Linked by Eugenia Loli on Sun 13th Nov 2005 06:38 UTC, submitted by DKR
Windows This guide contains the practical security measures to secure your Windows desktop at home. This guide is not necessarily intended for business or enterprise use, but it might come in handy for some.
Thread beginning with comment 59747
To view parent comment, click here.
To read all comments associated with this story, please click here.
Bit_Rapist
Member since:
2005-11-13

Many worms have spread through firewalled systems where there was no one browsing anything.

Yep and the first one ever was invented on a unix system. Whats the point ?

You've really never heard of worms which spread through e-mail?

That requires someone to be using the computer, and viewing something.

Blaster would be a nice exploit that was able to do damage without the computer being used, but merely turn 'on'

How about VBS/Bubbleboy@MM, which used an exploit in Outlook and Outlook Express to execute VBScript via the HTML display engine -- even when the message was simply previewed?

I remember it. Considering the changes that have been made to OE and outlook since that time I'd say it would be rare to see a repeat on that large of a scale but anything is possible I guess.

What are you going to block with the firewall? All access to your e-mail server?

I'm going to do nothing with my firewall. I'll let the scripts on my email server detect and remove something like that.

Reply Parent Score: 1

fmaxwell Member since:
2005-11-13

Yep and the first one ever was invented on a unix system. Whats the point ?

That my claim that worms spreading through firewalled systems was not "FUD" and that antivirus sofware is needed even when you have a firewall.

That requires someone to be using the computer, and viewing something.

So what? It's still a worm that could go right through firewalls. I'll agree that a computer is secure if it isn't on, but that's hardly a viable security solution.

I remember it. Considering the changes that have been made to OE and outlook since that time I'd say it would be rare to see a repeat on that large of a scale but anything is possible I guess.

Think outside the box: Any network app may have an exploitable hole -- not just Outlook/Outlook Express. It could be an instant messaging client, a USENET binary downloader client, a web server, or anything.

I'm going to do nothing with my firewall. I'll let the scripts on my email server detect and remove something like that.

And what happens when the next exploit isn't through e-mail? Or what if your e-mail server has a remotely exploitable buffer overflow and the server itself becomes the conduit for a worm? Without antivirus software, you'd be at risk.

Reply Parent Score: 1

jziegler Member since:
2005-07-14

Think outside the box: Any network app may have an exploitable hole -- not just Outlook/Outlook Express. It could be an instant messaging client, a USENET binary downloader client, a web server, or anything. .

Yes. Any network app can have an exploitable hole. The point about which I and the other poster are arguing are the involved TCP/IP semantics.

1) the application has to be running. unless it is a server daemon, it implies that
1a) somebody is using the computer
1b) it mostly does not have an internet-accessible port, on which it listents. E.g. Bittorent clients are an exception to this, but that is connected to 1a)

2) Most home firewalls permit all outbound connections and allow no inbound connections. Company firewalls ar e often stricter on outbound connections, but allow inbound connnections to specific ports.

Company firewalls, they should be administered by professionals, who know what inbound stuff they allow, why, and how to secure it.

So we have firewalls, which leave something or all outbound, nothing inbound. Hence, all connections must be initiated from the inside, by a user. From there comes the comment that someone is required to use the computer. So an idle computer, with user logged off, behind a firewall is not accessible from the Internet and therefore a worm cannot reach it.

One notable exception is the already mentioned Bittorent client, but I have not yet heard about an remote exploit in any of the implementations.

That's all I wanted to say. I'm not claiming anti-virus or anti-bad-sw-* software in general is useless.

If you can tell me about a worm, which can infect a computer, which has not any open socket reachable from the internet, I'd be delighted to hear. This is what I meant by my first "please elaborate" question.

Reply Parent Score: 1

Bit_Rapist Member since:
2005-11-13

That my claim that worms spreading through firewalled systems was not "FUD" and that antivirus sofware is needed even when you have a firewall.

In that case I agree. Although the scanning can be done at different places, such as an email server or other proxy gateway that controls access to the internet. I'm online right now with no virus scanner running, sure one is installed *just in case* but my computer isn't wasting cycles with it running.

So what? It's still a worm that could go right through firewalls. I'll agree that a computer is secure if it isn't on, but that's hardly a viable security solution.

In my book a firewall (software based like norton and all the consumer ones on the market) are strictly for people who have no clue about is running on their system.

Think outside the box: Any network app may have an exploitable hole -- not just Outlook/Outlook Express. It could be an instant messaging client, a USENET binary downloader client, a web server, or anything.

I already think outside the box and honestly it dosen't worry me as I've got a fine track record at securing my operating systems to date.

And what happens when the next exploit isn't through e-mail? Or what if your e-mail server has a remotely exploitable buffer overflow and the server itself becomes the conduit for a worm? Without antivirus software, you'd be at risk.

Usually an exploit on that scale is going to put you at risk anyway. Blaster for instance, it exploited a buffer flaw in RPC on windows. No virus scanner helped with that one.

Reply Parent Score: 1