Jump to content

Can AV's protect aftermath


sman
 Share

Recommended Posts

The chain of actions that culminates in infection via 'Stegnography' modus operandi, as brought out in "

is there any hope for protection aftermath? as the main malicious code is going to stay un-detected by AV's and only behavioral/heuristic defense to be relied upon against the chain of action to follow.. So does one need to disable scripts, disable JAVA, have anti-exploit in place, monitor for un-usual traffic activity, monitor processes especially when carrying out Online Banking or does the multi-factor authentication (or rather 2-factor authentication of all transactions) sufficient to keep one protected)?

Thanks in Advance..

Link to post
Share on other sites

In my opinion, one needs to meter the number of security topics one reads.  You'll work yourself into a frenzy and shoot your computer.  Learning is good, but don't look for something bad around every corner.

Link to post
Share on other sites

I visit 'firstenercastfinancial.com' for Ben's/market views and now the site is under the radar with Google and popular browsers, alerting to 'phishing attacks' ahead.. I have to circumvent it with other browsers like Mxnitro ..So how does one take it, when a very popular website to be categorised thus and red flagged is hard to accept.. 

So, there is no good site/bad site and going online is a venture into a minefield, no room for complacency, a bitter reality of the other side of technology.. 

Link to post
Share on other sites

A website that offers memberships, subscriptions, or prompts you for anything that is considered personal or confidential information is technically phishing.  If you want to join or subscribe, that's required information.  If it tricks you into providing it, or manipulates your browser to get it, that's true phishing.  Software that warns you does not spend time or research resources to investigate intent, and that is what makes all the difference.

Link to post
Share on other sites

One can view the forum without subscribing and the views expressed give good insight of the market (esp. I visit for views on NG-Natural gas) and the site is a very popular one.. What I really meant was, just because of some spammer, the site has been red-flagged, which had no issues till then and which I had been following for years..Even when, I view the forum in Mxnitro w/o any issues.. It is the popular browsers which still have it red-flagged..

Why I referred to this site, was to highlight the way problems can crop up un-expected and need for caution..

Link to post
Share on other sites

One man's caution is another man's self-inflicted exile.  Only you can decide how much caution you're willing to take and how far you are willing to take it.  But, as Gonzo said, you have to rely on some caution when reading about new threats.

The only safe computer is one that connects to no devices externally at all (and never has) - no flash drives, no optical discs, no external hard rives, memory sticks, SD cards, no internet, no wireless connection, no Bluetooth, no peripherals, etc. ad nausea.  Other than that, the only thing you can do is read carefully and use proactive prevention.  If you have determined that the site you want to visit is clean, then visit it.  The risk is yours to take, but by avoiding sites that have been flagged, by avoiding sites that cater to hackers, and by avoiding sites with poor security of their own, you decrease the risk factor.

Look at it this way:  If you drive a car, no matter how safe of a driver you are, you can still be injured in an automobile accident (and rather easily, too).  It is up to you to minimize the risk factors when driving, but you're still never 100% safe.  To take that to the extreme, then would be to say "Well, I;m never driving another car again."  In that case, you're reducing (not eliminating) the risk of being injured in a car accident. You can negate that risk factor almost completely by saying "I'll never drive nor ride in a car again"  OK, so you won't be injured in a car accident while in a car.  But, a car can lose control on a street and jump the curb where you are walking.  Or a car could take a corner in your neighborhood at a reckless speed, lose control, and come plowing into your living room.  So, the only way to avoid being injured in an automobile accident is to avoid all automobiles for the rest of your life.

In other words, you've minimized the risk to the best of your abilities, but the risk is still there.

The same applies to a malware infection on your computer.  With Malware, again, as I mentioned above, the only real way to prevent infection is to not connect to anything

The best you can do is minimize your exposure if you plan to connect to the Internet, use USB devices, memory sticks, Bluetooth, etc.

Link to post
Share on other sites

50 minutes ago, John L. Galt said:

One man's caution is another man's self-inflicted exile.  Only you can decide how much caution you're willing to take and how far you are willing to take it.  But, as Gonzo said, you have to rely on some caution when reading about new threats.

Cheeeeeers.gifClapping Hands.gif

Link to post
Share on other sites

if the roles are reversed, I would like to see people take the risks which I go for in Online Trading.. And after all the efforts & risks, if one were to lose his returns to crooks/criminals online, the concerns will be all too evident.. For an insight, 'Firstenercastfinancial.com' charges about $7.5K (this was years back) for annual subs for NG and it's the most volatile market of all (even volatile then Crude oil, Bullion).. The stakes are too high and it's a 24-hr market.. As such, dealing with life's uncertainities and dealing with crooks/criminals are poles apart, completely different..I don't think need to say anything more..

Link to post
Share on other sites

Apparently you misunderstood my post.

Dealing with either situation is not what I was referring to.  The risk associated with your preferred method of communication and transportation is.

There are things that I do that I would not tell the average user to do - one of those things is being a software βeta tester.  You have to have a particular skill set when testing software, particularly on live, production machines (which, almost always, most Beta tests strongly advise against doing) so that if something happens, you are able to quickly recover your machine back to a working state.  If you are unable to do so, and, more importantly, are unfamiliar with doing so, then you simply have no business testing βeta software to begin with.

By the same token, I do not have a single clue regarding ForEx, Commodity, general Stock, or any other type of trading, whether online or even through a brick and mortar brokerage.  For that reason alone, I would not be visiting a site devoted to that endeavor.  However, if I wanted to learn about it and the site is touted by reputable people that I know personally, I might be willing to carefully visit the site and make my own judgment as to whether it is really malicious or not.

Link to post
Share on other sites

I have to be 'online' for a high stakes activity and need to stay protected from losing my hard earned efforts to criminals lurking online..  The ultra caution approach thus goes with it.. And when AV's would fall short of protection, then how to stay protected? That is the bottom line..

Link to post
Share on other sites

Here is a great post explaining in detail the answer to your question.  As David Lipman, myself, and Maurice (in the post below) mention, it's up to you, but do realize you're never going to be fully protected if you are online at all.   It is simply not possible.  If it is digital it can be hacked.

HTH

Link to post
Share on other sites

One can't fight 'unknowns' but only against 'known'.. As Health problems will be treated only after a diagnosis of the symptoms and medications to go with, Likewise, against known security issue of the Banking Trojan delivery via 'stegnography'. is there protection to go with? 

 

Link to post
Share on other sites

  1. Two factor authentication
  2. Virtual machine images and snapshots that can be restored at the drop of a hat

If that doesn't work, use a telephone.  Just make sure not to use a wireless phone or cell phone, as those can be easily monitored.  You can never fight against unknowns successfully, and there are far too many areas to investigate to ever allow you to spend any time at all on what you want and need to spend time on UNLESS your goal is to feed your fears.

The next car you see may be the one who plows into you because his traffic signal just barely turned red before he got to it. Protection doesn't work if both drivers don't play by the same rules.  That next bite of your dinner may have E.coli or some other critter that could attack you.  You washed your hands, so why didn't the guy who prepared your food.  You either stop participating or accept that there is always a certain degree of risk that you are willing to live with.  A third option is to develop that protection yourself.  Good luck with that one.

Link to post
Share on other sites

Wrong.  One can fight unknowns, to a point.  Like I said, to prevent being in a car wreck while in a car, don't ride in cars. 

Health problems bring up a whole new case to consider, biological factors versus environmental factors, which is not within the purview of this discussion, as you can avoid every single possible cause of, say, a particular type of cancer, but still be biologically inclined to develop it.  So that point is completely moot in relation to computer security.  With computer security, there is an end-all solution - stop going online.  Your operating system on its own is not malicious (personal methodologies aside, of course), and thus you are 100% safe if you follow my advice above.  if you choose to ignore the advice, you will never be 100% safe.

A file hidden by stenography, for example, may or may not be detected by various malware products.  Furthermore when the hidden file is activated by whatever means necessary, as David was trying to explain to you, it may or it may not be detected.  Go read up on Ransomware (as it is colloquially called), and understand how it works - and understand that 4 year ago there was nothing to do other than:

  1. Format your hard drive and start over, or
  2. Restore your system from backups that you've been making religiously to help prevent something like this from taking you down.

No product will ever be infallible - in case you missed it, here it is again - if it is digital, it can be hacked. 

And thanks, @gonzo, I was composing this as you wrote - we were along the same lines, weren't we?

Link to post
Share on other sites

Another little piece to the protection puzzle to consider as well...

If the threat can be accurately identified, a sanitizing method can be determined and implemented.  That doesn't necessarily mean that users of "that sanitizing method" are willing to accept the slowdowns, resource usage, overhead, and general "me first" attitude that the method will require.  Even when you get what you want, you don't get what you want.

Learn the game.  Accept the risks or choose not to play.  That IS the only solution.

Link to post
Share on other sites

If not for the sensitivity and stakes involved, I would be content with the AV player's guarantee's on refund/compensation in the event of infection whil'st in use (by Norton, comodo etc.) but can't rest with it..But when '100% safe' is only a myth and not a reality, how do these player's offer 'full protection'?  A mystery indeed.. 

yes..2-factor authentication does calm things around..But all hell breaks loose, when a new modus operandi of 'cyber theft' comes to knowledge, to haunt me again, as to whether 'I'm safe? my system is safe?', to confound me till I get my bearings again.. 

Now, the thing uppermost is the 'stegnography' aspect and how 'full protection' is being offered by AV player's? 

Link to post
Share on other sites

And if that is the case you'll be living a shorter life because of all the ulcers that you're giving yourself.

If you cannot accept the fact that you'll never be fully protected online, so be it.  But if you're going to sit there and wring your hands instead of looking up positive information, such as the use of Virtual Machines and solid backups to assist you in case the worst happens, rather than researching new modus operandi by criminal cartels to infect your machine, then there is not much else we can say.

If you make a VHD of your current system, for example, and run it in a Virtual machine, then if it gets infected, you have your original machine to run as a backup.  OTOH, making full system backups of your system allows you to quickly restore your system in the even of a cybernetic attack visited upon you from whatever method.  One of these methods (and really, if you want to play it safer, both) should be used by you if you're actually that worried about the articles you keep finding.

There is no such thing as affirmation but a security company - ask any security researcher and they will tell you the same thing we've already told you.

Link to post
Share on other sites

VM's can be a resource hogg, if not supported by hardware 'virtualization' to get the real benefit and malware has evolved to evade VM trap.. Also both 'host' and 'guest' OS has to be maintained & backed up.. Sorry for these views.. 

Is ;MS's 'Sysmon' effective in detecting malware activity? Is there a Win-10 version of it? TIA.

Link to post
Share on other sites

It doesn't matter whether malware has evolved to evade VM traps.  You, as the user, need to build disaster recovery methods, back up your data, and in general recognize that you will never be completely safe.

If Microsoft could detect malware effectively, there is no guarantee they would be able to defend against it.  They don't have much of a track record in being able to build a OS that doesn't end up needing hundreds - if not thousands - of security patches.  Those are the ones they have figured out how to fix.  They won't tell you about the other ones.  And no, I don't have any inside information on that topic.  You don't readily admit shortcomings if you want to sell your product...Sales & Marketing 101.

 

Link to post
Share on other sites

You couldn't have said it better.. I'm also 'sick' of the 'security' hypola and would be better off rid of it..Will work out a best plan of action to get things going even if 'protection' were to take a hit.. Thanks once again to all your views..

Link to post
Share on other sites

  • Root Admin

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

 

I'm also going to close this topic now as good solid information has been supplied. Whether you read up on the information and use it is up to you though. As the old proverb says: You can lead a horse to water but you can't make it drink.

Thousands of Researchers around the Globe play with some very dangerous malware and normally are very safe in doing so by understanding the risks involved and mitigating them as needed.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.