On Thu, 6 Jan 2005 00:54:10 EST, [EMAIL PROTECTED] wrote:
> I just got AOL's version with virus protection. But it seems everyone,
> including you, are saying there is really no way to totally avoid adware
> (etc.) Right?
Well, in hard core security circles, there's only one type of secure
computer: one with no monitor, no keyboard, and no external links (like
to networks). But that stuff is in the realm of those governmental
agencies and NGOs that don't really exist, like the NRO and NSA and
CIA/DIA/etc., in the US.
As with any security-related endeavor, though, a multilayer defense is
the only way to go. That includes the people. The weakest links in
the vast majority of security chains are the people. The computers
themselves can be (but usually aren't) made arbitrarily secure, until
you give people access to them. That said, the layers in my defense
system are:
I. Technical
A. My ISP scans email for viruses
B. My computers are isolated from the Internet connection with
a firewall that implements NAT and blocks virtually all
incoming TCP and UDP ports
C. My computers scan all files for viruses with two scanners
D. HTML email goes straight to the bit bucket
E. Any email attachments that I'm not expecting go straight to
the bit bucket
F. I do spyware scans about twice a month with three different
scanners ... i've only ever gotten one spyware, and that was
from a Broderbund commercial product
G. I check for OS updates at least weekly
H. My firewall and anti-virus software look for updates daily
I. My computers have a software firewall running on them that
blocks all outgoing traffic on a per-application basis
The first ones try to keep stuff out. The last one tries to prevent
any that get in from phoning home or propagating.
II. Human
A. I don't visit new web sites without a personal reference from
a current, security-minded user of the site (I work for an
Internet security firm)
B. I use Opera and Firefox for browsing, not IE, and I turn up
their security settings, like blocking pop-up windows and
only allowing a handful of sites to set cookies
C. I only subscribe to lists like PDML that strip attachments
D. I don't muck about in the newsgroups
E. Email attachments I am expecting aren't opened until after I
have spoken with the sender to verify them
F. I never follow a link in an email ... I lookup the service
with Google or something like that and type the address in
to my browser manually
I probably have or do other things, too, that just aren't coming to
mind off the top of my head.
In the twenty-odd years I've been computing, personally and
professionally, I've only ever gotten one virus infection. That was
one that didn't require any user intervention at all, as it exploited a
vulnerability in a technology known as Remote Procedure Call (RPC). It
didn't require any user intervention, just an unpatched system. In this
case, the required patch broke our development tools, so we had to wait
for a revised patch, and got infected while waiting.
And when Windows Update says there's a critical security patch
available, don't ignore it.
The same principles apply to any system, not just Windows. Though many
of the so called "ease of use" features and design of Windows make
wonderful ingress vectors for the nasty people out there.
> I hate the Internet.
> When I don't love it.
Computers are great. When they work. When they don't, they hoover.
:-)
TTYL, DougF KG4LMZ
