"Sebastian G." after much thought,came up with this jewel in news: snipped-for-privacy@mid.dfncis.de:
Your correct. I think a router provides better protection than using a software firewall(some routers include a packet filter). And turning off un-needed services,using a more secure e-mail client/browser(like Thunderbird,Firefox) is better than relying on a software firewall alone. max
"s|b" after much thought,came up with this jewel in news:Jy7Vi.179033$ snipped-for-privacy@phobos.telenet-ops.be:
Here is a good start- MVPS hosts file Firefox with NoScript and AdBlock installed a good AV solution(like NOD32) Spyware Blaster Spybot Search+Destroy immunization Turn off Windows Messenger max
Already using it.
Already using it.
I use Avast, but if I want to stick with freeware, then I'd probably be better off with Avira Antivir.
Never used it.
Already using it.
First thing I did when started this PC.
Anything else?
WinIPFW (but only the latest SVN snapshot + some security fixes)
A very bad start for a proposedly good start. What should this shit be good for, other than fucking up the system?
AdBlock is not security relevant. And, of course, what about Firefox? Even NoScript can't make it any less broken. If you really like a Mozilla core, take Mozilla SeaMonkey.
This is not even a solution at all.
Oh please...
OH PLEASE...
Eh... yeah? Of course, intentionally running an insecure-by-design software is never a good idea.
Yes. Please flatten and rebuild your system. You broke it.
"Sebastian G." after much thought,came up with this jewel in news: snipped-for-privacy@mid.dfncis.de:
what???? a good hosts file doesn't f*ckup anything.
I just have no use for unsolicited ads...
for control of javascript....
I use Portable Apps and SM is not yet available.
what do you use?
any added protection that uses no extra resources is a good thing.
Why do you say anything is broken????
"Sebastian G." after much thought,came up with this jewel in news: snipped-for-privacy@mid.dfncis.de:
network
I have yet to put anyone in my killfile but you are getting close. You don't happen to be a 3rd cousin of pcbutts? max
what ??? common i know lots of entries pointing to localhost is a cat and mouse game at best but still ...
yes firefox is well ... a horrible code base but besides opera are there really any good standards compliant (sort of) browsers out there besides SM shares a LOT of that horrible code base how is firefox broken ?
true but NOD32 is the nicest of all PAV solutions (personal anti-virus :D)
are you against IM or just against MSN + MSNP ?
It does. It slows down the resolver and, in case of Windows, even partitially breaks it. Aside from that, it's simply superfluos.
Even further, it simply doesn't work, as a normal user doesn't have write access to the HOSTS file, and doesn't have the privilege to restart the system either - neither would this be reasonable.
Mozilla SeaMonkey is profile-portable by design.
A real solution: a global non-exec policy enforced by the kernel.
Any added software increases complexity and therefore decreases security. Unless it can actually justify this, it is a bad thing. Spyware scanners definitely are bad, and this immunization stuff has only one purpose: fucking up the system.
Because it usually is. Just like your concept.
it slows down the resolver and, in case of Windows, partitially breaks it. Updating the HOSTS file requires write access that a normal user doesn't have there, and an unwanted restart.
Hm? The horrible code of Firefox starts where the common base ends.
Just one keyword: Global Namespace Pollution
So what? I'd say my trash can is the most beautiful one in the area. Yet it's full of garbage and stinks.
Not even against the MSN IM protocol, but you should use an IM implementation that isn't designed to execute arbitrary commands of the attackers choice by default - which applies to Windows Messenger, MSN Messenger, MSN Explorer, Yahoo Messenger, ICQ/Lite and AIM. Quite strange that all the "official" clients are all broken by design, and the third-party implementations are the only safe ones...
No, don't do that - Seb's our resident 'Grumpy Old Man' and we love him dearly on this NG!
Jim Ford
never had a problem with it on a win xp machine but i don't really use the machine, my sister does
XUL is a big bloated piece of crap
you may talk all big and mighty but you're probably working with homogenous network environments in which ADS,group policy, proxy servers, etc, ... can be implemented sadly this isn't the case in 99,99 % of the home LAN environments and in which NOD32 is really really nice although it's a band-aid
true i use biltlebee + irssi
Quite the contrary. It allows for reference safety, type safety and contract enforcement, and is still very fast due to JIT. One could compare it to Java, or rather Python (because it allows on-the-fly changes).
I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with Debian and Windows 2000 + XP homogenous. But why do you name group policy? This is, by design, not a security measure.
As you say: it's a band-aid. Nothing more. Security starts with addressing the causing, not cascading the symptoms. Especially since the main problem, lacking user education, is even further amplified.
Quite the contrary. It allows for reference safety, type safety and contract enforcement, and is still very fast due to JIT. One could compare it to Java, or rather Python (because it allows on-the-fly changes).
I wouldn't call a mixture of SunRay with Solaris and Debian Linux, x86 with Debian and Windows 2000 + XP homogenous. But why do you name group policy? This is, by design, not a security measure.
As you say: it's a band-aid. Nothing more. Security starts with addressing the causing, not cascading the symptoms. Especially since the main problem, lacking user education, is even further amplified.
ok what would you do when some of your stupid users gets a virus ? reset a known good image ? that only works if you have a homogenous windows env.
well not quite but if you have lots of different pc's with windows it's a lot harder because you have to manage a lot of different images
and what's the causing of security problems beside the user ?
That's _really_ helpful. Danke!
Thanks, I'll take a look at it.
Depends on which systems. Those with higher security margins have a global no-exec policy implemented, thus they simply can't anything but the preinstalled software, and as long as this is up-to-date an in-memory process compromise of the network is extremely unlikely.
On those with lesser security margin: Delete all programs and script-relevant setting, if necessary restore their settings and their data from the latest backup.
Why are you always coming up with images? A user running malicious software only compromises all the programs and the data he had access to, which is, beside some necessarily shared data, only his own data. He can't damage the data of other user, and neither the system.
Hardware errors. This is what the restore images are intended for: getting the old system running on the new hardware again as soon as possible.
According to all the damage that you claimed to have done to your system, I don't see any reasonable chance to get it up running normally and then even securing it without a complete reinstall. The next time you should think very very very careful about every non-user-specific change that you introduce to the system, at best twice, before you most likely discard it as a stupid idea.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.