James G. Sack (jim) wrote:
Links to related tools and techniques are invited. We all probably know
someone with an MSbox. I kinda like to know what to recommend to friends
and relatives along these lines. Well, of course I mean the inferior
strategies available after "install Linux" :-).
I avoid the use of any M$ tools. In particular I read somewhere (and
some time ago) that the M$ Malicious Software Removal Tool ignores stuff
installed by M$ partners, and has even caused conflicts with other
tools. I use a different set of tools for Windows that has yet to fail
me. In fact, in one recent case, where I had to fix a severely fsck'd up
MinXP laptop, they succeeded where other commercial tools failed (Norton
would not even install on the system). No single tool will do
everything, especially for Winsucks. So, in the list below you will see
several things that I install on all Winsucks systems I have to deal
with (including this laptop, for the EXTREMELY rare occasions that I
boot into W2K).
For Linux, the things used are much different and are usually more of
configuration items than anything else (with the exception of servers).
Windows Tools:
AVG is excellent and worth paying for IF you feel the need. I generally
use the free version, though I installed the Linux E-mail server Edition
for the Greenest Host Postfix server. It was able to clean several
things from the previously mentioned laptop making the machine usable
again. AVG targets viruses, worms, and trojans. The e-mail edition I
mention does the above, scans files on the mail server, includes an
e-mail virus scanner, configurable document scanning and blocking, spam
detection, and incorporates RBL if enabled. AVG Free includes an e-mail
scanner that will scan incoming mail on workstations with Thunderbird or
Outlook (two examples). http://www.grisoft.com/
Spybot Search and Destroy does a great job at detecting, removing, and
preventing Spyware and some adware. It was able to detect and remove
some things that AVG did not on the afore mentioned laptop. It targets
spyware and adware as opposed to viruses/worms/trojans. It includes real
time system security to protect the registry from changes. it's both
free and can be purchased. Spybot recommends installing Spyware Blaster
which protects your system from malicious web sites and ActiveX
controls. http://www.safer-networking.org/en/index.html
Ad-Aware picks up where Spybot leaves off. It detected and removed a few
things that Spybot could not. It is also free and can be purchased.
Ad-Aware does the same things Spybot does. I use both because one may
not catch something that the other will.
http://www.lavasoftusa.com/products/select_your_product.php
Zone Alarm is an excellent FREE firewall. After initial installation, it
can learn what to allow and what not to allow. It can be configured to
pop-up a little window warning you of an attempted network access. It
can, sometimes, give extra information on the application or process
making the attempt. You can then allow or deny it, and optionally make
the decision permanent. It is configurable as to ports, sites,
processes, and applications to allow network access or not.
http://www.zonealarm.com/store/content/home.jsp
For Linux:
AVG File Server Edition for Linux/FreeBSD. As I said above, I installed
the E-mail Server Edition on the Greenest Host Postfix mail server (my
last task for them as my contract has all but expired - I'm now working
in purely a maintenance mode and stuff ain't breaking or needing
maintenance!) This version is for file servers and is especially
important if the file server is sering any Windows machines.
http://www.grisoft.com/ww.product-avg-file-server-edition-for-linux
Greenest Host also uses OSSEC. It was installed by a consulting company
we hired to give me a hand. It's done a great job and I highly recommend
it. http://www.ossec.net/
chkrootkit is also used by Greenest Host and is run but a cron job
regularly. It checks for root kits on the servers and the results are
reported to me by logwatch. http://www.chkrootkit.org/
Speaking of Logwatch, I run it at home as well. Many of the security
scripts, applications, etc. results on the Greenest Host servers are
reported to me via Logwatch (aside from whatever those applications may
need to report to me immediately). Logwatch comes with RH type distros.
http://www2.logwatch.org:81/
We used to use Tripwire at Greenest Host, but that has been replaced by
similar software that is designed to work with the H-Sphere management
software that is used there. I do use Tripwire on my own systems though.
Also included with many Linux distros.
http://sourceforge.net/projects/tripwire/
Hope this helps.
PGA
--
Paul G. Allen, BSIT/SE
Owner, Sr. Engineer
Random Logic Consulting Services
www.randomlogic.com
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
