OT: the reason for firewalls and virus scans

[J Tiers]

A friend asked me to look at his computer (actually his wifes). This machine is a 2.1 gHz machine with 256meg ram, a 30 gig disk, that has Win XP sp1 on it, no firewall, no virus software, etc. They have been using it for internet, but it had become so slow it was unusable.

I got Spybot and adaware on it, and scanned..... 25 assorted pieces of spyware and so forth......

Then we got AVG onto it, and ran a scan. 45 minutes later, AVG had identified and removed 314 different viruses, trojans, and other assorted malware from the machine......

I didn't have time to get zonealarm onto it. He had the virus program and firewall combo program, but it was having trouble loading, hung up for 25 min, etc..... At least I had time to disable the messenger service, remote operation, and the universal plug and play features, as a partial help towards preventing further problems.......

I have never in my life seen as many examples of malware as were on that machine... it just kept adding onto the list and my jaw was dropping further and further.....

Let it be a lesson to you.....

[mochinist]

It would probably be better to just reload windows onto that machine

[J Tiers]

It might.................. although the immediate problems are over with.......

That's if they could find their XP disks..... and wanted to wait while multi-megs of sp1 and sp2 download over the dialup.........

[CCWKen]

Messaging would have been disabled a long time ago if they were doing the updates. Use the automatic update feature. There's been numerous anivirus and auto-removal updates in the past year.

Also, download and run one of the root kit checkers.

[Evan]

A firewall doesn't stop viruses and you don't need to install one. XP already has one. It's good enough for what it is supposed to do which is to prevent your computer from answering external attempts to access it that it didn't initiate.

If you can get to a high speed connection somewhere you can download a stand alone SP2 installer and burn it to CD to upgrade the system. You don't need to do SP1 first.

http://www.microsoft.com/downloads/d...displaylang=en


If you do this note the additional updates that can also be downloaded as stand alone installs at the bottom of the page.

[J Tiers]

A firewall doesn't stop viruses and you don't need to install one. XP already has one. It's good enough for what it is supposed to do which is to prevent your computer from answering external attempts to access it that it didn't initiate.
.

Amazingly, THIS XP does NOT have the firewall.. I looked and confirmed it.

AND, quite a lot of it is subtly different from the XP I have used (and still don't like).

One son has worked for Microsoft...... and set up their computer. The best explanation I can come up with is that it is a beta (or earleier) version that he smuggled out and put on Mom's computer...... but I did not try the "about" in help, it was mighty late and I didn't want to know that bad right then.

That makes it totally un-maintainable, an issue I will have to take up with them later.

[BadDog]

I’ve said it before, will say it again, the best thing you can do is set them up with a non-admin account and insist they use ONLY that account for accessing the internet. This is done with my wife and children’s computers, they are on the internet all the time (yahoo, myspace, random web sites, etc.) and I have not had any anti-virus/spyware/malware/etc. running in a VERY long time. Not one single virus has appeared in that entire time. Only one spyware that showed up recently on my son’s computer, and that was because I gave him an admin account to use for games that require it, and then (as expected) he “forgot” and used that account to access the internet. If you are even slightly disciplined, you don’t even need to log on/off as different users, but can simply set your web browser and email client (and news reader, etc.) to request alternate credentials when loaded. Then you get prompted to log in and can run with reduced permissions even when logged on as admin.

That reduced permission alone closes something like 90% of the common propagation vectors (including most social engineering). And you can push it darn near to 100% by also setting “Internet Zone” security setting level higher (Medium at least, preferably High). Of course that means some of your favorite sites (including this one) probably won’t work right. So you just set them as a “Trusted Site” with security set at Medium (or custom). For the first day or two it can be a bit frustrating as you visit sites and realize you need to add them to Trusted, but once you “working set” is established, you are pretty well covered unless you accidentally (or not) wind up on some random site (perhaps an ebay spoof or something?) where the perms are set low and most bad things can’t happen.

Windows is NOT the massive vulnerability that everyone likes to make out. The culture of “always run as admin” combined with uneducated users easily falling prey to even the most pathetic attempts at social engineering is the problem. For your typical users, they might be well advised to also run an AV program too, but it will work much better as a back stop than a primary/only defense.

[J Tiers]

Well, I disagree....

Windows IS the problem....... In the sense that it has traditionally been deliberately set up in a default of every door open, every window up, the screens in storage, and all the keys tossed virtually unlabeled in a drawer somewhere in the attic.

Also, it is default set up in extra simplified big pictures and primary colors "PlaySkool" mode and "advertised" as a "turn it on and use it" trouble free system.

Then folks such as yourself come and say "well, its the dumb users".

You got a lot of nerve to say that.

People have been FORCED to be "dumb users", and it has been made very difficult to FIX all the open unlocked doors and access hatches sprinkled throughout "Windows".

Then of course the most basic programming errors have been repeated time after time after time after time by "Bill's sheltered workshop"..... If I hear of another "buffer overrun" exploit in Windows, I will gag.

I would think an AV program is a very basic need, not a "frill"....... YMMV, maybe you never get any virus-laden spam.


BTW, what the heck is your "social engineering"..... I fail to "get" the reference.

[BadDog]

Really? *I* have a lot of nerve eh?

I didn’t say “dumb users”, YOU did! Please..., no strike that, this is not a request; DO NOT put words in my mouth. I am a professional software developer, system architect, and from time to time, software security consultant and I do NOT believe the view of users as “dumb”.

In my professional opinion, backed up by experience, everything you just posted is flat wrong. And I say that with no hesitation or qualification. Your machining knowledge (along with pretty much everyone else here) is unquestionably superior to mine, but on this you are wrong...

People have not been FORCED to be “dumb users”, they’ve demanded the “right” to be “dumb users” (or I would rather say, they demand to be allowed to remain ignorant). And that’s fine as long as they accept the consequences, but they don’t. Just like everything else in modern society, they would rather blame someone else than take responsibility. Every time MS makes the defaults more secure, taking it as THEIR responsibility as you seem to advocate, and which is always inversely proportional to ease of use, there is an unending wailing and gnashing of teeth. This has happened again and again, and it’s happening now with Vista trying to force people to run with reduced permissions (something that is standard procedure in most OS). So they try for a balance that maximizes market penetration and profits, which it seems they’ve achieved rather well.

And your “buffer over-run” exploits exist everywhere to greater and lesser degrees, they just get more visibility when it’s on Windows. They also get more attention on Windows from Black Hats because they get more return on investment. But this is covered time and again, and subsequently ignored by those with a MS bashing propensity time and again. Nothing I can say will change your mind, but your comment on not understanding “social engineering”, a concept that is the central to any useful discussion of basic security, provides clear insight into the weight that should be associated with your opinions on the matter.

You’ve launched on your anti-Windows tirades before, and I should have known better than to respond to this one. Sorry, that was my own stupidity. I generally avoid these work related topics as I come here for my hobby and other interests to get away from work, I’ll try harder in the future. I really couldn’t care less if all of you run multiple AV/SW/MW/FW/WTF and turn your quad core state of the art systems into slow crawling pieces of crap (which you will no doubt blame MS for, after all, that is the easy answer).

In closing, I’ll repeat another thing I’ve said before. I have been running with NO protective software for OVER a year now. My old systems passed down to my family members that run the same config are faster than most brand new state of the art systems running main stream AV. I have INTENTIONALLY navigated to known high risk sites, I have INTENTIONALLY opened KNOWN infected email/attachments, and I have had NO infections to date! And this was as part of a bet with another software consultant that works in the security arena, a certified slash-dot junky with a severe anti-MS fixation that makes you look like a softy. HE picked the high risk tests, and HE lost!

Oh, but forgive me, I don’t know what I’m talking about. Go try Google to find out what Social Engineering is, then come back and educate these good people, you are doing a wonderful job otherwise.

I guess I also shouldn’t post when I’m already in a bad mood from unrelated events. Carry on...

[Evan]

All versions of XP have a firewall, even the first pre-service pack RTM version. On the release version the firewall is disabled by default and must be explicitly turned on in the network connections dialog. That may no longer be possible as some of the viri will set a remote policy in the registry that removes the firewall settings from view. In that case the only course of action is to reinstall.