Security tools for use with/without an AV
-
@Catweazle said in Security tools for use with/without an AV:
I do not think that an OS is safer than another as such
I want to make one thing clear before the main part of my reply... i am not trying or wanting to claim that Linux [or Mac, or Unix, or sliderules, or abacus'] are "perfect", or "100% secure", coz it'd be a blatantly false statement. Nothing is either of those things.
However, i believe, & IIRC many people more knowledgeable than me believe, that Linux is structurally more secure than Windows, at least for an average home desktop user... because of a fundamental & far-reaching design-philosophy factor... root permissions.
A typical home-user Linux system will be setup from scratch with a root account, & one or more user accounts. Root account is the master/mistress of the universe. User accounts have severely curtailed read/write/execute permissions. For any & all RWX actions beyond the narrowly-prescribed user-account defaults, no RWX operations can occur until & unless the root password is entered. 2' later & you need another operation with elevated privileges? Too bad, no go, until/unless you re-enter the password.
In Win, out of the box [though i acknowledge specific hardening precautions can be taken... it's just that the vast majority of windozers do not take said precautions], pretty much any code can be executed without elevating current privileges afaik, coz many/most users much/most of the time "live" in their Administrator account where privileges are already elevated [kinda sorta like Linux's root account]. Conversely most of the time Nixers live in their User account [& any noob Nixer posting in a forum wherein they divulge they use their root account as their user account, will routinely get mocked & pilloried (i am not defending rude forum behaviour btw, only illustrating that permanently running as root is NOT standard in Linux)].
One of the many many qualities that influenced me to learn about Linux in late-2013, & migrate to it from Win7 during 2014, was certainly security-related [but there's much much more great stuff than "just" this]. IMO Linux is security-by-design, whereas Win is security-by-accident.
Hence regrettably your statement, which i quoted, is something with which i respectfully disagree.
-
It is true that in Linux I need to put the password for anything, either by modifying the system, to update it or to install a program, which in Windows is not the case, but if in case of making a system change a window comes out warning me of this change that I have to approve. At least in the Win 7 that I had was like that.
In this, it is also not possible that something is changed in the system, without me knowing about it. Although it is true that malware at this point will have fewer problems than Linux because of its architecture, but, as I said before, to shield Windows from these security holes there are tons of applications, which more than balance this problem.
Anyway, nothing is further from wanting to dislike you with my ramblings and without your knowledge of the subject, I can only talk about my experiences and disgust with Windows and not necessarily in the field of security. -
"The user's going to pick dancing pigs over security every time.
-Bruce SchneierRegular users don't care about IT Security, they have other sh*t to worry about. They will run binaries received from email, and download that shady-loooking "eCard maker" to send to their family. This applies regardless of OS. If Linux or Mac was more popular with the unwashed masses, malware-makers would target these as much as Windows, and they'd be infected just as often.
The reason Windows specifically has long been seen as a security nightmare is that since the early days, it has exposed various badly-secured services, programmed by MS drones not exactly having security as the main priority. NetBIOS, SMB, RPC, printer sharing, admin shares, all wide open to anyone with even basic hacking skills.
I remember helping a friend's parents during the Blaster worm attacks (2003). After running the cleaner, and reconnecting to the internet, it took less than 10 seconds, and the machine was infected again. You needed to specifically disable the RPC service to stop it, before even thinking of connecting to the net.
Back in those days before ubiquitous wireless routers, every machine was usually connected directly to the internet and totally open to attack. Now, with nearly everyone using some kind of router, machines are much more protected, by simple NAT tables.
And of course, the default browser on Windows, IE, was always a massive security hole. DirectX, Flash, Java etc. and would run executables with little to no user prompting. "Drive-by infections" were common, by just visiting a malicious web-site.
These days many of these attack vectors are (nearly) gone, and the bad guys are more concerned about using social engineering to do phishing attacks and get people to download and execute malicious binaries.
I would say that with Windows 10 things have gotten a lot better in terms of security out of the box. But still it's nearly impossible to disable most of the ports that Windows by default listens to. Just looking at my local machine, there's a bunch of ports listening I have no idea what do:
Netbios, ssdp, epmap, lsakmp, llmnr, microsoft-ds, ntp, ws-discovery
... I guess these are the "dancing pigs" Schneier was talking about... :face_with_stuck-out_tongue_closed_eyes: -
@Pathduck said in Security tools for use with/without an AV:
Windows 10 ... there's a bunch of ports listening I have no idea what
None of these ports is open by design if you choose to run a fundamentally different OS.
-
@Steffie said in Security tools for use with/without an AV:
None of these ports is open by design if you choose to run a fundamentally different OS.
Well, I didn't really want to go down the "mine OS is more secure than thine" path, I just wanted to point out that things have gotten better in Windows lately, and that security is largely dependent on the user behind the keyboard.
But OK I know for sure Linux has several different ports open by default. Usually there's at least Finger (port 79), SSH (22), and plenty more if you are running some kind of server.
Mind doing a netstat -l for us, see what you find?
Might be different protocols and services, coded by people who actually care about security, but an open port is an open port...
-
@raed said in Security tools for use with/without an AV:
@Steffie
There is a lot of data collection that is passed back to Microsoft by default (as per their user agreement) that they claim is used to improve their user experience, which could easily be turned off using Blackbird V6 or similar.Or this one
-
I've used the ShutUp10 application before, and it works alright, and is user-friendly.
The BlackBird one though, looks firmly over in paranoid tinfoil-hat territory, and from a cursory glance over what it does, it would risk disabling stuff which is actually useful, and even break critical functions. Not for inexperienced users I guess.
I prefer to handle stuff manually so I actually know what I'm doing, and know how to undo them if something breaks.
-
@raed said in Security tools for use with/without an AV:
It is useless to half bake turning off telemetry, one either turns it off completely or there is no point, nothing tin hatty about that.
Blackbird breaks nothing, maybe you need to have a closer look or at least know what you are looking for, before passing your esteemed judgement.
Well, it changes a lot more than just disabling telemetry doesn't it?
Just out of curiosity I tested running it yesterday - after doing a complete system drive backup obviously.
Stuff it broke:
- Deleting default gateway from network adapter = no internet. Do these idiots all use DHCP?
- Disabling device discovery on the local network = Windows settings crashing when accessing Devices.
- Disabling BITS and other services required for Windows Update = no security updates.
- Probably a lot more I didn't care to find out, like turning off diagnostic services you actually need when real problems occur.
If it had stuck to just turning off telemetry, like Shutup10, I would be fine about it, but they've stuffed so much other shit in there, disabling stuff necessary for the operation of the system. And adding badly documented "tweaks" no-one can be sure how works on different setups. It might even make your system slower (like turning off various caching mechanism in the name of "privacy").
Their "restore from backup" thing failed with errors as well of course, so I restored from a proper backup.
I pity the poor inexperienced user running this to stop "Micro$opht spyeing" and ending up with a broken system and no clue how to fix it...
-
OSArmour has been updated to v1.4.3
https://www.novirusthanks.org/last-updated-software/Another standalone AV tool worth looking at.
OPSWAT Free Tools
https://www.opswat.com/free-tools (inc. Chrome extension)
It is worth setting up a free account so you can use the same API key in each session, and keep track of the scanned files.
It uses VT for the databases as well as running it's own sandbox tests. -
"The Ultimate List of 50 Free Security Tools, Tested For You"
https://heimdalsecurity.com/blog/free-cyber-security-tools-list/ -
Updated the OPSWAT links to something more useful.
Oops ! -
The free OPSWAT Metadefender client is now downloadable again.
https://www.opswat.com/free-tools/free-endpoint-security-scan -