[RandomlyKnighted]

Reading the malware topic in the Corner Cubicle I got to thinking about the viruses that I have been removing from peoples computers lately. Most of them attack the DLL files in the System32 folder. Would encrypting the System32 folder keep viruses from spreading in the folder? I mean most people don't make a virus expecting the folder to be encrypted. So it wouldn't be able to actually destroy the files right??

[Atli]

How do you propose to do that? As I understand it, most of the files in there are important system files (hence them being targeted so much) that are in constant use by the OS, some even required for the OS to boot. Encrypting them may well put a good dent in your system performance, or it could even just kill it altogether.

Would be interesting to try that on a VirtualBox setup though, just to see what happens
(How did you plan to encrypt it, by the way?)



Dealing with viruses is pretty easy, to be honest. All it takes, really, is:
- A decent anti-virus. (Easy. Event the free stuff like Avast is enough for most.)
- Some common sense in what you click on while browsing (surprisingly difficult for a lot of people),
- And not using Internet Explorer (seems easy, but it just... won't... die!)
- Or Safari for Windows (Safari on Mac... sure, but the Windows version is a practically an invitation to get hacked).

If you can manage it, avoiding Flash Player and Adobe Reader is probably good to (or at the very least using a FlashBlock addon), but that may be to much to expect from most people

This post has been edited by Atli: 08 March 2011 - 06:13 PM

[RandomlyKnighted]

Atli, on 08 March 2011 - 07:12 PM, said:

How do you propose to do that? As I understand it, most of the files in there are important system files (hence them being targeted so much) that are in constant use by the OS, some even required for the OS to boot. Encrypting them may well put a good dent in your system performance, or it could even just kill it altogether.

Would be interesting to try that on a VirtualBox setup though, just to see what happens
(How did you plan to encrypt it, by the way?)

I would be glad to try it! I love trying out stuff like this. It's a great learning experience and hopefully you can learn something new about it that would help you in the future. I'm fixing to try it out on VirtualBox. I'll let ya know what happens.

Quote

Dealing with viruses is pretty easy, to be honest. All it takes, really, is:
- A decent anti-virus. (Easy. Event the free stuff like Avast is enough for most.)
- Some common sense in what you click on while browsing (surprisingly difficult for a lot of people),
- And not using Internet Explorer (seems easy, but it just... won't... die!)
- Or Safari for Windows (Safari on Mac... sure, but the Windows version is a practically an invitation to get hacked).

If you can manage it, avoiding Flash Player and Adobe Reader is probably good to (or at the very least using a FlashBlock addon), but that may be to much to expect from most people

Personally, I use Malwarebytes on my Windows computers. When cleaning computers I use ComboFix, Malwarebytes, and SUPERAntiSpyware. Of course SUPERAntiSpyware usually only gets rid of the small things.

This post has been edited by RandomlyKnighted: 08 March 2011 - 06:21 PM

[no2pencil]

If the system32 dlls are encrypted, then to use them they would need to be decrypted. That would slow down processing.

2ndly, when a Virus then attacked an encrypted dll, the system would fail when trying to use the new injected or replaced dll, as it would no longer function correctly.

[AdamSpeight2008]

Hasn't something like this feature already been implemented in the 64 bit versions of the Windows OS?

Windows File Protection System
htWindows Resource Protection

This post has been edited by AdamSpeight2008: 08 March 2011 - 08:16 PM

[RandomlyKnighted]

So what if you kept the System32 folder from being changed? If you implemented a way to protect the folder for example it locks the folder and keeps the main files from being changed or replaced.

The reason I say this is because to my knowledge they don't change the Kernel32.dll and similar files when they come out with a new service pack. So it shouldn't matter if the files were locked. Again like I said this is only to my current knowledge.

I plan to keep researching this. I'm really interested in stuff like this.

Also, as we speak I am encrypting the System32 folder in a Windows XP VM on VirtualBox. I'm using a program I found on SourceForge called Cryptology. I just thought it'd be neat to try it out. I wouldn't pass something like this up.

This post has been edited by RandomlyKnighted: 08 March 2011 - 08:49 PM

[RandomlyKnighted]

AdamSpeight2008, on 08 March 2011 - 10:07 PM, said:

Hasn't something like this feature already been implemented in the 64 bit versions of the Windows OS?

Windows File Protection System
htWindows Resource Protection

Update:

@AdamSpeight2008,Good call. I installed a copy of Windows XP Professional SP3 on VMware Workstation. I then encrypted the System32 folder. The system never crashed, because the Windows File Protection kicked in just like it should. It recreated all the files inside of the System32 folder. So now when I go to the System32 folder it has all the files there plus the encrypted files.

So I now know that encryption will not work for the System32 folder. But what about locking the folder just so that nothing can be replaced, deleted, or altered? For example if you lock the folder when you first install Windows then nothing not even a virus could change the folder. Would this work?

EDIT: Fixed my tags.

This post has been edited by RandomlyKnighted: 16 March 2011 - 05:45 PM

[garrywhays]

The fact that once you are online and feel safe and secure from hackers and any kind of malware attack is not 100% correct. But still it is also not guaranteed. They only way out is get protected your PC through paid and good antivirus software and have a strong firewall protection. And the last thing is never click a unknown or suspicious link or neither download such type of software without some proper and secure guidelines.

[RandomlyKnighted]

garrywhays, on 22 March 2011 - 10:46 AM, said:

The fact that once you are online and feel safe and secure from hackers and any kind of malware attack is not 100% correct. But still it is also not guaranteed. They only way out is get protected your PC through paid and good antivirus software and have a strong firewall protection. And the last thing is never click a unknown or suspicious link or neither download such type of software without some proper and secure guidelines.

Even a good antivirus program isn't perfect. At the moment, there is no perfect way to prevent yourself.

You'd think that Microsoft would have fixed a security hole this big by now. I mean there's what only 700 or so viruses for Linux and less than 10 for Mac OS X. If they can do then why can't Microsoft?

[xTorvos]

Windows Vista and Windows 7 use User Access Control in order to mediate this. You know those "silly" pop-ups that happen every time you try to install a program? The purpose of those pop-ups is to warn you that this program could cause harm to your computer.

When you give a program permission to run, you are giving it all the powers that your current user has. This means that if you are logged on as an administrator, all the programs you run have the same privileges as an administrator.

As far as the whole "Macs and *nix don't get viruses" argument, well, it's hog-wash. Windows has around 90% of the market share. Why would malware writers waste time targeting Macs and *nix when they barely make up 10% put together?

Trust me, Mac and *nix have plenty of bugs/vulnerabilities/problems. It's just that less people try to exploit them because there are so few of them comparatively.

[modi123_1]

Not to mention it is significantly easier to control malicious behavior when you own the whole vertical pipe of your business. Mac OS only run on specific hardware requirements. Windows works to run on as much or as random of a configuration that you can pull up.

Two different business models.

[AdamSpeight2008]

The also DEP
and ASLR

[RandomlyKnighted]

AdamSpeight2008, on 22 March 2011 - 01:14 PM, said:

The also DEP
and ASLR

Thanks! This is really helping me out!!

By the way, now that this has gone from malware prevention to talking about operating systems in general and their strenghts and weaknesses does this topic still below here or does it below in the Corner Cubicle?

[Atli]

xTorvos said:

Windows Vista and Windows 7 use User Access Control in order to mediate this. You know those "silly" pop-ups that happen every time you try to install a program? The purpose of those pop-ups is to warn you that this program could cause harm to your computer.

Yea, it's kind of funny how late Microsoft picked up on that little trick... like 20 years after Unix GUIs started doing that
Well, better late than never, I suppose. Windows 7 user mechanics certainly are a big step up from XP.

And then there are also a few other tricks Windows 7 introduced that help with security. Got to give them credit for that too. (Don't ask me what they are. Can't remember all those acronyms xD)
Edit: Seems AdamSpeight2008 does though!

xTorvos said:

Trust me, Mac and *nix have plenty of bugs/vulnerabilities/problems. It's just that less people try to exploit them because there are so few of them comparatively.

Linux is fairly hardened against security vulnerabilities, being such a popular server platform. Desktop Linux users don't really need to worry about viruses much, but a wast majority of internet servers are run on Unix based systems, which makes them a huge target.

The biggest concern, really, would be Mac OS X computers. Apple has never had to deal with a lot of security problems (relatively speaking). Just take the Windows version of Safari, and the initial iPhone security problems for examples. Disasters, both of them. (The iPhone security, at least, has improved somewhat though.)

This post has been edited by Atli: 22 March 2011 - 11:19 AM

[TMKCodes]

xTorvos, on 22 March 2011 - 10:48 AM, said:

Windows Vista and Windows 7 use User Access Control in order to mediate this. You know those "silly" pop-ups that happen every time you try to install a program? The purpose of those pop-ups is to warn you that this program could cause harm to your computer.

When you give a program permission to run, you are giving it all the powers that your current user has. This means that if you are logged on as an administrator, all the programs you run have the same privileges as an administrator.

As far as the whole "Macs and *nix don't get viruses" argument, well, it's hog-wash. Windows has around 90% of the market share. Why would malware writers waste time targeting Macs and *nix when they barely make up 10% put together?

Trust me, Mac and *nix have plenty of bugs/vulnerabilities/problems. It's just that less people try to exploit them because there are so few of them comparatively.

You are right but wrong. Crackers could easily start writing viruses to destroy the linux server market share which is where linux is, but the way linux is handled does alter us linux users to many viruses, because we use the package repositories where is all the software we need under constant watch so it's quite hard to get virus from there unless the package maintainer is on the virus maker loop. Linux applications do not get root access so they can pretty much only delete our home folders or fork bomb us. Yes linux does have bugs/vulnerabilities/problems but they are constantly fixed when found.

This post has been edited by TMKCodes: 22 March 2011 - 11:20 AM