Hi Agent Zr0,
You asked for a good firewall recommendation for protection 'while
surfing the net'. Network controls won't block attacks at the
application level, or allow someone to browse the web safely. I mean,
how many ways are there to control port 80/443 traffic? A firewall is
only as secure as the configuration, and users will keep opening ports.
You can also allow her to VPN through a company network, but it opens a
path from her laptop to the company network. Since the state of
security on her laptop is unknown, you've just exposed the company
network to her laptop and the hotspot network.
What you want to protect is the 'surfing', not to force an end user to
ponder the pop-up message; 'process xyz is trying to act as a server',
'block' or 'allow'. Is that an AV program? An applet? IM?
Unfortunately, firewalls and other protections are often only as secure
as the user is technical.
Mark J. Edwards wrote a good Security Update article dated 4/12/06 'Will
Malware Prompt Broad Shift to VMs?'.
http://www.windowsitpro.com/Article/ArticleID/49957/49957.html Here's an
extract:
"Recently, Mike Danseglio, a program manager in Microsoft's Security
Solutions group, made news by saying that after a system becomes
infected with some types of rootkits and other malware, sometimes the
only solution is to rebuild the system from scratch. Security
administrators have long known this, but Danseglio's statements point
out that malware is becoming so quick to exploit new problems, so
advanced in new capabilities, and so viciously insidious that sometimes
even the best antispyware, antivirus, content filtering, firewall, and
intrusion prevention tools can't protect a system adequately."...
..."Rebuilding a desktop can be a painful and time-consuming process. If
you use some sort of disk-imaging technology and keep adequate backups,
you can make recovery far less stressful, but even so, with today's
technology this particular route to recovery is the long road. However,
if you have virtual machine (VM) technology in place, you can recover
from an intrusion of nearly any type in only a few seconds because all
you need to do is shut down the VM and relaunch it."
Mark referenced Virtual Machines and VMware specifically, but running a
second OS just for a browser is not an elegant solution, especially on a
laptop.
Virtual Browsers isolate your local computer resources from modification
by an infection, and most allow you to reset the virtual instance to
clear out all processes and temp files created in that space. A virtual
browser is more than using 'Run As', virtualization typically
virtualizes portions of the registry and the file system, and depending
on the product, control access to COM, User Shell, local network,
clipboard, etc. They can also provide confidentiality by controlling
what real directories the virtual instance can save downloads to, and
what real directories can be browsed to (from within the virtual
environment).
There are a few products in the virtual browser category:
http://www.altiris.com/juice/downloads/217.asp?id=5 Virtual IE - Free
(personal use)
http://www.greenborder.com/ GreenBorder - (Consumer version in Beta
test)
http://www.sandboxie.com/ SandBox IE - Freeware
http://www.shadowstor.com/ Shadowsurfer - Free limited feature product
http://www.trustware.com/ Bufferzone - Free beta available
Just a note, virtualization products are like latex...gloves, not shots.
You use them to handle potentially infectious content. Because they're
a proactive tool and are not signature based, they don't detect or
repair existing infections. So don't use gloves (Virtualization)
instead of shots (AntiVirus, AntiSpyware). Use them together.
Bill Stout
www.greenborder.com
-----Original Message-----
From: Agent Zr0 [mailto:agentzr0@necrotek.net]
Sent: Tuesday, April 18, 2006 7:09 PM
To: focus-ms@securityfocus.com
Subject: Internet security on "hotspots"
I have a friend who is interested in better securing her laptop while
she's out surfing the net at coffeehouses and what not. I'm thinking of
telling her to just get herself a REALLY good firewall program (I use
zonealarm pro myself), but I was wondering if anyone here had any other
ideals or thoughts that I could pass onto her other than that.
Agent Zer0
agentzr0@necrotek.net
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
