are security software useful for it professional

[k3rast4se]

When I was 11-13 yo, I was spending days and night downloading p2p software and browsing you know what. I couldn't live without antivirus/spyware software due to the fact I was using ie6,limewire and .... Since 2005 i've completely stop using firewall,antivirus and even antispyware. I'm using way more secure software (firefox,private torrent and ...) and never had virus since. But i'm always wondering if running behind a hardware firewall(router), using win 7 64bit and knowing everything I do on my computer enough? I can't stop thinking I should use an antivirus, antimalware, keylogger?

Whats your opinion ?

 

[MrChad]

No, it's not enough. There is no excuse not to run an up-to-date antivirus on any internet-connected Windows machine. There are plenty of free options available (Microsoft Security Essentials, Avira, etc).

 

[fredbeard1301]

How is firefox more secure? In what way do you use FF that makes you feel secure? There are way too many baddies out ther nowadays that don't do anything to your box that are even noticeable. What's the harm in adding that extra security? Seems like you have an idea of what you're doing so adding another layer of protection can't hurt.

 

[wheresmybacon]

You need AV software. With Security Essentials being free and also a very good choice, there's no excuse not to be protected.

 

[Lemon law]

The fact that our OP was young and stupid and somehow avoided paying the price is somewhat irrelevant, we still have to answer the thread question, is being some malware security expert enough to avoid being the next victim of malware?

And I submit the answer to the question is no no and no.

No matter how much any given human being knows about computer security, they are still human, and thus slow as a snail, compared to the rate that malware can totally compromise a computer. Some modern computer exploits can totally fuck up a computer inside of 20 milliseconds, dream on idiots if you think if the fastest speedy Gonzales human are fast enough to compete.

Our only defense is having equally fast software that is faster than speeding malware,

And that fact applies equally to experts and newbies.

 

[VirtualLarry]

The only malware I've ever had, was because I mistakenly rebooted my PC, with a floppy disk with a known boot-sector virus on it, that I was playing with.

I don't run AV software, although I've installed and run MBAM a few times just for kicks.

Actual, no that's not true, I did get a virus online once last year. It was on my HTPC, which was running XP at the time, as adminstrator (didn't want to bother with the welcome screen, since it was a HTPC). Went on vacation, came back, and was surfing pr0n sites, when I fell victim to the Help Center exploit. Pretty scary when command-prompt windows start popping up on your screen, doing who knows what to your computer. Well, it was my fault, I didn't go to windows update when I got back from vaca, so my computer was missing a few months worth of patches. I learned my lesson. Paved that system, and installed Win7, not for security, but because I couldn't get hardware-accelerated H264 decoding to work in XP at all.

I don't torrent or fileshare.

Practice safe computing, and your risks go way down.

(N.B. XP Pro is relatively bulletproof from viruses, perhaps even moreso than Win7, if you use a limited user account and enable Software Restrictions Policy. Then, even if a malware downloads onto your system, it cannot execute and take hold, not even in the limited account.)

Edit: I don't see how an AV software would have prevented the IE exploit for Help Center either, so that wouldn't have protected me, even if I were running AV.

 

[Gamingphreek]

The fact that our OP was young and stupid and somehow avoided paying the price is somewhat irrelevant, we still have to answer the thread question, is being some malware security expert enough to avoid being the next victim of malware?

And I submit the answer to the question is no no and no.

No matter how much any given human being knows about computer security, they are still human, and thus slow as a snail, compared to the rate that malware can totally compromise a computer. Some modern computer exploits can totally fuck up a computer inside of 20 milliseconds, dream on idiots if you think if the fastest speedy Gonzales human are fast enough to compete.

Our only defense is having equally fast software that is faster than speeding malware,

And that fact applies equally to experts and newbies.

100% agree!

As an IT Security Professional, that doesn't make me invulnerable to attacks. Sure I may recognize various things and know what to stay away from, but there are so many different ways to compromise a system that it is impossible to defend against them all.

IT Security is largely a reactive field. You are always adapting and changing to the next exploit.

OP, 2 things:
1. Unless you want everyone in this thread to think you are still 11-12 years old, you may want to proofread your posts and apply correct grammar.
2. Not running A/V Software is a hideous idea to even think about. There was an exploit not too long ago in the .LNK files used for Icons on Windows sytems. Flash Drives were shipping in a compromised state so that your machine would be compromised as soon as you opened the Flash Drive in Explorer. You would NEVER know without SOME form of protection.

-GP

 

[Gamingphreek]

(N.B. XP Pro is relatively bulletproof from viruses, perhaps even moreso than Win7, if you use a limited user account and enable Software Restrictions Policy. Then, even if a malware downloads onto your system, it cannot execute and take hold, not even in the limited account.)

Edit: I don't see how an AV software would have prevented the IE exploit for Help Center either, so that wouldn't have protected me, even if I were running AV.

Absolutely incorrect. XP and previous versions of Windows were/are a security NIGHTMARE. All software assumed Administrative access and, for all intents and purposes, created a Single User/Single-Level Security environment.

Want more proof of the nightmare that was/is XP? Look up "Address Space Randomization". Linux has had it since 2003.

-SP

 

[VirtualLarry]

Absolutely incorrect. XP and previous versions of Windows were/are a security NIGHTMARE. All software assumed Administrative access and, for all intents and purposes, created a Single User/Single-Level Security environment.

Not true. Only certain broken, and system-level apps require administrative access.

Anyways, do you know of any drive-by malware that can bypass a limited-user account, with SRP implemented? I don't.

 

[Goosemaster]

Not true. Only certain broken, and system-level apps require administrative access.

Anyways, do you know of any drive-by malware that can bypass a limited-user account, with SRP implemented? I don't.

lulz.

 

[pcslookout]

The only malware I've ever had, was because I mistakenly rebooted my PC, with a floppy disk with a known boot-sector virus on it, that I was playing with.

I don't run AV software, although I've installed and run MBAM a few times just for kicks.

Actual, no that's not true, I did get a virus online once last year. It was on my HTPC, which was running XP at the time, as adminstrator (didn't want to bother with the welcome screen, since it was a HTPC). Went on vacation, came back, and was surfing pr0n sites, when I fell victim to the Help Center exploit. Pretty scary when command-prompt windows start popping up on your screen, doing who knows what to your computer. Well, it was my fault, I didn't go to windows update when I got back from vaca, so my computer was missing a few months worth of patches. I learned my lesson. Paved that system, and installed Win7, not for security, but because I couldn't get hardware-accelerated H264 decoding to work in XP at all.

I don't torrent or fileshare.

Practice safe computing, and your risks go way down.

(N.B. XP Pro is relatively bulletproof from viruses, perhaps even moreso than Win7, if you use a limited user account and enable Software Restrictions Policy. Then, even if a malware downloads onto your system, it cannot execute and take hold, not even in the limited account.)

Edit: I don't see how an AV software would have prevented the IE exploit for Help Center either, so that wouldn't have protected me, even if I were running AV.

Exactly! A limited user account is a must! Added with the extra security of SRP or AppLocker (even better) your system is purely unbreakable. Unless you blindly accept and give malware admin access.

There is nothing better or has less overhead. Nothing.

Still run a portable virus scanners and malware removers but that is it. You just hurt yourself the more you try to add for security.

 

[Gamingphreek]

Not true. Only certain broken, and system-level apps require administrative access.

Anyways, do you know of any drive-by malware that can bypass a limited-user account, with SRP implemented? I don't.

Everything that broke when Vista came out required Admin access and was denied it (Like it should have been).

I don't know any malware off the top of my head but there are more ways into a system than simply running an installer. There are more ways to affect the integrity/performance of a system than using basic malware.

Exactly! A limited user account is a must! Added with the extra security of SRP or AppLocker (even better) your system is purely unbreakable. Unless you blindly accept and give malware admin access.

I can't believe someone actually mentioned "Unbreakable" and "Windows XP" in the same sentence....

 

[seepy83]

Go take a random sample of 1000 Windows PC owners, and and find out how many of them know how to implement SRPs. While you're at it, tell me how many of them know how to do something as important as update their A/V signatures when they are running under a non-admin account.

I think you'll find that most of those users would rather never use their computer again than try to figure that stuff out.

Out of the box, Windows 7 is more secure than XP, and that's what is most important. You can't expect the average person to put much time into protecting their data because they would not be familair with the concepts. For a typical computer user, a computer is no different from a TV, Alarm Clock, or Microwave. It's a piece of electronics that you turn on and use. It's there to do what they want it to do, when they want it to do it. It's not something that the average person wants to know how to harden.

And as for the question posed by the OP ("are security software useful for it professional?") - basically, the same thing applies to most "IT Professionals". I know a lot of people that are IT Pros, but don't have a clue about Info Sec.

I've run a handful of different security suites over the years, and I've never had one do more harm than good. Other than some of them being resource hogs, I've never really been bothered by one...

 

[JRock]

Exactly! A limited user account is a must! Added with the extra security of SRP or AppLocker (even better) your system is purely unbreakable. Unless you blindly accept and give malware admin access.

Well even running as a limited user does NOT make your system "purely unbreakable".

Say I am able to throw myself a unpriv/limited reverse shell assuming you have unrestricted outbound Internet access, which most people do. Even if you don't I'll just use port 80 or 443... anywho... SO as I was saying I get an unpriv shell via some client-side exploit (web browser, torrent etc.) Now I start digging around. Just because the shell I have is running as an unpriv user doesn't mean I can't attack any services you have running on your machine running as an admin or system. Yea bypassing DEP and ASLR gets to be kinda hairy but bottom line is it can be done.

The only "purely unbreakable" system is one that is not powered on.

 

[pcslookout]

Well even running as a limited user does NOT make your system "purely unbreakable".

Say I am able to throw myself a unpriv/limited reverse shell assuming you have unrestricted outbound Internet access, which most people do. Even if you don't I'll just use port 80 or 443... anywho... SO as I was saying I get an unpriv shell via some client-side exploit (web browser, torrent etc.) Now I start digging around. Just because the shell I have is running as an unpriv user doesn't mean I can't attack any services you have running on your machine running as an admin or system. Yea bypassing DEP and ASLR gets to be kinda hairy but bottom line is it can be done.

The only "purely unbreakable" system is one that is not powered on.

Yes but that is just a limited account not with SRP or Applocker. I dare you to get around that.

 

[Elias824]

I just run spybot S&D have my system immunized, and use firefox I cant recall the last time I had a virus issues its been years. Once in a great while ill run a tred micro house call to check things over. I stopped running AV a few years ago mostly just because of the performance drop while gaming. Alot of the newer AV's though dont seem nearly as intensive as they used to be so I may pick up an AV program in the near future. Alot of it just comes down to what your using yoru computer for and how much your care about security, I pretty much only game on my system if I had to format after I got a virus it wouldnt really be the end of the world. My only real concern would be having logins or personal info compromised.

 

[Gamingphreek]

I just run spybot S&D have my system immunized, and use firefox I cant recall the last time I had a virus issues its been years. Once in a great while ill run a tred micro house call to check things over. I stopped running AV a few years ago mostly just because of the performance drop while gaming. Alot of the newer AV's though dont seem nearly as intensive as they used to be so I may pick up an AV program in the near future. Alot of it just comes down to what your using yoru computer for and how much your care about security, I pretty much only game on my system if I had to format after I got a virus it wouldnt really be the end of the world. My only real concern would be having logins or personal info compromised.

How do you know you haven't gotten a virus unless you have A/V software? Even if you have A/V software, how do you know you don't have a Zero-Day or something?

Pretty irresponsible to run without any A/V Software in this day and age.

-GP

 

[welshhotty2010]

p2p is a major security risk personally n is mainly used for illegal downloads n porn. All those hackers n dodgy viruses just lerking aroung the corner

 

[gsellis]

Actually VL, there have been more than a few exploits that took advantaged of unexposed vulnerabilities for privilege escalation that could circumvent 'limited'. First one I remember was a runas bug that allowed a blank command to get access as System (XP SP2 fixed it?). While the theory is good, the practice may not be well executed in all cases. I do remember that a recent patch was for an exploit that has been in the wild for about a year, but not disclosed by discoverer as they used it in a rootkit (I think this hit UK banks?).

The answer is defense in layers. Without SRP, AV, access lists, blacklists, firewalls, it is just wishful thinking. Exploits are about cash these days, so they go where they can engineer users into doing the hard work. But some are crafted.

I personnally have a basic firewall, software firewall, AV, second AV scanner (Malwarebytes), and use a modified host list (http://someonewhocares.org/hosts/). The biggest offenders have been 3rd party ads and P2P from what I have seen lately. Facebook is a freaking zoo, but reasonable safe when you use your brain and not get overjoyed and click happy when your friends post about the most 'Letz video on the interznets'. When my 53 year cousin posts that, I wonder when Facebook will fix the latest vulnerability....

 

[zerocool1]

what is an SRP?

 

[Gamingphreek]

what is an SRP?

Its a "Software Restriction Policy". You can basically limit the types of programs that can be run on a given Domain Client. SRP is only effective; however, if a user does not have Administrator access. If they have Administrator access, they can simply create a new local account that is not affected by the policy.

-Kevin

 

[Chiefcrowe]

http://technet.microsoft.com/en-us/library/bb457006.aspx

 

[zCypher]

While the biggest factor is certainly the user and their browsing habits, it's pointless to browse completely naked. What exactly are you gaining? I remember way back when running AV software crippled system performance, but it's not like that anymore. I really don't notice any performance slowdown when using Avira or MSE.

Even when I was younger, malware was quite a rare thing. Nowadays it's almost unheard of for me. I still keep my system as protected as I can though.

 

[digitaldurandal]

There is, I believe still, a command that source engine can be sent via server that will create a small buffer overflow which can then be used to eventually cause you to download and run an exe.

FTW. Valve was notified but last I checked it had not been corrected.