Open source security setup

biggerabalone

i tried out moon secure antivirus - i was curious. and i was not overly impressed with it. the engine had a date on it, 2008, and the defn's were 2009. it was very light on resources and ok-ish looking. it said it has a memory shield. i saw no evidence of a firewall. and it was buggy on my system. i recieved an application error exception. i was running it with webroot, so maybe they didn't like each other???

overall, i can't recommend it.

biggerabalone

Amiti Antivirus

found this newer open sourcer and liked it. very light on system (only added 4 seconds to my boot), has real time memory shield, uses clamav. looks pretty good and ran smoothly. easy install and clean uninstall. wish i knew what the real time shield did though (is it an heuristic thing or does it scan file access etc). my system ran flawlessly with it (with immunet, i had some problems with webroot … they didn't play nice together).

http://download.cnet.com/AMITI-Antivirus/3000-2239_4-75915922.html

biggerabalone

Amiti Antivirus - continued

Memory shield - i've figured out how it works: it scans objects that are opened. I must admit, it is very light in doing so, I don't even notice any system impact … ever. and I'm evaluating it on an atom n450 processor (slowest of the slow). under their status tab it has a objects scanned counter (that's how I found out how it works). as I open something and check counter, it counts upwards.

Heuristic - it has heuristic detection technology (options-engine-can enable or disable). under the news tab, it gave some info on some of the latest threats it can pick up, and referenced them through its heuristic detection.

I did a scan with hitman pro. It said Amiti has a valid authenticode certificate (always good news). It also said that "this files reboot survivability is vigorously protected". This is good to know also, seeing as many malwares will try to turn off your antivirus or remove it from the startup. I presumed it was unprotected, and was pleasantly surprised by hitman's comment. this indicates the program has a little more depth to it then I suspected.

Updates - there were no flags or bells with the updating ... which made me wonder it it worked. I found a setting to un-hide the update window (hidden by default) - found under options, and database tab. 60 minutes later (which is the set update check ... but you can change it or turn it off) it updated with a popup box (using freshclam, looked similar to a Linux clam update). later, I checked in Amiti's folder and found the freshclam updater exe. So, yes it updates fine, and apparently straight from clamav.

other features - clean temp files directory button and clean temp ie files button (under options, and miscellaneous tab).

Scheduled scan - can set it to scan any or all of these: memory, registry, cookies, and/or storage.

-has damage repair technology
-can set to make restore point b/f actions/removals.
-analyse alternate data streams and compressed files.
-has a support tab - which appears to be free - and a donate button that says "buy us beer first". its a cute touch:)

-only problem - custom scan doesn't seem to work for me (can't change settings for it). but that's not a big deal.

-I would like to see a right-click scan feature added for the future.

Last note: this company (netgate) also makes Spy Emergency (a paid product). The two have many similarities ... so Amiti likely uses some of Spy Emergencies tech (and not exclusively clamavs(?).

biggerabalone

Some to keep an eye on for the future:

-TecknoGuard AntiVirus 2014 -beta- (Creative Commons Attribution License) -still in the experimental stage, the graphics are very nice Windows 8 style with utility and a good detection with an extensive database of virus.

-J.L Antivirus - (Affero GNU Public License) a free antivirus with Real-Time protection, powerful scanner and big database. This is in development and not ready to protect systems yet.

• Vital Antivirus 2014 - (not sure license - listed as recommended project on sourceforge) Prozek Vital Antivirus 2014 is a smart and powerful security tool available for free. It is completely developed in vb .net and it's updated frequently.
  Main features:
  • Detect and delete millions of dangerous viruses.
  • Detect if your internet connection is working fine.
  • Auto scan USB devices .
  • Voice warnings.
  • It's totally free!

biggerabalone

Peerblock

From PeerBlock:

"PeerBlock lets you control who your computer "talks to" on the Internet. By selecting appropriate lists of "known bad" computers, you can block communication with advertising or spyware oriented servers, computers monitoring your p2p activities, computers which have been "hacked", even entire countries. They can't get in to your computer, and your computer won't try to send them anything either".

been using 1.1 on my 32 bit laptop and i'm impressed (1.2 came out and seems to have a bug, i'll keep using 1.1 for now). only works with ipv4 and not ipv6 yet (coming soon i'm hearing). so, not bulletproof, but helpful (i turned off ipv6 and haven't noticed any sites i can't access yet). this program really educates you on how many ips your system will try to contact, even if your not browsing. it's a good addition to the windows firewall.

biggerabalone

heh heh

i just googled "open source security setup" and my vivaldi post here is ranked NUMBER 2. not page 2, page 1 second entry. (via using google.ca).

QuHno

@biggerabalone:

jimc>repositories have stringent criteria for inclusion. they have checked the implications of the software they carry.

open source code can be requested and viewed. we don't read c++, but many do.

But many seemed to have missed the missing extra check for the data length (aka Heartbleed) in OpenSSL for years - or the critical bug in libpng some time ago or (…)

The main problem:
Open source is open source for the miscreants too and _they can and do _read source code very good. They are extremely good in finding holes too, but hardly pass any information about flaws they find. That is the main drawback of open source.

Especially when it comes to security, full security audits are mandatory. People need a certain mindset to do a full scale security audit, in principle exactly the same as the evil hackers have:
[ul]

• Where is the weakness,
• How can I take control
• How can I keep control
• How can I cover my tracks
  [/ul]

That is not the way a normal programmer thinks. A programmer does his best to cover all holes, but he can only cover the holes he can imagine. It needs some kind of creative destructivism (does that word exist?) to wade through code and find the holes the programmer didn't think about. Sadly there are only a few people who are good at that and they do it full time (and have to) - meaning: They have to pay their rent with their work. Most open source projects can't cover such costs.

What this implies? I don't know, but it makes me think twice before repeating the mantra: "open source is more secure" …

sgunhouse

I'm pretty good at recognizing implication, though I don't read most code, That is, give me code in, say, Java, javascript or C/C++. and I won't really know what it does. Tell me about it, or let me use it a while, and I'll tell you where it has weaknesses. No idea if someone could exploit it, but I just am good at finding the holes in things. Also the unintended features …

Now, give me something in BASIC and I can read that - also a few other languages most programmers never use for serious work. However, back on topic ...

Most code is just too long for anyone to seriously say they understand it. In that sense, most code isn't even written by a single person. The few cases where a program has a single programmer's name on it use bunches of libraries or routines written by others, and the programmer may have only a limited understanding of how those libraries and routines actually work - and when they would fail.

biggerabalone

again, no one is advocating that open source is superior … there are pros and cons to that discussion. plus it is further muddled by open source development becoming integrated with proprietary software (just look at the browsers using webkit or blink). and does anyone truly think that proprietary antivirus companies don't (also) use clam signatures (or opendns for phishing protection)? i suspect they do (and why not, it is available and would be foolish to overlook it).

i do worry about large corporations influencing open source development with their large wallets:( inversely, those large wallets also allow open source communities to produce some wonderful software. yin and yang i guess(?).

topic at hand: has open source progressed sufficiently to safeguard a system (as compared to a proprietary one)?
i think so. yet your system would be more secure with a mix.

QuHno

Oh, I think open source can indeed secure a system really well, I for example use smoothwall for my home network, but that is not the main problem. The problem is, can you secure a stand alone computer that works with one OS with open source software?

IMHO not, but you can't do so with commercial software too because every working system has gazillion of vulnerabilities which simply can't be covered. Both only help to mitigate the problems of the OS and the software installed for daily use.

Just a simple example:
Some years ago I used some open source image processing software for a certain purpose. That software could not connect to the net, not even for something like updates. I updated it for every version, so I felt quite safe (qualifier because I feel never safe when I am connected to the net - comes with my job). Nothing should happen with that, right?
Luckily it was installed on a VHD i only start when I need it (I do that not only for security reasons but to keep my working system clean and lean) so I was lucky when I got a JPEG image for reworking and wanted to view the EXIF information: It was manipulated in a way that code was executed. It only could get active in the moment when someone actively looked at the exif information and did that with a certain libexif which was used in several commercial and non commercial software products. No antivirus or firewall or HIPS etc noticed it at that time, the only thing that made me wonder was some HDD thrashing that should not happen. Luckily I did not run that on my main system but only the system on the VHD which was not configured to connect to the net at all and did not see the whole HDD space. Later I noticed that exactly the same version of libexif was used by a big commercial image manipulation suite (the one with the big red A) on my main system which can connect to the net. Imagine what would have happened if I had looked at the exif information with that (about 1 month after reporting a patch was released).

… after this long excursion about at least one way how malware can reach the computer I still can say that you can indeed secure your computer with open source software extremely well:

Just build a nice live CD/DVD/SD-card with write protection on and boot from that if you want to surf in the net, especially as soon as you want to enter personal data anywhere. End of surf session, everything is deleted, nothing stays on the HDD. Next session: Start the fresh, clean and unaltered system from the external non writable medium again - safe.
Much harder to do with a commercial OS or commercial software than with open source.

biggerabalone

"it makes me think twice before repeating the mantra: "open source is more secure" … "

this is relative, as you point out, commercial is also lacking. this is why we seek to evaluate the progress certain projects have achieved. and perhaps, learn of some others we were unaware of.

"can you secure a stand alone computer that works with one OS with open source software? ... IMHO not"

again, it depends on whom you are afraid will access your data. we live in the free world, where most are concerned with google tracking cookies. if you live in a communist country, and are trying to practice your religious beliefs (perhaps a meeting in your home with like minded believers), trust in your programs is paramount. the fear is not that you will be tricked into clicking and downloading a trojan, but that the very word processor you're using is a trojan. when the government is totalitarian, it owns the companies and software produced within its borders. even large private american companies (facebook) have made deals with dangerous regimes to spy on their citizens (ex. arab spring): again, not so they can present relevant advertisements to us, but so they can track and kill their citizenry. these private companies do it for the money and the market share. but there is a lot of software produced and used in these countries that should be viewed with caution - particularly if your families life depends on it. with open source, you can have a little more assurance in this regards that the government didn't just install a orwellian tv in your computer.