Main Area and Open Discussion > General Software Discussion

I gave in: Should I have?

(1/3) > >>

wreckedcarzz:
Alright, I gave in - Avast 4.8 is now running, making its little "VRDB" (Virus Recovery DataBase)

Most of the you here at DC should know that I absolutely hate security software. It rarely stays on my PC for longer than a week - I test what I can for the others in my family (mom, dad, sister) and get the software on all the PCs so that I can keep the whole wheel rolling smoothly.

My security level (minus the newly installed Avast), includes:

DMZ to this PC
Windows Firewall OFF
Windows Defender OFF
Security Center notifications DISABLED
Router firewall ON
100% Windows File Sharing (including Media, Printer, etc) ENABLED
No anti-virus, anti-spyware, anti-malware, anti-trojan, firewall, anti-rootkit, or anything like that
Irregular backups of seemingly important data onto failing hard drives

Everyone I talk to about it that asks me "What security do I use?" is always completely dumbfounded by the idea: A Windows user with no security??

So I gave in and gave Avast another shot (It was one of my favorites back during version 3, when I was security-insane). It doesn't seem to use any resources, and it hasn't gotten in my way yet (except one annoying update notification I had to roll over to get rid of).

But I am wondering: Should I keep it, switch it for something better (I am very fond of Spyware Terminator), or ditch it and go back to Russian roulette with the internet?

I am particularly interested in Kingsoft Internet Security, however a fight to keep in the black ($) is pushing my dad from buying ANYTHING for the computers. We currently have a PC Tools Internet Security 2008 subscription that will die out in a couple months, hence my searching for something to replace it that won't break the bank (literally).

Thoughts? :tellme:

f0dder:
wreckedcarzz: I'm indeed pretty dumbfounded at your previous insecurity policy - wow O_o

What I don't get is... why install Avast? STOP DOING DMZ AND ONLY FORWARD NECESSARY PORTS (uPNP is OK), turn on Windows Firewall, and make sure windows filesharing is password-protected. That removes a lot of attack vectors, and if combiend with responsible web browsing (either using Vista with IE7+UAC, thus running sandboxed, or FireFox+DropMyRights), you've eliminated most attack vectors.

wreckedcarzz:
I don't really worry/care about security - but that's neither here nor there at this point, I'm trying to be preventative in case the crap hits the fan.

I use DMZ because all my PC's run on Dynamic IPs (DHCP) - although I just converted this PC over to an old wireless USB stick, so that has been holding the .141 suffix for the last 3 locations and 6 days, rendering that argument useless. But DMZ allows me to open all my ports to host my games, µTorrent my data [to be], and sustain 100% problem free internet, without re-forwarding ports every time something changes.

UPNP is enabled on the router (DD-WRT hax'd firmware), but it doesn't just let stuff in - it is sufficiently secure. Along with that, I run Firefox with NoScript + AdBlock Plus (IE7 is so.. ugh.. not gonna go there). UAC is disabled simply because I don't want to be asked to confirm something every time I do an admin task (several times a day).

If it turns out that this PC has a static IP, I might end up forwarding ports manually. Probably enable WF too, but it can get annoying at times... :-\

To-do (done):

* Disable DMZ
* Forward ports manually
* Enable Windows Firewall
Done! :D

f0dder:
You have a couple of options for a somewhat more sensible setup :) - if your router is decent, it should support MAC->DHCP mappings - which means that you can basically give some client PCs static IPs, even though they get the address via DHCP. This is really wonderful for managing computers, especially if you have more than a handful but still need to be able to connect to them directly (remote desktop connections through a VPN to machines in another city, for instance).

If it doesn't, no sweat - it sounds like your setup only really needs your machine to have a static IP. So, keep the rest of the machines on DHCP, and give yourself a static IP outside the DHCP pool range. Yeah, you'll need to change your port mappings once, but from then on you'll be running the same static IP on your client machine.

Once you've done this and disabled DMZ, only forwarding the ports you need, theoretically you don't need Windows Firewall. But it's almost free in terms of resource consumption, and it offers an additional level of protection should a machine on your LAN get infected (not very likely to happen if you live by yourself, but if you've got family or a significant other who aren't tech wizards, well... ::) ) - I don't really believe in personal firewall outbound protection, as I've stated in multiple other threads, so Windows Firewall should be just fine.

Nice that you're running NoScript and AdBlockPlus, that definitely helps with security (although you can easily whitelist too much, and if a whitelisted server is hacked it can still be brought to serve malware - nothing is perfect). I'd suggest additionally using DropMyRights or similar with FireFox (and any internet-facing apps) since you're probably running a user account with administrative privileges. That gives an extra level of protection without too much fuzz.

With a setup like this + responsible internet browsing, you should have a pretty good chance at not getting infected, and it's certainly better than being wide open and and depending on an antivirus program to never be outdated and accidentally let something slip through :). Heck, I don't even run Antivirus at all, but that's probably hubris on my part. I just haven't found one that I liked (or rather, I don't feel like shelling out for the one I like, namely Kaspersky).

Btw, after having Vista on my laptop for, what, around 10 days? I don't really get why people bitch and moan so much at UAC. It does provide a substantial amount of security (and if exploits are found, they should get patched) and imho it's not so intrusive once you've got your initial machine config+setup done. I do tend to mess around more on my workstation than my laptop though, so perhaps I'd be more annoyed on the workstation :)

Deozaan:
My router supports static DHCP. All my devices are set up to use the same IP (each) at my home.

EDIT: Spelling correction.

Navigation

[0] Message Index

[#] Next page