Main Area and Open Discussion > General Software Discussion
Windows Security Essentials
Innuendo:
Every single Anti-EvilWare solution on the market today is at best (just like birth control) only 98% effective. Why? (lawyers, true) Because (sh)IT happens...and there just isn't (cycle) time to check for every little thing right down to the very last detail so everybody just picks their best rendition of hitting the high-spots and calls it good.-Stoic Joker (October 16, 2009, 05:16 PM)
--- End quote ---
This is why I always preach running a layered defense system. Start with your router. Make sure it has a firewall & not just NAT. NAT is not a firewall or a substitute for a firewall. Run a good AV & HIPS solution. Doesn't matter if they are both integrated in one program or not, but it's good to run them. Choosing to run a software firewall isn't a bad idea, either. If something ever does make it through your defenses chances are you'll be alerted when it tries to phone home.
Take the time to run MBAM & A-Squared from time to time as insurance. As crazy as it may sound, I recommend running a good ad-blocker as well. All those banner ads and pop-ups are increasingly an attack vector into the systems of unsuspecting users.
The good ole days of when a person could just not use a resident scanner & just do an AV scan once a month to stay secure are over & it's only going to get worse.
mwb1100:
Start with your router. Make sure it has a firewall & not just NAT. NAT is not a firewall or a substitute for a firewall.
-Innuendo (October 16, 2009, 06:11 PM)
--- End quote ---
Can you expand on this? My understanding is that unless you configure a 'open host' or some specific port forwarding(s), incoming connections to a NAT router don't even have anywhere to go so there's nothing to do but drop them. What is a firewall going to do above that, at least for your typical home environment where there's no reason for an incoming connection?
Innuendo:
Can you expand on this? My understanding is that unless you configure a 'open host' or some specific port forwarding(s), incoming connections to a NAT router don't even have anywhere to go so there's nothing to do but drop them. What is a firewall going to do above that, at least for your typical home environment where there's no reason for an incoming connection?-mwb1100 (October 16, 2009, 11:14 PM)
--- End quote ---
The most obvious distinction between a firewall and NAT is that a firewall can be configured to control outgoing as well as incoming connections. The other most important distinction is that firewalls (the ones that do stateful inspection) analyzes incoming packets to make sure they are what they say they are before passing them on to the destination. Most NAT implementations, however, are considerably dumber and usually just blindly send through a packet to where it's supposed to go without any analysis.
It's been some time ago, but I recall reading some tests on dumb NAT routers where a carefully crafted spoofed packet could make it through NAT allowing an attacker access to the computer behind the NAT.
For those who are really security-conscious and have data on their PCs that definitely should be protected from getting out into the real world (corporations, high profile people, etc.), these people should settle for nothing less than an ICSA-certified firewall.
Innuendo:
This just in.....Paul Thurrot and Leo LaPorte are idiots. Cliff Evans, Microsoft UK's security chief, has stated that MSE does indeed have heuristic detection abilities. However, the way I read the article, all things are not rosy as Microsoft has implemented a procedure where MSE will study the behavior of suspicious programs, but it has to contact Microsoft's servers to check against known malware signatures. This, in my mind, seems like a design flaw as laptop users are obtaining new files all the time & they are not always in a position where they have access to the internet.
First the quote from Cliff Evans:
"MSE uses a higher amount of heuristic detection techniques than OneCare, Evans said. The software studies the behaviour of suspicious applications, then reports back to a central server to check the behaviour against that of known malware.
The Dynamic Signature Service technology uses the most recent virus definitions to check applications for risks, rather than relying on the last batch of definitions downloaded, Microsoft said.
The suite also emulates programs before they complete their execution, and looks for behaviour such as carrying out operations without user permission, Owen said. If a program is behaving suspiciously, MSE will ping the Dynamic Signature Service to see whether the program should be submitted for analysis or terminated."
And the article link:
http://news.zdnet.co.uk/security/0,1000000189,39778759,00.htm
It's unknown if MSE will fall back to the current definitions downloaded to analyze if the Dynamic Signature Service server is unavailable. Personally, I'm wondering why if MSE is checking the server for "the most recent virus definitions...rather than relying on the last batch of definitions downloaded" why it doesn't just download the most recent virus definitions, do the analysis locally, and be done with it.
Stoic Joker:
I'm wondering why if MSE is checking the server for "the most recent virus definitions...rather than relying on the last batch of definitions downloaded" why it doesn't just download the most recent virus definitions, do the analysis locally, and be done with it.-Innuendo (October 17, 2009, 10:46 AM)
--- End quote ---
I'm guessing it's a tip of the iceburg Cloud Computing thing. ...Which is not IMO a good sign.
On the Firewall thing I've yet to see an SPI implementation in a residential class device that wasn't more trouble than it was worth (performance under load = dropped connections). Sure on the SMB and up comercial side there are some nice devices...but you'll be looking at $500+ on sale of you're lucky which is a bit steep for most folks.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version