IntroductionWith the release of Vista, many home users are certainly wondering if the migration from XP to Vista is absolutely necessary.As claims the VOX POPULI : "Vista is an evolution, not a revolution".Hardening the system makes XP as secure as Vista.Since the hardware works fine,...
The greater part of these products have already been linked in the previous article.Therefore, only products that have not been listed yet are linked.As it often changes (freewares become paid), only paid softwares with or without a free limited versions are notified (P/FLV).When a product is...
Intrusion detection is a large subject, and concerns mostly organizations.It's also important to note that IDS are supplanted by IPS/NIPS.Therefore we'll focus here only on IDS available for home users and Windows systems.First of all, the user must consider the need or not of an IDS on his...
I've quite finished the methodology.I've decided to choose a real-life infection approach; and consequently, it means more time for searching malwares and less time for blogging...In the first part of the methodology, the self-protection is tested (process, service and driver) with other malware...
I'm looking for volunteers for testing HIPS white list such as DefenseWall, GesWall, AntiExecutable and PrevX (as Zorro PC Protector is in french language only, then i've choosed it for the test). The volunteers (2 per product is enough) must:-have an experience of this kind of...
Other similar productsThese products monitors some system's area like the registry in order to detect malwares behaviours.They're not integrated (for most of them) at the core of the system (kernel) and then do not operate at a low level: except for specialized registry products (RegRun,...
AN OVERVIEW OF PERSONAL DESKTOP/HOST INTRUSION PREVENTION SYSTEMS We have seen previously that a line defense with only a firewall and an antivirus is not enough in consideration of the evolution of threats.Products are available to palliate scanners weaknesses and to combat malwares by their...
In this first article we’ll just show that the couple scanner
(antivirus/antitrojan/antispyware) + Firewall is not sufficient to mitigate security
risks for home users.
Then we'll review and list available Desktop/Host Intrusion Prevention Systems designed for...
In a previous article, we've reviewed some free integrity checkers.On this article, we'll focus in advanced ones (paid for most of them).Integrity checking for change detection is an important feature for security softwares, especially in intrusion detection1.That's why this option is mostly...
AbuseShield" Globesoft AbuseShield" is a comprehensive tool for monitoring and controlling your desktop or server environments so that only the software you specify can run.AbuseShield also monitor file system activities.This means that even if you, by misstake, allow a mallicious...
FAQ pour l'exploit WMF (récent)
Cette page est une simple traduction de la faq originale (ISC.SANS.org).
D'autres traductions de cette faq sont disponibles dans d'autres langues.
*Pourquoi cette faille est si importante?
La vulnérabilité WMF...
ROOTKITS PREVENTION MEASURES:
The more interesting method for avoiding rootkits or mitigating risks of infection is to apply prevention measures.
Most of these methods requires to use only Windows as the first line defense.
***HARDEN WINDOWS:
This step is very...
If we consider the IDS mantra ( "that which cannot be detected should be prevented; that which cannot be prevented should be detected."), prevention and detection countermeasures must be applied.
A rootkit, much more than most other malwares, is a sign of intrusion.
And...
WINDOWS ROOTKIT DETECTION PART 2: ***Microsoft Tools: -Micosoft Removal Tool: It scans the system for the most prevalent malawares. HackerDefender is the only rootkit included on its database. If MRT detects easily the rootkit, the removal is not done radically (only service registry keys...
Registry Tracking with RegMon: 2712 56.77157974 hxdef100.exe:448 OpenKey HKLMSoftwareMicrosoftWindows NTCurrentVersionImage File Execution Optionshxdef100.exe NOT FOUND ...
HackerDefender is the rootkit that which is the most used in the wild. It was included in the threats list of the Microsoft Removal tool this year. HackerDefender or HxDef is the favourite rootkit of Script-Kiddies for many reasons: -light (199 ko for the zip, 315 ko for all the package);...
PRESENTATION: In this article, we'll try to provide free prevention and detection measures against the most common Windows rootkits. Currently, many effective free and paid anti-rootkits security softwares are available on the market, even if Windows is armoured to fight them. In the first...
All-SEEING Eye All -Seeing Eye is another Desktop Intrusion Prevention System designed to monitor several system's areas : -processes,-loading dlls,-services/drivers,-Browser Helper Objects (BHO),-ActiveX,-HostFile,-Winsock LSP,-registry keys,-files and folders...There is a free version...
*Manage User Accounts and Apply policy restrictions.*Windows Rootkits Free Countermeasures:-Introduction to Rootkits,-HackerDefender in action,-Free Countermeasures.*HIPS test: 2 products.*An overview of HIPS based on white list.*Limitations of Scanners in general and Antivirus in particular.
Sometimes an user can need to see what changes have been made by a software installation or to monitor some files and folders for suspect activity prevention.In this case, files monitoring softwares are very helpful.L'utilisateur a parfois besoin de savoir quels changements ont...
Closing critical ports/Fermer les ports critiques Disclaimer: Close only ports that which are not necessary in your configuration. For a single computer only used to surf (no Messenger and so on), only port 80 is required. Avertissement: Fermez uniquement les ports inutiles à...
Windows comes with unnecessary services which require to be configured properly to gain memory resources and to increase the security level. The configuration depends on each environment, that's why we can't define recommended rules for any user: it must be done case-by-case. There is many...
Here we're only interested in Integrity verification tools, not in more advanced integrity host protection.Ici nous ne nous intéresserons qu'aux utilitaires de vérification d'intégrité, non aux systèmes plus évolués de protection par...
PODIUM
ProcessGuard (PG) VS System Safety Monitor (SSM) VS Viguard
NB. the secure mode (administrator for SSM, "blocking new and changed applications" for PG) is not enabled.
Viguard with critical files protection (Windows\System32, INI etc).
***Rootkit...
We sometimes need to delete some files that are very hard to delete because they're in used or protected.
It's often the case for infections by virus and others malwares or for an incomplete unistallation.
These utilities are very helful in this case.
Il nous est parfois...
SoftClan Integrity 2005
SoftClan Integrity is a spanish product available since 2000.
The old version is always available in english version but only concerns Windows 95/98/ME.
SoftClan Integrity 2005 protects the integrity of the system and also any data.
...
ANTIHOOK V 2.5
AntiHook V2.5
This update only concerns changed results: others ones remain the same.
***Registry test:
-with Regtest 1: AntiHook is the winner.
-with Scoundrel Simulator: AntiHook detects the startup...
OSsurance Desktop
"OSsurance Desktop Technology involves Executable Authentication Management which authenticates system calls against a trusted list of files and executables".
OSsurance Desktop from the canadian security firm OSSecurity is...
...
ProcessGuard.
ProcessGuard is an australian product from DiamondCS, a small business but dynamic enterprise specialized on security softwares for home users.
"ProcessGuard was created out of the need for a solution to be found for a very big problem that has...
SafePCSafePC is an asian product (from Singapore) which can help the user to manage and control applications and activities on his System.SafePC has also the ability...
PREVX PROPrevx is considered by its authors as an Intrusion Prevention System.This ambitious product targets all kinds of threats...
ANTIHOOKAntiHook is another Desktop Intrusion/prevention System which can help the user to control normal applications and to detect suspicious ones.AntiHook targets principally spywares...
HARDENING WINDOWS HOST Part 1: Hardening the TCP/IP Stack
By default, all Windows systems come with a defenceless TCP/IP stack.
It's suited to harden it against network attacks like Syn flood (a kind of DOS).
Par défaut, les systèmes Windows sont...
System Safety MonitorSystem Safety Monitor is another russian product which...
safensec:SAFE'N'SEC is a new product which permit an efficiency activity control.Each call to the registry made by an application is monitored and...
ABSTRACT
A classical defense with anti/virus/trojans/spywares has shown some limits against advanced threats like worms, network backdoors or rootkits.
The security of computers has to evolve in an innovative and more efficient way.
Among many scanners...
SecuriTask2005Securitask 2005 is a french product which is considered as a firewall application by its authors.This software prevent unwanted process from running on the system.Securitask2005 has also the ability...
About Alternate Data Streams and NTFS files:
-Wikipedia (2007)
-The Dark Side of NTFS.
-Alternate Data Streams.
-Little "ADS in NTFS " Faq.
-Microsoft (2007) -NTFS Alternate Streams: what, when and how to (2007)
-Usual Questions
-Analisys of Hidden data in the NTFS...
-Botnets: who really "owns" your computers?-Hackers plot to create massive botnet-Device drivers filled with flaws, threaten security-Phishing alert: multiple french banks-Le phishing s'attaque aux banques françaises.-The future of Mozilla...