Re: Re: January 15 is Personal Firewall Day,help the cause

[Jim Race <caferace () well com>]

Tobias Weisserth wrote:

> There is no such thing as a WinXP box with all current patches :-) Since
> installing all patches that Microsoft makes available still doesn't mean
> every critical bug is fixed you should find out as much as possible
> about the unfixed bugs. For example there is still a URL spoofing bug in
> the Internet Explorer 6 which hasn't been fixed for more than 2 months.
> I am pretty sure there are lots more. The dilemma is that MS doesn't
> seem to think full-disclosure is the way to go...

All that aside, using existing patches and NOT using software with known 
vulns such as IE. There are unfortunately a select few sites where IE is 
required. Those are dwindling, and more importantly can usually be 
avoided altogether.

The sad part is, I *have* to keep a functional current version of IE on 
the system, if only for testing reasons. It would be nice if there was a 
very simple way to disable its integrated functions easily when not in use.

> Consider using alternative software in the meantime, thus replace IE6
> with Mozilla and so on.

Of course. Many of the stock Windows components are removed or replaced. 
Notepad is a classic example, replaced by Textpad. Cygwin (with a lower 
case "w", ahem) is used for its toys and cross training. Putty for 
Telnet, stuff like that.

> You have to find out if there are any known vulnerabilities to the
> services you use and if yes, how to fix them. It's a pity pivX took
> their list offline. Instead they are promoting personal firewalls now in
> association with MS...

PivX's original list (or its content) lives on, just in a different 
location.

> Be sure to keep it patched. Static pages are good (no possibility of
> injecting parameters). Check whether the cgi-bin directory is accessible
> from the outside! (shouldn't be by default)

Again, of course. It has a properly tweaked httpd.conf, and while I do 
keep a cgi-bin directory accessible and readable it has nothing of 
consequence in it. More of a nose-tweak if anything.

> > Mozilla with Java and JS disabled in email
>
>
> If you want to protect your privacy then disable HTML displaying in your
> mail client and forbid the loading of external content from within a
> displayed mail.

HTML rendering is disabled, as well as remote images. Pop-ups are toast, 
 and images only loaded from orig server in browsing. Bayesian Junk 
filters enabled and well trained.

> A personal firewall is not bad. It's an addition. But it's not the cure.
> If you are sure the intended users of the machine know what to do with
> all the interactions that are required to run a personal firewall then
> install one. It will be hard to configure your hardware router so that
> it stops specific processes from connecting _to_ the Internet (in
> contrast to _from_). A personal firewall can be of much use here, taken
> the users know to use it.

Perhaps, but they're annoying as hell. It's a risk I'll accept. As a 
single user machine it has outbound connections manually monitored, and 
no (known) rogue software.

> Some AV software should be running at all times. 

Why? SA runs on the (remote) mail server, stripping all executables and 
classic MS hangers on (scr, com, bat, etc....) as well as tagging Virus 
and filtering those in Moz.

> There are usable
> products available for free, personal use only of course. Have a look at
> antivir.de.

F-Prot, and others tried.

> Be sure to get rid of adware too. Use Adaware or Spybot regularly.

Ad-aware run *very* occasionally. Executable binaries almost always go 
through MD5 checksum vetting before install. No browser plug-ins allowed.

> Additional measures: Have some sort of bootable live CD available. There
> are a lot of Linux based live CD available on the Internet which contain
> f-prot and lots of recovery and diagnostic tools. It's very handy to
> have one of those lying around.

I keep a copy of Knoppix handy and updated. I may try out something else 
soon.

Thanks... gives me something more to chew on.

Obviously, this is FAR from your average Windows users box. I'm quite 
aware of threats and have even discovered a few myself.

Our resident Grandma posting made *me* realize that not having to 
reformat often (because of this same awareness, never) is a good thing.

-jim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html