Old PCs put your business at risk

[chubby]

anyone give any feedback on this statement about newer PCs being more hardened than "before 2013"

http://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/old-pcs-security-brief.pdf

The risk

Software-only security solutions from even

a few years ago can’t keep up with today’s

cybercriminals and are not sufficient to

protect your devices and vital business

data. Without hardware-enhanced security

solutions, your business is at risk.

The opportunity

The newest generations of Intel® processors

deliver layers of hardware-enhanced security

features to ensure that hardware and software

work together to protect your business from

malware and secure all the important, private

data and content you create and share.

The next step

Don’t wait to be attacked. Secure your

business now by replacing computers

purchased before mid-2013 with new

desktops that include Intel hardware-

enhanced security features.

Social Engineering

Hackers manipulate people to divulge

sensitive data, using tools that lure

users to sites or by sending “phishing

emails” that trick unsuspecting users

into giving up their login credentials.

Even the most sophisticated people

can sometimes be persuaded—it can

happen to anyone.

Intel®

SSD Pro

Intel®

OS Guard

Intel®

AES-NI

Intel®

IPT

Windows* 8

Bootup

Security

Kernel-Mode Rootkit

Often used to deliver “Trojan

Horses” and other malware code,

these attacks live and operate below

the operating system, making them

especially hard to detect without

some kind of hardware assistance.

Advanced Persistent Threat

These insidious, human-directed

“campaigns” take control of a specific

system or network and can remain

undetected for a long period of time.

With hackers working around the clock to identify the next potential victim, it’s more important than ever for you to

prioritize security. And if your business is using PCs even just a few years old, the chances of a successful attack are even

greater: Virus protection and other software security solutions cannot sufficiently reduce the risk.

Here are three of the most common—and

dangerous—ways that hackers can attack your

desktops, infect them with malware, and harm

your business:

Innovative hardware enhancements, built into Intel®-powered desktops since mid-2013, “harden” key information and

commands normally executed in software, giving your business maximum protection. Get new business desktops with

Intel® Identity Protection Technology (Intel® IPT), Intel® OS Guard, Intel® Advanced Encryption Standard New Instructions

(Intel® AES-NI), Intel® Solid-State Drive Pro (Intel® SSD Pro), and bootup security for Microsoft Windows* 8 and increase

your organization’s security today.

Old PCs put your

business at risk

Protect against hackers by upgrading to new

desktops featuring Intel’s hardware-enhanced

security and supporting software

What you’re up against: Three tools of the modern hacker

What you can do to make your business more secure

Today’s new desktops with Intel Inside®, running on a known, trusted network, serve your business with more power, better

performance, and better protection than ever before. To learn more about replacing your older PCs to better secure your

business, contact your Intel sales rep today.

Edited June 7, 2015 by Crossy
Fixed the justification for readability

[NanLaew]

Mods! Can someone correct that bloody awful, center-justified text?

[NeverSure]

I can read it. It's an advertisement by Intel, the world's largest CPU manufacturer, telling everyone to buy a new computer.

I have this little program that will keep your computer safer. I'll email it to you for just US$500.00 or 17,000 baht. Everyone, especially businesses should have it.

Edited June 7, 2015 by NeverSure

[Matej]

Every real geek knows what their computer can handle, even when it will die

[IMHO]

I can read it. It's an advertisement by Intel, the world's largest CPU manufacturer, telling everyone to buy a new computer.

I have this little program that will keep your computer safer. I'll email it to you for just US$500.00 or 17,000 baht. Everyone, especially businesses should have it.

For 17K Baht, just buy one of these. Comes with everything you need to stay secure and safe online.

http://store.apple.com/th-en/buy-mac/mac-mini?product=MGEM2TH/A&step=config

Edited June 8, 2015 by IMHO

[Chicog]

Essentially it's true. They're better protected from the threats from before 2013.

But threats change....

[NeverSure]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

[crabdog]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

My computer experienced "hardening" after I visited some popular pr0n sites.

[Chicog]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

Router's aren't much good if you can't secure them.

http://www.itworld.com/article/2930295/security/new-soho-router-security-audit-uncovers-over-60-flaws-in-22-models.html#tk.rss_security

[RichCor]

Marketing Propaganda linked to Intel's purchase of McAfee in 2010.

In a quest to maximize application performance and battery life, Intel wanted to build hardware-enhanced security features and solutions directly into firmware, chips and chipsets.

Making Sense of the Intel-McAfee Puzzler

E-Commerce Times - By Charles King - Aug 24, 2010

Now they have to make money back on their investment.

[h90]

I can read it. It's an advertisement by Intel, the world's largest CPU manufacturer, telling everyone to buy a new computer.

I have this little program that will keep your computer safer. I'll email it to you for just US$500.00 or 17,000 baht. Everyone, especially businesses should have it.

To keep your computer safe all you need common sense.....If you can mail that I would pay more than 500 USD.

[RKASA]

The main issue with PC security remains BTKATC.

[Chicog]

I can read it. It's an advertisement by Intel, the world's largest CPU manufacturer, telling everyone to buy a new computer.

I have this little program that will keep your computer safer. I'll email it to you for just US$500.00 or 17,000 baht. Everyone, especially businesses should have it.

To keep your computer safe all you need common sense.....If you can mail that I would pay more than 500 USD.

Unfortunately that isn't true any more.

You are very much dependent on ISV's and even hardware manufacturers doing their bit, and few of them are to the level required.

[h90]

I can read it. It's an advertisement by Intel, the world's largest CPU manufacturer, telling everyone to buy a new computer.

I have this little program that will keep your computer safer. I'll email it to you for just US$500.00 or 17,000 baht. Everyone, especially businesses should have it.

To keep your computer safe all you need common sense.....If you can mail that I would pay more than 500 USD.

Unfortunately that isn't true any more.

You are very much dependent on ISV's and even hardware manufacturers doing their bit, and few of them are to the level required.

Companies are usually doing way to complicate things for their knowledge and love to connect everything without reasons. If you keep everything simple and turn off everything else you have banned 50% of the problems.

Something like accounting and stock keeping for small companies doesn't need to be direct connected to the internet. Small companies don't need databases for their webpages, pure html will do if they don't update the webpage anyhow, etc etc.

It is like putting an 18 year old with new Driving License in a Ferrari and be surprised that he has an accident......Reducing things to a level where you can handle it fixes most of the risks (but not all).

[chubby]

well i didn't mean for it to be a general question, more curious about these items :

Intel®

OS Guard

Intel®

AES-NI

Intel®

IPT

Windows* 8

Bootup

Security

[RichCor]

well i didn't mean for it to be a general question, more curious about these items :

Intel®

OS Guard

Intel®

AES-NI

Intel®

IPT

Windows* 8

Bootup

Security

Intel has articles on all those items, all written in techno-gullible terms. Many of the technologies also have wikipedia writeups.

Intel marketing material

Intel IPT (Identity ProtectionTechnology)

suite of authentication and online access technologies designed to offer web properties, users, and enterprises with stronger, hardware-based security embedded into Intel’s platforms

Wikipedia writeups on

Intel AES-NI (Advanced Encryption Standard New Instructions

extensions to the x86 instruction set to improve the speed of applications performing encryption and decryption using the Advanced Encryption Standard (AES).

Though, I actually liked this article intro from a intel security critic:

"Intel doesn’t understand security, but they are not shy about shouting it from the rooftops. They took a good idea, vPro, and turned it into a remote exploit and security risk that prevents a compromised machine from being repaired."

[h90]

well i didn't mean for it to be a general question, more curious about these items :

Intel®

OS Guard

Intel®

AES-NI

Intel®

IPT

Windows* 8

Bootup

Security

Intel has articles on all those items, all written in techno-gullible terms. Many of the technologies also have wikipedia writeups.

Intel marketing material

Intel IPT (Identity ProtectionTechnology)

suite of authentication and online access technologies designed to offer web properties, users, and enterprises with stronger, hardware-based security embedded into Intel’s platforms

Wikipedia writeups on

Intel AES-NI (Advanced Encryption Standard New Instructions

extensions to the x86 instruction set to improve the speed of applications performing encryption and decryption using the Advanced Encryption Standard (AES).

Though, I actually liked this article intro from a intel security critic:

"Intel doesn’t understand security, but they are not shy about shouting it from the rooftops. They took a good idea, vPro, and turned it into a remote exploit and security risk that prevents a compromised machine from being repaired."

yeah the problem is lack of competition: AMD look like they gave it up.....ARM is on the performance not even close, so Intel doesn't need to think.....

[manarak]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

Picked up some buzzwords at your work?

NAT won't do much to protect home users, it's best for protecting businesses that run servers with a lot of services.

The user indeed is the best protection, and the second best is IMO a firewall set to ask the user about what to do with any unusual packet.

Third best is a behavioral analysis tool, which will also ask the user everytime something unusual happens on the computer.

Fourth is the antivirus.

[topt]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

Picked up some buzzwords at your work?

NAT won't do much to protect home users, it's best for protecting businesses that run servers with a lot of services.

The user indeed is the best protection, and the second best is IMO a firewall set to ask the user about what to do with any unusual packet.

Third best is a behavioral analysis tool, which will also ask the user everytime something unusual happens on the computer.

Fourth is the antivirus.

So can you tell us in layman's terms how to set up 2 - looking at Windows Firewall with advanced security for example or does it basically already do that?

And where to find 3?

[manarak]

The best "hardening" a computer can have is the user. The next best is a router because it does NAT and destroys packets which weren't requested - it doesn't know where to send them. If the user doesn't request something he shouldn't including opening an email or clicking a link and he's behind a good NAT firewall such as a router he has a very good chance of avoiding problems.

Of course in an enterprise environment it's good to use SecureNet and ISA proxy server between the router and the internet but that's not practical or needed for home use.

Picked up some buzzwords at your work?

NAT won't do much to protect home users, it's best for protecting businesses that run servers with a lot of services.

The user indeed is the best protection, and the second best is IMO a firewall set to ask the user about what to do with any unusual packet.

Third best is a behavioral analysis tool, which will also ask the user everytime something unusual happens on the computer.

Fourth is the antivirus.

So can you tell us in layman's terms how to set up 2 - looking at Windows Firewall with advanced security for example or does it basically already do that?

And where to find 3?

I think windows firewall doesn't cut it.

2 and 3 are provided for free by Comodo free personal firewall. Set the firewall on "custom" (i.e. learning mode) and the behavioral tool (name is HIPS) on "paranoid".

You will start off with a lot of popups with either tool asking for how to decide, but that's normal because they will be in learning mode. In fact, I keep both in learning mode all the time.

[chubby]

i find a lot of the wikipedia tech write ups are way over my head. but as far as i can see here.

via the hardware itself, other than encryption running faster, doesn't seem newer intel products make much difference, with it's Kernel-Mode Rootkit prevention nor it's "OS guard" ?

[manarak]

i find a lot of the wikipedia tech write ups are way over my head. but as far as i can see here.

via the hardware itself, other than encryption running faster, doesn't seem newer intel products make much difference, with it's Kernel-Mode Rootkit prevention nor it's "OS guard" ?

correct - these might add *some* amount of security, but to use a metaphor, I would compare these to wearing boots or gloves while driving a motorcycle. Might be useful and save your foot/hand under *some* circumstances, but will likely be useless in case of serious accident.