Advice Request If you could pick only one program for protection.

Please provide comments and solutions that are helpful to the author of this topic.

9

93803123

you are some kinda secret-squirrel

328a10dac69c5d4f753f12b7d2a82596.jpg


"Morocco Mole ! Get your behind over here and look at this. Elephants are hacking us ! And not just any elephant. Look. It's an Indian elephant. Aren't there a lot of tech companies in India ?"
 
F

ForgottenSeer 58943


Yes really. As I said, even IF compromised, it's protected anyway. Nobody is ever liable for fradulent charges/transactions for the most part. Even my biggest accounts are fully insured from fraud and theft. That was my point - they are already fairly well secured, and can be made even more secure, but in the event they become compromised most people are protected regardless.

It takes an act of god to login to my credit union though. Random artwork verification, double passwords, a phone call authorization. Even then, if the login (or debit card use) is from a different geographical location it locks the account and getting it unlocked is quite the pain. Some banks use pretty impressive multi-factor identification.
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
Yes really. As I said, even IF compromised, it's protected anyway. Nobody is ever liable for fradulent charges/transactions for the most part. Even my biggest accounts are fully insured from fraud and theft. That was my point - they are already fairly well secured, and can be made even more secure, but in the event they become compromised most people are protected regardless.

It takes an act of god to login to my credit union though. Random artwork verification, double passwords, a phone call authorization. Even then, if the login (or debit card use) is from a different geographical location it locks the account and getting it unlocked is quite the pain. Some banks use pretty impressive multi-factor identification.
Your account is insured, but your identity is not (you have to pay for a service if it you want it to be). Meanwhile, it can be tough for some people to pay bills and buy groceries while they're waiting for the bank to conduct an investigation, and replace the money in their account that was cleaned out. That's why I prefer to lock down tight, and never give the bad guys a pinhole of space to slither in through.

Names like NoVirusThanks strike a chord with me, because I have a deep-seated antagonism towards cybercriminals. The last time I got infected was in October of 2006. Somebody had (presumably) compromised one of Comcast's NAT servers local to me or something, because it made the news in my area (they estimated 11 million computers had been infected), but not nationally.

I performed an Acronis restore twice or thrice on each of my machines: two desktops and a laptop. And each time, after waiting 10-15 minutes for the system to be restored, I was infected again within seconds. So I installed the BlackICE firewall which stopped it, and started looking for other ways to defeat remote attacks.

Bot herders, spammers, robocallers... there's a special place in hell for the lot of them. But I've made it my mission to create a hell on earth for them also. "You've got some nerve to think you can just waltz into someone else's computer and take it over without permission. You're not getting into this fortress; I promise you that!"
 
Last edited:

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
On a side note, I love multi-factor authentication. It's definitely a step in the right direction.

The last time I got infected was in October of 2006. Somebody had (presumably) compromised one of Comcast's NAT servers local to me or something, because it made the news in my area (they estimated 11 million computers had been infected), but not nationally.
Come to think of it, the compromise had to be higher up the chain than that. Because I was in Lodi, CA, and a couple of friends in Turlock and Modesto were getting hit as well. And they were about 45 minutes to an hour from me.
 
F

ForgottenSeer 58943

Somebody had (presumably) compromised one of Comcast's NAT servers local to me or something, because it made the news in my area (they estimated 11 million computers had been infected), but not nationally.

I performed an Acronis restore twice or thrice on each of my machines: two desktops and a laptop. And each time, after waiting 10-15 minutes for the system to be restored, I was infected again within seconds. So I installed the BlackICE firewall which stopped it, and started looking for other ways to defeat remote attacks.

Wait, are you saying a Comcast upstream DHCP server node was infected and when it served the 1 to 1 customer NAT those became infected? That's some pretty serious business there. But how was it serving malware downstream of the node? Generally speaking, such notes won't service anything other than the DHCP pool and translation. Upstream past them, way way upstream there are hubs that distribute modem/router firmware upgrades and other things. Also there could be NXD redirect servers but all those do is redirect improper domains to their search engine mirror.

But I digress, I have seen quite a lot of things at this level, just not this specific one. For example Quantum Insert is effectively in use across America now, largely due to Project Groundbreaker. ATT is basically a federal agency at this point, and any area that needs intrusive sigint at the local level you'll find rapid deployment of ATT fiber networks and hubs with seemingly unlimited budgets. Quantum Injection is a thing now, most good UTM's detect it these days (commercial grade only). Quantum Insert is basically a Race Condition, where the local QI server intercepts the TCP stream then injects it's own TCP stream with a redirect into it. It does it under the RTT of the normal TCP round trip.

Comcast enables by default their own WIFI SSID on all devices. These are intelligence backdoors that allow them to transit the internal VLAN of the XFinity SSID into the local subnet of the secondary VLAN (your home network). Xfinity SSID wasn't done to provide widespread easy access WiFi to Comcast customers. Nobody uses it. It was explicitly done for intelligence gathering on any Comcast Customer location.

Right now their is technology in place to compromise many actors by virtue of that actor simply plugging in an ethernet cable to a device. Most people would be wise to work off of the assumption (at least in the USA and China, Russia lacks resources/money) that they are also vulnerable to this.
 
F

ForgottenSeer 69673

I forgot to mention if you add powershell to user space = yes, you have to untick it from guarded apps. I have not tested it against MT's malware because I don't have access but have tried it against testmyav files and nothing got through. I know some malwarehub testers here say they don't like the testmyav files but most are good to test with. I don't game so know nothing about ag and that. I do know it doesn't affect my amazon prime movie watching. I get no notification from it unless a file is being executed. For installs just set to allow installs. for gaming do same. I still use version 4 lifetime so not worried about the cost.
 

ebocious

Level 6
Verified
Well-known
Oct 25, 2018
252
Wait, are you saying a Comcast upstream DHCP server node was infected and when it served the 1 to 1 customer NAT those became infected? That's some pretty serious business there. But how was it serving malware downstream of the node? Generally speaking, such notes won't service anything other than the DHCP pool and translation. Upstream past them, way way upstream there are hubs that distribute modem/router firmware upgrades and other things. Also there could be NXD redirect servers but all those do is redirect improper domains to their search engine mirror.

But I digress, I have seen quite a lot of things at this level, just not this specific one. For example Quantum Insert is effectively in use across America now, largely due to Project Groundbreaker. ATT is basically a federal agency at this point, and any area that needs intrusive sigint at the local level you'll find rapid deployment of ATT fiber networks and hubs with seemingly unlimited budgets. Quantum Injection is a thing now, most good UTM's detect it these days (commercial grade only). Quantum Insert is basically a Race Condition, where the local QI server intercepts the TCP stream then injects it's own TCP stream with a redirect into it. It does it under the RTT of the normal TCP round trip.

Comcast enables by default their own WIFI SSID on all devices. These are intelligence backdoors that allow them to transit the internal VLAN of the XFinity SSID into the local subnet of the secondary VLAN (your home network). Xfinity SSID wasn't done to provide widespread easy access WiFi to Comcast customers. Nobody uses it. It was explicitly done for intelligence gathering on any Comcast Customer location.

Right now their is technology in place to compromise many actors by virtue of that actor simply plugging in an ethernet cable to a device. Most people would be wise to work off of the assumption (at least in the USA and China, Russia lacks resources/money) that they are also vulnerable to this.
Not sure. In fact, I have to go back on that, because I'm pretty sure I was the only one with Comcast. My friend in Turlock had Charter (I think), and probably the guy in Modesto as well. I know top-level DNS servers have been compromised before, but I don't know if it was DNS. I caught a glimpse of it on the news, and these two friends kept calling me (and they were reloading Windows the long way, with the recovery partition). And it was the same two names that kept coming up: SQL Slammer and Stack Bot.

What I can say is that I didn't even have the chance to open a browser before it happened. I don't remember if I had any instant messengers or anything like that running at startup, but I don't think I did. When I do use them (which is almost never these days), they're all portable versions.

A few things I will mention: all top-level DNS servers today use Anycast. We were running Windows XP back then. And McAfee was weaker then (it's still not the best, and I don't know that it ever will be). I believe it was in November (a month later) when McAfee went from this to this. They added some script blockers and other IPS stuffs, and it was way heavier on the system.
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,796
If hardware is an option to pick - I'd pick a Gryphon. Close second, RATTrap as my sole solution for security. (and both block ads)

This is the first I've heard of RATTrap. Would you put a RATTrap between your modem and your Gryphon? I ask because I read thru the RATTrap site and for me it was a tad too vague. Price dropped from $199 to $159, I could skip a few meals and get one if it was adding something meaningful. And it might be. Can you elaborate about it, or point to a good review? :unsure:
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,796
This is the first I've heard of RATTrap. Would you put a RATTrap between your modem and your Gryphon? I ask because I read thru the RATTrap site and for me it was a tad too vague. Price dropped from $199 to $159, I could skip a few meals and get one if it was adding something meaningful. And it might be. Can you elaborate about it, or point to a good review? :unsure:

Edit: fwiw amazon has a user review from someone who sounded knowledgeable, and thought this device did not do much...
 

Moonhorse

Level 38
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,728
I barely download anything, so smartscreen + virustotal would be minimal

For family members i have installed WD, since automatic scans , no nags, simple enough to use and never major bugs ( built inside)

I rather harden browser ( ublock origin, anti-phishing extensions , add bookmarks ( 2 factors if available )

Since neither me or my family members wont torrent anything, anti-phishing is the only thing im trying to focus on..
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top