With all the Conficker (over)hype in the news lately, I thought it would be relevant to blog about a few ways to traverse some of the less than reputable parts of the Internet without messing up your computer. In our line of work, visiting sites that end in .ru and .cn are all too common. You all saw Hostel…you know what happens in those places. On with the show.
1) VMWare
Most obvious choice. Our team uses this for incident response at the Firm. Whats nice about this solution is that you don’t have to worry about the same controls that you would a normal computer (AV, firewall, patches). I have gold images of unpatched versions of Windows XP/2003/8 Beta and Ubuntu ready to go. Whether I intentionally or unintentionally infect myself, this becomes irrelevant when I roll back to my original image after I’m done.
2) Sandboxie
I’ll admit it… I am a computer nerd with an embarrassingly slow computer at home (I have only since upgraded it to 768MB of memory). For this reason, VMware isn’t a great option as you’ll effectively be needing the resources of 2 systems. Sandboxie allows you to spawn every application imaginable inside itself and prohibits it from modifying the critical parts of your computer. After you close out, you can back out your changes and everything will be as it was before you started. I use this for Web and Usenet browsing.
3) CCLeaner/SDelete
This doesn’t really go along with theme here, but I do think its of honorable mention. Occasionally you’ll find yourself performing activities online that would make you seem less than honest in a court of law should your computer ever be seized (heres lookin’ at you, RIAA). Although this doesn’t apply to me per se, I am paranoid to the point where I have both of these scheduled to run on a monthly basis. CCLeaner is set to wipe all cookies, browsing histories, and temporary files. Once that is complete, Sdelete has the abililty to scan through all my harddrives and zero out any unallocated space so that any deleted data could not be forensically recovered. Oh yea, and I also have a magnet built into my doorframe to degauss any HD’s that pass underneath…
Comments
Might I also suggest Chrome’s incognito mode for those who share their computer and would like to avoid seeing cake or fart auto-populate in Google search.
Good suggestion. Although its important to note that incognito mode won’t protect your system against virii. So although your mother won’t know the frequency in which you visit sites that have both cake and farts, the russian hacker certainly will 🙂