[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Dumb question: Is Windows box behind a router safe ?



Michael, thank you for the explanation. And thank you everyone for the
thoughts. Appreciate it. My apologies if I get on the nerves of people with
my dumb question :-) .

Now after further reading, I am now educated of how bad software use holes
in apps like browser and the plugins to do bad stuff on the user's computer.
Especially with the fraudsters getting better in SEO-ing their websites and
malwares to the top of Google Search pages. I think I myself encountered so
many of such sites for "long-tail" search query.
1. Upon further Googling, I also read about Web Attacker and Mpack - which
pretty much allows everyone with basic programming knowledge, to host their
own exploits in their own web site. Does anyone have any insights on this ?
I think this may have been used by the fraudsters to commit credit card
frauds (with passing AVS checks, CVV2, and IP addresses) - the reason I feel
so is that some of the email address associated with the order are tied to
domain registrations for a bunch of scrappy websites with loaded iFrames.

2.  For the Windows box, I plan to:
    - ensure the Automatic Updates is ON for that PC :)
    - install a firewall (ZoneAlarm free version)
    - install an anti virus (AVG free version)
    - install Secunia Personal Software Inspector (PSI).
    - install NoScript firefox add-on

   Having recently run Secunia PSI in both Simple and then Advanced Mode, on
a relatively-well maintained Windows machine, it found 11 software that
needs to be patched  (Java, Adobe Reader, Flash player, etc) which leads me
to wonder..
Assuming the Windows system is all patched up with all the updates, and the
software updates (Browser, Flash, Java JRE, Adobe Reader, etc) - and the
user accidentally came across some novel exploits by browsing some website,
and then the PC got infected;  will the personal firewall like Zone Alarm be
good enough to catch that "evilbotnet.exe is trying to access 55.11.22.34 "
and prevent further damage? Or what are the potential scenarios that could
happen, depending on the sophistication of the malware?
3. A colleague told me of a program for Windows called "Sandboxie" that
could isolate application - http://www.sandboxie.com/  - Will this ensure
the security for specific use case of web browsing ?

Thank you all in advance.
steve



On Tue, Sep 22, 2009 at 11:42 AM, Michael Fritscher
<michael@xxxxxxxxxxxxx>wrote:

> Hi Steve,
>
> I hope you haven't caused a storm with aggressive mails here^^
> This maillinglist is more about now detected holes in soft- and hardware...
>
> First, you certainly mean not a normal router (which is on most cases 100%
> transparent in both directions), but a NAT-router.
>
> What the NAT blocks (in most cases) are incomings connections - But
> expecially since XP SP2 this is a very seldom used way to attack
> computers.
> Nowadays, most bad software use holes in apps - browser, office, flash and
> so on which use outgoing connections - which are NOT blocked by a
> NAT-router.
> So, yes, a bot connectiong to a botnet could be installed if Firefox or a
> plugin like Flash, Java, Quicktime and so on has a hole and you browse on
> a "bad" site.
>
> Btw, please read about NAT, routing, current bad software etc in the
> internet - this will help you understanding the concerns.
>
> Sincerly,
> Michael
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/