Antivirus programs for XP - best ones?

Here is a post by Stefan Kanthak - the content of which seems
particularly good to me (although it has upset folk elsewhere!)

What views do the experts in *this* group have about Stefan's comments?

Thanks.

"Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
news:OqbaRlNAKHA.3696@xxxxxxxxxxxxxxxxxxxxxxx

ALL Anti-somethings are more or less useless, especially since
they CAN'T protect against new and yet unknown malware. It just needs
ONE failure and your system is toast. And all Anti-something software
enlarges the attack surface.

So: setup your OS properly and harden it!

1. DON'T create user accounts during setup as they will become
administrative accounts.
Create "restricted" or "standard" user account(s) after setup and
use ONLY these accounts for everyday work.

2. Remove all optional components which installed automatically but
you don't need.

3. Turn off all unused services: you won't need File and Printer
Sharing
when you don't have a LAN, and almost never DCOM or RPC.
See <http://ntsvcfg.de/ntsvcfg_eng.html> for more.

4. Turn off possibly dangerous functions like AutoRun and AutoPlay!

5. Turn on Software Restriction Policies a.k.a. SAFER (unfortunately
XP Home needs the registry to be edited directly) and set the
default level to "Not allowed" except for the "Administrators"
(and remove .LNK from the list of executables): this allows
execution only in %SystemRoot% and below as well as %ProgramFiles%
and below.

Thus your standard user(s) can only run applications installed
into paths where they don't have write access, and vice versa.

Additionally consider

<http://blogs.msdn.com/michael_howard/archive/2005/01/31/363985.aspx>

6. Use a safe(r) browser and MUA/NUA or at least configure both the
Internet Explorer and Outlook Express/Windows Mail for safety:
no HTML in mail/news, no ActiveX, no Active Scripting, no picture
preview, ...

7. Don't use functions "Remember my password" or autocompletion of
passwords.
Turn of transmission of passwords and user credentials in clear
text!

8. Don't open (email) attachments you didn't expect, don't open
files (.PDF, .CHM, ...) from sources you don't or can't trust.

Don't use (the full-featured) Word, Excel and PowerPoint to open
files you get per mail/floppy/USB or downloaded from the net, but
use the free-of-charge Word/Excel/PowerPoint viewers. These will
not run VBA-Code and macros.

9. Keep your system and ALL installed applications uptodate (Microsoft
Update in automatic mode with "no reboot with users logged on" will
do a good job for most of Microsofts applications).

Stefan


.

Relevant Pages

  • Re: Passwords plus
    ... Turn off your computer, box it up, lock it in a safe, bury it in the yard.. ... know above and beyond what is there as well as other methods and applications you can use to protect yourself. ... you aren't always "in that locked area" when using your computer online - meaning you likely have usernames and passwords associated with web sites and the likes that you would prefer other people do not discover/use. ... Microsoft put in an AUTOMATED feature for you to utilize so that you do ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: I thought user security was a holy grail
    ... "Restricted" accounts are just new names for accounts ... Prior to W2k trying to contain applications in NT in ... Microsoft has moved ... > installing or being tricked into installing programs on ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Antivirus programs for XP - best ones?
    ... ALL Anti-somethings are more or less useless, ... DON'T create user accounts during setup as they will become ... Turn of transmission of passwords and user credentials in clear ... Keep your system and ALL installed applications uptodate (Microsoft ...
    (microsoft.public.security)
  • Re: Antivirus programs for XP - best ones?
    ... major login site] web page open while surfing pr0n sites and hoping ... DON'T create user accounts during setup as they will become ... Turn of transmission of passwords and user credentials in clear ... Keep your system and ALL installed applications uptodate (Microsoft ...
    (alt.computer.security)
  • Re: Is this real??
    ... there is ABSOLUTELY no need to install or even use any of those ... DON'T create user accounts during setup as they will become ... Thus your standard usercan only run applications installed ... Turn of transmission of passwords and user credentials in clear ...
    (microsoft.public.security)