script kiddie, and I know quite a bit about security.

While everyone should be aware of the dangers of visiting questionable sites, and while periodically (once a week or more) doing deep scanning of your machine (even Macs and Linux boxes) is a good idea, I don't believe that Casey has been playing with serious malware.

Anonymous said...

another vote for Ubuntu, I only use XP when I have to now, also Ubuntu will run from a CD if you want to check it out first. Knoppix Linux is another option and is designed to run from a CD....
Not having to hassle w/ adware, spyware, viruses, and all the andidotes is a huge relief.
BTW, the HB blog has a link to a good article on mortgage fraud, cash back deals, and the havoc they cause at
http://www.azcentral.com/arizonarepublic/news/articles/0120mortgagefraud0121.html

astrid said...

Thanks for all the info! So Casey is probably not a criminal genius hidden under his criminal idiot exterior.

I didn't find anything either and I usually surf strange sites with Java turned off.

Anonymous said...

@ anon 9:53

That was me w/ the ZoneAlarm and eu-soft.net comments. Thanks for your insight, figures that I wouldn't get a response from Casey.

I visited Gibson Research based on a link on another thread on this site, and I turn up stealth (Wireless router has hardware firewall, and I'm running ZoneAlarm w/ its built-in antivirus and antispyware). After running a full scan, a few items of spyware/adware popped up and were cleaned. I still haven't tracked down the source of the eu-net trojan (could just be some software I have installed) but ZA blocks it whenever it pings. Thanks.

Anonymous said...

Did a quick Google of "eu-soft.net". They appear to be legit publishers of CoolPlayer and a few other pieces of software: http://www.download.com/EU-soft/3260-20_4-6269992.html

You might have one of them installed, and the thing is phoning home, maybe to check for updates, etc. After this Google search, I'm not particularly worried about what you're seeing.

Google: systems administrator's best friend.

Anonymous said...
This comment has been removed by a blog administrator.