There is an issue with the Web Protection is some Security Software. Avast doesn't scan Trusted Websites by Default so malvertizing has the upper hand.

100% security is an illusion.
 
  • Like
Reactions: Xtwillight
D

Deleted member 178

That's a real problem. that is actually my biggest worry: when a trusted download site gets hacked. However, the malicious download will probably not have a sig from the actual vendor, in such a case. So if you are patient enough to check the sig, you will probably be okay.
or when people downloaded Linux Mint to have a more secure OS than Windows and realized days later that the download server was hacked and hosted a backdoored version of the OS...
 
Digital Signature = Zero (you can copy the Digital Signature from the header of the file by using assembly). I can do it an example if someone really wants.

Another cool type of attack is when someone uses some type of DNS-Spoofing to deliver a fake update.
 
  • Like
Reactions: Xtwillight

shmu26

Level 83
Verified
Trusted
Content Creator
bottom line is that the user has to keep himself educated about new threat vectors, no matter what type of security setup he has. An educated user with good tools can keep himself a lot safer on the PC than he is on the road.
 
  • Like
Reactions: _CyberGhosT_
D

Deleted member 178

and how would a smart user protect himself from this linux download in the first place? ISOs don't have digital sigs and can't be checked on VT
by hash, normally the developers of any OS/programs release the original hash ; then you just have to compare it. Under real life situation, hashes cant be faked, because if you change one bit of code of a program, the hash would change accordingly. (there is some complex mathematical and algorithmic theories about "hash collisions" but the chance to find one is near impossible)
 
If you mean protection without using signatures, yes that's possible. Most important things would be whitelisting, virtualization, and rollback software. An example of this would be voodoo shield set to always on, using comodo atuo sandbox, and using shadow defender all the time (Except when you want to change something). Another good addition is hmpa.
 
D

Deleted member 178

If you mean protection without using signatures, yes that's possible. Most important things would be whitelisting, virtualization, and rollback software. An example of this would be voodoo shield set to always on, using comodo atuo sandbox, and using shadow defender all the time (Except when you want to change something). Another good addition is hmpa.
How many times i will say it !!!!! just use my setup (if you can handle it ) listed in my signature :D :p
 

shmu26

Level 83
Verified
Trusted
Content Creator
by hash, normally the developers of any OS/programs release the original hash ; then you just have to compare it. Under real life situation, hashes cant be faked, because if you change one bit of code of a program, the hash would change accordingly. (there is some complex mathematical and algorithmic theories about "hash collisions" but the chance to find one is near impossible)
do you use a certain app or web service to find and compare hashes?
 

Mr.X

Level 7
Verified
Nothing beats the proper users' surfing behaviour education. I's the best protection you can ever have without spending a single amount. :p
Could you point out where I can get this information please? Specially the one which is completely free as you say.
 

shmu26

Level 83
Verified
Trusted
Content Creator
Could you point out where I can get this information please? Specially the one which is completely free as you say.
If you read through the various posts in this thread, I think you will get a good education. People hashed out the issues pretty well.
 
  • Like
Reactions: _CyberGhosT_

Mr.X

Level 7
Verified
by hash, normally the developers of any OS/programs release the original hash ; then you just have to compare it. Under real life situation, hashes cant be faked, because if you change one bit of code of a program, the hash would change accordingly. (there is some complex mathematical and algorithmic theories about "hash collisions" but the chance to find one is near impossible)
Well, some say nowadays it's possible with small sized files, iirc less than 5MB are susceptible to forge, even SHA-1. For large files like Windows ISO images no problem at all, it would need vast resources (amazing and comples and expensive computational power) to forge a Windows iso file.
So in my opinion:
1. For small files (<5 MB): SHA-256
2. For medium/large files (>5 MB) SHA-1
 
  • Like
Reactions: askmark

Mr.X

Level 7
Verified
If you read through the various posts in this thread, I think you will get a good education. People hashed out the issues pretty well.
Honestly I asked @CMLew in a quasi-rhetorical way :p
I know it's impossible and not achievable to be safe with only good surfing habits. If this wasn't true then the myriad of solutions available of advanced protection like ReHIPS, Sandboxie, ERP, AppGuard, you name it, wouldn't exist in the first place.

On the other hand there's malware with very advanced capabilities to mislead anyone.
Exempli gratia:

One of your company’s employees could be reading the latest news about the Olympic games on a trusted page (possibly even on a reputable news page), and if he clicks the wrong advertisement–one that looks like an advertisement but isn’t– the system will be infected.

A super small section of the code from the website (which seemed trustworthy at first) is actually in charge of cataloguing the user and the machine to look for adequate malware, and then downloading it. This could happen to your business while it also hits the New York Times, Yahoo, BBC, or AOL.

Malvertising can infect anyone. The enemy hides in those banners bordering websites. Cybercriminals probably gain access to websites by hacking into networks of real advertisements. In 2015, Google blocked 780 million malicious ads that could have easily passed by as legitimate advertisements.
http://www.pandasecurity.com/mediacenter/malware/malvertising-protect-business/
 

Mr.X

Level 7
Verified
As a matter of fact, I'm too lazy to stop and analyze a link on a webpage so I just click it and that's it.
I am a damn happy clicker guy :D:p:)
If it wasn't for Sandboxie, AppGuard, ERP... doh!
 

shmu26

Level 83
Verified
Trusted
Content Creator
Honestly I asked @CMLew in a quasi-rhetorical way :p
I know it's impossible and not achievable to be safe with only good surfing habits. If this wasn't true then the myriad of solutions available of advanced protection like ReHIPS, Sandboxie, ERP, AppGuard, you name it, wouldn't exist in the first place.

On the other hand there's malware with very advanced capabilities to mislead anyone.
Exempli gratia:


http://www.pandasecurity.com/mediacenter/malware/malvertising-protect-business/
like it! I wish my sense of humor was as subtle as yours.
 

CMLew

Level 23
Verified
Honestly I asked @CMLew in a quasi-rhetorical way :p
I know it's impossible and not achievable to be safe with only good surfing habits. If this wasn't true then the myriad of solutions available of advanced protection like ReHIPS, Sandboxie, ERP, AppGuard, you name it, wouldn't exist in the first place.

On the other hand there's malware with very advanced capabilities to mislead anyone.
Exempli gratia:


http://www.pandasecurity.com/mediacenter/malware/malvertising-protect-business/
That's what I'm doing it to my 9-year-old niece. I gave her a simple laptop (Core duo, 2GB RAM) without any protection. It was on window 7. What I did is to harden the window itself only and slowly teach them the world of WWW. I did let her experience how it feel to get infected using my laptop (she was amazed by ransomware though, as she thought the coder is smart and potentially an entrepreneur, LOL!!). I explain to her how downloading can potentially exploit yourself to malware, how your behaviour can affect the browsing, and how you could overcome it.

I know it's not possible to eliminate, but I believe with proper education, young kids can be trained to be safe.

PS: Im also tempted to educate them that AV-sig are craps, but at this moment, I hesistated... LOL. :p
 
  • Like
Reactions: _CyberGhosT_