Re: Virus infect on single user

[Steffen Hetzel <no.spam () arcor de>]

Hi,

On 09 Feb 2004 12:45:51 -0700
Kenton Smith <ksmith () chartwelltechnology com> wrote:

[snip]

> I'm not trying to start this miserable debate again, so please read
> the whole email before you flame me ;)

;)

> I read through a bunch of this stuff and couldn't find anywhere where
> it says you don't need a firewall. It's all about making sure that
> your instance of Windows is as secure as possible, but once you've
> done that you still need a firewall.

Ok, for a SOHO Network - no question (i use openbsd & pf for my home
network)- but i assume that he had a single user PC without LAN. Sure,
he dont say anything about this. But, if there are no open Ports there
is nothing to protect on a single user machine.(or i'm wrong?) The only
thing is, that he may can restrict and detect outgoing traffic with a
PF... but that means, that he first had to execute some "malware" and if
he execute this, many cases he had other problems after executing...
(IMHO)... but well, a PF may help to realize, that "malware" is
running... (how did you say: know your tools...!)

> They also don't mention anything
> about keeping your patch levels up to date either.

Well, not in the english site ... that's true.

(i'm from germany & so i prefer the german version and there is a hint &
a link to the ms update server and a advice to install the blaster Patch
offline & before connecting the Internet and a explanation why using
Personal Firewalls on single user PC' is senseless (no, we don't want
to discuss it here) and so on but these things left on the english
site...)

my mistake :-) 

(may you have a look the german site ;-) )

> I think the most important advice for the original poster is; Know
> your tools. You got this pop-up thing because you thought that by
> having Anti-virus and Firewall software that you were fully protected.
> However you didn't know what your were still open to. You need to
> learn what these tools do and more importantly, what they don't do.

No one need such popup if he know, what he's doing ... And i think,
there is no benefit, if a popup say's him, that his firewall has
succsessfully blocked attack "xy". This only suggest wrong security,
because user think "wow - what a firewall" - and dont realize, that
his firewall successfully blocked a ping request - or better (like
ZA Pro) block a *.vbs E-Mail signature using the OE "begin-end-bug"...
but well, this is my oppinion.

Thats one of the reason why i say, that he may take at look at the
kerioPF.(i prefer the old Version 2.1.5 running as Service with minimal
(no) User interaction - for Notebook) I thing, the logging feature is
sometimes (in a foreign network) really useful. The MD5 Checksum too...

But an overview about his open connection gives tcpview or openPorts and
netstat too. And a overview about running processes on his pc gives him
(for example) the process view from sysinternals. If you know your
system, you will see, if there is a unknown or unwanted prozess. But
that means, that you really have to know your system and frequently
check it.

In my opinion, an thats what i recognice in your mail too, the best
protection is to use "Brain 1.0". ;-) Additionaly its importat to spend
time in choosing the right software. Time, why he had to do it
carefully. And he had to learn and to understand how computernetworks
work, and where the limits of his software are, why the limits are there
and where possible risks are and so on (thats one of the reasons why i
read this NG/ML too).



Well, enough bad english for today ...

cheers

Steffen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html