Just how vulnerable PC's have become in the internet!!

[Piru]

It never ceases to amaze me how this can be so hard. By following couple of simple advice (most given here already) and you're safe.

- Use NAT (either from the routing network hw, or from linux/bsd). This is the single most effective way to block tons of malware coming thru OS service vulnerabilities. No-one from outside world can access your box directly. This also allows you to safely (re)install Windows without fear of instant infection.

- Keep your Windows updated. This is absolutely crucial for safe system. Enable automatic updates.

- Use antivirus program. If you don't want to pay, there are good free alternatives, for example Avira/AVG/Avast. Have the program autoscan the system regularily.

- Use spyware/adware scanner. Spybot S&D and Ad-Aware SE are both free and very effective. Use both for best coverage. Update the databases and scan the system frequently.

- Use the windows built-in firewall, just in case (maybe you someday need to connect the system to inet directly. This way you won't get infected in that case, either). You can also use Zonealarm if you like.

- Use Firefox. Whatever is said about Firefox vulnerabilities, they are still patched much faster than IEs. Most malware is for IE. Only use IE for sites that you really must (read: sites that suck with Firefox).

- Don't use outlook. If you must use outlook, disable html mail display. 99.99% malware comes thru IE and Outlook (it uses IE engine to display html, so any hole in IE is hole in Outlook). Eliminate both and you're already very safe.

- Don't download and install software/games from questionable sources. Really, don't.

- Never automatically click "Yes" on dialogs. Always read the dialog text, first.

- Offers sounding too good to be true are not true.

- Learn to identify most common scams: chain letters, pyramid schemes, telemarketing scams, 419 frauds (advance fee fraud), bank phishing, stock scams (penny stock scams) etc. If you know the current/old scams, you're much more likely to identify new ones aswell.

- Don't install anything recommended by your friend via email, without checking with him/her first. Viruses/backdoors can forge really convincing fake messages these days, reusing parts of legit previous correspondance.


The above list is incomplete, but this alone is going to keep you safer than 99.99% of the Windows users.

[Tomas]

Use NAT (either from the routing network hw, or from linux/bsd). This is the single most effective way to block tons of malware coming thru OS service vulnerabilities. No-one from outside world can access your box directly. This also allows you to safely (re)install Windows without fear of instant infection.

But most people who have single pc in their home has no router and just instead hook up the cable/adsl modem directly into the lan port. The fact still is that this OS is way to unsecure for the average person to use.

Sadly 90% of the the computer users is far from as experienced as most of us, and thus will not be able to follow all these tasks just to get a reasonable secure OS.
I dont think Windows will get any better before they completly rewrite the OS from scratch and then write it with some focus on basic security.

I personally wish Windows adopted the unix way of multiuser capability. I have a WinXP pc setup for my parents and i gave them a user account with only a very limited set of priviligies, which means they wont be able to change settings, install software and so on. But the sad part is that this also gives alot more hassle, since alot of software wont even run properly without admin priviligies. I also wonder why i should have to login as a admin when using the control panel?? Why dosent it just ask me for the login info for admin priviligies, like most window managers on linux does? If i want to change some setting using kde, it will come up with a popup asking me for my root password, which makes my life a hell of alot easier.

[Piru]

But most people who have single pc in their home has no router and just instead hook up the cable/adsl modem directly into the lan port.

Even the most simplistic cable/adsl boxes come with built-in NAT these days. Unfortunately it might not be default.

[Oliver]

I've had terrible problems with malware on XP.  I used:
-NAT firewall router
-XP firewall
-Adaware/Spybot/...
-Norton anirus

I think most of the problems came from my wife's Chinese webmail services.  They would only work with IE, with practically everything enabled.  I was already suspicious of course, but how can you tell your wife not to read her email?

The whole system slowed down to a terrible crawl.  IE would open all sorts of popups, forced homepage, new toolbars, etc.  The malware regenerated annoying programs and files.  I tried every malware remover available, and nothing could deal with the problem (did this repeatedly for more than a month).  In the end, had to reinstall.

I'm using win98 at the moment.  It lacks some usefull features of XP, but it's just not targeted as much.  I also find Opera to work quite well for me.  It's quite rare that I will have to switch to another browser now.  I also convinced my wife to switch to safer email services, but they often don't handle the Chinese encodings properly.

[Argo]

by dammy on 2006/5/17 17:09:54
Quote:  I didn't blame PC's, I think...

       It's not the PC, it's the lame ass OS your using.
      Dammy

Right, Just install AROS! :lol:

[dammy]

Even the most simplistic cable/adsl boxes come with built-in NAT these days. Unfortunately it might not be default.

Or go dumpster diving for a junk'd PC that will still work.  There are several floppy based router/firewall distros out there so the free box doesn't even need a working HD/CD-ROM.

Dammy

[coldfish]

Jose, try: AVG and Keiro, both free for personal use and both frequently updated.  

Really, when people blame the OS or the machine for this kind of trouble its just lazy, do you walk across the road with your eyes shut?

[jjans]

I can attest to AVG. I have used the free version for years. In fact I was so impressed, I actually bought a license ($19.00 US for 2 year subscription).

The reason I have been impressed with it, is that I have had clients bring me their machines with Norton installed. AVG has found stuff that Norton had missed.

Actually works too good, as my clients never need to return for Virus removal, because I tell them to use AVG.

A Linksys Firewall broadband router (non-wireless) is my favorite for home use, as it is similar to the CISCO style config. I was never comfortable with DLink, but it is a matter of choice I guess.

I tested my broadband ISP to see how long it would take to  catch anything by hanging an expendable 'naked' Windows 2000 Advanced Server freshly installed with no Service Packs, no Router/Firewall, no Anti-virus, no nothing. The connection was straight from the Server to the Cable Modem.

As soon as I plugged in, I noticed an almost immediate drop in performance. This machine is an old Celeron 400 MHz, so anything installed will drop performance! As soon as I tried to perform Windows Updates, the machine lost connection due to DoS attacks.

So yes, don't go out in public naked, or you'll catch something that will rapidly cause you denial-of-service!!! Wear a rubber!!!


 :lol:  :lol:

[InTheSand]

I agree with jjans - AVG is great. I usually go the AVG, ZoneAlarm, AdAware and SpyBot S&D route for Windows-based PCs, as well as using Firefox and Thunderbird for browsing and email.

I'd avoid any of the Norton utilities like the plague. They're slow and bloated and cause too many conflicts with other applications. I can't imagine why any home user would go with a Norton product when the likes of AVG are available for free.

And unfortunately, lots of ADSL modems are USB-based and have no internal NAT. Even with a NAT-based solution, I'd still install something like ZoneAlarm for home PCs or the paid-for AVG+firewall combo for computers in small business environments.

Or just use Linux! Ubuntu is getting better and better, though I appreciate there are still Windows-specific applications that don't run well on WINE.

 -Ali

[motorollin]

You don't get any of these problems with a Mac  :-P

--
moto

[orange]

I'd strongly reccommend Kerio v2.5.1 firewall
its free, fast, efficient.
I also use KAV antivirus after downloading any .exe files.
But I shutdown all KAV services, disable autostart on bootup and all other similar stuff so it doesn't scan in background every file and eat resources.

[jjans]

I can't imagine why any home user would go with a Norton product when the likes of AVG are available for free.
 -Ali

Marketing is a very powerful influence I guess.

Norton is more suitable for the enterprise environment - so they claim, but I have been able to do much of the same with AVG (ie set up server/client rule configs to be controlled from one remote admin agent).

Please do not think I am a Norton basher however, as I happen to love Ghost and Partition Magic, and use them frequently!

[Fester]

amije wrote:
amiga scene was full of viruses when amiga was the top in the market, so don't blame pcs for this, but the guys which make them. as they say, the scorer gets the cheerleader :-)

Does anyone remember the SCA virus on Amiga? Not even a week after getting my first A2000 in the 80s, did I start seeing this thing pop-up on the screen. It would blank out the screen and then it would tell you that a wonderful thing had happened, that "your Amiga was alive...another mighty trick from the SCA.". Then, the silly virus would dammage the diskette.

This virus was apparently shipped _with_ the Amigas. There was an article and a fix for it in one of the issues of the AmigaWorld magazine.

I don't believe humans have been able to build the bug-free, defect-free, 100% virus-proof computer yet...

Fester

[Oliver]

I also had to install Nortan antivirus in order to connect my PC to my work's LAN at the time.  I agree it's a resource hog, and not all that impressive in performance.

I've used esafe desktop before, with good results.  It stopped problems which nailed every other PC on a LAN (each running other antiviral progs).  I stopped using it when it was no longer free.  That was several years ago.  It worked well to detect unkown mal/viral ware by recognising suspicious program behaviour, rather than comparison to a known list.  In the case I mentioned above, the other antiviral progs missed recognising the new software, as it was not on a list.  I suggested to the sysad of the LAN to use esafe, but he insisted that it's approach didn't work as well as having regular updates of a virus list.  Oh well, he could think about that while fixing all his 'puters.

[Piru]

@Fester

Does anyone remember the SCA virus on Amiga? Not even a week after getting my first A2000 in the 80s, did I start seeing this thing pop-up on the screen. It would blank out the screen and then it would tell you that a wonderful thing had happened, that "your Amiga was alive...another mighty trick from the SCA.". Then, the silly virus would dammage the diskette.

SCA does not wipe anything or damage the disk when it activates. It just spreads, and displays the message every 15th reboot.

By replacing the bootblock of the disk it can destroy game loaders though. But everyone kept the original disks in safe place, write protected, right? :-)

This virus was apparently shipped _with_ the Amigas.

Not with the amiga itself, but many dealers would "spice" the hw deal with bunch of unofficial games (yes, this did happen in some countries).

[motrucker]

dammy wrote:

I didn't blame PC's, I think...

It's not the PC, it's the lame ass OS your using.  :-D  

Dammy

You can't even blame the OS. It just not safe to go online without an intivirus prg running these days. There are a couple of excellent prgs for windoze, with AVG being my favorite - The free version is excellent, but the pro version is even better (and at $40 for a two year license isn't bad).
BUT - put the blame where it belongs - the hackers who write the viruses (virii ?)