snipped-for-privacy@address.com (Joe Samangitak) wrote in news: snipped-for-privacy@posting.google.com:
You're not going to get that advice. There is nothing running on the computer that's going to stop another program from doing something once that program has reached the machine and has been executed by the user. If you have caused the execution of the malware program by clicking on something that has caused the execution of the malware program whether or not the click event caused the malware program to drop its payload of other backdoor programs and they are executed, then it's over as you have seen.
If you're looking for that magic bullet, it's not there. A malware program that drops a payload must be executed by the end user in some kind of shape, form or fashion. It just doesn't happen without the assistance of the end user.
The buck stops with you and it doesn't stop anywhere else.
Good advice. Depending on your anti-virus, anti-trojan, anti-spyware application to know about the 'malware du jour' might leave you 0w3n3d if the malware author changes capitalization on a text message, or inserts two or three NOPs near the front of the code.
Why dont you like Windows? All the worlds top applications run under Windows.
Malware can slip in, even with the best of protection. So I ghost the machines to make sure that anything that slipped without me knowing about it is eliminated.
1433 and 1434 are the ports for MS SQL, the SQL Slammer worm that about shut-down the internet.
There are those that say you get what you pay for, when it comes to a mission critical system I never run the "Free" versions of AV software on them. Corporate versions of AV software don't always have a subscription base, they update for years without renewal.
Nope, I have not rebooted my XP machine in almost a month, 3AM every day is the proper method (or 2AM or any other time as long as you check once a day).
Sorry, wrong, Outlook Express is the WORST Usenet reader available to ANYONE. ThunderBird does Usenet as does about 30 other Windows Usenet readers. I would NEVER use OE for Usenet (or email either).
Then you still need to ONLY run as administrator to do the tasks that require administrator access - if playing your game, don't browse the web, don't get email, don't do anything buy play the game, then switch back to a User account when done. Trust me, even if you don't like it, this one thing will prevent a LOT of issues.
I've used Ghost since it was owned by BinaryResearch (5.0) and I would never ghost once a month - there are to many updates and patches and security issues to deal with to do it monthly, and on a properly configured system once a year is too much (unless it's a heavy development system).
If you don't do any serious work with your computer then re-imaging it would not really be an issue, but you're failing to address the real issue
- security. Re-Imaging is not addressing the issue of security. If you were to take the amount of time you invest into imaging, updates, patches, reinstalling apps, you could easily protect the machine from malware and not have to waste so much time.
Completely different scenario - we always reimage training center machines before each class - it only takes about 15 minutes and ensures that the student has a clean and working machine. This is not the same as you, being the only user, re-imaging your machine because you've not taken the time to learn about securing it.
I have been using computers since 76, never had a virus on any of my computers or computers that we manage for clients - and re-imaging had nothing to do with it. Take some time to learn about Security.
Duane, I can assure you that Tiny, not in the hands of a home/ignorant user, is more capable than any NAT device. I personally run Tiny and Kerio (not on the same machines) on our laptops and have it setup to protect our system when at clients locations. The team understands the implications of all the probes, DNS outbound, etc... The team is better protected than most of the companies we work for. I don't really use it for Application restrictions, I use it to block PORTS IN/OUT, but there are some settings for applications also.
A properly configured personal firewall in the hands of a security professional will be far more effective than even a real firewall appliance in the hands of a home user/ignorant type.
Now, just to make sure you understand, I DO NOT advocate installing any computer/server directly connected to the internet - at the least a router that does NAT (which is not a firewall) is needed.
Complete security is not possible because you can't know what you have overlooked until it is too late.
You appear to be doing almost everything that can be done to make a Windows PC as secure as it can be but it looks to me like you want everything done automatically by the computer.
Computers cannot be secured by software running on the computer if the software runs at the same privilege level as the malware. This will just result in a fight, and the malware will win because malware is often written in an efficient manner by clever people. Security software is often written on the command of well funded marketing departments who know that bloatware sells, even if it's useless for security.
If you took greater interest in what is actually in your Windows computer (instead of just having a quick look at task manager) then you may get a bit further with keeping it secure.
No web browser is going to stop you downloading and installing a trojan if you choose to do so. So in your case an external firewall box which can strip out any kind of incoming executable code is likely to be a good idea. It will have to be configured to allow Windows update and virus scanner updates to work.
If you got a trojan then you're not running the best AV product on the market, or you were visiting sites that you should not have been visiting.
A personal firewall in the hands of a home user, a non-security expert, is almost useless and affords little protection.
You need to stop right here - you were logged on as a User with "Administrator" rights - that means YOU ARE AN ADMINISTRATOR. If you don't change the account type to USER/LIMITED you can easily corrupt your machine.
You've got to take time to understand these differences - Any account with Administrator level access IS an Administrator.
Actually, you do have a network - the connection to the internet puts you on the worlds largest network.
If you are on DSL/Cable or anything that uses a network/USB cable to access the internet then you need a router - it has nothing to do with browsing, it has everything to do with blocking your machine from users that want to exploit holes in your OS/Applications without you knowing about it.
It's because you need to take the time to learn about security and follow the direction that I posted (10 steps) earlier in this thread. If you follow those directions you are 99.9% LESS likely to get infected, even when you visit a site that is malicious.
Sure it does - you already said you don't know how it got on your computer, so how do you know if your choices are good or not. If you have a Windows (or any OS) PC connected to Dial-Up or High-Speed and left File/Printer sharing enabled you are just asking for trouble, same if you are not using a NAT device to protect your computer (they make LAN MODEM's for dial-up, but they are expensive)...
You just need to learn more about security and how these things get into your computer. What would help the most is if you also learn about not visiting unknown sites, stop accepting email that you didn't ask for, etc...
You don't connect anything to the Web except middleware and reverse proxies. If you mean Internet, say so. The World Wide Web is a completely different thing from Internet, and normally only Windows users confuse the two.
Yes, I agree that Tiny has more ability to protect than a NAT device. But I have also seen posts that Tiny could be used to protect a business network on some kind of gateway computer. Maybe, I guess Tiny could be used in a that capacity on a gateway device in a SOHO situation I know of one person that is using a XP Pro machine with its FW doing that. But I have also seen posts about Tiny being portrayed that it can protect a large corporate network (with APP Control running) and I know that it cannot do it, even without (App Control running). Duane :)
I would never suggest a PFW for anything other than a single computer and then only in the hands of someone that knows how to use it and understands security. We, for instance, only use PFW's on our laptops since we take them to clients offices.
Nothing apart from the Alert Management Server, Centralised policy + control, the ability to define both desktop and mobile groups, central quarantine, Liveupdate Administration, extended reporting and logging. The groupware edition also does SMTP scanning, message store scanning, attachment filtering, spam + content blocking, enables you to pull in blacklists like SORBS etc. Both allow you to deploy clients and servers from the console. There's also a firewall component for desktops available. E.
Come on now, that's not quite fare - I have servers that have run for more than 3 years without a restart/reboot. My exchange server ran for over a year before I installed new AV software on it and the AV product required a reboot....
It's not about Windows, its about how well you know how to configure and secure the machines.
snipped-for-privacy@address.com (Joe Samangitak) wrote in news: snipped-for-privacy@posting.google.com:
All this software and you're using Internet Explorer with "Install On Demand" enabled. It sounds like you've done enough boning up on security not to make such a mistake. No firewall will stop installation of malware since the browser is a trusted app.
"Leythos" wrote in message news: snipped-for-privacy@nowhere.lan...
Just one problem, FS2002 and 2004 have to go to the Web to download the latest worldwide weather (FS2004 does this every 15 minutes). There are a couple of other weather programs for FS98, and later, which update every 30 minutes. So, playing with Flight Simulator, if I want the latest real world weather, it has to go to the Web. At least FSMetar does not require Internet Explorer to work.
Well, I keep important files on a second hard disk in the NAT Box, so losing files when ghosting the machine is not much of an issue. I have two very high capacity hard disks (over 100GB), and I use one to periodically back up files on the second hard disk. If you use Ghost, you also need a >100MB hard disk to store the Ghost images.
Where I went to college used a program similar to the much-touted Evidence Eliminator, only much more sophisticated. This program did two things. It zeroed the disk and restored the desired configuration. People like ejfudd820 may tout Evidence Eliminator, and you have to admit that it is good at what it does, but the program they used in the labs would blow EE away. They used this to keep the University, and any of its administration out of trouble, if any student/staff/faculty ever did something illegal. The primary worry was software piracy. The program would first erase any file not in the list of files to keep and then it would zero the disk space as it went. Web cache, internet history, unauthorized software installations, etc, etc, we would be erased and zeroed, and then files they wanted on there restored. The software they used did keep the university out of hot water a few times. I did hear of invesigators investigating for software piracy, but they were unable to recover anything from the hard disks. It also kept the unversity out of hot water once when one of the counselors was arrested for downloading child p*rn. Because this program wiped and restored the hard disk on his office computer regularly, the authorities were unable to recover any evidence against the university, so the university avoided any criminal or civil liability, though the last I heard the counselor was doing hard time for downloading child p*rn. The counselor got into trouble, but the university was kept out of hot water because of the program they used to reguarly wipe and restore disks on their network. The only evidence was from the person's home computer, so he was the only one that got into trouble, and the unversity got off scott free. .
Uptime is clocked and stored in the registry. It seems to go without saying that most Linux advocates know little about Windows. The problems they have with it are almost always clueless newbie issues.
Gee, I must be missing something then. Maybe there's a reason though.
Malware gets in because you clicked 'OK' or have configured your browser to automatically install anything that is offered. This could also be because you've enabled ActiveX, Java* or other vectors to "improve your surfing experience". It also gets in because you are running as the 'privileged' user (ADMIN, or root, or similar) because running as an unprivileged general user is a hassle. Some people also discover that the very "enjoyable" site they visited wasn't completely innocent.
A firewall helps, but learning what your software is doing and using common sense is a better solution.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.