posted on Sep, 7 2012 @ 01:24 AM
Please explain to me how if someone knows how to gain access into your VM, that they don't know you're running a VM off of another OS? Obviously the
VM is just a shell that runs off of the main operating system, you would think that if someone has the knowledge of how to gain access into your
system via the VM, they would be able to figure out the root fairly easily thus gaining access into the actual machine as well.
This is the part I never really understood.
Encryption is also a great idea but also pretty worthless if an attacker gains remote access into your system and simply sets up a program such as a
keylogger to find out what your encryption key is - if they get the key then you can kiss all your encyption goodbye.
All the anti-virus, anti-trojan, etc programs are also very good - unless you happen to set up a second anti-virus. For example, Norton and McAfee on
the same system. Then all kinds of problems can occur. The other thing is a lot of these anti-virus programs are VERY well known, and if someone
really wants to go to the effort of creating some new virus / trojan, then they already know what most people are using as protection...
The only other things I'll say are that it's a real PITA to UNINSTALL anti-virus programs, then tend to cause all sorts of problems in your systems
registry - I found out the hard way a few times.
When it comes down to it, the best security is common sense. If you don't know the source of a file 100%, don't download it. Another thing I keep
seeing a lot these days are what are known as phishing attempts - where an attacker spams thousands of e-mails out to random people, with links to
various websites that look exactly like the real websites do, and then people simply type in their information. A good example of this is a website
like aol.com - you can easily use an upper case "i" to fool people into thinking its an L. In other words, aoi.com not AOL.com - this stuff used to
happen all the time back when AOL was huge in the 90's and I still see it from time to time. So again, if you get an email that seems sort of funny,
say - "you were found doing whatever and violated the rules of whatever", make sure the source of the email is 100% legit before simply filling out
forms and sending them to some random person on the net.