What do you think is the single most important step in securing a PC?

Education

 

I choose "Use anti-malware software (HIPS, virualization, etc.)" if i can i would select "run as restricted user" also.

 

Lots of good suggested answers, but the one single best is not to visit dangerous sites.

 

Unfortunately, web site attacks are not limited to the dangerous sites.

SOME REFERENCES

Pro tennis website hit by SQL hack
http://www.techworld.com/security/news/index.cfm?newsid=102072

Dolphins' Web sites hacked in advance of Super Bowl
http://www.networkworld.com/news/2007/020207-dolphins-web-sites-hacked-in.html

SQL Injection Worm on the Loose (UPDATED x2)
http://isc.sans.org/diary.html?storyid=4393

BellSouth Network Status page gives Norton AntiVirus alert!
http://www.broadbandreports.com/for...work-Status-page-gives-Norton-AntiVirus-alert

A close look at the analyses shows that the IE browser unpatched is required to become victimized by these attacks. Learning how to secure IE and keeping it patched, or using an alternate browser, would seem to be the best protection against this type of exploit.

However, not all web site attacks are targeted at the browser or the OS. Several recent attacks targeted unpatched versions of Flash (SWF file) and Abode Reader (PDF file)

A PDF exploit involving a Redirect vulnerability was first reported on a Google forum:

From a security analysis:

It becomes apparent after a while that understanding the methods by which malware infects is the starting point for securing the PC, for only in this way will the user know what types of security products to employ to support a security strategy.

The best way to gain this knowledge is to watch security sites for descriptions of exploits and the attack vectors used. Then you ask yourself, What do I need in place to prevent this exploit from being successful?


----
rich

 

+1 (and to everything else you said - too big to quote)
I've been infected by a worm in a few mins after a clean install a few years back (no hardware firewall). Had a lot of outbound traffic although I didn't have anything running. Decided to format again!

 

Hello,

Many things are important, not just one. The most critical (provided you are already behind a router) are running as a restricted user and keeping you up to date. I was just disinfecting today a laptop infected by a malware running with a rootkit part (hiden processes and service entry) while an antivirus and firewall were installed.

The session was running in _administrator_ which explains it all.

Regards,
gkweb.

 

I think a lot of those poll options are important, but I voted for safe surfing habits. It's not fool-proof. If you avoid the known risky sites you can prevent problems.

 

Many of the choices discover or prevent malware. I chose imaging because if you image a malware free environment, you can always recover and have confidence in a safe uninfected system through image recovery.

SourMilk out

 

Hello,

There is no more "safe websites". Nowadays even official antivirus websites for instance have been hacked to serve malware to the visitors.

About imaging, the harm has already been done, your passwords could have been sent out before you restore a clean image.

The root of all evil is truly running with administrator rights (pun not intended).

Regards,
gkweb.

 

Mostly agreed, but I would word it differently:

1. Make sure you have a firewall of some kind.
-- Preferably a WiFi router, or a firewall on your DSL or cable adapter. Lacking those things, make sure the host-based firewall is turned on on the system as soon as it boots up.

2. Enable auto-updating on everything.
-- Most important on Windows itself, but also Flash (which is a pain), Acrobat reader, Firefox, openoffice, MS office, Quicktime, iTunes, Safari, and whatever chat clients you use.

I use to tell people that turning on auto-updates was the single most important thing, but now it ranks as necessary-but-insufficient, given the network-based attacks as YeOldeStonecat mentioned. Conficker virus, if nothing else, would mandate a firewall as being #1.

 

I'm going to have to agree with you

P.S. This poll/thread is a pretty good guide for newbies to follow.

 

Thsi poll can never reach to any conclusion , cos the question itself is inherently faulty.Different combination of these softwares are required to ensure security. Which is more important for a human being heart or lungs?

 

I think your comments are fair. I also hope the assessment by innerpeace is also true.

To paraphrase Nietzsche, a question may still have utility even though it is in some respects a faulty question.

 

Other: Common Sense

 

I voted for updating apps and the OS. Although I feel as strongly about a firewall and restricted user.

Alternative OS's geared for the home user's desktop will (often) drop you into a restricted account with a firewall enabled and a balloon informing you that there are updates ready to be downloaded and installed.

 

Nope, question isnt faulty, the option "backup/imaging" is incorrect though because it doesnt keep your system secure, its used after your system has been comprimised.

You're talking about keeping your PC secure overall. The question is the single most important step in securing, can only have 1 choice, and thats the one you consider most important. Yes, you should have a firewall, yes you should keep software updated etc, but the question's asking what is the most important... several things cant be the most important, eradicates the meaning of "most"

 

There are two questions raised by the OP. The Thread topic uses the word "step" and the Poll question uses "thing." Very different.

"Step" indicates

"Thing" here refers to one object (product or action), and the Poll has a list.

I responded earlier with "step" in mind and suggested that the single most important is the first step, which from my point of view, is to understand what you are securing against. That is, how does malware get onto the computer and how can I prevent it.

Reasoning from this basis, it quickly becomes obvious that no one "thing" covers all. But understanding how the attacks work lead the user to choosing the "things" necessary for the user's situation:

• products: router, etc
  
  
• actions: safe downloading, etc

I think Hurst also implies this approach.

----
rich

 

Interesting point, Rmus and Hurst, and I agree with you if you assume that the question is oriented at an IT person or someone who is very computer literate.

At the risk of being presumptuous, I assumed that the poll question was preceded by the clause "If you are an average user,...".

I think basic computer and security literacy are necessary for anyone connecting to the Internet. Unfortunately, most users don't have that. With that being the case, distilling it down to

Step 1: do x
Step 2: do y
Step 3: do z

and providing links to explanations at each step, seems the best remedy.

It's for that reason that I look forward to Windows coming with an antivirus, antispyware, and host-based firewall already installed and turned on at startup (if that is indeed the plan).


You could always legislate the requirement for an actual Internet License...

 

No antivirus can detect and remove every virus hence having Backup is very important. And morever BSOD may not be caused by virus , but may happen due to a ill working software.No uninstaller is perfect.Imaging is the essential step in security.

Yes wat u say is right , But still implementing one step and not implementing others is ineffective.

 

This makes great sense. You should consider starting a thread on this topic.

Another rmus quote:
https://www.wilderssecurity.com/showthread.php?t=197456&page=5
post #116
"The lesson for me is that despite the many reports of vulnerabilities and PoC showing how code can be manipulated, the vast majority of attacks attempt to install a binary payload. I've suspected this for a long time. They are pretty easy to test if you can get the link before it's taken down. Or if you don't have the particular application that is being exploited (Safari browser; Quicktime; Messenger)

"This being the case, one's security setup doesn't have to be sophisticated at all. As the LUA and SRP threads have shown, you can be pretty well protected against the most commonly seen exploits in the wild.

I perused this "SRP vs. Anti-Executable" thread again yesterday. Good thread and compelling quote.

Member fcukdat has said the same thing on this forum, i'm paraphrasing: "if it can't execute, it can't infect" (apologies fcukdat)

Also yesterday, I reviewed some of the few recent Java-based exploits. The Java applet exploits downloaded Win32 binaries to do the dirty work. Specific to these exploits: (1) keep your jre updated or uninstall it if you don't use it, (2) remove prior jre versions, (3) use executable whitelisting (SRP, HIPS, some Sandbox Apps include executable whitelists, etc.), (4) use alternative OS (MacOSX, Linux, BSD, etc.). The Java applet will run (in one case if you allow it), but the Win32 binaries will wake up in another universe.

Here are the URLs for the exploits:
http://www.f-secure.com/v-descs/openstream_t.shtml
http://isc.sans.org/diary.html?storyid=2934

I recommended execution whitelisting several months ago to my sister. Using Parental Controls in Windows Vista Home Premium, I helped her to apply application whitelisting to the LUA's (an earlier discussion)

 

Regarding the need understand how malware intrudes:

A couple of weeks ago I spent the day in the mountains. In a parking lot where many parked while snowboarding, etc, I counted 5 cars who had spun their wheels into black ice, and were waiting for a tow truck.

You don't have to be an auto mechanic to know that you should carry tire chains for wintry weather conditions, but you do have to read about driving in such conditions to know the precautions to take for protection.

You don't have to understand the technicalities of how malware works if installed. All you need to know are the methods by which malware can intrude. All you have to do is keep up with what the latest exploits are. This will lead you to choosing the "things" and policies/procedures necessary for protection in the user's situation.

In my situation, I've learned that I'm covered with:

• a firewall (worms like the current conficker.a cannot intrude if the ports are closed)
  
  
• a non-IE browser (there are no drive-by exploits in the wild that compromise Opera)

The only plug-in I have that currently serves up malware is:

• Adobe Acrobat Reader -- non of the exploits affect my version of the Reader; the advisories always list the versions of the products that are affected.

For USB exploits: the current one, conficker.b, fails with proper USB policies/procedures in place.

All of these conclusions I reached are easily discerned from information posted here at Wilders.

The actions listed in the Poll:

• Download only from known legitmate sites
  
  
• Don't open unknown emails
  
  
• Don't visit dangerous sites/surf safely

would be learned as one would in reading about driving in wintry conditions.

Computer security is not a complicated, complex issue.

----
rich

 

HIPS, LUA and backup, of course. I prefer "chatty" HIPS to BB because I like to undertand what does happen.

 

I voted "other".
There is no "single most important step" of the software/hardware and surfing options you have listed.
"Other" in the context I've replied refers to the physical security of the computer.
No point having a router/firewall/sandbox/whatever if your house gets broken into and the 'pooter lifted.
.

 

Actually, all of the listed choices are important and interrelated.

One additional factor not listed but mentioned by several who've already posted is user education; learning how to properly configure and employ security applications and properly interpret AV, ASW, and FW notifications.

 

I think the first thing you need after buying a new PC is to use a FIREWALL, either hardware or software.

Nothing is more dangerous than hackers and phishers getting their hands on your valuable data (ie. bank accounts, passwords, etc).