Re: need other security?

From: Gordon Fecyk (gordonf_at_pan-am.ca)
Date: 01/21/05 

Date: Thu, 20 Jan 2005 19:26:19 -0600

"Karl Levinson, mvp" <levinson_k@despammed.com> wrote in message
news:e54Lubw$EHA.1908@TK2MSFTNGP15.phx.gbl...
> Microsoft Windows does not provide antivirus, so you still need
anti-virus.

Too bad most AV only catches new viruses after the fact.

You can catch more viruses before the fact with a current mail app (Outlook
2000 SP3 or later), current application suite (Word 2000 SP3 or later
catches unsigned macros, ditto Excel 2000 SP3), and running these with a
limited user account on XP (SP2) or 2K (SP4).

If you insist on conventional AV software, choose one Designed for XP, which
can still work with limited user accounts (the guts of the AV runs as a
Service). Norton AV2003 and later seem to work, as does Grisoft's free AVG
mentioned before. But beware of their limitations, and compliment them with
before-the-fact techniques described above.

If I had my way, I would write a placebo-AV program to work with the XP
Security Center that says such things as, "You're using an Administrator
account, which leaves you vulnerable. Click here to switch to (or create) a
Limited User account."

> XP does come with a basic firewall that mainly protects against inbound
> attacks, you can either use that or use a third party firewall that
usually
> has more features. Using both firewalls at once is probably OK.

I tried this once. Symantec's "Norton Internet Security" firewall blocks a
lot of outbound requests as well as inbound ones, making it completey
unsuitable for the environments I usually deal with. Running two firewalls
is a support headache.

My understanding of a useful firewall is one that keeps outsiders from
poking in your machine. For that purpose, the XP firewall's fine, but turn
on "No Exceptions allowed" (SP2) when not operating in your "home" network.
You need some exceptions, ie, new mail notification in Outlook on an
Exchange network, but not when you're outside of said network.

I administer for several 50-user and 25-user networks using these
techniques. On machines running Win2K SP4. No viruses, no spyware, no
worms since April 2003. It works. It means dumping broken apps for
not-broken ones, and it means tweaking security sometimes. It means
harassing lazy vendors and writing lengthy embarrasing diatribes to industry
magazine editors about said lazy vendors. But, damnit, I'm the customer to
these vendors, and I get paid to protect MY customers. 

-- 
PGP key (0x0AFA039E): <http://www.pan-am.ca/consulting@pan-am.ca.asc>
What's a PGP Key?  See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>