Thanks all for your responses, I've changed XP based on the
recommendations (or the ones I could follow anyway) and it seems to
run faster.
Security wise, I'm a lot more comfortable now. VPC says Shared
Networking uses NAT, which would suggest the Windows PC is
effectively hidden (as much as the Mac) from external intrusions.
Points about AVG and firewalls noted. I'll keep XP auto updates on.
I did look carefully at OmniGraffle. It supports Visio 2002 files
(not Visio 2003). It also doesn't have equivalent functionality
(that I could see anyway) for preparing business process diagrams
(Visio has very good cross functional flowchart components). I'll
keep tracking OmniGraffle though, looks interesting.
By the way, I ran the GRC 'Shields Up' (grc.com), and it shows all
ports closed except ftp, telnet and http (this is both from the Mac
and from the VPC). Any idea why this is, and if (and how) they can
be turned off?
Thanks again.
Glenn.
On 07/01/2006, at 4:44 PM, Craig Ringer wrote:
Hi,
I admin a bunch of WinXP systems at work, and this answer is made
from that experience:
Paul wrote:
My question relates to security. I'm pretty confident about Mac
security, but with Windows running within it, I'm interested in
what security precautions to take.
For example, should the Windows firewall be on?
Unless you need to disable it for some specific reason, yes. More
layers of protection rarely hurt.
Do I need to install the regular Windows OS updates.
You absolutely must keep it up to date. E-mail is not the only
exploit vector. For example, the recent WMF security hole could
probably attack you through a Visio file with an embedded WMF image.
Note I don't run any Windows email, so consider anti-virus to be
unnecessary.
That's not entirely true, but you'll probably be fine. I'd
recommend installing and using AVG from grisoft.com anyway. If
you're confident you can avoid getting the system infected, I
wouldn't bother letting it remain resident, instead just run scans
occasionally. Mostly though it's safer to let it run resident
("continuous scanning" essentially).
I have only had to use Explorer once, to access a trusted site
that doesn't support Safari/Firefox - so I also consider anti-
spyware to be unnecessary also.
You're probably OK there. I wouldn't want to use any persistent/
resident spyware scanner (many of which cause more problems than
they solve), but do consider using something like AdAware from
lavasoft.de to do scans every few months.
Note I'm connected to the Internet via ADSL with a NAT router.
So I'll raise the other niggling question - without Virtual PC
running, should the Mac firewall be on or not? I've heard
conflicting positions on whether the NAT router is adequate
protection or not.
A NAT router makes it difficult to initiate a connection to your
systems from the outside world. The extremely basic firewalls in
Mac OS X and Windows XP are intended to do much the same thing.
Things that can make it through NAT (e-mail borne nasties, IRC /
instant messenger attacks, browser exploits, etc) will most often
also make it through the XP and Mac OS X firewalls.
That said, unless you specifically need to disable the firewall for
some reason, leave it enabled.
I personally wouldn't let windows near the net without AVG anti-
virus and ZoneAlarm firewall.
I agree with regards to AVG, though if you're a careful and
informed user you can usually get away without running it in
resident mode. I think ZoneAlarm is unncessary for most users with
XP SP2, and it can cause more problems than it solves.
I've had to fix more Windows boxes that broke due to ZoneAlarm
(conflicts, bad upgrades, broken uninstalls, etc) than due to viruses.
I cant emphasise the iffy security of IE enough.
This is especially true right now, where any website can take total
control of your computer through an image. That means that (eg)
some web forums will permit another poster to put up an image
that'll control your computer.
Given what you have said, Windows OS updates should only be
necessary *if* the normal operation of the OS and programs
specifically require it. You can, given enough patience, install
just required updates.
Noo! Just turn on automatic updates. It's low fuss (though
sometimes really annoying about bugging you to reboot), works well,
and won't break things.
Also it may improve your mileage if you turn off:
Active desktop
Screen saver
Auto shut-down/sleep
Messenger service
Auto updates
I'd recommend leaving automatic updates enabled.
Off-line files
System recovery
By disabling system restore, you turn off the ability to repair
your system after a bad program/driver install. This can cost you a
lot of time and frustration, since while it's turned off it doesn't
collect any of the information needed to do recovery.
It does have a small but detectable performance impact. Despite
that I'd recommend leaving it on unless you keep backups of your
Virtual PC disk images somewhere, or are willing to risk the
possibility of having to erase and start again.
Menu fading/transition, window animation(?) (plus a few other
items on the same list in Display panel, this is from memory as I
don't have access to XP at this juncture; HOORAY!)
These are important, they cause surprisingly large slowdowns
especially under emulators. Switching the Windows XP theme back to
the older Windows 2000 style also puts a real rocket behind the OS.
IIRC you can do this in the Display control panel, or right click
on the desktop background and chose properties. I'm not 100% sure
as I'd have to reboot to check, and I'm using a real OS right now.
--
Craig Ringer
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Unsubscribe - <mailto:[EMAIL PROTECTED]>
WAMUG is powered by Stalker CommuniGatePro
