Security Myths

1. Cookies

Myth - "Cookies are Spyware."

Reality - "Cookies are not Spyware. It's grossly irresponsible for these Anti-Spyware companies to treat cookies like Spyware. REAL Spyware is malicious, machine-hijacking junk that throw pop-ups on your computer, resets your start page, and all sorts of other ugly tricks. A cookie is a text file that has some non-personal information what banner ads have shown on certain sites. That's it. Go ahead and open the cookie on your computer and you'll see it's harmless. Cookies are not Spyware, no matter how hard these Anti-Spyware companies try to make them out to be."

Notes - "Certain Cookies can still pose some privacy concerns and if you wish to remove them it will do no harm. The point is when you find many of these after running a standard Anti-Spyware scan you should not get excited that you are infected with malicious Spyware."


2. Limited User Accounts

Myth - "Limited User Accounts are a Realistic Security Solution."

Reality - "On a nonmanaged XP machine today, it isn't realistic to run without Administrator privileges. Unlike UNIX and UNIX-like systems such as Linux and Apple Computer's Mac OS X, Windows isn't very useable with a non-Administrator account, largely because so many applications are ignorant of rights and were written to work only with Administrator-level accounts. This is particularly problematic in a home environment, in which XP Home Edition's crippled Limited Account type, designed for children and less-technical users, is virtually useless. In Windows XP, the lame Run As option, virtually hidden under a right-click menu that typical users will never know about, is a poor substitute."

"After you log on to a computer by using a Limited User Account, you may observe one or more of the following behaviors when you try to use a program that is not expressly designed for Windows XP.

- The program does not run.
- The program stops responding (hangs).
- You receive notification of run-time error 7 or run-time error 3446.
- The program does not recognize that a CD-ROM is in the CD-ROM drive.
- The program does not allow you to save files.
- The program does not allow you to open files.
- The program does not allow you to edit files.
- The program displays a blank error message.
- You cannot remove the program.
- You cannot open the Help file.

This behavior can occur because the Limited User Account prevents older programs from performing certain functions. Microsoft lists over 189 applications in this article alone that do not work right on a Limited User Account."


3. Power User Accounts

Myth - "Power User Accounts are a Good Compromise Security Solution."

Reality - "Power User accounts allow the installation of software, including ActiveX controls and can easily be elevated to fully-privileged administrators. The lesson is that as an IT administrator you shouldn't fool yourself into thinking that the Power Users group is a secure compromise on the way to running as limited user."


4. Hosts File

Myth - "Special AntiSpyware Hosts Files are necessary to prevent Spyware infections."

Reality - "Using Special AntiSpyware Hosts Files are a waste of time and leads to a false sense of security. Any Malware/Spyware can easily modify the Hosts File at will, even if it is set to Read-only. It is impossible to "lock-down" a Hosts File unless you are running as a limited user which makes using it in this case irrelevant anyway. Various Malware/Spyware uses the Hosts File to redirect your Web Browser to other sites. They can also redirect Windows to use a Hosts File that has nothing to do with the one you keep updating. The Hosts file is an archaic part of networking setups that was originally meant to be used on a LAN and was the legacy way to look up Domain Names on the ARPANET. It tells a PC the fixed numeric address of the internal server(s) so the PC doesn't have to go looking for them through all possible addresses. It can save time when "discovering" a LAN. I don't consider 1970's ARPANET technology useful against modern Malware/Spyware. When cleaning Malware/Spyware from a PC, it is much easier to check a clean Hosts File then one filled with thousands of lines of addresses. Considering how easily a Hosts File can be exploited, redirected and potentially block good sites, it is strongly recommended NOT to waste time using Special Hosts Files. Especially when proper Malware/Spyware protection can be achieved by simply using these steps, all without ever using a Hosts File."

5. 127.0.0.1

"Special AntiSpyware Hosts Files attempt to associate a known safe, numeric address (127.0.0.1) with the names of sites or IP addresses you want to block. When the user or any process on the PC then tries to access a blocked site, it is instead directed to the safe location. It is simply impossible to update a Hosts file frequently enough since it is cheap and easy to purchase new domain names and move to new IP addresses. You also run into problems in accidentally blocking good sites since many sites share the same IP addresses with other sites using Shared IP Hosting. Also once a malicious site is shutdown, that IP Address then becomes free and can easily be acquired by another non-malicious site."


6. Large Hosts Files
"Large Hosts Files cause Internet related slowdowns due to DNS Client Server Caching. This negatively effects your browsing speed. AntiSpyware Hosts File authors irresponsibly recommend disabling the DNS Client Service to solve this problem. This is not a solution. The overall performance of the client computer decreases and the network traffic for DNS queries increases if the DNS resolver cache is deactivated. This effectively reduces Internet Performance for sites you have previously visited and puts an unnecessary load on your ISP's DNS server."

Notes - There is a much better solution for bad site blocking using SpywareBlaster which more intelligently use's Internet Explorer's built-in Zone Security settings and the registry. Mozilla/Firefox protection is also provided.


7. Spyware, Malware and Virus Security

Myth - "It is impossible or difficult to secure Windows XP from Spyware, Malware or Viruses."

Reality - "It is very easy to secure Windows XP, simply use Secure XP - A Windows XP Security Guide. To put it bluntly I simply do not get infected with anything. Keep in mind nothing can fully protect you from something you manually install." - Source


8. Really Hidden Files

Myth - "There are Really Hidden Files in Windows XP that are impossible to see."

Reality - "Any file can be seen in Windows XP once you change from the default view settings. Go to the Control Panel, Appearance and Themes, Folder Options, select Show hidden files and folders and uncheck Hide protected operating system files (Recommended). Protected operating system files also known as Super Hidden Files are by default hidden from view. They are critical system files that if deleted can cause various system problems." - Source - Source 2

Notes - It is possible to get infected by malicious programs known as "Rootkits" which can truly hide themselves from being viewed in Windows Explorer. These malicious programs can be detected using special scanners such as RootkitRevealer.


9. Virus Hoaxes

Myth - "All Email Virus warnings are real."

Reality - "With the increase in the growth of viruses and Trojan programs, many computer users have turned to the Internet as a fast and easy tool to warn friends and co-workers of these threats. At the same time, there has also been a growth of virus hoax warnings. These warnings often describe fantastical or impossible virus or Trojan program characteristics, but appear to be real and forwarding these hoax warnings to friends and co-workers only perpetuates the problem. If you receive an Email that you suspect is a hoax, do not forward it to anyone and never open the attachments. Check in the Vmyths Hoax Database to confirm it is a hoax and delete the Email. If the Email originated from someone you know, send them an Email explaining the hoax." - Source


10. Vulnerabilities

Myth - "The Windows Platform has more Security Vulnerabilities than the Linux/Unix Platform."

Reality - "Between January 2005 and December 2005 there were 5198 reported vulnerabilities: 812 Windows operating system vulnerabilities; 2328 Unix/Linux operating vulnerabilities; and 2058 Multiple operating system vulnerabilities" - Source

Notes - Software vulnerabilities are categorized in the appropriate section reflecting the operating system on which the vulnerability was reported; however, this does not mean that the vulnerability only affects the operating system reported since this information is obtained from open-source information.

Reality - "The Linux Kernel v2.6.x has had 231 Vulnerabilities compared to 213 Vulnerabilities for Windows XP." - Source


11. XP Firewall

Myth - "The Windows XP Firewall is not good enough because it lacks outbound filtering."

Reality - "I believe there are a lot of incorrect assumptions and outright myths about outbound filtering. I really like the Firewall in Windows XP Service Pack 2 (SP2). It is lightweight, centrally manageable, does the job well, is unobtrusive, and does something very critical: it protects the system at boot. That last one is crucial; we have seen many systems in the past get infected during boot even with a firewall turned on. Any outbound host-based firewall filtering in Windows XP is really just meaningless as a security feature in my opinion. True, it stops some malware, today, but only because current malware has not been written to circumvent it. There simply are not enough environments that implement outbound rules for the mass market malware authors to need to worry about it. In an interactive attack the attacker can circumvent outbound filters at will. To see how, consider this. Circumventing outbound host-based firewall filters can be accomplished in several ways, depending on the scenario of the actual attack. First, the vast majority of Windows XP users run as administrators, and any malware running as an administrator can disable the firewall entirely. Of course, even if the outbound filter requires interaction from the user to open a port, the malware can cause the user to be presented with a sufficiently enticing and comprehensible dialog, that explains that without clicking "Yes" they will not ever get to see the "dancing pigs". See, the problem is that when the user is running as an administrator, or the evil code runs as an administrator, there is a very good chance that either the user or the code will simply disable the protection. Of course, the user does not really see that dialog, because it is utterly meaningless to users. That is problem number one with outbound filtering. Given the choice between security and sufficiently enticing rewards, like "dancing pigs", the "dancing pigs" will win every time. If the malware can either directly or indirectly turn off the protection, it will do so. The second problem is that even if the user, for some inexplicable reason clicked "No. Bug me again" or if the evil code is running in using a low-privileged account, such as Network Service, the malware can easily step right around the firewall other ways. As long as the account the code is running as can open outbound connections on any port the evil code can simply use that port. Ah, but outbound Firewalls can limit outbound traffic on a particular port to specific process. Not a problem, we just piggy back on an existing process that is allowed. Only if the recipient of the traffic filters based on both source and destination port, and extremely few services do that, is this technique for bypassing the firewall meaningful. The key problem is that most people think outbound host-based firewall filtering will keep a compromised asset from attacking other assets. This is impossible. Putting protective measures on a compromised asset and asking it not to compromise any other assets simply does not work. Protection belongs on the asset you are trying to protect, not the one you are trying to protect against! Asking the bad guys not to steal stuff after they have already broken into your house is unlikely to be nearly as effective as keeping them from breaking into the house in the first place." -