On Wed, 23 Jul 2008 07:28:16 GMT, Root Kit wrote:
> On Wed, 23 Jul 2008 11:40:05 +1200, "Harry Johnston [MVP]"
> <harry@scms.waikato.ac.nz> wrote:
>
>>Root Kit wrote:
>>
>>> <quote>
>>> "We filter network traffic at the kernel, where malware can't avoid
>>> us," said James Grant, a ZoneAlarm team lead. "If you filter traffic
>>> in user mode, malware can see what we're doing."
>>> <end-quote>
>>>
>>> Yearh, right. As if malware wouldn't compromise the kernel as well....
>>
>>Well ... if the user isn't an administrator, it won't.
>
> That's correct. Unless the firewall is so badly designed it allows the
> malware to exploit it to gain SYSTEM credentials, that is.
>
> But unfortunately running as administrator is what the vast majority
> of windows users do.
That is sadly true!
A timely reminder and friendly advice for all the lurkers out there running
on WinXP, please take notice
The most dependable defenses are:
1. Do not work as Administrator; For day-to-day work routinely use a
Limited User Account (LUA).
2. Secure (Harden) your operating system.
3. Don't expose services to public networks.
4. Keep your operating (OS) system (and all software on it)updated/patched.
(Got SP3 yet?).
5. Reconsider the usage of IE and OE.
5a.Secure (Harden) Internet Explorer.
6. Review your installed 3rd party software applications/utilities; Remove
clutter, *including* 3rd party software personal (so-called) firewall
application (PFW) - the one which claims: "It can stop/control malicious
outbound traffic".
7. If on dial-up Internet connection, activate the build-in firewall and
configure Windows not to use TCP/IP as transport protocol for NetBIOS,
SMB and RPC, thus leaving TCP/UDP ports 135,137-139 and 445 (the most
exploited Windows networking weak point) closed.
7a.If on high-speed Internet connection use a router.
For the average homeuser it is suggested blocking both TCP and UDP ports
135 ~ 139 and 445 on the router and implement countermeasures against
DNSChanger.
8. Routinely practice Safe-Hex.
Also, ensure you do:
a. Regularly back-up data/files.
b. Familiarize yourself with crash recovery tools and re-installing your
operating system (OS).
b. Utilize a good-quality real-time anti-virus application and some vital
system monitoring utilities/applications.
c. Keep abreast of the latest developments.
And finally:
Most computer magazines and/or (computer) specialized websites are *biased*
i.e. heavely weighted towards the (advertisement) dollar almighty!
Therefore:
a. Don't fall for software applications touted in publications relying on
advertisement revenue.
b. Do take their *test-results* of various software with a *considerable*
amount of salt...!
c. ...Which also applies to their *investigative* test reports related to
any software applications.
d. Investigate claims made by software manufacturer *prior* downloading
their software; Specialized Newsgroups and/or Fora are a great way to
find out the 'nitty-gritties'.
Wanna know details? Go ahead and ask
--
Security is a process not a product.
(Bruce Schneier)