• Using multiple layers of security — an update

    Home » Forums » Newsletter and Homepage topics » Using multiple layers of security — an update

    Author
    Topic
    #488000


    LANGALIST PLUS

    Using multiple layers of security — an update

    By Fred Langa

    Given the many threats to personal computers, no single security tool or technique can protect you against all forms of attack. The best defense against malicious hacking and snooping uses multiple layers of security that backstop each other, ensuring that no single failure leads to an infection.

    The full text of this column is posted at windowssecrets.com/langalist-plus/using-multiple-layers-of-security-an-update/ (paid content, opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.[/td]

    [/tr][/tbl]

    Viewing 9 reply threads
    Author
    Replies
    • #1377124

      What is missing in any multi-layered security approach is mention of sound backup practices.
      We tend to see security and backup as separate when in fact they are highly complimentary.

    • #1377157

      There is only one way to protect your system. Before I started my current job (contractor call center PC related), I did PC repair for a Mom and Pop (literally) outfit for 5 years and saw all kinds of gremlins and asked myself, Self; how do you prevent this from happening? Well, I’m going to tell you. Virtualization and the discipline to resist using non-virtuallized OS browsers. I actually am double-virtualized. I run SandboxIE inside my XP VM which resides in my Win7 Host. Anyway, I keep a prestine golden Snapshot ready and also 2 backups usually after a new program (that I trust) or OS update happens, I stop the session (just X out) then I recover from my previous Snapshot (takes all of around 5 seconds to do), do the install/OS update, update my rudimentary anti-Trojan protector (Threatfire; not even running a full anti-Virus since why should I worry about viruses anymore; I virtuallize, but the little paranoid self in me still wants a tid bit little protection. lol. I do run MSE in my Win7 system which I very very rarely go online with (risk when I do; could run SandboxIE in Win7 now, but don’t want to tax my system any more then I have to)) and of course XP’s very limited firewall. The only time consuming thing to do in this process is to delete the oldest (not the Golden) Snapshot; takes up to 10 minutes for whatever reason. Ten minutes once or twice a month is a small price to pay for peace of mind. Again, this is my solution and I’ve been hit with drivebys and literally laugh at them (MediaMillitia’s site was hit a few years ago; I do computer art as a hobby and they host some cool free clip-art and when I tried to get more images for play one day that fateful day, I was hit with what appeared to be a Vundu attack). So, this solution’s been full-proof from me since 2008. It’s the solution that I came up with that appears to work but it won’t protect you agains key-loggers and spoofed sites that try to steal your identity, so you still have to watch out for these phishing attacks. But, for the viruses that try to destroy/attack your OS, this technique is the best that I’ve come up with and trust me; it’s affective. 🙂

    • #1377184

      Good one lylejk, I would have said virtually the same thing (har har)! XP is the most secure OS of any that Microsoft has ever produced because one can use Microsoft Steady State; one layer, done. I was hoping Microsoft would revisit that line of protection again someday after removing it from Vista but so far as I know, nothing.

    • #1377190

      Recently I have switched to using this as my home page:
      https://startpage.com/

      Anyone know if it really helps? Safer?
      Works slower? I can’t seem to find a setting to make it start searching as I type text; it waits until I hit “return/enter” key. Otherwise I “feel” safer and this gets around my other Google “re-direct” virus I have not solved on IE9 x32.

      • #1378069

        Recently I have switched to using this as my home page:
        https://startpage.com/

        Anyone know if it really helps? Safer?
        Works slower? I can’t seem to find a setting to make it start searching as I type text; it waits until I hit “return/enter” key. Otherwise I “feel” safer and this gets around my other Google “re-direct” virus I have not solved on IE9 x32.

        I use Startpage for all searches. I use “blank” as my home page.

        I believe that Startpage is very safe in terms of privacy issues. Whenever you do a search on Startpage, they first strip out all identifying info, and then they feed your search request to Google. Consequently, you get all the benefits of Google, with none of the privacy risks.

        The director of Startpage, Dr. Katherine Albrecht, is very privacy-conscious. She’s one of the very few who seem to be concerned about all of the ways your personal info is continually recorded. Check out her website: http://www.spychips.com.

        If you’ll set startpage as your default search engine, I believe you’ll find it to work better and faster.

        Group "L" (Linux Mint)
        with Windows 10 running in a remote session on my file server
    • #1377204

      I think all that is is a buffer site where they can search without you broadcasting your personal I.P. address, which means you have to trust startpage.com with your I.P. address, and they might care more about it than Google does, or not. Once you search it returns the same results, some of which may be the same leads to malware or redirect viruses that one might get if not following sound surfing practices.

      The only thing it prevents as far as I can see is Google’s ability to know your I.P. address and possibly do some sort of targeted advertizing based on previous visits and items searched for.

    • #1377394

      Fred, you didn’t mention the option of creating separate standard and administrator accounts and doing your work in the standard account. This isn’t practical with Windows XP, but I have used it as rule (even for myself ) for Vista and 7. Of course, I don’t allow in much anyway… It might be interesting to see if there are any test results to show if this has lessened security problems.

      • #1377796

        I read Fred’s February 27, 2013 article, his Sept. 13, 2012, top story, titled “SAFE, step one: Encrypting all sensitive data.” Yet I still have a couple of questions on Encryption. I have winzip 16 pro so I will use that. If I decide to zip and encrypt all my recent tax files and folders, do I then delete all the files and folders that I just encrypted, and leave just the zip file? I think the answer is yes, but I want to make sure. I also have a folder in which I keep my credit card statements. If I encrypt the folder, and then I get a new statement, how easy is to just add the new file? Or is it easy to go in and review a past statement?

        • #1377984

          I read Fred’s February 27, 2013 article, his Sept. 13, 2012, top story, titled “SAFE, step one: Encrypting all sensitive data.” Yet I still have a couple of questions on Encryption. I have winzip 16 pro so I will use that. If I decide to zip and encrypt all my recent tax files and folders, do I then delete all the files and folders that I just encrypted, and leave just the zip file? I think the answer is yes, but I want to make sure. I also have a folder in which I keep my credit card statements. If I encrypt the folder, and then I get a new statement, how easy is to just add the new file? Or is it easy to go in and review a past statement?

          With Winzip, even in the same zip file, files are individually encrypted (you can even have different passwords). This also means that adding an encrypting files will usually require 2 operations, unless you check the Encrypt option before you add a new file.
          Anyway, you can add new files and you can read individual files from a zip file that has encrypted files.

    • #1377969

      A few observations:

      1. The ‘hardware’ password protection offered by your BIOS (EUFI’s may be stronger) is not much better than Windows password protection (which can be defeated simply by booting up a linux-based password reset CD), since it won’t do anything to protect your hard drive from being hijacked and read and won’t even keep your system from booting up if an attacker hardware-resets the BIOS contents. By contrast, a disk-resident hardware password is often pretty secure: if you forget it, you (and anyone else) have lost your data forever.

      2. Security in the sense of privacy against local physical access (save for ‘shoulder-surfing’ and leaving your machine running and unlocked while unattended) can be achieved with a single password, if it’s used for strong ‘whole-disk’ encryption (whether via the disk hardware itself or through use of software such as TrueCrypt). Your disk can’t be read, your system can’t be booted, your data (backed up, of course) is secure. However, whole-disk encryption can entail some inconveniences, especially for people who use the software approach and boot multiple systems on the same disk, so if encrypting only a small amount of especially sensitive data will be sufficient that may be a better choice.

      3. lylejk’s virtualization approach is effective but does not materially differ (at least in its effectiveness against viruses, which he claims is its purpose) from simply using Sandboxie-style virtualization to encapsulate browser access and taking frequent backup images (which one should do anyway) just in case. Given my occasionally decidedly unsafe browsing habits I might be tempted to use sandboxing or full-system virtualization if I had even encountered (let alone been harmed by) a malware attack in the past decade, but the use of NoScript in Firefox plus a good active anti-malware application plus a good firewall that monitors out-going as well as in-coming traffic plus a hardware firewall in my router that makes our systems externally invisible to probes seems to provide all the protection we need, and differentiating constantly between changes one wants to save and those one might want to sandbox (and perhaps save permanently later) just doesn’t seem worth the bother (though if I didn’t maintain the ability to reinstall our systems and applications from scratch and restore their data to a reasonably current state I might feel differently).

      4. I use Startpage (used Scroogle while it lasted) and generally like it. I’ve seen no reason to suspect that they ‘harvest’ IP addresses or other information, whereas I KNOW that Google does, so that’s good enough for me (I’m not paranoid: I just don’t like the practice so avoid it when I can – e.g., via ‘Google Sharing’, though that slows down occasional sites significantly).

      5. The free 7-zip utility certainly allows one to read individual files in and claims that it can add files to existing archives, though I haven’t used the latter facility. Haven’t used WinZip recently enough to remember its capabilities in this area, but I’d be surprised if it didn’t. And yes, there’s little point in encrypting your sensitive data if you also leave an unencrypted copy lying around (but make sure to create an additional encrypted backup copy and verify that both copies can be read before getting rid of the originals).

    • #1377976

      Ya, therin lies a difference of opinion or more like philosophy. If I could see a uniform, dependable low-resource layering that was universally (or nearly so) useable, instead of one of the most convoluted, layers encroaching on other layers and any number of system slowdowns and blocked accesses, from nuisance to horrific, I’d be all for it. Getting security to behave properly takes as much time or more than virus cleanup…and why do folks keep getting viruses again and again; because even if they have security, they can easily overcome it and have no sure method for ascertaining the effectiveness of what is in place.
      Experts and critical thinkers know how to layer up and maintain, the other 90% of the population does not. I don’t even use virtualization for protection against viruses myself, or if I do, its way way down the list, but I think users stand a fair bit better chance of understanding one layer and the possible need to save data to a separate data drive or retain changes when needed. No way of getting around how effective system virtualization is when a client calls and says they have the FBI or hidden files virus and you can give them a one word fix; reboot or if that’s not possible pull the electric supply cord, whatever…and a minute or two later; your welcome, that’ll be…oops, there’s a problem; charging for virus removal!

    • #1388129

      One thing the article didn’t address is security in context. What I mean is, I want my wife to be able to easily access our (financial, mostly) data in case something happens to me. I’ve made it easy for her to access what she would need by logging in to her account on my machine with the same username and password she has for her laptop (this also makes sense in terms of network setup). She pretty much never uses my machine, but I’ve made it clear to her that she can log on to her account and get what she needs if the worst happens.

      I don’t want to make it harder than necessary for her because while she uses computers all the time, she’s not good at problem solving computer issues or exploring options. A system level password would probably stop her cold even if I told her what it is.

      So I’m all set relative to external security issues, but the idea of someone accessing my machine directly (if they get past the Windows login passwords) has me stumped. Maybe the best I can do is to keep the front door locked and the home security system activated.

      Does anyone know anything about biometric security?

    • #1388130

      One thing the article didn’t address is security in context. What I mean is, I want my wife to be able to easily access our (financial, mostly) data in case something happens to me. I’ve made it easy for her to access what she would need by logging in to her account on my machine with the same username and password she has for her laptop (this also makes sense in terms of network setup). She pretty much never uses my machine, but I’ve made it clear to her that she can log on to her account and get what she needs if the worst happens.

      I don’t want to make it harder than necessary for her because while she uses computers all the time, she’s not good at problem solving computer issues or exploring options. A system level password would probably stop her cold even if I told her what it is.

      So I’m all set relative to external security issues, but the idea of someone accessing my machine directly (if they get past the Windows login passwords) has me stumped. Maybe the best I can do is to keep the front door locked and the home security system activated.

      Does anyone know anything about biometric security?

    Viewing 9 reply threads
    Reply To: Using multiple layers of security — an update

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: