How to improve your Windows security

Discussion in 'other software & services' started by Mrkvonic, Jul 21, 2010.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,

    Windows user, you have a choice. As simple as that. My two cents: an article debating the problematic facets of existing practices in the world of Windows security and recommending simple alternatives. Read and you shall be enlightened.

    http://www.dedoimedo.com/computers/windows-security-improve.html


    Cheers,
    Mrk
     
  2. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Mrk

    As usual, excellent.

    Pete
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Don't forget that most people simple don't have the time to maximize security for themselves. Don't have the time to learn. Some may be lazy, yes, but most just cannot afford to, literally, waste their time.

    I don't agree with this. I don't know all anti-malware applications or all security applications, but most have evolved and even brought new ways of preventing infections in the first place.

    If an anti-malware application can detect and stop, then it will prevent the infection, being effective and not a temporary thing. It will stop that infection, if it can. Simply that malicious code won't execute.

    As with every other security implementation, it will stop and prevent if it can.

    Bottom line is that at some point one security mechanism may fail, but one other may not, including anti-malware applications.

    A LUA (limited user account) won't stop all. Group Policies aren't for the casual user to mess with. DEP is only a temporary solution until security bugs have been fixed in either Windows system or applications.
    SRP and AppLocker (which I assume I can include in "handful of other mechanisms") aren't for the casual user to mess with either. SEHOP also is a temporary solution.

    Advising against anti-malware applications is wrong in my opinion.

    This, in my opinion, also goes in some old debate of whether or not domain blacklisting works. Some claim it's useless, while others (including me) claim it's not useless.
    By blocking just a few domains, you will already be blocking hundreds if not thousands of infections. One domain won't just be waiting to infect the visitor with just 1 infection. It would be unproductive.
    Now, by blocking access to hundreds or more known domains, then, well, the number of infections that will be prevented will increase a lot.

    Then on top of that, security tools such as AVG LinkScanner (I mention this one has it provides real-time protection) will look for real-time malicious code and prevent exploits. Sure, it won't be 100% effective. Nothing will. Hence it's advisable a layered security.

    While people like us may have other means, and we sure do, the reality is quite different.

    Edit: With this I don't mean people shouldn't be using a LUA. They should!!!!! Also DEP and SEHOP. UAC on, etc.

    I'm saying they shouldn't stop use anti-malware applications unless they know how to and how to work with other security mechanisms.
    These users I'm targeting need a balance between security and usability.

    For example: Internet Explorer could be optimized to provide way a lot security than it already does, but it won't be usable at all. Why? You can't create different profiles. A tremendous failure in my opinion.

    That's why, for example, I use Chromium with three different profiles. The one I use 99% of my time is the most restrictive one.

    Edit 2:
    I agree with this point, though.
     
    Last edited: Jul 21, 2010
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I thought the Computer licensing was humour..
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    There's a saying every joke has a grain of truth or sorts?
    Well, the uncensored version goes: every joke has a grain of joke.

    As to whether I'm joking or being serious, even I'm not sure sometimes. I amaze myself thusly. Sometimes, not until the piece is written do I know what my tone was meant to be.

    Mrk
     
  6. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Nice piece.

    Personally I think you should focus on three aspects in your next round.

    1. If you have a well thought out backup plan in place, and your data is truly safe, what is there to worry about that a restore cannot fix?

    2. Learn how to properly store your sensitive data safely.

    3. Learn one of the many methods of performing online transactions in a secure and safe manner.

    When armageddon does come, what can those 3 steps not defeat if they become a habit versus an occassional after-thought?

    Sul.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    By the way, I forgot to mention it before, but Group Policies (gpedit.msc) isn't available in all Windows versions. Most use the more basic versions, which are the ones that come pre-installed.

    It's nice to use what the O.S has to offer us, but don't forget the version the user has has to have it/them.

    Without gpedit no AppLocker in Windows 7, for example. And so on.

    People need to do the best with what they can put their hands on. If they don't have the Windows versions that actually have those means, then they need to have others, which includes third-party security applications, for example. Or even other Microsoft's security applications like Windows Defender or Microsoft Security Essentials.

    I do agree with you Sully. Users should have a plan in place.
     
Loading...
Thread Status:
Not open for further replies.