Re: Need help closing security holes in my Windows XP home system!

From: Leythos (void_at_nowhere.lan)
Date: 02/25/05 

Date: Fri, 25 Feb 2005 22:28:05 GMT

On Fri, 25 Feb 2005 14:21:29 -0800, Joe wrote:
>
> I know about security and I follow your guidelines myself. I just never
> run as a limited user because I've never had problems with the default
> accounts made durring windows install. I always run behind a NAT router
> or now my sonicwall router. I always have a virus app installed, norton
> or AVG free. I even ran windows one time without a virus app for a while
> and didn't have any issues with anything. I don't use p2p apps and if I
> did I wouldn't download exe files or anything that could contain a
> virus. I do always apply the latest application updates and MS windows
> updates. I never have issues using IE cus I only got to news sites like
> cnn or whatever or just clean sites. I have gone to porn sites, but none
> that would have a browser highjacker and what not. I've never installed
> anything that messed up the pc. I also use vmware workstation running
> windows xp to install any new software i would like to try or test and
> make sure it's good. this way i don't mess with the main system and if
> anything goes bad in vmware i can just reinstall windows. i don't think
> a user needs a software firewall if running behind a simple linksys
> router or any of those unless the user will be installing anything under
> the sun, then maybe they'd want something to check outgoing stuff.

Well, Joe, it appears that you are not in the Majority Class of Home
Users, and that makes your advice to the masses questionable if you don't
clearly identify your target. You blanket statement based on your personal
experience could cause the typical user to end up with a compromised
system in short order. What you need to understand is that most users that
come here seeking help have no clue about their systems, not one clue
about how to securely do things in the Net, most of them even have a
single computer with no router and also have file/printer sharing enabled
since it defaults to that. While you have learned the basics of keeping
your system secure, 99.9% of home users just don't even have a clue.

When you want to address things like security, either state what works for
the masses, since we don't know the level of skill the person possesses,
or condition your response in clear area: As a user running a fully
firewalled system, where all email/browsing is actually filtered at the
firewall appliance, I never use AV software, run with IE unsecured, read
email in preview mode, and never apply security updates, no one needs them
(see the problem with that type of statement - a typical home user will
read it, since it requires less effort than securing the machine, they
will take your path and be compromised in short order).

I always err on the side of being too secure and to restrictive, it's
always saved my arse and my customers butts too.

> I am sorry for sounding upset and just irritable. i look at myself and i
> guess i just think most people do that same type of protection stuff or
> at least most people know enough.

Actually, based on what you posted, you're in the small 1% of Windows
users that know something. If you can look at posters as in the 99.9% of
the masses that know nothing, reply to them like they need to learn, but
being nice, then you'll find you help more people than you don't. If a
user identifies their situation with an indication that the clearly
understand security, then you can reply with just the details they need. 

-- 
spam999free@rrohio.com
remove 999 in order to email me