Jump to content

Bulletproof browser


Guest Lester Weevils

Recommended Posts

Posted

Active directory is a wonderful thing.

If you join the domain. I work from my house via hardware VPN client. None of my machines log into the domain. They can see my machines, but they're not snapped into the Borg cube :).

Posted

If you join the domain. I work from my house via hardware VPN client. None of my machines log into the domain. They can see my machines, but they're not snapped into the Borg cube :).

I prefer a hardware VPN if you are going to do serious remote work or have people remoting in all the time. I had a customer that was wanting to do more work from home, but was a cheap skate. He didn't want to upgrade his version of pc anywhere (which he said he loved), but wasn't compatible with his new laptop. He didn't want to buy any other software, didn't want to buy a router with a built in hardware VPN. So I set him up with hamachi so that he could use RDP to his workstation. Fastfoward a few months later, and he brings his laptop in for repair at our shop and I notice he has upgraded his version of pc anywhere finally.

People need to learn, you either pay now, or you pay later. Might as well save yourself the trouble and do it the right way from the start (my suggestion the whole time was to get a cisco SMB router, they have models with built in hardware VPNs in the $250 range now).

Posted

I've been on a Cisco (real) Hardware client for years. Real reliable. My company gave me my DHCP range, so all the machines in my house have routable IP's.

Posted

All this time I never would have pegged you for an IT guy.

Posted

All this time I never would have pegged you for an IT guy.

Kinda hard to make things go without it. A couple of my guys do the bulk of the IT work. They're better at it than me. I just don't make them do my stuff. I kinda let them run, and just keep them from spending too much money.

Guest Lester Weevils
Posted

Thanks all for the good ideas.

Usually something like that is a result of poisoning, it's the latest greatest tactic for scareware/crimeware. Nothing that the sites were probably aware of, there was actually just a massive case of a few thousand sites being hijacked showing up on Google images. If you viewed the pic it instantly started the redirection and changes to the system... Was a nasty little booger

Thanks Sam1. Ain't blaming folks for running ads. Just blaming the poison ad if thats what it was. Maybe my malware came from google images. Hadn't heard about that. Hackers just seem getting pretty good at the trade.

With the latest few versions, all of the installs and updates are run from the gui. It has an update daemon (service) that will pop a window when updates are available and you just click through the update install, no need to use the console if you don't want to. Any operating system can be hacked, but with linux, firefox and no script, you will be pretty secure. The nice thing is everything is free, so all you need is the hardware. Load it up with openoffice, gimp and whatever else you need and you're all set.

Firefox, NoScript addon, Adblock Plus addon.

Thanks Will take a look at it again.

I run a virtual machine on my desktop. I set the virtual disk to non-persistent, so if I power off the VM, it goes right back to a clean system. Once a month, I'll change the disk to persistent and boot it up to let it get patches and antivirus updates. Then I shut it down and make it non-persistent again. Anyway, I use this VM to browse the web, especially if I'm doing random searches to unfamiliar sites. If the VM gets hosed up, it as simple as powering it off to get back to a clean system.

Thanks, dunno if VMWare fusion has that feature. Being able to set the disk to non-persistent sounds useful. Will check.

Guest Lester Weevils
Posted

This. We use imaging software, and keep images for all the various hardware packages in the building. Because it's a business, all work data lives on file servers that are backed up daily. If something creeps into a machine (almost always sales people), we give the machine an enema, and reconnect them to their data. We maintain a large number of machines this way (probably over 100). It's not cost effective in terms of hardware cost AND user efficiency to use seperate machines for browsing. If we can keep that many machines, all that interact heavily on the internet, with a couple of IT guys, you should be able to adapt it to your own use.

I don't know what kind of code you're doing. Any code development I've seen requires it's own incremental backup scheme. When new code gets "sick", it's almost always self-inflicted :)

Hi Mike. I upload finished code to the company servers and also keep selected backups offsite on my netfirms virtual server. Mac local incremental backup via Time Machine. The mac pro has four 2 TB drives, one 2 TB raid1 pair for boot and files, the other 2 TB raid1 pair for time machine. I occasionally make compressed images of the 2 TB Mac boot drive to external drive. Imaging the Mac boot drive ought to complete within 12 to 24 hours. It ain't exactly fast.

The Win 7 puter has a boot raid1 of 2 TB drives which is occasionally incremental backed up to external drive. Am pretty sure an incremental backup on the Win 7 puter takes about 24 hours. In the past I used imaging software but it would take forever nowadays. A 24 hour restore would beat several days setting up from scratch but that is significant downtime. Might would be better to separate data from programs and OS, but OTOH its real useful to have it all in one place.

I don't have to maintain 100 machines, just my own machines. As of today the Win 7 machine has 4,512,769 files. Maybe thats not much nowadays but sounds like a big number. :) Am not certain of the benefit for me building a big server to set-up right next to the puters in my home office. The disks fit just as good, and access faster, built-in to the puters themselves. I'm an old not-very-bright programmer, not an IT guy. There are many things a smart feller would do better. :)

Despite your reluctance to use a Mac, it is the perfect machine for what you want to do. Despite your hostility toward programming for the platform, it is huge and growing rapidly and has yet to ever have a real virus. Social engineering (you can't fix stupid) trickery stuff, yes, but a real virus, no.

I have been Mac-only since 1993. I have never owned anti-virus software. I have five Macs on my home network that is connected to Comcast right now with no anti-virus software. For years. No viruses. The argument that when the Mac gets more popular there will be viruses for it doesn't hold water. There are 50 million Macs in use in the USA alone. Windows XP had its first virus while the software was still in beta and only had a deployed user base of 14,000.

Configure a Mac and Dell identically and the Mac is almost always cheaper. Yep, you can buy an Acer or build your own computer cheaper than you can buy a new Mac. All I can say there is; you get exactly what you pay for…

Thanks for the ideas nicemac. I don't plan to program Mac any more or buy any more apple gear but I like browsing with multiple large monitors and like the MacPro and do not have a big grudge against Safari.

I have a bunch of 80 GB to 300 GB 2.5" external drives laying on the shelf, accumulated over the years. Might could install a stripped down easy to restore MacOS on a 2.5" external for dedicated browsing and then make a couple of spare clones on 2.5" external drives. That wouldn't cost any money and wouldn't have a learning curve.

What is a reasonable minimum size nowadays for a dedicated "browsing and not much else" MacOS hard drive?

The icing on the cake -- Wonder if there is a no-hassle way to make the 8 TB of internal drives "invisible" when booted off an external drive? One could open up the computer and remove the drives but that is hardly elegant. Wonder if there is some software method to make the internal drives undiscoverable when booted off an external? Operating on the premise that even if a hacker was smart enough to take over the mac booted off an external drive, said hacker couldn't muck with the internal drives if he couldn't "find" them?

Posted

The other trick I use is to download a no ad hosts file and overwrite the default hosts file on my computer.

The way tcp/ip works is, when I type in a website in my browser, it has to convert that name into an IP. It does that by using a DNS server. But, before it checks with the DNS server, it looks on your local PC for a file called "hosts". If that file exists, it will read it and look for the website name and IP. If that site is not in the file, then it asks the DNS server for the info.

The trick with the hosts file is that for all of the ad sites, or malicious web sites, you point the name to your local computer's loopback address of 127.0.0.1. So essentially, the web browser goes nowhere for that link, and you'll get a blank browser.

This is a favorite trick for malware too. It will edit your hosts file and put an entry in for say, www.mcafee.com to either go to it's own server or, go nowhere. Then when your PC tries to update it's antivirus, it can't find the site. I have used this to help friends block certain sites from their kids.

Folks out on the internet have put together hosts files you can download, and they have thousands of malicious or annoying web sites already in the file. Just download one, and over write your own hosts fiole and it will start working right away. I'm always surprised how different web pages look when I go to someone else's computer and visit a familiar web site. for instance, Yahoo mail on my PC with a hosts file is nice and clean. On a friend's PC, it is full of annoying ads.

Google search "No Ad Hosts FIle" and you'll find links to download a file, and more (better) descriptions than I just gave.

Posted

This is a favorite trick for malware too. It will edit your hosts file and put an entry in for say, www.mcafee.com to either go to it's own server or, go nowhere. Then when your PC tries to update it's antivirus, it can't find the site. I have used this to help friends block certain sites from their kids.

That and proxy servers.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

TRADING POST NOTICE

Before engaging in any transaction of goods or services on TGO, all parties involved must know and follow the local, state and Federal laws regarding those transactions.

TGO makes no claims, guarantees or assurances regarding any such transactions.

THE FINE PRINT

Tennessee Gun Owners (TNGunOwners.com) is the premier Community and Discussion Forum for gun owners, firearm enthusiasts, sportsmen and Second Amendment proponents in the state of Tennessee and surrounding region.

TNGunOwners.com (TGO) is a presentation of Enthusiast Productions. The TGO state flag logo and the TGO tri-hole "icon" logo are trademarks of Tennessee Gun Owners. The TGO logos and all content presented on this site may not be reproduced in any form without express written permission. The opinions expressed on TGO are those of their authors and do not necessarily reflect those of the site's owners or staff.

TNGunOwners.com (TGO) is not a lobbying organization and has no affiliation with any lobbying organizations.  Beware of scammers using the Tennessee Gun Owners name, purporting to be Pro-2A lobbying organizations!

×
×
  • Create New...

Important Information

By using this site, you agree to the following.
Terms of Use | Privacy Policy | Guidelines
 
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.