AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 21st May, 2012, 09:55 PM
danrok's Avatar
AOA Staff
 
Join Date: March 2003
Location: Great Britain
Posts: 18,917

How to uncover hidden PC activity

How to monitor what your PC is really doing. See front page:
http://www.aoaforums.com/frontpage/c...-activity.html

Comments?
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 22nd May, 2012, 10:11 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

I thoght that the whole pourpose behind using Windows was to invite a breach....what else is it good for I ask you? ":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 24th May, 2012, 10:11 AM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Windows is orders of magnitude better than it used to be, that is for sure! In fact, there are some features now that I've not seen deployed on any other OS yet - for example, MS have made attempts to mitigate ROP (return orientated programming) attacks. Now this may not be entirely successful, but until DEP (data execution prevention - also known as non-executable pages) and ASLR (address space layout randomisation), ROP was unheard of because attackers didn't need to jump through such hoops.

In terms of code quality, unfortunately Open Source has been found to be poorer than closed source. Veracode have done some interesting work in this area. Disclaimer - I used to work with some of the Veracode guys whilst they were @stake, hence I have some level of respect for them. Veracode do code analysis to identify where there's potential issues within the code. I've attached a couple of images - the first is web apps that meet the OWASP Top 10 on first submission. The second is apps that meet CWE/SANS top 25 on first submission. Note that Open Source code comes out worse in terms of compliance! Also note that web app code generally does worse than non-web app. The report this was pulled from is Veracode's State of Software Security Report Volume 4.
Attached Thumbnails
How to uncover hidden PC activity-owasp-top-ten-on-first-submission.png   How to uncover hidden PC activity-cwe-sans-compliance-first-submission.png  
__________________

Last edited by Aedan; 24th May, 2012 at 10:12 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 24th May, 2012, 12:44 PM
Kaitain's Avatar
Member
Mars Rover Champion, Joust Champion
 
Join Date: September 2001
Location: MK10, UK.
Posts: 4,372
Send a message via MSN to Kaitain Send a message via Skype™ to Kaitain

Interesting. Equally interesting is that applications developed in-house perform better (especially on the CWE/SANS top 25) than both commercial and open source submissions.

With respect to those graphs, there's no way to determine the relative complexity of the applications, the size of the team working on them and the average experience of the programmers.

I suspect that a lot of the differences between the in-house application and the open-source application is that (I'm assuming here) the in-house application is developed by a small team of competent programmers with a solid plan and strong management, whereas the open source project may be developed by a huge team of unknown quantities, with a fag-packet plan and volunteer management.
__________________
It is by coffee alone I set my mind in motion...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 24th May, 2012, 02:11 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Well yeah but that's everyone else's Linux, My Linux be good my Linux be pure!

My Linux achives this by being FREE! ":O}

K. makes some interstining points as far as whose doing the work and under what circumstance...

Did they look across all Linux distro's, were there any exceptions amoung the "older, more established" distros?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 24th May, 2012, 05:00 PM
Kaitain's Avatar
Member
Mars Rover Champion, Joust Champion
 
Join Date: September 2001
Location: MK10, UK.
Posts: 4,372
Send a message via MSN to Kaitain Send a message via Skype™ to Kaitain

Quote:
Originally Posted by Daniel ~ View Post
Did they look across all Linux distro's, were there any exceptions amoung the "older, more established" distros?
I took it that the graph was per-application, so it would be testing against, say, Evolution or Firefox, instead of testing against every executable in a given distro. Also "open source" can include open-source Windows applications, of which there are many.
__________________
It is by coffee alone I set my mind in motion...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 24th May, 2012, 10:21 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Still good to hear MS has change...
( Was that to bitter? ":O}
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 28th May, 2012, 05:52 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

It is per application. The applications are examined on the basis of paid engagements. IE, each of those apps has had someone willing to pay for them to be examined. The open sources ones are probably because they're part of a larger application which uses some open source components.
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 28th May, 2012, 06:45 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

I'm not sure I'm understanding you rightly Aedan...I don't pay for apps any more....scratch that! I still use Acronis, bought it while still using win doze for backup, works OK with Linux, but I digress...

With most Linux apps free...how's this a true comparison, when only paid for apps are benched?

I must be missing a few pieces here?
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 29th May, 2012, 07:30 AM
Kaitain's Avatar
Member
Mars Rover Champion, Joust Champion
 
Join Date: September 2001
Location: MK10, UK.
Posts: 4,372
Send a message via MSN to Kaitain Send a message via Skype™ to Kaitain

It's nothing to do with whether the applications are free to the end user or not: Veracode are doing some complicated, specialist analysis and their time and expertise don't come for free. The developers pay to have their code analysed.

If open source components are used in commercial applications, it's reasonable that the commercial developer, knowing that their security is only as good as their weakest compolnent, will pay to have open source code validated.
__________________
It is by coffee alone I set my mind in motion...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #11 (permalink)  
Old 29th May, 2012, 03:21 PM
Daniel ~'s Avatar
Chief BBS Administrator
 
Join Date: September 2001
Location: Seattle Wa.
Posts: 45,605

Ok now I get you guys, I was on a completely different page! Thanks K.
__________________
"Though all men live in ignorance before mystery,
they need not live in darkness...
Justice is foundation and Mercy ETERNAL
."
DKE

"All that we do is touched by Ocean
Yet we remain on the shore of what we know."
Richard Wilbur

[img]/forum/attachments/random-nonsense/16515-sigs-dan_drag.jpg[/img]
Subscribers! Ask Pitch about a Custom Sig Graphic

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
windows



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gmail now warns users of suspicious account activity Daniel ~ Data Security 0 24th March, 2010 07:30 PM
Suspicious Activity !!!!!!!! Southern Man Mookydooky's Just for laughs! 5 27th August, 2004 06:29 PM
8KDA3J and HD activity/power lights JGF EPoX MotherBoards 4 21st July, 2004 07:39 AM


All times are GMT +1. The time now is 05:42 PM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0