Results 1 to 18 of 18

Thread: Is it still enough?

  1. #1
    userid
    Guest

    Is it still enough?

    My basic setup (Xp) include the use of LUA, disabling unnecessary
    networking service, windows firewall and an antivirus.
    My pc is running smoothly so I assume I'm safe. But, is this a safe
    assumption? Or I just can't see what's happening?
    I mean, there's a lot of talking and writing about unsafe browsing, web
    site forgeries etc. that you can't but feel unprotected.
    My point is: is it still enough this basic setup or do we now need a
    security suite?

    Thanks,
    -FG

  2. #2
    geoar75@gmail.com
    Guest

    Re: Is it still enough?

    Hi,

    As long a client is connected to the internet or to an intranet,
    security software or hardware is critical.
    You may need protection even when your computer is not connected to
    any network. Viruses, trojans and malware may access your computer
    using removable media, such as CDs, DVDs, USB flash drives etc.

    Good luck,

    Giorgos

    --

    NetPros Community
    http://netpros.freeforums.org

    On 25 Οκτ, 11:05, userid <use...@domain.invalid> wrote:
    > My basic setup (Xp) include the use of LUA, disabling unnecessary
    > networking service, windows firewall and an antivirus.
    > My pc is running smoothly so I assume I'm safe. But, is this a safe
    > assumption? Or I just can't see what's happening?
    > I mean, there's a lot of talking and writing about unsafe browsing, web
    > site forgeries etc. that you can't but feel unprotected.
    > My point is: is it still enough this basic setup or do we now need a
    > security suite?
    >
    > Thanks,
    > -FG



  3. #3
    Bit Twister
    Guest

    Re: Is it still enough?

    On Sun, 25 Oct 2009 10:05:53 +0100, userid wrote:
    > My basic setup (Xp) include the use of LUA, disabling unnecessary
    > networking service,


    Basic security is disable ALL unnecessary services.

    > windows firewall and an antivirus. My pc is running smoothly so I
    > assume I'm safe. But, is this a safe assumption?


    Absolutely not.

    > Or I just can't see what's happening?


    Entirely possible.

    > I mean, there's a lot of talking and writing about unsafe browsing, web
    > site forgeries etc. that you can't but feel unprotected.


    I can relate with that.

    > My point is: is it still enough this basic setup or do we now need a
    > security suite?


    Heheheh, you need security armor. :-(

    Just for fun, click Malware Outbreak for latest antivirus malware
    email detection time at http://www.commtouch.com/security-center

    How is your current detection rate for your AV product?

    Last review I saw, this year, indicated detection was 98% for best
    Security suite at that time.

    Last stats I saw was 4 to 6 weeks between new malware program to
    Anti-malware Vendor protection.

    Last stats I saw from one security vendor was they get 1500 new
    malware programs a day.

    Click up your calculator

    1500 x days_in_year x 2% = Undetected malware with about a month
    of no protection before AV Suite can save you from the new malware
    they "can catch" for their product.

    My solution, run Linux as my Operating System.

  4. #4
    userid
    Guest

    Re: Is it still enough?

    Bit Twister wrote:
    > On Sun, 25 Oct 2009 10:05:53 +0100, userid wrote:
    >> My basic setup (Xp) include the use of LUA, disabling unnecessary
    >> networking service,

    >
    > Basic security is disable ALL unnecessary services.


    Is there any list to refer to?

    >> My point is: is it still enough this basic setup or do we now need a
    >> security suite?

    >
    > Heheheh, you need security armor. :-(
    >
    > Just for fun, click Malware Outbreak for latest antivirus malware
    > email detection time at http://www.commtouch.com/security-center
    >
    > How is your current detection rate for your AV product?
    >
    > Last review I saw, this year, indicated detection was 98% for best
    > Security suite at that time.
    >
    > Last stats I saw was 4 to 6 weeks between new malware program to
    > Anti-malware Vendor protection.
    >
    > Last stats I saw from one security vendor was they get 1500 new
    > malware programs a day.


    Apparently, Comodo offers a whitelisting of about two million programs.
    If it were a way of checking the integrity of your system, why not? It
    sounds like a good idea to me.

    > My solution, run Linux as my Operating System.


    That was something I have thought to. In fact, I have a dual boot system
    but I've read that some repositories have recently been compromised so
    second thought are allowed..

  5. #5
    Grant
    Guest

    Re: Is it still enough?

    On Sun, 25 Oct 2009 20:05:35 +0100, userid <userid@domain.invalid> wrote:

    >Bit Twister wrote:
    >> On Sun, 25 Oct 2009 10:05:53 +0100, userid wrote:
    >>> My basic setup (Xp) include the use of LUA, disabling unnecessary
    >>> networking service,

    >>
    >> Basic security is disable ALL unnecessary services.

    >
    >Is there any list to refer to?
    >
    >>> My point is: is it still enough this basic setup or do we now need a
    >>> security suite?

    >>
    >> Heheheh, you need security armor. :-(
    >>
    >> Just for fun, click Malware Outbreak for latest antivirus malware
    >> email detection time at http://www.commtouch.com/security-center
    >>
    >> How is your current detection rate for your AV product?
    >>
    >> Last review I saw, this year, indicated detection was 98% for best
    >> Security suite at that time.
    >>
    >> Last stats I saw was 4 to 6 weeks between new malware program to
    >> Anti-malware Vendor protection.
    >>
    >> Last stats I saw from one security vendor was they get 1500 new
    >> malware programs a day.

    >
    >Apparently, Comodo offers a whitelisting of about two million programs.
    >If it were a way of checking the integrity of your system, why not? It
    >sounds like a good idea to me.
    >
    > > My solution, run Linux as my Operating System.

    >
    >That was something I have thought to. In fact, I have a dual boot system
    > but I've read that some repositories have recently been compromised so
    >second thought are allowed..


    The safe way is to run Linux (or *BSD) on the Internet facing box,
    isolates poor defenceless windows from the big bad Internet ;)

    I wouldn't connect windows direct to DSL modem -- only reason people
    mostly survive it is that most (A)DSL modems block incoming by default.

    Trojans and vrus files are 'invited' onto the PC by the user, bypassing
    the firewall -- but a good firewall can detect and limit damage if you
    catch a botnet illness.

    For the OP, I doubt any software in windows is the answer -- the answer
    lies in a decent, separate firewall box between windows and the 'net.

    Works for me :)

    Grant.
    --
    http://bugsplatter.id.au

  6. #6
    Bit Twister
    Guest

    Re: Is it still enough?

    On Sun, 25 Oct 2009 20:05:35 +0100, userid wrote:
    > Bit Twister wrote:


    >> Basic security is disable ALL unnecessary services.

    >
    > Is there any list to refer to?


    No idea. quit using windows years ago. Site listing all the settings
    to set in winders has disappeared.

    >
    > Apparently, Comodo offers a whitelisting of about two million programs.
    > If it were a way of checking the integrity of your system, why not? It
    > sounds like a good idea to me.


    Heheh, last number I saw as past 5 million. Guessing half a$$ is
    better than no a$$


    > That was something I have thought to. In fact, I have a dual boot system
    > but I've read that some repositories have recently been compromised
    > so second thought are allowed..


    Yours or mine? If yours, I can not understand the hesitation.
    If cracked repository bothers you how can you stick with windows.
    Malware is delivered through cracked advertising servers, content
    servers, infected web sites,... right to your desktop.

    Micro$ft gives you patches once a month, for rampant exploits found in
    the wild. Reported exploits will get fixed when the "schedule" permits.
    Linux/unix are patched ASAP.

    I've lost the URL which tracked how long known exploits went unpached.

    I would think that would be big news and I have not heard of any
    "recently" cracked repositories. Off hand I can only recall 3.

    Those were because of leaked/guessed root password or doze malware
    snagged maintainer's id/pd.

    5+ million malware programs against single digit cracked repository
    seems like a no brainier choice to me.

  7. #7
    Bit Twister
    Guest

    Re: Is it still enough?

    On Mon, 26 Oct 2009 07:20:52 +1100, Grant wrote:

    > The safe way is to run Linux (or *BSD) on the Internet facing box,
    > isolates poor defenceless windows from the big bad Internet ;)


    That helps more ways than one. Criminals are cracking into the router
    from user's browser. :(

    Criminals attacking systems from the Internet side went out with
    diskettes. You need firewall for protection from worms and script kiddies.
    Criminals are cracking the system using the apps running on the system.


    > I wouldn't connect windows direct to DSL modem -- only reason people


    Isn't that the truth. Poor fools who get an infection, format, install
    XP cd are infected before they can get the service pack downloaded. :(

  8. #8
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Is it still enough?

    Bit Twister <BitTwister@mouse-potato.com> wrote:
    > On Mon, 26 Oct 2009 07:20:52 +1100, Grant wrote:
    >> I wouldn't connect windows direct to DSL modem -- only reason people

    >
    > Isn't that the truth. Poor fools who get an infection, format, install
    > XP cd are infected before they can get the service pack downloaded. :(


    You do realize that the Windows Firewall is enabled by default since XP
    SP2 (and could be switched on manually ever since XP RTM), don't you?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  9. #9
    Leythos
    Guest

    Re: Is it still enough?

    In article <7kk1qfF3830tkU1@mid.individual.net>, usenet-2009
    @planetcobalt.net says...
    >
    > Bit Twister <BitTwister@mouse-potato.com> wrote:
    > > On Mon, 26 Oct 2009 07:20:52 +1100, Grant wrote:
    > >> I wouldn't connect windows direct to DSL modem -- only reason people

    > >
    > > Isn't that the truth. Poor fools who get an infection, format, install
    > > XP cd are infected before they can get the service pack downloaded. :(

    >
    > You do realize that the Windows Firewall is enabled by default since XP
    > SP2 (and could be switched on manually ever since XP RTM), don't you?


    And you realize that in almost every residential pc I've seen, that file
    and printer sharing is enabled on computers connected directly to the
    internet?

    --
    You can't trust your best friends, your five senses, only the little
    voice inside you that most civilians don't even hear -- Listen to that.
    Trust yourself.
    spam999free@rrohio.com (remove 999 for proper email address)

  10. #10
    userid
    Guest

    Re: Is it still enough?

    Bit Twister wrote:
    >> Apparently, Comodo offers a whitelisting of about two million programs.
    >> If it were a way of checking the integrity of your system, why not? It
    >> sounds like a good idea to me.

    >
    > Heheh, last number I saw as past 5 million. Guessing half a$$ is
    > better than no a$$


    Ok, but I hope my system can only host some thousands :)

    >> That was something I have thought to. In fact, I have a dual boot system
    >> but I've read that some repositories have recently been compromised
    >> so second thought are allowed..

    >
    > Yours or mine? If yours, I can not understand the hesitation.
    > If cracked repository bothers you how can you stick with windows.
    > Malware is delivered through cracked advertising servers, content
    > servers, infected web sites,... right to your desktop.


    That's exactly my point. I don't mind being script scanned or whatsover,
    I think my box can bear that, but virtualizing every web session to
    avoid some unfortunate click is a pita and not always viable to me.
    That's why I was wondering if the idea of a white list was an effective
    idea (to avoid injections for example).

  11. #11
    userid
    Guest

    Re: Is it still enough?

    Grant wrote:
    > For the OP, I doubt any software in windows is the answer -- the answer
    > lies in a decent, separate firewall box between windows and the 'net.


    That's ok, I understand it. But what about when web browsing session in
    a public wifi spot? It's something that happens ever more often, at
    least to me

  12. #12
    Grant
    Guest

    Re: Is it still enough?

    On Mon, 26 Oct 2009 07:04:15 +0100, userid <userid@domain.invalid> wrote:

    >Grant wrote:
    >> For the OP, I doubt any software in windows is the answer -- the answer
    >> lies in a decent, separate firewall box between windows and the 'net.

    >
    >That's ok, I understand it. But what about when web browsing session in
    >a public wifi spot? It's something that happens ever more often, at
    >least to me


    If you have a decent laptop consider running a vm for browsing the
    'net -- after the session you can revert to the snapshot vm file
    and the machine will totally forget the session.

    You can still download files to the host system via shared folders,
    and these can have username/password protection on the share.

    Also, the browser vm could be a lightweight Linux distro with
    browsers and whatever you need.

    Would give you some isolation between main system and the 'net?

    I haven't tried this, just seems an avenue worth thinking about.
    The vmware site has free vmware-player and a safe web browsing vm
    available for download -- I've not used it. There's other vm
    stuff kicking around too you could try.

    Grant.
    --
    http://bugsplatter.id.au

  13. #13
    Bit Twister
    Guest

    Re: Is it still enough?

    On Mon, 26 Oct 2009 07:04:12 +0100, userid wrote:

    > I think my box can bear that, but virtualizing every web session to
    > avoid some unfortunate click is a pita and not always viable to me.
    > That's why I was wondering if the idea of a white list was an effective
    > idea (to avoid injections for example).


    Not so you would notice. Go here and click last (far right under Previous),
    to see list of recently know cracked sites.
    http://sla.ckers.org/forum/read.php?3,44

    Noticed pcworld.com about 3 quarters down the page.
    Guessing everyone is back is school since the dates are a little old.

    Found the zeroday url. http://research.eeye.com/html/alerts/zeroday/index.html
    Check out the History starting after the fifth stat.

    Nice read here http://blog.damballa.com/?p=311

  14. #14
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Is it still enough?

    userid <userid@domain.invalid> wrote:
    > Bit Twister wrote:
    >> Yours or mine? If yours, I can not understand the hesitation.
    >> If cracked repository bothers you how can you stick with windows.
    >> Malware is delivered through cracked advertising servers, content
    >> servers, infected web sites,... right to your desktop.

    >
    > That's exactly my point. I don't mind being script scanned or
    > whatsover, I think my box can bear that, but virtualizing every web
    > session to avoid some unfortunate click is a pita and not always
    > viable to me.


    It's also not necessary. At all.

    Use a limited user account and something like Firefox with NoScript
    (i.e. avoid active content in web-pages whenever and wherever possible).
    Apply some common sense on top of that, and you'll be fine.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  15. #15
    Bit Twister
    Guest

    Re: Is it still enough?

    On Mon, 26 Oct 2009 17:35:13 +1100, Grant wrote:

    > If you have a decent laptop consider running a vm for browsing the
    > 'net -- after the session you can revert to the snapshot vm file
    > and the machine will totally forget the session.


    That would help with the smart malware that checks to see if it is
    running in a vm. If so, it aborts to foil AV researchers.
    Since big web farms run a vm, crackers are hunting exploits in the vm
    server. Have seen patches for exploits gaining host access from the vm
    guest. :(

    > Also, the browser vm could be a lightweight Linux distro with
    > browsers and whatever you need.


    Heheheh, run linux and put doze in a vm guest. Delete the snapshot
    once a week and start another. :-D

    http://virtualbox.org is real easy to use. Currently I have 16 Linux
    guests each with about 8 gig drives. They are using 68 gigs of actual
    disk space so far.

    debian50 fedora11 kb409 md101 md2010a md81 md90 md91 md91a mdone91
    mdOneKDE pclinux slack12 su111 suse103 ubuntu904

  16. #16
    userid
    Guest

    Re: Is it still enough?

    Ansgar -59cobalt- Wiechers wrote:
    > userid <userid@domain.invalid> wrote:
    >> Bit Twister wrote:
    >>> Yours or mine? If yours, I can not understand the hesitation.
    >>> If cracked repository bothers you how can you stick with windows.
    >>> Malware is delivered through cracked advertising servers, content
    >>> servers, infected web sites,... right to your desktop.

    >> That's exactly my point. I don't mind being script scanned or
    >> whatsover, I think my box can bear that, but virtualizing every web
    >> session to avoid some unfortunate click is a pita and not always
    >> viable to me.

    >
    > It's also not necessary. At all.
    >
    > Use a limited user account and something like Firefox with NoScript
    > (i.e. avoid active content in web-pages whenever and wherever possible).
    > Apply some common sense on top of that, and you'll be fine.
    >


    Thank you all for all your good advice. Really.
    I think I now have again my good roadmap :)

    -FG

  17. #17
    goarilla
    Guest

    Re: Is it still enough?

    On Sun, 25 Oct 2009 20:10:03 -0400, Leythos wrote:

    > In article <7kk1qfF3830tkU1@mid.individual.net>, usenet-2009
    > @planetcobalt.net says...
    >>
    >> Bit Twister <BitTwister@mouse-potato.com> wrote:
    >> > On Mon, 26 Oct 2009 07:20:52 +1100, Grant wrote:
    >> >> I wouldn't connect windows direct to DSL modem -- only reason people
    >> >
    >> > Isn't that the truth. Poor fools who get an infection, format,
    >> > install XP cd are infected before they can get the service pack
    >> > downloaded. :(

    >>
    >> You do realize that the Windows Firewall is enabled by default since XP
    >> SP2 (and could be switched on manually ever since XP RTM), don't you?

    >
    > And you realize that in almost every residential pc I've seen, that file
    > and printer sharing is enabled on computers connected directly to the
    > internet?


    not only that but by default people buy a pc without a login
    and login as the Administrator account with a null password (win 95 ->
    windows xp), or some other stupid account like user or admin.

  18. #18
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Is it still enough?

    goarilla <kevin.paulus@skynet.remove-this.be> wrote:
    > On Sun, 25 Oct 2009 20:10:03 -0400, Leythos wrote:
    >> usenet-2009@planetcobalt.net says...
    >>> Bit Twister <BitTwister@mouse-potato.com> wrote:
    >>>> On Mon, 26 Oct 2009 07:20:52 +1100, Grant wrote:
    >>>>> I wouldn't connect windows direct to DSL modem -- only reason
    >>>>> people
    >>>>
    >>>> Isn't that the truth. Poor fools who get an infection, format,
    >>>> install XP cd are infected before they can get the service pack
    >>>> downloaded. :(
    >>>
    >>> You do realize that the Windows Firewall is enabled by default since
    >>> XP SP2 (and could be switched on manually ever since XP RTM), don't
    >>> you?

    >>
    >> And you realize that in almost every residential pc I've seen, that
    >> file and printer sharing is enabled on computers connected directly
    >> to the internet?

    >
    > not only that but by default people buy a pc without a login and login
    > as the Administrator account with a null password (win 95 -> windows
    > xp), or some other stupid account like user or admin.


    Do you people even read what you're responding to?

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •