Re: Zone Alarm (free addition) and Netscape dialup accelerater.

"ArtDent" <par@xxxxxxxxxxxxxxxx> wrote in message
news:PwXJg.4414$bM.2977@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On 1-Sep-2006, "Jason Edwards" <none@xxxxxxxxxxxxxxx> wrote:

I have two computers at home running XP pro
SP2 in constant use by three teenagers and their friends. The only
firewall on
them is the built in one. They do not have any other "protection"
software and
they do not even have anti-virus software. Both are free of malware.

If you have no anti-virus software, how can you be so sure it is so clean?
Not that I am saying it necessarily isn't, just wondering how you would
know then.

How could a virus scanner be sure it was clean?
How do I know that the scanner knows about the virus?
What stops a virus modifying the scanner so that the virus is no longer
detected?
What stops a virus modifying the operating system so the scanner no longer sees
the virus?

There are many ways to be confident that it's clean and most of them can be done
by non-technical home users. Home users can easily recognise many kinds of
unusual activity such as unexpected popups or some other sudden change in
behaviour. Unexpected network traffic can also be detected by being familiar
with what the lights on a network switch mean. A sudden unexpected increase in
light flashing, particularly when the computer is not in use, will need to be
investigated. It's also not too difficult to use a site like
http://www.hijackthis.de/ and to call for assistance from someone else if
anything suspicious is found.
I sometimes boot from CD to run a real check but you can't expect home users to
do this unless a CD can be made which automatically downloads updates and runs
checks after booting.
I generally advise other home users to install a virus scanner.

These teenagers and their friends, would you say they are 'average'
computer users, like what we have been discussing? Or are they perhaps a
bit more knowledgeable than most?

They have no technical interest in computers and would not be able to correctly
explain what's inside the box. They could also not be expected to understand
popups like "Do you want najort.exe to connect?" or "Should this network be in
the trusted zone?" This is one reason why I consider personal firewalls to be
nonsense. They are however way ahead of me when it comes to arty looking Word or
Power Point documents.

If they are more knowledgeable than most then it's only because they are aware
of why it's a very bad idea to allow everyone to use an administrator account
and to download and install anything they like whenever they like.


Both use
Internet Explorer. I know it will not be possible for you to believe
this.

I can believe it, just wondering why, when there are other 'better'
browsers available (some for free too).
You were the one complaining about it earlier.

I do try to get people to use an alternative browser when possible.
I use Firefox myself.
Unfortunately I have found that Firefox is sometimes incompatible with teenage
home users for one reason or another so I decided that because their computers
are easy to restore from an image and because I think it's very unlikely that
the users will be affected by unpatched holes and because they have user not
administrator accounts I decided to allow use of Internet Explorer on these
particular PCs. I'm still waiting for Microsoft to finish fixing Internet
Explorer though. It's only taken them what? 11 years? so far.


I believe that the best way to control malware is to configure your
network/computers/procedures so that you never get it.

Tried to sneak that one in, eh? Procedures. So, the user _does_ matter.

The user shouldn't matter, but in the case of a home Windows PC at present it is
advisable to have some knowledge of why it's a good idea to delete unexpected
email from people you don't know and why it's a bad idea to accept or click on
anything you're offered without thinking about what the motive of the site
offering it might be. These things are Microsoft's problem not the user's
problem. You can't expect users to have any technical knowledge at all. Most
people won't do it if the computer explains the possible consequences of
installing untrusted unknown software.


The best way to
deal with
it if you do get it at home is to spend a few minutes restoring a drive
image.

Re-active instead of pro-active?

Well there's only been one incident so far which required it.
About six months ago one of the users was convinced the computer had a virus,
and not unreasonably because it was behaving very strangely. This turned out to
be because the drive had failed and Windows was in serious trouble trying to
find parts of itself.
You can decide for yourself whether that's re-active or pro-active. How many
times has your personal firewall bothered you with popups in the last 6 months?

In the meantime, how much spam has the zombie spewed?

None at all, although I'm sure it would have tried.
I would rather the computer doesn't get any zombies, spam or otherwise, but even
if it did, and if it was able to send spam outside, would it really matter very
much if it only existed for a few hours before the drive was restored from an
image?


Anyone who can correctly use a personal firewall can also do this but I
don't
see many people telling home users to make a backup image of their
computer. The
article I found on your favorite web site does contain advice on backing
up to
an external drive.

Not my 'favorite', just an example of one 'respectable' source that
advises using pf's.

Ok :) Obviously they must have technically aware users who know how to answer
the personal firewall's popups. Either that or they forgot to consider use of
the personal firewall in the real world.

Jason

--
Religion is the most malevolent of all mind viruses.
Arthur C. Clarke


.