| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: no.spam at arcor.de (Steffen Hetzel) Subject: Re: Virus infect on single user Hi, On 09 Feb 2004 12:45:51 -0700 Kenton Smith <ksmith@...rtwelltechnology.com> wrote: [snip] > I'm not trying to start this miserable debate again, so please read > the whole email before you flame me ;) ;) > I read through a bunch of this stuff and couldn't find anywhere where > it says you don't need a firewall. It's all about making sure that > your instance of Windows is as secure as possible, but once you've > done that you still need a firewall. Ok, for a SOHO Network - no question (i use openbsd & pf for my home network)- but i assume that he had a single user PC without LAN. Sure, he dont say anything about this. But, if there are no open Ports there is nothing to protect on a single user machine.(or i'm wrong?) The only thing is, that he may can restrict and detect outgoing traffic with a PF... but that means, that he first had to execute some "malware" and if he execute this, many cases he had other problems after executing... (IMHO)... but well, a PF may help to realize, that "malware" is running... (how did you say: know your tools...!) > They also don't mention anything > about keeping your patch levels up to date either. Well, not in the english site ... that's true. (i'm from germany & so i prefer the german version and there is a hint & a link to the ms update server and a advice to install the blaster Patch offline & before connecting the Internet and a explanation why using Personal Firewalls on single user PC' is senseless (no, we don't want to discuss it here) and so on but these things left on the english site...) my mistake :-) (may you have a look the german site ;-) ) > I think the most important advice for the original poster is; Know > your tools. You got this pop-up thing because you thought that by > having Anti-virus and Firewall software that you were fully protected. > However you didn't know what your were still open to. You need to > learn what these tools do and more importantly, what they don't do. No one need such popup if he know, what he's doing ... And i think, there is no benefit, if a popup say's him, that his firewall has succsessfully blocked attack "xy". This only suggest wrong security, because user think "wow - what a firewall" - and dont realize, that his firewall successfully blocked a ping request - or better (like ZA Pro) block a *.vbs E-Mail signature using the OE "begin-end-bug"... but well, this is my oppinion. Thats one of the reason why i say, that he may take at look at the kerioPF.(i prefer the old Version 2.1.5 running as Service with minimal (no) User interaction - for Notebook) I thing, the logging feature is sometimes (in a foreign network) really useful. The MD5 Checksum too... But an overview about his open connection gives tcpview or openPorts and netstat too. And a overview about running processes on his pc gives him (for example) the process view from sysinternals. If you know your system, you will see, if there is a unknown or unwanted prozess. But that means, that you really have to know your system and frequently check it. In my opinion, an thats what i recognice in your mail too, the best protection is to use "Brain 1.0". ;-) Additionaly its importat to spend time in choosing the right software. Time, why he had to do it carefully. And he had to learn and to understand how computernetworks work, and where the limits of his software are, why the limits are there and where possible risks are and so on (thats one of the reasons why i read this NG/ML too). Well, enough bad english for today ... cheers Steffen
Powered by blists - more mailing lists