There is no such thing as 100% Security

[Bear]

"What we want to show is there is no 100-percent security," he told Ars
moments after unleashing code that remotely caused a high-end Asus laptop
to open a calculator program. "So even if you have a fully updated system,
you can still get your system compromised. "

The overall message? Security is an arms race being fought between
attackers out to plant the kinds of sophisticated espionage malware used to
spy on Google and dozens of other companies and the software companies
trying to prevent such exploits. While defenses such as sandboxing, data
execution (DEP), and address space layout randomization (ASLR)
significantly raise the bar for such attacks, hackers inevitably find ways
to work around them."

http://arstechnica.com/business/news/2012/03/ie-9-on-latest-windows-gets-
stomped-at-hacker-contest.ars?clicked=related_right

http://goo.gl/M5btE+

Bear repeats:
The only security you can have is what you do not do or reveal, how well
you encrypt sensitive data, and how good your recovery plan is. I rest my
case.

 

[p-0-0-h the cat]

I rest my case.

I wish.

 

[Dustin]

"What we want to show is there is no 100-percent security," he told
Ars moments after unleashing code that remotely caused a high-end
Asus laptop to open a calculator program. "So even if you have a
fully updated system, you can still get your system compromised. "

I'd like to see specific details of this. Something was amiss if remote
code was allowed to execute with enough rights to call out to a program on
the local machine.

This reaks of a specifically targetted attack vector.

The overall message? Security is an arms race being fought between
attackers out to plant the kinds of sophisticated espionage malware
used to spy on Google and dozens of other companies and the software
companies trying to prevent such exploits. While defenses such as
sandboxing, data execution (DEP), and address space layout
randomization (ASLR) significantly raise the bar for such attacks,
hackers inevitably find ways to work around them."

Hmm.. This is more into the realm of secure comms and/or crypto than it is
trying to make something hack proof.

Bear repeats:
The only security you can have is what you do not do or reveal, how

Security by obsecurity has been proven time and time again not to actually
work well.

well you encrypt sensitive data, and how good your recovery plan is.
I rest my case.

The recovery plan is really a cut/paste job from various sources
paraphrased with you as the sole author. Aside from that, it has
limitations in usage. It's primarily for hardware failure/theft data
recovery. It's still, despite what you want to think, unsuitable for
disinfecting a machine in most cases. It's overkill, excessive and a
shotgun approach for what could turn out being a relatively minor problem.

It's staggering to me that you freely declare you are *not* an expert in
such matters yet in practically the same post, infer that you are with
these plans of yours.

On a more serious note, You preach that such and such av/am app is better
than such and such other app, but you provide NOTHING substantial to
support the claims. You've mentioned you test the products yourself and
some of your comments are no doubt based on the results. However, when
asked about your testing methodology you won't divuldge it or share
samples via non public secure means with people (like me. lol). Who,
incidentally, actually are experts in malware amongst other subtopics
related to IT and IT security. You tried to use the absurd excuse the
samples you have are not for redistribution, but uhh, that is infact the
primary function of the programs--Assuming they are actually malicious in
nature. We have no way of knowing as you aren't willing to allow others to
safely examine them.

It's highly unlikely in reality that you have a source for malware that
the rest of us have no way of gaining the same family (maybe not identical
bins due to possible server side polymorphism) as you claim to have. That
couldn't be further from the truth. Researchers do share samples via
secure channels. You have no reason to need to protect us from possible
harm due to the samples you have, We aren't children here.

Several of us have either authored our own tools or supported those who
did directly in technical roles. Some have done both and still continue to
do so today.

It's my opinion that you likely know as much about malware executables or
the structure of a win32/64 PE about as well as you understand that system
images are not really intended for recovering from malware. They can
certainly be used for it, and in rare cases, behind a hardware firewall
while it's being blown back on (restored), but to tout them as a cure for
a virus or browser hijacker just reaks of amateur.

 

[p-0-0-h the cat]

The recovery plan is really a cut/paste job from various sources
paraphrased with you as the sole author. Aside from that, it has
limitations in usage. It's primarily for hardware failure/theft data
recovery.

Having a recovery plan is good, but prevention of theft in the first place is paramount.

He contests that you shouldn't keep anything important on a computer. That's all fine and
dandy, but unrealistic. People take risks in all sphere's. The sensible one's quantify
them, take steps to minimize them, and mitigate against consequence.

We are taking to a coward, who openly admits loathing to upgrade anything at work. That's
because he a useless dilettante. We've all met them. Those than can, plan. Living is
risky.

 

[Dustin]

Having a recovery plan is good, but prevention of theft in the first
place is paramount.

I agree. To slightly expand on prevention of theft, this is where crypto
comes into heavy play. In the event an image drive is misplaced or taken
without your permission, so long as a good crypto policy is in place on
the contents; it does the thief no good aside from reformatting and
using the drive for other data. The idea of course is that your data
should be destroyed rather than fall into the wrong hands. Unreadable
for most purposes is considered destroyed. Truecrypt is a nice app these
days if used properly, the enterprise/forensic editions of various apps
like passware can't breach them in any realistic amount of time. Using
multiple keys with keyfiles pretty much screws most individuals from
gaining unauthorized access. As we've seen in a real life court case
recently, the federal government doesn't have the ability to break any
crypto as we see on law and order and ncis. Short of a flaw in the
algorithms themselves or the implementations or improper key length, etc
etc, they aren't getting in. If uncle sam can't read your things, it's a
good bet your typical punkass thiefing little rat bastard won't be able
to either.

The most obvious drawback to cyphering image files tho is that should
the file become damaged, or you forget the keyphrase and/or lose the
keyfiles (You should use both, imo for the best possible opportunity to
lose your shit for ever. hehee) you run a good chance of losing all of
the contents, vs some file damage had it not been encrypted beforehand.

It's a tradeoff. In my case, some of the stuff is important enough to my
freedom that I'd rather lose the data than let anybody who shouldn't
read it do so.

He contests that you shouldn't keep anything important on a computer.
That's all fine and dandy, but unrealistic. People take risks in all
sphere's. The sensible one's quantify them, take steps to minimize
them, and mitigate against consequence.

That's extremely unrealistic. Computers are intended for people to do
things. In order to be productive and get things accomplished, they tend
to retain large amounts of information. As opposed to reloading EVERY
single file/section of code/html/xml, whatever each and every single
time you open project A, let alone project B, C, etc.

As you said, risk exists. There is no escaping it, there is however the
possibility of mitigating damages and losses.

We are taking to a coward, who openly admits loathing to upgrade
anything at work. That's because he a useless dilettante. We've all
met them. Those than can, plan. Living is risky.

Well, in the upgrading aspect, I'm not one for supporting unnecessary
upgrades. Just because something is newer doesn't necessarily mean it'll
serve me any better than what I already have going. It just depends on
the needs of the equipment for the task(s).

I've seen alot of cnc systems running custom software on very customized
hardware, in some cases, in shop built electronics on a pci card inside
the controller machine. You really don't want to start ****ing around on
those machines and upgrading software or hardware if you don't know for
sure what everything is doing. Especially if the cnc machine is
responsible for providing racing class engine parts. That's one sure way
to get yourself in a real mess and piss off a client.

 

[FromTheRafters]

Having a recovery plan is good, but prevention of theft in the first place is paramount.

Yeah, I don't suppose the folks at the Iranian nuclear enrichment
facility would have gotten by with the old 'restore an image and you're
good to go' mantra.

[...]

 

[Bear]

The recovery plan is really a cut/paste job from various sources
paraphrased with you as the sole author. Aside from that, it has
limitations in usage. It's primarily for hardware failure/theft data
recovery. It's still, despite what you want to think, unsuitable for
disinfecting a machine in most cases. It's overkill, excessive and a
shotgun approach for what could turn out being a relatively minor problem.

No it isn't and no it doesn't and no it isn't. It isn't suitable for
disinfecting a machine at all as it cannot do so silly. Reimaging is not
overkill, it takes 15 minutes for 50GB to restore a clean image. As for
what /could/ be a relatively minor problem as far as the user can tell,
could also not be. Why waste the time! If you like to waste your time
checking every file on your known to be vulnerable machine and think
only an easy fix will do it, without thoroughly checking deeper...you
will be in for a surprise one day. Such is a waste of time. Fix it and
don't do the same thing again...if possible.

It's staggering to me that you freely declare you are*not* an expert in
such matters yet in practically the same post, infer that you are with
these plans of yours.

I am not a malware expert regarding the specifics of function. I don't
need or want to be. I am an expert in many other categories which
includes managing and developing strategies to enable always using a
clean fast machine and protecting data...which my friend is what
everyone wants. No one wants to decompile malware but for a few
vocationally interested people...they want to free themselves of it. You
want to disinfect...then disinfect, I want a known clean machine to use
with as little effort in attaining such as possible.

 

[Peter Foldes]

Having a recovery plan is good, but prevention of theft in the first place is
paramount.

He contests that you shouldn't keep anything important on a computer. That's all
fine and
dandy, but unrealistic. People take risks in all sphere's. The sensible one's
quantify
them, take steps to minimize them, and mitigate against consequence.

We are taking to a coward, who openly admits loathing to upgrade anything at work.
That's
because he a useless dilettante. We've all met them. Those than can, plan. Living
is
risky.

Can you imagine a Company or even the Pentagon solving all their problems on an
infected computer system by formatting and the re-installing the OS and then
re-inputting all their programs and data ?? He (Bear) is a putz and not just any
kind but a first class one at that .


JS

 

[Bear]

Having a recovery plan is good, but prevention of theft in the first
place is paramount.

Yeah, I don't suppose the folks at the Iranian nuclear enrichment
facility would have gotten by with the old 'restore an image and you're
good to go' mantra.

[...]

Pity for them if so...maybe you could get a job. I certainly can get
along and quickly be good to go just fine, meanwhile you'll be taking
notes and digging deeper.

 

[Bear]

Can you imagine a Company or even the Pentagon solving all their
problems on an infected computer system by formatting and the
re-installing the OS and then re-inputting all their programs and data
?? He (Bear) is a putz and not just any kind but a first class one at
that .

Such is exactly what a world wide major corporation I work for does to
restore employees computers when issues arise. They certainly don't
spend (waste) the time to dig around and find and remove malware or any
other issues. Now you and yours fantasies about major Intranets being
managed by imaging, well that is a different animal and a far reaching
attempt for you to try and find some high ground. It just doesn't fly
regarding PC's.

 

[Bear]

No it isn't and no it doesn't and no it isn't. It isn't suitable for
disinfecting a machine at all as it cannot do so silly. Reimaging is
not overkill, it takes 15 minutes for 50GB to restore a clean image.
As for what /could/ be a relatively minor problem as far as the user
can tell, could also not be. Why waste the time! If you like to waste
your time checking every file on your known to be vulnerable machine
and think only an easy fix will do it, without thoroughly checking
deeper...you will be in for a surprise one day. Such is a waste of
time. Fix it and don't do the same thing again...if possible.

I am not a malware expert regarding the specifics of function. I don't
need or want to be. I am an expert in many other categories which
includes managing and developing strategies to enable always using a
clean fast machine and protecting data...which my friend is what
everyone wants. No one wants to decompile malware but for a few
vocationally interested people...they want to free themselves of it.
You want to disinfect...then disinfect, I want a known clean machine
to use with as little effort in attaining such as possible.

Follow up: Why is it virtually every post from you revolves around "I AM
AN EXPERT...YOU AREN'T"? Dustin...you have coding skills. That doesn't
make you Allah. Plenty of people, including myself, have valuable
experience and knowledge resulting in informative instruction. Get over
it.

--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail

 

[Bear]

Follow up: Why is it virtually every post from you revolves around "I
AM AN EXPERT...YOU AREN'T"? Dustin...you have coding skills. That
doesn't make you Allah.

I meant "That doesn't make you God". I am not a Muslim.

 

[FromTheRafters]

I meant "That doesn't make you God". I am not a Muslim.

X-NNTP-Posting-Host: is not the same as NNTP-Posting-Host:

Nice try though.

 

[Jack]

Such is exactly what a world wide major corporation I work for
does to restore employees computers when issues arise. They
certainly don't spend (waste) the time to dig around and find and
remove malware or any other issues. Now you and yours fantasies
about major Intranets being managed by imaging, well that is a
different animal and a far reaching attempt for you to try and
find some high ground. It just doesn't fly regarding PC's.

What exactly do you do at your "major world wide corporation". Do you
work on computers or are you in admin? I mean, is your work relevant
to computing.

 

[Bear]

I mean, is your work relevant
to computing.

Yes.

 

[Dustin]

No it isn't and no it doesn't and no it isn't. It isn't suitable for
disinfecting a machine at all as it cannot do so silly. Reimaging is
not overkill, it takes 15 minutes for 50GB to restore a clean image.
As for what /could/ be a relatively minor problem as far as the user
can tell, could also not be. Why waste the time! If you like to waste
your time checking every file on your known to be vulnerable machine
and think only an easy fix will do it, without thoroughly checking
deeper...you will be in for a surprise one day. Such is a waste of
time. Fix it and don't do the same thing again...if possible.

First of all, an image could disinfect a machine if it's doing the
restore at the sector level; it's just not intended solely for that
practice. Second, your time estimates are absolutely ****ing insane. You
*must* be using recent hardware to get those speeds. I certainly don't
have a machine here able to restore 50gigs from usb 2 in
15minutes...That's moving pretty damn good dude... heh. Decompressing
the image in memory, restoring to the system.. in 15 minutes? What are
you running?

Using Macrium reflect free edition from windows xp on this machine took
over 2 hours to backup 52.7 gigs onto a WD 1tb usb2 external. I couldn't
boot the recovery disc and use my mouse, Seems the vista PE environment
it's based on doesn't like ps/2 mouse? lol... And if you press the tab
key one too many times, you have no way to continue using the app on the
PE disc. You get stuck selecting/unselecting source drive(s). Sadly, it
selected them all by default, including my destination usb drive; so...
without a usb mouse (lol), PE doesn't work so well. IE: I couldn't get
back to enter the location once I hit the tab key too many times. And
thanks to auto selecting ALL drives, I couldnt proceed with the backup
without tabbing over to deselect my destination drive. What a ****ing
chore. lol.

You really don't test things good before you recommend them. It's a
usable app, but .. kind of a pain if you run it on older stuff.

I don't think of reverse engineering software as a waste of time. I've
learned alot along the way and made some good money at the same time.
Your milage may vary. You remind me of the car mechanic who replaces
parts until it runs again. Whereas a real mechanic would replace the bad
part because he was smart enough to determine which one it was.

I told you before, I've been an employed technician since I was 18 years
old. People surprise me more often than computers.

I am not a malware expert regarding the specifics of function. I
don't need or want to be. I am an expert in many other categories
which includes managing and developing strategies to enable always
using a clean fast machine and protecting data...which my friend is

You don't know the specifics of function yet you claim to be an expert
in keeping them clean and protecting data? For someone who thinks data
shouldn't be on the PC, how exactly are you an expert at ehhh,
protecting anything?

You way overestimate your usefulness.

what everyone wants. No one wants to decompile malware but for a few
vocationally interested people...they want to free themselves of it.

Decompile? I thought you had an IT expert at your disposal. If he's
using the word decompile, he's no expert. It's disassemble. Decompiling
is a different process.

You want to disinfect...then disinfect, I want a known clean machine
to use with as little effort in attaining such as possible.

little effort? Sorry pal, welcome to 2012; Gear up or get wasted.

 

[Dustin]

Follow up: Why is it virtually every post from you revolves around "I
AM AN EXPERT...YOU AREN'T"? Dustin...you have coding skills. That
doesn't make you Allah. Plenty of people, including myself, have
valuable experience and knowledge resulting in informative
instruction. Get over it.

I didn't mention my own expertise in the post Bear. I critized you but
didn't bring that aspect up. This is simply nonsense. You're out of your
league and as long as you continue to post bullshit, I might! comment on
it. You can put words in my mouth if you want too, but I tend to read
usenet as threaded subject posts. Some others do as well, they can read
for themselves. I'm not touting the "I know more than you know." like some
kiddo, like your accusing me of doing.

I think you just don't like stepping into a pile of poo and having someone
question you about it.

 

[Jack]

Yes.

So exactly what do you do?

 

[Bear]

I think you just don't like stepping into a pile of poo and having
someone question you about it.

You create your own poo...I avoid it

 

[Bear]

First of all, an image could disinfect a machine if it's doing the
restore at the sector level; it's just not intended solely for that
practice. Second, your time estimates are absolutely ****ing insane.
You *must* be using recent hardware to get those speeds. I certainly
don't have a machine here able to restore 50gigs from usb 2 in
15minutes...That's moving pretty damn good dude... heh. Decompressing
the image in memory, restoring to the system.. in 15 minutes? What are
you running?

HP Pavilion quad core. My old dual core Vista laptop wasn't much slower,
it processed in 15 min per 50GB. My HP does it in about 12 minutes.

Using Macrium reflect free edition from windows xp on this machine
took over 2 hours to backup 52.7 gigs onto a WD 1tb usb2 external. I
couldn't boot the recovery disc and use my mouse, Seems the vista PE
environment it's based on doesn't like ps/2 mouse? lol... And if you
press the tab key one too many times, you have no way to continue
using the app on the PE disc. You get stuck selecting/unselecting
source drive(s). Sadly, it selected them all by default, including my
destination usb drive; so...

I just use the Linux boot CD.

without a usb mouse (lol), PE doesn't work so well. IE: I couldn't get
back to enter the location once I hit the tab key too many times. And
thanks to auto selecting ALL drives, I couldnt proceed with the backup
without tabbing over to deselect my destination drive. What a ****ing
chore. lol.

You really don't test things good before you recommend them. It's a
usable app, but .. kind of a pain if you run it on older stuff.

There you go again. My testing is fine. Trying to use an old laptop in
today's environment is a pain for anyone. Surely you know this.

I don't think of reverse engineering software as a waste of time. I've
learned alot along the way and made some good money at the same time.
Your milage may vary. You remind me of the car mechanic who replaces
parts until it runs again. Whereas a real mechanic would replace the
bad part because he was smart enough to determine which one it was.

I don't have a problem with your reverse engineering. I have a problem
with you professing for everyone to do so. They won't.

I told you before, I've been an employed technician since I was 18
years old. People surprise me more often than computers.


You don't know the specifics of function yet you claim to be an expert
in keeping them clean and protecting data? For someone who thinks data
shouldn't be on the PC, how exactly are you an expert at ehhh,
protecting anything?

There you go again, lying to try and find high ground where there is
none for you. I profess that truly sensitive data shouldn't be on a PC
connected to the net...not all data as you state which is your
lie...pretty much 101 stuff there.

You can't get off this expert shit, yet you say you don't talk about it
LOL. I have enough experience and spent enough time (more than most)
developing my knowledge to enable the development of processes that
elude the issues. That is what people want...

You way overestimate your usefulness.

You don't have any clue as to what my usefulness is and you are simply
trying to keep the converstation down in the mud in a feeble attempt to
exert your perceived self-importance. I care nothing about that.

Decompile? I thought you had an IT expert at your disposal. If he's
using the word decompile, he's no expert. It's disassemble.
Decompiling is a different process.

There you go again...you can't get off the word expert and try to
belittle everyone as much as you can. I thus doubt your own expertise,
as true professionals don't feel the need to try to demand respect.

little effort? Sorry pal, welcome to 2012; Gear up or get wasted.

Another feeble attempt by you. You really must be a sad little person.
Considering you are still digging around trying to clean malware just
tells me you are the one behind the times.



--
Bear
http://bearware.info
The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-
mail