Slashdot Mirror
How Are You Protecting Your Computers?
b0m8ad1l asks: "I'm wondering what AV, software/hardware firewalls Slashdot readers are using these days. I remember another Ask Slashdot a long time ago, but i'm curious as to how everyone is keeping up with the times. I'm using Kaspersky AV, Sygate Personal Firewall Pro, behind a Netgear RP114 router"
The slashdot editors would have all the information they'd need to hack me...
D-Lonk DI-604 router, Zone Alarm personal, Norton AV 2K2. When I install XP, I disconnect the computer from the network, install XP, and SP1, Zone Alarm, Norton AV, then reconnect to network and patch up.
OpenBSD/pf.
And when not that, Mac OS X.
You didn't specify it, but I assume you are referring to Windows. A question worth asking is whether whatever it is that has you running Windows is worth the hassle of worrying about virii/worms/etc.
No, nothing's perfect - but OS/X on my AlBook is pretty damn close. ;>
If you add complexity to deal with complexity you are introducing additional vectors for even more security problems. (One example: trusting that a virus detector is working because it says 'everything is fine'...only to find out later that the last virus through disabled the virus detector so it would always report 'everything is fine'.)
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
I don't bother with a software firewall. They're pretty pointless, as long as you have a hardware firewall.
All of my machines are behind a Linksys WRT54G. The windows machines have Spybot, Adaware and Norton installed on them.
Never had a problem. Ever.
I use Norton's flavor of the year with Zonealarm and the good sense not to open every email attachment.
And I always have a computer between me and the Internet with a firewall or NAT so that I can install new boxen in peace.
vk.
As browsing itself gets more and more perilous, a sound web browser is becoming as important as firewalls/AV software.
I use and recommend Firefox.
vk.
AVG AntiVirus. (Free)
Windows Firewall (XP Pro). (~Free)
Aerielink (Soyo) router. (~$60, incl. USB-WiFi used by other computer)
Before the router I ran Tiny Personal Firewall (now Kerio PF), and loved it (free and better than Zonealarm or BlackICE, for my needs). Also had Norton AV for a while, but it was just 'eh', and isn't free.
-bZj
.sig
Yes, it's a bit of damn overkill for a home setup, but you can never be too safe. :)
:)
-cable modem->linux 2.4 kernel router running iptables
-norton antivirus corporate edition
-Microsoft Software Update Services for the Windows boxes
-iptables for the Linux boxes
-ntop and snort for traffic monitoring
-I have a WRT54G that I don't use for routing anymore, just as a bridge. Anything that I use over wireless is done over ssh. Host connection, bank account checking, email, vpn to work, etc.
-various other utilities to monitor tcp/ip traffic
-good old fashioned obsessive tailing of logfiles along with vgrep
while true ; do echo this is my sig; done
I have a 5 port d-link router set up as a NAT, the cheapest I could find. After purchase I set the password and upgraded the firmware. That's the extent of my firewalling.
Most of my email and browsing is done in Mozilla. Never got infected through Internet Explorer or Outlook Express though. I have a Linux PC and a Windows XP PC running side by side. I don't use antivirus software and I don't get viruses or spyware.
I don't have a chance to dig up links for these, but diagnostic tools are a must if you really want to lock stuff down. First, generate and read logfiles whenever possible. Check things out with nmap, tcpdump, ActivePorts, Look@Lan, Kiwi syslog Daemon, Portlistener XP, Bazooka Spyware Utility, Spybot Search and Destroy, Socketlock ... the list goes on. Generally try any tool you can and you'll get a feel for what is actually to your tastes and useful.
US Democracy:The best person for the job (among These pre-selected choices...)
It's amusing that people focus on the latest-and-greatest security software, which IMO is more counterproductive than it is productive.
You get a whiz-bang anti-virus/firewall system set up and what does it do? Give you a false sense of security so you can feel more confident about engaging in irresponsible computer use. The problem is almost every piece of security software out there has at one point or another been vulnerable, so you're flirting with disaster.
I think no matter how many advances we have in this area, the basic rules of security will always apply:
1. Limit Accessibility.
99% of security issues are inside jobs. Limit physical access to your resources. Don't put any sensitive data on a machine that anyone else has access to that you don't want public. Use encryption, multi-wipe free space and turn off your machine when you're not using it.
Some people don't want to hear this but it needs to be said: DON'T USE WIRELESS if you're worried about security. No matter what precautions you're taking, by going Wireless you dramatically lower the integrity of your personal security PERIOD. It's one thing to use wireless on the road, but you should limit the sensitive information on your laptop in the first place because it's mobile, but it's really just plain lazy and irresponsible to run wireless in a permanent installation like your home if there is any practical way to avoid doing so.
I can't stress this enough: *unconditionally* WIRELESS IS MUCH LESS SECURE. It doesn't matter what protocol/encryption you're using, by going wireless you introduce additional ways your system/data can be accessed.
Remember the first commandment: True security is more dependent upon reducing access points than it is implementing protection of access points.
2. Disable ALL non-critical services. Don't run anything except what you need on your PC. Close all unused ports; remove all services and extra features and plug-ins that aren't needed. The fewer systems, the fewer points of vulnerability.
3. Keep all software fully-patched and up to date.
4. If possible, never use the "industry standard" software if it's not the most secure solution available. Dump IE and Outlook and switch to Firefox and Eudora.
5. TEXT ONLY E-MAIL... This, after #1 is IMO the biggest threat of them all. The added superficial benefit of html-email is not worth the security liabilities that come along with it. If you want to use html e-mail, I'd recommend a second, sandboxed account for that.
6. Never put a machine on public-addressable IP space unless it's a public server. Use a DSL/cable switch and put your systems on a VPN on the other side of a hardware firewall that filters out all non-essential traffic.
7. After you've taken care of 1-6, then and only then should you consider anti-virus/spyware and related software to be a useful addition.
ipkungfu
Have you tried Linux yet?
m0n0wall
kerio pf4
nod32
adawareSE
I haven't really customized my firewalls. All the software I use is free.
Win2k: AVG, Ad-Aware, SpyBot - Search and Destroy, Spyware Blaster
Linux: nada
Everyone does it, and just because one person has to install a firewall and another person has to hunt down drivers doesn't make either person superior to the other. Yeah I know, this is slashdot, where "Windows sux and Linux rulez", but if we're going to be asking serious questions we might as well be giving serious answers.
Myself, I use KPF and AVG, with AdAware on the side. Fortunatly, these three programs don't have much to do, thanks to Firefox and my cheap yet trusty DI-604 router. I'm actually going to be putting together a box for my parents this weekend too, so i've been busy loading up my USB flash drive with some of the aforementioned programs, and other first boot goodies. And if i'm lucky, my parents will turn over custody of their old computer (an aging P3-500) to me, which I hope to turn into my very first Linux box to muck around on. Then i'll get to experience the numerous pains-in-the-ass of both worlds! Should be fun.
I completely covered my PC with it. There`s no airlow, but at least it`s safe. I also sprinkled some holy water on it for good measure. Those Nazis will never get to my PC now.
>>>>>> Chewie, take the professor in the back and plug him into the hyperdrive.
GNU/Linux
on a soekris net4801 + vpn1401, and an 802.11b mini-pci from netgate
pf does ingress and egress filtering
all wireless is accomplished via ipsec. after packets are decrypted, they too are filtered
vodka, straight up, thank you!
My network consists of a windows machine and two linux boxen, all behind a FreeBSD router. The windows box (my main machine) has absolutely no firewall, antivirus, or spyware protection. I use this little known thing called common sense. Using common sense, and other software such as Firefox, Thunderbird, and other assorted non-Microsoft/vulnerable stuff, I have remained virus free for as long as I can remember.
Common sense saves money, and computer resources. It's a shame more people don't know how to use it.
everyday is another shooter.
First of all, I'm in Linux about 95% of the time. So I have no need of AV. I use a simple iptables firewall script for network protection.
The other 5% of my time is spent playing games. My machine duel boots into WinXP. I don't use WinXP for checking mail, and I use Firefox if I do any browsing. I don't download executables from questionable sites, therefore have no need for AV.
I use the internal WinXP firewall for network protection.
I bought a Macintosh ^_^
No, honest.
A bit of iptables, a superior and safer web browser, intelligent email clients.
I stopped worrying about viruses and being owned some time ago.
IANAL but write like a drunk one.
I'm running WinME, and I'm not running any AV or firewall software. It sucks up too many resources. You just have to be careful about what you download. Using Firefox instead of IE helps, too.
.. which also doubles as my Squid proxy/cache and DNS machine ..
...
Gotta say, I love the bootCD firewall solutions. Pretty darn hard to beat
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
Here's my setup:
Soekris small-form-factor communications computer running FreeBSD from a read-only CF card. Ethernet #1 goes to the internet. Ethernet #2 goes via a crossover cable to a mini-itx server running Gentoo (bastion host). Ethernet #3 goes to my LAN (2 Macs and another Gentoo, plus yet another soekris which is a firewall for an Airport base station which serves 2 more macs.. lots of paranoid firewalling on that one).
The soekris has NO ports open to the outside except SSH (which only allows connections from certain hosts) However, it forwards web and mail to the bastion host.
The bastion host is firewalled at the Soekris so it cannot make any outgoing connections except to outside SMTP ports. So if a hacker breaks into it, he can't do much. Tripwire runs nightly on there as well. It does the gentoo sync, etc., from the inside Linux box which gets the data off the internet.
I've never used any anti-virus program since I first started using computers (Unix, then Mac) in the 80's. I've never used Windows except briefly in college.
I read my email in Mutt and browse with OmniWeb (I don't use Mozilla or Firefox, etc., because I don't think they are any more secure than IE).
So, that is a little intense for a home LAN, but I get paid to set stuff up like this so I tend to "practice" there.
The title of the question gets it right ... but then the summary does not.
Security is not Programs. Security is a procedure.
Part of this procedure can utilise programs , but these will be of no use if your procedure is not adequate.
Set up your box securely, configure access-rights, etc and use AV/firewall programs where appropriate for your situation.
Relying upon programs to be your security is not effective.
b3 4phr41d 0f my 4bov3-4v3r4g3 c0mpu73r kn0wI3dg3!
MadDwarf
Absolutely nothing you have there would prevent the latest GDI exploit from running code of attackers choice on your Windows box by you doing nothing more complicated than viewing an image.
Keeping software updated is probably the most important thing anyone can do.
I don't do much work that I consider to be sensitive, but when I do, I use a machine with no connections. If anything goes onto or comes off that machine, it does it via the CD writer.
Apart from that, I do my web browsing on a Mac running OS9 - security through obsolesence is greatly underrated!
A pizza of radius z and thickness a has a volume of pi z z a
wtf @ WinME? seriously....wtf?
(well "Fire" MS Internet Explorer and Outlook, that is).
We've got a router with a built in firewall. on top of that we have ZoneAlarm on both computers on the network.
As stated previously, we run Firefox (not IE). Oh and Norton AntiVirus which hasn't found any virus/Trojan activity in ages (thanks in part to ridding myself of IE and Outlook). I have it set to to auto-update AV definitions.
That and I'm careful and just don't get that much "junk" (i.e. infected emails).
I only download from reputable sites.
Scott
©20014 angrykeyboarder & Elmer Fudd. All Wights Wesewved
I have a hardware firewall built into my switch/router (Linksys BEFDSR41W)
On my 2 windows boxes there is Zonealarm (the free one) and
AVG ANtivirus (also free) and of course i use firefox as my browser of choice.
On my linux boxes i have iptables for network protection.
I also run a few things like tripwire and snort along with chkrootkit just to be sure
---
Andrew T
I use a UPS to protect my computers + network.
;).
One of which runs FreeBSD and is set up as a firewall. Since FreeBSD is already "dying" perhaps the hackers won't bother to get too familiar with it
I use AVG, but it's more to prevent accidents (e.g. oops slipped and clicked the wrong thing) than anything.
By Refusing to install windows
if you click on CPU under process list it orders the processes by CPU usage. if you have a virus or a worm it will alway float on the top
apart from firefox and the latest windows patches that method does the job of a firewall for me, and without throwing all my system resources and cash as x amount of commericial security apps.
i'm trying to give up sigs.
Many questions:
Why did you choose TightVNC? Why not RealVNC, UltraVNC, or TridiaVNC?
Is it better to pay for VNC software, like Tridia VNC Pro or Radmin? Which software has video resolution scaling of the remote desktop?
What security is best? Is it good to use a VPN for secure access, or is SSH better? What Windows SSH server do you use?
What VPN hardware is best? We bought a NetGear FVS318 hardware firewall/router/VPN for a customer, and discovered that the remote administration password is openly transmitted. We found that logging out in the remote administration menu didn't always actually log out. We found Javascript errors. With the 2.4 firmware, more than one client can be logged in at the same time. That situation, two clients at the same time, would give an error message with the 2.3 firmware, so things seem to be going backward in some ways, in firmware that is already shaky. Our experience with Netgear technical support is that it is very limited. On the telephone we got someone in Tamil Nadu, India, who was allowed to practice for a short time with Netgear equipment, but who doesn't any longer have access to actual equipment. The online tech support just gave error messages. Not only that, but Fry's and Netgear arranged a rebate trick. They have a very long rebate receipt, and ask you to enter your address both at the top and at the bottom. If you don't enter it at the bottom, they deny your rebate.
I have a D-link 707P router and use Debian for my desktop, so I'm not too worried about viruses.
The only traffic allowed past the router is incoming port 22.
While no OS is good enough to ignore security issues on, OpenBSD comes damn close. You couple it with a good firewall policy and the chance of someone getting inside the default install is virtualy nil.
For software protection, I run OpenBSD on the only machine accessible through my router.
For physical protection, that OpenBSD box is an elderly PPro that's wedged behind a desk in my attic. On the off chance that someone breaks into my house, I doubt they'll bother moving furniture to steal an old beater machine; since I keep all of my important data on there, I could easily replace everything that's more obvious without too much trouble.
--saint
Well you assumed that computer == Windows?
I use Linux only but here you also do things to protect. But things you mentioned (FW, AV) are the basis. You have lots of other issues with security. I personally (despite of keeping patched and well configured systems) use only secure protocols (with encryption), use proactive security like patched kernels (MAC, stack controll etc.), intrusion detection system, honeypots and so on...
For my friends with Windows I usualy install:
ADAware PE (free)
AVAst HE (free)
Windows built in FW
Set Automatic Updates on
It usualy helps to keep the system running.
... and hide the key!
-- Agnitum.com's "Outpost" firewall, with all kinds of free plug-ins which let me control -- on a PER-DOMAIN basis -- things like scripts, activeX, java, referrers, etc. Also controls those things separately for http vs mail vs news. :o
Tried it on trial, liked it so much I paid for it.
-- McAfee VirusScan, because I got it free (corporate) and it seems to work ok.
-- on another system, english.mks.com.pl "mks_vir", which has recently been favorably reviewed for its dynamic adaptablility to not-yet-signatured new threats.
-- SpyBot, AdAware
"You either want to run scripts or not. You either want to use plug-ins and accept cookies or you don't."
Not true for me, depends a lot on the site.
Fortunately, Agnitum.com "Outpost" fw lets me control ALL those things on a per-site basis.
For the people who think that windows isn't secured: I've ran WinXP since its inception unprotected and haven't caught *anything* (I run adaware and a free online virus checker once every couple of months).
Condemnant quod non intellegunt.
Check out what I've got on my flash drive: http://exocet.ca/phpwiki/BradsTools
It's not a lot of drivers and such. More oriented to useful utils that can come in handy in a pinch. It's stuff that I tend to use fairly frequently and don't like to be without.
Exocet Industries - Taking over the world, one computer at a
I have a Linksys wireless switch behind my cable modem. My main Linux server is set up as a DMZ host. This server was built via Gentoo and the only services running that are exposed is ssh and Apache2.
:-)
I've not had an issue in the 2 years I've had this setup. I don't have problems with email worms and such because well all my machines run Linux
I've got a similiar setup for my parents and they've had minimal problems running all Windows. They've had some spyware issues lately because of some bad downloading but what can you do.
int func(int a);
func((b += 3, b));
My best firewall/AV is common-sense. If it looks suspicious, and even if it doesn't, avoid it.
I haven't (knock on wood) had a virus for 12 years now. Not since DOS 6.2, and even then it was just one of those annoying ones that would write itself to the MBR and floppy boot sectors, eating up RAM until it overwrote something important to DOS and the machine would lock.
I use a router (MN-100, Microsoft =[) as a firewall, with everything but for a tiny selection of ports blocked. All programs I use that are configurable wrt what ports they use are fed through what's forwarded to my machine. I don't bother with XP's built-in firewall, and ZoneAlarm had a nasty habit of hard-locking my machine whenever I tried to run any games online (it would lock before giving me the option to allow the game access to the 'net).
On the software side, I have AVG (free'ish), and a2 Free for "Malware", but I rarely run either as it's just not necessary.
What troubles me is the number of machines hitting my computer trying to exploit IIS. Way back I was running Apache, watching my logfile expand at an alarming rate as people tried to gain access to CMD.EXE for whatever nefarious purposes.
I see some crazy setups here on this thread. Really, NAT, AV software, and regular software updates are all you need. If you're not on Windows, you could probably even drop the AV stuff. Hell, you can probably drop the AV stuff even if you're ON Windows, as long as you're not installing shady software.
* 8-port Linksys Router/Firewall
Only a few incoming ports are opened - basically the ports needed for Soulseek and Bittorrent. If you're NAT'd behind a hardware firewall/router that blocks incoming connection requests before they even hit your PCs.... not a lot can happen to you aside from installing viruses yourself.
* Norton AV on each Windows PC
This is probably unnecessary, as long as you're not downloading shady warezs and shit, but... why not be safe, right?
* Firefox/Thunderbird
I know there have been a few security adviseries for these, but if you stick to these and don't download shady executable software that comes with Gator-type stuff, your spyware worries are basically nil. I do periodically do a scan with Spybot or Ad-Aware but.... thanks to Firefox they never return anything.
OtakuBooty.com: Smart, funny, sexy nerds.
If you would be so kind as to mod this up, that would kick ass.
One thing that hasn't been mentioned here is a good MOTD.
I have a MOTD informing law enforcement that my system contains privileged attorney-client information, which it does.
In theory, my MOTD puts them on notice that if they are picking through the contents of my hard drive, they should be doing it with my attorney present, deciding what can and cannot be read.
IANAL. I don't know if the theory holds water. It does give me a higher expectation of privacy than I would otherwise have, and I know courts have regarded the expectation of privacy as a deciding factor in some cases.
You've actually got it backwards. RSA is an extremely high profile and well understood target that's survived twenty years worth of attacks from hundreds of the brightest security researchers in the world. Your physical security by comparison is an infinitesimally obscure target that would crumble in an instant if subjected to the same intensity of attack from the same group of people.
You can call RSA whatever else you want, but the last thing in the world that applies to RSA is "obscurity." When it comes to network security, I feel more confident trusting the cryptographic security of RSA than the physical security of network cables. After all, only one of the two has withstood the best efforts of hundreds of top security researchers for twenty years, and it ain't the one you think.
NAT on router, Avast (free!)AV, AdAware and SpyBot S&D,Tiny Personal Firewall, and Firefox on boxes. I had many problems before switching to Firefox, but since then almost none. Don't use Outlook(never have).
Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti
Linksys router/firewall is the first line, with only three devices hooked to it: VoIP, web server(Linux/apache), and Linux Firewall. Inside linux firewall is dnscache/dhcp/samba server. Adservers filtered by Squid and large hosts file providing misdirection. No mail server or local mail storage - use a web based email provider. Sensitive data is stored on Novell IPX box. Workstations have resonable firewalls and AV. Only one WinXP box - wife's work laptop with AV and Zone.
It doesn't have to be perfect, just tough enough to make it worthwile for those interested to move on to softer targets.
-- "Never underestimate the power of human stupidity." - R.A.H.
FreeBSD 4.10 firewall (IPFW). Soon to be upgraded to 5.3 with pf. Blocks the majority of worms and snooping skr1p7 k1dd13 h4X0rZ.
No antivirus software - it's a waste of valuable resources. If you have half a brain you won't get infected (stop downloading and running everything just because a window popped up in your browser saying to).
If a machine DOES get infected the ONLY solution I accept is to wipe the damn thing out and start over from an empty disk -- No sense taking the chance that some other virus or worm is lurking around.
None of that net-nanny safe-surfing site-blocking shit. More damn trouble than it's worth. If you're worried about little Jane or Johnny going to eeeevil porno sites you can run a proxy server and then ground the little pervert when you see him lookin at www.sexwithmysaintbernard.com or whatever he/she is into.
Mozilla-derived browsers with popup blocking. Better than any commercial solution I've seen so far - they block the ad-crap but let most of my legit stuff through without needing intervention.
Best of all, all my machines perform at their peak since they're not tying up cycles with all this extra crap that really just gets in the way.
/~mikeg
I have a medium to large sized home network of 6 computers. Most of them are Mandrake Linux 10.0 only. One is dual boot (W2K and Mandrake Linux) and one is W2K only.
I use Netgear router and set it up to block everything form outside, except the ports I need (www, ftp, ssh). It also does not respond to pings.
On Windows, I use only Open Source or Free software. FireFox for browsing, Thunderbird for email, OpenOffice, Grisoft AVG for antivirus, and Adaware. I also use Yahoo and MSN messengers (not using GAIM until it has voice support).
On Linux, no antivirus is needed. The kids use other software including Open Office, Konqueror, Python and GAIM, and games.
Basically, if you are on Windows, and have a hardware firewall, use a decent antivirus program, use decent applications (i.e. non-Microsoft), and run Adaware every so often, then you will be safe. If you use Linux, you are generally safe too, provided you have a separate hardware firewall, and keep stuff up to date.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Like many others here it seems, I run AVG, ZoneAlarm, Ad-Aware and Spybot on my WinXP box, and use Firefox and Thunderbird. However, I recently hooked up ADSL through my ISP-supplied Binatone 4-port ADSL modem/router, and now I have concerns. My system used to be invisible c/o ZoneAlarm, but now I've got a fixed IP and this wonderful connection hardware that advertises its existence to anyone who cares to ask, and even leaves the FTP port open to the outside world!
Of course I've changed the password on the ADSL box to something absurdly long and unguessable, but I'm still worried that my PC (and any laptops connected to the same 4-port box) are now obviously visible. Anyone have any suggestions? I'm pretty much a geek, but not yet sufficiently knowledgable about ADSL hardware and hardware firewalls to make informed decisions here...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
For a firewall:
An old p2/450 running openbsd which i keep at 3.5 current. 3.6 is coming out next month, and i might upgrade if it proves needed.
Desktops:
I run linux, gentoo specifically, which i keep patched and updated on all my machines.
I have a WRT54G wifi wap, which is hooked via crossover cable to a seperate NIC on my firewall. the firewall has pf setup so my wired lan can talk to the wap-network, but the wap network cant touch my lan. gotta love "keep state" and flag checking.
other than that, i use spamassassin on evolution and firefox for my browsing. i've never gotten a virus, and knock on wood, never been hacked.
Most of my network runs Debian, so worms and viruses aren't too much of an issue. There is a Debian firewall up and running at the network edge, and all incoming mail is filtered by the mail server running spamassassin, clamav and exim for any viruses, thus protecting any Windows machines that collect mail from it. If needed, at home, AVG provides runtime virus protection for the Windows machines, and Norton AV Corp provides it at work. One day clamwin will support on-access scanning, which means I'll probably switch to that for home use.
Via 800mhx ITX machine running IPCOP (customized)
Squid & Dansguardian
Norton Corp AV 8
All automatic updates engaged (of couse I still need to visit each machine to click of on the EULA for SP2)
System policies limiting installations and setting changes
File permissions set to prevent the public from Writing and Executing in the same place.
About 60 public access machines at 8 different recreation centers on DSL internet.
Almost perfect...
SD
âoeWho knew something as harmless as willful ignorance could end up having real consequences?â
Linksys router (I have all incoming ports routed to my *nix boxes, so the Win 98/XP boxes are largely secured). Symantec/Norton on various computers. Remote Help turned off. Spyware S&D and AdAware. Hid IE and Outlook, installed Firefox/Thunderbird. Unfortunately, some of the family still uses AOL for email, and that uses IE :(. So, for that reason, and in case anyone finds IE, I put it on High security (no ActiveX, no Java[Script], no cookies etc).
I run Spybot & AdAware about once/week, and about once/month I use TrendMicro's HouseCall virus scan (over the web) in addition to Symantec's routine scans. Reformat/reinstall every 2-3 years. Change all passwords at least every 2 months.
a nice 12 gauge shotgun.
Coding my way to the next BSOD!
I installed XP Service Pack 2 on a clean install of Windows XP.
Everything else is optional.
The old, but good Kerio PF 2.1.5 and new amazing AV Stop! from ProAntivirus - it's all! :)
Oh come on, lets not be hypocritical here. I seriously doubt anyone can say they've done a fresh install of *distro-of-choice* and not spent some time tweaking things to get their system into a fully usable state.
Yes, but generally once you've done an fresh install of *distro-of-choice* you at least have the chance to get it on the network before it is hacked to death. Windows XP's basic install has gotten so far out in terms of security that a fresh XP install is generally compromised within *seconds* of being put on the network... far faster than you can download the patches to make it secure. The only way I can do XP installs these days is by putting it behind another machine that protects it from malicious attacks while it is made secure. Now compare that to Debian, which installs the latest everything by default, or even the likes of Mandrake which keeps a relatively current version for download, the XP install / update process is surprisingly difficult.
The ______ Agenda
WinXP Pro: AVG Free set to autoupdate and scan, Spybot S&D, also autoupdating and scanning, Windows Update set to auto download, but ask to install. SP2 Firewall turned on (I tested it and found it to be good enough that I stopped using ZoneAlarm)
FC2: Update regularly, no services available outside of LAN except testing webserver that is on port 8000 to bypass school's incoming traffic filter, test server only known fo a select few.
I used to get high on life, but I developed a tolerance. Now I need something stronger.
...if he gives you his root password and ip address he'll have been rooted, moron.
I am NaN
I don't have any anti-virus software. I have some simple procmail rules that delete messages with all but the most innocuous attachments, and the Win98 box isn't used for mail or web browsing (just some a few old Win apps and testing my own web sites on IE), so the only impact viruses have on my systems is that the mail-borne ones are just more spam.
http://alternatives.rzero.com/
That was a very clear, well written and reasoned refutation, and you are substantially correct. In fact, IMHO it is the first post in this thread to be worthy of positive karma!
I will admit that I have taken "security by obscurity" to it's logical literal extreme here, which is indeed an ideosyncracy of mine. It's not that I'm particularly trolling - It was originally because someone disagreed with my assertion that RSA was not secure in an absolute sense, which I (still) believe is utter tripe.
In fact it's mostly that I won't back down from an argument just because someone tells me I'm wrong unless someone responds to what I have written, and not to what they think they have read. I am, however, happy to injure their prejudices with the cognitive dissonance of unusual usage to get my point across...and while I may be being disingenous I am only returning the favour.
I don't mean to confuse people by this method, but if it does, I believe it's because they're reacting, instead of thinking. I strongly dislike the automatic use of perjorative Terms Of Art such as "security by obscurity" because they promote Lazy Thinking; i.e. "That is bad" rather than "That is bad in this case because..."
However you have responded reasonably, and so I admit defeat.
For the benefit of others: I still maintain transmitting data in a physically secure medium is still inherently better than broadcasting it.
Anyway comparing broadcasting RSA encrypted packets and clear packets down a wire is comparing apples to oranges.
--
I have to run Windows XP (SP2) because of games, I apologize...
I have a DMZ set up with a patched box connected with it's own IP and virus scanner. This is my sacrificial internet box, if you will.
The PC with real information on it, is behind a small router, with virus software and firewall to block it off from my servers and internet box.
I don't access the internet through anything but my net box, which I generally terminal into.
A ghost disc generally remedies any virus / *ware that I may encounter.
If you idle on any large network - and I'd gather PTP would apply here, but my experience is limited to IRC - your box will be hacked or hacking attempts will be made. I have had linux exploited and had the honor of having a previous version of OpenBSD rooted dispite being reasonably locked down, got me via the SSH bug. Since been upgraded and patched, but I don't like doing that frequently - hence OpenBSD.
The attack and compromise was almost immediately noticed via the display I have on my firewall and logging software. I'd say I get automated hacks from once a day to several, and I get what appears to be an more intelligent automated attack or targetted exploit once a week.
Were this a router + windows combination, I doubt it would have been noticed for some time.
My point is no matter how good your patching regimen, you still need to be aware. I run firefox and have never had a web-related problem or virus.
..don't panic
I'm running Norton Internet Security Suite 2004, on a XPSP2 OS because it came preloaded when I bought a faster home unit in August. I tried using a Panda 7.0 that I got talked into buying with it by a salesman who shouldn't have, but I switched back to the Norton preloaded because I came under a swarm of sometimes successful backdoor assaults and Norton allows me to relatively quickly integrate information about attacks and not have to rely on 3rd party software for various threats. It's "all in one".
For the last 3 days I've mostly been firewalling off a place called China with permanent refusals to allow connection, as various Chinese domains host attempted backdoor attacks on me, because of a steady stream of attacks seeking backdoor access (nothing to do with email or other overt contacts), but according to some news, those might ultimately stem from N.Korea routing through China. Unfortunately I'm a Verizon DSL subscriber and utterly responsible for all my own security at home, got successfully backdoored before I switched back to Norton, and I'm now stuck in a loop of other infected Verizon customers so that within 30 seconds of connecting to the net they all try to recontact me and reinstall me into the Verizon DSL infected customer loop, all on top of a steady stream of backdoor attacks routing through China.
Last night in one somewhat sleepy moment I accidentally permitted an unusual port contact (thought I was clicking on "block" but it slipped to "permit") and immediately got my host reset to an IP I can't even find in databases.
I suspect the recent resignation of the Homeland Security cyberdude has something to do with a massive attack on the US routing through China, which for whatever reason the administration is not willing to take the obvious steps about. So here I am, stuck applying my own personal UDP to any block of net addresses that I can find that are from China. They still come at me from other countries and the occassional hijackable computer in the US, though.
I like Norton IS 2004 very very much.
The difference between
I use a firewall, I've cleaned up the access ports, and I've taken most of the other reasonable steps that you should take. Most important, though, is that I power the system off when I'm not using it. Your machine can't be hacked if it's running at init level 0.
If I'm in Windows, I'm running XP SP2 with AVG and Kerio all behind a NetGear WGT624v2 wifi router. If I'm in Linux, it's Fedora Core 3 test 2 all with magical IPTables. :)
I never have to update AV definitions, ad-aware, windows, nothing.
The only tweaks i need are already provided when I restore my home directory which sets my background, window decorations, icon sets, email settings and messages, everything as if nothing ever changed. very simple, very quick.
Sure, I change my background from tme to time. I think most people do. I never have to "keep my guard up", that was done during the 35 minute install of the OS.
The guy asked a serious question: What are we doing protect our computers? We put linux on our computers. There is nothing hypocritical about it. Last time i installed windows for someone, I had to install more drivers after the fact than needed on a linux install.
BillG will keep you believing that Linux isn't ready, Linux is difficult.
The government which is strong enough to protect you from everything is strong enough to take everything from you.
I dont use a firewall, av, spyware cleaner or anything at all. I just restore the latest clean image of my HD using Acronis, whenever I run into trouble, which doesn't occur that much really. The Acronis restore works pretty fast too, like 10-15 minutes.
I use the Astaro firewall on an old pentium machine as a firewall.
I use a linksys WRT54G (un-mod'd at this point) for wireless.
90% of the machines in the house are macs now. Any intel/athlon that's left is running some flavor of linux.
The last ibook purchase became the 'general' family computer. It replaced the last windows machine I had.
If you've never tried Astaro, I highly recommend it. It's free for home use. And it's based on Linux. A nice http management interface, and it's easy to VPN into so your family can connect remotely.
http://slashdot.org/~tf23/journal
At the number of users who post I use yadda yadda behind a multi booger flick this. Linked to OS bleh, and a Such and such WIFI AP.
Yet they make no mention of having their WIFI network using any type of WEP.
Yeah you guys are safe!.
No offense to anyone, but any of you in IT know a system is only as safe as the people who use it keep it.
Unless you are the only one using it, it probably isn't secure.
I run no firewall, no AV, just linux configured as SNAT using iptable magic. And in 8 years on the net, I got my second virus ( I seem to average 1 per 4 years ). Doesn't really make me see the need to pay for a AV software license.
I am Bennett Haselton! I am Bennett Haselton!
1) FreeBSD gateway managing the ADSL connection protected by IPFW2
2) Mail server - sendmail with sasl authentication and clam-av milter plugin (which has caught the recent rash of Worm.Gibe.F and Exploit.IFrame.Gen mails i've been receiving)
3) Spam filtered by SpamBayes and sorted into imap folders with procmail
4) Thunderbird and Mozilla used as mail and http/ftp clients.
5) Adaware run every now and then with no problems usually found
6) Auto Updates turned on for XP, FF & TB
What I would like is a squid/other_http_proxy plugin to auto-virus scan http/ftp transfers automagically.
Music is everybody's possession.
It's only publishers who think that people own it.
Fuck Beta
~John Lenno
I just don't have anything worth hacking on my network.
Mod point free since 2001
...of course, it isn't nearly as reliable as anti-virus software. Some indications of virus/worm/trojan/adware activity include (but aren't limited to):
n and ~/RunServices
.exe, .dll, etc files then they could be suspect. Also look for binary/executable files with stupid or gibberish names like bhajjwkd.exe or pineapple.dll as they are most certainly bogus.
* increased network and/or CPU activity and/or disk activity when the machine is idle and no apps are apparently open
* open regedit and look for odd entries in the registry--by far the most common place for malicious entries are in HKLM/Software/Microsoft/Windows/CurrentVersion/Ru
* look in admin tools->services to see if there are strange entries there.
* do a search for recent creation or modifcation dates...if you haven't installed anything lately and you have very new looking
* if any registry keys, service names or file names are in doubt Google them.
Of course if you aren't that knowledgeable about Windows then you probably have no clue what is funny looking and what is normal because it all looks like gibberish (and when you think about it, a good deal of Windows normally is just gibberish).
I have little time for such goos chases and only go sleuthing if a machine behaves oddly. Therefore I use AVG to scan for viruses and run any Windows boxes on my home LAN behind the Linux firewall/NAT gateway.
Unless you are paranoid to do tasks like those above on a daily basis, you run a high risk of infection on a windows box. The most dangerous infections are the least visible to the user (keyloggers--they consume few resources on your PC and only register network activity when you type/actively using your pc).