Paul G. Allen wrote: > James G. Sack (jim) wrote: >> >> Links to related tools and techniques are invited. We all probably know >> someone with an MSbox. I kinda like to know what to recommend to friends >> and relatives along these lines. Well, of course I mean the inferior >> strategies available after "install Linux" :-). >> > > I avoid the use of any M$ tools. In particular I read somewhere (and > some time ago) that the M$ Malicious Software Removal Tool ignores stuff > installed by M$ partners, and has even caused conflicts with other > tools. I use a different set of tools for Windows that has yet to fail > me. In fact, in one recent case, where I had to fix a severely fsck'd up > MinXP laptop, they succeeded where other commercial tools failed (Norton > would not even install on the system). No single tool will do > everything, especially for Winsucks. So, in the list below you will see > several things that I install on all Winsucks systems I have to deal > with (including this laptop, for the EXTREMELY rare occasions that I > boot into W2K). > > For Linux, the things used are much different and are usually more of > configuration items than anything else (with the exception of servers). > > > Windows Tools: > > AVG is excellent and worth paying for IF you feel the need. I generally > use the free version, though I installed the Linux E-mail server Edition > for the Greenest Host Postfix server. It was able to clean several > things from the previously mentioned laptop making the machine usable > again. AVG targets viruses, worms, and trojans. The e-mail edition I > mention does the above, scans files on the mail server, includes an > e-mail virus scanner, configurable document scanning and blocking, spam > detection, and incorporates RBL if enabled. AVG Free includes an e-mail > scanner that will scan incoming mail on workstations with Thunderbird or > Outlook (two examples). http://www.grisoft.com/ > > Spybot Search and Destroy does a great job at detecting, removing, and > preventing Spyware and some adware. It was able to detect and remove > some things that AVG did not on the afore mentioned laptop. It targets > spyware and adware as opposed to viruses/worms/trojans. It includes real > time system security to protect the registry from changes. it's both > free and can be purchased. Spybot recommends installing Spyware Blaster > which protects your system from malicious web sites and ActiveX > controls. http://www.safer-networking.org/en/index.html > > Ad-Aware picks up where Spybot leaves off. It detected and removed a few > things that Spybot could not. It is also free and can be purchased. > Ad-Aware does the same things Spybot does. I use both because one may > not catch something that the other will. > http://www.lavasoftusa.com/products/select_your_product.php > > Zone Alarm is an excellent FREE firewall. After initial installation, it > can learn what to allow and what not to allow. It can be configured to > pop-up a little window warning you of an attempted network access. It > can, sometimes, give extra information on the application or process > making the attempt. You can then allow or deny it, and optionally make > the decision permanent. It is configurable as to ports, sites, > processes, and applications to allow network access or not. > http://www.zonealarm.com/store/content/home.jsp > > > For Linux: > > AVG File Server Edition for Linux/FreeBSD. As I said above, I installed > the E-mail Server Edition on the Greenest Host Postfix mail server (my > last task for them as my contract has all but expired - I'm now working > in purely a maintenance mode and stuff ain't breaking or needing > maintenance!) This version is for file servers and is especially > important if the file server is sering any Windows machines. > http://www.grisoft.com/ww.product-avg-file-server-edition-for-linux > > Greenest Host also uses OSSEC. It was installed by a consulting company > we hired to give me a hand. It's done a great job and I highly recommend > it. http://www.ossec.net/ > > chkrootkit is also used by Greenest Host and is run but a cron job > regularly. It checks for root kits on the servers and the results are > reported to me by logwatch. http://www.chkrootkit.org/ > > Speaking of Logwatch, I run it at home as well. Many of the security > scripts, applications, etc. results on the Greenest Host servers are > reported to me via Logwatch (aside from whatever those applications may > need to report to me immediately). Logwatch comes with RH type distros. > http://www2.logwatch.org:81/ > > We used to use Tripwire at Greenest Host, but that has been replaced by > similar software that is designed to work with the H-Sphere management > software that is used there. I do use Tripwire on my own systems though. > Also included with many Linux distros. > http://sourceforge.net/projects/tripwire/ >
Thanks for the nicely annotated suggestions. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
