10 steps to make your PC safe for 2013

10 steps to make your PC safe for 2013:

http://www.emsisoft.com/en/kb/articles/tec120101/?v=2

 

This is common sense and mostly good advice, but nothing that you didn't know already

 

A properly configured NAT/SPI Router...

 

the article is mostly for the Joe/Jane Average of the world.

most Wilders users here could eliminate some of those 10 steps and still stay safe online.

 

Router's main purpose is not security. Any software firewall can protect the user the same way as the firewall function in the router. So, being behind a router is just an extra - it is not essential. Being without a router and relying only on software firewall does not mean one is less protected.

 

A router's main purpose is to provide internet access for multiple devices using one external IP address. That said, a router can be configured to increase security on your network, or it can be poorly configured and reduce security on your network.

I submit that routers can offer additional security that software firewalls don't: Most routers provide some form of ddos protection. I don't believe software firewalls do the same. Also when you're behind a router you can run services on your LAN that do not face the internet. If you run services when you have no router then they face the internet ==> more vulnerable.

 

Hahahaha so true.

 

There's some good advice, but of course towards the end they're trying to plug their product

 

NAT/SPI Routers properly configured do offer SECURITY.

Google: Software Firewalls+ Sneak oil ...

For others, a NAT/SPI Router is the First Line of Defense; a very essential Security Layer.

Before using NAT/SPI Routers, many users got more infected despite the fact they had Software Firewalls.
Not to mention what happened with the old Dial-Up Modems.

 

Being behind a router firewall is safer than being just behind a software firewall. Software firewalls can be shut down by malware, they can cause conflicts with other software, they can annoy users who then shut it off themselves, and so on. A router firewall sits there unnoticed and keeps its mouth shut, never interfering, and never let's anything in, which is far more important than anything calling out. No malware in the system, no malware calling out. Software firewalls to me are more about controlling the programs on a system than actual protection.

Now, these 10 steps are basic yes, and good advice. I am, however, against this constant mothering in telling users where they should and should not go on the web. It doesn't take an SCNP to stay safe on the web, even if you go to the darkest corners "where there be dragons".

@PJC: Though I know what you refer to when you talk about the problems that came along on dial-up, you were much much safer on dial-up than you'll ever be in our constantly connected world.

 

I think that term "darkest corners" is misused in this context. I doubt any of us on this board have been to the really dark places, where one has much more to worry about than just malware.

Re software firewalls, the ones with HIPS are basically limited mandatory access control systems. As such they can prevent or contain certain types of exploits. I certainly would not recommend monsters like Comodo or Online Armor for most end users though.

 

But what do "darkest corners" always mean to the media and masses? P2P, porn, that kind of thing. As to the deepest, darkest holes on the public and hidden net? I've been there too, and I'm sure plenty here have as well. But I digress. The point is, these "forbidden places" that are always hammered in lists of "best practices" aren't as bad as they're made out to be and the web isn't for staying in a certain area just as no one outside of the paranoid and anti-social stays in their house. If you don't want to P2P/view porn and such, then great. But all this "don't go here or you'll get owned" stuff is a little much in my own opinion. I'm far more worried about what Google is doing with my data than some Ukrainian hacker "pwning" my system because I traveled outside of the mainstream web.

On software firewalls, my suggestion is for most to avoid them. Unless you know your protocols, what interacts with what when it should and when it shouldn't and so on, you're more likely to end up with a screwed up system than a protected one.

 

I totally agree. But if they wouldn't advice us to "Avoid File Sharing Websites", then there would've been only 9 steps, and not 10... so they HAD to add that!

 

Not really. They missed:

1. Don't click on ads/"special offers" that randomly appear on even legit websites.

2. Don't click on "Security alerts" that pop up out of nowhere and especially don't come from anything that's already on your system or at the very least in the "notification area"/system tray of your system.

3. Be on the safe side and don't click on "codec alerts" that often show up on streaming media websites that are out of the mainstream. If it isn't Flash, Java or Silverlight, and the file you're trying to view isn't already on your system (say a downloaded music/movie file), it's likely a "candy from strangers" type deal and you're going to regret it.

That's 3 extra right there, although you can put all those into one "Don't randomly click on s**t" warning and have your number 10

 

Useful info there for those who don't already know but........
am I the only one that noticed Emsisoft omitted two other pieces of security software on their graph at the bottom of that article that also scored 100% on MRG's 2012 flash test. I'm sure that it was an over site by Esmisoft.

 

*shrug* All the article is is an ad masquerading as an article anyway, kind of obvious considering the much bigger "EMISOFT" planted right at the top Plus some of their graph is wrong to begin with if you put it side by side with the latest MRG results graph. I don't put too much stock into these "articles".

 

Obviously, I was just trying to make a point, on just that.

 

Yes, I referred to the Firewall of the NAT/SPI Routers vs. the Dial-Up Modems that had No protection.
I got your point: Being Constantly connected with the Internet vs. being on Dial-Up.
However, Security has many forms:
-My ADSL Line is more Secure than my old Dial-Up one.
-Just like my VDSL Line will be more Secure than my current ADSL one.

About software Firewalls:
The Firewall Forum, here, is Not as Popular as it used to be 3 or 4 years ago...
Old Wilders members have Noticed that...

 

Agreed. Plus the old adage that you can stay safe by sticking to known, trusted websites just isn't true anymore. Totally legitimate websites have been hacked enough to not be abnormal and/or they host malicious ads.

I sort of agree. It's pretty simple to allow all out and deny all in without breaking anything. IMO expertise become necessary if you filter outgoing traffic.

 

You are absolutely right, at least a certain degree of expertise is required.

 

Mman79, BrandiCandi: agreed on the realistic probability of getting pwned. This is one reason I prefer by-domain script blocking (e.g. Noscript) to by-site (Opera, Chrome, IE, etc.)

 

I have a dream... and that dream is that NoScripts becomes user-friendly and fully functions without the user's input.

I also have a dream that I'll win a million dollars...

 

Oh but it is user friendly. I mean, how hard can it be to whitelist your trusted sites unless, you know, you do this thing they call "surfing"? How hard is it to look at a list of 3rd party scripts, one, two, however many of which is required to make the website run right, even if it's a freaking ad server, and one by one enable them until everything is golden? Picked the wrong script? Whoopsie!..hope you didn't get hacked. Did it again? Oops!..still clean I hope? 3rd time is a charm right? Not this one either?..is that an annoyed look on your face? "U mad bro?" And so on and so forth Sure, you get the geniuses that give you the advice to allow scripts globally. Thanks bud, great news, that XSS attack didn't work. Bad news is, the other script gave a cartoonish, evil chuckle and proceeded to nail me. My problem with full automation is that it isn't reliable either.

 

My personal advice would be to definitively ditch IE and only use a decent browser like Chrome with the following settings:

Privacy/Content Settings/JavaScript : Do not allow any sites to run JavaScript
Privacy/Content Settings/Plug-ins : Block All

(allowing those ONLY when needed via the address bar)...

And use EMET v3.5 (with every protections enabled for Chrome, except SEHOP).

Also: Do not install JAVA...

 

Sad thing is my job requires Java for our personal comps. Sad days.