Linked by Howard Fosdick on Thu 1st May 2008 01:55 UTC
Privacy, Security, Encryption Security consultant Howard Fosdick has contributed the latest entry in the 2008 OSNews Article Contest: a highly detailed examination of security and privacy on the Windows platform, and how to use free software tools and a little knowledge to protect your privacy online.
Thread beginning with comment 312314
To read all comments associated with this story, please click here.
interesting-ish
by stabbyjones on Thu 1st May 2008 04:53 UTC
stabbyjones
Member since:
2008-04-15

Not too much anyone who's worked with windows shouldn't already know. For the less than capable user there are a few things that you must do when you build a pc for them.

Install an application based firewall in the background

block any network access to IE, windows messenger, outlook express and then install live messenger and block that too.

with a few more things mentioned in the article a pc that'd would have to be formatted every other week becomes set and forget.

Reply Score: 1

RE: interesting-ish
by raver31 on Thu 1st May 2008 06:00 in reply to "interesting-ish"
raver31 Member since:
2005-07-06

For this case, why not install Linux then ?

I mean, you have crippled all the internet applications on that machine, therefore, for them to browse they have to use Firefox or Opera. But there is still some sites that will install Windows trojans when you open the site in FF and blindly click OK anyway, so visiting dodgy sites in an alternative browser on Windows is still unsafe if you have not got a clue what you are clicking on.

Also, you cannot do what you suggest to people's computers because it will break compatibility with applications that need a fully working internet explorer for the installation or operation.

Reply Parent Score: 4

RE[2]: interesting-ish
by Valhalla on Thu 1st May 2008 12:51 in reply to "RE: interesting-ish"
Valhalla Member since:
2006-01-24

raver31 wrote:
-"I mean, you have crippled all the internet applications on that machine, therefore, for them to browse they have to use Firefox or Opera. But there is still some sites that will install Windows trojans when you open the site in FF and blindly click OK anyway"

well, that depends. if you are crazy enough to browse the web logged in as administrator then yes you are certainly vulnerable to trojans should you encounter a site that eploits a bug in your browser.

however, installing and running Firefox, Opera etc under a unpriviledged account will make sure that although exploits may allow malicious code to be executed, the amount of damage that code can do is limited to the rights of unpriviledged account.

running IE is another matter though. since Microsoft chose to integrate it into the system there are likely possibilities for for exploits to compromise the system under the guise of IE which may give the malicious code further priviledges.

raver31 wrote:
-"Also, you cannot do what you suggest to people's computers because it will break compatibility with applications that need a fully working internet explorer for the installation or operation."

apart from when using windowsupdate.com, I haven't encountered situations or software where I need internet explorer.

Reply Parent Score: 2

RE[2]: interesting-ish
by Adam S on Thu 1st May 2008 13:21 in reply to "RE: interesting-ish"
Adam S Member since:
2005-04-01

I always wonder if people like the parent have actually tried this in real life.

What happens when this person - your client - buys a game and can't play it? What happens when they try to download some software and can't run it? What happens when they buy some exotic hardware - like an iPod - and it doesn't work right? What happens when they want to buy something from the iTMS and they can't access it?

Linux is great, don't get me wrong, but it's not the solution for everybody. When are people going to realize that Linux is NOT a panacea, and you can't just slap it onto someone's PC when they ask for your help?

Reply Parent Score: 4

RE[2]: interesting-ish
by stabbyjones on Fri 2nd May 2008 00:17 in reply to "RE: interesting-ish"
stabbyjones Member since:
2008-04-15

i'm not saying it's perfect but it's a step towards stopping people with no idea destroying their pc.

i don't run windows myself anymore (debian) but convincing other people to make the switch when they're used to their ways is hard.

most people with a low pc skill use webmail not outlook and while it's sitting there it's useless and a possible threat.

if you force people to use opera or firefox (which is my point in blocking IE) you can can block scripts and ads and even though there are still vulnerabilities there is less chance of someone with a low skill level destroying the system after you've set it up.

if anything needs IE you can always allow connections from IE temporarily. it's blocked by a firewall and not removed from the system. so functionality isn't reduced

this doesn't change anything in the system itself and is more of a simple lockdown. i much prefer getting a call saying an application isn't working rather than the whole system is shagged.

Reply Parent Score: 1

RE[2]: interesting-ish
by autumnlover on Mon 5th May 2008 15:59 in reply to "RE: interesting-ish"
autumnlover Member since:
2007-04-12

why not? Because Linux is not "safe version of Windows". Period.

Reply Parent Score: 2