2

When I was using "Zone Alarm Security" under Windows 98 SE, there was a toggle link feature under Zone Alarm, whereby I could instantly sever connectivity to the web, while a suspicious exploit was running - why isn't that feature available under all security packages like my current security product "McAfee® SaaS Endpoint Protection"? Or is it a proprietary feature? If it's worth having, how do I search for it by its generic feature name?

Vilican
  • 2,792
  • 8
  • 23
  • 35
bozo de niro
  • 21
  • 1
  • 2
    I hate to break it to you, but if an exploit is actually running on your computer then you're basically screwed. You can set up a honeypot that kills your connection if you get suspicious traffic to it, but I'd imagine that you wouldn't have Internet access very often. – william Jul 30 '15 at 17:50
  • Do it like a boss: https://www.youtube.com/watch?v=u8qgehH3kEQ – paj28 Jul 31 '15 at 18:53
  • If you're on Wi-Fi or mobile data there's Airplane mode (at least on Windows 8+ and some versions of Linux). For older versions of Windows and Linux it's fairly quick to disable the network adapter. – rink.attendant.6 Jul 31 '15 at 18:56
  • Unplug your Ethernet cable? If wireless, unplug your computer. If wireless and mobile, remove your battery. – user253751 Aug 01 '15 at 03:50

1 Answers1

1

Although it looks like a nice feature to have, such kill-switch is not actually useful for common users.

Most of the times you won't even notice the exploit happening and even if you detected something strange, it is too late to stop it from running. Let's if you have such a kill-switch, how can you know for sure you stopped it in time? So, such feature can give a false sense of security.

A more drastic version of this is cutting the power to your computer and in certain cases it does makes sense. A simple example I can think of is being a bad guy and quickly cutting power to your computer when the police storm in. This prevents forensics being performed on your PC. There are tools and even hardware devices for this, for example https://github.com/hephaest0s/usbkill

You could also script something that performs the Zone Alarm feature you mention. Right click windows desktop, New, Shortcut to create a windows shortcut then paste this

%comspec% /k netsh interface set interface name="Local Area Connection" admin=disabled

Then go into the properties of that shortcut and chose a shortcut key. You can also look for similar tutorials for other operating systems.

But remember, pulling out in time is not a good infosec practice :)

Cristian Dobre
  • 9,897
  • 1
  • 32
  • 51
  • Most attackers don't fill your screen with Matrix text and the word "HACKED" when pwning your system, contrary to what we may have learned from NCIS (: – etherealflux Jul 31 '15 at 18:55