Some things I'm always asking myself

Discussion in 'other security issues & news' started by tisungho, Aug 26, 2007.

Thread Status:
Not open for further replies.
  1. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Hi guys,

    At first I'd like to say that I have very little knowledge about computer security.
    Some days ago, I discussed with my friends about computer security. One guy asked that "How can I protect myself from spywares and viruses?". One guy's opinion was that he doesn't use any antivirus or anti-spyware program (if he does, he'll disable them and scan the files when necessary) because he knows what he's doing. For example, he avoids entering to bad websites or downloading any bad files.
    His opinion sounded good to me. However IMO, I really need the antivirus and anti-spyware programs, plus a firewall, and leave them enabled to protect myself from unknown or hidden attacks. But I didn't know how to explain how necessary they are in details because if you use your pc safely, you might not need them.

    I need your opinion about these issues. Do we need or not need security programs like antivirus, spyware, and firewall in the case of a safe web-surfing user?

    Thank you!
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    If you decide to not use AV/AS then make sure to have a HIPS or sandbox in place of them. Also make sure to use a alternative browser like Firefox (and get the NoScript extension) or Opera.

    I would keep a firewall though. If you dont have a router (with firewall) then get a software firewall.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Don't forget Image Backup and Immediate System Recovery, both restore your system, including removal of infections.
    They are my main weapons against infections, especially Immediate System Recovery, which also keeps my system clean and working properly.
    There is alot of choice in softwares.
     
  4. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    It depends on your connection(dialup or DSL)and your surfing habits.
    I don't have a router on dialup so I use a software firewall.
    It's part preference also.
    I always use an av.
    HIPS and sandbox programs are another alternative.Image software are popular too.

    A safe surfer can get by with a firewall,av and antispyware IMO.
     
  5. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    You certainly need to protect yourself even if you are a safe surfer. Remember earlier this year when the site of the Miami Dolphins was hacked just before the Super Bowl? Even some safe surfers who were just looking for seating info at Dolphins' Stadium were infected. Also, you never know when you will get an email infected with malware and it may even appear as if someone you know sent it. There are many examples of safe surfers who could be infected.

    There are plenty of free security programs to give yourself at least some defense. Some people (I am guilty of this) try many programs and have a multi-layered security. But at least add a free av and firewall. A sandbox option is nice too...as is an alternative browser. Perhaps an alternative browser is not as important now as when the only MS offering was IE6.
     
  6. Dogbiscuit

    Dogbiscuit Guest

    If they know what it means to use their PC safely, then they might not need extra security software. But do they really know, in detail, how to do that? If not, I agree with you that they almost certainly need some protection.

    For example, you need a router or firewall for at least the following reasons:
    • If your OS is not fully patched, known vulnerabilities in services (programs) that are accessible from the internet will be exploited, just by having your computer connected to the internet and running, even with the browser closed. (It can take less than 4 minutes for an intruder to break into and infect a computer with an unpatched version of XP SP1.)
    • Some of these services (e.g., Microsoft DCE Locator Service) cannot be turned off easily (if at all), so the problem of an open port (in this case, TCP 135) accessible from the interent and susceptible to constant probing would always remain.
    • New vulnerabilities in these XP services could be discovered by malware writers first and exploited before a patch is issued by Microsoft (though probably rare).
    • An update from Microsoft could conceivably create a new vulnerability by accident in one of these services (probably very rare).
    Using a good firewall would prevent all the above by closing (and controlling) every port connected to the internet on your computer. Admittedly, you could keep XP fully patched and that would give you a great deal of protection. You could also close most (maybe all) open ports by disabling the associated services, and that would provide very great security. But this is not always easy, it disables parts of XP you probably would need, and requires much more effort than simply using a router or firewall.


    Knowing how to use your PC safely, however, is more important to your protection than installing security software without knowing specifically how you are protecting yourself. A suite like (KIS, NIS, etc.) is probably a good place to start, though, if you don't feel you know enough yet. That's what I did.


    I would also do the following before I even consider what kind of security software I might need:
    1. Always keep a system (and any software) fully patched - this is most important. Updated software can prevent all kinds of problems in the first place that firewalls and anti-virus software are, in part, designed to protect against. Doing this alone would have protected you from the Miami Dolphins Stadium website hack mentioned above, as would (3) and (4) below.
    2. Use a router if possible (simple, very effective), or any well-known firewall - even the Windows XP firewall is very good, if it fits your needs.
    3. Use a Limited User Account - this is safer than using anti-virus software in an admin account.
    4. Consider using an alternative browser - alternative browsers are still targeted far less often than Internet Explorer for drive-by downloads when the browser is not fully patched.
    5. Use image backup software - just in case something goes wrong, it'll save you time.
     
    Last edited by a moderator: Aug 27, 2007
  7. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    You've admitted that you know very little about this subject so I would say yes, you need to run security software. As far as the 'do we need or not need security programs', let 'WE' decide and just make sure it's not your computer :p . The last post provides excellent advice. Kudos to Dogbiscuit for the great info :thumb: . I started out with suites then moved to free suites assembled from free programs with the help of others. You need to protect yourself online, the alternative is totally unacceptable. I'm talking about getting infected and having to either clean your computer or reinstall Windows. Not to mention the fact that private and personal information may get out to the bad guys.
     
  8. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    My views are a bit different.

    What you need is not security programs - what you need is to know exactly what you do and that impacts your computer usage.

    Example: if you ever only visit 5 sites on the net, never download anything etc, what's the point of any security software. Likewise, if you understand what can undermine your security and you block those avenues, then you are safe and it doesn't really matter what you do.

    You don't need security software in abundance, nor you need to panic.

    Securing a PC is a very simple thing, once you dissect the problems into little components

    Services, ports etc - no need to disable them; you might need the functionality. Just have a firewall and your problem is solved.

    Browser problems - scripts mainly; if you monitor these, then no matter what site you visit, there will be no danger.

    P2P - people think magic comes through P2P; it doesn't. People download files, like crackgen.exe and then wonder when something goes wrong. If you limit your greed to a select choice of files, P2P is as friendly (or not) as anything else.

    IM - apart from the choice of software, why would you accept links or webcam or anything from strangers and such? It's really common sense.

    Email - if you don't trust a file for whatever reason, don't open. If you do, open it, because your mind is already decided.

    What did I forget? Files in general, the same as attachments.

    It comes down to our flawed reasoning. We can only do what we think is best. Therefore, no security tool will be able to save us from ourselves. The best security is to identify your own weakness and make sure they don't triumph. If you know you are gullible, don't open spam mails and read...

    Finally, the choice of software does offer some background peace of mind. If you swap the standard, common, useless programs like IE, messenger and similar with preferably open-source alternatives and such, you automatically filter out a significant amount of software weaknesses that might manifest themselves once you make a mistake.

    You don't even need a fully patched windows or even programs to be safe. You just need to know how to mitigate your exploits and those of your software.

    So, to answer your question:

    You don't need most of them - good firewall and browser are enough, or should be enough. If you insist on downloading toolbars and screensavers and free keyboard optimizers and Internet speed boosters, then you have a problem that is much greater than software you use.

    It's all up to the user. You could also blowtorch your machine, right?

    My experience shows that AV, AS etc are almost useless, but at least not effective at all, boring, obsolete. They create panic and confusion. And if you do know what each prompt tells you, then you don't need them.

    All you will ever need is a bit of patience to figure out how computers / OS work. After that, you'll see how trivial and lusterless AV and such are.

    Mrk
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Until then, use security software.
     
  10. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Mrkvonic is absolutelly right, though things like "disabling Services, ports etc" & "useless programs like IE, messenger" depends only on an user's knowledge. ;)
     
  11. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Thank you guys.

    One thing that I don't understand is about the firewall. If I don't use any firewall, some vulnerable ports would be open. However, how do the hackers know and target to my pc? Because there are millions PC openning those ports. I mean the possibility of being targeted is low. Am I correct?
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Targeted individually yes, randomly no.

    There are so many computers scanning whole ranges of IPs all the time. You are bound to get pinged once every 1-2 hours or so, I guess. My experience shows about 10-20 attempts a day, usually common service ports.

    Now, if the service listening on a port can be exploited, then there's a chance someone with brains and a desire could hack their way through. If the service is not known to be hackable, then it won't matter.

    Firewall is more than just hacking; it's reducing background noise and also controlling outbound traffic if you want.

    Mrk
     
  13. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    You can close ports with special tools.
    Scanning IP ranges is very fast.
    Correct :)
     
  14. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I assume your friend is a safe driver, but I'll bet he has good auto insurance.:D
     
  15. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    I'm getting to understand now :D :thumb:
    That's why the firewall usually has "Stealth Mode" :thumb:
     
  16. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Yes, he is. I had a quick look at his laptop. He's using vista + Windows defender, and nothing else. :) He told me that Windows defender is enough for him.
     
  17. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    IMHO and a few others, Windows Defender isn't very good. An excellent choice would be AVG antiSpyware or Superantispyware.:)
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Anti-spyware is mostly useless unless you use IE, which shouldn't be done.
    Mrk
     
  19. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    If we were talking about the early 1990's, then I would say that all security programs would not be necessary. Now though, the WWW is flooded with massive websites and tons of interactivity that even if you went to just one website (such as my own constructed webpage), you could come across malware. Security software is a knee-jerk reaction to all of the plethora of objects created by malware authors (or even by legitimate sources). You may never come across any malware and be totally security software free or you could be blasted left and right by malware and have a ton of security software in use. The real bottom line if you need the programs depend on where you surf and whether those sites or programs embedded in those sites will ever contain malware. If you can be absolutely sure of their contents, then you can safely go "unprotected".

    One radical way to stay malware free would be to backup your system and keep reloading (or restoring) your PC whenever you have a problem. Having a backup process is probably the last resort choice to keep any system up and running after getting infected. Or you can do as I do and get a bunch of PCs so that if one goes down, you have other backups to use anytime.
     
  20. tisungho

    tisungho Registered Member

    Joined:
    May 27, 2007
    Posts:
    148
    Most of you guys here are against IE :D
    However... I came across Avant Browser Forum and I saw one guy (probably he's the Moderator in this forum) saying that:

    "In my opinion,Both Trident and Gecko engines are secure,If you know how to secure them. (and insecure if you don't know)
    I'm using IE since IE4 and never got infected with some type of malware so far.
    Just try to keep your IE updated by downloading all the critical security updates from WindowsUpdate (Also,It's necessary to do the same thing for Mozilla/Firefox to keep it secure.)
    Also,Don't download suspected files or accept untrusted ActiveX installations..
    You're able to block ActiveX in Avant,But it'll block Flash as well.
    Also,It's recommended to get some internet security suite. For example:
    Trend Micro Internet Security 2007 usually stops all the potentially harmful websites."
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    IE is boring, ugly - security notwithstanding.
    Use a normal browser and you kill three birds with one stone, four if you take into account that you don't need any AS, because malware has no propagation mode in normal browsers.
    Mrk
     
  22. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    AGREED! There are far too many "user-friendly browsers" that have more functionality AND security than InternalExploder! (I also have no a/s installed.)
     
  23. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    That is just a personal opinion. I think similar about Opera and I take default Firefox as nooby, but I do not talk about it everywhere, because it is just me. ;)
    I have properly set up IE, no security software and I have no ADs, mallware, that I would be aware of. I take IE7 as a secure, ergonomical and reliable browser.

    But I allways instal Firefox, when I instal a network connection to friends, because it is quite safe by default and easy to use and highly configurable with addons. Opera is more for computer geeks and if someone wants to use IE7, I just say him to give it a try, but he has to find out himself, if he is worthy to use it, as well as not to use AV and so on, I never recommened abandoning a security software, I just say, that it is possible, but I do not take responsibility for his actions. [​IMG]
     
    Last edited: Aug 28, 2007
  24. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    You have IE7 set up for no ads? Or are you using a separate ad blocker software? If you have IE7 set up for no ads would you post how you did it?
    Thanks
     
  25. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I should say no Google ADs without javascripts and no popups. When I use trusted zone settings for internet zone, I get ADs, but in trusted no, strange.
    Pages with & without js: DSL without and with, Softpedia without and with and so on. I used to disable flash and gif and ect, but pages looked so boring.
     
    Last edited: Aug 29, 2007
Loading...
Thread Status:
Not open for further replies.