Re: Online Arrmor

From: Root Kit <b__nice@xxxxxxxxxxx>
Date: Sat, 14 Mar 2009 08:02:29 GMT

On Sat, 14 Mar 2009 00:51:51 +0200, G <geoff915@xxxxxxxxx> wrote:

In article <gpekf6UkgdL1@xxxxxxxxxxxxxx>, usenet-2009@xxxxxxxxxxxxxxxx
says...

G <geoff915@xxxxxxxxx> wrote:

usenet-2009@xxxxxxxxxxxxxxxx says...

G <geoff915@xxxxxxxxx> wrote:

Port Reporter is a nice tool, but all it does is log information.

Which is exactly what it's supposed to do.

And it isn't exactly for the novice.

Neither are logs/messages of the various personal firewalls.

Log files isn't usually the primary reason someone uses a software
firewall.

One reason I hear rather frequently is that personal firewall would tell
people what's going on on their systems. Logfiles exist exactly for that
purpose.

Rather than continue this back & forth, why don't you just share
exactly how an average Windows user on an internet-connected computer
can fully protect himself?

Because there is no "one size fits all" solution. A good starting point
would be:

- Think before acting.
- Never be root. Use an administrator account only for administrative
tasks. Use a normal user account for everything else.
- Configure software that requires admin privileges for non-admin tasks
to run with limited user privileges [1].
- Keep your operating sytem and all of your softwar up-to-date.
Automatic updates help.
- Don't provide services you don't want to provide [2,3]. Or use the
Windows Firewall to block inbound connections.
- Disable autostarts for removable media (via gpedit).
- Use AV software to prevent known malware from being executed by
mistake.
- Don't use IE, at least not without locking it down tightly. Better use
Firefox/SeaMonkey with NoScript or Opera, as they are easier to
secure.
- Before installing software think twice about whether you really need
it. Less is more.

Additional steps could be:

- Use sandboxed environments (preferrably virtual machines) for
evaluating software.
- Revoke "execute" permission from caches and temp directories.
- Use Software Restriction Policies to allow only whitelisted software

That all sounds great. But I said for the average Windows user. Do you
really expect aunt Esther to understand how lock things down through the
registry and group policy editor? Or figure out how to set up a VPN?

Do you really expect aunt Esther to understand the nonsense presented
to her by a PFW?
.

Follow-Ups:
- Re: Online Arrmor
  - From: G

References:
- Online Arrmor
  - From: Jim S
- Re: Online Arrmor
  - From: Kayman
- Re: Online Arrmor
  - From: Geoff Smith
- Re: Online Arrmor
  - From: Ansgar -59cobalt- Wiechers
- Re: Online Arrmor
  - From: Geoff Smith
- Re: Online Arrmor
  - From: Root Kit
- Re: Online Arrmor
  - From: G
- Re: Online Arrmor
  - From: Ansgar -59cobalt- Wiechers
- Re: Online Arrmor
  - From: G
- Re: Online Arrmor
  - From: Ansgar -59cobalt- Wiechers
- Re: Online Arrmor
  - From: G

Prev by Date: Re: Online Arrmor
Next by Date: Re: Online Arrmor
Previous by thread: Re: Online Arrmor
Next by thread: Re: Online Arrmor
Index(es):
- Date
- Thread