Security discussion regarding hubs, firewalls, anti-virus and VistaSecurity

  • Thread starter Thread starter eganders
  • Start date Start date
E

eganders

Guest
Security discussion

These are a very basic set of questions. Possibly there is an article
on the web that someone can point me to that fully addresses each of
these:

What security protection should I expect from:

a wireless hub/router

a software firewall

a software anti-virus, anti-trojan program

the security built into Vista


The reason I ask this is that I have a Linksys wireless hub with a WEP
code activated and I also had Zonealarm with Windows XP. I had my
files shared. I thought that the wireless hub should provide hardware
based security from anyone being able to "look" at my files and
anything behind the hub. I found that Zonealarm was giving me a lot
of warnings of malware and other outside people finding me and trying
to access my computer and that Zonealarm was stopping this. I don't
understand the Linksys hub's capabilities well enough to not ask "why
was the hub not keeping these outside intruders out?".

I now have Vista and the security it provides is suffocating. I have
a hard time accessing my own files on other computers on my network
and you need an ADVANCED IT degree to work around it. I would think
that you could provide a secure "knock'em dead" firewall with a
Linksys hub that would allow you to be "naked" behind the firewall so
you did not have to deal with security at all once you were safe
behind the Linksys firewall. I think this shows why I need to learn
all I can so I don't leave my UAC off (which it is right now). I
want security, but I want to run my business also.


microsoft.public.windows.vista.security
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Wikipedia comes to mind.
http://www.wikipedia.org/

Some responses inline

"eganders" <eganders@yahoo.com> wrote in message
news:1ccbb3b6-01f3-40a2-83e2-ab2f7440b568@i76g2000hsf.googlegroups.com...
> Security discussion
>
> These are a very basic set of questions. Possibly there is an article
> on the web that someone can point me to that fully addresses each of
> these:

There are, and I'm sure some experts here will provide some
for you. I find wikipedia a good resource for this kind of thing.

> What security protection should I expect from:
>
> a wireless hub/router

At the very least it can be set to drop any incomming attempt
to set up a communications channel. If you run a server of some
sort, and you want to allow such an incomming connection you
"forward" that port. This does not affect two way communication
that was initiated by you i.e. 'outgoing' requests to the ISP's web
server or mail server and the incomming subsequent returns.

Also, these devices can run additional filtering software - and more.

These devices sit between you and the outside world and do not
depend on the integrity of your computer system. They are firewalls
because they compartmentalize the network similar to the way
actual firefighting firewalls do for a building.

> a software firewall

This is an attempt to get the functionality of the routers firewall
plus the additional filtering, plus other features onto the system
it hopes to protect. They depend on the integrity of the system
unlike the device above.

With mobile computing, it is a very good idea to have a software
firewall because you don't always have control over the router
or wireless access point when you travel - or for some reason
you another's Wi-Fi network such as a cafe 'hot spot'.

> a software anti-virus, anti-trojan program

These are two different things - although often lumped together.
Basically, you need both. In a way, the second detects malicious
(or otherwise bad) programs - and the first detects malicious (or
otherwise bad) programming code within an otherwise good
program. You could say that a virus is a replicating trojan - it
makes trojans out of pre-existing programs as it replicates into
them.

....from here it gets even murkier, so - you need both and you
might just as well have them combined into one in the form of
an 'on-access' or 'real time' or 'active' scanner. It wouldn't hurt
to have other detector programs that you run when you want
to 'on demand', but only one 'on access' scanner.

> the security built into Vista

This is too general to go into, as there are lots of good security
features built-in to Vista. My advice, don't circumvent any of
them. Better is to learn how to operate within the parameters
Vista have provided (which is what you are doing).

> The reason I ask this is that I have a Linksys wireless hub with a WEP
> code activated and I also had Zonealarm with Windows XP. I had my
> files shared. I thought that the wireless hub should provide hardware
> based security from anyone being able to "look" at my files and anything
> behind the hub.

Well, now you know that that assumption was wrong. :o)

> I found that Zonealarm was giving me a lot
> of warnings of malware and other outside people finding me and trying
> to access my computer and that Zonealarm was stopping this.

Like a dog barking at passing cars is "protecting" you from
possible intruders. :o) Waking me up from a sound sleep
still rewards him with a pat on the head, so he keeps doing
it.

You can configure your software firewall to not do this I think.
(the dog is another matter) :o)

> I don't
> understand the Linksys hub's capabilities well enough to not ask "why
> was the hub not keeping these outside intruders out?".

Port forwarding? Subsequent (not init) packets? Local Area Network
(LAN) traffic from within your wireless network? This is why software
firewall applications are not completely worthless.

> I now have Vista and the security it provides is suffocating. I have
> a hard time accessing my own files on other computers on my network
> and you need an ADVANCED IT degree to work around it.

Previous MS OSes installed to provide a rich out-of-the-box
experience with servers running and just about every protocol
bound to every other protocol so that the user wouldn't have
to do anything 'advanced' to get anything done. It was a disaster
securitywise, although it probably did reduce the number of
support calls from users actually trying to do something.

Now it is more secure and it requires more of the user to work
within it - or to circumnavigate it. So it provides better default
security, and more customer complaints.

> I would think
> that you could provide a secure "knock'em dead" firewall with a
> Linksys hub that would allow you to be "naked" behind the firewall so
> you did not have to deal with security at all once you were safe
> behind the Linksys firewall.

The problem arises with the malware you invite in. That is the
subsequent packets and other unfiltered items.

> I think this shows why I need to learn
> all I can so I don't leave my UAC off (which it is right now). I
> want security, but I want to run my business also.

Read some Microsoft TechNet articles on UAC and LUA.
You seem to be very capable of learning how all this works.
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

On Wed, 20 Aug 2008 12:38:57 -0700 (PDT), eganders wrote:

> Security discussion
>
> These are a very basic set of questions. Possibly there is an article
> on the web that someone can point me to that fully addresses each of
> these:
>
> What security protection should I expect from:
>
> a wireless hub/router
>
> a software firewall
>
> a software anti-virus, anti-trojan program
>
> the security built into Vista
>
> The reason I ask this is that I have a Linksys wireless hub with a WEP
> code activated and I also had Zonealarm with Windows XP. I had my
> files shared. I thought that the wireless hub should provide hardware
> based security from anyone being able to "look" at my files and
> anything behind the hub. I found that Zonealarm was giving me a lot
> of warnings of malware and other outside people finding me and trying
> to access my computer and that Zonealarm was stopping this. I don't
> understand the Linksys hub's capabilities well enough to not ask "why
> was the hub not keeping these outside intruders out?".
>
> I now have Vista and the security it provides is suffocating. I have
> a hard time accessing my own files on other computers on my network
> and you need an ADVANCED IT degree to work around it. I would think
> that you could provide a secure "knock'em dead" firewall with a
> Linksys hub that would allow you to be "naked" behind the firewall so
> you did not have to deal with security at all once you were safe
> behind the Linksys firewall. I think this shows why I need to learn
> all I can so I don't leave my UAC off (which it is right now). I
> want security, but I want to run my business also.

*Security is a process not a product*.
(Bruce Schneier)

For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Don't expose services to public networks.
4. Keep your operating (OS) system (and all software on it)
updated/patched.
5. Reconsider the usage of IE.
5a.Secure (Harden) Internet Explorer.
6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet connection use a router as well.
For the average homeuser it is suggested blocking both TCP and UDP
ports 135 ~ 139 and 445 on the router and implement countermeasures
against DNSChanger. (Is the Firmware of your router up-to-date?).
And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
Wi-Fi Protected Access (WPA).
8. Routinely practice Safe-Hex.

Also ensure you do:
a. Regularly back-up data/files.
b. Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
c. Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
d. Keep abreast of the latest developments.

And finally:
Most computer magazines and/or (computer) specialized websites are *biased*
i.e. heavily weighted towards the (advertisement) dollar almighty!
Therefore:
a. Be cautious selecting software applications touted in publications
relying on advertisement revenue.
b. Do take their *test-results* of various software with a
*considerable* amount of salt!
c. Which also applies to their *investigative* in-depth test reports
related to any software applications.
d. Investigate claims made by software manufacturer *prior* downloading
their software; Subscribing to noncommercial-type publications,
specialized newsgroups and/or fora (to some extend) are a great way
to find out the 'nitty-gritties' and to consider various options.

The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

> 7a.If on high-speed internet connection use a router as well.
> For the average homeuser it is suggested blocking both TCP and UDP
> ports 135 ~ 139 and 445 on the router

It really isn't necessary to create specific "block" rules. Nearly every
router does this automatically; they only permit traffic that's in reply to
some previous outbound request.


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
news:e15mmpxAJHA.756@TK2MSFTNGP02.phx.gbl...
> On Wed, 20 Aug 2008 12:38:57 -0700 (PDT), eganders wrote:
>
>> Security discussion
>>
>> These are a very basic set of questions. Possibly there is an article
>> on the web that someone can point me to that fully addresses each of
>> these:
>>
>> What security protection should I expect from:
>>
>> a wireless hub/router
>>
>> a software firewall
>>
>> a software anti-virus, anti-trojan program
>>
>> the security built into Vista
>>
>> The reason I ask this is that I have a Linksys wireless hub with a WEP
>> code activated and I also had Zonealarm with Windows XP. I had my
>> files shared. I thought that the wireless hub should provide hardware
>> based security from anyone being able to "look" at my files and
>> anything behind the hub. I found that Zonealarm was giving me a lot
>> of warnings of malware and other outside people finding me and trying
>> to access my computer and that Zonealarm was stopping this. I don't
>> understand the Linksys hub's capabilities well enough to not ask "why
>> was the hub not keeping these outside intruders out?".
>>
>> I now have Vista and the security it provides is suffocating. I have
>> a hard time accessing my own files on other computers on my network
>> and you need an ADVANCED IT degree to work around it. I would think
>> that you could provide a secure "knock'em dead" firewall with a
>> Linksys hub that would allow you to be "naked" behind the firewall so
>> you did not have to deal with security at all once you were safe
>> behind the Linksys firewall. I think this shows why I need to learn
>> all I can so I don't leave my UAC off (which it is right now). I
>> want security, but I want to run my business also.
>
> *Security is a process not a product*.
> (Bruce Schneier)
>
> For Vista the most dependable defenses are:
> 1. Do not work in elevated level; Day-to-day work should be performed
> while the User Account Control (UAC) is enabled.
> 2. Familiarize yourself with "Services Hardening in Windows Vista".
> 3. Don't expose services to public networks.
> 4. Keep your operating (OS) system (and all software on it)
> updated/patched.
> 5. Reconsider the usage of IE.
> 5a.Secure (Harden) Internet Explorer.
> 6. Review your installed 3rd party software applications/utilities;
> Remove clutter, *including* 3rd party software personal firewall
> application (PFW) - the one which claims:
> "It can stop/control malicious outbound traffic".
> 7. Activate the build-in firewall and tack together its advanced
> configuration settings.
> 7a.If on high-speed internet connection use a router as well.
> For the average homeuser it is suggested blocking both TCP and UDP
> ports 135 ~ 139 and 445 on the router and implement countermeasures
> against DNSChanger. (Is the Firmware of your router up-to-date?).
> And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
> Wi-Fi Protected Access (WPA).
> 8. Routinely practice Safe-Hex.
>
> Also ensure you do:
> a. Regularly back-up data/files.
> b. Familiarize yourself with crash recovery tools and with
> re-installing your operating system (OS).
> c. Utilize a real-time anti-virus application and vital system
> monitoring utilities/applications.
> d. Keep abreast of the latest developments.
>
> And finally:
> Most computer magazines and/or (computer) specialized websites are
> *biased*
> i.e. heavily weighted towards the (advertisement) dollar almighty!
> Therefore:
> a. Be cautious selecting software applications touted in publications
> relying on advertisement revenue.
> b. Do take their *test-results* of various software with a
> *considerable* amount of salt!
> c. Which also applies to their *investigative* in-depth test reports
> related to any software applications.
> d. Investigate claims made by software manufacturer *prior* downloading
> their software; Subscribing to noncommercial-type publications,
> specialized newsgroups and/or fora (to some extend) are a great way
> to find out the 'nitty-gritties' and to consider various options.
>
> The least preferred defenses are:
> Myriads of popular anti-whatever applications and staying ignorant.
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security


"eganders" <eganders@yahoo.com> wrote in message
news:1ccbb3b6-01f3-40a2-83e2-ab2f7440b568@i76g2000hsf.googlegroups.com...
>

For the wireless you can do sometings to better protect your situation.

http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm

For the XP or Vista O/S, you need to further harden the O/S(s) to attack,
like use Authenticated user group on file shares, disable the Guest account
and remove Everyone off of files and folders, along with other things you
can do, etc, etc.

http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
http://iase.disa.mil/stigs/checklist/

If you want to protect a business, then you need to come away from the
Linksys NAT router and step up to a low-end FW appliance, like a Watchguard,
Cisco, Snapgear, Sonicwall etc, etc those kind of solutions and not use a
NAT router for home usage. FW appliances cost a little more and are
affordable. You can even get a refurbished used one from reputable dealer
that has a warrantee from a reputable dealer, which you can call the
maufature to get names of dealers. A low end FW appliance is a plug it up
and go device that needs very little configuration on your part, like the
Linksys NAT router.

Here is some infromation to help you in your FW selection process.

http://www.homenethelp.com/web/explain/about-NAT.asp
http://www.vicomsoft.com/knowledge/reference/firewalls1.html
http://www.more.net/technical/netserv/tcpip/firewalls/

You can use something like Wallwatcher so that you see inbound and outbound
traffic, even for wireless on the devices.

http://sonic.net/wallwatcher/
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:

>> 7a.If on high-speed internet connection use a router as well.
>> For the average homeuser it is suggested blocking both TCP and UDP
>> ports 135 ~ 139 and 445 on the router
>
> It really isn't necessary to create specific "block" rules. Nearly every
> router does this automatically; they only permit traffic that's in reply to
> some previous outbound request.

Thanks for commenting on #7a.
Admittedly, I am not familiar with all types/makes of (small busines/home
user) routers available.
Are you saying to drop this comment completely or, since it is possible
that some users may employ routers which will not automatically block the
said ports, is paraphrasing the comment sufficient for the purpose?
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

On Thu, 21 Aug 2008 16:26:58 +0700, Kayman
<kaymanDeleteThis@operamail.com> wrote:

>On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>
>>> 7a.If on high-speed internet connection use a router as well.
>>> For the average homeuser it is suggested blocking both TCP and UDP
>>> ports 135 ~ 139 and 445 on the router
>>
>> It really isn't necessary to create specific "block" rules. Nearly every
>> router does this automatically; they only permit traffic that's in reply to
>> some previous outbound request.
>
>Thanks for commenting on #7a.
>Admittedly, I am not familiar with all types/makes of (small busines/home
>user) routers available.
>Are you saying to drop this comment completely or, since it is possible
>that some users may employ routers which will not automatically block the
>said ports, is paraphrasing the comment sufficient for the purpose?

I'm guessing now, but you probably meant blocking *outbound* packets
for mentioned ports. Some advocate doing this in order to also
"protect the internet from you", so to speak.
 
Re: Security discussion regarding hubs, firewalls, anti-virus and VistaSecurity


My take is as follows; Protect myself from crawling threats on the
internet by a dedicated firewall, protect myself from software threats
with antivirus/malware protection. If those two factors are properly
setup, all other securitymeasures are redundant and wastes resources.
Perhaps I suffer from a 1% higher risk of infection over a period of a
few years, but it doesn't seem so this far. I have disabled all the
securityfeatures of windows, because I don't see a need for them. I
wouldn't do this to a systemcritical computer or if I had sensitive
information on the computer though, but this is a computer for games and
internet... If it goes down, I reinstall it (hasn't happened yet...).

Linux firewalls are free and safe enough to use for business if setup
with the right knowledge.

Most new routers come with SPI (stateful packet inspection) which only
accepts incoming traffic from servers you sent outgoing traffic to, and
that's usually enough for protection at home.


--
mike-cow
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

I haven't seen a router with default-allow in years -- stuff you buy now is
configured default-deny (in the inbound direction), so everything's blocked
except:

* inbound reply traffic
* inbound traffic that matches a rule you wrote


--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com



"Kayman" <kaymanDeleteThis@operamail.com> wrote in message
news:#L42OA3AJHA.4064@TK2MSFTNGP02.phx.gbl...
> On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>
>>> 7a.If on high-speed internet connection use a router as well.
>>> For the average homeuser it is suggested blocking both TCP and UDP
>>> ports 135 ~ 139 and 445 on the router
>>
>> It really isn't necessary to create specific "block" rules. Nearly every
>> router does this automatically; they only permit traffic that's in reply
>> to
>> some previous outbound request.
>
> Thanks for commenting on #7a.
> Admittedly, I am not familiar with all types/makes of (small busines/home
> user) routers available.
> Are you saying to drop this comment completely or, since it is possible
> that some users may employ routers which will not automatically block the
> said ports, is paraphrasing the comment sufficient for the purpose?
 
Re: Security discussion regarding hubs, firewalls, anti-virus andVista Security

Re: Security discussion regarding hubs, firewalls, anti-virus andVista Security

On Aug 20, 3:38 pm, eganders <egand...@yahoo.com> wrote:
> Security discussion
>
> These are a very basic set of questions.  Possibly there is an article
> on the web that someone can point me to that fully addresses each of
> these:
>
> What security protection should I expect from:
>
> a wireless hub/router
>
> a software firewall
>
> a software anti-virus, anti-trojan program
>
> the security built into Vista
>
> The reason I ask this is that I have a Linksys wireless hub with a WEP
> code activated and I also had Zonealarm with Windows XP.  I had my
> files shared.  I thought that the wireless hub should provide hardware
> based security from anyone being able to "look" at my files and
> anything behind the hub.  I found that Zonealarm was giving me a lot
> of warnings of malware and other outside people finding me and trying
> to access my computer and that Zonealarm was stopping this.  I don't
> understand the Linksys hub's capabilities well enough to not ask "why
> was the hub not keeping these outside intruders out?".
>
> I now have Vista and the security it provides is suffocating.  I have
> a hard time accessing my own files on other computers on my network
> and you need an ADVANCED IT degree to work around it.  I would think
> that you could provide a secure "knock'em dead" firewall with a
> Linksys hub that would allow you to be "naked" behind the firewall so
> you did not have to deal with security at all once you were safe
> behind the Linksys firewall.  I think this shows why I need to learn
> all I can so I don't leave my UAC off (which it is right now).   I
> want security, but I want to run my business also.
>
>  microsoft.public.windows.vista.security

I would be happy to help you and do note the majority of your
questions are in the general safe computing topically - not Vista
Security pe se..... I recommend for general "fix me up security wise"
to visit me (webmaster) www.BlueCollarPC.Net and links to our groups
for security or here: http://bluecollarpc.net/smf/index.php and here
http://www.bluecollarpc.net/joingroup.html and here
http://groups.google.com/group/BlueCollarPC and my general Vista Group
here http://tech.groups.yahoo.com/group/Vista-Group/ .....

I think you will get a much warmer reception and more important a blow
by blow help if needed painstakingly. News groups generally do not
participate as such is the 'coldness' perhaps. Like here - a specific
concise question with a specific concise answer is the norm. Generally
and to briefly answer your enormous concerns is that off the bat you
may have inadvertantly opened your coputer to dangers even security
software will not help much against, according to setings.

Number one, WEP (64/128bit encryption) has been hacked a good while
ago and is the same as logging on with 'No Security' settings. You
want to Upgrade to WPA (256bit encryption) across the board - Router,
PCs, Periperals (Windows Mobile PC etc). This was released in 2003
through Windows Updates to get the idea - yes you are in "cave man
days" with Security. SEE http://www.bluecollarpc.net/allwireless1.html
and here http://www.bluecollarpc.net/myvistapc.html ......

You definately want to keep your Vista empowered PCs operating in
Vista Internet Explorer Protected Mode (IE Settings) and also
definately keep using Vista UAC User Accont Control operating and here
is why here http://www.networkworld.com/news/2008/052308-vistas-uac-spots-rootkits-tests.html?fsrc=rss-security
...and here http://technet.microsoft.com/en-us/...et.microsoft.com/en-us/magazine/cc138019.aspx
.....and read this
http://bluecollarpc.wordpress.com/2...ould-not-use-a-tweaking-uac-software-utility/
...and this http://bluecollarpc.wordpress.com/2...ecommended-disable-all-balloon-notifications/
...and sum up here with informed choices
http://www.prevx.com/blog/83/Is-Limited-User-Account-enough-Not- really.html

Apparently you imply you have some very, very dangerous P2P (Peer to
Peer) application scenario going on. This gives complete access to
your PCs by your own hand as the application imposes "Allow to Share
with this Computer" and means both ways - is the security suicide
because you are allowing complete access to all your Files to the
other computer which if a cyber criminal (most likely) now has
everything on your PC on theirs and see P2P Dangers (Peer to Peer file
swapping) here http://bluecollarpc.net/smf/index.php/topic,159.0.html

You want proactive quality shareware 24/7 running and a fully patched
PC (Windows Updates - Vista SP1, Service Pack 1 installed) and
generally only paid shareware subscription security software (personal
firewall, antivirus, antispyware) has Real Time Protection - see
heuristics. Now, tell the rest that say this is not neccessary to go
jump in a lake because the vast majority of all users worldwide have
chosen this as their informed choices Security Solution - making the
industry a multi-billion dollar one. They may argur Reformet/Reintall
Windows and see why this is a "unsrupulous pc reapirman scam" ay the
Better Business Bureau and across search engines and here
http://bluecollarpc.wordpress.com/2...ll-windows-or-conventional-removal-softwares/


....Okay a major day of security homework is in your face and you r
choice is to get busy I would say and "catch up" - maning in a
friendly and safe and INFORMMED way for your own sake. For the rest
that argue softwares and usage tell them yes the Public knows - in
following your idiotic solutions of feel good in-security we as
Netizens have lost over 45 Billion Dollars in direct eTheft including
ruining our lives via etheft IDThefts. Have a nice day....

gerald philly pa usa
webmaster www.BlueColarPC.Net
 
Re: Security discussion regarding hubs, firewalls, anti-virus andVista Security

Re: Security discussion regarding hubs, firewalls, anti-virus andVista Security

On Aug 21, 6:08 pm, gerald3092 <gerald3...@gmail.com> wrote:
> On Aug 20, 3:38 pm, eganders <egand...@yahoo.com> wrote:
>
>
>
>
>
> > Security discussion
>
> > These are a very basic set of questions.  Possibly there is an article
> > on the web that someone can point me to that fully addresses each of
> > these:
>
> > What security protection should I expect from:
>
> > a wireless hub/router
>
> > a software firewall
>
> > a software anti-virus, anti-trojan program
>
> > the security built into Vista
>
> > The reason I ask this is that I have a Linksys wireless hub with a WEP
> > code activated and I also had Zonealarm with Windows XP.  I had my
> > files shared.  I thought that the wireless hub should provide hardware
> > based security from anyone being able to "look" at my files and
> > anything behind the hub.  I found that Zonealarm was giving me a lot
> > of warnings of malware and other outside people finding me and trying
> > to access my computer and that Zonealarm was stopping this.  I don't
> > understand the Linksys hub's capabilities well enough to not ask "why
> > was the hub not keeping these outside intruders out?".
>
> > I now have Vista and the security it provides is suffocating.  I have
> > a hard time accessing my own files on other computers on my network
> > and you need an ADVANCED IT degree to work around it.  I would think
> > that you could provide a secure "knock'em dead" firewall with a
> > Linksys hub that would allow you to be "naked" behind the firewall so
> > you did not have to deal with security at all once you were safe
> > behind the Linksys firewall.  I think this shows why I need to learn
> > all I can so I don't leave my UAC off (which it is right now).   I
> > want security, but I want to run my business also.
>
> >  microsoft.public.windows.vista.security
>
> I would be happy to help you and do note the majority of your
> questions are in the general safe computing topically - not Vista
> Security pe se..... I recommend for general "fix me up security wise"
> to visit me (webmaster)www.BlueCollarPC.Netand links to our groups
> for security or here:http://bluecollarpc.net/smf/index.phpand herehttp://www.bluecollarpc.net/joingroup.htmland herehttp://groups.google.com/group/BlueCollarPCand my general Vista Group
> herehttp://tech.groups.yahoo.com/group/Vista-Group/.....
>
> I think you will get a much warmer reception and more important a blow
> by blow help if needed painstakingly. News groups generally do not
> participate as such is the 'coldness' perhaps. Like here - a specific
> concise question with a specific concise answer is the norm. Generally
> and to briefly answer your enormous concerns is that off the bat you
> may have inadvertantly opened your coputer to dangers even security
> software will not help much against, according to setings.
>
> Number one, WEP (64/128bit encryption) has been hacked a good while
> ago and is the same as logging on with 'No Security' settings. You
> want to Upgrade to WPA (256bit encryption) across the board - Router,
> PCs, Periperals (Windows Mobile PC etc). This was released in 2003
> through Windows Updates to get the idea - yes you are in "cave man
> days" with Security. SEEhttp://www.bluecollarpc.net/allwireless1.html
> and herehttp://www.bluecollarpc.net/myvistapc.html......
>
> You definately want to keep your Vista empowered PCs operating in
> Vista Internet Explorer Protected Mode (IE Settings) and also
> definately keep using Vista UAC User Accont Control operating and here
> is why herehttp://www.networkworld.com/news/2008/052308-vistas-uac-spots-rootkit...
> ...and herehttp://technet.microsoft.com/en-us/magazine/cc138019.aspx%3Chttp://te...
> .....and read thishttp://bluecollarpc.wordpress.com/2008/06/15/warning-why-you-should-n...
> ...and thishttp://bluecollarpc.wordpress.com/2008/06/18/more-vista-hacks-not-rec...
> ...and sum up here with informed choiceshttp://www.prevx.com/blog/83/Is-Limited-User-Account-enough-Not-%20re...
>
> Apparently you imply you have some very, very dangerous P2P (Peer to
> Peer) application scenario going on. This gives complete access to
> your PCs by your own hand as the application imposes "Allow to Share
> with this Computer" and means both ways - is the security suicide
> because you are allowing complete access to all your Files to the
> other computer which if a cyber criminal (most likely) now has
> everything on your PC on theirs and see P2P Dangers (Peer to Peer file
> swapping)  herehttp://bluecollarpc.net/smf/index.php/topic,159.0.html
>
> You want proactive quality shareware 24/7 running and a fully patched
> PC (Windows Updates - Vista SP1, Service Pack 1 installed) and
> generally only paid shareware subscription security software (personal
> firewall, antivirus, antispyware) has Real Time Protection - see
> heuristics. Now, tell the rest that say this is not neccessary to go
> jump in a lake because the vast majority of all users worldwide have
> chosen this as their informed choices Security Solution - making the
> industry a multi-billion dollar one. They may argur Reformet/Reintall
> Windows and see why this is a "unsrupulous pc reapirman scam" ay the
> Better Business Bureau and across search engines and herehttp://bluecollarpc.wordpress.com/2008/05/18/threat-removals-reformat...
>
> ....Okay a major day of security homework is in your face and you r
> choice is to get busy I would say and "catch up" - maning in a
> friendly and safe and INFORMMED way for your own sake. For the rest
> that argue softwares and usage tell them yes the Public knows - in
> following your idiotic solutions of feel good in-security we as
> Netizens have lost over 45 Billion Dollars in direct eTheft including
> ruining our lives via etheft IDThefts. Have a nice day....
>
> gerald philly pa usa
> webmasterwww.BlueColarPC.Net- Hide quoted text -
>
> - Show quoted text -

As far as Routers, you want the hardware firewalls in them and your
dsl/broadband modem acticvtated and in WPA Personal as minimum log on
security. You also need a quality personal firewall such sa Comodo
installed on all PCs and see Microsoft.com to end these arguments as
far as others saying you don't need personal software firewalls
installed if running hardware (router) firewall. A fool and their
money is soon parted comes to mind. In the new WPA encryption
security a "password" key is added - kind of excatly the same thing as
chosing a password which is then entered into the security settings of
the Routers and is the Security Key. Again even using something like a
WEP Key Generator -- This little tool allows you to create/generate
WEP keys of 128/64 bits length -- again is hacked though that would
make things a tad harder. I have used these on my older Windows Mobile
Computer though now not any longer with the crimeware enviroment today
as NEVER before. Go back on the Router and disallow all other
Computers except yours on the Network by an easy DOS Command Prompt
scenario of inclusion of your PCs IP Number and disclusion of all
others and find that out -How To - easily here at LinkSys Tutorials
http://www.linksys.com/servlet/Sate...nksys/Common/VisitorWrapper&lid=7681803086B75

Get on it bro' .... it gets as easy as pie !

gerald philly pa usa
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

On Thu, 21 Aug 2008 16:47:23 +0200, Root Kit wrote:

> On Thu, 21 Aug 2008 16:26:58 +0700, Kayman
> <kaymanDeleteThis@operamail.com> wrote:
>
>>On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>>
>>>> 7a.If on high-speed internet connection use a router as well.
>>>> For the average homeuser it is suggested blocking both TCP and UDP
>>>> ports 135 ~ 139 and 445 on the router
>>>
>>> It really isn't necessary to create specific "block" rules. Nearly every
>>> router does this automatically; they only permit traffic that's in reply to
>>> some previous outbound request.
>>
>>Thanks for commenting on #7a.
>>Admittedly, I am not familiar with all types/makes of (small busines/home
>>user) routers available.
>>Are you saying to drop this comment completely or, since it is possible
>>that some users may employ routers which will not automatically block the
>>said ports, is paraphrasing the comment sufficient for the purpose?
>
> I'm guessing now, but you probably meant blocking *outbound* packets
> for mentioned ports. Some advocate doing this in order to also
> "protect the internet from you", so to speak.

Yes, I must've gotten my wires twisted when reading Jesper's article in
relation to Vista firewall-outbound filtering.
....you could use another new function in the Windows Vista
firewall¡Xoutbound filtering. An administrator could decide, for instance,
to block all outbound SMB connections (those terminating at ports TCP 135,
139, 445, and UDP 137, 138, 445) in the public profile."
[unquote]
Some users may find configuring the build-in firewall too challenging.
Click to expand...
 
Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security

Re: Security discussion regarding hubs, firewalls, anti-virus and Vista Security


"Root Kit" <b__nice@hotmail.com> wrote in message
news:gruqa4tn8guffafcdj9egf1dg4cnimuhvi@4ax.com...
> On Thu, 21 Aug 2008 16:26:58 +0700, Kayman
> <kaymanDeleteThis@operamail.com> wrote:
>
>>On Wed, 20 Aug 2008 18:14:23 -0700, Steve Riley [MSFT] wrote:
>>
>>>> 7a.If on high-speed internet connection use a router as well.
>>>> For the average homeuser it is suggested blocking both TCP and UDP
>>>> ports 135 ~ 139 and 445 on the router
>>>
>>> It really isn't necessary to create specific "block" rules. Nearly every
>>> router does this automatically; they only permit traffic that's in reply
>>> to
>>> some previous outbound request.
>>
>>Thanks for commenting on #7a.
>>Admittedly, I am not familiar with all types/makes of (small busines/home
>>user) routers available.
>>Are you saying to drop this comment completely or, since it is possible
>>that some users may employ routers which will not automatically block the
>>said ports, is paraphrasing the comment sufficient for the purpose?
>
> I'm guessing now, but you probably meant blocking *outbound* packets
> for mentioned ports. Some advocate doing this in order to also
> "protect the internet from you", so to speak.

I suppose he could phrase it blocking (or not port forwarding) these
ports with these protocols. All incoming init packets are dropped
unless you specifically configure it to allow them in (Stateful Packet
Inspection) but subsequent packets won't stop here. I think the
issue was with software listening on these ports, and the easiest way
to mitigate was to block rather than to remove the offending server
daemon and/or unbind protocols that you don't need binded.

Again, it was the default configuration of earlier Windows OSes
at fault. I don't think it is an issue with Vista (at least it shouldn't
be).
 
Re: Security discussion regarding hubs, firewalls, anti-virus and VistaSecurity

A dedicated firewall is a good thing, but what is a "crawling threat"?
Would you define that as "that which a firewall protects against"?

Antivirus/malware protection is a good thing also, but is *never*
100% effective and should be used only as a back-up for your
otherwise safe computing practices. It's like a bullet proof vest
- you still don't want to be peppered with bullets.

Firewalls won't save you from what you invite in, and antiwhatever
won't detect everything (especially the very new). So - it really
shouldn't be called "protection", just part of the security process.

It took effort to increase security in previous MS OSes, now it
takes effort for an "ease-of-use" slightly reduced security. Better
this way because those unable or unwilling to go beyond using
the computer as a household appliance will present a more secure
surface to the outside world. If you like using the computer as a
computer (rather than an appliance) and are a capable computer
user then by all means tweak to your hearts content. Vista can be
made as un-secure as most any other MS OS. They didn't lock
users in to the new paradigm - they just made it the default.

"mike-cow" <guest@unknown-email.com> wrote in message
news:79d10fbdd313d07b1e4bd4e21ec5e8aa@nntp-gateway.com...
>
> My take is as follows; Protect myself from crawling threats on the
> internet by a dedicated firewall, protect myself from software threats
> with antivirus/malware protection. If those two factors are properly
> setup, all other securitymeasures are redundant and wastes resources.
> Perhaps I suffer from a 1% higher risk of infection over a period of a
> few years, but it doesn't seem so this far. I have disabled all the
> securityfeatures of windows, because I don't see a need for them. I
> wouldn't do this to a systemcritical computer or if I had sensitive
> information on the computer though, but this is a computer for games and
> internet... If it goes down, I reinstall it (hasn't happened yet...).
>
> Linux firewalls are free and safe enough to use for business if setup
> with the right knowledge.
>
> Most new routers come with SPI (stateful packet inspection) which only
> accepts incoming traffic from servers you sent outgoing traffic to, and
> that's usually enough for protection at home.
>
>
> --
> mike-cow
 
Back
Top