Newfangled rootkits survive hard disk wiping

Discussion in 'Security Software' started by BoaterDave, Apr 1, 2009.

  1. BoaterDave

    BoaterDave Guest

    This article http://www.theregister.co.uk/2009/03/24/persistent_bios_rootkits/
    refers to "unfettered root access"

    Perhaps a silly question - if one connects to another server
    deliberately for the purpose of sending and receiving messages in a
    newsgroup (thus making a hole in one's defences?) might this be
    giving "unfettered root access" if one is operating with
    Administrator privileges?

    Always wondering!
     
    BoaterDave, Apr 1, 2009
    #1
    1. Advertisements

  2. When a legitimate path is made, I wouldn't call it a hole in one
    defenses.
    This is why you should *not* be running with administrative privileges
    unless you are doing administrative tasks.
     
    FromTheRafters, Apr 1, 2009
    #2
    1. Advertisements

  3. BoaterDave

    BoaterDave Guest

    Just to be clear about this, FTR - if I connect to the newsgroups at
    annexcafe.com (a private server) using Outlook Express, or any another
    Newreader, have I a created a 'way in' to my computer in spite of
    having a NAT router between me and the Internet?
    So, again to be clear, is your answer "yes"?

    I value your opinions, FTR - thank you for posting in reply to my
    queries. :)

    FYI - I started responding to you using Thunderbird but an error
    message from Thunderbird appeared before I had completed all I had to
    say. The only way out was to force the programme to quit, thus losing
    all I had written. It has happened before. It's as if someone is
    reviewing my message as I write it to decide if I should or should not
    be allowed to send it. That could never be the case ........ could it?
    *This* message is being sent through Google groups using the Internet
    rather than from a newsreader - that's why I use BoaterDave when
    posting from Google Groups and ~BD~ when using a newsreader - it helps
    me to remember from whence I actually posted!
     
    BoaterDave, Apr 1, 2009
    #3
  4. BoaterDave

    ~BD~ Guest

    Thanks for the advice, Tim. :)

    Auto-save was set to the default of 5 mins - I've reduced it to 2 mins.

    The drop-down 'error' message was something like "this message cannot be
    saved in you Drafts folder" - but wouldn't let me cancel *or* continue.
    i.e. not crashed exactly - but stuffed!
     
    ~BD~, Apr 1, 2009
    #4
  5. BoaterDave

    Unruh Guest

    A NAT router is not very much of a protection. You should also have a
    firewall on your computer or on your router.


    Yes, it might be. Anything you download and which runs runs as
    administrator and can thus do anything. Now usually news is not that that
    dangerous-- it tends not to run things. But if there is a bug in your
    newsreader, all bets are off. It is called defence in depth. You do not
    rely on just one thing to defend you.

    Who knows. Yes, you could be running a rogue version of Thunderbird.
     
    Unruh, Apr 1, 2009
    #5
  6. BoaterDave

    Ari® Guest

    Yes.
     
    Ari®, Apr 1, 2009
    #6
  7. BoaterDave

    Ari® Guest

    So never turning your computer on won't work?
     
    Ari®, Apr 1, 2009
    #7
  8. BoaterDave

    Unruh Guest

    Nope. Because your wife comes in one morning and says, what is this
    computer doing here switched off. I can use it, and switches it on.
     
    Unruh, Apr 1, 2009
    #8
  9. BoaterDave

    ~BD~ Guest

    Thank you, Ari :)

    Ever been there? The User2User group (one in the USA, one in the UK).

    They'd tear you to pieces! *Very* clever folk there!
     
    ~BD~, Apr 1, 2009
    #9
  10. BoaterDave

    Ari® Guest

    Yeah.
     
    Ari®, Apr 2, 2009
    #10
  11. BoaterDave

    ~BD~ Guest

    I missed your reply, Tim - sorry for not responding.

    I'll bear in mind what you have said. It did happen again and this is
    exactly what happened:-

    A dropdown window said 'Confirm' "There was an error coppying the message to
    the Sent folder. Retry?" Options were 'Cancel' or 'OK'

    Clicking on 'OK' just re-issued the same 'Confirm' dropdown window.

    Clicking on 'Cancel' initiated another dropdown window - 'Save Draft Error'
    "Unable to save your message as a draft. Please verify that your Mail and
    Newsgroup account settings are correct and try again". Only one option 'OK'

    Clicking 'OK' resulted in the previous 'Confirm' dropdown window!!

    Stuck in a loop - the only way out was to shut down Thunderbird (and lose
    what had been written - grrr!)

    Cheers

    David
     
    ~BD~, Apr 4, 2009
    #11
  12. BoaterDave

    ~BD~ Guest

    My thanks to 'Unruh' for his/her comments.

    Maybe I have misunderstood - but I thought that a NAT router provided a
    complete barrier between a computer and the Internet - a hardware firewall.

    You seem to suggest that a software firewall is needed too. Is that correct?
     
    ~BD~, Apr 4, 2009
    #12
  13. BoaterDave

    ~BD~ Guest

    I didn't expect a reply from you today!

    This probably sounds silly - but I do not have an "X" in the corner!

    The version of Thunderbird I'm using is 2.0.0.21

    I'll load it onto my XP machine and see if it looks different.

    I'm also quite certain that the messages were exactly as I described - I
    wrote each one down as it happened.

    Please refresh your mind on my query at the start of this thread! ;)
     
    ~BD~, Apr 4, 2009
    #13
  14. BoaterDave

    Todd H. Guest

    Hi BD,

    The only thing that provides a complete barrier between your computer
    and the internet is a scissors... to cut the connection physically.

    While a hardware firewall does a rather good job of thwarting network
    based attacks from the Internet into your network, it doesn't
    completely protect you by any means.

    A hardware firewall allows outbound traffic to the websites you view.
    Websites containing code that exploits browser vulnerabilities are
    among the threats a hardware firewall doesn't solve. Avoiding use
    of Internet Explorer, using Firefox perhaps with the NoScript and
    FlashBlock extensions are among some of the things you can do to make
    that activity safer, as well as using signature and behavioral
    analysis anti-malware software on the client side (i.e. your Windows
    machine).

    To be even safer, do your browsing in a virtual machine running
    something other than Windows, and roll that virtual machine back every
    hour or so to a known state.

    The value of a host based firewall is debateable in your environment.
    They're a useful thing to have however when a mobile computer is
    joining hostile networks (think wireless hotspots) though.

    Hope this helps some.

    Best Regards,
     
    Todd H., Apr 4, 2009
    #14
  15. BoaterDave

    ~BD~ Guest



    Many thanks for taking the time and trouble to respond in a sensible manner,
    Todd H - it's much appreciated! :)

    Scissors won't do the job nowadays though - I'm connected wirelessly to my
    router (but I get your drift!)

    I've always used a firewall - at first Zone Alarm and then, with the advent
    of XP SP2, the Windoze firewall.

    I've played around with Virtual Machine 'stuff' but decided to go the Apple
    Mac route for now. It 'feels' safer, even if it isn't!

    Warm regards to you,
     
    ~BD~, Apr 4, 2009
    #15
  16. BoaterDave

    ~BD~ Guest

    I went to explore your web pages ('cause I can!)and intended to watch
    your video clips. Regrettably I received this message:-

    "The requested URL /users/kmorgan/todd/hike_back.avi was not found on
    this server."

    None of the links worked for me. Just thought you might like to know!

    I loved your rabbit piccies!
     
    ~BD~, Apr 4, 2009
    #16
  17. BoaterDave

    Todd H. Guest

    Hee hee. Would a scissors between the router and the wall at least
    do it? :)
    It's a less popular target for now at least, and your typical user
    doesn't run as an administrator, so ... it is safer in a number of
    ways. But it's far from impervious.

    You can still play with virtualization on the mac too. Give a look at
    VMWare Fusion if you want a throwback.

    You may want to look with suspicion on Safari as much as one does with
    Internet Explorer. It's proven itself pretty darned pourous over the
    years.

    Enjoy!

    Best Regards,
     
    Todd H., Apr 5, 2009
    #17
  18. BoaterDave

    BoaterDave Guest


    Most certainly! ;)



    I do understand.



    I may experiment later - for now I have enough new things to learn!



    OK - thanks for the warning! :)

    Did you note that the links on your web site to your bunnie video
    clips no longer 'work' - not here on my computer, anyway?

    Cheers
     
    BoaterDave, Apr 7, 2009
    #18
  19. BoaterDave

    Dustin Guest

    BD, some pc/macs do indeed contain a BIOS. As far as the mac version of
    lojack, I don't have a copy of it to play with.
     
    Dustin, Jul 24, 2011
    #19
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.