Adobe X sandboxes its self however they have a couple ways to break out already.
Switching off Adobe products is the way to go secure though obscurity isn’t the best way to go but it should stop a lot of canned attacks assuming nobody stole code from adobe and used it their pdf viewer
I have been pretty happy with security essentials it doesn’t slow the machines down and seems to pick up malware once the box is already infected lol
Also, Malwarebyte real-time (paid) version works pretty well too. All of the box copy A/Vs are so frieken bloated it’s ridiculous. AVG’s install file for 64-bit machines is 190MB…WTF?!
I’ll see if I can find that PDF video, you’d probably enjoy it. It was a bit over my head, but interesting/scary at the same time.
I was reading this and realized I didn’t have to do any of this on my Mac :lol:
And Apple is requiring all Apps in the app store to be sand boxxed :tup:
Useful tip would be moving all of your machines running XP onto Windows 7.
XP is still Microsoft supported, but I would recommend the same. Student discounts can come in handy as well.
Ya Sandboxing is pretty cool. I do like LittleSnitch on my Mac.
What the bump?
Nobody updated this lately and moving away from XP is probably a solid idea at this point 
Tell that to businesses, I can’t stand using XP anymore. Was able to get a Win7 laptop out of BCBS with some haggling.
This thread is “as old as a dog’s age” as they say.
But anyway… if you guys are using any windows 7 gadgets - get rid of them… been an issue for a while, and became common knowledge a few weeks back.
Just recently did a re-install on a new SSD myself. If you’re running 7 with any gadgets you ought to dump 'em asap!
Will probably have a whole list of other stuff after blackhat/defcon this week
Gadgets are a waste of space…fuck em.
Enhanced Mitigation Experience Toolkit
EMET - http://www.microsoft.com/en-us/download/details.aspx?id=29851
This is worth installing and using.
Run this EMET 4.0 - http://www.microsoft.com/en-us/download/details.aspx?id=38761
It now comes preconfigured for a bunch of applications.
This is huge in stopping 0day and known attacks against windows even if they manage to avoid AV detection.
:tup:
EMET 4.0 detects attacks leveraging suspicious SSL/TLS certificates
EMET 4.0 strengthens existing mitigations and blocks known bypasses
EMET 4.0 addresses known application compatibility issues with EMET 3.0
EMET 4.0 enables an Early Warning Program for enterprise customers and for Microsoft
EMET 4.0 allows customers to test mitigations with “Audit Mode”
EMET stopping IE8 0day - https://community.qualys.com/blogs/laws-of-vulnerabilities/2013/05/08/defense-for-the-0-day-in-ie8
I’ve also been reading that MSE isn’t cutting it anymore. Avast was recommended over at LifeHacker.
Honestly they all suck…
There are handful of commercial ones that work slightly better but avoiding anti virus is trivial.
Custom payloads
Custom encoders
Custom packers
Encryption
You’re better off with a more secure system configuration disabling flash/java from auto running, don’t use Adobe reader, use EMET, a large number of registry settings you can change, Egress filtering, logging, etc
in other words, make it so that you’re machine cannot actual execute any code.
actually, you know what, you’re better off just unplugging the machine and putting in your closet.
jk, but seriously… LZ is right. Relying on AV is a fail move. It’s going to catch low hanging fruit only, at best. A secure config will be a better setup, but then you have to deal with the fact that it will most likely break functionality of things you like to do, so you need to take the time to work through those issues. Most people will just give up and ignore the problem by then.
EMET 4.0 shouldn’t break stuff along with most standard security configurations.
You start running into issues running products like Bit9 in enterprises where you have 3rd party apps that are not signed however Bit9 is a really solid product.
The hotness in enterprise networks is deep packet inspection/ssl decryption if you malicious payloads get detected trying to ex filtrate data or connect back to a C&C server its game over for the hackers.
The financial loss is real even if your a restaurant, retail store, health care, small company or fortune 100.
It’s the cost of doing business and using technology you need to build security into your networks, pc, cash registers, kiosks, etc
deep packet inspection + DLP … mmmmmmmmmmm. GTFO APTs!! hah
seriously though, i’m buried in debugging some issues with it right now. sooooo many ICAP packets.
Security is all well and good, depending on who’s making decisions. I know a lot of people look at cost first (even though it could cost double or triple in the long haul). Another in IT is staff shortage. My department is so understaffed that sitting down to really look at security is unthinkable. Even if I was to lock down everything nice and tight it then becomes a burden in the future allowing exceptions or creating work arounds.
As far as AV goes, you have to think about it from a normal user standpoint. Does it protect against all threats…nah…not even close. Most users suck and click everything in sight, download whatever, and go to weird sites. IF there is a shinny icon down by their clock telling them it’s ok, they feel better. If it stops some of the infections it might not be bad to have.