"you most closely resemble survey respondents within the Omnivores typology group"

Apparently I too am a technology/information Omnivore, according to the Pew Internet & American (?) Life project.

Basic Description
Members of this group use their extensive suite of technology tools to do an enormous range of things online, on the go, and with their cell phones. Omnivores are highly engaged with video online and digital content. Between blogging, maintaining their Web pages, remixing digital content, or posting their creations to their websites, they are creative participants in cyberspace.

Defining Characteristics
You might see them watching video on an iPod. They might talk about their video games or their participation in virtual worlds the way their parents talked about their favorite TV episode a generation ago. Much of this chatter will take place via instant messages, texting on a cell phone, or on personal blogs. Omnivores are particularly active in dealing with video content. Most have video or digital cameras, and most have tried watching TV on a non-television device, such as a laptop or a cell phone.

Omnivores embrace all this connectivity, feeling confident in how they manage information and their many devices. This puts information technology at the center of how they express themselves, do their jobs, and connect to their friends.

When I read this description, it reminded me of something my wife Robin has repeatedly pointed out about me: I am one of the least social people she knows. I rarely make social plans with anyone (including her), I don’t naturally or voluntarily engage with people outside of work, and I am quite comfortable (or at least not dissatisfied) staying home with my TV, laptop and dogs.

So how to reconcile these two states of being – the “meatspace” Mike, who doesn’t engage in any social contact, and the “cyberspace” Mike, who engages with strangers, colleagues and friends with nary a second thought, on a frequent, bleeding edge basis? I have to assume that the cyberspace activities of an Omnivore are not just a pleasant and easy means of interacting with friends/family/colleagues, but are in part a way of shielding ourselves from the demands of the meatspace environment where the interactions are somehow (cf. Introvert) more draining, demanding and threatening.

I am the same person, but in these differing situations I am able to engage in much different ways – and it appears that I’m on a trajectory that will increase the divergence between my social and cyber personalities.

I don’t know what to make of that – whether it’s a natural progression of the aging Introvert, or if there’s some progressive neurochemical change that’s making it harder to engage in person (and thus I’m biased more towards the distant/electronic/asynchronous interaction), or maybe I just don’t have the strength, adrenaline and childish curiosity that I did in my 20’s.

Apparently I too am a technology/information Omnivore, according to the Pew Internet & American (?) Life project.

Advertisements

DLL Injection in Windows: what security countermeasures can you use?

Manage the Administrators group

Examine any default install of Windows since NT4 SP6.  You’ll notice that the SeDebugPrivilege is assigned by default only to the .\Administrators local group of the Windows host.  While this isn’t exactly unusual for users to be members of Administrators on their own PC, don’t think that every user or process automatically gets this capability in Windows.

cuffedCountermeasure: If you want to assert an explicit distinction between those who do and do not have the SeDebugPrivilege on a Windows system, explicitly manage the membership of the Administrators local group.  This is especially useful (and applicable) to Windows Servers, where most of your users won’t have (or have need for) this membership.

How to implement:

  • run the net localgroup command locally e.g. with these parameters: “net localgroup Administrators NAME_OF_USER_OR_GROUP_TO_REMOVE /Delete” (or run it remotely via a remote-shell tool such as psexec.exe)
  • configure a Group Policy (e.g. using Active Directory group policy) that sets the membership of the Administrators group using the Restricted Groups security setting (either overwriting the existing membership or incrementally adding/deleting specified security principals)

Manage the SeDebugPrivilege

The obvious flipside of the default SeDebugPrivilege assignment is that you can change the security principals to whom the privilege is assigned.  In fact, if you review (or have implemented) the Microsoft Security Security Accelerators for Windows (Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008), you’ll find they recommend

Countermeasure: remove the Administrators group from the SeDebugPrivilege.

How to implement:

  • run the ntrights.exe Resource Kit command-line tool locally e.g. with these parameters: “ntrights.exe –u Administrators –r SeDebugPrivilege” (or run it remotely via a remote-shell tool such as psexec.exe)
  • configure a Group Policy (e.g. using Active Directory group policy) that removes all security principals that are assigned the SeDebugPrivilege privilege

Run Apps, Services as lesser-privileged user

So the first two BKMs are great and all, but there are still lots of situations where you can’t make these blanket changes to the entire OS (though thankfully virtualization is reducing these “shared system” problems).  You may have to find ways to launch one or more processes with different security context or privileges than the rest of the system – sometimes having to run something with more privilege than the rest of the system (e.g. try Sudo for Windows), but usually wanting to strip privilege and permissions away from specific processes.

jailbirdCountermeasure: use Windows’ Software Restriction Policy (aka SRP or “SAFER”) to strip the Token of as many groups and privileges as the application can tolerate.  You don’t have to set a restrictive policy for the whole system – you can set this on an application-by-application basis (which can be practical in server environments, where you may only have a few critical applications to have to protect from each other).

How to implement:

  • Download and use Michael Howard’s SetSAFER application, which will strip varying levels of privileges and groups from the security token assigned to the process (thus making it more difficult for the process to access privileged objects in Windows).  If you want to dig into the code for this, and if the source code isn’t available, you can take a look at the code included in the original article (on which SetSAFER was based), or fire up DotNet Reflector and inspect the MSIL for the SetSAFER “executable”.
  • You could also try “psexec –l” (which implements one of the approaches taken by SetSAFER – one of the “stripped-down profiles”).

 

Something about this feels like I’ve missed another approach that should be mentioned in this context, but I’m sure there’s smarter folks than I reading this who can add any missing details to the picture.  Thanks, and have fun with this!