I usually don't give security advice but since it is my job I thought I would throw a few things out. But I figured I would ramble on a little bit incoherently. Maybe something in this rambling will be useful. I'll edit it too if someone mentioned stuff that is wrong.
If you are running windows there are a LOT of software out there which sucks and some which is also pretty good. My favorite piece of software is eeye blink. It isn't completely secure as it allows loading (without even questioning) of unknown kernel modules which can take over your machine in no time flat and disable anti-virus and security software without it even noticing BUT, almost all security software out there is vulnerable to that (except CSA _IF IT IS CONFIGURED RIGHT_) and this software seems to have the least overhead and has a good application firewall.
So here is my tiered opinion (this is ONLY an opinion) of the anti-virus/protection software I have tried in order of prefence. There is no scientific basis on these preferences just based on a ease of use and what I've seen about them (such as the likely hood of them being broken into, people thinking they are protected and they aren't) etc... also annoyance factor is definitely included as well.
Favorite:
eeye blink security (firewall/anti-spyware/hids/av)
Ahead of the game:
csa, nod32,f-prot,kaspersky,norman, spybot
middle of the pack:
sophos,zonealarm (firewall), trend micro, ad-aware (spyware),bitdefender
so-so:
symantec, mcafee, avg, microsoft anti-spyware,drweb
Contrary to popular belief the most sales != the best.
I realize that there is software out there which I haven't thought of... but that is the first stage of protection. The other is protection of your regular data.
Here are some hints when you browse away from home: find a friend who has a linux server somewhere as a TRUSTED location and push your data through that... either via openvpn or ssh or other method. There are so many ways your data can be stolen along the way.
Make sure you are using encryption... if your using google mail; do https! The cookies can be stolen and your account can easily be taken over. I know this.
Encrypt your local drive. Truecrypt is available and FREE and will do full preboot encryption for windows/osx/linux. When choosing and algorithm, serpent is my favorite... you can take that for what its worth. I believe using that one would be a good choice.
If you want help in securing your box and I know you and you are a friend of mine I WILL HELP YOU. I don't mind taking a few hours out of my day for insurance in making your computing online a much safer possibility which can potentially save you a lot of pain and frustration.
Don't think you are safe because you are running OSX or linux either... e.g. using truecrypt is a good plan. (or LUKS for linux is even easier). grsec is also a good pointer, or running ossec as well as a bunch of other tools.
Wednesday, February 27, 2008
How to protect yourself online
Subscribe to:
Post Comments (Atom)
3 comments:
Lots o' good advice. I have kaspersky anti-virus and I like it. But I also use BulletProofSoftware for the adware that somehow always ends up on my computer. Prolly from downloading all that porn (just kidding). I hate Mcaffee with a passion. Always popping up asking if I really want to download something. Of course I do *$^#@$$, that's why I clicked on it.
Kaspersky is pretty good.
I did some research on bulletproof software and it is a bastardized commercial version of the free opensource package Search and Destroy.
read this article about BulletProofSoftware
http://www.spywareinfo.com/newsletter/archives/feb-2003/13.php
If it is based on S&D it is some good stuff as in the spyware arena my favorites are S&D and Ad-Aware.
But... it looks like they are remaking a free product a guy makes and gives away and claiming it as their own.
I can't PROVE that but the evidence looks fairly convincing.
One other thing I should add, the guy who wrote S&D (which it appears bulletproofsoftware repackaged as their own) here is his license. He wrote the entire program for his girlfriend.
Here is the license file for S&D
I. Freeware
First of all, the reasons why Spybot-S&D is free:
I.a. Dedication
Spybot-S&D is dedicated to the most wonderful girl on earth :)
I.b. Binary
What do you get if you buy software? Lots of ones and zeros, nothing more. If they were distributed as art, I could understand paying it. But if the main goal of their order is to earn money - by fees or ads - I don't like it!
I.c. Conclusion
This means that I grant you the license to use Spybot-S&D as much as you like. But if you like it, I ask two things of you: say a prayer for me (and the most wonderful girl while you're at it ;) ) to your god - or whatever you believe - and wish us some luck.
II. Limitations
II.a. Reverse Engineering
Reverse Engineering is not allowed as with nearly any software. If anyone has doubts in the honesty of the code, I will give insight to a trusted organization like a university under certain limitations (for example only one copy, for a limited time, and that has to be removed after the evaluation time has ended).
II.b. Warranty
I tried my very best to make the code of Spybot-S&D as stable as possible, andI give you the warranty that I placed no code to cause intentional harm to your system.
However, removing the threats targeted by Spybot-S&D sometimes involves cutting deep into the system sometimes, and I cannot guarantee that your system will be running the same as before. For example, spyware hosts may stop working. I can also give you no warranty that Spybot-S&D will remove every spy on your system, or that it will give you no false positives. For your own verification the location of the problem is shown with every entry, and if you have any questions remaining you can visit the support forum for more information.
II.c. Liability
Under no circumstances can you make me liable for any damages you might do to your system using Spybot-S&D.
II.d. Use of application in whole
Free use is limited to the application in whole. Usage of parts only, for example the database or the plug-ins, is not permitted.
II.e. Corporate use
As companies are not individual persons and would have problems fullfilling the above terms, there is a license for corporate users that can be found at safer-networking.ie.
III. Distribution
Here are some basic rules about distributing Spybot-S&D.
III.a. Private distribution
You may give away single copies of the software as long as you don't modify this license or other files of the archive.
III.b. Mirroring
If you want to mirror Spybot-S&D, feel free to do so as long as you don't modify the original archive, and do not charge for any part of the process. If you want to be kept up to date about major updates, you can subscribe to the mailing list.
Official mirrors need to fulfill the Mirror Policy.
III.c. Publishing
You may publish Spybot-S&D in a book or magazine (or other media) by simply sending a written request for permission, including a description of your specific needs. We request a copy of the media in which Spybot-S&D is published as compensation.
IV. Privacy
IV.a. Application offline privacy
Even though Spybot-S&D scans your system, it will not search specifically for any personally identifiable information. Everything that is not detected as a possible threat will be ignored. Possible threats will be shown and, if log options are switched on, written to a local log file.
IV.b. Application online privacy
Spybot-S&D has online functionality in 5 cases:
1. Update: The Update function uses only HTTP requests (like your web browser does) to download an info file containing update descriptions (this is called spybotsd.ini, and it won't be deleted, so you can look at it) and to download the update files you select. No information other than those your browser would also show will be transmitted.
2. News: The News function opens an IE window integrated into Spybot-S&D. This is the same as if you would load the News page on my main homepage in Internet Explorer.
3. Bug Report: The bug report function sends the problem description you enter and an automatically created report to our support staff. You can modify the extent of the report on the settings page, and you can preview this contents while you are writing the bug report.
Files listed in the attach box will be sent as attachments. The header will contain the information (sender name & address) you've entered in settings.
4. Product info & opt-out links: those may often link to dubious pages. You may open them at your own risk, but you should take care to meet some security measures (like firewall, latest IE updates, updated antivirus software) first.
5. Other links: Due to the nature of the Internet I cannot give you any guarantee regarding other links found on my web pages (neither my own, the support forum, or the donation site). But I have put my trust in them and do not believe any harm can come from them.
Post a Comment