Solved

how to secure simple operation when so many advanced features build in vulnerability?

Posted on 2011-09-22
6
494 Views
Last Modified: 2016-03-23
apart from my business concerns which provide a wealth of unanswered and maddening questions and the associated need for a security audit as advised on here......

ive another equally aggravating question. This is about my home setup, which i long suspected some malicious ghost in the machine.  It was running XPPro SP2, then SP3; but just recently I decided to upgrade?.. toi win7pro. Now, upon install, from the clean sweep option offered on the install discs, initially all seemed well, however with days, everything... programs, symtoms, users, groups, firewall rules and other 'opendoors' just were there??

in addition to the pleasure of something new and unfamiliar to me suddenly present with each fresh starting of the computer, it seems to now becoming more apparent and many property pages, folders, options /selections for various items all show 'empty', or 'unknown'.. are shaded out and not available, and overall more and more I am being denied citing administrator level required, despite having such permission per user lists. As disturbing is the ever growing lists of users, groups, permissions, security groups, GPO's, firewall configs and or services that balloon with changes and additions that I have not done, and the machine is not touched physically by anyone else. Ive installed the AV, essentials, ect... turned on the firewall... yet nothing seems to do much for any reasonable length of time.

This leads me to think that whatever is behind these phenomenons has unfettered control of everything, including protections, os, firewall, and even i suspect my own ability to do anything effective and substantial about it.

Worse, when investigating the issue, (any given one), largely the information oiffered or available is either pathetic as in returns like 'unknown', 'not found', or just blanks where I should think something wouold be. I see this with logs, events, properties, attributes, and more. So it begs the question what cannot be overtaken and manipulated? Can the protections themselves be comprimised? If so, how can this merry go round of frustration and exposure to all manner of dangers be stopped or avoided? Or can it be? Some agrue that unknown users, ect.. processes or other should be deleted and countermeasures , step by step must then be deployed to expose the sources of each problem.

Aside from the obvious question of where the hell do you start with something like this.... but more, how can one be certain of what canb be deleted or disabled or otherwise when the function or the prurpose is either unknown, unexplained, cant be determined?.. Even more complex is the notion that even legit processes and functions, services and programs both in the OS and outside, in programs installed or addin manufacturer programs can be overtaken. Cloaked, piggy backed, hidden or hacked, in these cases, how the hell can one, whether novice or expert ever stay on top of it, much less GET ontop of it?!

I just want a computer that works for simple home use.... but even default settings for most functions are such that out of the box, you are vulnerable. With no mention, instruction or direction of this, or of how to configure a system based on your specific need.

I dont know much but I assume to know that everyone cant be myred in the disfuntion that plauges my operating... yet equally, surely there are many suffering just as I am.

Any ideas?.. suggestions.... instructions.... ?

even tales of the pleasure felt upon smashing the damn thing against something, or stoimping with vigor on /off the thing untill out of breath... anything.

" I'd pee on a spark plug if I thought it'd do any good"... - can any name this movie quote? :)
0
Comment
Question by:misunderstanding
  • 3
  • 3
6 Comments
 
LVL 13

Accepted Solution

by:
khairil earned 500 total points
ID: 36585747
Hi,

Pretty lengthy.

Nothing seems to simple when you connected to internet. Even if you have install antivirus there might be other holes that can be use to penetrate by hackers or viruses.

The synonym is simple, your computer is like your house:

1. You install grill to your windows to prevent criminal break into your house. You must install anti malware to prevent virus from comint to computer.
2. You need to fix your broken door so that robbers do not enter your house. You must patch your system and application so that it fix what broken in your computer.
3. You put blind to your windows so no one can peek and see you. You must install firewall to protect your computer.
4. You only invite someone you know to your house. You must not go to explicit sites like prono or untrusted online games OR installing pirate softwares - they just bad as bad people invited into your house.
5. You locked the door and windows when sleep or leaving home. You must also update your anti malware and lock computer from unauthorized access.
6. You learn how to safeguard your house and yourself. You also must learn how to safeguard your computer and yourself in cyber world.

This is good starting place to learn about security, http://www.microsoft.com/security/default.aspx

-khairil-
"Do you think people with knowledge are same as the one who don't ?"
0
 

Author Comment

by:misunderstanding
ID: 36586537
My thanks for your calm, simple and clear likening to ones home security; albeit that aspects, terms and others parts of tangible security fall far short in my opinion of equating the endless complexities of what something functions for... good? bad?.. likely will TAKE, not be given free reign to be both. Also, absolute uncertainty when it comes to the security and intergrity of even local system links, clicks or navigation. It is wholly obvious to even the most technologically challenged that antiV, anti Spam, firewalls, and diligence is called for to even feel a crumb of ease; however, what to do when infections of whatever kind put to question the once secure steps designed to thwart dangers? As in, the path traveled to Microsoft to link to help... or the chance that the site you arrive upon is not a crisp copy of what is supposed to be impregnable?

With complete respect I say this and in no way mean to suggest anything of your kind insights, facts are that Ive hired pro's from smaller, qualified, certified IT peoples, to larger, national eakSquads in hopes of some accountabily for the results just as I am accountable to write the check. In all, better than a half dozen of these. Ive also employed the software and associated configurations of each attempts, the one Ive not done, is a stand alone security device, a hardware firewall. Ive used Win's OS firewall, paid attention to the settings, got MS Essentials, got the Malicious Remover current, tried Defender but found that with Win&, the MS essentials, and the Defender cannot coexsist despite both being children of Microsoft.

Much of what Ive been advised on here and from others cite similar measures, in particular the best practices of removing unfamilar users or groups, if prompted, and its unfamilar or not by you, from you, then dont allow or open it.... the websites that are diseased... but when the decision to and the times to do disabling, deleting is to be based on the info offered about the risks or nature of the item, presumably triggered by some trait, telltale sign, or indicators, is as vauge or as ambiguous as the item you and/or your system is questioning.... then how to make the right choice? One can easily remove, or disable a thing that can disturb the wntire fuinctions, even making it more difficult to so much as use the computer as intended.  If infections or hacks or remote executions  picked up by the various protections employed and the OS built in's; compromising confidence with them, then what?

Ive read that Safe Mode, coupled with various Windows tools can help, but sofaras I can tell, this is done individualy, to a process, program, mystery file or folder... in some cases having to restart after each to determine if THAT was a problem or not.!   How many years can this take?... by the time you go thru , you'd need to start at the beginnning again as you've surely been reinfected somehwere else while you were fixing or investigating elsewhere.  Perfect example is a root kit infection, or the ever friendly self propogating ones. This is to say nothing of the fgeatures of most programs, MS OS's inparticular have advanced capabilities that, unless known to change it, has defaults that invite troubles, access and/or rights and permissions that either automatically assign, can be taken or given to other processes, can make elctuions, change choices, and undo most configurations that I can do.

Where 'knowing is half the battle', and knowing with certainty is scant... how can this train be stopped once the foot is in your door?

Wisdom, its been said, is knowing that you dont know. So, in this reagrd I am a wise man... what I am not is knowing what to do next.

Lastly, Ive evenb been suggested to disable all USB and disc drives.!??  Not that I dont see the point of this measure, but how the hell can you get anything done then!?  It would be like having a car that is best not to drive as the wheels  shouldnt be used in that way.,..

So... GURU Khairil, as Ive taken notice... What say you my friend?... what say any / all of you out there in TV land?... I am all ears.

 
0
 
LVL 13

Expert Comment

by:khairil
ID: 36588596
Hi,

Disabling USB and disk drive is like to lock yourself in the house in an island far-far away. Nobody get to you and so does you.

USB and CD/DVD are mediums for sharing, which also means mediums for virus too. It is OK to use them but be aware not to plug into unsafe computer and then plug into your's. Computer at cyber cafe or used by your children to play games are consider unsafe.

It is GOOD to engage with experts in the field, but at least you need to know the basic so that you are not paying more for what you have known. The site I gave you is good staring point. You can dive deeper when you familiar with initial but crucial information.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Closing Comment

by:misunderstanding
ID: 36590020
Along with my thanks, Ive posted a follow up comment which cites my opinions re garding perhaps a bit more discussion if at all possible. However, what was recieved, and graded here was a hattrick of my top tells of a quality answerer. Top3 being Great Conveyance; thru relatable comparing Calming, simple is soothing,  Comprehensive, by demonstrating his read of my questions by one by one, my points were addressed, orderly like.

Bravo, . Thanks Again.
0
 

Author Comment

by:misunderstanding
ID: 36590141
hello again khairil, and again thank you. despite how my writing may end up read at your end, I have a fair grasp of the basics you mention and we've circled around. Given this relative understanding I claim... given that this is satisfactory; can you comment on any of the specific challenges I outlined? The general overriding theme underwhich all of my examples and specifics fall is of the design challenges, those factory settings or default config's that make it soo much more complicated for anyone, myself included to wrap their arms around.?

Your site link is helpful and I am continuing to surf from there. however, to my point herein, with each click of the mouse, with every scroll down a page, comes one after another little concerns and its associated setting and/or change by malice that commands attention to fix. In just a short time, it is easy to see how the overall goal of secureing and stabalizing a system becomes an endeavor of military scale. Daunting to say the very least.

I appreciate that walk is before run and that also once healthy, diligence with patch, updates, constant eye on the ball so to speak, will yeild a far more robust system. But

It is clear that the site referenced does not hit my urgency for intelligent qualified advice.  So to this thinking, can you offer some opinion or even just a personal perspective on my more macro points first, then deeper touched on in my second note? A fix is a protracted effort I agree, and noone, even you guru, can't possibly wave a wand or effect fixes thru this medium... A fix here, a adjustment there... sure, but in this case; with cascading needs, Ill nned to hire a live, house call tech locally.

But what can you say of others, like you or even a layman, not of your training, that seem to evade these troubles.... what does everyoner else do that i am, not or did not...

please reread above for points made, and kindly comment on these if yuou please./

0
 
LVL 13

Expert Comment

by:khairil
ID: 36591207
Hi,

The site is for basic information only.

For example, for USB drive you need to know that it is the medium to transmit viruses. You go more detail on that by asking 5W1H - When, Where, Why What, Which, Who and How.

Example:
1. How it transmitted - via autorun.inf
2. How to prevent it - turn off autorun on CD/DVD
3. Where can I turn off autorun on CD/DVD - From Control Panel then .....
4. What I need to do to prevent virus from affecting my USB - Do not use it on unsafe computer.

That only the example, everytime you have question you can ask or google around, there wil always be somebody going to help you.

Comparing New Windows and Old Windows is like having house with a lot of doors and compartment, where as Old Windows is like having boxed house with one room and a door only. With little things you have means less to guard and secure. Adding more feature means more and more you have to look into.

Windows maker do their best on protecting their product, but they still need you as end user to understand all the risk. As Windows is so complex, they try to make them automate as possible so you have less thing to consider and remember on the security.

If you like to know more detail on security the you can read it here, http://www.sans.org/reading_room the have LOTS of informations, overwhelming I should said.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now