Please explain why you chose one over the others.

Note: (anti-malware software means: SRP, anti-executables, HIPS, virtualization, etc.)

Actually I think Keeping OS and applications patched and restricting privileges are both the most important, and backing up is also just as important for security as well as for other reasons as well.

Make sure your PC is off all the time ;D.

Jokes aside, since windows OS is targeted by almost every black hat on the planet, using another OS will probably keep you out of troubles :) .

I think the most important is a updated OS and applications on hand.IMO a machine missing critical updates leaves a backdoor wide open to an attack.No matter what security is protecting the front door whats stopping the exploits entering the back door.

The key word is secure so... keeping any and all software updated at all times is the single most important step anyone can take. The second step is using them!

The first level of security is always physical security.

Once the computer is physically secure, you can begin looking at the ways it can be accessed without touching it, such as through a network or through applications. Only then should one be looking at routers, firewalls, passwords, and other software.

-{ Quote: "What do you think is the single most important thing you can do to secure a PC? " }-
I voted for Other, and that would have to be education. You have to educate yourself... whether it is to select the proper software, to make the right surfing choices, to configure properly, how to update, how to create back ups, or how to select the right help and whose advice to take if/when you can't handle the learning curves. It's got to be education.

Not much anything can do if you're running as a restricted user, even if you did get hacked/hijacked/infected and are running out-of-date software. So that's on my most important thing.

Get behind a hardware NAT box first.

All the others are important. But say you only have a cable modem, no router. Say you just unboxed a brand new PC, or just installed Windows on your newly built PC. Windows is not up to date with Microsoft updates, your antivirus is not up to date yet, or..if you use a software firewall..it's not up to date yet.

Plug a computer without updates directly into your cable modem..sitting on a public IP address. Your PC is, within a minute, subject to an infection from worms out there 'n other bad stuff. You're trying to get your updates downloaded to secure it..but..hey, within a minute, you could catch something that exploits a vulnerability from your non-updated OS.

VERSUS

Plus your PC behind a little old home broadband router...safely hiding behind NAT. You could take a PC with virgin Windows XP with no service packs yet...and you can take your time downloading/installing your Microsoft updates, antivirus updates, software firewall updates if you wish to run one. That PC can sit there running for days...weeks...and it's safe...unless you go do stupid things like open e-mail attachments, surf bad sites, download p2p warez stuff, etc.

I never...ever...build computers without having them safely behind NAT.

-{ Quote: "I voted for Other, and that would have to be education. You have to educate yourself... whether it is to select the proper software, to make the right surfing choices, to configure properly, how to update, how to create back ups, or how to select the right help and whose advice to take if/when you can't handle the learning curves. It's got to be education." }-
I voted Other for the same reason. Education is the most important.

Imaging obviously.

I voted for Other, Linux "is the single most important step in securing a PC"

-{ Quote: "Get behind a hardware NAT box first." }-
:thumb:

I can't look at that list and pick out one item that's more important than any other. Each of those items should be addressed in the security policy that governs how that PC is used. My choice is "Other", which is the forming and implementing a security policy that fits your particular needs. The software, security apps, even the OS are chosen based on that policy. Some items like system backups are universal for any setup. How everything fits together is more important than any of the individual pieces.

1. Put it behind a router with NAT.
2. Patch everything.

Just USE YOUR BRAIN.

I mean it. Understand computers. Understand malware. Understand malware vectors. Act accordingly.

That's it.

-{ Quote: "I voted Other for the same reason. Education is the most important." }-
I second that. Once the people realize, that they can not rely just on the security aplications, they are on the good way to have their PC secured.

-{ Quote: "Get behind a hardware NAT box first." }-
That makes sense for XP before SP1 or even SP2. But would you give the same advice for systems running Vista SP1, or even XP SP3 now that WF is on by default and those earlier critical vulnerabilities in the services exposed to the internet are patched?

The worst thing that can happen to a hard drive is to fail due to age, heat, all sorts of environmental parameters, and apart from expensive forensic analysis the only rational solution is restoring the OS with an image stored elsewhere.

To protect data from being stolen, I think a good firewall and a virtualizer/sandbox properly used can be quite effective.

Other: Common Sense!

-{ Quote: "That makes sense for XP before SP1 or even SP2. But would you give the same advice for systems running Vista SP1, or even XP SP3 now that WF is on by default and those earlier critical vulnerabilities in the services exposed to the internet are patched?" }-

I mandate it for myself when building systems for others and myself...yes newer OS's slipstreamed with most recent service packs and Vista and W7 are more secure...but who knows if a new exploit is spreading around <today>...exploits come out and spread all the time. Building and keeping a rig behind a little NAT box..it's 100% safe from those self spreading exploits. There is simply zero to worry about.

Using an alternative OS: Mac/Linux.

Everything u mentioned comes under education.:-\

I chose "run as restricted user" for obvius reasons. Why in the lords name do anyone want to give full access to their computer to the malware?

Am afraid I'll have to be boring, and joint the "other" for Education, without it, you're not even going to know to look at many of the options listed above. I know many people who have never heard of a sandbox, a router is just a thing that sends the internet wirelessly around the house etc. A little bit of education dramatically will reduce most average folks' exposure to threats on the net.

Education :thumb:

I choose "Use anti-malware software (HIPS, virualization, etc.)" if i can i would select "run as restricted user" also.

Lots of good suggested answers, but the one single best is not to visit dangerous sites.

Unfortunately, web site attacks are not limited to the dangerous sites.

SOME REFERENCES

Pro tennis website hit by SQL hack
http://www.techworld.com/security/news/index.cfm?newsid=102072
-{ Quote: "The SQL injection attack acts as a conduit for spyware and trojans to be downloaded to victims' machines." }-Dolphins' Web sites hacked in advance of Super Bowl
http://www.networkworld.com/news/2007/020207-dolphins-web-sites-hacked-in.html
-{ Quote: "The Dolphins' sites serve up malicious JavaScript code that exploits two known Windows vulnerabilities, Hubbard said. It then attempts to connect with a second Web server that installs a Trojan downloader and a password stealing program on the victim's computer. The Trojan program lets the attackers install malicious software at a later date, he said." }-SQL Injection Worm on the Loose (UPDATED x2)
http://isc.sans.org/diary.html?storyid=4393
-{ Quote: "From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier." }-BellSouth Network Status page gives Norton AntiVirus alert!
http://www.broadbandreports.com/forum/r18088259-BellSouth-Network-Status-page-gives-Norton-AntiVirus-alert
-{ Quote: "Kaspersky Internet Security is showing me an Exploit.JS.ADODB.Stream.y and Exploit.HTML.Mht warning at the Rutherfordton, NC status page.

Exploit-MS06-014 in Win 2000." }- A close look at the analyses shows that the IE browser unpatched is required to become victimized by these attacks. Learning how to secure IE and keeping it patched, or using an alternate browser, would seem to be the best protection against this type of exploit.

However, not all web site attacks are targeted at the browser or the OS. Several recent attacks targeted unpatched versions of Flash (SWF file) and Abode Reader (PDF file)

A PDF exploit involving a Redirect vulnerability was first reported on a Google forum:
-{ Quote: "My laptop (running Windows XP SP2 32-bit with latest updates, ZoneAlarm Pro 7.0.483.000, and NOD32 2.70.32 with latest definitions 3773 [2009/01/17]) is also infected with this. I don't use IE and only run Firefox 2.0.0.20." }-From a security analysis:

-{ Quote: "SUMMARY: In short, there are some sites that performing remote code execution based on security vulnerabilities in unpatched or un-updated versions of Adobe Acrobat (Reader and Full) version 7 and 8. The rootkit is sent encapsulated in a PDF file and security holes in Acrobat allow the rootkit file to execute after reception." }-It becomes apparent after a while that understanding the methods by which malware infects is the starting point for securing the PC, for only in this way will the user know what types of security products to employ to support a security strategy.

The best way to gain this knowledge is to watch security sites for descriptions of exploits and the attack vectors used. Then you ask yourself, What do I need in place to prevent this exploit from being successful?


----
rich

-{ Quote: "Get behind a hardware NAT box first.
All the others are important. But say you only have a cable modem, no router. Say you just unboxed a brand new PC, or just installed Windows on your newly built PC. Windows is not up to date with Microsoft updates, your antivirus is not up to date yet, or..if you use a software firewall..it's not up to date yet." }-
+1 (and to everything else you said - too big to quote) :)
I've been infected by a worm in a few mins after a clean install a few years back (no hardware firewall). Had a lot of outbound traffic although I didn't have anything running. Decided to format again!

Hello,

Many things are important, not just one. The most critical (provided you are already behind a router) are running as a restricted user and keeping you up to date. I was just disinfecting today a laptop infected by a malware running with a rootkit part (hiden processes and service entry) while an antivirus and firewall were installed.

The session was running in _administrator_ which explains it all.

Regards,
gkweb.

I think a lot of those poll options are important, but I voted for safe surfing habits. It's not fool-proof. If you avoid the known risky sites you can prevent problems.

Many of the choices discover or prevent malware. I chose imaging because if you image a malware free environment, you can always recover and have confidence in a safe uninfected system through image recovery.

SourMilk out

Hello,

There is no more "safe websites". Nowadays even official antivirus websites for instance have been hacked to serve malware to the visitors.

About imaging, the harm has already been done, your passwords could have been sent out before you restore a clean image.

The root of all evil is truly running with administrator rights (pun not intended).

Regards,
gkweb.

-{ Quote: "1. Put it behind a router with NAT.
2. Patch everything." }-

Mostly agreed, but I would word it differently:

1. Make sure you have a firewall of some kind.
-- Preferably a WiFi router, or a firewall on your DSL or cable adapter. Lacking those things, make sure the host-based firewall is turned on on the system as soon as it boots up.

2. Enable auto-updating on everything.
-- Most important on Windows itself, but also Flash (which is a pain), Acrobat reader, Firefox, openoffice, MS office, Quicktime, iTunes, Safari, and whatever chat clients you use.

I use to tell people that turning on auto-updates was the single most important thing, but now it ranks as necessary-but-insufficient, given the network-based attacks as YeOldeStonecat mentioned. Conficker virus, if nothing else, would mandate a firewall as being #1.

-{ Quote: "Just USE YOUR BRAIN.

I mean it. Understand computers. Understand malware. Understand malware vectors. Act accordingly.

That's it." }-
I'm going to have to agree with you :thumb:

P.S. This poll/thread is a pretty good guide for newbies to follow.

Thsi poll can never reach to any conclusion , cos the question itself is inherently faulty.Different combination of these softwares are required to ensure security. Which is more important for a human being heart or lungs?:)

-{ Quote: "Thsi poll can never reach to any conclusion , cos the question itself is inherently faulty.Different combination of these softwares are required to ensure security. Which is more important for a human being heart or lungs?:)" }-
I think your comments are fair. I also hope the assessment by innerpeace is also true.

To paraphrase Nietzsche, a question may still have utility even though it is in some respects a faulty question.

Other: Common Sense

I voted for updating apps and the OS. Although I feel as strongly about a firewall and restricted user.

Alternative OS's geared for the home user's desktop will (often) drop you into a restricted account with a firewall enabled and a balloon informing you that there are updates ready to be downloaded and installed.

-{ Quote: "Thsi poll can never reach to any conclusion , cos the question itself is inherently faulty.Different combination of these softwares are required to ensure security. Which is more important for a human being heart or lungs?:)" }-
Nope, question isnt faulty, the option "backup/imaging" is incorrect though because it doesnt keep your system secure, its used after your system has been comprimised.

You're talking about keeping your PC secure overall. The question is the single most important step in securing, can only have 1 choice, and thats the one you consider most important. Yes, you should have a firewall, yes you should keep software updated etc, but the question's asking what is the most important... several things cant be the most important, eradicates the meaning of "most" ;)

There are two questions raised by the OP. The Thread topic uses the word "step" and the Poll question uses "thing." Very different.

"Step" indicates

-{ Quote: "a move, act, or proceeding, as toward some end or in the general course of some action" }- "Thing" here refers to one object (product or action), and the Poll has a list.

I responded earlier with "step" in mind and suggested that the single most important is the first step, which from my point of view, is to understand what you are securing against. That is, how does malware get onto the computer and how can I prevent it.

Reasoning from this basis, it quickly becomes obvious that no one "thing" covers all. But understanding how the attacks work lead the user to choosing the "things" necessary for the user's situation:


products: router, etc


actions: safe downloading, etc

I think Hurst also implies this approach.

----
rich

Interesting point, Rmus and Hurst, and I agree with you if you assume that the question is oriented at an IT person or someone who is very computer literate.

At the risk of being presumptuous, I assumed that the poll question was preceded by the clause "If you are an average user,...".

I think basic computer and security literacy are necessary for anyone connecting to the Internet. Unfortunately, most users don't have that. With that being the case, distilling it down to

Step 1: do x
Step 2: do y
Step 3: do z

and providing links to explanations at each step, seems the best remedy.

It's for that reason that I look forward to Windows coming with an antivirus, antispyware, and host-based firewall already installed and turned on at startup (if that is indeed the plan).


You could always legislate the requirement for an actual Internet License...:)

-{ Quote: "Nope, question isnt faulty, the option "backup/imaging" is incorrect though because it doesnt keep your system secure, its used after your system has been comprimised." }-

No antivirus can detect and remove every virus hence having Backup is very important. And morever BSOD may not be caused by virus , but may happen due to a ill working software.No uninstaller is perfect.Imaging is the essential step in security.

-{ Quote: "You're talking about keeping your PC secure overall. The question is the single most important step in securing, can only have 1 choice, and thats the one you consider most important. Yes, you should have a firewall, yes you should keep software updated etc, but the question's asking what is the most important... several things cant be the most important, eradicates the meaning of "most" ;)" }-

Yes wat u say is right , But still implementing one step and not implementing others is ineffective.

-{ Quote: "Reasoning from this basis, it quickly becomes obvious that no one "thing" covers all. But understanding how the attacks work lead the user to choosing the "things" necessary for the user's situation:

products: router, etc

actions: safe downloading, etc

" }-

This makes great sense. You should consider starting a thread on this topic.

Another rmus quote:
http://www.wilderssecurity.com/showthread.php?t=197456&page=5
post #116
"The lesson for me is that despite the many reports of vulnerabilities and PoC showing how code can be manipulated, the vast majority of attacks attempt to install a binary payload. I've suspected this for a long time. They are pretty easy to test if you can get the link before it's taken down. Or if you don't have the particular application that is being exploited (Safari browser; Quicktime; Messenger)

"This being the case, one's security setup doesn't have to be sophisticated at all. As the LUA and SRP threads have shown, you can be pretty well protected against the most commonly seen exploits in the wild.

I perused this "SRP vs. Anti-Executable" thread again yesterday. Good thread and compelling quote.

Member fcukdat has said the same thing on this forum, i'm paraphrasing: "if it can't execute, it can't infect" (apologies fcukdat)

Also yesterday, I reviewed some of the few recent Java-based exploits. The Java applet exploits downloaded Win32 binaries to do the dirty work. Specific to these exploits: (1) keep your jre updated or uninstall it if you don't use it, (2) remove prior jre versions, (3) use executable whitelisting (SRP, HIPS, some Sandbox Apps include executable whitelists, etc.), (4) use alternative OS (MacOSX, Linux, BSD, etc.). The Java applet will run (in one case if you allow it), but the Win32 binaries will wake up in another universe.

Here are the URLs for the exploits:
http://www.f-secure.com/v-descs/openstream_t.shtml
http://isc.sans.org/diary.html?storyid=2934

I recommended execution whitelisting several months ago to my sister. Using Parental Controls in Windows Vista Home Premium, I helped her to apply application whitelisting to the LUA's (an earlier discussion)

Regarding the need understand how malware intrudes:

-{ Quote: "Interesting point, Rmus and Hurst, and I agree with you if you assume that the question is oriented at an IT person or someone who is very computer literate.

At the risk of being presumptuous, I assumed that the poll question was preceded by the clause "If you are an average user,...". " }-A couple of weeks ago I spent the day in the mountains. In a parking lot where many parked while snowboarding, etc, I counted 5 cars who had spun their wheels into black ice, and were waiting for a tow truck.

You don't have to be an auto mechanic to know that you should carry tire chains for wintry weather conditions, but you do have to read about driving in such conditions to know the precautions to take for protection.

You don't have to understand the technicalities of how malware works if installed. All you need to know are the methods by which malware can intrude. All you have to do is keep up with what the latest exploits are. This will lead you to choosing the "things" and policies/procedures necessary for protection in the user's situation.

In my situation, I've learned that I'm covered with:


a firewall (worms like the current conficker.a cannot intrude if the ports are closed)


a non-IE browser (there are no drive-by exploits in the wild that compromise Opera)


The only plug-in I have that currently serves up malware is:


Adobe Acrobat Reader -- non of the exploits affect my version of the Reader; the advisories always list the versions of the products that are affected.


For USB exploits: the current one, conficker.b, fails with proper USB policies/procedures in place.

All of these conclusions I reached are easily discerned from information posted here at Wilders.

The actions listed in the Poll:


Download only from known legitmate sites


Don't open unknown emails


Don't visit dangerous sites/surf safely

would be learned as one would in reading about driving in wintry conditions.

Computer security is not a complicated, complex issue.

----
rich

HIPS, LUA and backup, of course. I prefer "chatty" HIPS to BB because I like to undertand what does happen.

I voted "other".
There is no "single most important step" of the software/hardware and surfing options you have listed.
"Other" in the context I've replied refers to the physical security of the computer.
No point having a router/firewall/sandbox/whatever if your house gets broken into and the 'pooter lifted.
.

Actually, all of the listed choices are important and interrelated.

One additional factor not listed but mentioned by several who've already posted is user education; learning how to properly configure and employ security applications and properly interpret AV, ASW, and FW notifications.

I think the first thing you need after buying a new PC is to use a FIREWALL, either hardware or software.

Nothing is more dangerous than hackers and phishers getting their hands on your valuable data (ie. bank accounts, passwords, etc).

Rational brain.

I think the one or possibly two most important things to securing a computer is No.1 Understanding what a computer actually is and No.2 Understanding what a computer actually does and how it does it. then you can possibly understand how and what is needed to protect your machine.

bigc

Use backup software = Instant System Recovery = Rollback Rx.

-{ Quote: "Use backup software = Instant System Recovery = Rollback Rx." }-
That's not securing your PC - recovery is something you do after something's happened ;)

Not sure why that and many of the other options are in the poll though actually, as they are not securing a PC.

-{ Quote: "That's not securing your PC - recovery is something you do after something's happened ;)
Not sure why that and many of the other options are in the poll though actually, as they are not securing a PC." }-
It depends on How you see things:
I don't expect something to happen to my PC to use my Instant System Recovery software.
Each night before I turn it off, I Rollback my PC to a Clean Snapshot.
This is a Standard procedure of my Security setup.

-Why Security must include only Firewalls and AntiMalware Scanners?
Virtualization (e.g. Sandboxing) and Instant System Recovery are also Security layers.

-{ Quote: "It depends on How you see things:
I don't expect something to happen to my PC to use my Instant System Recovery software.
Each night before I turn it off, I Rollback my PC to a Clean Snapshot.
This is a Standard procedure of my Security setup.

-Why Security must include only Firewalls and AntiMalware Scanners?
Virtualization (e.g. Sandboxing) and Instant System Recovery are also Security layers." }-
Ahhh, good point. Gotcha now :)