It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
How to browse the Internet safely like an IT pro!
page: 1share:
Are you tired of worrying about contracting a computer virus? Are you tired of manually editing your NoScript block/allow list? Do you wish to feel
secure on your computer without having to pay a monthly fee for a professional grade antivirus program? Then I have you’re solution here. I will be
giving a step by step lesson that even the most basic computer user will be able to follow with ease.
To give you some background information, I am currently a senior in a CyberSecurity program with a concentration on Digital Forensics. And like you, I despise spyware, viruses, and having to worry about losing my computer.
One of the hottest topics currently in the digital forensics community is the use of virtual machines, which we will be creating today. A Virtual Machine can be a very powerful and useful tool, however, the “bad guys” have learned that the use of them makes our job (digital forensics) much more difficult. This is due to the simple fact that Virtual Machines leave behind very little evidence as they typically do not write to a computer’s hard drive
To give you some background information, I am currently a senior in a CyberSecurity program with a concentration on Digital Forensics. And like you, I despise spyware, viruses, and having to worry about losing my computer.
One of the hottest topics currently in the digital forensics community is the use of virtual machines, which we will be creating today. A Virtual Machine can be a very powerful and useful tool, however, the “bad guys” have learned that the use of them makes our job (digital forensics) much more difficult. This is due to the simple fact that Virtual Machines leave behind very little evidence as they typically do not write to a computer’s hard drive
reply to post by VonDoomen
doesnt work if you happen to download a root kit trojan horse virus. it will infect the vm then your computer
doesnt work if you happen to download a root kit trojan horse virus. it will infect the vm then your computer
Good post, S&F!
Trying to help people is a great thing... but being in a similar business that you are, I can say for 100% fact that the typical end-user is not going to do this, and they are also not fully protected. There are options in VMWare for sharing hardware on the host that a crafty virus can still take advantage of. Sanboxing only works if you turn off all of those options and are not connecting to a shared network from within your VMWare environment.
A worm that can traverse network drives and look for other hosts to infect could still use a sandbox VM as a launch point into the network. The LoveBug virus did an excellent job at this, and any attempt at running it in a sandbox failed unless the sandbox was completely disconnected from the network and internet. I can attest to this first-hand.
However, I give you props for trying to help people.
A simpler, yet less secure solution, is to make use of tools like NoScript, ad-blockers and good anti-virus software as well as changing your HOSTS file to blacklist all of the known infectious sites on the internet so that your computer can't even connect to them if you wanted to. I've used this combination for friends and family for years with significant success.
With 64-bit computers, all of the age old 32-bit infections are becoming a thing of the past and malicious software developers are having to re-write everything since the core set of files to be hijacked and registry keys are in completely different places. And not everyone runs Linux VonDoomen...
~Namaste
Trying to help people is a great thing... but being in a similar business that you are, I can say for 100% fact that the typical end-user is not going to do this, and they are also not fully protected. There are options in VMWare for sharing hardware on the host that a crafty virus can still take advantage of. Sanboxing only works if you turn off all of those options and are not connecting to a shared network from within your VMWare environment.
A worm that can traverse network drives and look for other hosts to infect could still use a sandbox VM as a launch point into the network. The LoveBug virus did an excellent job at this, and any attempt at running it in a sandbox failed unless the sandbox was completely disconnected from the network and internet. I can attest to this first-hand.
However, I give you props for trying to help people.
A simpler, yet less secure solution, is to make use of tools like NoScript, ad-blockers and good anti-virus software as well as changing your HOSTS file to blacklist all of the known infectious sites on the internet so that your computer can't even connect to them if you wanted to. I've used this combination for friends and family for years with significant success.
With 64-bit computers, all of the age old 32-bit infections are becoming a thing of the past and malicious software developers are having to re-write everything since the core set of files to be hijacked and registry keys are in completely different places. And not everyone runs Linux VonDoomen...
~Namaste
edit on 26-8-2012 by SonOfTheLawOfOne because: (no reason given)
It's incorrect to state that the virtual machine doesn't write to your hard drive, and it's also incorrect to state that virtual machines leave behind
very little evidence.. that's quite a dangerous assumption.. and by default, absolutely false.
The fact is that these virtual machines create a disk image and the virtual machine writes to that image ( which is written to your hard drive ) .. BY DEFAULT .. these images are not encrypted and can be mounted as a drive on your machine... meaning that all someone would need to do is copy your image and mount it on their computer.. your data is now available with minimal effort at all.
So again, the statements made in regards to that are just completely false... if you enable encryption and set a password then you're probably pretty safe..
IF you really want to worry about not leaving evidence behind for whatever reason ( paranoid much? lol ) .. I would recommend the free software called TrueCrypt... You can create an encrypted virtual drive and from there, you can create your vmware image inside that encrypted virtual drive... when you're done playing in your virtual environment, you simply dismount the truecrypt volume... As long as you're using a very powerful password, or making use of a key file.. you can bet on everything being secure.
ALTERNATIVE TO VMWARE .. for those who don't want to spend the money, you can download VirtualBox for no cost... it's very very similar to Vmware, in my opinion it's actually better .. $0.00 .. Yes vmware player is free, but limited... VirtualBox is entirely free and without limit.. it's more like the full commercial version of vmware, but again in my opinion, better.
Truecrypt is also $0.00
There's another app that you can also use for free that I highly recommend for those who are downloading and running software that you might not trust .. it's called Sandboxie .. you can right click a program and launch it in sanbdboxed mode... it has a virtual registry and filesystem so everything the program does is trapped within that box...
Virtual machines are certainly good for keeping your host system clear of infection.. I won't take issue with that
Enjoy!
Ps. I'm a systems administrator for an internet company, I've been involved in security and systems management / programming and yes even some real investigation work for law enforcement as part of my job.. I've been at it since 1998.. Practice safe internet =)
The fact is that these virtual machines create a disk image and the virtual machine writes to that image ( which is written to your hard drive ) .. BY DEFAULT .. these images are not encrypted and can be mounted as a drive on your machine... meaning that all someone would need to do is copy your image and mount it on their computer.. your data is now available with minimal effort at all.
So again, the statements made in regards to that are just completely false... if you enable encryption and set a password then you're probably pretty safe..
IF you really want to worry about not leaving evidence behind for whatever reason ( paranoid much? lol ) .. I would recommend the free software called TrueCrypt... You can create an encrypted virtual drive and from there, you can create your vmware image inside that encrypted virtual drive... when you're done playing in your virtual environment, you simply dismount the truecrypt volume... As long as you're using a very powerful password, or making use of a key file.. you can bet on everything being secure.
ALTERNATIVE TO VMWARE .. for those who don't want to spend the money, you can download VirtualBox for no cost... it's very very similar to Vmware, in my opinion it's actually better .. $0.00 .. Yes vmware player is free, but limited... VirtualBox is entirely free and without limit.. it's more like the full commercial version of vmware, but again in my opinion, better.
Truecrypt is also $0.00
There's another app that you can also use for free that I highly recommend for those who are downloading and running software that you might not trust .. it's called Sandboxie .. you can right click a program and launch it in sanbdboxed mode... it has a virtual registry and filesystem so everything the program does is trapped within that box...
Virtual machines are certainly good for keeping your host system clear of infection.. I won't take issue with that
Enjoy!
Ps. I'm a systems administrator for an internet company, I've been involved in security and systems management / programming and yes even some real investigation work for law enforcement as part of my job.. I've been at it since 1998.. Practice safe internet =)
edit on 8/26/2012 by miniatus because: (no reason given)
reply to post by digital01anarchy
First, that rootkit would have to be able to work through linux. And then work through windows. A Virus like this would have to be one of the more rare virus'es you could ever come across.
Think about this. Virus writers want to get as many people as possible. How many people do you think browse the internet through a sandbox? As a % of the population, it would be a VERY small number. The knowledge and time needed to create a root kit like this would be tremendous compared to your average virus.
REGARDLESS, this method is still much much safer than browsing the way people typically do. IF you know about rootkits, then you should know this...
Personally, I think its kind of rude for you to come onto this thread spouting stuff like this, when this is one of the safest ways to browse the internet! Do you have a personal issue with people doing this??
First, that rootkit would have to be able to work through linux. And then work through windows. A Virus like this would have to be one of the more rare virus'es you could ever come across.
Think about this. Virus writers want to get as many people as possible. How many people do you think browse the internet through a sandbox? As a % of the population, it would be a VERY small number. The knowledge and time needed to create a root kit like this would be tremendous compared to your average virus.
REGARDLESS, this method is still much much safer than browsing the way people typically do. IF you know about rootkits, then you should know this...
Personally, I think its kind of rude for you to come onto this thread spouting stuff like this, when this is one of the safest ways to browse the internet! Do you have a personal issue with people doing this??
reply to post by denver22
reply to post by hellzdoms
I suggest reading before commenting.
Everything I posted is 100% free.
reply to post by hellzdoms
I suggest reading before commenting.
Everything I posted is 100% free.
reply to post by SonOfTheLawOfOne
reply to post by miniatus
And here comes the internet cavalry! Thank you for the comments though!
Yes i know this method is not 100% secure. I did not want to get extremely technical in this post, as it would tend to turn away even more people. However, this is a good method of providing a lot of protection.
I didnt want to get into a USB build, and or using truecrypt, as that just makes it more confusing for beginners.
reply to post by miniatus
And here comes the internet cavalry! Thank you for the comments though!
Yes i know this method is not 100% secure. I did not want to get extremely technical in this post, as it would tend to turn away even more people. However, this is a good method of providing a lot of protection.
I didnt want to get into a USB build, and or using truecrypt, as that just makes it more confusing for beginners.
reply to post by miniatus
If you would like to create a truecrypt tutorial for doing so, please be my guest!
But I must correct you, VMware is free. Im not sure why you think its not?
If you would like to create a truecrypt tutorial for doing so, please be my guest!
But I must correct you, VMware is free. Im not sure why you think its not?
Originally posted by VonDoomen
reply to post by SonOfTheLawOfOne
reply to post by miniatus
And here comes the internet cavalry! Thank you for the comments though!
Yes i know this method is not 100% secure. I did not want to get extremely technical in this post, as it would tend to turn away even more people. However, this is a good method of providing a lot of protection.
I didnt want to get into a USB build, and or using truecrypt, as that just makes it more confusing for beginners.
Well no need to get technical when it comes to that.. but I wanted to point out that what you said is only true if you enable encryption and set a password.. which is literally just one additional step
I fully support everything else you've said.. and I wanted to mention VirtualBox because it's a fully featured alternative to the free vmware player .. Sandboxie is an excellent alternative for people who are generally safe with their browsing habits but might not trust something they downloaded..
Anyway - useful info
oh great, this thread got moved to "Computer help" Where most frequent browsers already know this.
Well, that was a short run
Well, that was a short run
reply to post by miniatus
yes, 1 additional step, which actually turns into 20 additional steps when you document it in the manner I did
yes, 1 additional step, which actually turns into 20 additional steps when you document it in the manner I did
Originally posted by VonDoomen
reply to post by miniatus
If you would like to create a truecrypt tutorial for doing so, please be my guest!
But I must correct you, VMware is free. Im not sure why you think its not?
Vmware player is free, vmware's full product "Workstation" isn't .. the player product is limited in features.. so I wanted to at least give virtualbox an honorable mention since it's not feature limited and is free, there's no commercial version.
Truecrypt's website actually has a pretty straightforward tutorial already..for anyone who's interested in looking it over you can check it out here
www.truecrypt.org...
Originally posted by VonDoomen
reply to post by SonOfTheLawOfOne
reply to post by miniatus
And here comes the internet cavalry! Thank you for the comments though!
Yes i know this method is not 100% secure. I did not want to get extremely technical in this post, as it would tend to turn away even more people. However, this is a good method of providing a lot of protection.
I didnt want to get into a USB build, and or using truecrypt, as that just makes it more confusing for beginners.
I totally agree and applaud you for your efforts!
With end-users, I've found the KISS principle works best.
~Namaste
reply to post by miniatus
Edited the OP to include a reference to you and Truecrypt if users wish to use this additional method.
ETA: Ah i see you beat me to it!
Edited the OP to include a reference to you and Truecrypt if users wish to use this additional method.
ETA: Ah i see you beat me to it!
edit on 8/26/2012 by VonDoomen because: (no reason given)
reply to post by SonOfTheLawOfOne
I have to agree with sonofthelawofone. It isn't as easy as you make it out to be but as a learning tool its powerful because it allows you to run any os which is nice, Very helpful tool when getting your MCITP cert
I have to agree with sonofthelawofone. It isn't as easy as you make it out to be but as a learning tool its powerful because it allows you to run any os which is nice, Very helpful tool when getting your MCITP cert
Originally posted by miniatus
Originally posted by VonDoomen
reply to post by miniatus
If you would like to create a truecrypt tutorial for doing so, please be my guest!
But I must correct you, VMware is free. Im not sure why you think its not?
Vmware player is free, vmware's full product "Workstation" isn't .. the player product is limited in features.. so I wanted to at least give virtualbox an honorable mention since it's not feature limited and is free, there's no commercial version.
I will go with that, as it is 100% free with full features.
Vmware is not 100% free in the sense with full "features".
So theoretically vmare when visited becomes a sales pitch to entice you to buy the full product
My vote is with virtualbox 100% free fully featured.
reply to post by denver22
Well I am sorry if i offended you.
I am in no way linked to VMware and this is not a sales pitch. It was intended to be a tutorial for beginners. The people who do not necessarily need every single feature.
This was a lab I did last semester, and didnt feel like doing EVERYTHING (documenation) over again while using new software.
Well I am sorry if i offended you.
I am in no way linked to VMware and this is not a sales pitch. It was intended to be a tutorial for beginners. The people who do not necessarily need every single feature.
This was a lab I did last semester, and didnt feel like doing EVERYTHING (documenation) over again while using new software.
reply to post by VonDoomen
I really didn't think about that aspect to be honest I ran server 2003 and xp as well as some other ones but your right about it not being able to cross into a different os. Like i said i used mine to get a cert most of the os except two or three are windows based so they could cross over sorry I posted incorrect information which isnt really incorrect just situational incorrect if running a different os on your desktop
the way i processed it was using my own virtual box and you got that response but the op is totally correct
I really didn't think about that aspect to be honest I ran server 2003 and xp as well as some other ones but your right about it not being able to cross into a different os. Like i said i used mine to get a cert most of the os except two or three are windows based so they could cross over sorry I posted incorrect information which isnt really incorrect just situational incorrect if running a different os on your desktop
the way i processed it was using my own virtual box and you got that response but the op is totally correct
edit on 26-8-2012 by
digital01anarchy because: (no reason given)
new topics
-
BIDEN Admin Begins Planning For January 2025 Transition to a New President - Today is 4.26.2024.
2024 Elections: 1 hours ago -
Big Storms
Fragile Earth: 3 hours ago -
Where should Trump hold his next rally
2024 Elections: 5 hours ago -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 6 hours ago -
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections: 7 hours ago -
Falkville Robot-Man
Aliens and UFOs: 7 hours ago -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 8 hours ago -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 9 hours ago -
Ireland VS Globalists
Social Issues and Civil Unrest: 9 hours ago -
Biden "Happy To Debate Trump"
2024 Elections: 10 hours ago
top topics
-
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents: 8 hours ago, 14 flags -
Australian PM says the quiet part out loud - "free speech is a threat to democratic dicourse"...?!
New World Order: 9 hours ago, 13 flags -
Blast from the past: ATS Review Podcast, 2006: With All Three Amigos
Member PODcasts: 12 hours ago, 13 flags -
Biden "Happy To Debate Trump"
2024 Elections: 10 hours ago, 12 flags -
Mike Pinder The Moody Blues R.I.P.
Music: 12 hours ago, 8 flags -
What is the white pill?
Philosophy and Metaphysics: 11 hours ago, 6 flags -
Shocking Number of Voters are Open to Committing Election Fraud
US Political Madness: 6 hours ago, 6 flags -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs: 10 hours ago, 5 flags -
Ireland VS Globalists
Social Issues and Civil Unrest: 9 hours ago, 5 flags -
Where should Trump hold his next rally
2024 Elections: 5 hours ago, 5 flags
active topics
-
Falkville Robot-Man
Aliens and UFOs • 9 • : CosmicFocus -
Big Storms
Fragile Earth • 12 • : Lumenari -
Gov Kristi Noem Shot and Killed "Less Than Worthless Dog" and a 'Smelly Goat
2024 Elections • 47 • : cherokeetroy -
BIDEN Admin Begins Planning For January 2025 Transition to a New President - Today is 4.26.2024.
2024 Elections • 8 • : NoCorruptionAllowed -
ALERT - U.S. President JOE BIDEN Examined and Found NOT OF SOUND MIND.
2024 Elections • 65 • : SchrodingersRat -
James O’Keefe: I have evidence that exposes the CIA, and it’s on camera.
Whistle Blowers and Leaked Documents • 13 • : theatreboy -
Where should Trump hold his next rally
2024 Elections • 21 • : Dandandat3 -
RAAF airbase in Roswell, New Mexico is on fire
Aliens and UFOs • 9 • : Degradation33 -
President BIDEN's FBI Raided Donald Trump's Florida Home for OBAMA-NORTH KOREA Documents.
Political Conspiracies • 38 • : SchrodingersRat -
Joe Biden and Donald Trump are both traitors
2024 Elections • 65 • : MrMez