Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Honey, my laptop is acting funny again SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Honey, my laptop is acting funny again
Check out BlueCoat's K9 Web Protection as an extra layer. I've used it with great results.
Anonymous
DansGuardian + ClamAv via a Cisco ASA 5505 using WCCP works quite nicely(and is technically "unbypassable" for the kids), this is what I do at home. ASA's are still a bit pricey but you could probably grab a PIX 501 for a decent price...
e.b.

17 Posts
I'm running WinSnort on a cheap laptop. Works great.
Syd

3 Posts
While I have seen a lot of valid responses I haven't heard anyone mention cookies. We are a complete Window($) home and do not have this issue much. Maybe once or twice a year. I do all the security measures AV, patches, etc.

But I also teach my family to NOT accept cookies. The only time I accept them are for sites that require it for checkout or login. And those are sites I know are not malicious. If I have to have a cookie to view your site, I'm not viewing.

Now just because the site isn't rogue doesn't mean the advertisers aren't. That is why I have it set to prompt me for cookies. Some people find this annoying, I find the blatant use of millions of cookies annoying. Set your cookies to prompt and you'll see what I mean. What are they for? Why do I have to have one? Does EVERYBODY have to have a cookie on my system?

Sorry went off on a tangent there. Basically don't accept cookies except for known sites and none of its advertisers and you will see a dramatic drop in malware. This doesn't apply if your using some kind of P2P software, your on your own with that type of security nightmare.
Syd
1 Posts
It still applies if you use P2P software, qualify your claim if you can, I really don't think it's a security nightmare... just hits a port and does its thing really. No cookies either which you'll like. Many applications now use P2P to download their binaries etc and its pretty harmless to be fair. I agree though people shouldn't store cookies on your PC unless they have good reason.
Syd
1 Posts
If you get sufficiently motivated, one thing you can use is Software Restriction Policies, and disallow executing *anything* out of the user's account profile directory, or other areas they can write to. (Or rather, only allow exec out of trusted, ACL'ed locations.) This is akin to the Unix technique of mounting /home and /tmp with "noexec". As usual with Windows and security, compatibility problems abound. In particular, this means that user-created shortcuts (desktop and Start Menu) won't work anymore.
Syd
6 Posts

Sign Up for Free or Log In to start participating in the conversation!