On Sat, 10 May 2008 07:21:49 +0100, Franklin wrote:
> On Sat 10 May 2008 03:00:20, Kayman wrote:
>> On Thu, 8 May 2008 14:11:07 void.no.spam.com@gmail.com wrote:
>>>
>>>
>>> If you wanted to be certain that a Windows computer was not
>>> infected with any viruses/spyware/trojans/etc, which scanners
>>> would you use?
>>
>> Security software manufacturers tend to overstate their product
>> description to instill fear and uncertainty; After all it's all
>> about the $ almighty. Please step back and try to remove the
>> advertisement hype from your mind.
>>
>> In WinXP the most dependable defenses are:
>> 1. Do not work as 'Administrator'; For day-to-day work routinely
>> use a Limited User Account (LUA).
>> 2. Secure (Harden) your operating system (OS).
>> 3. Keep your OS and all software on it updated/patched.
>> 4. Reconsider the usage of MSIE and MSOE.
>> 5. Review your installed 3rd party software applications
>> /utilities;
>> Remove clutter.
>> 6. Don't expose services to public networks.
>> 7. Activate the in-build firewall and configure Windows not to
>> use TCP/IP as transport protocol for NetBIOS, SMB and RPC,
>> leaving TCP/UDP ports 135,137-139 and 445 (the most exploited
>> Windows networking weak point) closed.
>> 7a. If on high-speed internet use a router as well.
>> 8. Routinely practice safe-hex.
>> 9. Regularly back-up data/files.
>> 10. Familiarize yourself with crash recovery tools and
>> re-installing your OS.
>> 11. Utilize a real-time anti-virus (AV) application and vital
>> system monitoring utilities/applications.
>> 12. Keep abreast of latest developments - Sh!t happens...you know.
>>
>> The least preferred defenses are:
>> Myriads of popular anti-whatever things and staying ignorant.
>> Educational Reading:
>> Security @ home
>> http://home20.inet.tele.dk/b_nice/index.htm
>>
>
>
> Good sensible stuff.
Thanks. And, with the exception of a router and reliable back-up software,
it's all freely available :-)
> The trouble seems to be that many users want a solution so easy that
> they can install and forget it and which needs no maintenance
> effort.
Yes, it's because too many users are blinded by marketing ballyhoos and
don't bother to research or question the motives of the makers of software
security ware. Many user apply some sort of a software because of an
appealing website or good looking icon and don't care to research for
alternatives and appropriateness.
If you're running a car without preventative M&R it'll come to a grinding
halt eventually.
> The belief that this is possible is sustained by security center
> suites which are marketed as if they can do this.
Apropos marketing, here is a good example:
Go to...
http://www.sunbelt-software.com/Home...onal-Firewall/
....and follow all the hype created by Sunbelt's *Marketing Department*.
Yeah, right. Talking about (killer deal) scare tactics :-)Still use the free Windows XP firewall?
Unfortunately, this gives you a false sense of security. It only protects
incoming traffic. But outgoing traffic, with your credit card info, social
security number, bank accounts, passwords and other confidential
information is not protected. The WinXP firewall will let it all go out.
But... SPF will block that data if you buy the FULL version! You absolutely
need a better, commercial-grade firewall.
So here is the *killer deal*....
Then read in...
Windows Personal Firewall Analysis
http://www.matousec.com/projects/win...ewalls-ratings
....a more realistic view which obviously was drafted by the head of
Sunbelt's *Operations Department*.
Sunbelt Software - the vendor of Sunbelt Kerio Personal Firewall
Anybody who worked for a large company understands the fundamentalSunbelt Software is committed to providing the strongest possible security
products to its customers, and we will be working to correct demonstrable
issues in the Sunbelt Personal Firewall. Users can expect these and other
continuing enhancements for the Sunbelt Personal Firewall in the near
future.
However, we have some reservations about personal firewall "leak testing"
in general. While we appreciate and support the unique value of independent
security testing, we are admittedly skeptical as to just how meaningful
these leak tests really are, especially as they reflect real-world
environments.
The key assumption of "leak testing" -- namely, that it is somehow useful
to measure the outbound protection provided by personal firewalls in cases
where malware has already executed on the test box -- strikes us as a
questionable basis on which to build a security assessment. Today's malware
is so malicious and cleverly designed that it is often safest to regard PCs
as so thoroughly compromised that nothing on the box can be trusted once
the malware executes. In short, "leak testing" starts after the game is
already lost, as the malware has already gotten past the inbound firewall
protection.
Moreover, "leak testing" is predicated on the further assumption that
personal firewalls should warn users about outbound connections even when
the involved code components are not demonstrably malicious or suspicious
(as is the case with the simulator programs used for "leak testing"). In
fact, this kind of program design risks pop-up fatigue in users,
effectively lowering the overall security of the system -- the reason
developers are increasingly shunning this design for security applications.
Finally, leak testing typically relies on simulator programs, the use of
which is widely discredited among respected anti-malware researchers -- and
for good reason. Simulators simply cannot approximate the actual behavior
of real malware in real world conditions. Furthermore, when simulators are
used for anti-malware testing, the testing process is almost unavoidably
tailored to fit the limitations of simulator instead of the complexity of
real world conditions. What gets lost is a sense for how the tested
products actually perform against live, kicking malware that exhibits
behavior too complex to be captured in narrowly designed simulators.
differences between Marketing and Operations.
'nuff said :-)
Cheers...
Reply With Quote