Re: Online Arrmor

In message <MPG.24250fd4c2c62e3a989691@xxxxxxxxxxxxxxxxxxx> G
<geoff915@xxxxxxxxx> was claimed to have wrote:

In article <gpekf6UkgdL1@xxxxxxxxxxxxxx>, usenet-2009@xxxxxxxxxxxxxxxx
says...

G <geoff915@xxxxxxxxx> wrote:
usenet-2009@xxxxxxxxxxxxxxxx says...
G <geoff915@xxxxxxxxx> wrote:
Port Reporter is a nice tool, but all it does is log information.

Which is exactly what it's supposed to do.

And it isn't exactly for the novice.

Neither are logs/messages of the various personal firewalls.

Log files isn't usually the primary reason someone uses a software
firewall.

One reason I hear rather frequently is that personal firewall would tell
people what's going on on their systems. Logfiles exist exactly for that
purpose.

Rather than continue this back & forth, why don't you just share
exactly how an average Windows user on an internet-connected computer
can fully protect himself?

Because there is no "one size fits all" solution. A good starting point
would be:

- Think before acting.
- Never be root. Use an administrator account only for administrative
tasks. Use a normal user account for everything else.
- Configure software that requires admin privileges for non-admin tasks
to run with limited user privileges [1].
- Keep your operating sytem and all of your softwar up-to-date.
Automatic updates help.
- Don't provide services you don't want to provide [2,3]. Or use the
Windows Firewall to block inbound connections.
- Disable autostarts for removable media (via gpedit).
- Use AV software to prevent known malware from being executed by
mistake.
- Don't use IE, at least not without locking it down tightly. Better use
Firefox/SeaMonkey with NoScript or Opera, as they are easier to
secure.
- Before installing software think twice about whether you really need
it. Less is more.

Additional steps could be:

- Use sandboxed environments (preferrably virtual machines) for
evaluating software.
- Revoke "execute" permission from caches and temp directories.
- Use Software Restriction Policies to allow only whitelisted software

That all sounds great. But I said for the average Windows user. Do you
really expect aunt Esther to understand how lock things down through the
registry and group policy editor? Or figure out how to set up a VPN?

Note that Vista does most of the configuration related suggestions made
here out of the box. Vista can't help you think, but you start out with
limited user privileges, the OS nags you until you update automatically
or take several conscious steps to turn off the nags, the firewall
blocks all inbound requests by default, removable media prompts before
execution.

IE is fairly well locked down, and even if IE is completely and wholly
pwned, protected mode keeps the malware from going far.

(Don't get me wrong, I'm a Firefox user myself, but IE in Protected Mode
isn't a particularly unsafe browser.

The problem is going the next step as it involves the user. A sandboxed
environment isn't impossible to implement at an OS level (again, IE
protected mode is one such example -- You can run other apps with less
privileges too if you desire, but you'll probably be disappointed with
Excel when it can't open existing documents.)

The iPhone version of OSX is one example of an OS built and managed in a
relatively sandboxed fashion.

As long as users are capable of installing their own software, they'll
be capable of jumping through whatever hoops the OS puts in their way
before installing the latest Trojan in an attempt to access whatever
shiny new toy shows up, as most malware authors will just have to get
smarter at engineering the human side of the equation.

For less technical users this will be alerts from their system
administrator that they need to install a patch manually. For more
technically capable end-users it will be a fake codec pack to access
some media that they sought out (and therefore assume the codec is safe)
.

Relevant Pages

  • Re: (Somewhat OT) Bittorrent clients
    ... You never have to install software on a Mac? ... Every time you save a document you are installing it then... ... It's only common sense to use a firewall, ... to run a web server, database server, file server, application server, ...
    (rec.arts.anime.misc)
  • Re: Ok Here is the thing
    ... >> Uninstall any software you no longer use or cannot remember installing ... >> Windows XP, I suggest you clean up your system first. ... I am not going to say Microsoft ... You should at least turn on the built in firewall. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Win Firewall off briefly
    ... Sorry to be so wordy, but this may be the last I can try to assist you becuase from what I've read in your post, you are dismally protected from malware due to the way you use the computer and a lack of facilities to keep Security levels in place. ... I can even see the possibility now that the off/on of the firewall could be a game controlling the firewall and exposing one or several or all ports to the public. ... And since it's a media center machine, only recover it using the mfr's instructions or you could lose the media center features. ... Go to the MS support web stie and get the instructions and preps and requirements for installing SP3. ...
    (microsoft.public.windowsxp.general)
  • Re: Online Arrmor
    ... Neither are logs/messages of the various personal firewalls. ... One reason I hear rather frequently is that personal firewall would tell ... to run with limited user privileges. ... Automatic updates help. ...
    (comp.security.firewalls)