WinXP system practical protection program Daquan

WinXP system is highly respected by the user base for its strong stability and network functions. I believe everyone is very familiar with this, but there will always be some neglect in protection. We have summed up some practical XP system protection experience to share with everyone, and hope that users who use XP system can do daily protection work.

1. False wireless access points

False WAP (wireless access point) has become the easiest strategy in the world to complete attacks. Anyone using some simple software and a wireless network card You can disguise its computer as an available WAP, and then connect this WAP to a local, real, legitimate WAP.

Imagine that every time you or your users use free wireless networks at local coffee shops, airports, and public gatherings, Starbucks hackers name their WAPs "Starbucks Wireless Network" in The hackers at the Atlanta airport called it "Atlanta Airport Free Wireless", and it is conceivable that people from all walks of life will be able to access it in a matter of minutes.

After the hacker can easily read these unprotected data streams, if you understand that you will be amazed at the contents of the data, even if the password is sent in clear text.

A more sinister attacker may ask the user to create an account on their WAP. Unfortunately, users usually use a common username or email address. These attackers then use these common authentication information to log in to some popular websites, such as Facebook, Twitter, Amazon, iTunes, etc., but the victims are unaware of this.

Lesson learned: You can't trust public WAPs because your confidential information is always sent through these WAPs. Try using a VPN link that will protect your communications, as well as the same authentication information on some public or private sites.

2. Stealing cookies

Browser cookies enhance the user's website browsing experience by saving the user's "state", which is used to track user behavior by sending these small texts to the host. Greatly facilitate the user's related operations. So what harm does the cookie bring to the user?

When the attacker steals the user's cookie, he can use these files to imitate the user and log in to the website through the authentication information. Strategy has become an increasingly frequent attack route.

Yes, stealing cookies can be traced back to the birth of the Web, but new tools have evolved to complete the entire stealing process with just a few clicks of spaces; such as Firesheep, a Firefox add-on that allows users to steal Take someone else's cookie. When used in conjunction with a fake WAP, the stealing of cookies becomes extremely simple. Firesheep can display the name and location of the found cookie. The attacker can steal the session with a simple mouse click (for more details, please visit Codebutler's blog "how easy it is to use Firesheep”).

To make matters worse, current attackers can even steal cookies protected by SSL/TLS and easily discover them. In September 2011, an attack by the creator under the name "BEAST" confirmed that SSL/TLS protected cookies were also available. After these days of improvement and refinement, including CRIME, it is easier to steal and reuse encrypted cookies.

After each cookie attack is released, both the website and the app developer are told how to protect their users. Sometimes the answer to this question is to use the latest encryption technology, and sometimes to turn off features that people don't use often. The point is that all web developers must use secure development techniques to reduce cookie theft. If your site has not updated encryption technology for several years, the risk will arise.

Lesson learned: Even if encrypted cookies are still stolen, connect to websites that use security development and often update encryption technology. Your HTTPS website also needs to use the latest encryption technology, including TLS Version 1.2.

3. Filename Deception

Since the birth of malware, attackers have been using file name spoofing to entice users to execute malicious code. Early use of trusted methods to name files (such as AnnaKournikovaNudePics) and use multiple file extensions (such as AnnaKournikovaNudePics.Zip.exe). Until now, Microsoft Windows and some other operating systems still hide some of the "common" file extensions, which led to the same display of AnnaKournikovaNudePics.Gif.Exe and AnnaKournikovaNudePics.Gif.

A few years ago, common malicious programs (such as "twins", "spawners", or "companion viruses") relied on some of the little-known features of Microsoft Windows/DOS, even here. You just type the file name Start.exe, Windows will look it up, and if it finds it, it will execute. Companion Viruses will look for all .exe files on the disk and create a file with exactly the same EXE extension, but with a .com suffix. Although this problem was patched by Microsoft long ago, it laid the foundation for this approach.

Now, this strategy has evolved to be more complex, using Unicode characters to disguise the file names presented to the user. For example, the Unicode character (U+202E) is called Right to Left Override, which can fool many systems to display AnnaKournikovaNudeavi.exe as AnnaKournikovaNudexe.avi.

Lessons Learned: If possible, be sure to know the true and complete name of any document before execution.

4. Absolute and Relative Paths

Another interesting strategy is "relative versus absolute", in earlier versions of Windows (Windows XP, 2003 and earlier) and some other early operations System, if you type a file name and press Enter, or the system looks for a file according to your wishes, it usually starts from your current folder or relative position. Although this approach seems to be efficient and harmless, it is exploited by attackers.

For example, if you want to use the Windows embedded and harmless calculator (calc.exe), the quickest way is to open the command line and type calc.exe, then press Enter.

But the attacker may create a folder called calc.exe and hide it in the current or home folder, then the calc.exe you execute is probably the one that is disguised.

Normally this malware will be used as a penetration tester to exploit the elevated privileges of the host. An attacker could choose a known and vulnerable unpatched software and put it in a temporary folder. In most cases, all you need to do is use a vulnerable executable or a DLL to replace the full patch. The attacker types the executable name of the program in the temporary folder, and then Windows loads the vulnerable Trojan executable file in the temporary folder instead of the fully patched version. This approach is very popular with attackers, because a very simple file can play the entire system.

Linux, Unix, and BSD systems fixed this problem 10 years ago, and Windows made up for this weakness in 2006 through Windows Vista/2008, although this issue was still backward compatible in earlier versions. presence. At the same time, in recent years, Microsoft has been reminding and instructing developers to use absolute folders/paths in the application building process. But until now, there are still tens of thousands of vulnerable programs, and attackers know this better than anyone else.

Lessons Learned: Using an operating system that performs absolute directories and file paths, the file is first searched under the default system area.