What if every security measure fails...
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: What if every security measure fails...

  1. #1
    Member
    Join Date
    Dec 2011
    Posts
    35

    What if every security measure fails...

    This is just a "what-if" scenario, and I really doubt there are many virus/trojan/malware/rootkit/etc capable of doing this:

    **Assume a Wired connection w/ default ISP router/modem
    **Assume using OpenDNS and a 3rd party Proxy service

    1) Bypass web browser securities - (IE. Firefox w/ NoScript, AdBlock, BetterPrivacy, BlackSheep, HTTPS-Everywhere, etc.)
    2) Bypass sandboxed browser - (IE. Sandboxie)
    3) Bypass AV/ISS with IDPS
    4) Bypass auto-exec programs - (IE. Faronics Anti-Executable)
    5) Bypass sandboxed VM - (IE. DeepFreeze, RSS/RVS, etc)
    6) Infect the locked OS files

    That's basically my setup plan for my new system... but I really doubt there are that many malware capable of getting through all that (from a clicky-clicky / Adobe / Flash infection).

    Anything else I should add to better protect myself and prevent all of the above from failing?
    I know nothing is 100% hack-proof due to exploits, but I'm trying to learn to see what options I have available (that is all/mostly Free)...
    Last edited by dredogol; January 3rd, 2012 at 09:47 AM.

  2. #2
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    That's basically my setup plan for my new system... but I really doubt there are that many malware capable of getting through all that (from a clicky-clicky / Adobe / Flash infection).

    Anything else I should add to better protect myself and prevent all of the above from failing?
    I know nothing is 100% hack-proof due to exploits, but I'm trying to learn to see what options I have available (that is all/mostly Free)...
    Sorry to not answer directly to your question, but I would just like to add that some of the greatest weaknesses in computer security are user error, such as:

    - Comfort (lazy administration)
    - Bad or lazy policies (bypassing security measures to get rid of nags or to speed up everday work)
    - Weak passwords
    - Not spending enough times reading log files (ignoring system errors/messages)

    The reason I say this is because no matter what security software you setup or use, it all goes to waste if the user doesn't play along.

    As far as i gathered from all your posts, I see that games are also of importance to you. How often do you disable or ignore security measures just to be able to play flawlessly (such as just click on accept on firewall rules to let a game connect)? (One example is this new game, battlefield or the new COD i think that installs some nasty sh!t along with the game to make sure its authentic etc....)

    The weakest link is always the user!!!

    Just my 2 cents

    Cheers
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Haha - bf3 installs a browser plugin and punkbuster .

    Not sure what game you are referring too.

    Anyways, I am an avid gamer and I always check what ports etc need to be opened at the router/ f/w level in order to authenticate.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Member
    Join Date
    Dec 2011
    Posts
    35
    Alright... here's another Q...

    Option #5... full-blown VM, or a VM sandbox?

    I'm debating if I should:
    A) Just install VirtualBox (free) to do my all my volatile IM/Browsing, and copy necessary files back to my host PC (no games on VM).
    B) Install a sandboxed VM like DeepFreeze or RSS/RVS... and leave my entire host PC vulnerable.

    Of course, in both cases, proper user restrictions and policies will be enforced.

    Would the VirtualBox route be the smarter method, if all my web-browsing and volatile processes are isolated there... and all the other safer offline and game activities are on the main host pc?
    Since games are on the main host pc, all the major performance issues related to VMs won't be an issue in this case.

    I have 4GB of RAM , 1TB of HDD , and running a 3.4GHz Quad Core2 processor.

    Any thoughts?

    ------------------------------
    Oh, and 1 more thing...

    Since the guest PC is accessing the hardware of the host pc to access the internet, are there malware/rootkits that infect the host pc, completely evading the guest pc in the first place, because the network access is run through the host first?
    Not sure if this is possible, because all the packets have to be assembled at the application level on the GUEST pc, but I have no idea if any partial packets can do any harm to the host side at the transport level...
    Last edited by dredogol; January 4th, 2012 at 06:35 PM.

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Dude, I've seen your posts on here, and they are all basically asking the same thing. Now, I admit, the first one we kind of took as a joke since you had a TIME LINE on it... Which, we are NOT going to just adhere to.

    But this one, I'll go into some detail for you, since you aren't basically saying you want the info by a certain date, and you seem to genuinely just want to learn as much as you can, to lock down what you have, the best you can. And I can respect that.

    Luckily for you, unlike the last time, I'm currently NOT in Excruciating Pain because of my back and shoulder and wrist and knee and Arthritis, and thanks to a bunch of Hydrocodone, Two Fentanyl Patches, and some Opana, I'm actually able to concentrate. (This has nothing to do with your post, but if I explain what it takes for me to not be in excruciating pain, it may help everyone understand why I'm in a bad mood sometimes. Anyone who was in THAT much pain, would NOT be chipper....And yes, I do in fact realize, that mixing all those with Hydromorphone, would kill most people. I'm not most people, and the amount of pain I'm in on a daily basis, makes it where I don't even get a buzz from all this stuff mixed together... The fact I don't get all stoned off ALL of that, should give you an idea of how much pain I'm actually in, and it's chronic, and therefore, doesn't go away ever.).

    Now, with explanations out of the way, lets get started:

    OK, first off, I understand you're using Windows XP, Service Pack 3.

    I can NOT stress enough, how badly you need to upgrade, or change OSs period. I used to have to sit and listen to people go on and on about how Windows XP could be totally locked down to a point of good security.

    Those are the same people, of course, who, if they were to do a fresh installation of it, would be infected like a cheap hooker LONG before they finished installing Patches to stop that **** from happening in the first place.

    You on the other hand said you have a CD or something, where you've got Security Patches on the Disc itself, so when you install, you already have some patches. I don't know the number of them you have, but I don't think you'd manage to fit them ALL on CD.

    So first, I think we should go into the Operating System itself, and start there:

    Windows XP, no matter what edition, in insecure as hell. I know, I know, I'm gonna get flamed by people saying that I'm only saying that because I'm a Unix Elitist. That may in fact be true, but it is NOT the reason I'm saying it.

    Windows XP... Lets begin from the start of a typical installation:

    You pop the CD in, install it, and, then, when it finishes, you have a Windows Admin Account that AUTO LOGS YOU IN WITHOUT A PASSWORD! Bad idea, but, not my point, so we'll keep going:

    Say you have a Computer running Windows XP, and you need to re-install the OS. How can you protect yourself in the time it takes to install patches, and your Anti Virus, and your Spybot, and all that, BEFORE the 15 minutes or so it's gonna take before you're back doored like a Back Street Boys back up dancer?

    I used to use Windows XP all the time; I had it on my Laptop, which is what it came with, and, I used it on two of my Desktops, which I dual booted with other OSs.

    Now, once the install is finished, one thing you can try, is what I used to personally do, to try and protect that thing from being back doored right away, or infected with some annoyance:

    Hardware Firewall! Or, Better yet, a "Hardware Security Device". I really don't know JUST how good these things really are, because they may work great, but they may also not work well at all.

    There are a bunch of them on the Market, and a lot of them don't cost much at all. I have one here, which is this:

    "D-LINK DSD-150" and the box says "Total Network Security" and "Secure Spot total Network Security by D-LINK".

    All in one Internet Security for 1 - 4 Computers. Internet Security Adapter. Single Application :

    -Virus Protection
    -Identity Protection
    -Parental Controls
    -Firewall Protection
    -Pop up Blocker
    -SPAM Blocker
    -Spyware Protection
    -Network Reporting

    The box also states - "Protects your Network from Viruses, Worms, and other online Security Threats" and "Prevents your child from downloading and installing unwanted Applications" and "Provides an easy to use Web Based Control Panel for Set Up".

    These used to cost like $100.00, but my Wife and I both saw this, and grabbed one for us, and my Mom, and they were 20.00 when we got it. I figured if nothing else; It was a new piece of Network Hardware to play with.

    This is one way of course you can go about trying to protect your machine while you're installing updates and patches.

    See, Windows XP, from a fresh installation, is going to have a LOT of updates. And considering it only really comes with Internet Explorer, Word Pad, Windows Media Player, and a few other things, that's actually a lot.

    Back in the day, on AntiOnline, people used to argue with me ALL the time how "Well, a fresh install of Linux has this many security patches, and Windows XP has this many"... They were idiots though, because a FULL install of any Linux distro, especially if you're talking about Debian, or SUSE, has like 20,000 + Applications it comes with!

    And they also don't look at what TYPE of Patches and Security holes are being plugged.... If SUSE has 200 Patches (I'm just making up a number there) but they're all just bug fixes or local exploits only, and Windows has 100, but they're all things where the Computer can be "taken over" then it stands to reason, that first off, with Linux you don't have to reboot for patches unless you patch the Kernel itself... Almost EVERY update on Windows, requires you to reboot.

    So, for a Fresh Installation of Windows XP, you have SOME Options to prevent the machine from getting infected BEFORE you've had a chance to lock it down.

    I personally like Hardware based stuff. I mean software Firewalls, and software Packet Filters work and all that, but I like HARDWARE Firewalls and Packet Filters. And it's not like they have to cost a lot. You can go to a Computer Group in your area and get OLD ass 486 Computers, which are REALLY old, and can't run Microsoft based stuff from today, and take that thing, install FreeBSD, Slackware Linux, or, another BSD based OS, and use it as a Firewall, Router, or both. And it won't cost anything in Software, and the 486 will probably cost you 20 dollars.

    So that's one way.

    The main issue, is that you have to actually manage to install Security Patches and fixes from Microsoft, and a lot of them not only require a reboot, some of them, won't let you download ANYTHING but THAT patch, and nothing else, so this is how it goes:

    Run Windows Update, select patches, install, reboot.

    Windows Update again, select a Patch, which then says it has to be installed by itself.... Install, REBOOT.

    Run Windows Update, select as many as you can, install, REBOOT.

    Run Windows update, and continue this vicious circle....

    Eventually, you see the end of the tunnel, and there's only one or two more left! You run Windows Update, install them, Reboot, and run it once more, seeing that NOW YOU HAVE TO INSTALL 10 MORE because they have to patch the patch they screwed up in the first place!

    I've seen this before and I can't even count how many times.... I run Windows Update for my Mom, and see there's only ONE more left. I then install it, reboot, and BANG! There's now 10 more patches, because you have to install patches, then, the others show up, AFTER you install certain ones, because they THEN have to release a patch to fix the patch they released before, because it breaks something else, all for a patch they shouldn't have had to release in the first place because it's something so stupid you can't Believe they even missed it in the first place, but they did, so, you have to install a patch that breaks something, THEN install another patch, to fix what they broke when they tried fixing what was already broken.

    This is why I don't respect almost anyone who uses Windows as a Server. I don't give a damn about having to reboot for a Patch to my Kernel, but having to reboot because of a ****ing Media Player that shouldn't even SHIP with a Server based OS.... WOW..

    Can you imagine having to have the balls to tell a customer "Yes sir, you should install this patch, because the Windows Media Player, which has NO USE on a SERVER OPERATING SYSTEM could allow people to exploit it and get into your machine...

    WOW that would take some balls.

    I installed Windows Server 2003 Enterprise Edition on a machine, because I wanted to see how it looked and worked. To my utter ****ing HORROR, I saw Windows Media Player patches in Windows Update, and I thought to myself "Who the **** would put a MEDIA PLAYER in a SERVER?????" And then, again, to my utter Horror, I saw that I had to REBOOT for this stupid patch.

    I'm not going to sit here and say Windows has no place, I won't do that. On the Desktop, it works well enough for most people, and they are getting Better. Windows 7 is a GREAT step forward for Microsoft. But Windows Server OSs, are a joke.

    So, with that said, can you get yourself a hardware Firewall? Or, can you get yourself a 386 or 486? Because basically, not only can FreeBSD and Slackware both work on a 486, but, you can always choose to grab a 386, and just use an older yet still supported version of either.

    Also, FreeBSD has a custom version made JUST for Firewalls.

    http://www.pfsense.org/

    pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.

    http://m0n0.ch/wall/

    m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).

    M0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.

    m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
    As you can see from this, you have options if you have the spare hardware. I know of a few people who will find a Pentium based PC (Basically, a 100 MHz Processor machine with like 8 MBs of RAM) and they then, install FreeBSD on it, and set it up as a router and Firewall.

    With FreeBSD, you can REALLY cut this thing down to almost nothing, with relative ease I might add, and basically, make it so that you only install the Software you actually need to run this thing, and during an installation of FreeBSD, it actually asks you if you'd like it to be a Gateway, and other stuff like that, and, of course, if you'd like to start the services to do this. So it's actually quite simple. And it won't cost you NEARLY what it would for a REAL hardware Firewall.

    And because you'll have such a bare bones system, updating it and installing Patches is simple; There aren't that many you'd need. And of course; Because it's FreeBSD, installing extra stuff you need LATER, is a breeze.

    So, for the fresh install problem, I'd say this is one way to go.

    I myself keep two hardware parts in front of all my machines, and that allows me to get things patched before anything gets in.

    Then, there's the part where you've now installed the OS, and have some patches installed, but, what do you do? Should you install patches first?

    Well, I personally keep a CD around for this sort of thing; I basically grabbed a bunch of software, like Spybot, and AVG, and a couple other things I know I want installed quickly, and, because of the fact that you can get 7-Zip totally Free of Charge, and, put the installer on CD, you can make an Archive, and Compress it, and fit WAY more.

    PeaZIP, TugZIP, and any other 7-Zip based product, which are all free I might add, have Compression that makes the ZIP Software from other companies, look like crap.

    I can Copy all the files I want to back up, and stick them in a directory, and then Compress that directory, and have it about half the size it normally is. And you can do better than that too!

    So, I take my CD, install Spybot, update it, and then, I use the Immunization feature, assuring my Web Browsers are safer, and of course, there's Teapot to watch over the System, which also put another step in your journey to security.

    A lot of people I know, think Security is a Program, or a couple Programs, and that's simply not true; It's a PROCESS. You can't lock down every machine every time the right way; You'll eventually have time constraints that don't allow this.

    Now, what can YOU do?

    Well, I'm not the only one who's told you that XP is NOT the best choice. I don't know what your financial situation is, but if you can, do this:

    Upgrade to Windows 7 ASAP. Windows 7 is one of the best OSs Microsoft have ever came out with. I HIGHLY recommend you do this ASAP.

    If you currently can not afford to do this, maybe switch to something else. Do you HAVE to use Windows XP? Is there something stopping you from using another OS?

    FreeBSD isn't exactly known for being newbie friendly, so I won't tell you to run out and do that; Not knowing a thing about Unix, will possibly back fire.

    But there IS something called PC-BSD! THIS is an OS that is VERY easy to use, and doesn't expect you to know anything! So you may want to look into PC-BSD:

    http://www.pcbsd.org/ <-- That's the main PC-BSD Web Site. You can learn more about it, and start looking into it. It's BSD, so you know it can be easily locked down, and the Installation, is VERY easy. Easier than Windows even. It's a GUI based installer, and it's a nice one.

    http://www.pcbsd.org/pcbsd <---- This is more or less a way to look at what it can do based on your needs.

    http://www.pcbsd.org/documentation <--- That's the Documentation section.

    http://www.pcbsd.org/about <---- This is where you can find more info about it.

    http://en.wikipedia.org/wiki/PC-BSD <--- Again, more information.

    http://distrowatch.com/table.php?distribution=pcbsd <---- This is a good place to look as well, because it not only have info about it, but, there are links to reviews and other stuff.

    After reading your other post, and seeing that you used to work on Solaris, I think you'll like BSD even more.

    Anyway, basically, everything you asked about, can in fact happen. Encryption can be broken. I mean, back in the day, it was pretty much something not well known from what I understand, and Admins were finding out the hard way that you could download a password file, and basically crack the encryption without much effort.

    Before I make this post into a 300 page book, I'll just ask:

    Do you have any plans for upgrades?
    What are your current needs for the Operating System?
    Is there something that keeps you on Windows XP?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Member
    Join Date
    Dec 2011
    Posts
    35
    Dang... very long post! XD
    Thanks for the info there gore, and boy you sure push for the BSD OSs. XD

    Whenever I do a fresh install, I always keep my system "offline" until I install my AV/FW programs to keep me "somewhat" protected until I get my OS patched.
    Before I ever do a fresh install, I always DL and burn all the necessary tools/programs (latest program versions) I'll need to shorten my online times.
    I have a router/firewall (basic), and I always keep my ports closed, except for the necessary ones until I'm done patching.

    Quote Originally Posted by gore View Post
    Do you have any plans for upgrades?
    As in upgrade to Win7 you mean?
    I've always thought about it, because it'll be more secure and convenient, but I just never seem to want to purchase that pro/ultimate UG version for $200+.

    Quote Originally Posted by gore View Post
    What are your current needs for the Operating System?
    Everyday stuff, web-surfing, gaming, programing, etc.

    Quote Originally Posted by gore View Post
    Is there something that keeps you on Windows XP?
    Well... $$$. I got this XP Pro version for free from my university (academic ver.)
    Last edited by dredogol; January 4th, 2012 at 06:37 PM.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Those are the same people, of course, who, if they were to do a fresh installation of it, would be infected like a cheap hooker LONG before they finished installing Patches to stop that **** from happening in the first place.
    Well, that's funny because over the years I must have done literally hundreds of XP installations and that has NEVER, NEVER, EVER, EVER happened to me........... nor to any other IT professional that I know.

    Windows XP has a firewall that is perfectly adequate, or install a free alternative................ just make sure that it is activated before you go onto the internet , although it should be automatically activated from SP2 onwards.

    You do not need a "stand alone" firewall to install Windows. Obviously there is no such thing as a "hardware firewall" as they all use software

    Windows does prompt you to set up a password when you install it, as well as any other account you set up. It is up to you to understand what passwords are, and make up your own mind. If you really think about it, forcing a password is useless as the owner will just pick something easy (and useless) and a default password would be common skiddie knowledge within minutes.

    IMO passwords are really only intended for physical access control at best and are not much good at that if someone gets unrestricted access.

    EDIT:

    As for prices of Windows, you just need to shop around. I bought Windows 7 Ultimate boxed retail 32 & 64 bit DVDs for &#163;75................ no service pack. When Windows 8 comes out in the last quarter of 2012 the prices will really tumble.

    Security comes through policies and their enforcement, which does not really apply in a private ownership situation.

    The problem with XP is that it is 10 years old and does not have the security features of more modern versions.

    As for updates and CDs. XP SP3 fits easily onto a CD, and for anything else you just do an unattended install from another CD or PC.

    The point is that installation and updating are time consuming in comparison to imaging.
    Last edited by nihil; January 4th, 2012 at 08:51 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #8
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by dredogol View Post
    Dang... very long post! XD
    Thanks for the info there gore, and boy you sure push for the BSD OSs. XD
    Well, I do Love BSDm but I was mainly plugging it because I saw you say that you had worked on Solaris, and I figured you'd be more comfortable with it. Ask Nihil; I plug SUSE a lot.


    Whenever I do a fresh install, I always keep my system "offline" until I install my AV/FW programs to keep me "somewhat" protected until I get my OS patched.
    Ah, so basically exactly what I was talking about then.

    Before I ever do a fresh install, I always DL and burn all the necessary tools/programs (latest program versions) I'll need to shorten my online times.
    Yea, I try to keep updated CDs around just in case, and I woder sometimes why Microsoft never added in the ability to update before the install was finished like you can with SUSE.

    When I installed SUSE Linux for the first time, it was SUSE Linux 8.1 Professional, and that was years ago, and when you finished getting your software and everything selected, you could update everything and install patches before you'd even booted up.


    As in upgrade to Win7 you mean?
    I've always thought about it, because it'll be more secure and convenient, but I just never seem to want to purchase that pro/ultimate UG version for $200+.
    Yea Windows 7 is what I was talking about. It's the only version of Windows I have. I have a bunch of versions on CD and all, and I think I might still have 3.1 on Floppy somewhere, but I don't use any of it but Windows 7. I kept one partition for Windows out of all my machines because there's a few games I play that don't work to well in anything else.




    Quote Originally Posted by nihil View Post
    Well, that's funny because over the years I must have done literally hundreds of XP installations and that has NEVER, NEVER, EVER, EVER happened to me........... nor to any other IT professional that I know.
    Nihil, are you going out of your way to do that for a reason? You know what I meant; And you especially should know considering you do repair work! YOU did installs that had no infection, how many REGULAR users have?

    Windows XP has a firewall that is perfectly adequate, or install a free alternative................ just make sure that it is activated before you go onto the internet , although it should be automatically activated from SP2 onwards.
    Yea Service Pack 2 turns it on by default. I don't know if I'd agree with you saying it's "adequate" though... Adequate for the install to be safer? Yes. Adequate in any other way? No.. It only blocks incoming. So basically if you're already back doored, you're still back doored.


    You do not need a "stand alone" firewall to install Windows. Obviously there is no such thing as a "hardware firewall" as they all use software
    Very Funny Nihil, you knew what I meant.

    Windows does prompt you to set up a password when you install it, as well as any other account you set up. It is up to you to understand what passwords are, and make up your own mind. If you really think about it, forcing a password is useless as the owner will just pick something easy (and useless) and a default password would be common skiddie knowledge within minutes.
    Nihil; When you were doing this sort of thing back in the 80s, did you run into the users like today where if they have to choose a password that isn't found in a dictionary, and can't use their name or initials, they simply write the thing down on a sticky note and stick it on the monitor?

    I don't even want to go into how many Monitors have had sticky notes on them with a Password scribbled on it lol.

    You have to admit Nihil; THAT is funny! Password are essentially Security through Obscurity, because once someone finds out about it, it's no longer secure. And when you make users actually pick a GOOD password, they never remember it, and then, they write the thing down and leave it on their desk. And THEN if you don't enforce a password policy the right way, you have people using their names, their subscriber numbers for their Telephone Number, or their address, or something else that makes you wonder why anyone allows them to have access to anything important.

    IMO passwords are really only intended for physical access control at best and are not much good at that if someone gets unrestricted access.
    Basically agree here. I like messing around with passwords, but the point remains; They're nothing more than security through obscurity. I got a new toy to play with not long ago; FreeBSD has a bunch of password generators, and I thought it was interesting because I'd never actually used one before.

    I have a system for making my passwords; I have decent ones that appear to be random numbers and letters and Characters, but in reality, one password for example, could be a Hank III Song, where the password, is the track number, for example, if it's track number 3, then it would have a 3 in it, and be every 3rd letter of the lyrics to that song. If it's track 4, every 4th letter of the lyrics to that song. And for a password reminder, you could always type the name of the song lol.

    The problem with XP is that it is 10 years old and does not have the security features of more modern versions.
    Like for example; In Windows 7, you FINALLY have the ability to run Applications as Admin without being logged in on that account! After logging in, I can tell it to run certain apps as admin, and then, they do. All the while, I'm logged into a normal account. It's much nicer.

    They finally took one of the better features of other OSs where you could do this already.

    While we're talking about all this:

    Nihil; Have you ever used TeX macs? I'd seen it before as an option for something you could install on multiple versions of Linux and so on, and then today, I installed it on my PC-BSD machine, and basically, after loading it up, I thought "Wow....This is amazing!" And so I started reading a little bit, and saw there was a Windows version as well, and you don't need a thing except for the .exe installer!

    So, I just finished installing TeX macs on Windows 7. So far, it's exactly like the Unix one, and I'm amazed!

    I thought you'd like it because not only is it a pretty sweet Editor in general, but it can do a lot of scientific stuff, and Math.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  9. #9
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Gore really ... i was trying to studying then I sat for 4 hours to read your post

    Anyways, I think the OP must just upgrade to win7 , end of story.

    I am also going to go with nihil on getting yourself infected on a newly installed XP system, hasnt really happened to me. You can also streamline SP3 into the installation and then just turn on windows update ...
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I think what I said may either have been worded wrongly, taken the wrong way, or the WAY I said it, makes it seem like I'm saying something else. So I'm going to clarify a few things that maybe will help make it easier to understand what I said:

    First off, I wasn't just replying to what he said in THIS post. That guy is a new member here, and even though we all had a good laugh when he made his first post asking for info, with a dead line, he DID rectify this by starting a BUNCH of new threads, asking not only valid questions, but he was trying to learn.

    Because he went and did that, I decided to try and make a response that took his other posts into consideration. So before you read the post I made in THIS thread, you have to sort of read his other posts. After you do, it'll probably make more sense.

    My reply was for HIM. He made those posts, so, he probably had no problem understanding what I was aiming for. His thank you to me, further makes me think he got exactly what I meant.

    He didn't just post this one thread and that was it, he posted lots of threads, but they were all related. Now, that can be harder to understand for some people, but, since I have ADD, and OCD, and Tourette's, I can see things differently. (If you google all three of those, eventually, you'll come across info stating that people with any of those three, think differently, and see patterns that most people would miss, so when I saw this, I saw him taking every post he had made, and made another one where he was trying to add more to this original question. If I was wrong, I don't think he'd have thanked me for it).

    So, when I replied to this, I wasn't just responding to what he said here, I was making a general reply for ALL the info he'd asked about in every thread.

    Hopefully that will make it easier to understand what I said.

    Now, for the rest:

    I stated that I too think he should upgrade when he has the chance, but I don't think he has the means as of right now. Otherwise, I'm guessing he would have right now.

    And as for all of you guys saying you don't get infected installing XP.... OK, well, good for you.... If YOU and Nihil did, I'd point right at both of you and laugh my balls off.

    I EXPECT that no senior member here gets infected when doing this! You two aren't "newbs" or "n00bs" or any other word meaning still haven't learned how to yet.... I mean seriously Cider you work for a ****ing AV Company... We're buddies and all but if YOU, an AV Employee, got infected installing an OS, I'd laugh myself to sleep..... I expect more out of you!

    And if Nihil had replied saying he'd been infected, I'd just plain laugh because Nihil is older than sand, and should know better.

    So don't take that the wrong way, but yea, if either one of you, or any other Senior Member here DID get infected installing.... Yea I'd point right at you and laugh and bust your balls until you rectified it.

    So, please do ME a favor, and stop assuming everyone works for an AV company, or, has been using Computers since the days of punch Cards.

    When we have a NEW Member, who is asking questions they don't quite know how to find answers to, I think it's our duty to, if we can, help them understand, and do what we can to make it right. That's kinda because we're a community. A Community can't operate when no one tries.

    Now, I stand firmly by everything I said. I'm also right. How do I know? Because my Mom, my Cousin, two or three of my Aunts, and other people I know in real life, who are NOT into Computers at all, and don't know **** about them, give me that real world experience.

    I've fixed more Computers than most small companies in the area for people who vary in what they do; I've fixed simple problems for pretty rich business men. One customer I had back when I was the head Computer Tech for a Company here in my area, was a super rich business guy, but he didn't know a thing about Computers except how to use them to help run his business deals.

    This guy could have learned how to work these things, but he didn't. In the "Computer Science Major" and "Computer Tech" Parlance; He was a newb when it came to Computers in general.

    He had no problems making smart decisions in Business, but when it came to his Computer Systems, some of which he used to keep track of his stock pile of products he sold at his Company, some of which he used to keep track of orders, and one he used for personal use only, I fixed them all, and they all were infected with a bunch of different things.

    One Computer he used to keep track of his Companies Finances, was infected with a fake Security Center, a fake Anti Virus, and.... I think I counted over 1200 different Trojans and back doors, and Malware infections.... Anyway, he was REALLY infected.

    And this was a machine that kept track of his orders! So, I fixed it, wrote a report for him about what I did, and also with possible ways to prevent this from happening again.

    He was so happy with ym work he hired me again to take care of his Business Laptop. This machine was more important because not only did he have all of his Tax stuff on there, he had a bunch of Customer Data....

    This is a machine you do NOT want getting infected or back doored, because Data about your customers is now at risk! I fixed that too, and made another report about what I did. I didn't give him any extra ways to protect himself because even though I'm not a business consultant, I DO know that the first way to make more money is repeat business. It's a little shady but I just don't care. He can afford to pay me to fix it more often.... He's a Millionaire, and his family, owns almost the entire city in which he lives.

    He's the 10th or so person I've charged a stupidity Tax on. (Yea, it's not something you generally see in business, but my Boss needed to know what the other 50 dollars I charged him was for since the Receipt I gave my boss, had a 50 dollar charge and he couldn't figure out what it was for. Apparently, in the column, putting "UE/ ST/ICYEBYAI - $50.00" didn't make sense to him, so I simply said "User Error / I Charged You Because You're An Idiot" and explained that I did so because this Computer contained personal information on it, and had multiple Trojans and Back Doors on it, and Credit Card info, and that he was endangering innocent people by being stupid about it and I was charging extra for being an idiot.)

    Other people I've charged extra because they were stupid, include my Cousin, my Mom's Friend, and a few others here and there. My Cousin bought a Brand New Computer, running Windows XP, paid me to lock it down, and STILL logged in as admin to download file Sharing tools, and download a bunch of porn.

    I'd have been fine with that and not cared, but the fact that he did it on the admin account and kept opening things like "bewbies.jpg.exe" pissed me off.

    Funny side note; This is the same person, who, once I fixed it, wouldn't pay me the money I charged on multiple occasions, and after the second time, I got mad, and said "OK, pay me what you owe me, or I will grab the contract you signed when you told me to fix it! Remember Matt? When you said I need it fixed, I said sure, told you how much, and you signed a contract stating you'd be pay me. It also states if you don't I can take an action I deem necessary to ensure you pay that amount, or more".

    The first time I invoked that clause, I simply logged into his machine over SSH (After having to have me fix this ****ing thing 4 times in 2 months, he asked me to install Linux and set it to auto patch, since he kept getting infected, so I did.)

    I logged in over SSH, and became root, and then did this:

    As root, I typed "cfdisk" and then proceeded to Delete every Partition on the machine, then, wrote it to disk. I then rebooted the machine remotely.

    He called me up to say it was broken, and I pointed out that I'd work on it as soon as he paid me what he owed me, and if he didn't like it, he could pay 4 times this amount having basically any of the companies here who do this kind of work do it instead.

    I charged him less than 50 dollars to not only install Linux, but to configure it, and set it all up so when he logged in, his desktop showed a Browser, MP3 Player, and some IM stuff and games.

    He finally paid me since Best Buy, one of the few places who will do this, told him he'd be paying around 200 or more dollars to have it fixed.

    So I said OK, pay me what you owe and I'll write up another contract. He paid me, brought the machine over, and he read the new contract. He saw that again, it stated if he didn't pay me, I'd take "ANY measure I deemed necessary to ensure payment" and he asked what I meant, and I said more or less I'd root his ass, and make sure he couldn't even take it to best buy to have it fixed.

    I asked him when he would be able to pay me, and I wrote on the contract itself "Payment has been agreed upon, for this date" and then he signed it and dated it.

    I put the contract away, fixed it with a reinstall, and sent it back to him. A few days before he was to pay me, I reminded him, and he said "Oh yea, I know, I'll be paying you" and I said OK.

    He got paid from his job, went out drinking with his friends, and blew all of his money.

    The day came, I said "Where's my Money?" And he said he didn't have it, because he accidentally drank to much. I said "OK, well, good luck!"

    I was at his house at the time. I saw his alarm clock while he was taking a shower, and that it was set for 6:30 AM, because he had to work the next day. I turned his speakers up ALL the way, and with Alsamixer, I turned the Volume down, so that way, it sounded about the same.

    At exactly 3:45 AM, I became root on his machine. I typed aslamixer at the prompt, and, remember now, his speakers are turned up ALL the way, but the volume in Alsamixer is really low to compensate.

    I loaded Alsamxer, turned ALL the Volumes up ALL the way, and then, I put an MP3 of a Misfits song in the public part of my Web Server, and, typed links into the prompt, and went to my Server to download the MP3.

    I then typed mpg123 MisfitsSong.mp3 and waited. Now, remember, on HIS end, the speakers themselves are up all the way, and I then turned up the software volume all the way too. So he's now being woken up to REALLY loud music.

    Before I typed in the command to play the song though, I added ONE line of text to a file; I changed his default run level to 6.

    He woke up, unplugged the machine or shut it down, I don't remember, but a minute into the song, the connection died. I pinged his IP and it was down, so I knew he shut down or un plugged the machine.

    The next day, he called me up saying that he turned his Computer on, and that it would load up normally, but then, it would just reboot and wouldn't stop.

    I said I knew, and pointed out the clause in the contract, and he, although mad, paid me the rest, AND the extra to fix it again.

    It doesn't pay to screw with a true Bastard.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Similar Threads

  1. Ethical Hacking!
    By E5C4P3 in forum AntiOnline's General Chit Chat
    Replies: 33
    Last Post: January 17th, 2008, 12:40 AM
  2. CISSP Notes: Security Models: Access Control Models
    By MrLinus in forum The Security Tutorials Forum
    Replies: 4
    Last Post: October 11th, 2003, 04:22 AM
  3. Internet Security for the "newbies"
    By .:|Mymx|:. in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: May 24th, 2003, 11:37 AM
  4. NEWS: This weeks security news
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: September 25th, 2002, 09:53 PM
  5. Latest SANS Update
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 29th, 2002, 10:27 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •