Jan2005 Extremely critical patches are out.
When setting up a new windows PC on a budget (as I'm sure many other people here have been roped into time and time again), I've found the following pieces of free software invaluable in preventing the need for constant maintainence visits:
Spybot Search And Destroy: http://spybot.eon.net.au/ (adaware is also useful, but I tend to just stick with spybot)
I used to recommend ad-aware, even after coming across spybot. However, given an IE centric environment and a literally less than completely adept user base, and a concerning incident involving pop-up ware which was only caught by spybot, I can't recommend ad-aware anymore. --WilliamUnderwood
Sygate Personal Firewall: http://soho.sygate.com/products/spf_standard.htm
- I use ZoneAlarm freeware version, due to its fame any significant problems will be widely publized.
AntiVir: http://www.free-av.com/
I'd also recommend installing mozilla or another browser and making it the default browser. It'll prevent most of the problems that you need spybot to fix.
Teach the user how to run the updates on these programs. Teach them to go to windows update. Leave an instruction sheet. If they call you with a problem, try making it your first suggestion to update and run these programs (even if it is completely unrelated, give them the impression that running these programs is the first step in any diagnostics, it will force them into the habit).
Most frequent exploited problems
SansInstitute Oct2004 issued a TopTen threat for both Windows and Unix. See http://www.sans.org/top20/ for exposures and countermeasures
- A commentary on the list can be viewed at http://techrepublic.com.com/5102-6264-5453170-2.html
WindowsXp SP2 security matters
See http://netsecurity.about.com/od/securingwindowsxp/a/aa052304_p.htm
Free courses from Microsoft (limited time) for WindowsXp
See https://www.microsoftelearning.com/xpsp2/
IMO, anyone running Windows with a broadband connection these days, that doesn't use a hardware firewall/NAT box, is just begging for trouble. They may not be free, but they're cheap, and an essential component to protecting a home PC.
- I understand a NAT hides the IP from probing sources. How much real advantage has it got over a ZoneAlarm freeware FireWall though?
Lots. Scans just don't get to your machine, meaning you don't have to worry so much about flaws in Windows or Zonealarm. So it prevents some classes of attack completely - ZoneAlarm etc just try to prevent any adverse effect when the attack happens. I run a H/w nat device and no personal firewall.
- A hardware NAT can still serve as a zoombiePC if you get Malware somehow stuck to your system, without the outbound traffic controls of a software FireWall like ZoneAlarm? BTW, I have not heard any compromises of ZoneAlarm yet, and I would think the software company would be very keen to defend their brandname against emergent threats. Howvever if you do get significant information on ZoneAlarm problems please post it here.
hardware and software based FireWalls complements each other
A PC Advisor article (http://www.pcadvisor.co.uk/index.cfm?go=news.print&news=4182) says with only software based firewall, the software can be compromised and PC subjected to unsolicited scans. Whereas a hardware tool cannot tell which applications are trying to access the net, and does not work with dialup lines.
SecurityManagement aspects
Windows built for single user with highest previledge - an entrenched culture
SP2 (WindowsXp) breaks software who has not considered other types of user exist (those needing "restricted access" to defend against MalWare and SocialEngineering tactics).
- "The State of WindowsSecurity" http://www.osnews.com/story.php?news_id=9435
Analysis of a Break in
InternetRelayChat becomes a means to remote control enslaved PCs. See http://www.usatoday.com/money/industries/technology/2004-11-29-honeypot_x.htm
GAP in "Windows Genuine Advantage Program (WGA)"
Next (Feb05) phase in WGA will see pirated OS denied security patches. If this scheme is successful, it probably will mean more Distributed DoS and spam attacks from the PCs denied from essential patches.
ref: Gartner article at http://www4.gartner.com/DisplayDocument?doc_cd=125945
SecuringWindows QuickQuestions
Anyone used GeoTrust's free TrustWatch tool? What experiences do people have on this? See http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109&STORY=/www/story/09-13-2004/0002249005&EDATE= and http://news.zdnet.com/2110-3513_22-5367650.html
See also InternetSecurityForMicrosoftUsers
CategoryMicrosoft, CategorySecurity