Re: Virusscanner and PFWs -> Bull***?

From: Kent W. England [MVP] (kwe_at_mvps.org)
Date: 10/14/03 

Date: Tue, 14 Oct 2003 14:13:49 -0700

Microsoft's official advice (http://www.microsoft.com/security/protect/)
is:

1) use an Internet firewall
2) get computer updates (meaning you should use Windows Updates)
3) use up-to-date anti-virus software

This advice is admittedly simplified. Microsoft provides more detailed
advice with instructions based on your version of Windows. For example,
with Windows XP, it is quite simple to turn on the Internet Connection
Firewall and Automatic Updates. However, since Microsoft doesn't provide
anti-virus software, you really can't avoid using your brain, so I would
agree with your point one. You can't afford to be cavalier about
clicking on attachments, since we can't be sure your anti-virus setup
will protect you in all cases. Given that most people are running
Windows XP with the firewall and automatic updates off and they let
their 30/90 day anti-virus protection run out, this advice is a good
place to start.

While we are using our brains, let's talk about malicious software that
isn't protected by anti-virus software. I would put this malware in two
categories:

1) adware/spyware/browser-hijackers that sneak through your browser and
system defenses and/or trick you into clicking OK to install them.

2) malware that comes through unpatched system vulnerabilities. The
recent RPC exploit is a good example of this. Don't confuse the RPC
exploit with the blaster bug. The blaster bug is downloaded by the
exploit code and many anti-virus setups catch and prevent this download,
but there was nothing that could be done to protect against the exploit
except using the firewall and installing the patch as soon as it became
available.

To prevent against 1) you need anti-spyware protection. I would even put
java popups in this category. Much of this is more annoyance than
malicious, but it's important. You can also upgrade your firewall
protection by replacing ICF with a "personal" firewall that watches what
your applications are doing. If you understand all your good
applications (and this is admittedly difficult), then you may be able to
identify bad applications that indicate an infection.

To protect against 2) you can only continue using your brain, be aware
of the dangers, and continue to maintain your software and vigilance. 

-- 
Kent W. England, Microsoft MVP for Windows
"Hausi Tellenbach" <abuse@127.0.0.1> wrote in message
news:O7MQA8XkDHA.360@TK2MSFTNGP12.phx.gbl...
>
> Imho the best strategy to prevent infections is:
> 1. Brain (e.g. don't doublecklick all attachements)
> 2. Patches (install all MS-Security Patches - e.g. Windows, IE,
Office,
> etc.)
> 3. Use an up-to-date virusscanner (update at least weekly)
> 4. Use a PersonalFirewall to prevent attacs from outside (e.g.
MSBlast) and
> inside (e.g. trojan horses)
>
> What do you think? Am I wrong with this?