There are programs that cannot be detected as virus/trojans or spyware but classifed as spy-monitoring software that could be embedded inside trading platforms you are testing installation files, netmeeting scripts or even certain webinars that automatically installs something. http://www.spytech-web.com/ http://www.realtime-spy.com/howitworks.shtml All your emails containing internet banking, trading passwords could be revealed... How do you prevent, detect and resolve this?
Windows and the internet are just never going to work well together without a whitelisting firewall. The blacklisting industry just never can really win but they do get a lot of business from their failures, it makes for interesting and scary stories.. I recommend one computer for internet surfing with the normal blacklisting firewall and virus stuff, own the operating system disc and rebuild the machine once a month to keep it clean. Have another computer for trading and banking behind a whitelisting firewall.
Rebuilding a machine monthly is overkill. Get a free VMware player and pre-built surfing VM. They're wiped clean on every reboot if configured for non-persistent storage. Plenty to choose from at vmware.com. As for whitelisting, that's a completely false sense of security. You're still left vulnerable to DNS cache poisoning and compromised web servers at the destination.
Use SpywareTerminator.com. Cool. Make sure to include/activate the Clam AntiVirus and the HIPS. Felix
it all depends how good trojans are for example YOU WOULD NEVER find my trojans remember this and remember it well ONLY a dedicated machine is safe in a reasonable way but like countless of dreamers you are probably poor
The hard part is antivirus & spyware software scans for virus & spywares... These hidden spy-monitoring programs when installed are observed as normal software:eek:
Why would you have emails on your machine that contain your "internet banking, trading passwords"? I do not know of any financial institutions that email you your passwords so unless you are emailing copies of your passwords around, that concern seems faulty. Also why do you assume that AV software wont catch these programs? Not to say that there aren't trojans that can slip through but the two you listed are covered by the major vendors: http://vil.nai.com/vil/content/v_124125.htm http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=SPYW_SPYAGENT.A
Virtualization is hackable, not to mention that you can do some banking in a virtualized machine, the hacker can steal your password and when the machine is shut off his tracks are covered. Of course, our OS CD's could have spyware on them! Not only DNS cache poisining but essentially the people with legit access to a DNS server could spoof anything DNS related. When you whitelist, find out the numerical addresses of your bank, broker, etc. and use those, you will bypass the DNS servers. Regarding the compromised servers at your bank, brokerage, not much you can do maybe, best to use banks and brokers that are competent in the tech area.
While adept at network security, someone else always knows more... So I erase my hard drive and reimage regularly. Nothing survives a Guttman!
Not even close. http://www.cbronline.com/news/vmware_granted_clearance_for_national_security_desktop Excuse me, but stay on topic. You stated the need to rebuild a machine monthly for the sole purpose of web surfing, not for secure on-line banking. And, you can certainly use a VM for both. The surf VM is set to non-persistent storage while the later is set to persistent so you can capture his "tracks." DNS cache poisoning, and other exploits can be done from remote. So, tell me, how do you handle load-balanced web farms, hot/cold backup sites, distributed web farms? Whitelisting's weakness is in the fact that using hardcoded IP addresses is no longer viable due to that and it's highly unlikely that the bank is going to map out their architecture for you. You might do some research on the frequency of SQL injection and similar problems that banks, relying on outsourced (cheap) developers constantly trip over. It's largely why this beast exists: https://www.pcisecuritystandards.org/index.shtml