Full Disclosure mailing list archives
Re: Virus infect on single user
From: Steffen Hetzel <no.spam () arcor de>
Date: Tue, 10 Feb 2004 01:43:58 +0100
Hi, On 09 Feb 2004 12:45:51 -0700 Kenton Smith <ksmith () chartwelltechnology com> wrote: [snip]
I'm not trying to start this miserable debate again, so please read the whole email before you flame me ;)
;)
I read through a bunch of this stuff and couldn't find anywhere where it says you don't need a firewall. It's all about making sure that your instance of Windows is as secure as possible, but once you've done that you still need a firewall.
Ok, for a SOHO Network - no question (i use openbsd & pf for my home network)- but i assume that he had a single user PC without LAN. Sure, he dont say anything about this. But, if there are no open Ports there is nothing to protect on a single user machine.(or i'm wrong?) The only thing is, that he may can restrict and detect outgoing traffic with a PF... but that means, that he first had to execute some "malware" and if he execute this, many cases he had other problems after executing... (IMHO)... but well, a PF may help to realize, that "malware" is running... (how did you say: know your tools...!)
They also don't mention anything about keeping your patch levels up to date either.
Well, not in the english site ... that's true. (i'm from germany & so i prefer the german version and there is a hint & a link to the ms update server and a advice to install the blaster Patch offline & before connecting the Internet and a explanation why using Personal Firewalls on single user PC' is senseless (no, we don't want to discuss it here) and so on but these things left on the english site...) my mistake :-) (may you have a look the german site ;-) )
I think the most important advice for the original poster is; Know your tools. You got this pop-up thing because you thought that by having Anti-virus and Firewall software that you were fully protected. However you didn't know what your were still open to. You need to learn what these tools do and more importantly, what they don't do.
No one need such popup if he know, what he's doing ... And i think, there is no benefit, if a popup say's him, that his firewall has succsessfully blocked attack "xy". This only suggest wrong security, because user think "wow - what a firewall" - and dont realize, that his firewall successfully blocked a ping request - or better (like ZA Pro) block a *.vbs E-Mail signature using the OE "begin-end-bug"... but well, this is my oppinion. Thats one of the reason why i say, that he may take at look at the kerioPF.(i prefer the old Version 2.1.5 running as Service with minimal (no) User interaction - for Notebook) I thing, the logging feature is sometimes (in a foreign network) really useful. The MD5 Checksum too... But an overview about his open connection gives tcpview or openPorts and netstat too. And a overview about running processes on his pc gives him (for example) the process view from sysinternals. If you know your system, you will see, if there is a unknown or unwanted prozess. But that means, that you really have to know your system and frequently check it. In my opinion, an thats what i recognice in your mail too, the best protection is to use "Brain 1.0". ;-) Additionaly its importat to spend time in choosing the right software. Time, why he had to do it carefully. And he had to learn and to understand how computernetworks work, and where the limits of his software are, why the limits are there and where possible risks are and so on (thats one of the reasons why i read this NG/ML too). Well, enough bad english for today ... cheers Steffen _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Virus infect on single user Rompax We Burn Everything (Feb 09)
- RE: Virus infect on single user Sean Crawford (Feb 09)
- Re: Virus infect on single user Gregh (Feb 09)
- Re: Virus infect on single user morning_wood (Feb 09)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- Re: Re: Virus infect on single user Gregory A. Gilliss (Feb 09)
- Re: Re: Virus infect on single user Ron DuFresne (Feb 09)
- Re: Virus infect on single user Steffen Hetzel (Feb 09)
- Re: Re: Virus infect on single user Kenton Smith (Feb 09)
- <Possible follow-ups>
- RE: Virus infect on single user Schmehl, Paul L (Feb 09)
- RE: Virus infect on single user CHS (Feb 09)
- Re: Virus infect on single user Cael Abal (Feb 09)
- anti-adware and false positives (was: Virus infect on single user) Spiro Trikaliotis (Feb 10)
- RE: Virus infect on single user CHS (Feb 09)
- RE: Virus infect on single user Brad Griffin (Feb 09)
- Re:Re: Virus infect on single user Ian Latter (Feb 10)
- RE: Virus infect on single user Sean Crawford (Feb 09)