Olympus-OM
[Top] [All Lists]

Re: [OM] (OM) Computers

Subject: Re: [OM] (OM) Computers
From: WayneS <olympus@xxxxxxxx>
Date: Tue, 25 Feb 2014 09:48:44 -0500
3 cents of a geek along the road of OSes.... and viruses, long time since last 
post

Win 7 (64-bit) is the new XP and pretty good. 64-bit with 16G+ of ram makes for 
happy photoshop. With that amount of ram and VMs, you can set up multiple 
systems on one box. If it gets messed up, just restore a snapshot. Of course 
for windoes VM OS you need licenses.

Win8: I installed Win 8 on a machine in order to build some hyper-V linux 
machines for hosting on our server at work. Other than Hyper V, I hate windows 
8 for desktop. Too bad hyper-V is not on windows 7. You could still run an 
older XP vm in a Hyper-V, I believe.

VM: VMware was on sale last year so I purchased that. They have a tool that can 
take a live XP machine and convert it into a VM. Of course the windows 
activation will get tripped, but mine reactivated fine. I have some compiler 
tools for older embedded devices I wanted to still run. I have not fully tested 
it, but in theory it should work for my needs. I tried to do the same with 
virtual box but was not successful.

Trojans: I downloaded the leaked virus source code, Zeus and Calbert, in order 
to analyze them. Interestingly they are more targeted at Win 7 than XP. So the 
virus writers are moving away from XP also. Exception being that many point of 
sale machines are still XP based, and will be for some time. Perhaps how Target 
got hit. There are a lot of XP machines still in service that will take a long 
time to replace. I wonder how may PoS machines do auto updates?

Java: Of all the XP machines that got infected at my house (a couple) were due 
to oracle Java running. Java and javascript are the most vulnerable to drive by 
malware on the web.

Hardware: On two of my newer machines, Win7, the MB did not have any COM ports, 
which I need for some embedded development (and Utilite). Embedded linux often 
requires a COM port for a console. So on both an Asus P8Z68-V and a P8Z77-V mb, 
I installed an older PCI serial COM port card. For some reason, on both boards, 
it destroyed the Realtek audio controllers. Be Carefully if you plug in older 
PCI stuff in newer MBs.

Linux: I have several Linux boxes and Linux VMs, but mostly as servers. I have 
not found any desktop version that does not have some problems doing what you 
want. X11 is a pain. I don't like the new Ubuntu Union. My linux preferences 
are Debian and Arch, and Xubuntu if I really want a desktop. Mostly I use 
desktop for network analysis tools like Wireshark. I've also spent some time 
setting up a home linux router firewall, and intend to install some intrusion 
detection. It is interesting to check what is getting hit on the firewall.

Firewall: No OS is invulnerable, and many firewall appliances are very hackable 
(see devttys0.com). My current hardware of choice for firewall is a Utilite for 
$219 (utilite-computer.com) which has two ethernet ports. I installed 
ArchLinuxArm for Utilite and Shorewall for firewall on it. Using shorewall, I 
can also download block lists from dshield.org or C&C block lists, like Zeus 
Tracker from abuse.ch... or I can block all of chinanet if I want... (of course 
after some fussing with linux scrips and IPsets and shorewall rules). 
Unfortunately, the newer P2P based trojans can get around even this.

IDS: So the next line of defense is something like Snort, intrusion detection, 
on the firewall. Proper snort rules can often catch 95+% of initial infections 
based on virus behavior, as the initial infection usually involves an initial 
download package. That certainly beats most anti-virus software.

Routers: Many home routers have uPnP enabled, which allows systems on your 
internal net to automatically open up ports on the firewall. Very handy for 
trojans. uPnP is not the same as PnP.

Agghhhh: The more I study and research this, the scarier it looks. The more 
modern trojans no long upset your system, but rather sit and hide in stealth 
mode. They want to remain undetected. Most modern viruses can easily get around 
signature based anti-virus.

Upgrade: As for upgrading to Win 7, I recommend it (64 bit) for the increased 
memory available for photo editing. As to increased security, I have not found 
Win 7 to be that much more secure than XP, other than Win 7 locks things down 
more in order to frustrate the user. It has only a little impact for viruses. 
Zeus and Calbert can easily get around UAC (user access control) for example. 
UAC just makes the user feel more secure. So the first thing I do when 
installing Win 7 is turn off UAC.

Whatever system you use, mac OS, Linux, Windows - security still mostly depends 
on the end user awareness. Who knows, check how much power your system is 
using, you might just be mining bitcoins for someone else.

Wayne S - just call me paranoid hacker
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz