Security tools for use with/without an AV
-
Windows as the most attacked OS of all is also the best prepared to defend itself with the most security tools at your disposal. That's where Linux and Mac fail. It is not the question that one OS is safer than another, but simple statistics. Another cuestiรณn is the privacy.
-
@Dr-Flay said in Security tools for use with/without an AV:
Hehe, as many of you will notice, not using a runtime AV means you don't suffer with it trying to kill the NirSoft password tools.
A couple of years back I wanted to use Process Explorer on my PC at work. So I installed the whole suite. 10 minutes later I got a call from the security guys - the AV suite had triggered alarms and they were wondering what the hell I was doing. I explained it and just deleted the ones I didn't really need.
Kind of can understand it though, with names like "smsniff.exe" and "socketsniff.exe" :smiling_face_with_open_mouth_closed_eyes:
Linux vs Windows... been there done that, not going down that rabbit hole
-
@Pathduck said in Security tools for use with/without an AV:
@Dr-Flay said in Security tools for use with/without an AV:
Hehe, as many of you will notice, not using a runtime AV means you don't suffer with it trying to kill the NirSoft password tools.
A couple of years back I wanted to use Process Explorer on my PC at work. So I installed the whole suite. 10 minutes later I got a call from the security guys - the AV suite had triggered alarms and they were wondering what the hell I was doing. I explained it and just deleted the ones I didn't really need.
Kind of can understand it though, with names like "smsniff.exe" and "socketsniff.exe" :smiling_face_with_open_mouth_closed_eyes:
Linux vs Windows... been there done that, not going down that rabbit hole
It is not to make comparisons of OS, each has its pros and cons, its use depends only on the type of use that is wanted to give and that nothing has to do with safety aspects at present. All the OS in Internet connections are subject to be attacked to a greater or lesser extent.
The case of Linux the reason in many cases is the simple question of updating or replacing an OS without having to spend money to do it, not because it is better or worse than Windows, this goes more into the field of personal taste.
Regarding security, Windows, precisely because it is the target OS has a whole army of shielding applications that iOS and Linux lack.
In Linux, apart from a scrawny AV, it has no real defenses to which it can offer measures that provide passwords, its little relative diffusion, and which can be provided by the browser with certain extensions.
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity. -
I wasn't making a Linux vs Windows vs Mac observation.
Exactly the opposite. We live in a shared digital ecosystem where we connect our devices and share data, no matter what the OS.If I downloaded some Mac files for a friend that turned out to be malware that borked their system or stole their details, and I could have detected it, that would not be so clever of me, and just helps to perpetuate the transfer of malware, rather than curb it.
(I explained my point more thoroughly in the other thread). -
@Catweazle said in Security tools for use with/without an AV:
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity.
Most days & nights my web use occurs on my pc/s, but prior to that. most mornings i first read Ars Technica, BleepingComputer, TechRepublic, MakeUseOf, & ZDNet on my Android phone. Not only, but especially those first two, every single day, have at least one article but often more, about the latest corporate or governmental or third-party entity currently in crisis with cryptojacking or ransomware. In numerous other articles i read of the latest worm, virus, cryptominer or ransomware... or zero-day exploit... discovered by various researchers.
Wanna guess to what lousy OS almost all these vulnerabilities pertain?
Clue: Not Mac [most of the time, but sometimes it is]. Not Linux [sometimes but v v rarely is].
The unremitting rhythm of these incessant attack vectors used to alarm me, but nowadays i just laugh. One of the funniest things to me is windozers who assert that windoze is safe. One of the irritating things to me is windozers who pompously opine that other users & OS's "should" take responsibility for their [ie, the opiner's] chosen OS's flaws & vulnerabilities. Until 2014 i was a ~20 year windozer... but i recovered.
-
@Steffie said in Security tools for use with/without an AV:
@Catweazle said in Security tools for use with/without an AV:
The jokes of the past on the sensitivity of Windows against viruses, currently lack validity.
Most days & nights my web use occurs on my pc/s, but prior to that. most mornings i first read Ars Technica, BleepingComputer, TechRepublic, MakeUseOf, & ZDNet on my Android phone. Not only, but especially those first two, every single day, have at least one article but often more, about the latest corporate or governmental or third-party entity currently in crisis with cryptojacking or ransomware. In numerous other articles i read of the latest worm, virus, cryptominer or ransomware... or zero-day exploit... discovered by various researchers.
Wanna guess to what lousy OS almost all these vulnerabilities pertain?
Clue: Not Mac [most of the time, but sometimes it is]. Not Linux [sometimes but v v rarely is].
The unremitting rhythm of these incessant attack vectors used to alarm me, but nowadays i just laugh. One of the funniest things to me is windozers who assert that windoze is safe. One of the irritating things to me is windozers who pompously opine that other users & OS's "should" take responsibility for their [ie, the opiner's] chosen OS's flaws & vulnerabilities. Until 2014 i was a ~20 year windozer... but i recovered.
All this is true, what I mean is that 90% of PCs in the world work with this OS and therefore is also the main target of the attackers with all kinds of malware, although the widespread use of smartphones with Android and iOS, these also start being the target of attackers.
But precisely because of this, Windows is also the OS for which there are infinitely more countermeasures and applications available than for any other OS. Almost all AV that exist are for this OS in exclusive, some also for Android, such as Panda, anti cryptominers, anti malware etc. Apart from the much improved (albeit somewhat hysterical) Win - Defender.
I do not think that an OS is safer than another as such, the question is simply which is the most attacked, for this Windows is the most at risk statistically.
If Mac or Linux were the OS that would hoard the market, it would be those that had the same problems.
In the martphones it was precisely the almost disappeared (I do not know why) WindowsPhone the hardest it was to hack, as they showed in a convention of ethical hacking, iOS and Android fell in a matter of minutes, while in WindowsPhone they had to leave it as impossible , they only managed after almost one hour to access the cookie files.
https://mspoweruser.com/hacker-claims-windows-phone-the-most-secure-smartphone-os/ -
@Catweazle said in Security tools for use with/without an AV:
I do not think that an OS is safer than another as such
I want to make one thing clear before the main part of my reply... i am not trying or wanting to claim that Linux [or Mac, or Unix, or sliderules, or abacus'] are "perfect", or "100% secure", coz it'd be a blatantly false statement. Nothing is either of those things.
However, i believe, & IIRC many people more knowledgeable than me believe, that Linux is structurally more secure than Windows, at least for an average home desktop user... because of a fundamental & far-reaching design-philosophy factor... root permissions.
A typical home-user Linux system will be setup from scratch with a root account, & one or more user accounts. Root account is the master/mistress of the universe. User accounts have severely curtailed read/write/execute permissions. For any & all RWX actions beyond the narrowly-prescribed user-account defaults, no RWX operations can occur until & unless the root password is entered. 2' later & you need another operation with elevated privileges? Too bad, no go, until/unless you re-enter the password.
In Win, out of the box [though i acknowledge specific hardening precautions can be taken... it's just that the vast majority of windozers do not take said precautions], pretty much any code can be executed without elevating current privileges afaik, coz many/most users much/most of the time "live" in their Administrator account where privileges are already elevated [kinda sorta like Linux's root account]. Conversely most of the time Nixers live in their User account [& any noob Nixer posting in a forum wherein they divulge they use their root account as their user account, will routinely get mocked & pilloried (i am not defending rude forum behaviour btw, only illustrating that permanently running as root is NOT standard in Linux)].
One of the many many qualities that influenced me to learn about Linux in late-2013, & migrate to it from Win7 during 2014, was certainly security-related [but there's much much more great stuff than "just" this]. IMO Linux is security-by-design, whereas Win is security-by-accident.
Hence regrettably your statement, which i quoted, is something with which i respectfully disagree.
-
It is true that in Linux I need to put the password for anything, either by modifying the system, to update it or to install a program, which in Windows is not the case, but if in case of making a system change a window comes out warning me of this change that I have to approve. At least in the Win 7 that I had was like that.
In this, it is also not possible that something is changed in the system, without me knowing about it. Although it is true that malware at this point will have fewer problems than Linux because of its architecture, but, as I said before, to shield Windows from these security holes there are tons of applications, which more than balance this problem.
Anyway, nothing is further from wanting to dislike you with my ramblings and without your knowledge of the subject, I can only talk about my experiences and disgust with Windows and not necessarily in the field of security. -
"The user's going to pick dancing pigs over security every time.
-Bruce SchneierRegular users don't care about IT Security, they have other sh*t to worry about. They will run binaries received from email, and download that shady-loooking "eCard maker" to send to their family. This applies regardless of OS. If Linux or Mac was more popular with the unwashed masses, malware-makers would target these as much as Windows, and they'd be infected just as often.
The reason Windows specifically has long been seen as a security nightmare is that since the early days, it has exposed various badly-secured services, programmed by MS drones not exactly having security as the main priority. NetBIOS, SMB, RPC, printer sharing, admin shares, all wide open to anyone with even basic hacking skills.
I remember helping a friend's parents during the Blaster worm attacks (2003). After running the cleaner, and reconnecting to the internet, it took less than 10 seconds, and the machine was infected again. You needed to specifically disable the RPC service to stop it, before even thinking of connecting to the net.
Back in those days before ubiquitous wireless routers, every machine was usually connected directly to the internet and totally open to attack. Now, with nearly everyone using some kind of router, machines are much more protected, by simple NAT tables.
And of course, the default browser on Windows, IE, was always a massive security hole. DirectX, Flash, Java etc. and would run executables with little to no user prompting. "Drive-by infections" were common, by just visiting a malicious web-site.
These days many of these attack vectors are (nearly) gone, and the bad guys are more concerned about using social engineering to do phishing attacks and get people to download and execute malicious binaries.
I would say that with Windows 10 things have gotten a lot better in terms of security out of the box. But still it's nearly impossible to disable most of the ports that Windows by default listens to. Just looking at my local machine, there's a bunch of ports listening I have no idea what do:
Netbios, ssdp, epmap, lsakmp, llmnr, microsoft-ds, ntp, ws-discovery
... I guess these are the "dancing pigs" Schneier was talking about... :face_with_stuck-out_tongue_closed_eyes: -
@Pathduck said in Security tools for use with/without an AV:
Windows 10 ... there's a bunch of ports listening I have no idea what
None of these ports is open by design if you choose to run a fundamentally different OS.
-
@Steffie said in Security tools for use with/without an AV:
None of these ports is open by design if you choose to run a fundamentally different OS.
Well, I didn't really want to go down the "mine OS is more secure than thine" path, I just wanted to point out that things have gotten better in Windows lately, and that security is largely dependent on the user behind the keyboard.
But OK I know for sure Linux has several different ports open by default. Usually there's at least Finger (port 79), SSH (22), and plenty more if you are running some kind of server.
Mind doing a netstat -l for us, see what you find?
Might be different protocols and services, coded by people who actually care about security, but an open port is an open port...
-
@raed said in Security tools for use with/without an AV:
@Steffie
There is a lot of data collection that is passed back to Microsoft by default (as per their user agreement) that they claim is used to improve their user experience, which could easily be turned off using Blackbird V6 or similar.Or this one
-
I've used the ShutUp10 application before, and it works alright, and is user-friendly.
The BlackBird one though, looks firmly over in paranoid tinfoil-hat territory, and from a cursory glance over what it does, it would risk disabling stuff which is actually useful, and even break critical functions. Not for inexperienced users I guess.
I prefer to handle stuff manually so I actually know what I'm doing, and know how to undo them if something breaks.
-
@raed said in Security tools for use with/without an AV:
It is useless to half bake turning off telemetry, one either turns it off completely or there is no point, nothing tin hatty about that.
Blackbird breaks nothing, maybe you need to have a closer look or at least know what you are looking for, before passing your esteemed judgement.
Well, it changes a lot more than just disabling telemetry doesn't it?
Just out of curiosity I tested running it yesterday - after doing a complete system drive backup obviously.
Stuff it broke:
- Deleting default gateway from network adapter = no internet. Do these idiots all use DHCP?
- Disabling device discovery on the local network = Windows settings crashing when accessing Devices.
- Disabling BITS and other services required for Windows Update = no security updates.
- Probably a lot more I didn't care to find out, like turning off diagnostic services you actually need when real problems occur.
If it had stuck to just turning off telemetry, like Shutup10, I would be fine about it, but they've stuffed so much other shit in there, disabling stuff necessary for the operation of the system. And adding badly documented "tweaks" no-one can be sure how works on different setups. It might even make your system slower (like turning off various caching mechanism in the name of "privacy").
Their "restore from backup" thing failed with errors as well of course, so I restored from a proper backup.
I pity the poor inexperienced user running this to stop "Micro$opht spyeing" and ending up with a broken system and no clue how to fix it...
-
OSArmour has been updated to v1.4.3
https://www.novirusthanks.org/last-updated-software/Another standalone AV tool worth looking at.
OPSWAT Free Tools
https://www.opswat.com/free-tools (inc. Chrome extension)
It is worth setting up a free account so you can use the same API key in each session, and keep track of the scanned files.
It uses VT for the databases as well as running it's own sandbox tests. -
"The Ultimate List of 50 Free Security Tools, Tested For You"
https://heimdalsecurity.com/blog/free-cyber-security-tools-list/ -
Updated the OPSWAT links to something more useful.
Oops ! -
The free OPSWAT Metadefender client is now downloadable again.
https://www.opswat.com/free-tools/free-endpoint-security-scan -