topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:50 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: windows security - what's really necessary?  (Read 65524 times)

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
windows security - what's really necessary?
« on: January 28, 2008, 08:56 PM »
there is an ongoing thread at https://www.donation...dex.php?topic=6059.0 about the best free windows firewall

that thread got me thinking about what it is that is really necessary to make the virtual world a safe place to visit.

a lot of people have espoused various firewalls, while others have been given a big thumbs down - some even eschew any sort of software firewalling

on top of a firewall most use a range of AV and antimalware utilities. 

Some users install and maintain a sometimes bewildering array of these tools and swear by the results

I'm no expert, but I can't help but wonder whether this in an effective strategy - OK, let's assume it's 'effective', but at what cost?.  does the extra overhead justify the results

I guess the question I'm actually asking here is what is it we really need, ie

  • firewalls - which features or functionality should we consider mandatory, which are nice to have, and which ones are useless fluff/bloat.
  • AV - as above
  • Anti-Malware - I've separated this as I consider things like ad-aware etc perform a different function to 'normal' AV applications

and just how can we, as end users, determine the effectiveness of any or all of these tools, individually or in concert, in meeting our particular needs?

Target
« Last Edit: January 28, 2008, 08:59 PM by Target »

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #1 on: January 28, 2008, 11:09 PM »
I used to be almost religious about PC online security. Probably to the point of being very annoying, such a proselytizer I was.  I always had what I researched to be the best AV, AS, and FW available installed and setup carefully.  Built a regular cocoon around my PC, I thought!  But my stance on this has definitely weakened considerably over the past year, year and a half.  And I'm still not certain if I am OK with this, or if I am just being overly sloppy about it.

Currently I am using NOD32 V2.7, though I might upgrade to 3 shortly. (V 3 was released to much woe over at Wilders Security forums; seems it was fairly buggy and also quite a bit more restrictive than 2.7 - which I find to be too restrictive myself at times. I cannot keep most Nirsoft applications on my machine because, even with them listed under "Exclusions", NOD32 eats them up. Three years I have been imploring them to stop quarantining Nir's programs to no avail.   :(  )

My most recent Anti-Spyware and Firewall respectively were Sunbelt's Counterspy 2 and their update of the Kerio Personal Firewall. Counterspy, while receiving rave reviews, can act up annoyingly much too often. I corresponded with Eric Howe many times about this, and he even agreed with some of my points, but alas it remains that way!  It often goes "red" in my systray, meaning that it is no longer actively scanning in the background. Not supposed to do that, of course, and it was an early issue with C-Spy 2, but they claim to have that fixed - for the most part!  Still does it with me. I had three paid licenses for it, and I let all lapse. Other bugs that drove me crazy - and it eats programs without me setting it up to so so.  This is my main problem with many security apps today: Even if not configured to be overly aggressive, they have code in them which seems to be designed to secure my PC against all potential items the developers deem to be dangerous - even against my own wishes. It is "hurting me for my own good"!!  Or at least that is how the developers seem to see it. If I cannot configure annoying behavior - protection I feel is too extreme - to not occur, then I do not want it on my machine. Simple as that!

The Sunbelt Personal Firewall - which still carried the "Kerio" name at first; I purchased three licenses for that, also - was a real mess when they first acquired it and performed their first "upgrade". It completely hosed my Hosts file, would change settings affecting my home network on its own, and would occasionally seem to not be there at all, and then suddenly wake up and start grabbing files all over my PC, labeling them potentially dangerous.  Me? I just want a firewall to prevent port traffic and alert me so I can make a decision as to whether or not I wish to allow the program or process to have access to that port. I do not want it to start grabbing files and playing keep-away with them!!

When that first upgrade was admitted (by Sunbelt Support) to be thoroughly borked, they allowed me to place my licenses in "suspension" until they released their much-ballyhooed V. 2 of the firewall.  This was going to happen "soon", and would be a true Sunbelt design, rather than a worked-over "amateurish program" that they inherited from Kerio. (Their words, not mine!).  Turned out to be eight months!! When released I said I would give it a good ride and see how I liked it. My licenses were finally activated again. Lo and behold, this version was buggier than any PC security product I had ever tried! Caused full BSOD crashes regularly - and I had never seen a firewall do that!!  After quite a bit of testing and corresponding - with log files mostly - with Sunbelt engineers, I gave up.  After a good old, Howard Dean-ish primal scream, I told Sunbelt that a year and four months was too much time for me to agonize over a firewall. I removed all from my PC's. And I have not replaced it - nor C-Spy 2 - yet.

I do have SpywareBlaster setup on my PCs, and I run good old Spybot S&D, but not actively scanning. I just run scans weekly with it. no firewall at all; I am running behind a Linksys router, though, with SPI, so I am using a firewall of sorts. And I am running NOD32, which updates definitions hourly, believe it or not.

As for how I have fared, security/malware-wise, I had what I suspect was an infection - regular virus - in 1998 or 1999.  I was (blush) running AOL for a very short time - I was really low on funds and I used one of the 800 bazillion free disks that gave me - I think - two or three months of free AOL! And I had a sudden slowdown that eventually was reported to all AOL users - it was actually introduced to users, accidentally, by AOL themselves. Norton did find it and after much angst, removed it.  (Remember way back then when NAV was actually a highly respected AV product?!) And last year Counterspy insisted I was infected with the Grozodon trojan. After three days of pure hell trying to catch and remove it, it was finally announced as a big "Oops" by Sunbelt - false positive which they denied vehemently at first. Other than that one AOL job and a Couterspy false positive, I have never been infected with any malware. Part caution, part luck I'm sure.

But until I see a more pressing need, I will stay as I am and not install anymore AS or FW products.  (BTW, I DO run a rootkit detector every two weeks as a precaution, because they can infect like no other malware - and come from a seemingly reputable company - and not give any indication of infection till waaay after the fact!).

Jim
« Last Edit: January 28, 2008, 11:16 PM by J-Mac »

Darwin

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,984
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #2 on: January 28, 2008, 11:41 PM »
Well... I think an AV package is absolutely essential and while I personally feel more comfortable with AntiSpyware/AntiMalware installed, I often suspect that the threat is more "marketed" than real.

I'm struggling with the software firewall. I surf behind a hardware firewall at home and only feel the need for a software firewall when I'm away (ie on someone else's network). This most often is at work, which is a college and means that I do feel that I need the extra layer of security afforded by a s/w f/w. I'm still looking for the right one...

NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,277
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #3 on: January 29, 2008, 01:58 AM »
NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.

i'd true that as that is the only setup for me being behind a router-based firewall. the firewall software by Windows provides merely a placebo effect. ;)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #4 on: January 29, 2008, 03:58 AM »
NB If my computer was a desktop that stayed at home I definitely wouldn't run more than XP Sp-2's firewall.

i'd true that as that is the only setup for me being behind a router-based firewall. the firewall software by Windows provides merely a placebo effect. ;)
It does what it's supposed to do, and that's mostly blocking incoming traffic. Which is all you really need, also if you're "on the run" with a laptop. Especially if you're not very very cautious about the rules you set up with a more "advanced" software firewall, you could easily end up with a less secure system if you're the slightest bit careless.

Personally I believe a behavioral blocking system would be more effective than a typical signature+heuristics based antivirus package. But alas, with the direction Microsoft has taken with PatchGuard, it's hard to write a really effective system.

Currently I don't run anything but XPSP2 firewall myself... XP64 is a bit less exploitable, and since the majority of people are still on 32bit windows, that's also what exploits tend to be written for. I do still use 32bit firefox and TheBat though, so it's not like I'm immune... but with AdBlock, at least I'm not getting infected by drive-by banner exploits :)
- carpe noctem

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #5 on: January 29, 2008, 05:11 AM »
I don't see any harm in having a mix of security apps on your system, especially if you are paranoid by nature *raises hand* and doing so makes you comfortable.

The pitfalls?
1) The cost involved. There are lots of good freeware applications out there - anti-spyware, AV, firewalls.
2) And I think this is far more significant - the hit your system takes by running these apps - a smart choice of applications would definitely help. I have two AV apps, two anti-spyware apps, two rootkit scanners and a firewall sitting on my system. Sounds bad, but all of these have realtime monitoring disabled other than the firewall and one AV which only scans incoming mail and online activity. Total hit on resources - close to zero. I see absolutely no point in scanning the same old files a bazillion times. If I download something I suspect may be fishy the AV gets to scan it. The anti-spyware & anti-rootkit apps  are used _once_ in two months, just before I backup my system.

I could probably disable everything and still sit easy, thanks to drive imaging, which is the real hero here. But I don't see the point considering the only "real" hit is a few MB of disk space.''

Regarding outbound protection, I would hate not knowing some slimy app trying to call home. Besides, I'm a miser when it comes to my bandwidth, which is limited - I don't see why I should let any app send crashdumps, etc home unless I really want it to. Allowing malicious apps on your system is a grey area coz, a good example is an app written about recently on DC  by a well-intentioned person, hosted at a respectable site which tried to connect to a totally different domain known best for ripoff apps. What harm could it have done to let it connect, probably none. But I feel much better knowing about stuff like that. It's purely subjective, but in the end, that's what matters.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 8,066
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #6 on: January 29, 2008, 06:18 AM »
I have moved out of the paranoid camp and into the light (and a computer that actually works quickly).

My security setup is:

AccessPoint/Router Firewall

On my PCs I have:

NOD32 v.3 (no probs even with NirSoft utils - I just excluded those folders)
WindowsXP Firewall

PCTools Spyware Doctor

The last of those is installed but I don't have it running in the background - I just fire it up periodically and give my system a checkup.

So far no probs (famous last words)

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 652
    • View Profile
    • Mark's home
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #7 on: January 29, 2008, 07:20 AM »
Me too.
I remember the times of the firsts release of Kerio Firewall (while it was actually an interesting piece of software), with hours passed at experimenting with various rules to block this, make that working, and so on! :)

Now I relay on the NAT Router/firewall combo, a free AV (that haven't really detected a threat in... well... never!), and Firefox (or any browser that don't use the IE engine). If I have to go on the move with a laptop, the integrated software firewall to just close some doors will be OK. Add the occasional scan with some antispyware tool (but not something resident, thanks).

Other than that, I find that a lot of security tools end up causing more problems / issues than they supposedly solve.

Looking back, seeing at how the personal software firewall market evolved from about inexistent some years ago, to everyone-and-his-dog-build-a-personal-firewall of today, I can't help but thining that probably Steve Gibson had some part in spreading the "hysteria".
A big IMHO, obviously.

Bye!

Tekzel

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 228
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #8 on: January 29, 2008, 08:12 AM »
What is necessary is entirely dependent on the people that will use the system.  At home I don't use any form of anti-spyware, anti-virus, or firewall.  I have my Linksys router configured to be relatively secure but other than that, thats all I need.  99.9% of the rest of the population needs some form of protection though, as they don't know how to not get infected like I do.  The thing to understand is there is not a single piece of software, or any combination of software, that can keep a sufficiently determined user from getting infected.  The most important part of the equation is education of the person at the keyboard.  Then, for most people, a reasonable level of protection will suffice.  But, ultimately, the most important thing is the person sitting at the keyboard.

Lately, I find that the Microsoft OneCare product is nice.  Reasonably priced, reasonably effective, and here is the good part, doesn't molest the hell out of a user's PC like anything with Symantec or McAfee in the name.

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #9 on: January 29, 2008, 09:45 AM »
I'm a bit with my feet in the paranoid and logical fields. Since I don't have a router (I should have chose the Wi-Fi option instead of the cable :P), I prefer to have a bit more security that it would be normal, not that much, but a bit more.

So apart from Opera and Firefox, both running adblocking, avast! fully activated and Windows Defender in testing (I'd probably move to test Spyware Terminator next, Defender is beginning to piss me off with its zero possibilities of configuration), I have another antivirus (AntiVir, completely deactivated), and several other scanners, all free of course. I'm thinking in eliminating a few of those and leaving only the best or the ones with the most useful functions for manual analysis, since I don't like having too much software sitting in there doing nothing.

I used to have Internet Explorer protected with URLs blacklists, but since I almost never use Internet Explorer, seems SpyBot's download blocker does the same work and I don't like the prospect of having 80,000 URLs in the registry for nothing, all that is disabled right now. Besides, it seems the future is leading us to have blacklists built into the browsers and updated via Internet daily, like Firefox 3 does thanks to StopBadware and Google. Besides, those lists are far bigger than those compiled by security software makers, so that's another side covered.

I'm still thinking what to do regarding the firewall. I'm not a fan of having programs pestering me up with constant dialogs, and as I argued in the other thread, most firewalls do this. If I can find a light, quiet firewall, I'll use it, programs like Kerio or Sygate could fit in the category, but I don't have the time to put up them to test right now. If I can't find one, an antispyware with behavioral analysis will be more than enough.

Something that I'd like to see someday is a proper security test, instead of those synthetic ones. Like, for example, how well it would fare a PC with the basic Windows Firewall, an antivirus and some passive protection after navigating in dangerous sites. Or how good is a HIPS without any other protection. And other variations. That would be refreshing, and would give some real feedback over how good particular combinations of software are, and if those highly touted security apps are really so good as the virtual tests suggest. Gizmo did some of those, but more of this kind are necessary.

Finally, a good security guide. It's amazing how many free security software exists, I didn't know there was software to control the Windows Firewall in depth (a weak point of it IMO). Darwin, don't check up those lists unless you want to have app's taskbar ;D

Whee! Another long rant :D
« Last Edit: January 29, 2008, 10:00 AM by Lashiec »

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #10 on: January 29, 2008, 11:13 AM »
What is necessary is entirely dependent on the people that will use the system. 

I agree as long as you mean it is dependent on the browsing behavior of the person using the system, as opposed to what that person thinks he or she needs!  Case in point:  My dear little brother, who was without any shadow of a doubt "fully protected" by the demo of Norton that came with his three year old PC, and hits every stinking warez site he can find. Then calls me when his PC starts "acting weird or something".   :o :mad:


Lately, I find that the Microsoft OneCare product is nice.  Reasonably priced, reasonably effective, and here is the good part, doesn't molest the hell out of a user's PC like anything with Symantec or McAfee in the name.

I found early versions of OneCare to be lacking user-configurability, similar to what Lashiec mentioned about Defender in his post above this one.  Though admittedly it may have changed for the better since then.

Jim

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #11 on: January 29, 2008, 08:29 PM »
Okay, First I'd like to thank Target for spinning off this thread.

Now I'm beginning seeing a glimmer of reality appear hear (in this thread) as it is ultimately, completely up to the user as to whether or not their ass stays attached, or gets blown into he weeds. AOL (the ignorance baseline...) had an ad campaign a while back with a tag line of "Safety and Security is Simple ... Just Click Here". To this day when I hear the phrase Just Click Here I still bristle a bit as I actively resist the urge to go ballistic.

I do on-site service work for both large companies and home users, so I get to see a good cross section of best and worst cases. The worst I ever saw were (hands down 5 star winners) the Just-Click-Here AOL machines that were being handled by novice users that just "checked their Email", and swapped greeting cards/Jokes/etc. with "friends" (that they met in chat rooms...). We're talking the High Dollar, Top Shelf, Media Center PCs that were taking 45Min to boot into Safe Mode brand of totally hosed here folks! ...I'm not talking about Kids running Kazaa & surfing Warez, these are middle-aged House Wives and Bank Managers. ...That thought they were "Safe" ... Because the happy little blinking icon told them so. *Bangs head on Desk*

[This Just In...] The Storm Worm, latest of the great (overly hyped) interweb deamons...has a few interesting requirements to infect ones machine:
A. Somebody Must open & run (with scissors...) the Attachment!
B. That someone Must also be running with administrative credentials, so ... the bugg will have PeRmiSsiOn ... to install itself as a Windows System Service. (Ding! Ding! Ding! Ding! ...Hello!!!)
C. Be running a web server that is behind on security updates so it can inject itself  into a new distro point.

Q. Which security products would have protected the user from (themselves...) and prevented this little pandemic?
A. None of them.

Item 2 - What constitutes "Bad Places" on the Interweb?

Porn sites?! ...No. Yes they got a bad rap a while back with the dialers and such, but they've really pretty much cleaned up their act. Unless you're looking for something really depraved or illegal you're reasonably safe in that territory.  Yes, I've checked.

Warez sites? Meh there are tons of Script Kiddie new comers to the scene that have web-rings of god knows what-all. But there are plenty of the old schoolers still in the game that maintain the Honor-Among-Thieves code closely enough to make for reasonably safe travel if you know what you're doing. Of course piracy is illegal, so if the long arm of the law springs out of you're own ass and grabs you by the throat for stealing ...(hay)... who am I to complain...?

P2P networks? Now here's a budding nightmare. I can get songs for free! True. But if you don't fully understand the file formats you're dealing with ... The service call will likely cost more than the album would have.

Good God, this is turning into a diatribe (not actually my intention), Sorry.

I guess the (short form) point I'm trying to make is that traveling the Internet highway is no different than traveling the interstate highway, If you don't Drive Defensively ... You're going to end up with a wrecked car-puter.

The primary objective is to avoid getting infected in the first place. The outbound firewall game is a nothing more than a plan B attempt to save face after Plan A failed. Sure you prevented your comp from joining in the Zombie Squad, but you're still hemorrhaging resources and leaking the infection out of every hole the thing can find (You send mail...It sends mail).

Common sense and a condom beats the hell out of a lengthy discussion about if we should keep "it".

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #12 on: January 29, 2008, 11:11 PM »
Stoic Joker,

Probably preaching to the choir here at DC, but still a good post!  Common sense, so sadly lacking in those from whom we would usually expect better, is still the rule.

Thanks.

Jim

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #13 on: January 30, 2008, 12:11 AM »
there's no getting around the user, but it's probably safe (:huh:) to assume that most here are reasonably savvy about the dangers

I have heard several opinions expressed regarding the relative value of outbound firewalling, but can't help but consider it essential

I'm on dialup so a router isn't an option, and like Nosh, I hoard my bandwidth and really <i>really</i> don't like the idea of anything calling out (regardless of it's intent) without my knowledge. 

Basically I see it as just another tool, a means of identifying a potential infection/compromise, and given that most infections these days are likely to come from inside your firewall (see StoicJokers input above regarding PEBKAC* problems) it would seem prudent to implement this feature.

it's also hard to take a recommendation from <i>any</i> of the discussions I've seen so far.  For every person who has a good experience of firewall X, there is at least one with bad...

Not much said about the other options (AV, antispy/malware) so far - as Lashiec said, there are heaps of choices out there, but what to choose??

Do we <i>really</i> need spyware detection?  Do we <i>really</i> need ad blocking? Do we <i>really</i> need a trojan hunter? Do we <i>really</i> need <insert you're choice here>?

and if we do, how do we measure it's effectiveness/value?

Personally I've used both Spybot and AdAware (and probably others) at various times and found little benefit from either - maybe I've been lucky, who knows, but the upkeep certainly wasn't worth the returns.

Another thought occurs to me - just what is the real danger here? 

others have referred to this obliquely, but are we so caught up in the general hype surrounding the latest crop of super wonder mega fireproof antimalware pro apps that we've lost sight of what it is we're actually trying to guard against?  Is the threat <i>really</i> as serious as industry and the media would have us believe?

I've seen references that these days virii don't seem to be destructive (ie they don't trash you're data/hardware).  If this is the case, and I suspect it is, then what are they doing, sending spam emails?  if this is the worst of it then it doesn't seem like a serious issue (apart from the potential liability issues :o).  What about fraud/identity theft?  is this a common problem that could be minimised using the available tools?  (this isn't a problem for me - I have a simple rule about this stuff, if I don't want anyone to know, or I can't afford to lose it, I don't keep it on my PC.  I know this isn't practical/possible for everyone, but the sentiment stands)     

Target

* PEBKAC - <b>P</b>roblem <b>E</b>xists <b>B</b>etween <b>K</b>eyboard <b>A</b>nd <b>C</b>hair

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #14 on: January 30, 2008, 01:30 AM »
I am probably a cynic (well, actually I am a cynic; I realize fully that!  But here I mean the cynic in me speaking out!), but personally I feel that much of the hype about malware infections is generated to keep PC security products moving off the shelves.  I truly am not a conspiracy theorist by any stretch, but I do think that the problem is significantly overstated by the software industry and much of the media that covers it.  As much as I read about computer security, including all the warnings and cautionary stuff that hits my RSS reader and mailbox daily, I can't help but to notice that I never see very much about mass identity thefts, loss of tangible assets, etc. due entirely to malware infections.

The predominant goal of most malware I see hitting the masses is to grab people's attention for the purpose of getting a larger share of their spending.  Adware, browser hijacking, redirecting people's search toolbars to show targeted advertising.  This is where I see most malware hitting.  And, of course, to create zombies of the computers of the largely uneducated masses (and I don't mean folks who have no or little schooling, but those who have no earthly idea what they are doing when they open their browsers) for the strict purpose of propagating the above-mentioned adware, BHO's, redirecting search facilities, etc.  And spam of course!! Spam, by the way, which seems to be pointless if you think logically about it.  Haven't you all wondered who in their right minds would ever respond to these ridiculous spam emails?  Actually spam snags enough folks who buy these outlandish products to make it enormously profitable.  These spammers aren't sending out millions of messages hourly so they can picture you spending so much time and effort cursing and deleting their emails.  They do it only because enough people actually buy the crazy stuff they're pushing!!

But the virus that will destroy your machine, steal your identity, and make your life a complete mess?  Sure, it does happen, but to a much smaller percentage of web surfers.  But the software companies who develop newer, bigger, and better computer security applications need desperately for us all to be very fearful of malware!!  It is an unbelievably rich industry which they are not going to abandon because the threat is not as big as you think it is.

My opinion, anyway!

Jim

CodeTRUCKER

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,085
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #15 on: January 30, 2008, 05:37 PM »
Maybe I have misread this thread? :huh:   I've tried to read the posts more than once, coz I'm not feeling well, but what I think I am hearing is it is OK not to worry about old/real threats?  Is anyone else "hearing" this, or is it just my medicine?

I agree with the economics, but aside from the $$$ aspect I was getting a cold chill as I read this thread.  The valid reason that all the AV/AS/FW has become that lucrative in the first place was because originally there were real bad threats that wreaked havoc and did real damage.  Real solutions were needed and Peter jumped to the fore AFAICR followed by the AV parade.  While I agree that the "emphasis" of attacks has shifted to targeting user stupidity, I am very uncomfortable with letting down the guard on prevention of serious known threat potentials.  I would see this like the USA security folks saying...

"Ok we haven't had any planes hi-jacked and slammed into buildings in quite awhile and there has been an increase in (example)-bombings.  I guess our terror-prevention strategy doesn't need to bother with planes any more.  We need to concentrate our resources on (example)-bombings instead" 

Agreed, there haven't been any more hi-jack attempts, but we still need to keep on inspecting carry-on luggage. ;)
 
At any given time, there may be a reduction in the frequency of a real threat, but it is still a real threat.  Ask yourself what malware authors might be thinking if they were trawling threads like these?  If you were them what would be the next "project?"

Unless you have an image ready to put back on after you have been compromised and have to start over, then this needs to be part of what is necessary to include in Windows protection, IMO  (psssst... better make sure there are no viruses on your image. ;) )

<off topic + rant>
... These spammers aren't sending out millions of messages hourly so they can picture you spending so much time and effort cursing and deleting their emails.  They do it only because enough people actually buy the crazy stuff they're pushing!!

As long as spammers can send a million messages and it doesn't cost a thing, this isn't going to stop.  Personally, I'd be very willing to pay a per-email tax (FYI - I hate taxes  >:() of $.01 in order to shut them down.  Even if I sent/received 1,000 e-mails/mo that is only going to cost me $10/mo, but for the spammer that sends out 10,000,000/mo his bill would be $100,000/mo! Even a measly million spams/mo would cast ten-grand.  How long spam last in that case?
</off topic +rant>

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #16 on: January 30, 2008, 07:09 PM »
I was reading some literature during these days, and I think we're overly paranoid, really. There are only three vectors of attack right now in a computer (at least feasible ones, we're not talking about an entire botnet targeting you): you activate the malware, your software is not up to date, and your software or machine is misconfigured. That's all.

Actually, if you think about it, most security software is being designed not to protect the user and its software, mostly because things as a complete firewall or a HIPS are overly complex for a normal user, but to protect yourself about these zero-day exploits, those ones that are unpatched and spread over the Internet (case in point: the worm spreading over the servers using cross site scripting, and that no one knows how it infects the servers). But look, that worm is not going to target your computer, although it can probably deliver some side effects using the sites he infected.

Reading some experts' information, I was surprised at how little security some guys use. The most striking one was Bruce Schneier, he didn't even use a personal firewall (yeah, yeah, he uses a NAT router), despite being a security expert, and everyone knows it's one of the most intelligent in the business. His updated guidelines and the older ones. I guess he considers the Windows Firewall as good enough recommending it to protect your laptop, though he advised the use of a personal firewall in the other list. Then again, Windows security started to drop to low levels at that time, and the XP firewall was a mess.

BTW, something that I'll install soon: DropMyRights. Now this thing is useful, and it does consume zero resources. Perhaps I should start to practice what I researched (and preached up to some point), and use what I've been using until now. After all, in all this time, I wasn't infected (except for a trojan, but that was very stupid on my part), and the scanners didn't warn me of anything while working (except for malware embedded in JavaScript, but that was miscontrol on my part). So, I'll raise up my logical defenses, and will knock on wood.

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #17 on: January 30, 2008, 07:13 PM »
not suggesting we ignore the threat, just wondering how much we really need to do to guard against it

the original query related to what do we <i>really</i> need in the way of security, ie is it sufficient (for those with hardware firewall) to use an AV tool, or do we need a firewall, and an AV, and an ad blocker, and a spyware removal tool, and a trojan hunter, and and and

and at what point does the law of diminishing returns kick in?

there's no doubt that we need to use something, but what? (like you, I've read most of the other threads but couldn't draw any firm conclusions from them...)

it seems that we can all get cought up in the hype about which product we like better (for whatever reason), but I have to wonder whether the danger is as significant as we might have been led to believe

there's no silver bullet here, I was just wondering what others thought was <i>really</i> necessary .

Target

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #18 on: January 30, 2008, 09:40 PM »
trucker - That has to be one of the most poorly misplaced analogies I have seen.  Out of place and so much not related to personal computer threats. I'm more than a bit surprised.

Or then again, maybe I'm not.

Jim

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #19 on: January 30, 2008, 09:48 PM »
And Trucker - you are correct in that most threats that succeed ARE due to users'.... stupidity?  Maybe "lack of care" is a kinder way to put it. Sad but true.  Could there still be a threat out there that might trap me? Certainly! But the chances are so slight that I choose to sit behind NAT and SPI and not use any software firewall. If you somehow feel cool by saying I am foolish for that, then go right ahead!  I feel I am as careful as I need to be, I browse cautiously, I haven't opened an attachment to an email message in...  I can't even remember when I last did!  I only open downloaded files/archives after downloading to an isolated folder and scanning it.  Can I still get bitten? Yes, but IMO I have no more chance of it than you do.

Jim

Target

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 1,832
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #20 on: January 30, 2008, 09:51 PM »
BTW, something that I'll install soon: DropMyRights. Now this thing is useful, and it does consume zero resources.

Why stop there?  

I usually set my privileges to user (OK, <i>power</i>-user...) - this should stop (some?) nasties from installing/running, and
I can log in as the administrator if I need to...

Target

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #21 on: January 31, 2008, 06:06 AM »
BTW, something that I'll install soon: DropMyRights. Now this thing is useful, and it does consume zero resources.

Why stop there?  

I usually set my privileges to user (OK, <i>power</i>-user...) - this should stop (some?) nasties from installing/running, and
I can log in as the administrator if I need to...

Target
The Run as... command works wonders if a user has a project open that they can't close.

Folks - I haven't forgotten this thread, I'm still following it, but I've been to busy (working) to get back and clairify my rant.

@CodeTRUCKER  No I'm not advocation sticking ones head in the sand and ignoring the threats, and yes I do understand the point and dirrection of your analogy (I thought it "fit" quite well). :)

Lashiec

  • Member
  • Joined in 2006
  • **
  • Posts: 2,374
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #22 on: January 31, 2008, 09:35 AM »
Why stop there?  

I usually set my privileges to user (OK, <i>power</i>-user...) - this should stop (some?) nasties from installing/running, and
I can log in as the administrator if I need to...

I run all time as an administrator, because of various reasons like I'm very lazy to create another account, press Windows + L to change to it, recreate all the options of my apps for another profile, don't know how many privileges I lose with a limited account (as I like to tinker with the innards of the OS while doing something unrelated), etc.

Besides, DropMyRights would only be used for Internet-facing apps, which I feel is a good thing, and doesn't demand too much from me (setting up a few shortcuts and it's all done). It's a good compromise, zero effort, some security benefits.

J-Mac

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 2,918
    • View Profile
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #23 on: January 31, 2008, 12:39 PM »
Lashiec:  That sounds like a good idea.  I hate running as a user because I am quite often - like multiple times daily - performing tasks which require Admin rights, and I guess it might be a bit of laziness on my part, too.  I hate "double-doing", meaning that when logged in as a user and I start to do something that requires admin rights, I forget which I am logged as and get some steps done before realizing that I cannot complete them.  Then whether I log out and back in as Administrator or use "Run as...", those steps are lost, or some services, etc. that I need to access to complete what I am doing cannot be done unless I log out and in again.  So I usually just login  with Admin rights from the start.

Drop My Rights looks to be a potentially nice compromise!

Thanks.

Jim

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: windows security - what's really necessary?
« Reply #24 on: February 01, 2008, 07:31 AM »
I followed the DropMyRights link, and ended up at Microsoft. I'm attaching one of the graphics files from there, to save you the external URL clicking. Anything odd striking you? Considering that this image comes from an article at MS? :-*

dropwarez.gifwindows security - what's really necessary?
- carpe noctem