Jan2005 Extremely critical patches are out.
When setting up a new windows PC on a budget (as I'm sure many other people here have been roped into time and time again), I've found the following pieces of free software invaluable in preventing the need for constant maintainence visits:
Spybot Search And Destroy: http://spybot.eon.net.au/
(adaware is also useful, but I tend to just stick with spybot)
- I used to recommend ad-aware, even after coming across spybot. However, given an IE centric environment and a literally less than completely adept user base, and a concerning incident involving pop-up ware which was only caught by spybot, I can't recommend ad-aware anymore. --WilliamUnderwood
Sygate Personal Firewall: http://soho.sygate.com/products/spf_standard.htm
- I use ZoneAlarm freeware version, due to its fame any significant problems will be widely publized.
I'd also recommend installing mozilla or another browser and making it the default browser. It'll prevent most of the problems that you need spybot to fix.
Teach the user how to run the updates on these programs. Teach them to go to windows update. Leave an instruction sheet. If they call you with a problem, try making it your first suggestion to update and run these programs (even if it is completely unrelated, give them the impression that running these programs is the first step in any diagnostics, it will force them into the habit).
Most frequent exploited problems
Oct2004 issued a Top
Ten threat for both Windows and Unix. See http://www.sans.org/top20/
for exposures and countermeasures
WindowsXp SP2 security matters
Free courses from Microsoft (limited time) for WindowsXp
IMO, anyone running Windows with a broadband connection these days, that doesn't use a hardware firewall/NAT box
, is just begging for trouble. They may not be free, but they're cheap, and an essential component to protecting a home PC.
Lots. Scans just don't get to your machine, meaning you don't have to worry so much about flaws in Windows or Zonealarm. So it prevents some classes of attack completely - ZoneAlarm? etc just try to prevent any adverse effect when the attack happens. I run a H/w nat device and no personal firewall.
- I understand a NAT hides the IP from probing sources. How much real advantage has it got over a ZoneAlarm? freeware FireWall though?
hardware and software based FireWalls complements each other
- A hardware NAT can still serve as a zoombiePC if you get Malware somehow stuck to your system, without the outbound traffic controls of a software FireWall like ZoneAlarm? BTW, I have not heard any compromises of ZoneAlarm? yet, and I would think the software company would be very keen to defend their brandname against emergent threats. Howvever if you do get significant information on ZoneAlarm problems please post it here.
A PC Advisor article (http://www.pcadvisor.co.uk/index.cfm?go=news.print&news=4182
) says with only software based firewall, the software can be compromised and PC subjected to unsolicited scans. Whereas a hardware tool cannot tell which applications are trying to access the net, and does not work with dialup lines.
Windows built for single user with highest previledge - an entrenched culture
) breaks software who has not considered other types of user exist (those needing "restricted access" to defend against MalWare
Analysis of a Break in
becomes a means to remote control enslaved PCs. See http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
GAP in "Windows Genuine Advantage Program (WGA)"
Next (Feb05) phase in WGA will see pirated OS denied security patches. If this scheme is successful, it probably will mean more Distributed DoS and spam attacks from the PCs denied from essential patches.
ref: Gartner article at http://www4.gartner.com/DisplayDocument?doc_cd=125945
Anyone used Geo
Trust's free Trust
Watch tool? What experiences do people have on this? See http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/09-13-2004/0002249005&EDATE=
See also InternetSecurityForMicrosoftUsers