HELP- 5 important security questions

  kingneil 02:21 11 Jun 2015

I have some important security questions that I would like answered.

  1. If you were to strip down a web browser to remove all plugins and Javacsript... are there any browser exploits that would work...? Can it still be hacked..?

  2. How would you go about downloading something like Tor or Tails properly, given that the NSA has packet injection systems like QUANTUMINSERT (see Snowden docs)..? Couldn't they just send you a fake version of Tor, which has spying built into it..?

  3. Can the BIOS of a computer communicate with the network, or not...? I've heard about BIOS keyloggers, but how could the BIOS even transfer that keylogged data to anywhere else on the system...? Surely, unless the main operating system requested data from the BIOS, then it couldn't obtain it in the first place...? Surely the BIOS can't just push out this data over the network by itself...?

  4. If you were to use a tool like DBAN to totally write over the hard drive, would that totally wipe out any viruses...? I guess this goes back to the question on whether viruses can really hide in BIOS or not...

  5. If you were to use a recording app on a phone or computer, would this prevent someone listening to the microphone in the background... picking up background noise...?? I have noticed on a computer that a microphone can only be accessed by one application at a time... Like, if you use Audacity and Windows sound recorder at the same time, it won't let you.... So, if I had an app constantly recording in the background, would that prevent someone from using a hack to listen to me in the background...?


  john bunyan 09:53 11 Jun 2015

Do you work for MI6 or CIA? Most of us, who have few secrets, are happy to use a free anti virus, such as Avast, an anti Malware such as Malawarebytes, and occasional use of ADWCleaner. As long as you do regular scans, the chances are small of having problems, and doing regular images and back ups is essential. CCleaner (free) has a very good drive wiper facility and you can choose various options (no of passes, wipe free space, etc)

As for people listening in, why would they want to? To me phones and PC's are tools that take up little time, and I do not worry too much about such things, life is too short, and I have few secrets!

  lotvic 22:13 11 Jun 2015

Do not open the box, you are too paranoid to use any equipment. Cancel your ISP subscription, the server knows which sites are visited and google tracks you everywhere. Also do not phone me, the line might be tapped.

  lotvic 23:15 11 Jun 2015

...and The Register has the nitty-gritty

  LastChip 00:26 12 Jun 2015

The truth is, no one knows,

Taking it to a ridiculous level, maybe the chips themselves on the computer motherboard have built in back doors. A claim made by the government of the USA a while back, suggesting China was the culprit. It caused a bit of a panic at the time, with various governments declaring they would no longer authorise hardware made by certain companies in China. That sort of rather left them with egg on their collective faces, when someone pointed out, you can't buy much hardware that doesn't at least have some components made by that nation. That's what happens when you give up your own manufacturing base in pursuit of the lowest bidder.

Unless you have the knowledge and are prepared to spend hundreds of thousands of hours writing your own operating system, then spending thousands of hours more auditing every possible combination of code, who knows what vulnerabilities we're dealing with, either intentional or not.

There was some suspicion Microsoft built in back doors into Windows for the FBI and CIA, which of course they vigorously denied. But as only a few people in the world have access to all their source code, one is left with believing them or not.

I very much doubt there's anyone here that could answer those questions with authority.

The closest you're likely to get with that is a Linux operating system, as it's coded by thousands of developers throughout the world and everyone can see the source code. What one developer misses in terms of security issues, another is likely to spot. But even Linux, which is generally regarded as the most secure operating system on the planet, had its own troubles last year, when security vulnerabilities were discovered that had been present for years. OK, they were quickly fixed, but it still left the world reeling, as many of the worlds servers use Linux, including many that were financial institutions.

What can be made by man, can be broken by man.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

Illustrator Charles Williams on how to create magazines and book covers

iMac Pro review

Les meilleures prises CPL (2018)