Over Paranoid

Discussion in 'other security issues & news' started by Franklin, Jul 28, 2005.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Here I am using Vet av,Ewido3.5(on demand),Xp pro sp2 firewall,Winpatrol,Firefox and behind a router firewal.All I visit are security forums,UFO sites and political sites.Use Winmx every now and then and get emails through outlook and yahoo.

    Don't mind testing new versions of AV's and running online scans now and then as my ghost backups and clone on an extra drive see me secure.

    These are all I need to keep me secure and compared to some people that have so many security apps running it makes me wonder how their PC's keep working and why they whinge about conflicts.

    My advice-stay light-stay secure.
     
  2. stryder83

    stryder83 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    22
    I'm running XP Pro SP2, Norton AV Corp., and a router firewall and I have never had a security issue (at least one's that weren't my own doing).

    It depends on how you use your PC and for what, because I think even what you are running is a little much.

    However I don't use p2p programs anymore, so there's one security issue out the window.

    Regards,
    Brandon
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    I personally also think that the setup of certain people is a bit "over the top", but as long as they haven´t got any problems, feel safer (and have fast machines) why not. :rolleyes:

    But it´s not something I would do, on another forum I was already accused from being paranoid LOL, but I´m just running AV-AT-AS, firewall, IPS and security hardening tools, I think that´s normal. :)
     
  4. ---

    --- Guest

    Do post your full setup, so we can judge whether it's paranoid or not. Also is your behavior high risk?
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Well I ain´t no newbie so I would say that my behaviour isn´t risky :) :

    1 I never open/download files (executable-script) from untrusted sources. Of course I always scan files from trusted sources.
    2 To avoid spoofing I always go directly to sites where you need to enter sensitive info (online banking, shopping).
    3 I follow security news (secunia.com) and try to patch all of my software with (remote execution) flaws in them.

    For my security setup go here:

    https://www.wilderssecurity.com/showpost.php?p=519403&postcount=56
     
    Last edited: Jul 29, 2005
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Btw there are certain things that would make my system a lot safer overall, but they are just a bit too annoying that I refuse to do them:

    1 Run (globally) in non admin mode (In Windows Vista it´s going to be the default setting).
    2 Disable Javascript (on slow machines I do disable it, but only to gain speed)
    3 Run an executable whitelist (I do not want to be prompted everytime I open/install a .exe file).

    ;)
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Just keep in mind that this 'common sense' only becomes common sense after getting to know how malware works, which many users will never do. Not necessarily because they don't care, but because they either won't fully grasp everything or don't have time to get into it.

    I imagine most of those that take the 'common sense' approach configure their mail to not display scripts, etc, and do at least a little other system tweaking/hardening. The last time I got infected was when I switched email clients and first ran it. I had a spam email in my inbox that got displayed as I was reviewing the options (and therefore still with the default options), and managed to run.

    I get frustrated for the new users when I see rants about common sense, it's almost always over-simplified.
     
  8. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    "Common sense" really means to me, the education level of the user. A noob probably does not know what some people would call "common sense" and might need additional security software to cover the gap in knowledge.

    No security software can protect 100% but neither can "common sense" protect 100% either.


    Starrob


     
  9. HD rider UK

    HD rider UK Registered Member

    Joined:
    Feb 16, 2005
    Posts:
    121
    Location:
    Gloucestershire, UK
    As far as I am concerned, user awareness (common sense if you like) is the first line of a layered defence, a principle that seems to be overlooked in the current squabbles , you know, the "this HIPS or that suite is best, and if anyone disagrees, then my dad is bigger than yours" nonsense.
    I posted this a while ago and see no reason to regard it as any less valid now



    HDriderUK
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    Commonsense: sound, practical judgement that is independent of specialized knowledge, training, or the like. [Random House Unabridged Dictionary].

    Awareness: informed, knowledgeable [Random House Unabridged Dictionary]

    These concepts appear to me to be totally opposite in nature.

    In any case, I would be interested in a well-defined, enumerated list of: 1) commonsense actions, and 2) awareness actions/items, that and average user can use to achieve a higher level of security.

    If these concepts are simply "homework assignments", I would be interested in how one should go about cultivating "commonsense" and acquiring awareness.

    Lacking such a list, then telling a user to use commonsense and increase awareness, is not very helpful and probably does nothing for a users who are seeking to improve their security. Its fine to say it, but not very actionable.
     
    Last edited: Jul 29, 2005
  11. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    This I agree with. Also, user awareness is probably a better term


     
    Last edited: Jul 29, 2005
  12. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Great statement!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  13. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    AV, AT, Firewall & Firefox is what I use and don't really need anything else.
    I'd rather have a fast computer, than a slow one running more than enough security programs.
    But it's up to each person - I don't really have anything important on my computer, it's all moved to a little USB device and CD backups.
     
  14. ---

    --- Guest

    That's a 'newbish' remark. LOL

    High risk behaviour doesn't always mean you are a newbie. You can choose to engage in them even knowing the risk.


    Actually without javascript, your browser will run even faster without having to interprete all the script. :)

    Richrf is this a rhetorical question? Or do you really want a list?

    Well here's one.

    http://www.markusjansson.net/esecuring.html

    There might be better, I don't know since I stopped keeping track of such sites a few ago.

    Not that there will ever be a comprehensive 100% concensus on what is needed to secure your computer, but I don't really don't see the need to rehash everything again for the people in this thread.

    Notok, you have a website, why don't you post your own tips?
     
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    See "essential reading" on the software page. There's a link to a page of tips, including some that I did write. ;)
     
  16. gnawing meat

    gnawing meat Guest

    if you were paranoid you'd disconnect the harddrive an use micro98/Qualystem Rescue 1.20 an visit your political sites thru proxies downloading your documents onto usb drive then store the drive at another location
     
  17. hadi

    hadi Guest

  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ ---

    Yeah, but you know what I mean right? At least I do know the risk involved with certain activities, while newbies do not. And what do you think about my setup? Not too paranoid right? Being a bit paranoid is not a bad thing IMO. :D
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    IMO there are three types of users.

    1. Security Experts.
    Security experts will always have an ALMOST foolproof protection, because they understand how a computer works, how operation systems work, how internet works and how malware works.
    They have a theoretical/technical knowledge combined with experience and they keep themselves up-to-date with the latest developments in security and malware.
    They also know the strengths and the weaknesses of each security software.
    These people aren't paranoid or over paranoid, because they know exactly what they are doing and their security set is always balanced.
    Of course, like in any other job, there are good, lesser good and bad security experts.
    For you to find out which ones can be trusted.

    2. Interested users.
    It doesn't matter if you are a newbie or a knowledgeable user or something between them, what matters is that you are interested in security and want to do something about it.
    That's what I call user awareness and one day they will have a reasonable protection, based on their own degree of knowledge, but they don't have the same background as a security expert.

    The danger of becoming paranoid or over paranoid is much bigger amongst these users and some of them will overload their computer with any security software they can get, even the ones they don't understand.

    Paranoid people, including fanatics don't think in the right proportions anymore. They are obsessed without any reasonable explanation.
    Being paranoid always points to a lack of knowledge and common sense/wisdom as well.

    3. Ignorant users.
    You will find these users in the subforum "Malware Removal" of SWI and many similar forums, CRYING for help and waiting for a qualified helper to solve their HJT Log and once their HJT Log is solved, they run away and come back with another HJT Log.
    The rest of these users will find help somewhere else : at work, in computer stores, friends, family members.
    That's the REAL typical user.

    Users are used to work with application softwares, because these softwares are much better than paper and pencil.
    They use computers as a TOOL to do their job faster, easier and efficient.
    Most application softwares nowadays are very userfriendly and easy to learn for almost ANYBODY and most users are very willing to learn these softwares, because they want to keep their job or just love to work with computers.

    Security softwares however are a total different type of softwares, that have NOTHING to do with their job.
    These users aren't security experts, don't have security as hobby, don't have the time, don't have the knowledge, aren't computer-minded, have other worries at work/home and life for them is already complicated enough.

    As long security softwares are silent in the background, these users will accept them, but most security softwares aren't even able to run silent.
    They interrupt busy users with their updatings, their warnings, their popups, their scannings, ...
    These users aren't paranoid, they are irritated, frustrated and angry.

    So the security industry has still alot of work to satisfy these users.
    I'm also not happy with the actual security solutions, but that's another story.
     
  20. ---

    --- Guest

    Excellent post Erik.

    You must however remember that within this group are people who are addicted to playing with security software. It has become a hobby.

    They know full well they don't really need all that firepower,and they can surivive without all those toys. but it's fun to play with such software.

    Though I admit, nowdays I'm wondering if this group of people are smaller than I think.

    These days all I see is people jumping from software to software (HIPS for example), and not because they are curious but because they are sure they need the latest newest tech toy out there, or their computer will go down in flames... :)
     
  21. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    First of all, good post Erik :)

    I'll agree with that.. I'd rather buy a piece of software I can play with than a CD or DVD most of the time. It's also hard to disable software when you've put a lot of time into beta testing it and helped to make it what it is. Some software I won't part with just because I *like* it so much.. but I suppose if being grouped in with the paranoids helps to justify my addiction then that's ok :D Seriously, though, there's also the aspect of getting to know an app so that you can recommend it to someone it may suit better than others, and knowing how to make it work if they have questions or break it.
     
  22. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Another factor in whether someone is over-paranoid or not can be proportional to the amount and type of actual threats that they face.

    For instance, my brother once worked for a company that did defense work for the government. The nature of his work was so secretive that he was not allowed to even take his laptop that he used in the office outside of the building.....niether could he take CD's, DVD's, or any other portable media out of the building. He could not even talk about the actual work he was doing. I don't think he was even allowed to access the internet from his building.

    Now, we could say the government is overly paranoid....like WMD in Iraq....but that is another story.....



    Starrob
     
  23. ---

    --- Guest

    That has some merit, but looking at some setups I can't imagine the level of threat that it is meant to counter.

    Scratch that, I can imagine the threat but if such a level of threat existed, I suspect it takes more than piling up on software to counter the threat.


    Heh, I bet the government's precautions in terms of *software* is a lot less paranoid than a typical wilder's member setup.
     
  24. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I think that depends on which element of the government you are talking about. The computer at the Department of Agriculture might be very different from the computers in the CIA.

    A "Wilders" members set-up is probably not the type of set-up made in different government operations because most are probably custom made and in some really paranoid areas of the government might even be more paranoid than a "Wilders" members....Maybe certain custom made set-ups probably use far less resources and far less hassles than maybe the typical Wilders members, which is my personal main beef with loading too many Anti-malware software on my own computer.

    Any way, my brother worked for a government contractor, not directly for the government. He would not even tell me the things he was working on. The things he was working on, I think were classified above the secret level.....which is why he was not allowed to work on anything outside the building.

    He quit that job because he was sort of irritated that he could never tell anyone what he did in his job. I can understand where he is coming from because I can only go so far in saying what my work is too. I only say I work as a engineer on a ship but I won't go beyond that.....any way...that is niether here nor there.

    I get more interested in knowing the positives and negatives of different software and/or different methods of accomplishing the same thing without the use of software. I usually like to decide for myself what is necesarry on my own computer. There are usually pros and cons for everything.



    Starrob
     
  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes I forgot that part. It's VERY NORMAL that security experts and knowledgeable users like to play ASAP with every new security toy.
    They can't even wait for the final version :)

    Amongst interested users is of course a wide range of degree of knowledge and they don't always know what they are doing or they just want it without a reasonable explanation.

    Some users want the best software, but they don't even know how to use it and aren't even able to learn it, because they don't even have the required fore knowledge of internet.
    These users don't even understand hints and tips, they need a full explanation in detail.
    These users better try the software first to test their knowledge (not the software), before they start using it.
     
Loading...
Thread Status:
Not open for further replies.