Brainfoldb4u's Blog

Just another WordPress.com weblog

Archive for the ‘Hacking’ Category

Cross site scripting scenarios

Posted by brainfoldb4u on January 3, 2010

Web pages contain both text and HTML markup that is generated by the server and interpreted by the client browser. Web servers that generates static web pages have full control over client browser. But servers with dynamic pages do not have complete control over how their output is interpreted by the client. Question is, does the client side browser has enough information to recognize if the script is malicious or legitimate and take proper actions accordingly.

Many web servers generate web pages dynamically. For example, a search engine may do a database search and then build a web page that has the result of the search. Any server that creates web pages by inserting dynamic data into a template should check to make sure that the facts to be inserted does not contain any special characters (e.g., “<“). If the inserted data has special characters, the user’s web browser will mistake them for HTML markup. Because HTML markup can introduce programs, the browser could interpret some data values as HTML tags or script and not displaying them as text.

If a web browser is not performing checks for special characters in dynamically generated web pages, then in some cases an attacker can choose the data that the web server inserts into the generated page. The attacker can trick the user’s browser into running a program of the attacker’s choice. This program will execute in the browser’s security context for communicating with the legitimate web server, not the browser’s security context for communicating with the attacker. Thus, the program will execute in an inappropriate security context with inappropriate privileges.

Todays browsers are capable of interpreting and executing scripts — created in such scripting languages as JavaScript, JScript, VBScript — embedded in the Web-page downloads from the Web server. When an attacker introduces a malicious script to a dynamic form submitted by the user, a cross-site scripting (XSS) attack then occurs. An XSS attack leads to undesirable effects. For example, the attacker gains the ability to capture the session information, peer into private user details such as ID, passwords, credit card information, home address and telephone number, social security/tax IDs, and so on. If the targeted Web site doesn’t check for this type of malicious code, misuse of the user is probable.

Hackers take several steps to cut the risk of having the script identified as malicious, the attacker might encode it with a different encoding method, such as HEX. With this alteration, the Web site displays the malicious content on the page as if the displayed information is the valid content from the site. If the Web application doesn’t confirm the comments, all the attacker has to do is to coax the user to select the malicious hyperlink, after which the Web application collects confidential data from the user. This enables the attacker to capture the user’s session and steal the user’s credentials, redirect to a page on another Web site, and then insert code that can poison cookies, expose SSL connections, access restricted or private sites, or even trigger a number of such attacks.

To stop the XSS, we need to understand the venues that are more prone to XSS attacks. Most obvious venues are

  • Banking web page
  • Online forum and search boxes
  • Email messages with malicious links
  • Search engines
  • Setting up an account

Banking Web page

For example, let us consider an hacker who wants to gather information on a user of a example banking website, http://www.example.com. Attacker needs Login ID and password to enter into the web site, as all banking web sites contain secure login.  Hacker may try using both username and password as “test”. When the resulting error page comes back with a message that says that the user ID and password combination is wrong, the hacker finds himself in an ideal situation for inserting malicious code into the Web page. How?

He first enters the following into the ID text box: <script>alert('Test')</script>. Submits the form and then sees this JavaScript alert message: “TO BE DONE.” Now he knows that the site is prone to an XSS-style attack. attacker then might introduce malicious scripts  into the URL that redirects the submitted user information to hackedsite.com.This code basically passes the user ID and password information of any user logging into the Web site along to the Web site of the attacker. Now that the script to hack the user ID and password is ready, the attacker sends e-mails and posts with attractive offers to banking Web site users employing this link. Prompted by the attractive offers, users might click on the link and log on to the banking Web site. The malicious script introduced by the attacker is executed by the browser and the data is passed to the hacker’s Web site. The rest is a cakewalk for the hacker to log on to the banking Web site with the victim’s credentials.

This situation is most probable in couple of scenarios like when a web server does not take adequate steps to ensure that the properly encoded pages are generated. And when inputs are suitably validated.

Search Boxes and Online Forums

Search boxes and online forums are  most commonly attacked avenue. An attacker inserts malicious code between scripting tags that the Web page accepts and interprets, using FORM or APPLET tags, depending on the page used. Inserted malicious code can do all sorts of harm by stealing session information or cookies. Vulnerability of this sort is prevalent given that a Web designer needs to have knowledge of many languages and technologies like — CGI, JavaScript, ASP, Perl, even HTML tags  can be used as a delivery vehicle for such attacks.

Email messages with malicious links

An attacker can send an e-mail about a banking Web site to a user. Suppose the e-mail contains a link with a malicious script embedded into the URL. The user may be prompted to click on the link and log on to the Web site, whereby the attacker can seize the user’s log on information. The same is true on a dynamically generated page if a link has malicious code in it. Consider the example of a malicious URL that might be a part of the page. If the attacker has the application display a set of HTML, trouble may creep in. Both the IMG and IFRAME tags allow for a new URL to load when HTML is displayed.

Search engines

Search engines that echo the search keyword that was entered are also vulnerable to such attacks. This is because malicious code can be entered as a part of the keyword search input that is executed when the user submits the search. Dangers can include accessing undesirable or private regions of the Web site.

Setting up an account:

When a user submits a form during e-mail account setup or during submission of a form with data in it, the Web application might show the same information after accepting the information as entered. The input content entered can contain such malicious information that may be executed by the browser. This can lead to leaking of critical information from the session and might expose private avenues of the Web server.

XSS attack consequences: Stolen cookies

Cookie theft occurs when the cookie issued by the application is hijacked for malicious purposes by an attacker. By suitably inserting script code into the URL that invokes the portion of the site that uses cookies and is vulnerable, the attacker captures the cookies and can cause damage to content as well as mimic business functions and perform fake transactions.

What an end user can do to protect from XSS?

Below are the ways that a user can choose to cut the impact of XSS attack.

  • Disable scripting when it is not required.
  • Do not trust links to other sites on e-mail or message boards. They may contain malicious code with damaging potential.
  • Do not follow links from sites that lead to security-sensitive pages involving personal or business information unless you specifically trust them.
  • Access any site involving sensitive information directly through its address and not through any third-party sites.
  • Get a list of attacks and the sites and boards they happened on and be careful if you need to visit one of them.

    Posted in Hacking, Information Security, Penetration testing | Tagged: | Leave a Comment »

    Top data breaches of 2009

    Posted by brainfoldb4u on January 1, 2010

    Office of Inadequate security has revealed their latest list of top 10 breaches with reports suggesting the reason behind the decline in data breach report in comparison to last year. .

    2009, had  breaches ranged from small, regional breaches involving local businesses to national breaches involving credit and debit cards. There are also some mega-breaches with huge of people victimized. One such breach that victimized 130 million people in  2009 was

    Heartland Payment Systems:

    No  of Records or People Entity Date of Incident or Report Type of Incident 130,000,000                  
    Heartland Payment Systems 2009-01-20 Hack, Malware

    Visa and MasterCard were the first one to notice the suspicious activity and raised their warning for Heartland, N.J.-based payment system company. Turns out that Heartland was the target of one of the biggest cyber-fraud schemes ever, one allegedly carried out by a former Secret Service informant and Russian hackers. Also targeted were Hannaford Brothers, 7-Eleven and two unnamed national retailers. Almost three-dozen separate lawsuits on behalf of consumers, investors, banks and credit unions have been filed against Heartland.

    • For a complete list of breach report from Office of inadequate security, click here.
    • To know more about the reasons for decline in 2009 breach report, click  here
    • For detailed overview of top 10 damaging data breaches 2009 click here

    Posted in Hacking, Information Security, Privacy | Tagged: | Leave a Comment »

    Phishing

    Posted by brainfoldb4u on January 1, 2010

    Phishing:

    One of the hot topic of 2009 Information Security industry is phishing. According to a Truster’s  recently released report with the sample of 3 million users over the period of 3 months time, it is identified that 45% of the time, users were spoofed into a fake  log on page.  The report also claimed that  most of the discovered phishing sites are live and also has the capability to bypass anti-spam and anti-phishing protection if any present on the victims browser.  Banking along with online shopping cart users are the most targeted and affected among the phishing victims.Below graph from Phishtank shows phishing sites by country of host for Nov 2009.


    In phishing attack, hackers create an almost identical looking replica of a chosen banking or online shopping web site , then attempt to trick users to show personal information and log in credentials like user name, password, PIN number. Trapped user will fill the form thinking it as the legitimate website , exposing wide window of opportunity to hackers to misuse  victims sensitive information.

    Hackers uses various phishing techniques to victimize users to make them access their fake web page, one such method is by sending email that pretend to be from your debit or credit card company asking you to update your personal information. Being a look-alike of a legitimate website, recipient will click on the link in the email, they are directed to the fake website and where they are tricked to expose their information.

    To stay protected, below are some of the steps a user can take:

    • Check for digital signature, unless the email is digitally signed, email cannot be trusted to pass on the sensitive information.
    • Be aware of such fake emails, remember it is highly unlikely that your bank will ask your sensitive information by email.
    • When there is a need to fill in your log in details in a webpage look for https in your URL box. Also look for lock symbol on the lower right hand corner of the web browser. Double clicking the lock will enable your access to digital certificate. If you don’t see both https and secure lock do not give your information. Alternatively contact your bank by telephone.
    • Instead of clicking the link from your email message, try typing the URL into your web browser .
    • Mozilla’s current version 3.5 has good anti phishing functionality and using Mozilla Firefox may provide more advantage over phishing sites.
    • Make sure to update your web browser of choice with updated security patches.
    • Check your bank account regularly once making transaction, if you note any suspicious activities, report your bank immediately
    • Always report “phishing” or “spoofed” e-mails to the following groups:
    1. forward the email to reportphishing@antiphishing.org
    2. forward the email to the Federal Trade Commission atspam@uce.gov
    3. forward the email to the “abuse” email address at the company that is being spoofed (e.g. “spoof@ebay.com”)
    4. when forwarding spoofed messages, always include the entire original email with its original header information intact
    5. notify The Internet Crime Complaint Center of the FBI by filing a complaint on their website: www.ic3.gov/

    Phishing statistics for the month Dec 2009.

    Phishing statistics below are from 1st December 2009 records from phishing. While visiting the below mentioned websites make sure to verify the above mentioned tips and minimize the risk of getting victimized.

    Popular Targets

    Top 10 Identified Targets Valid Phishes
    1 PayPal 10,361
    2 Internal Revenue Service 870
    3 Tibia 784
    4 eBay, Inc. 458
    5 Facebook 439
    6 Bank of America Corporation 270
    7 JPMorgan Chase and Co. 202
    8 HSBC Group 201
    9 Google 146
    10 HSBC 121

    Phishing URLs

    In November, 278 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 4,980 (or 95%) used a domain name (i.e. http://example.com).

    Top 10 Domains (valid phishes)
    1 atspace.com (237)
    2 submissionradio.com.au (67)
    3 oksamyt-inter.com.ua (60)
    4 85studio.pl (50)
    5 sisek.net.ua (49)
    6 virtualbattlespace2.com (44)
    7 wilsden.com.au (40)
    8 110mb.com (39)
    9 aidastreasures.com (37)
    10 dezigner.ru (34)


    Posted in Browser Security, Hacking, Information Security | Tagged: | Leave a Comment »

    Spam trend

    Posted by brainfoldb4u on December 30, 2009

    With almost more than half of the emails being reported as unsolicited. Spam tops the list as one of the most bothersome internet irritations. And despite the evolution of spam filters, spam blockers and other anti spam softwares, the negative effects are still felt by people and businesses. It is estimated to have sent 14.5 billion spam messages per day.  According to a research conducted by Palo Alto, spam costs business around $20.5 billion annually and future predictions seems to be around $198 billion in next four years if spam continues to flourish at its current rate.  Figure below shows the spam by  country of origin (source: M86 Security)

    Spam Definition:

    In order to effectively combat spam we first need to know what spam is. According to definition , Spam is an anonymous(spoofed sender address to hide the real sender), unsolicited (users unwillingness to accept) bulk email (Sent in mass measure). IT is important to make it clear that the words ‘advertising’ and ‘commercial’are not used as perfect spam definitions.

    How spam works:

    Spammers use advanced programs and technologies in a dedicated way to generate and send spam in billions and billions of spam message every day. Spam overall life cycle is a five stage process, knowing about those stage may help in preparing to not to be a victim in future.

    Stage One: Gathering Information:

    First stage in spam cycle is in collecting information and creating a database of email address with different categories (geographical location, different accounts, personal entries, others).  Methods used to collecting email address include scanning public resources like forums, websites, chat rooms, who-is databases. Stealing databases from web services and ISPs,.

    Created databases address will then be verified by test mail. Testing is to make sure whether the users are reading the spam or not. Spam usually has images and if a message is opened then image will automatically be downloaded and logged in server and thus spammers will make sure that email address is valid.

    Stage 2: Choosing the delivery method

    Now its time to deliver the spam to mass users. They deliver in millions and more widely used are  following three methods. First is direct mailing from rented servers, this option proves no good to them as anti-spam organisations are monitoring mass mailing and black listing them. Second is to use proxies or open relays but this option is costly and also time-consuming as spammers need to search the internet for vulnerable servers and then the server has to be penetrated. Spammers can’t use the same proxy or relays for long as after a successful mailing, these servers will be detected and blacklisted.

    Third and most current trend is to create or buy bot networks. A botnet is a collection of computers, also known as zombies or robots, that can all be controlled remotely by one person. This control is achieved by installing malicious software on a PC via illicit means, such as a virus or email attachment.

    Step 3: Actual spam message

    Sending millions of messages within a limited time frame requires right technology and spammers are using specialized programs to be able to send mail via infected machines, create dynamic texts, dynamic images and so on..

    Basic and traditional way of sending spam is to include a random text string, words or invisible text with either beginning or end of the message body.  It is possible to embed an invisible test within an HTML message and send it to email address but current day spam filters are with inbuilt HTML encoders smart enough to flag those emails as spam.

    Some other means are by graphical spam (text in graphics format), dynamic text (same text in many ways. a smart ways to confuse anti spam filter program).

    Spam life cycle overall involves team of different specialists, professional programmers, virus writers and business mans. Each playing a part in spam cycle.

    Ways to prevent spam:

    There are certain measures along with using a spam filter or spam blocker that you can take to prevent this spam message to reach your inbox. Some of them are:

    1. Try having more than one email address. Use one for personal and confidential reasons and others for day-to-day use like subscription and other stuff which are not your primary concern.
    2. Try to hide your email address. Say if you have a website or forum and you need to use your email address, you can try using for example: brainfold dot security at Gmail DOTcom instead of brainfold.security@gmail.com
    3. Make sure your spam filter and your email services are on highest setting
    4. In public forums and chat messages or wherever you need to register, try having a username instead of email address. Use your secondary email address for this purposes.
    5. Never reply to or click on any links in a spam message. Before you get to click any link check details like sender name, domain address, message relevance. If any of these sound irrelevant to you try not to click the email link.
    6. Read your message as text, reading message as text other than HTML prevents you from accidentally clicking the email links which may include virus, ad-ware or spyware. (remember 80% of email flying are spam).
    7. If you are using Outlook you can preview your messages in a preview screen before actually opening them.
    8. View message header: Analyse the header information, pay attention to the FROM and REPLY TO addresses. If the reply to discuss is not same as from address then it may be a spam.
    9. Forwarded emails tend to list the email address of every one who has forwarded the message, along with the email address of every one its forwarded to. So it’s an easy target for spammers to get access to bulk of email address. Unless it is important to do so try not to use send email with bulk email address.

    IF you would to know more about spam-ware and ad-ware please follow the below references

    Conclusion:

    Spam market is growing exponentially with growing value of several hundred million dollars annually. Entire spam cycles are run by professionals in-house taking advantage of our  ignorance in protecting our own information.

    Though it is illegal to collect and misuse others personal information due to massive growth in technology it is not an easy task for government, law enforcement agencies or info sec professionals to protect every single data from prying eyes. So it is our responsibility to be conscious in protecting our personal informations. Money flowing in spam industry is good enough to keep the spam cycle  going and potentially enabling people to take more risk.

    If you would like any more topics to be discusses feel free to send me a comment. Thanks again for your time..

    Posted in Hacking, Information Security | Tagged: , | Leave a Comment »

    Fake Antivirus Software list nov 2009

    Posted by brainfoldb4u on December 28, 2009

    Now a days it has become more common for a computer users to receive  pop up from a legitimate website alerting them of a virus or trojans and offering anti-virus software to remove the virus, even though it is not. These pop us are actually created by skilled programmers turned hackers and cyber criminals for personal gain or just few extra bugs.These programs neither scan nor clean computers, and they are actually designed to persuade users that their computers are at risk and scare them into buying the “antivirus” product. They will insist us to install the solution they offer either for free or fewer bugs.

    These type of fake antivirus program are widespread and are mostly used by internet criminals. According to Kaspersky labs they have identified more than 20,000 samples in the first half of 2009.  Anti-virus company “Symantec” have claimed to found 250 varieties of scam security software with legitimate sounding names like Anti virus 2010 and SpywareGuard 2008, and about 43 million attempted downloads in one year but did not know how many of the attempted downloads succeeded”  [Source: Symantec]

    If we think how do these rouge programs end up on victim machines. Tailored Trojan horse can be used to download such rouge programs, or when a user visit a exploited website can perform a drive by download.  More often either by mistake or by enticement from cyber criminals this programs get into users computer. Criminals raising this software manages to hide the IP address of the page from which malware downloads and installs.

    Kaspersky Lab has recently identified a technique used for the dynamic download of rogue antivirus programs. Here’s an example: a script on ********.net/online-j49/yornt.html generated a redirect address, http://******.mainsfile.com.com/index.html?Ref=’+encodeURIComponent (document.referrer). The address generated depended on how the user arrived at the page containing the script (done with the help of document.referrer), or, in other words, which site the user had previously viewed. In this case the redirect led to http://easyincomeprotection.cn/installer_90001.exe, a page hosting a new rogue antivirus program, FraudTool.Win32.AntivirusPlus.kv.

    Once after downloading the program below are some symptoms and actions made to threaten the users

    • IF your computer is infected you will probably receive high number of fake warning alerts with increased pop-ups and hijack of your homepage. You can see your computer being usually slow compensating the performance.
    • Sometimes, to make it more convincing, a fake infected file will be installed on the computer together with the rouge antivirus and later the same fake infected file will be detected during the scanning.
    • Then the software will provide us with a recommendation to clean the virus (though you may not have one) in your computer for some money in return to their solution.
    • If user by any chance click the “remove virus” button then a new window will open asking them to purchase their fake product. If you made a choice to buy that software, different payment method like paypal, Amex, Visa  and bank accounts will be shown as if they were legitimate.

    Some basic steps that users can take to prevent from more problem are

    • Rouge antivirus infection will not damage users machine, they are used by cyber criminals to make money from inexperienced users.
    • To not to get trapped, Google the antivirus name that comes up and check whether the name has an official site, technical support or phone support.
    • Beware that legitimate anti-virus companies (both commercial and open source) will not scan your computer for money. Never click the button “install”if you don’t know what the pop up says.

    If you choose to get rid of the problem by yourself here are some basic steps  to identify the anti-virus and delete them. Uninstall the suspected anti-virus program using Add/Remove utility in the control panel. After removing the utility, restart your computer in safer mode. Then launch Microsoft security essential or firewall vendor of your choice to run a scan against system files and folders to remove the suspected applications. At situations you may need to remove it manually. Make sure to back up your important files. Press Ctrl + Alt + Del to bring up the task manager. Click on the fake anti-virus image name and choose to stop it from running. Go to Start, Run. Type regedit to start the Registry Editor, where you will drop the entries for WinAntiVirus. Browse to the Hkey_Local_Machine\Software folder from the My Computer folder and delete the series of Registry entries that are described under the fake anti-virus thread. Google and try to get as many as information about that virus and try to manually delete it from your windows folder, but make sure to stop the file processes in the task manager before you actually delete them.

    PC Manufactures solution:

    To protect your computer, try installing and running an up-to-date anti-virus product such as Microsoft Security Essentials, from microsoft ( look at my earlier article on Microsoft free Anti virus software), MSE provides real time protection against virus, trojan, spyware and adwares. Another option is to run a virus scan with the Windows Live OneCare safety scanner.  Microsoft’s Windows  defender can also be used to remove spyware and other potentially unwanted software from your computer.

    Latest list of Rouge Antivirus softwares from Microsoft

    Microsoft have released a list of significant threat that AV rogues had posed for our users this year.  Besides the prevalent rogues covered by the MSRT, the following is a longer list of AV rogues detected by Microsoft AV products such as Microsoft Security Essentials, Forefront Client Security, etc.

    FakeXPA Winfixer FakeSmoke SpywareSecure
    FakePowav FakeScanti Spyguarder IEDefender
    MalwareBurn Cleanator AntivirusGold MalWarrior
    UnSpyPc MalwareCrush SystemGuard2009 Malwareprotector
    DriveCleaner PrivacyChampion WorldAntiSpy SpywareSoftStop
    DocrorTrojan SystemLiveProtect Yektel AntiSpyZone




    Antivirus2008 Winwebsec FakeSecSen FakeRean
    PrivacyCenter FakeRemoc VirusRemover Antivirus2009
    SpyLocked SpywareStormer Privacywarrior AntiSpywareDeluxe
    Trojanguarder SecurityiGuard PrivacyProtector Searchanddestroy
    MyBetterPC DoctorCleaner SpyBlast AlfaCleaner
    NeoSpace UniGray FakeFreeAV WebSpyShield




    InternetAntivirus WinSpywareProtect FakeSpypro AntiSpywareExpert
    Antivirusxp Fakerednefed FakeCog VirusRanger
    ErrorGuard Antispyware2008 AntiVirGear SpyDawn
    SpyCrush EZCatch VaccineProgram UltimateFixer
    Fakeav EvidenceEraser TrustCleaner WinHound
    Spyaway Vaccine2008 SearchSpy Spyshield




    SpySheriff FakeVimes FakeIA AdvancedCleaner
    Antispycheck PCSave AntispyStorm FakePccleaner
    SpywareIsolator PSGuard Antivirustrojan SpywareQuake
    SpyFalcon SpywareStrike XDef WareOut
    PrivacyRedeemer Nothingvirus AntiSpywareSoldier Kazaap
    VirusConst AVClean AdsAlert SystemDefender




    FakeSpyguard Fakeinit SpyAxe
    SpyHeal AntiVirusPro Awola
    VirusBurst CodeClean MyNetProtector
    VirusRescue Spybouncer FakeWSC
    TitanShield MalwareWar DoctorAntivirus
    Easyspywarecleaner VirusHeat UltimateDefender

    Source: Microsoft fake security Anti virus run up


    This list from Microsoft has  new and recent rogues such as FakeXPA, FakeSecSen and FakeRean. It also contains some older rouges that are dated since 4 years such as Winfixer and SpySheriff.

    Conclusion:

    Unfortunately this programs are getting more common. Microsoft encourages PC users run a complete up to date Antivirus products such as Microsoft Security Essentials to protect their computers from these rogues.  Don’t believe any pop-ups other than Google search on your own. Awareness of the threat is very important. Have a look at some of these threats, get familiar with some of the names, screen shots and pass on the word to your friends and families.

    Posted in Information Security, Virus | Tagged: | Leave a Comment »

    Browser Security 2

    Posted by brainfoldb4u on December 27, 2009

    In my last review i have posted some basics in choosing the right web browser for use. But web security threats are more than just choosing the right browser, so in here we will see the next step in safe browsing. Current day threats are very dangerous, simple mistakes like as one visit to malware site or clicking a loaded shareware to install can affect your computer performance and usage.  Some of the consequences are like annoying pop-up screens with advertisements, your browsers home page will be changed, default search engine will be altered. Some time the intruders who hacked your computer will blackmail you for money or personal gain  or even worse of stealing your money from bank account could happen. Having  an antivirus installed is not enough with the amount of virus and spyware it is very hard for firewall vendors to keep in time. Ofcorse, there are few free firewall vendors like PC tool, Avast, Avira, Comodo internet security, Online Armour to provide free version of their internet security tools suites,  anti-spyware tool and firewalls  to ed. But it is necessary  to learn different approach to overcome these threats.

    Sanboxing:

    In computer security world, sandboing is a mechanism used to separate running programs. Using it for tasks like executing untested code, running untrusted programs from unverified third parties and untrusted users. Given that open source and distributed computing getting more popular, sandbox concept will be very useful mode of protection from unwanted hacking. Sand box typically provides tight control over the untrusted program even if anything goes wrong the impact will not affecting your computer or its resources.

    To get a sand boxed environment we can use a free program called Sandboxie which is available for windows OS later than Win 2000. Downloading this piece of software creates a sandbox like environment on your PC. Startup is just like normal other browser other than the inconvenient nag screen that pops until the application opens.  Browsing inside Sandboxie gives you greatest protection by isolating the browser from portions like your OS, hard drive, memory locations, altering registries, OS sessions. So what ever browsing or downloading you do will be within the box and will not affect your PC. Upon downloading and saving a file, Sandboxing comes with an option asking whether to save it permanently or not. Better option will be to add your default downloads folder to the Quick recovery settings so all files saved there will automatically saved in your hard drive which avoids you manually copying the files into real hard drive.

    Say for instance if you have downloaded a virus or Trojan by mistake, you close the browser and right-click to delete all its files and processes by doing so will get your PC back to normal state as it was before starting the session. Latest version comes with advanced option like in-depth defense, blocking access to your personal files, allowing us to choose what program to run and not. Some other advanced features also helps us protecting from Key-loggers. Overall it protects us from viruses, Trojan software, ad-ware, spyware and other malware that could infect your PC from web (internet).

    Online Armour:

    To Make browsing more safer there is another option available from a company called Online Armor and they give us free firewall protection as well us an option called “Run Safer“.  Run Saver works with privileges. All files, process and programs running in OS will have at-least two level of permission one with read only access and second as full access ( read, write, change). Users with admin login credentials will typically bound to have full access and users with normal login credentials will  have low-level access so that they cannot make any harm. Typical home users will use his admin log on for all day-to-day tasks he do in his/her machine as it convenient. But it is not safer to do so- if a dangerous program happen to get into your computer it will be also convenient for the virus/trojan/malware to crash or take control of your computer.

    Online Armor’s run safer option helps protect against this by automatically “stepping down the rights” that your web browser or any other program you run has to a limited user. You may claim any one can do this but the tool does it with transparency. This way you can make your web browsing  more safer.

    PC Tool Firewall +

    PC tool Firewall plus a very useful personal firewall that provides Host based intrusion Prevention system (HIPS) through enhanced security mechanism. It relies on list of programs and attempts check for valid digital signatures and alerts the users if it identifies any possible malicious behavior. It gives us protection as its commercial equivalent does in regards with performance. Simple installation and very user friendly in its default settings and produce fewer popups for common tasks. Some key highlights are

    • Hides your PC from Internet hackers.
    • Fine-grained control over inbound and outbound traffic.
    • Easy to use. Designed for both novice and expert users.
    • No interruptions when playing full-screen games.
    • Optional password protection for rules and settings.
    • Best of all it’s FREE. No catches, limitations or time-limits.

    Additional features include “full screen mode, mode to suppress all alerts, password protection, automatic updates. For detailed list of its more features click here . So over all its a free good firewall option for home users. Paid version gives enhanced features for 49 dollars which is relatively cheaper than its costly counterparts.

    PC Tool’s Spyware Doctor:

    PC tool’s Spyware doctor with antivirus which is again an awesome tool to keep you away from infections. This is more corrective measure while earlier discussed options were more preventive methods. I own McAfee paid version installed in my computer but when my computer slows with adware and spyware infections its spyware doctor who rescued my brainfold (my PC). It’s full scan almost detects and destroys all unwanted virus, Trojans, ad-wares and spyware in its best and quick possible way.  I will strongly recommend you to try installing the spyware doctor from PC tool, compare the scan with your paid protection and find the difference yourself.

    Conclusion: In this post i discussed some intermediate level techniques in keeping home computer safer from exploits (attacks). Our first option is to have a sand box software installed and if you are not sure about what you are downloading try downloading it with sand box browser. Second option is also preventive option by turning safer run option ON (Online Armour) which avoid any harm to our computer by maintaining least privilege. PC tools firewall and spyware doctor are preventive and corrective measures respectively to combat from virus, Trojans, Ad-ware and Spyware infections. I hope this post is informative for home users .  Thank you again for your time if you need any further clarification or assistance in selecting any above mentioned methods please comment i will get back to you.

    Posted in Browser Security, Hacking, Information Security, Open Source, Uncategorized | Tagged: , , | Leave a Comment »