I'd like to start using mIRC to chat with some online friends, but I
need to know what kind of security issues I should address first. I'm
currently using fully patched WinXP Home, AVG Antivirus, and ZoneAlarm
for my firewall. For malware, I use AdAware and Spybot S&D. I don't
plan on downloading files, especially from people I don't know. Would
this configuration keep me reasonably safe from viruses and other
crap? I was using AOL's chat for years, but have recently cancelled my
account with them.
--
Zilbandy - Tucson, Arizona USA <zil@zilbandyREMOVETHIS.com>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Honestly, the biggest thing you have to worry about is just downloading
files. As long as you don't go crazy with all that file sharing and
such, and it sounds like you keep yourself protected in case you ever
do. I would be cautious using mIRC scripts that you don't trust the
maker of, because backdoors are often found in those. Don't type
commands you don't know what they do, often times people will try to
trick you into fserv something from them (like a virus). Basically, it
all comes down to just not doing things you are unsure about, as that is
how mistakes end up compromising systems.

Hope this helped,

-Hooges

Zilbandy wrote:

Zilbandy wrote:
Not using mIRC. It's bug history is a big mess of a lot insanely dumb
critical security vulnerabilities.

ZoneAlarm is no firewall, it's a host-based packet filter and a pretty
lousy one. Why do you even attribute it to security?

Fine. But what exactly do you think you can accomplish? Merely detection
after the fact, if you ever differ it from the load of false positives.
What about not executing malware in first place and not running any
defective software that does so automagically, like mIRC?

No. Actually you're inviting it actively.

Woah, you really don't understand what IRC is?

On Wed, 14 Jun 2006 18:50:00 -0400, Zilbandy <zil@zilbandyREMOVETHIS.com>
wrote:

Given that you're firewalled and won't download files, and presuming that
you will be running unpriviledged whenever it is in operation, your
primary concern is probably client integrity.

Some IRC clients are better coded, and thereby safer than other; check
SANS for the status of yours.

Some of us believe that anything connected to the net for an extended
period should be secured as if it were a server...... i.e. IIWU and
running windows, I'd look for an IRC client that's been built within a
freeware VM (e.g. vmware appliance). That would afford it overflow
protection, zero-day attacks, etc.

A "good" IRC client in a VM is probabably safer than an "excellent" IRC
running uncontained on your windows box. This is especially true if you
start weakening it with third-party "plugins" - which could be poorly
written, or be Trojans.

On Thu, 15 Jun 2006 02:09:56 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:

Ok. Any suggestions?

Well, whatever you call it, it must be doing something. At least I get
a chance to allow or disallow incoming/outgoing connections to my
system. Most of them, anyway.

You sound a bit terse, but that's ok... I'm used to that. I'm married.
What do I think I can accomplish? If I get majorly 'infected', I
can simply boot from my Acronis boot cd and restore an image of my
system from my usb harddrive. I image my drive every three days and
maintain those backups for a month. I also maintain a monthly backup
for at least a year.

That's not exactly what I wanted to hear, but I'll take your word on
it. Security is not forte. I do possess some common sense though, and
that's managed to keep my two computers clean for many years. ::knock
on wood::

Ummmm, I guess not, but lemme think. I type something... someone on an
IRC channel reads it... they type something and I read it. Sounds like
'chat' to me. Whatever else IRC may or not be doesn't concern me at
this time.
--
Zilbandy - Tucson, Arizona USA <zil@zilbandyREMOVETHIS.com>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zilbandy wrote:

HydraIRC, smIRC, Chatzilla, ... there are so many good IRC clients that
are not f***ek up.

Why do you think that you need that?
BTW, it does something: It increases complexity (therefore initially
decreasing security) and in case of ZA it makes your computer vulnerable
in first place.

Not that sounds really serious. Still you might understand that these
tools are pretty unusable when it comes to detecting any serious infection.

Well, IRC has been the biggest and so far the only well-defined chat on
the internet, with public specs (RFC!) of the protocols and various
interoperable clients. AOL's chat is merely a clone for losers being
isolated from the IRC world who are even too dumb to know about IRC.

Second, with IRC you don't need any account at an ISP or at a server to
utilize IRC, so you won't lose your chatability and built social
contacts when cancelling any account. (However, you can register your
nick on servers for better authorization.)

For the third, I was a bit suspicious about your initial question,
sounding like you'd see mIRC as a chat platform itself rather than just
one (lousy) of lots of clients for the real platform IRC.

Roger Parks wrote:

Actually this is a quite strange approach, because integrity problems in
a IRC client shouldn't be acceptable in any context. IRC is a very
simple and straight-forward protocol, so the clients should be. smIRC
gets in right in only 50KB of code, Chatzilla gives an implementation
with merely 90 KB of code (in very expressive XUL) and shouldn't be
expected to have any non-subtile issues.
That's why I don't understand that mIRC gets it so wrong.

Usually it actually is a server.

What about running it with different credentials on a different
graphical context (WindowStation)?

On Thu, 15 Jun 2006 03:09:33 -0400, Sebastian Gottschalk <seppi@seppig.de>
wrote:

Heh!.........perfection is ellusive.

IIUC, that would enforce least priviledge - and if there are multiple
users it would be a good move. But it wouldn't make either the client
(actually, we agree - the server), OR the OS more robust and resistant to
overflows, smashes, zero-day Trojans, and other zero-day exploits.

IMHO, it just makes sense these days to put everything that is WAN-exposed
into a hardened jail/VM

Roger Parks wrote:

Robustness isn't.

In such a scenario only a local privilege escalation would be the real
threat, and this is no different with a breakout from a VM. Actually one
should be pretty careful because most VM hypervisors run as kernel mode
drivers.

Running with restricted privileges with some precautions simply is such
a jail.

On Thu, 15 Jun 2006 09:01:02 +0200, Sebastian Gottschalk
<seppi@seppig.de> wrote:

Ok, I've dumped mIRC and will try HydraIRC. Thanks.
--
Zilbandy - Tucson, Arizona USA <zil@zilbandyREMOVETHIS.com>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~