Linked by Alcibiades on Wed 4th Jan 2006 18:04 UTC
Windows Like a lot of people who have worked in the business, I find myself in conversations about computer security with people who are having problems or know people who have problems. I wrote this to save me from explaining the same thing over and over again to different people, and to save them the trouble of having to make notes as we talked. It was meant to be something you could give to a 'naive user' and have them be able to read and follow it more or less unaided, and while not being a complete guide, at least be something that made them more secure than before they got it.
Order by: Score:
good article...concise...
by jtrapp on Wed 4th Jan 2006 18:47 UTC
jtrapp
Member since:
2005-07-06

The writer does a nice job of being concise and offers an easy to read list of the basics. Of course it is somewhat over simplified, but it is titled a "naive user's guide".

I am continually amazed by friends who are highly infected by spyware and still continue to do their online banking. Sometimes I get hijacked to clean their systems or (worse case) reinstall Windows. I always tell them to change any passwords they have typed into the computer, but they rarely do so. At heart the human race is closely related to lemmings.

Reply Score: 4

RE: good article...concise...
by helf on Wed 4th Jan 2006 21:53 UTC in reply to "good article...concise..."
helf Member since:
2005-07-06

yes, lets hear it for the lemmings!

Reply Score: 1

v No Chance For Windows
by hraq on Wed 4th Jan 2006 18:52 UTC
Nice read
by rexbinary on Wed 4th Jan 2006 19:18 UTC
rexbinary
Member since:
2006-01-04

Will forward to some 'Naive Users' ;)

Reply Score: 1

Windows Update
by pureza on Wed 4th Jan 2006 19:19 UTC
pureza
Member since:
2005-07-06

I keep telling this to everyone who complains about virus and the bloat of some anti-virus: use Windows Update. Most of the exploits are fixed before they get exploited. Remember msblast, whose fix was available 1 month before the virus started to emerge.

In about 6 years using the Internet daily (most of the time in Windows) I have never been infected from a single virus, except one day I actually reinstalled Windows and forgot to enable the firewall before going to Windows Update.

I keep telling this. Nobody believes me, though.

Anyway, nice article. Follow its instructions and you will be ok.

Reply Score: 2

RE: Windows Update
by Tom K on Wed 4th Jan 2006 19:31 UTC in reply to "Windows Update"
Tom K Member since:
2005-07-06

Good thing for you, 2K and XP have automatic updates. ;) Just set it up to automatically download and install updates at a time you KNOW their computer will be on, and no more problems.

Reply Score: 3

RE[2]: Windows Update
by Windows Sucks on Wed 4th Jan 2006 20:06 UTC in reply to "RE: Windows Update"
Windows Sucks Member since:
2005-11-10

Hummmmm, problem with that is what do you do (Like now with Microsoft Security Advisory 912840) when there is no patch?

Unplug the thing or pray you don't get jacked? LOL!

Good luck!

Reply Score: 2

microshag
Member since:
2005-11-30

Explaining that to the naive would be a bit more troublesome. Explaining that you have to de-register dlls is beyond the usual Windows Security lecture.

Reply Score: 2

modmans2ndcoming Member since:
2005-11-09

Just give them the patch on GRC.com

Reply Score: 1

A somewhat paranoid view of security
by Robert Escue on Wed 4th Jan 2006 19:51 UTC
Robert Escue
Member since:
2005-07-08

Most of the information is common sense stuff for those of us who work in the IT field or have an above average interest in computers.

Alcibiades' description of the effects of malware assumes the user goes to every warez/porn/malware/social engineering/phishing site on earth. Usually to get trojaned by a porn dialer means you went to a porn site that supports the malware! Normal surfing in the US you would get the typical amount of spyware, and not much more. My 15 year old daughter goes to a number of sites that her friends send links to that I sometimes think are questionable, but she has not been hit. And I check her system weekly using Symantec AntiVirus, AdAware, Spybot Search and Destory.

I don't necessarily agree with replacing Windows XP's SP2 firewall with ZoneAlarm, while ZoneAlarm will definitely protect a machine better than Microsoft's product, it is also harder to configure, which brings me to the second issue I have with this article. Much of this assumes a level of experience that the "typical" user doesn't have, and the reason why most users don't do this is because they either don't know how, they see it as too hard, or that it severely limits the functionality of the system.

For this guide to be really useful, it would have to be written in layman's terms and use lots of screen shots.

Reply Score: 2

alcibiades Member since:
2005-10-12

"Alcibiades' description of the effects of malware assumes the user goes to every warez/porn/malware/social engineering/phishing site on earth"

Well not really. At least not around here. I have seen a pro shop down the street in the process of taking several hundred items off a family machine, and another family paying for a disinfection of similar scale - and the comment was, you don't understand what normal use is these days, its ring tones and music downloads, and instant messaging, and that's what does it.

Then I know of two machines in another family made essentially unusable by a family visit of a (girl) teenager. They didn't know what she had done. But I doubt very much it was porn. It was probably just instant messaging. I know for sure of one case in which ringtones were to blame, because the mobile in question was charged with them. Then another local case in which the guy for sure had not been to any porn site or even warez, and he had quite a few pieces. All he ever does is probably read the papers and shop.

The really eye opening experience for me has been how innocently you can be infected. The cases I've seen, you really don't have to have done anything deliberately 'out of line' or risky, just get a little careless. Scary.

Reply Score: 1

Robert Escue Member since:
2005-07-08

Which is where user education comes into play, my wife and daughter know better because I take the time to educate them. With my daughter it is standard procedure, if she is not sure she asks me. Music downloads (and we all download music in our house) is limited to samples through approved web sites (CD Baby, Amazon, etc.). She also uses IM (both AOL and MSN), no downloads are allowed at all. The end result is few if any security issues.

Most of the users you reference fall into what I call the "clueless" category, either by accident or design. And unfortunately for many it is by design, they prefer not to know because it is "too hard to understand" or "too much to learn". With children it is also a lack of parental control, or the parents being "too busy" to see or learn what Johnny is doing (thus the situation where the kids know more about computing than their parents). When I did phone support for Canon I took a call where the parents handed the phone over to their son because he knew more about the problem than they did!

It is too easy for many people to skate by and expect their more knowledgeable friends/neighbors/workmates to bail them out when they get into trouble (I know, I get the frantic calls from my wife's friends). And until these people decide it is their responsibility to maintain their computer hardware and software, no amount of guides will help them out.

Reply Score: 1

modmans2ndcoming
Member since:
2005-11-09

Home users should not run windows unless they want to become amateur security specialists.... Most home users should get a Mac.

Reply Score: 3

Dang!
by Windows Sucks on Wed 4th Jan 2006 20:02 UTC
Windows Sucks
Member since:
2005-11-10

Spend more time reading how to cover your own butt because Windows sucks then you do actually enjoying your PC.

But thanks for the hard work of putting this together. Most people talk the talk but dont walk the walk!

Reply Score: 0

RE: Dang!
by Snifflez on Thu 5th Jan 2006 05:49 UTC in reply to "Dang!"
Snifflez Member since:
2005-11-15

"Spend more time reading how to cover your own butt because Windows sucks then you do actually enjoying your PC."

Umm... no. Depending on how "filthy" the machine is, it might take some time to clean it up and lock it down, but after that weekly anti-spyware scans should be enough. Contrary to what your trollish screen name claims, Windows is a decent platform that allows users to be productive and enjoy their PC. Security, after all, exists mainly between the chair and the keyboard.

Reply Score: 1

RE[2]: Dang!
by Windows Sucks on Thu 5th Jan 2006 06:27 UTC in reply to "RE: Dang!"
Windows Sucks Member since:
2005-11-10

You need to do much more then Spyware scans, you must also pay for and update virus scan, you must spend time trying to figure out if emails even from your friends can contain malware.

And how can you be productive if your machine is always having problems. The end user should not have to worry daily about if your PC is secure!

And what about this current WHM hole, no patch for that and it's a BIG hole! What do you do with that.

I don't see how people can say that windows is good. No other product known to man has as many problems as Windows. I mean here we are in the first week of the year and there are several major problems! You dont see that with any other piece of software on earth!

The kicker is that Microsoft has 50 billion in the bank! There is NO excuse for this crap!

Reply Score: 1

RE[3]: Dang!
by Snifflez on Thu 5th Jan 2006 06:57 UTC in reply to "RE[2]: Dang!"
Snifflez Member since:
2005-11-15

"You need to do much more then Spyware scans, you must also pay for and update virus scan, you must spend time trying to figure out if emails even from your friends can contain malware."

This is a weak argument. Since HTML itself cannot be executable, all you have to watch out for are the attachments. However, in this day and age, if you're dumb enough to click on an attachement without making sure that it's safe... well, you deserve to have your system borked by malware; maybe that'll teach you the lesson of being careful online.

Secondly, periodically paying for an update to your virus scanner isn't exactly a huge time-killer, since those subscriptions last a long time. Once again, with most of those services, you can schedule the frequency of getting the updates and scanning your system. Those processes will be run in the background, thereby not affecting your overall performance due to the fact that Windows is a multi-tasking OS. Your argument still doesn't wash.

I will give you the WMF vulnerability. It does sound quite scary. Overall however, it fails to prove your point that Windows is hard to maintain periodically. Every OS is bound to have its "scary virus" once in a while.

I'm not going to bother replying to the emotionally charged anti-Windows ranting and raving that constitutes the rest of your post. I don't like using Windows, but emotional appeals have nothing to do with logical reasoning.

Reply Score: 1

RE[4]: Dang!
by Windows Sucks on Thu 5th Jan 2006 07:26 UTC in reply to "RE[3]: Dang!"
Windows Sucks Member since:
2005-11-10

Wow, so I wonder why I don't have to pay for that stuff on any other OS.

I wonder why when on my Mac if I slip up and click on an attachment I dont have to worry that my computer is gonna die.

I wonder why there are more security applications for Windows then any other type of application.

And why should I pay for Microsofts problems?

So because MS has a ton of money and their products still suck, I am being emotional? Yet we all sit here day in and day out and compare MS's products to products made by companies (Some of which like Ubuntu don't even have an income)

You don't find that odd? Come on now.

All I can say is that I showed my grandmother this page today and asked her if she wanted to do this to her machine so she could use Windows. She laughed cause she could not understand any of it.

All she could say is "Why don't I have to do any of that on the Ubuntu machine you set up for me" LOL! All I could do whas shrug my sholders.

Reply Score: 1

visconde_de_sabugosa
Member since:
2005-11-14

Oh, a so simple procedure por people who never update your windows, antivirus and don't use firewalls...

I have an alternative, safer and simple procedure for them:

1- Put the CD #1 of any linux distribution on CDROM drive and reboot the computer
2- Follow the instructions to wipe, format and create necessary partitions
3- Follow the instructions to complete the linux installation
4- Begin to use and be happy !

Edited 2006-01-04 20:15

Reply Score: 3

modmans2ndcoming Member since:
2005-11-09

I have better solutions:

A: Get a tech geek to set you up with Linux on a machine.
B: Buy a Mac

Reply Score: 2

Securing windows xp step by step
by SEJeff on Wed 4th Jan 2006 20:16 UTC
SEJeff
Member since:
2005-11-05

1.) Enable automatic updates
2.) Download and install the Zonealarm firewall for free from http://www.zonealarm.com the windows firewall is pretty much crap
3.) Open up services.msc and disable many of the "unneeded" services. More information is available in the google cached version of Black Viper's services guide: http://tinyurl.com/dcq5b DCOM, Messager, UPNP
are a few I remember off the top of my head.
4.) Install firefox and remove all references to IE from the desktop / start menu. Set firefox shortcuts
with the IE Icon in C:Program FilesInternet Exploreriexplore.exe
5.) Install adblock with the adblock filterset.g updater and make sure to update the rulesets. This blocks many of the "click me to download evil.exe" banner ads.
6.) Install all of the software the user needs and take them out of the Administrators / Power Users groups in the User control panel, or through mmc.
7.) Install the Microsoft Antispyware, Ad-aware, Spybot Search and Destroy trio and set them to run nightly when the user will be asleep.
http://www.microsoft.com/athome/security/spyware/software/default.m...
http://www.lavasoftusa.com/software/adaware/
http://www.safer-networking.org/en/download/
8.) Don't let the user use Outlook! Mozilla thunderbird
or a webmail service like gmail/hotmail are perfectly
fine.

If you are super paranoid, secure windows xp according
to the US National Security Agency guidelines:
http://nsa2.www.conxion.com/winxp/

Properly following these steps and teaching the user
about evil things like email worms and bad websites
will prevent the inevitable for much longer...

Edit: I got tired of this crap on my parents PC,
they now use a customized version of Ubuntu and love it!

Edited 2006-01-04 20:19

Reply Score: 1

Great article!
by Anonymous! on Wed 4th Jan 2006 20:33 UTC
Anonymous!
Member since:
2005-11-11

This article is concise and the proposed measures are pretty effective against most typical attacks on windows.

Rule 4: Keep as much personal information as possible off the machine, on paper.

I fully agree.

Never have your browser remember passwords or logon information.

I'm not so sure about it - OK, I wouldn't trust MS IE at all. It's also a good strategy to avoid entering important passwords too often. Revealing the master password to a (remotely working) keylogger doesn't automatically mean that you reveal all your stored passwords to the attacker in the same step - but it could just mean this, it depends on the overall vulnerability of your system and the software you use...

Btw, there's a good reason not to enter important passwords directly into your browser if you use JavaScript. The broken same origin policy of JavaScript allows many remote keylogging attacks by definition. You not only have to trust the website you're visiting, but also all included (even remote) JavaScript ads. These vulnerabilities are known for a long time but the vendors don't bother to fix them because they consider them as a feature.

As one simply cannot win the battle by using windows on the long term, you can't be sure that you never get compromised by some kind of keylogger or some other malicous software. Just think about it and the consequences... which lets me clearly favour Plan B ;)

Edited 2006-01-04 20:52

Reply Score: 2

the worst...
by ple_mono on Wed 4th Jan 2006 20:38 UTC
ple_mono
Member since:
2005-07-26

The worst people of them all, is people like my friends - some of them never update, use the firewall or even have antivirus installed. The reason you ask?
"I never get infected", "I havent noticed anything out of the ordinary", "So what, thats my buisness". Yeah sure! People like you ARE the ones spreading the god damn things. So why isnt it my buisness too? Dont you get that??? But they never listen.

Ignorance is a bliss?

Reply Score: 1

Goat Heads
by mrgenixus on Fri 6th Jan 2006 20:42 UTC in reply to "the worst..."
mrgenixus Member since:
2006-01-06

There is a woman who lives just off the alley we share who doesn't have time, or perhaps the desire to poison or pick the goat-head throns growing on her lawn. My father , on the other hand, religiously removes them from the alley, driveway, and periodically, from our yard. I doubt the woman down the street cares that my father does this, as she doesn't see to care where the y grow at all. Her yard is the last oupost of them anywhere, and if they were picked, no one would have to worry about them at all.

Some people fail to recognize the consequences of their own actions, and their affects on other people. Be assured that just like that woman who slipped on the sticker patch last week, they'll get the idea once it's too late. try not to waste too much hostility on them, they'll get theirs.

Reply Score: 1

Zonealarm
by yawntoo on Wed 4th Jan 2006 20:42 UTC
yawntoo
Member since:
2006-01-04

Application firewalls like zonealarm are not as useful as they once were. These products can only ask you whether or not you want to allow a particular application, as identified by the process image name, to access the internet.

Lots of newer spyware will not run in thier own process space. Instead a newer spyware application will install its bots and internet connection threads in an existing process.

Here is an example:
A spyware application, lets call it nasty.exe, starts up and drops a file containing its spyware code onto the disk. Lets say this file is called spy.dll. Next nasty.exe opens a handle to a well known process that people expect to access the internet, like iexplore.exe. Nasty.exe uses a standard process injection technique (you don't need to be administrator to do this) to get the running copy of iexplore to load spy.dll into a new thread. Now the spyware code is running as a new thread in iexplore.exe.

In this scenario, zonealarm is totally useless. All access to the internet from the spyware code will look like it comes from iexplore.exe, which has proabably been set to OK by the user.

This sort of anti-detection is rather easy to do, and becomming quite common. The more common this gets, the less useful products like zonealarm become.

At this point, I don't even bother with them.

Reply Score: 4

RE: Zonealarm
by ma_d on Thu 5th Jan 2006 00:52 UTC in reply to "Zonealarm"
ma_d Member since:
2005-06-29

Are you serious? You can actually cause other processes, than your own, to load libraries?

Is this possible on other systems?
Do you have any good reading material on this?

Reply Score: 1

RE[2]: Zonealarm
by yawntoo on Thu 5th Jan 2006 15:53 UTC in reply to "RE: Zonealarm"
yawntoo Member since:
2006-01-04

Yes you can do this, however you need to have permission to access the other process in this way.

On Windows, the way you do this is to:
1) Open a handle to the target process
2) Allocate memory in the other process space
3) Write the path to your DLL into that memory space
4) Create a thread in the target process space with the thread proc set to LoadLibrary and the parameter set to the memory address you allocated in step 2.
5) Your dll code is now running in the other process...

This is a very well known DLL process injection attack. The OS APIs used for this attack exist to allow debuggers to function (among other things). This is just an example of how powerful tools can be used for good and for bad.

A few things to keep in mind with this attack:
1) You can be attacked in this way even if you are not running as administrator. The attack can simply choose to inject into a process that your user account owns.... like iexplore.exe.
2) You cannot inject into a process if you don't have permission to open the process and create remote threads. This would prevent even the administrator from attacking processes owned by the system without doing a bit more work.

I haven't really looked into this style of attack on Mac OS X, or variants of Linux, however I wouldn't be surprised to find that a similar attack is possible. For Mac OS previous to OS X and Windows 9x/ME/3.x would probably be rather easy to attack. IIRC they lacked protected memory so any process could access another process's memory space.

There are plenty of sources on the net that describe this sort of thing. See www.rootkit.com for some examples.

Edited 2006-01-05 15:55

Reply Score: 1

RE[3]: Zonealarm
by ma_d on Thu 5th Jan 2006 18:36 UTC in reply to "RE[2]: Zonealarm"
ma_d Member since:
2005-06-29

MacOS before OS X did lack memory protection. Windows 9x had a memory protection scheme, and I think it was the reason it was so unstable after a few weeks (it wasn't very good).
I don't know about 3.1. But I don't know if the hardware could have even supported a protected mode in 16bit. IIRC you needed to be using 32bit code to get that.

I'd honestly be a bit surprised to see this attack possible on Unix systems. I googled around a bit, but "injection dll" is a whole lot better than "injection so" ;) . I kept getting junk about mysql.

I'll do some more digging using your instructions on how it's actually done.

Reply Score: 1

RE[4]: Zonealarm
by yawntoo on Thu 5th Jan 2006 19:29 UTC in reply to "RE[3]: Zonealarm"
yawntoo Member since:
2006-01-04

Windows 9x IIRC had 2Gig of memory space for each user process, and a shared 2Gig space for the system. This is all you would need.

3.x was even weaker.

Protected memory on windows became possible with the i386. This is because the processor had built in components to tie to a VMM.

With Unix, I wouldn't worry about forcing another process to load a shared library. That is just a means to an end. The real goal is to get another process to execute your code. As I said, I haven't really looked into this, but I suspect that one could use the proc filesystem to adjust the memory contents of another process owned by the same user. That could get your executable code into the other process... The trick then is to convice that process to execute it. I'm not sure if there is a way to create a thread in another process on Unix (the way you can on Windows).

If I were to attack a Unix like OS, or Mac OS, I would start by looking for exploits that allow me an elevation in privilage. From there I could load a kernel module and be able to do what ever I want.

The short story here is that _every_ OS is vulnerable to exploits of some sort. CERT has many for MacOS as well as Linux. The trick is to be consious of the risks and to act in a manner that protects you from harm. I would be concened if I had a Mac or Linux user on my network who felt so secure in thier OS that they started doing risky things (like executing random downloads, visiting questionable sites, etc...). Everyone, regardless of their OS, needs to be wary in thier computing practices.

Reply Score: 1

RE[5]: Zonealarm
by ma_d on Thu 5th Jan 2006 20:38 UTC in reply to "RE[4]: Zonealarm"
ma_d Member since:
2005-06-29

-r--r--r-- 1 root root 0 2006-01-05 14:31 maps

I don't think you can manipulate things via the proc filesystem.

Even things which have permissions that look readable and writable I can't even read:
lrwxrwxrwx 1 root root 0 2006-01-05 14:31 exe
[chris@rachelanne 3692]$ file exe
exe: unreadable symlink `exe' (Permission denied)


I think there's a big difference between vulnerabilities from problems in your code and vulnerabilities you designed into the system and documented...

Again, I'm very understanding of exploits. It's unfixed design flaws that bug me.

Reply Score: 1

RE: Zonealarm
by elsewhere on Thu 5th Jan 2006 20:31 UTC in reply to "Zonealarm"
elsewhere Member since:
2005-07-13

In this scenario, zonealarm is totally useless. All access to the internet from the spyware code will look like it comes from iexplore.exe, which has proabably been set to OK by the user.

I've been running ZA for ages. It monitors for processes attempting network access via another process, I get warnings all the time for routine Windows operations. It detects via signature when trusted or known applications are modified (legitimately or maliciously). It will even monitor application actions after a new install in a learning-mode to determine some sort of rudimentary baseline reference for how the applications interact.

Sure, it's not infallible, but I wouldn't write off the relevance of personal firewalls, particularly for newer users. The popup windows may be confusing to some, but at least they force the users to think about what is running on their system. They're no different than A/V filters, not an overall solution but simply a piece of one.

Reply Score: 1

protagonist
Member since:
2005-07-06

Good article. I am going to keep a copy to hand out to a few people who seem to call me regularly. If most of the Windows users out there would read and heed this article the internet would be a much safer place and it would probably cut down on the SPAM as well. :-)

The only down side I see in this article is that it requires that "Naive" user to do a little research and a lot of reading. Chances are that because of that most will not do it.

Bill

Reply Score: 1

People don't care, which is why ...
by bb_matt on Wed 4th Jan 2006 21:19 UTC
bb_matt
Member since:
2006-01-04

... we have computer specialists to help them.

You simply cannot expect people to get under the hood of windows to ensure they are secure. It's a wonderful thought, but it doesn't work.

People want to switch on, do their task, a switch off.
Not everyone is a computer enthusiast, in fact, very few people are.

Ask the average person about firewalls ? - Huh ?
Fire what ?

Viruses are the realm of "computer boffins" and trust in windows is just blind.

The idea of your average person keeping their computers safe from attack is about as realistic as everyone checking the tyre pressure, brakes, suspension and clutch in their cars each and every time before they start driving.

It really is up to microsoft to keep the attacks at bay for the masses, however, I agree that simple education is a good thing, so long as it doesn't detract people from using their computers as tools, as opposed to tooling about with their computers.

Just the basics is all we can hope for, along the lines of "don't click too quick" - kinda like telling drivers to keep an eye out for traffic problems.

Reply Score: 2

jmphilippe Member since:
2006-01-05

You're perfectly right!

Until people get completely crashed by some malware they don't feel the danger even if they are aware. This is like car driving: everyone thinks he drives better than his neighbour. For computers, everyone thinks he's safe enough - safer than others.

The truth is most people don't know what these popup windows are - well it's a windows feature?, they do not know that some malware has read their adress book to send spam, they even don't know that their computer may be hosting some pirated software or porn videos!

And the worse: they think their computer is perfectly designed, they totally trust microsoft and never wonder about why their system need so many addons to get safer (anti-virus, etc.)...

Reply Score: 1

Is it not a bit weird...
by cayfer on Wed 4th Jan 2006 21:43 UTC
cayfer
Member since:
2006-01-04

As the name implies, "computers" are intended to compute! One should expect work from a computer; not work for it!

I would hate to buy memory and cpu performance to run tons of anti-xxx software on them!

Linux is a good OS and it makes your computer work for you! Stop using an OS which even cannot spell its own name (Micros~1).

Edited 2006-01-04 21:44

Reply Score: 2

Though as far as these articles go
by microshag on Wed 4th Jan 2006 22:12 UTC
microshag
Member since:
2005-11-30

I thought Darius' was the best no nonsense guide.

Reply Score: 1

Hmm the bad thing...
by Gryzor on Wed 4th Jan 2006 23:44 UTC
Gryzor
Member since:
2005-07-03

... about all this is that you have to spend a few hours tweaking stuff and the user will eventually break it all. Then you will have to do it again.

Windows is not ready for JoeUser's desktop ;)

With all the CPU Cycles that those programs will consume, the user will need a quad-core cpu (one for each program) ;)

Rant apart, I am shocked to see that windows does indeed need all this (I find it a little bit exaggerated).

An antivirus, Opera/FFox, MS Spyware and XP SP2 Firewall can cover most of the user stupidities. Outlook from Office XP is "ok" as well. Althought Thunderbird or OperaM2 may be better.

I don't like the comment that reads: "Keep all you information out of your pc"...

Well... I have a Macintosh and I Keep it ALL, Organized, classified and "secured". That's the purpose of a computer, isn't it?

Reply Score: 1

Mac OS virus
by pilotgi on Wed 4th Jan 2006 23:59 UTC
pilotgi
Member since:
2005-07-06

The author mentions "live" viruses for MacOS. Since he described it as Unix based, he must be talking about OSX. I'd like for him to name these live viruses.

Good article, although I don't think my mom could get through the whole thing and follow the instructions.

Reply Score: 1

StephenBeDoper
Member since:
2005-07-06

That pretty much describes how I setup computers for work use. If you're doing support for home users, though - especially if you're being paid to do it - you're often limited by their willingness to make significant changes to their usage habits. E.g., most home users I've done support for would not tolerate the hassles that come along with running come with running as a non-Admin in windows. In a work environment, it's not really an issue as the end users shouldn't be installing software, making settings changes, accessing files belonging to other users on the PC, etc.

For home users, I've found that the less interaction required from them, the better. AVG + automatic scheduled updates, ditto with Spybot. I prefer spybot to adaware these days, because spybot has command line options that allow you to automate it using the windows task scheduler (/autoupdate /autoscan /autoclean /autoclose, etc).

Reply Score: 1

Great!
by biteydog on Thu 5th Jan 2006 17:53 UTC
biteydog
Member since:
2005-10-06

This is a great article. Thanks!

Is it OK to print out copies to attach to a client's Company Security Policy (which I am responsible for) ?

It will help to explain why my rules seem so harsh - no access to the hosted webservers from any Windows machine, any user account with passwords I can crack cut off until they are improved, and other such fascist measures. It will also help explain to the company's boss why I have to go round and clean up the zero-day exploit off his machine tonight (he didn't do anything particularly silly).

Reply Score: 1