1

In light on this excellent article series by Ars regarding the black security work by HBGary - HBGary claims to have coded several rootkits and had access to 0-day exploits that could compromise a range of windows releases and firwall/antivirus software - how can Windows based computers be secured?

HNoodles
  • 35
  • 4
  • 5
    No computer can ever be completely secured. No matter what OS they're running. – Phoshi Feb 19 '11 at 18:11
  • 5
    The boring answer, is if it's connected to the internet and is on or even has power going to it, it can be attacked over the internet, in theory. So off the internet is rule number one. And if it's physically accessible, it can be attacked. So how far you go with that e.g. buried under much concrete. The example in your link involved a computer being left alone in a cafe. – barlop Feb 19 '11 at 18:17
  • yes, fdisk C: ;-> – Moab Feb 19 '11 at 21:06
  • @Moab: fyi, you cannot format (I assume you meant format c:) the system drive or the pagefile drive in Windows user-mode. – u1686_grawity Feb 19 '11 at 21:54
  • 1
    @barlop: "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards – and even then I have my doubts." — Gene Spafford – u1686_grawity Feb 19 '11 at 21:57
  • @ grawity, I guess you missed my wink, wink ;-> No OS no security risk 100%! Yes you are technically correct, been a long time since I used dos commands for formatting. – Moab Feb 19 '11 at 22:01

1 Answers1

2

You need to accept the fact that no general-purpose monolithic operating system like Windows, Linux, Mac OS X, or anything else similar can be truly secured. Which is more secure is subjective and I won't go further into that. But, that being said, I think the following helps:

  • Use Windows 7 64-bit. It's more secure in a lot of ways than Windows XP.

  • Apply Windows Updates as soon as possible.

  • Do not run normally under an Administrator account.

  • Uninstall needed features and software.

  • Don't use Internet Explorer unless you need to.

  • Outgoing network traffic of extremely critical systems needs to be monitored using a separate system running a separate operating system, and if suspect traffic patterns are detected, assume the system is compromised.

  • One good way to detect rootkits is to shutdown the system, and run a virus/rootkit scan against the drive without the operating system running. If you can do this on a regular basis it's a good thing.

  • If what you do on the machine can survive the performance hit of virtualization, then virtualize your Windows installation (preferably using a VMM under a different OS) and utilize snapshot features to rollback if things go wrong.

  • Infected systems, or systems otherwise suspicious of being compromised need to be reimaged, rather than repaired. Keeping regular backup images of your system will aid this.

But really, the best way to secure a computer is frequent, regular backing up of the data that lives on it on a separate storage device that is stored away from the computer when not being used. That way, if/when your system is compromised, you haven't lost anything but the time it takes you to reimage or reinstall.

LawrenceC
  • 73,957