Gizmo's Guide to Securing Your PC
In today's climate what is the best approach to avoiding getting your PC infected with malware? Gizmo lays out some simple steps you can take to ensure viruses, trojans, keyloggers and other nasties don't take control of your PC
After spending years testing security products I've learned an important lesson. Don't get infected by malware.
In other words, put maximum effort into preventing infection rather than detecting and removing infection.
This statement may seem bland and unremarkable but there's more to it than you think.
The traditional way of adding additional protection
Many people protect their PC's by using multiple signature scanners based on anti-viruses, anti-spywares, anti-trojans and anti-rootkits.
It is not as secure as many people think and for most folks, the cost is too high and the additional protection afforded too little.
The cost here is not so much financial though that is an issue, but rather the serious impact adding many security layers can have on the performance of your PC.
There is also a cost in complexity. The more security programs you run the more chance they will either interfere with each other or with other programs.
Each additional layers you add increases your protection but by an incremental amount only. A good anti-virus program may offer 80% protection. Adding a good anti-spyware utility may increase this to 85%. The addition of an anti-trojan may take it to 88%.
This is because today's security products overlap in function much more than they used to. A modern anti-virus program will detect a lot of spyware while a modern spyware program will detect some viruses, worms and trojans as well.
Although the protection achieved only goes up incrementally with each layer added, the processing load on your PC will rise more or less in proportion to the number of layers. So using adding an anti-spyware layer to your anti-virus layer will double the load on your PC. Adding in an anti-trojan as well may well triple it.
So folks, while layering is a good thing we are faced here with a law of diminishing returns.
But that's not the only problem with the traditional layering approach to protection. If an aggressive malware program is allowed to run on your PC it may disable all your layers of protection rendering them useless.
I've seen it happen many times and it is a frightening sight to see all your security programs icons disappear from the system tray
Thankfully some security programs resist termination by hostile agents but the majority don't. And even those that do resist may well prove vulnerable to new, more advanced termination methods yet to be developed by malware programmers.
My approach these days is simple: if you allow malware programs to run on your PC don't expect your security programs to fully protect you. If you are lucky they will but with security, you shouldn't rely on luck.
So how do you prevent infection?
Good Safe Computing Practices
- Ensure you keep Windows and MS Office (if you use it) completely up-to-date by applying the latest fixes from the Microsoft Update Service. Make sure the automatic update settings are Automatic (or at least not turned off).
- Make sure your other software products are also fully updated, particularly popular products like Firefox, Opera, Adobe Reader, Sun Java, Flash plug-ins and media players. The easiest way to do this is to use the free Secunia Software Inspector.
- Switch to alternative products if you can. Sometimes they are even better than the popular ones and less malware writers would target it since it is less popular. For example, Firefox or Opera instead of Internet Explorer, Foxit Reader instead of Adobe Reader, The KM Player instead of Quicktime/Windows Media Player and Open Office instead of Microsoft Office.
- Be careful where you surf. In particular stay away from sites offering commercial software serial numbers, keygens, other hacked material or adult-related content. Avoid accidentally wandering to hostile sites by installing McAfee Site Advisor, Linkscanner lite (does not work with Firefox 3 yet), WOT, Finjan SecureBrowsing or HauteSecure. They are free programs/plugins that append site security ratings to search engine listings and sites.You can also add the Netcraft toolbar for anti-phishing.
- Never click on email attachments from untrusted sources however tempting and attractive such attachments may seem. Similarly, never click on links in email from unknown correspondents.
- Never install programs unless you are fully confident they are clean. In particular, only download files from trusted sources and never install programs that friends give you on removable media unless you have verified that are clean by submitting them to free web based signature scanning services such as Jotti, Virus Total and optionally the behavioral analyzer Anubis.
- Have an inbound firewall in place. At the very least, make sure Windows Firewall is turned on. This would be enough for most people. If you are running Vista, you can use the free Vista Firewall Control to enhance the security and usability. Firewalls with outbound protection can also be used. Currently the best firewalls are Comodo Firewall Pro, Online Armor, ZoneAlarm Pro and Sunbelt Personal Firewall.
These measures can protect your PC from infection a great deal. However, sticking to these rules is not easy; it requires a level of discipline most users don't have. Who hasn't been tempted to open a funny PowerPoint email attachment or install a free game?
And it's not only a question of discipline. These days you can easily get infected simply by innocently surfing to a trusted web site that has been hacked or opening a "loaded" MS Office document. You need more protection that the basic security rules can provide.
Protection is better than cure
The best way to increase your level of protection is to make sure that if a malware program sneaks its way on to your PC that it is never allowed to run on your PC in a normal Windows environment.
A normal Windows environment is a user account with full administrator rights. It's probably what you are using right now as it is the default setup in all recent versions of Windows up to but excluding, Windows Vista.
There are many ways you can keep malware well away from your normal Windows account. Here are four:
1. Use a Windows limited user account for your daily work
2. Run all high risk programs with limited rights
3. Run all high risk programs with policy restrictions
4. Run all high risk programs in a sandbox or virtual machine
Each method has its pros and cons so let's look at them individually:
Option 1: Use a Windows limited user account for your daily work
Using a limited user account can be very effective in preventing malware infection as most malware products need full administrator rights to install themselves. In a limited account they just can't get a foothold.
It's easy to set up a limited user account. Just go the Control Panel, select User Accounts and create a new user account as a limited user. Then sign in to this account for your normal computer work rather than the account you are currently using.
Setting up a limited account may be easy but using it can be a real pain. For example you won't be able to install most programs. You won't be able to update others. You won't be able to access any part of the PC other than your own documents and the shared documents area. Heck, you won't even be able to change the system date!
Some folks can work with these limitations or work-around them by swapping to a full privilege administrator account when they need to install programs or do other more advanced tasks. Others use the Windows "Run as" command and similar utilities to temporarily elevate their privileges when needed.
Most users though, find using a limited account to be simply too awkward and inconvenient. Sure. their computer is safe but that's little comfort if their PC is only barely usable.
That said using a limited account is an excellent solution for advanced users prepared to tolerate the inconvenience or ordinary users with basic computer needs. If Granny never does anything but check her mail and browse to newspaper sites to read the headlines than setting her up with a limited account is a good way to go. Do expect phone calls though; one day even Granny is going to need to do something that requires administrator privileges.
Option 2: Run all high risk programs with limited rights
This is a more practical strategy. Run as a full administrator user but restrict the rights of all programs such as your browser and email client that can be sources of malware infection.
Getting this to work could be a complex business but thankfully there are some free utilities available that were written to perform this exact task.
The best known of these is DropMyRights. It allows users to easily create special versions of their browsers, email clients IM client, media player or other internet facing programs that run from a full administrator account but with the restricted rights of a Windows limited user.
It's a simple and neat solution that provides good protection from infection yet doesn't inconvenience the user in the same way as working from within a limited user account. I've written a practical guide to running programs using DropMyRights. You can find it here.
The approach however has some weaknesses perhaps the worst of which is downloaded files. Yes you are safe from infection while using a browser but if you run any files you download then you can easily be infected if those files contain embedded malware.
However, if you add Software Restriction Policies you restrict your computer even more so most malware will not be able to install. These two guides, here and here, are excellent instructions on how to set up Software Restriction Policies on your computer.
Option 3: Run all high risk programs with policy restrictions
There is currently only one free program which does this: GesWall free. It is similar to programs like DropMyRights but it is more secure. It works by restricting what your internet applications can do to your computer.
Another option is to use DefenseWall. It is shareware but it is the leading product in policy restrictions and extremely good security if you can afford it.
The good thing about these two applications are that it requires no user intervention, it is truly set-it-and-forget-it. It does not restrict the usablity of your whole computer (Option 1), the does not require the user spending time to configure the program (Option 2) and it does not create confusion or require manual sandboxing of applications (Option 4).
However, some users report signifcantly reduced internet connection speeds when running GesWall.
Option 4: Run all high risk programs in a sandbox or virtual machine
The strange name "sandbox" derives from the Java world where it refers to the highly contained and restricted environment in which Java programs (applets) are allowed to run. They are allowed to "play in the sandbox" but not go outside it. The important point is that while running in the sandbox, the programs have no access to your real PC.
So it is with sandbox security programs. While browsing or engaging in any computer activity within the sandbox you are totally corralled off from your other parts of your PC. Any files you download are isolated to the sandbox. Similarly, any programs that are executed only do so within the sandbox and have no access to your normal files, the Windows operating system or indeed any other part of your PC.
That means that if you get infected by malware while using the sandbox your "real" computer is nor affected. Furthermore you can close the sandbox and all that's within it is erased including any infections, leaving your real PC in a pristine state.
Sandboxing is a great security solution for preventing infection. There are also some excellent sandboxing programs around including my favorite, the donationware utility "Sandboxie." It is very light on resources, provides very strong protection and has a well-supported form. Another alternative is SafeSpace. It is currently still in beta and development has slowed down significantly recently but in addition to virtualisation it also provides some policy restrictions and an anti-keylogger. The interface is also nicer than Sandboxie.
There are some downsides. Sandboxing creates a two-worlds view of your computer and this confuses some users. They could get it wrong and think they are surfing in the sandbox when they are not - and then it's possible to become infected. This confusion is particularly evident with downloaded files. Files in the sandbox are not really permanently on your computer unless you deliberately move them from the sandbox to your real PC. If you shut the sandbox without moving them they will be lost forever.
This two-worlds view is simply too confusing for some users. A confused user is an unsafe user.
Also, if users are not thinking, they could allow every alert, which would recover files to your real environment.
And like every single other security software, some malware can still break out of sandboxes.
There are other problems too. Sandboxing is only available for PCs running Windows 2000 and later. Furthermore sandboxing can create problems on some PCs. Indeed I've known PCs to seize up totally with a sandbox installed. Luckily though, this is not common.
Another option is Returnil Virtual System Personal Edition. It works by virtualising partitions (only the local drive). When you turn the protection on (this does not require a reboot), your whole partition is virtualised and all changes made to it are lost. When you want to turn the protection off you have to restart your PC. This sounds like a great idea and it is, but there are several drawbacks. One is that it is not very flexible, all your data will be lost too (unless you manually configure some files to be excluded, but this reduces the security). Another reason is that it can still be bypassed - recently there have been several well-publicised malware exploits which can bypass its protection.
Virtual machines such as VMWare, Microsoft's Virtual PC and Sun's VirtualBox are similar to sandboxing but take the idea one step further by completely separating the virtual machine from the real PC at a conceptual level. Rather than have a sandbox as part of your real PC you have a virtual PC that is notionally fully distinct from your PC.
This difference aside these virtualization models have a lot of similarities. Infections that are incurred in the virtual machine cannot affect the real PC. Similarly shutting down the virtual PC removes all trace of infection.
Unfortunately they also share the same user confusion: "Am I in my real PC or the virtual one?"
The greater separation provided by the virtual machine approach does offer more robust security model than sandboxing but it comes at a cost. Virtual machines consume a lot of memory and a have a fair degree of processing overhead compared to sandboxing. And moving between the real and virtual machines can be more awkward than with sandboxing. Like sandboxing virtualization can be troublesome on some PCs.
From a user's perspective sandboxing or partition virtualisation are more attractive options though IT professionals would probably prefer the greater flexibility and superior isolation offered by virtual machines. I've written a practical guide to surfing using a sandbox which you can find here.
Security wise all three offer excellent protection from malware infection. The protection is so good that disciplined users don't need any other security products to protect them.
What about on-demand scanning?
OK I've come out heavily against running multiple active security products but what about passive security products like on-demand scanners?
An on-demand scan is one you manually initiate. It may be an anti-virus scanner, an anti-spyware scanner, a rootkit detector or a keylogger scanner.
I'm all for on-demand scans as, unlike using products that employ active monitoring, they don't impose an on-going overhead on your computer. The only computer power they consume is while they are actually performing a scan.
Take for example a good anti-spyware scanner like the free version of SUPERAntiSpyware or the excellent free Panda Anti-rootkit detector. They consume no computer power unless you actually run the programs. And because they are not constantly running they are less inclined to cause any problems with other programs.
So by all means runs on-demand scans periodically: weekly, monthly whatever. They are a good backstop to your anti-virus program.
Conclusion
When it comes to today's aggressive malware programs, preventing malware from ever getting on your PC is a better strategy than trying to intercept it when it tries to run.
Make sure to use a blend of different technologies and products when you use security software, not just signature scanners. Remember, absolutely no product provides 100% protection.
You can prevent malware getting on your PC by combining safe computing practices with other techniques such as reducing the privileges of high risk programs, policy restriction progams, sandboxing and the use of virtual machines.
Reducing the privileges of high risk programs is a simple workable solution for most users. Policy restrictions offer greater security and usablity than reducing priviliges, but can slow down your internet connection speed drastically. Sandboxing, virtualization and policy restrictions offer a more complete solution but are not entirely free of practical problems. For those who can work with these problems, sandboxing, other virtualization solutions and policy restrictions offer the best way currently available to prevent malware installing itself on your PC.
With these elements in place the only active security software you really need are an inbound firewall (Windows Firewall will suffice), any good anti-virus program and a behavioral blocker. That said you can, indeed should, supplement these with periodic on-demand scans of your PC with a good anti-spyware product and a good rootkit detector. These on-demand products won't impose the on-going overhead you would incur with security software that uses active monitoring.
This set up is better security than other users who employ multiple layers of real-time signature scanners. Even better your PC will run much fast; a complete contrast to machines running multiple real-time security products.
None of this comes without cost. Defensive computing requires time and discipline. Users not prepared to put in the effort are advised to stay with a layering strategy using multiple security products.
For me, the days of running five or more active security software products on my PCs are over. So your Grandmother was right: An ounce of prevention is worth a pound of cure.
Related Topics
- Best Free HIPS
- Best Free Adware/Spyware/Scumware Remover
- Best Free Anti-virus Software
- Best Free Trojan Scanner/Remover
- Best Free Browser Protection Utility
Gizmo
Delicious
Digg
Technorati
Here is a good review of HIPS/sandbox products...
the reviewer's favorite products were Prevx and Sandboxie
http://www.pcworld.com/businesscenter/article/151706-2/sandbox_security_...
Hi
I've heard that SuRun is a great program to run if you use a Limited User Account. It allows users to run an application with administrative privileges.
http://kay-bruns.de/wp/software/surun
http://translate.google.com/translate?u=http%3A%2F%2Fkay-bruns.de%2Fwp%2Fsoftware%2Fsurun%2F&langpair=de|en&hl=de&safe=active&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools
You've got this stuff down cold! Should have read it a few months ago.
Great article. I have learned a lot of knowledge from it. Thanks.
This is an excellent news letter and website.....this makes things easier for everyone to get the right protection they need....and the price is right...So thanks for your efferts and keep up the good work.........Randysr9
Hello, thanks for the info!
Haven't read much regarding another strategy that has worked well for me, and automatically addresses a multitude of other issues - I have used various versions of GoBack, since before Symantec took it over, and in some aspects it automatically creates a sort of "virtual machine", or a series going back in time.
I have had what appeared to be near-catastrophic situations unfold, and as long as I recognized quickly enough to immediately reboot and/or initialize a GoBack reversion, most times the problem vanished.
It is in essence a more advanced and complete version of the limited Windows System Restore.
Pluses:
No need to know or understand what caused the problem - only when the problem started (so a revert to a prior state could be done).
The entire hard drive is re-written to a prior state, registry, hidden files and all, so viruses, trojans, etc. are not left anywhere to re-emerge.
Afterward, a list of most erased files is shown, and if any file has a saved version, it will give the user the option of recovering those.
I have experienced suspicious problems soon after opening suspect emails, and reverting to a earlier state resolved the problem.
Proactively, after any websurfing session or use that might be the least bit risky, one can just revert to before the session began, and any sinisters accumulated will be gone. No known virus, trojan, etc. can escape, or activate itself from inside the compressed GoBack history partition.
Minuses:
GoBack can be overwhelmed by rapid activity and movement of very large files; I have only an 8 GB restore file on a separate partition, and it can store a couple month's history, or only a day or two - or rarely, nothing at all.
I have had a couple instances where activity overwrote all history, and so there was no earlier time to revert to; or, reverting did not go far enough back to predate the problem.
*********
While I have tried to fix problems diagnostically, the complexity and scope quickly reveals my weaknesses. Too many times a very mundane and innocuous change results in mysterious behavior far too commonly mis-interpreted as something sinister; misdirected attempts to "clean" an "infected" computer lead users to delete benign and occasionally important system files and registry settings.
A look at the hundreds of changes made by every update shows how difficult this approach can be; ultimately, a regular backup and something short-term like GoBack may be far more practical and time-effective for the typical user.
Wow nice article
I would call myself an "intelligent" user - definitely not a "techie"- so I can understand pretty much all of what Gizmo suggests/recommends ; which , I believe , is why so many others read/follow his advice. Whilst alternative proposals are interesting, I have to say some seem to cloud rather than clear possibly confusing options . Perhaps, a "preface" of the "for the more technical of you" style would help ( me, at least :); maybe granny as well:))
PS : My French ISP "gives" me a "free" modem with a k**k a**e firewall ; for what it's worth !!
"There are three way you can keep malware well away from your normal Windows account."
Shouldn't this be "there are four ways," as there are four numbered items.
First, the Vista firewall is two sided.
Second, it doesn't make any sense a recommendation of outbound protection if your conclusion is "the only active security software you really need are an inbound firewall (...)". This is a clear contradiction and an error.
Third, this is Someone's review, right? Why is the reviewer name Gizmo.Richards?
Hi
I see it now. Sorry. I missed it the first time.
Well what it means is it is a minimum - you must get a inbound firewall, and if you want, you can also add outbound firewall for extra protection. So I do not think it is contradicting or an error.
No, the main writer is Gizmo, and some other editors helped a bit.
This review is written by Gizmo,
Did Gizmo aproved this latest update?
Yes.
I really don't see an error, and it's a bit mountainous to call it a contradiction. Gizmo clearly states that you need at least an inbound firewall, but if you want, you can use one that controls outbound traffic as well.
Whoops - knew I'd forget something:
If for some reason your firewall and anti-virus don't default to full protection of their own installation, tell them to.
And one problem with DropMyRights is the fact that it doesn't intercept browser, etc., invocations other than those which you initiate explicitly (e.g., if you double-click on a .htm file or some other piece of software invokes IE explicitly, the browser will just pop up with all your normal rights - and nothing obvious will alert you to this fact).
- bill
Hi
Well another solution is to use a Limited User Account with something like SuRun or a policy based sandbox like GesWall and DefenseWall (only shareware though).
Thank you for all the info. We really do welcome alternative viewpoints.
It's definitely a worthwhile article, but kind of heavy on potentially confusing options. So I'll offer up a simpler (at least if you don't include the things I've added) counter-proposal:
0. Gizmo's "Good Safe Computing Practices" 1 - 6 above are generally good advice, but I choose not to follow some of it. For example, I don't use automatic Microsoft Updates, because I believe the chances that Microsoft will install something I don't want it to are significantly higher than the chances that my PCs will get compromised just because I waited a couple of months to catch up on my manual updating (and since my PCs have never been so compromised - for reasons described below - but Microsoft has included some allegedly critical updates that I didn't want that seems like a pretty good bet). I don't bother with site ratings since even a nominally safe site can get hijacked and become unsafe at any moment. I don't use additional anti-phishing software because I already get more than enough false positives from Thunderbird (and it occasionally misses something noxious), but rather never trust any site that I haven't provided the URL for manually for any sensitive transactions (and phishmail really isn't very difficult to spot, especially when you know everyone who should be sending you legitimate communications and what they should legitimately be asking for). In a related vein I don't even open emails (let alone open attachments or links in them) from sources I don't recognize: they go directly into the junk mail black hole. Additionally, some people claim that IE7 (especially running on Vista) has become more secure than Firefox, but I'm with Gizmo there: any analysis of how long IE bugs remain unpatched vs. the same for Firefox and of their relative severity still reflects poorly on IE, and even the allegedly safer, smarter ActiveX facilities still seem like an accident just waiting to happen (not to mention the fact that we ought to be encouraging use of more universally-supported mechanisms like Javascript - though I only enable general-purpose Java code when I need it for something specific). And I just feel better being able to set my firewall to restrict Internet access for IE and OE to the times when I explicitly allow it (which means that I probably no longer need to manually restrict their detailed behavior, so I won't bother listing those details here).
1. If you don't already use a hardware router find one on sale for $10 (after rebate) and place it between your PCs and the Internet: it will block virtually all in-coming attacks (save for those you allow in yourself via downloading or email) - over the 7 years we've been using one we have *never* seen any such attack get through it (though the fact that we use NetBEUI rather than TCP/IP for local file and print sharing may also have helped avoid such exposures).
2. If you're going to run Windows, run Win2K or later (it's a lot more securable than Win9X). Vista's lower default privilege levels really do provide improved protection out of the box - if you find them worth the increased aggravation (which I don't, but then I've got a good idea what I'm doing and am willing to recover from backups if my confidence turns out to be misplaced, though so far that's never been necessary). Just to put things in proper perspective, though, I *much* prefer Vista's approach to reducing default user privilege to Ubuntu's (which is downright obstructionist rather than merely annoying: whose PC do they think it is, anyway?).
3. I already mentioned using NetBEUI rather than TCP/IP (which you'll have to unbind manually from both Microsoft Client and File/Print Sharing using 'Advanced Settings' in the Advanced tab) to keep file and print sharing mechanisms from possible exposure to the Internet; you may also want to disable NetBIOS over TCP/IP (in TCP/IP properties/Advanced/WINS). Microsoft dropped support for NetBEUI as of WinXP, but it still works there (see http://support.microsoft.com/kb/301041 ). Microsoft claims that it won't work on Vista, but many say they've successfully installed it the same way they did on XP. Then again, with all the other protection you'll have using NetBEUI rather than TCP/IP may no longer be as important as it once was - and using NetBEUI may make file/print sharing with Linux more difficult if you're into that kind of thing.
4. Especially if using TCP/IP for sharing rather than NetBEUI, consider disabling the default administrative drive shares (by setting to zero the DWORD values AutoShareServer and AutoShareWks in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters, then disabling the shares one by one).
5. To prevent automated infection from removable media (or just to avoid unwanted software execution or installation), disable the Autorun mechanism for various types of drives by ORing the appropriate hex bits into NoDriveTypeAutoRun in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer: 1 for drives of unknown type, 4 for removable drives, 8 for fixed drives, 10 for network drives, 20 for CD and presumably DVD drives, 40 for RAM disks, and 80 for drives of reserved type. The normal value of this key is 95 (hex) - but in HKCU in the analogous location (need to create it in HKLM). The value in HKLM, if present, overrides any corresponding value in HKCU. Unlike setting the value of Autorun to 0 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom (which affects only CD and presumably DVD drives anyway), this will not suppress Media Change Notification messages.
6. Unfortunately, this still won't disable Autoplay if the drive is double-clicked in Explorer, but running gpedit.msc allows you to enable 'Disable Autoplay' for all drives in Computer Configuration > Administative Templates > System.
7. Since Gizmo recommends using a firewall anyway, use Online Armor (free): it has excellent out-going 'leak protection' and (if you disable its list of 'trusted' applications, as you should) will ask your permission when *any* hitherto unknown process (or even a known process being controlled by something unusual) tries to run (so that you can nip anything obviously suspicious in the bud before it can do any damage) - though you can of course just get used to clicking "allow" and defeat this protection if you're too lazy to care. Comodo (free) is comparable, if you want another choice: disable its list of 'known safe' applications and block out-going connections while booting in Advanced Attack Detection. The firewall may detect the uPnP SSDP multi-cast messages sent from 192.168.1.1 (or whatever the router address is) to 239.255.255.250 every 20 seconds or so - and log every one of them as blocked unless you create a higher-priority rule saying just to block them without logging them.
8. Since Gizmo recommends using an anti-virus anyway, use AntiVir (free): it has excellent active (as well as on-demand) detection rates and also includes both rootkit and malware detection (so between it and Online Armor you can more comfortably omit the additional active-protection products that might degrade your system's performance). Check the "Expert Mode" box in its configuration screen to get the full list of options, tell it to use 'smart extensions' (both scanner and guard), select all the scanner 'additional settings', tell it to scan archives (guard), and tell it to protect files and processes (General > Security). Otherwise the (Version 8) defaults seem fine. If you don't like its nag screen on every update Google around for easy ways to disable it (since I do appreciate the product you'll have to find out how on your own). Unlike the case with Online Armor, I don't know of an alternative to AntiVir that offers anything like comparable coverage - and despite Gizmo's comment I don't find AntiVir particularly 'intrusive', so that's not a problem for me.
9. Though given the above safeguards I usually don't bother (especially with Firefox set to ask me before installing anything), when visiting some of the more dubious areas of the Internet I do use a Restricted User account (Drop My Rights not supporting my usual Win2K platform): switching back and forth between that and my normal account just isn't much of a bother, whereas I'm sure I'd eventually lose something important if I used a sandbox all the time (especially if said sandbox evaporated if power was lost, which happens moderately frequently here - and UPSs don't always work perfectly).
Enough for now - just thought an alternate viewpoint might be useful.
- bill
Hi
"I don't use automatic Microsoft Updates". I know some users prefer to analyse all the updates before they download it, so I did add the "(or at least not off)". But for most users the simplest solution is just to keep it Automatic as the security updates are needed to patch exploits.
"I don't bother with site ratings". I know that legitimate sites are constantly getting hacked, but Linkscanner for example uses heuristics and WOT uses community protection so these could respond fast enough to zero-day exploits, if you're lucky. If you're not, it will still warn you of sites that have had malware for a longer period of time, e.g. crack sites.
"I don't use additional anti-phishing". I did add "also", so it's just optional. I personally am using Netcraft and it does have quite a few false positives but I think for people who banks online, it is helpful to have anti-phishing then they have less chance of losing money.
"phishmail really isn't very difficult to spot". Well maybe only for advanced users like you. :) Because I have not encountered any but I believe that many beginners are getting fooled by phising e-mails as they are 99% identical to legitimate ones.
"how long IE bugs remain". I agree, it's ridiculous. I think I read the fastest they ever patched a security hole was in around 300 days after the exploit was publicly known.
"hardware router". Well this site does focus on free software, not paid hardware, but I suppose it should be added as an option.
"Vista's lower default privilege levels really do provide improved protection out of the box". I believe most beginners just allow all the prompts as fast as they can click them. Quite useless if you ask me, and gives a false sense of security, as people might not understand how it works but believe the advertising. So they will think, Oh cool Vista is safer I can do anything I want and I can allow all alerts.
"I already mentioned using NetBEUI". I've never heard of this. Does it make it safer? So you can still connect to the Internet and everything with no need to change settings? Thanks
"To prevent automated infection from removable media". Or you could use Xpy, though it is potentially dangerous in the hands of a beginner.
"use Online Armor (free)". I personally think the value of leak test protection and outbound protection is over rated. If you think about it, even if it does manage to alert you (after malware is on your computer there is practically infinite amount of ways it can hide itself, I think) to the malware and you actually read and realise it is dangerous and block it (many users just click allow as soon as an alert pops up and still thinks they're safe, same as UAC - false sense of security), the malware is actually still on your computer. So firewalls are even more reactive than signature scanners. That's why I think more effort should be put on preventing it, as Gizmo said, like using Web Scanners, sandboxes, etc.
"use AntiVir (free)". Have to agree with that. It has the best heuristics of any signature program, I believe.
Most useful information and guidance news letter. Thanks to Gizmo..Thanks a lot -Rajiv
Thanks Gizmo - at least this advice should be required reading for the school curriculum and on through to the "granny" clubs ; and the newsletter would not be amiss , either ; even if granny does know best !!
Thank you Gizmo for a fine well-balanced and instructive article. You outdid yourself in issue 158 of Support Alert Premium! A really great issue full of very useful tips and practical information. Bob.
Hi
I think this is quite a good article.
But I think you could also mention programs such as Geswall free, Returnil free and Threatfire free.
You're a site editor!
You can freely update/rewrite this article.
Peter
Hi
OK. Sorry, I think I posted it before I became a site editor.
Great article. I have learnt great deal form this website.
hi nice site thx
Post new comment