P
Phred
Thanks for the response, Jo.
Cheers, Phred.
jo said:
Cheers, Phred.
F
Frank Bohan
Alastair: I've just seen on the Google archives your response to my reply to
your burglar analogy, which for some reason did not turn up in my OE
downloads, and I think we are broadly in agreement on this. I did find a
text file left behind, rather incomprehensible but apparently harmless, plus
the usual cache entries. However, several "problems" were either false
positives or apparently non-existent, and could not be confirmed with
E-Trust, Spybot, Ad-aware, Spyware Guard, Spyware Blaster, A-Squared or
Ewido.
One point I would make is that the statement on the PCAudit front page
<quote> pcAuditT is a free security evaluation program, for personal
computers, developed by Internet Security Alliance, Inc. </quote> is
misleading. To describe a program costing $60 per annum as free, or at best
failing to differentiate clearly between the $$$ware program and the free
scan, seems to me to be wrong.
To finish on a positive note, you mentioned in your post that this thread
had led you to some freeware programs which have improved your security.
Perhaps you would care to share your finds.
Regards,
Frank Bohan
¶ Do witches run spell checkers?
your burglar analogy, which for some reason did not turn up in my OE
downloads, and I think we are broadly in agreement on this. I did find a
text file left behind, rather incomprehensible but apparently harmless, plus
the usual cache entries. However, several "problems" were either false
positives or apparently non-existent, and could not be confirmed with
E-Trust, Spybot, Ad-aware, Spyware Guard, Spyware Blaster, A-Squared or
Ewido.
One point I would make is that the statement on the PCAudit front page
<quote> pcAuditT is a free security evaluation program, for personal
computers, developed by Internet Security Alliance, Inc. </quote> is
misleading. To describe a program costing $60 per annum as free, or at best
failing to differentiate clearly between the $$$ware program and the free
scan, seems to me to be wrong.
To finish on a positive note, you mentioned in your post that this thread
had led you to some freeware programs which have improved your security.
Perhaps you would care to share your finds.
Regards,
Frank Bohan
¶ Do witches run spell checkers?
B
B. R. 'BeAr' Ederson
Where is the need to be online while doing these tests?!
Remember: The program does *not* acquire information the way a hacker
does (outside-in system intrusion), although the website seems to say
so. But PC Audit acts the way a trojan does (from the inside after
execution). As base functionality it does no more or less than trying
to use the online capabilities of your system to send system relevant
data.
It's simply a question of system fortification whether this task will
succeed or not. You can even tell the results beforehand, if you know
some basic facts of your system setup. I don't know (and don't care)
if PC Audit tries to disable or deceive running security software.
It would only be a somewhat advanced feature.
Without online connection it could test whether it *can* or *can not*
access or change resources, replace system files, start services and
so on. The results could be presented to the user while still offline.
As a *last* check there could be the test of using the IE libraries
(and/or other system resources for online-access) with very simple
*non-sensitive* data. I wrote about this before...
There are many areas in the whole test process, where (in most setup
conditions - different) warning bells should ring. But - from what
its website and several descriptions on the net tell - PC Audit does
*not* base its design on the pure presentation of system weaknesses,
but on sensationalism. Using a simple conjuring trick PC Audit shows
your data from the net.
Every AV program which warns of PC Audit does well. It is doublefaced
to complain AV programs should 'know of the good-natured character'
of PC Audit and pity the demonstration of security holes. Whether
PC Audit is bad or only plays the bad program a *very inapt* way:
Security software *should* warn, stop, and so on.
I didn't say that PC Audit has lacks in this field. I added these
thoughts, because they are needed to provide a consistent concept.
If you read back: The only words directly addressing PC Audit on my
last post are:
| If security-software bases its analysis on (partially) sensitive data
| sent to a server with unknown (to-be-trusted) security status over an
| insecure (not encrypted) line, than the programmers of such software are
| either malevalent, careless, or feckless. (Or all of these at the same
| time...)
I said that I didn't test the program and therefore can only base
my opinions on the information found online. The major source of
this is the website of ISA itself. I criticized the basic concept
and provided my opinion of ways to solve the central problems.
You have not been rude at allJust have not shown why anyone
should be suspicious of this tool
Security software has to be straight-forward and *must not* try to
infatuate with cheap effects. If it chooses the latter way, and
(above all) violates the security of user data and arouses suspicion
in general, the program *ought* to be avoided.
BeAr
B
B. R. 'BeAr' Ederson
You wrong me *very* badly! I act myself (and teach others) the way of
'knowledge bevor decision'. I read about PC Audit from different sources
(conceding the authors of PC Audit a very important voice). After that
I summed up and shuddered. There is *no gain* in security, but a large
security hole and a lot of dangerous uncertainty. Better sources to
test the system setup are available. And even if they were not: Using
*none* will be better than using the *wrong* 'security tool'.
Most security adjustments can be done with onboard tools, anyway.
But speak as you wish. We are two voices and the readers can choose
their way. And, by the way, it is not the worst approach to security
questions to be a bit 'paranoid'. (As you called me...) ;-)
BeAr
P
Phred
G'day mate,
Fair enough. But what are they, please?
Ah... I see. No need for the naive general public to know. ;-)
Jesus wept mate! What's this -- some sort of matinee serial from 50
years ago... All will be revealed next Saturday arvo... ?
Okay, you're the expert. Elucidate for the ignorant here please. Or
at least point to sources (web or real) of reliable info that we
neophytes may be able understand, and even apply.
P.S. I noted that you seem to have most concerns about the on-line
nature of the "tests" such as applied by PC Audit and similar, and
referred to the better method of working locally with a trusted server
etc. (Though perhaps I've misunderstood you here?) But this leads to
the question of how does the average Joe Blow perform such tests when
there's only one PC in the house? Perhaps that will be revealed when
you respond to my other questions... Seeya, mate.
Cheers, Phred.
B. R. 'BeAr' Ederson said:
Fair enough. But what are they, please?
Ah... I see. No need for the naive general public to know. ;-)
Jesus wept mate! What's this -- some sort of matinee serial from 50
years ago... All will be revealed next Saturday arvo... ?
Okay, you're the expert. Elucidate for the ignorant here please. Or
at least point to sources (web or real) of reliable info that we
neophytes may be able understand, and even apply.
P.S. I noted that you seem to have most concerns about the on-line
nature of the "tests" such as applied by PC Audit and similar, and
referred to the better method of working locally with a trusted server
etc. (Though perhaps I've misunderstood you here?) But this leads to
the question of how does the average Joe Blow perform such tests when
there's only one PC in the house? Perhaps that will be revealed when
you respond to my other questions... Seeya, mate.
Cheers, Phred.
A
Alastair Smeaton
SSM - system security monitor can catch attempts to inject dlls with
potential trojans.
I can't see the issue with false positives - their site gets info from
your pc when you choose to run their trojan - of course spybot and
others find nothing wrong with your system - cos there is only a
problem when you choose to run the downloaded demo trojan - the
pcaudit exe itself - by definition here, spybot and others confirm
that the pcaudit exe leaves no aftertaste
On the issue of payment - I got a free check to see if my system was
vulnerable - I can then look at freeware solutions to the
vulnerability - or choose to pay pcaudit for this if I wish
cheers
B
B. R. 'BeAr' Ederson
This is a *very* wide field and has only a few direct connections to
freeware. Ask this question within the appropriate groups to get
very detailed (and truly expert!) answers. Just a few examples:
comp.security.misc
comp.security.firewalls
alt.comp.virus
But of course I can give you a few possible starting points on the
net, too. I didn't thought it appropriate to bump in with a large
and nevertheless (even from my point of view) very incomplete and
arbitrary list of resources. But here you are: ;-)
http://www.claymania.com/safe-hex.html
http://www.securityfocus.com
http://www.ntsvcfg.de/ntsvcfg_eng.html
http://www.microsoft.com/technet/security/CurrentDL.aspx
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
-> But read my additional notes on MBSA here:
Message-ID: <[email protected]>
http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html
http://www.wildlist.org/WildList
https://netfiles.uiuc.edu/ehowes/www/main-nf.htm
http://www.pcflank.com/about.htm
http://bcheck.scanit.be/bcheck
http://www.testvirus.org
And 2 very good in German:
http://www.heise.de/security/dienste/browsercheck
http://www.heise.de/security/dienste/emailcheck
Remember that I only provided a quick and dirty (to some degree even
promiscuous) list!
No. Not in general. But if one is not too sure about his/her current
security status, than connecting to the web *should* be avoided. And
all tests which can be done locally (or within a local network) should
be done *there* and not on the net.
I think so. ;-)
Bye for now. I have a life to live. And answering such questions
'en détail' would prevent me doing so... ;-)
BeAr
J
jo
B. R. 'BeAr' Ederson said:
OK. Let us assume you are talking from a position of some knowledge of
computer security.
But you have neither made your point nor advanced alternative
strategies.
P
Phred
"B. R. 'BeAr' Ederson" <[email protected]>
wrote:
[snipped links etc.]
Hey! Why should you be any different to the rest of us here? ;-)
Thanks for the list of links and other comments.
Cheers, Phred.
wrote:
[snipped links etc.]
Hey! Why should you be any different to the rest of us here? ;-)
Thanks for the list of links and other comments.
Cheers, Phred.
B
B. R. 'BeAr' Ederson
Okay. The same a bit more striking: You have no problems to send a list
of your directories and files, a screen shot of your desktop (maybe with
Icons of the running processes on the Systray), the identification of
your computer, and the general information that your computer is (maybe)
insecure to someone (about whom you know little more than nothing) on
the Net. You even don't care that this data is unencrypted, although any
server on the way of your data could be a malicious 'man-in-the-middle',
looking for *any* ID data.
*What for do you need a secured computer at all??!*
In the hands of a hacker this data sure is not the whole key to your
computer. But he/she can select and try some especially promising, at
least.
If you don't mind, okay. But ISA pretends to be security specialist.
*They* (at least) should know better. They set the data of their users
at risk, while they insist to increase the security awareness, at the
same time. - *What an oxymoron!*
If I see a 'security company' committing such severe errors, I get
suspicious. It is not very feasible for people involved with security
to risk customer data with no need. In my previous post I showed
some simple ways to avoid these 'needs'. So I repeat:
| malevalent, careless, or feckless. (Or all of these at the same time...)
Underlying malware functions are not needed for me to dismiss this
program. But you should be aware that the shown approach leaves easy
ways to transmit other (yet more sensitive) data. Maybe with this
version. Maybe only after the program has a larger popularity. (They
could always claim that the function in question just 'slipped' in,
unwanted.) Maybe they are in fact truly good guys. - I don't care,
as long as they don't fix their basic design.
As I responded to Phred, already, it is a wide field. I showed a
few resources worth reading. And I showed links to sites with
basic browser tests, too:
Message-ID: <[email protected]>
Please notice that I listed the test sites last. I did this on
purpose, because you should only test your system when you think
it is already safe!
There is *one* situation in which I would regard the approach of
PC Audit legitim: Demonstration for computer security novices,
done from a built-to-be-unsafe system by security experts. It is
a show-off. Nothing else.
BeAr