Windows Firewall and 3rd Party Firewall

April 22, 2009

Thanks much for the insight.

Let me sleep on this. It's starting to boggle the little mind I do have.

James

"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> wrote in message

news:puosu4hn54tkmr5o058q4urcpf2fups6k9@4ax.com...

> On Tue, 21 Apr 2009 19:00:56 -0400, "JamesJ"

> <jjy@darwin_roadrunner.com> wrote:

>

>> Shouldn't one scan for viruses occasionally, though??

>

> Yes, and other forms of malware. I completely disagree with Jesper

> Ravn.

>

> Certainly you can and should follow safe computing practices. But

> relying on them is foolhardy. No matter how careful you think you are,

> you are always susceptible to making a mistake, particularly on a day

> when you are tired, upset, had a fight with your wife, etc. Backing up

> those safe computing practices with security software is another layer

> of protection, and that layer is good to have. In fact, I think it's

> foolhardy to not have it.

>

>

>> You've put a bug in my ear now.

>>

>> James

>>

>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>> news:2031C339-2E41-4717-8194-2E8843D1DC0B@microsoft.com...

>> >

>> > "JamesJ" <jjy@darwin_roadrunner.com> skrev i meddelelsen

>> > news:eyBfcDtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>> >>

>> >> This software also is anti-virus. And as far as I know Windows has

>> >> none

>> >> except for Live Onecare which is a suite that 'gives people a lot of

>> >> problems.'

>> >>

>> >> Seems to be working fine for me, for a long time

>> >> Must admit though it seems to have slowed my startup somewhat.

>> >

>> > The point is, that security suites today, is one big ripoff and in the

>> > end, they just slow down your work and waste your time.

>> > If you try to follow the steps I listed before, you dont need

>> > Antivirus,

>> > Antispyware, Personal FW or any other security utilitis.

>> >

>> > /Jesper

>> >

>> >

>

> --

> Ken Blake, Microsoft MVP - Windows Desktop Experience

> Please Reply to the Newsgroup

April 22, 2009

More than 2Â¢ to me.

Thanks

"Dave" <Dave@beepbeepbeepbeep.com> wrote in message

news:OOSWeztwJHA.4324@TK2MSFTNGP05.phx.gbl...

> My 2Â¢:

>

> Back up your files. I use Acronis True Image Home, plus I have a Windows

> Home Server.

> Burn you photos and other precious files to DVD, in addition to backing

> them up.

> Don't use a security suite. They try to do too much, and don't do it very

> well.

> Use Windows Firewall and Defender.

> Use a free Anti-virus, like AVG or Avast, and make sure they are updated.

> Don't scan email, it's superfluous and can cause corruption. Anti-spam

> software causes more problems than it solves.

> Run Ad-Aware and/or Malwarebytes scans weekly, after updating them.

> Back up your files.

>

> --

> Windows 7 beta

> http://get.live.com/wlmail/overview

> http://download.live.com/wlmail

>

> "JamesJ" <jjy@darwin_roadrunner.com> wrote in message

> news:OPgRBZtwJHA.248@TK2MSFTNGP06.phx.gbl...

>> Any other opinions? Please feel free to jump in.

>>

>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>> news:2031C339-2E41-4717-8194-2E8843D1DC0B@microsoft.com...

>>>

>>> "JamesJ" <jjy@darwin_roadrunner.com> skrev i meddelelsen

>>> news:eyBfcDtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>>>

>>>> This software also is anti-virus. And as far as I know Windows has none

>>>> except for Live Onecare which is a suite that 'gives people a lot of

>>>> problems.'

>>>>

>>>> Seems to be working fine for me, for a long time

>>>> Must admit though it seems to have slowed my startup somewhat.

>>>

>>> The point is, that security suites today, is one big ripoff and in the

>>> end, they just slow down your work and waste your time.

>>> If you try to follow the steps I listed before, you dont need Antivirus,

>>> Antispyware, Personal FW or any other security utilitis.

>>>

>>> /Jesper

>>>

>>>

>>

April 22, 2009

"Ken Blake, MVP" <kblake@this.is.an.invalid.domain> skrev i meddelelsen

news:puosu4hn54tkmr5o058q4urcpf2fups6k9@4ax.com...

> On Tue, 21 Apr 2009 19:00:56 -0400, "JamesJ"

> <jjy@darwin_roadrunner.com> wrote:

>

>> Shouldn't one scan for viruses occasionally, though??

>

> Yes, and other forms of malware. I completely disagree with Jesper

> Ravn.

>

> Certainly you can and should follow safe computing practices. But

> relying on them is foolhardy. No matter how careful you think you are,

> you are always susceptible to making a mistake, particularly on a day

> when you are tired, upset, had a fight with your wife, etc. Backing up

> those safe computing practices with security software is another layer

> of protection, and that layer is good to have. In fact, I think it's

> foolhardy to not have it.

Please think out of the box, and stop put fear into peoples mind.

I could give you a lot of other reassons why you should not use a security

suite + security utilities.

Slow computer

Computer crashes (no backup)

Slow internet

Waste of mony and time

Poor detection rate (false security)

A lot of support calls/noice in all the security forums today

etc.

Educate the users (secure standard setup + backup) instead of giving them a

lot of junk applications.

/Jesper

April 22, 2009

"JamesJ" <jjy@darwin_roadrunner.com> skrev i meddelelsen

news:uLdqo#twJHA.4636@TK2MSFTNGP05.phx.gbl...

> I'm not sure if I'm ready to have a system without anti-virus software.

> What a concept!!

I have made this setup on many private computers without any problems

(family, friends, nabo, etc)

No more support calls, no more malware period.

/Jesper

April 22, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:ucev#rtwJHA.3364@TK2MSFTNGP05.phx.gbl...

> Antivirus used to be a tool to help a user determine if a program has been

> infected with a known virus. It has since become a crutch to enable users

> to exhibit unsafe behavior. Seeing the unsafe behavior, and enacting

> countermeasures to virtually negate the need for the crutch does not

> remove the original need for the detector.

>

> Add to that the fact that viruses can gain ingress by worms, so policies

> aren't the last word.

>

> Keep an AV (preferably an "on access" scanner) and the windows firewall.

> There is no shame in running the occasional anti[malware|spyware|adware]

> applications. A real firewall is a good idea too.

And here we go again, right back to the all the problems.

Next step will be to install Ccleaner 2009 + RegCleaner 2009 + Virtual

Sandbox 2009 + SuperDuperAnti 2009.

Just give the young people what they want "fancy and cool removal tools and

most importent dont think.

/Jesper

April 22, 2009

Most of that sounds familiar.

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:C4BE440F-CC88-4C59-9358-E4CF9B66720F@microsoft.com...

>

> "Ken Blake, MVP" <kblake@this.is.an.invalid.domain> skrev i meddelelsen

> news:puosu4hn54tkmr5o058q4urcpf2fups6k9@4ax.com...

>> On Tue, 21 Apr 2009 19:00:56 -0400, "JamesJ"

>> <jjy@darwin_roadrunner.com> wrote:

>>

>>> Shouldn't one scan for viruses occasionally, though??

>>

>> Yes, and other forms of malware. I completely disagree with Jesper

>> Ravn.

>>

>> Certainly you can and should follow safe computing practices. But

>> relying on them is foolhardy. No matter how careful you think you are,

>> you are always susceptible to making a mistake, particularly on a day

>> when you are tired, upset, had a fight with your wife, etc. Backing up

>> those safe computing practices with security software is another layer

>> of protection, and that layer is good to have. In fact, I think it's

>> foolhardy to not have it.

>

> Please think out of the box, and stop put fear into peoples mind.

> I could give you a lot of other reassons why you should not use a security

> suite + security utilities.

>

> Slow computer

> Computer crashes (no backup)

> Slow internet

> Waste of mony and time

> Poor detection rate (false security)

> A lot of support calls/noice in all the security forums today

> etc.

>

> Educate the users (secure standard setup + backup) instead of giving them

> a

> lot of junk applications.

>

> /Jesper

April 22, 2009

"Dave" <Dave@beepbeepbeepbeep.com> skrev i meddelelsen

news:OOSWeztwJHA.4324@TK2MSFTNGP05.phx.gbl...

> My 2Â¢:

>

> Back up your files. I use Acronis True Image Home, plus I have a Windows

> Home Server.

> Burn you photos and other precious files to DVD, in addition to backing

> them up.

> Don't use a security suite. They try to do too much, and don't do it very

> well.

> Use Windows Firewall and Defender.

> Use a free Anti-virus, like AVG or Avast, and make sure they are updated.

> Don't scan email, it's superfluous and can cause corruption. Anti-spam

> software causes more problems than it solves.

> Run Ad-Aware and/or Malwarebytes scans weekly, after updating them.

> Back up your files.

Hi Dave

I almost agree with you :-). keep it simple and do your backup.

/Jesper

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:Ohg1H5twJHA.6068@TK2MSFTNGP05.phx.gbl...

>

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:eDkPKmtwJHA.528@TK2MSFTNGP06.phx.gbl...

>> Antivirus is always a part of safe computing best practices.

> Says who. This is where i strongly disagree with you.

> Take any given new trojan and scan it with a online scanner and you

> will see the poor results.

When did we start talking about online scanners and trojans? I was

talking about viruses and local antivirus (detection) scanners.

> People install a security suite and they dont have to think anymore,

> that is so wrong and it wont solve the malware problem.

I agree wholeheartedly! That is why I said the suggestions were

excellent. My disagreement is with your statement that antivirus was not

needed given the proposed scenario.

> That is false security and it will only gives them a lot of problems.

> (slow computer/internet, crashes, you name it).

Yes, the security suites become "enablers" for the sloppy security

practices it is human nature to engage in.

> Malware can only get in, if you choose to logon with an admin account,

Wrong.

> and install it.

Wrong again - malware needs neither admin rights nor to be "installed"

in order to function. Viruses, in particular, only need to do what the

user is able to do.

> But this is where the word "think" comes in.

> Only install applications from trusted sources. If you dont know,

> search google.

Trusted sources can be infected too. You should get your programs only

from trusted sources and scan them for viruses.

> And if you dont think and malware slips through, you will be up and

> running again within 2 hours (from your baseline image and data

> backup).

This assumes bad behavior (not thinking) is the only way to allow

"slipping through" - that is not the case. Even with good behavior

viruses can slip through, Also - patches often get applied after an

exploit has been circulating for some time. If such an exploit carries

with it a virus, then you are back to scanning as the only option to

detect it.

> How hard can it be :-).

Harder than you think it is.

April 22, 2009

"JamesJ" <jjy@darwin_roadrunner.com> wrote in message

news:OCwmA%23twJHA.4592@TK2MSFTNGP06.phx.gbl...

> Don't you think that with security suite I now can basically forget

> about

> vulnerabilities and maybe have some fun with my computer???

No!

Vulnerabilities should get patched no matter what other security

measures are in place. All of the suggestions in Jesper's post are

good...but you still need antivirus. Security suites are often not

"best in class" for each class of malware they address. Many features in

suites are "fluff" and give you a false sense of security which is bad

because you start to feel you can do all kinds of really stupid things

and your suite will protect you. You should protect you - and use

software to do the things that you cannot do yourself (like searching

through prospective programs for viruses).

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:B52DD28F-09C3-434B-B4A2-9880E1D2954C@microsoft.com...

>

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:uGVrGxtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>

>> Same as always - to determine if a program is infected with a known

>> virus before executing it on the system.

>

> I asume that you are talking about installing new applications with a

> admin account, right.

No, I'm talking about scanning before executing a program.

> In the past (+10 years) I have installed a loooots of applications,

> my AV newer said anything

I drove a Ford Pinto who's gas tank never blew up. What's your point?

style_emoticons/)

> Search google instead to see if its a trusted application/source.

Google cannot tell you if a trusted program from a trusted source is or

is not infected with a known virus. Only AV can do this with any

reasonable success rate (unless you can read code and recognize viruses

within programs).

April 22, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:uTsWtyuwJHA.1212@TK2MSFTNGP04.phx.gbl...

> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

> news:Ohg1H5twJHA.6068@TK2MSFTNGP05.phx.gbl...

>>

>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>> news:eDkPKmtwJHA.528@TK2MSFTNGP06.phx.gbl...

>

>>> Antivirus is always a part of safe computing best practices.

>

>> Says who. This is where i strongly disagree with you.

>> Take any given new trojan and scan it with a online scanner and you will

>> see the poor results.

>

> When did we start talking about online scanners and trojans? I was talking

> about viruses and local antivirus (detection) scanners.

#Ok, lets call it malware, it does not change anything.

>> People install a security suite and they dont have to think anymore, that

>> is so wrong and it wont solve the malware problem.

>

> I agree wholeheartedly! That is why I said the suggestions were excellent.

> My disagreement is with your statement that antivirus was not needed given

> the proposed scenario.

>

>> That is false security and it will only gives them a lot of problems.

>> (slow computer/internet, crashes, you name it).

>

> Yes, the security suites become "enablers" for the sloppy security

> practices it is human nature to engage in.

>

>> Malware can only get in, if you choose to logon with an admin account,

>

> Wrong.

# I also asume that your system its up-to-date. But even if its not SRP

should prevent any code from executing, please see below.

#Example of software restriction policy in action:

#http://www.wilderssecurity.com/showthread.php?t=233899

>> and install it.

>

> Wrong again - malware needs neither admin rights nor to be "installed" in

> order to function. Viruses, in particular, only need to do what the user

> is able to do.

>

>> But this is where the word "think" comes in.

>> Only install applications from trusted sources. If you dont know, search

>> google.

>

> Trusted sources can be infected too. You should get your programs only

> from trusted sources and scan them for viruses.

#Yes and my house and computer could blow up, but that is one of the risk im

willing to take.

#Do remember, I have a backup for these disasters.

#Security is a process, not the right set of tools.

>> And if you dont think and malware slips through, you will be up and

>> running again within 2 hours (from your baseline image and data backup).

>

> This assumes bad behavior (not thinking) is the only way to allow

> "slipping through" - that is not the case. Even with good behavior viruses

> can slip through, Also - patches often get applied after an exploit has

> been circulating for some time. If such an exploit carries with it a

> virus, then you are back to scanning as the only option to detect it.

#What are the chances that my AV will detect it within the right timeframe?.

#You can always read about the worst scary senarios, But then again, do the

best you can and then forget about it.

>> How hard can it be :-).

>

> Harder than you think it is.

#No at all.. keep it simple and you will be ok.

/Jesper

April 22, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:uTsWtyuwJHA.1212@TK2MSFTNGP04.phx.gbl...

>

> This assumes bad behavior (not thinking) is the only way to allow

> "slipping through" - that is not the case. Even with good behavior viruses

> can slip through, Also - patches often get applied after an exploit has

> been circulating for some time. If such an exploit carries with it a

> virus, then you are back to scanning as the only option to detect it.

Also did you see this?.

Removing admin rights stymies 92% of Microsoft's bugs

http://www.pcworld.idg.com.au/article/2754...ugs?fp=2&fpid=1

/Jesper

April 22, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:eVkyQ#uwJHA.1492@TK2MSFTNGP03.phx.gbl...

> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

> news:B52DD28F-09C3-434B-B4A2-9880E1D2954C@microsoft.com...

>>

>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>> news:uGVrGxtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>>

>>> Same as always - to determine if a program is infected with a known

>>> virus before executing it on the system.

Why do I want that. SRP will prevent the malware from executing in my

userprofile.

LUA will prevent it execute in programfiles and system area.

Catch-22 situation.

>> I asume that you are talking about installing new applications with a

>> admin account, right.

>

> No, I'm talking about scanning before executing a program.

>

>> In the past (+10 years) I have installed a loooots of applications, my

>> AV newer said anything

>

> I drove a Ford Pinto who's gas tank never blew up. What's your point? style_emoticons/)

My point is that the chances are very low for you to get infected from

trusted sources.

Also, normal "mr and mrs" do not intstall applications every day.

>> Search google instead to see if its a trusted application/source.

>

> Google cannot tell you if a trusted program from a trusted source is or is

> not infected with a known virus. Only AV can do this with any reasonable

> success rate (unless you can read code and recognize viruses within

> programs).

Ok, then do the damn online-scan. Here you have 20-30 AV scanners and not

just one.

http://virusscan.jotti.org/

http://www.virustotal.com/

That could be point 7 on my list. Is it ok with you now :-).

/Jesper

April 22, 2009

I think when Windows Vista detects a third party firewall, it will

automatically turn off its built-in firewall to avoid conflict.

Maybe a security suite is not the best solution for personally computer, but

it is not something bad from my point of view.

So you can ignore Windows Firewall if you have already had your own firewall

product.

"JamesJ" <jjy@darwin_roadrunner.com> Ã¥â€ â„¢Ã¥â€¦Â¥Ã¦Â¶Ë†Ã¦ÂÂ¯

news:eDxEmcrwJHA.956@TK2MSFTNGP03.phx.gbl...

> Windows Vista Basic sp1.

>

> Im using a 3rd party firewall program. In Administrative Tools---Services

> it shows Windows Firewall status as Started. But, in Security Center it

> shows my 3rd party firewall being On but Windows Firewall being off.

> Also, in Administrative Tools---Windows Firewall with Advanced Security is

> showing

> Windows Firewall being on in Domain Profile. Is this normal?

> Why would one show Windows Firewall as On and another show it as Off???

>

> James

>

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:B5B44E4B-D167-4E3D-94DB-F1E8210B36E8@microsoft.com...

>

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:uTsWtyuwJHA.1212@TK2MSFTNGP04.phx.gbl...

>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>> news:Ohg1H5twJHA.6068@TK2MSFTNGP05.phx.gbl...

>>>

>>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>>> news:eDkPKmtwJHA.528@TK2MSFTNGP06.phx.gbl...

>>

>>>> Antivirus is always a part of safe computing best practices.

>>

>>> Says who. This is where i strongly disagree with you.

>>> Take any given new trojan and scan it with a online scanner and you

>>> will see the poor results.

>>

>> When did we start talking about online scanners and trojans? I was

>> talking about viruses and local antivirus (detection) scanners.

>

> #Ok, lets call it malware, it does not change anything.

Yes, it does. Viruses don't often appear as stand alone program files,

they appear as code attached to preexisting (perhaps trusted) programs.

It is easy to decide not to execute some new and untrusted program. Not

so easy to determine if a trusted program has been infected. AV is also

useful in detecting non-viral malware that modifies (infects or

'trojanizes') programs by adding malicious functions.

[snip]

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:CC95A0E0-2777-417E-B5DD-499DED33A40E@microsoft.com...

>

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:uTsWtyuwJHA.1212@TK2MSFTNGP04.phx.gbl...

>>

>> This assumes bad behavior (not thinking) is the only way to allow

>> "slipping through" - that is not the case. Even with good behavior

>> viruses can slip through, Also - patches often get applied after an

>> exploit has been circulating for some time. If such an exploit

>> carries with it a virus, then you are back to scanning as the only

>> option to detect it.

>

> Also did you see this?.

> Removing admin rights stymies 92% of Microsoft's bugs

> http://www.pcworld.idg.com.au/article/2754...ugs?fp=2&fpid=1

The principles of "least privilege" and "minimalism" have always been

mitigation factors. Mitigation does not equal prevention.

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:uDhZ$lwwJHA.4620@TK2MSFTNGP06.phx.gbl...

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:eVkyQ#uwJHA.1492@TK2MSFTNGP03.phx.gbl...

>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>> news:B52DD28F-09C3-434B-B4A2-9880E1D2954C@microsoft.com...

>>>

>>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>>> news:uGVrGxtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>>>

>>>> Same as always - to determine if a program is infected with a known

>>>> virus before executing it on the system.

>

> Why do I want that. SRP will prevent the malware from executing in my

> userprofile.

> LUA will prevent it execute in programfiles and system area.

> Catch-22 situation.

>

>>> I asume that you are talking about installing new applications with

>>> a admin account, right.

>>

>> No, I'm talking about scanning before executing a program.

>>

>>> In the past (+10 years) I have installed a loooots of applications,

>>> my AV newer said anything

>>

>> I drove a Ford Pinto who's gas tank never blew up. What's your point?

>> style_emoticons/)

>

> My point is that the chances are very low for you to get infected from

> trusted sources.

> Also, normal "mr and mrs" do not intstall applications every day.

>

>>> Search google instead to see if its a trusted application/source.

>>

>> Google cannot tell you if a trusted program from a trusted source is

>> or is not infected with a known virus. Only AV can do this with any

>> reasonable success rate (unless you can read code and recognize

>> viruses within programs).

>

> Ok, then do the damn online-scan. Here you have 20-30 AV scanners and

> not just one.

> http://virusscan.jotti.org/

> http://www.virustotal.com/

>

> That could be point 7 on my list. Is it ok with you now :-).

No, what about programs that the system executes for you without your

being asked beforehand?

April 22, 2009

<huhansen318@hotmail.com> skrev i meddelelsen

news:eR#YovzwJHA.4364@TK2MSFTNGP03.phx.gbl...

> I think when Windows Vista detects a third party firewall, it will

> automatically turn off its built-in firewall to avoid conflict.

> Maybe a security suite is not the best solution for personally computer,

> but it is not something bad from my point of view.

> So you can ignore Windows Firewall if you have already had your own

> firewall product.

Why would you use a third party firewall compared to the built-in?

filtering outgoing connections is pointless, because it's already gameover

when malware is in ur system when running as local admin, and you can

filter just fine with the built-in also.

Incoming connections to a port that has no service running will be denied by

default OS design.

I can't see the idea in using a third party firewall compared to the

built-in, maybe if you wanted another GUI?

April 22, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:OCCFHI0wJHA.3504@TK2MSFTNGP03.phx.gbl...

> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

> news:uDhZ$lwwJHA.4620@TK2MSFTNGP06.phx.gbl...

>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>> news:eVkyQ#uwJHA.1492@TK2MSFTNGP03.phx.gbl...

>>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>>> news:B52DD28F-09C3-434B-B4A2-9880E1D2954C@microsoft.com...

>>>>

>>>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>>>> news:uGVrGxtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>>>>

>>>>> Same as always - to determine if a program is infected with a known

>>>>> virus before executing it on the system.

>>

>> Why do I want that. SRP will prevent the malware from executing in my

>> userprofile.

>> LUA will prevent it execute in programfiles and system area.

>> Catch-22 situation.

>>

>>>> I asume that you are talking about installing new applications with a

>>>> admin account, right.

>>>

>>> No, I'm talking about scanning before executing a program.

>>>

>>>> In the past (+10 years) I have installed a loooots of applications, my

>>>> AV newer said anything

>>>

>>> I drove a Ford Pinto who's gas tank never blew up. What's your point?

>>> style_emoticons/)

>>

>> My point is that the chances are very low for you to get infected from

>> trusted sources.

>> Also, normal "mr and mrs" do not intstall applications every day.

>>

>>>> Search google instead to see if its a trusted application/source.

>>>

>>> Google cannot tell you if a trusted program from a trusted source is or

>>> is not infected with a known virus. Only AV can do this with any

>>> reasonable success rate (unless you can read code and recognize viruses

>>> within programs).

>>

>> Ok, then do the damn online-scan. Here you have 20-30 AV scanners and not

>> just one.

>> http://virusscan.jotti.org/

>> http://www.virustotal.com/

>>

>> That could be point 7 on my list. Is it ok with you now :-).

>

> No, what about programs that the system executes for you without your

> being asked beforehand?

Dong - Round 13

Let us try to break it down a little bit.

Computer with the 6 point are already implemented (10-15 min setup). So far

so good.

I have 2 account

standard = day-to-day operations (web, mail, music, movie, work etc.)

Admin = only used when installing new applications from a trusted source.

Ex. on trusted source = adobe, winzip, Java, MS, winamp etc

When I use my standard account, there is no way to be infected (LUA + SRP).

LUA prevents malware to write in system area

SRP prevents malware to execute in my userprofile

Catch-22 situation

Now I do agree with you, that there is a little chance to get infected when

I use my admin account to install new software.

But is it really a threat?. You only have to follow one rule. Always

download software from trusted sources and think.

You would have the same issue if you want to find a good plummer or

restaurant. What do you do?.

You do some research (google), ask your friends or famile, ask your

co-workers, ask in forums etc.

Even a complete newbie, should be able to handle that.

To me its really that simple. There is no reason to complicate that fact and

spread fear to the users and newbies.

Combin the above with a little education, we will win the war on malware in

a very short time.

/Jesper

April 22, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:A88D2A46-73FF-49BD-8614-617DD09C1570@microsoft.com...

>

> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

> news:OCCFHI0wJHA.3504@TK2MSFTNGP03.phx.gbl...

>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>> news:uDhZ$lwwJHA.4620@TK2MSFTNGP06.phx.gbl...

>>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>>> news:eVkyQ#uwJHA.1492@TK2MSFTNGP03.phx.gbl...

>>>> "Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

>>>> news:B52DD28F-09C3-434B-B4A2-9880E1D2954C@microsoft.com...

>>>>>

>>>>> "FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

>>>>> news:uGVrGxtwJHA.3676@TK2MSFTNGP06.phx.gbl...

>>>>>>

>>>>>> Same as always - to determine if a program is infected with a

>>>>>> known virus before executing it on the system.

>>>

>>> Why do I want that. SRP will prevent the malware from executing in

>>> my

>>> userprofile.

>>> LUA will prevent it execute in programfiles and system area.

>>> Catch-22 situation.

>>>

>>>>> I asume that you are talking about installing new applications

>>>>> with a admin account, right.

>>>>

>>>> No, I'm talking about scanning before executing a program.

>>>>

>>>>> In the past (+10 years) I have installed a loooots of

>>>>> applications, my AV newer said anything

>>>>

>>>> I drove a Ford Pinto who's gas tank never blew up. What's your

>>>> point? style_emoticons/)

>>>

>>> My point is that the chances are very low for you to get infected

>>> from

>>> trusted sources.

>>> Also, normal "mr and mrs" do not intstall applications every day.

>>>

>>>>> Search google instead to see if its a trusted application/source.

>>>>

>>>> Google cannot tell you if a trusted program from a trusted source

>>>> is or is not infected with a known virus. Only AV can do this with

>>>> any reasonable success rate (unless you can read code and recognize

>>>> viruses within programs).

>>>

>>> Ok, then do the damn online-scan. Here you have 20-30 AV scanners

>>> and not just one.

>>> http://virusscan.jotti.org/

>>> http://www.virustotal.com/

>>>

>>> That could be point 7 on my list. Is it ok with you now :-).

>>

>> No, what about programs that the system executes for you without your

>> being asked beforehand?

>

> Dong - Round 13

>

> Let us try to break it down a little bit.

>

> Computer with the 6 point are already implemented (10-15 min setup).

> So far so good.

>

> I have 2 account

> standard = day-to-day operations (web, mail, music, movie, work etc.)

> Admin = only used when installing new applications from a trusted

> source.

> Ex. on trusted source = adobe, winzip, Java, MS, winamp etc

>

> When I use my standard account, there is no way to be infected (LUA +

> SRP).

> LUA prevents malware to write in system area

> SRP prevents malware to execute in my userprofile

> Catch-22 situation

From:

http://technet.microsoft.com/en-us/library/cc507878.aspx

"Virus Scanning Programs

Most anti-virus software has a real-time scanner program that starts

when the user logs in and scans all files accessed by the user, looking

for possible virus contamination. Make sure your rules allow your virus

scanning programs to run."

Why would they mention that if it were no longer needed?

> Now I do agree with you, that there is a little chance to get infected

> when I use my admin account to install new software.

> But is it really a threat?.

Maybe not now, as malware writers have plenty of low hanging fruit to

harvest. Things could change though.

> You only have to follow one rule. Always download software from

> trusted sources and think.

> You would have the same issue if you want to find a good plummer or

> restaurant. What do you do?.

> You do some research (google), ask your friends or famile, ask your

> co-workers, ask in forums etc.

> Even a complete newbie, should be able to handle that.

> To me its really that simple. There is no reason to complicate that

> fact and spread fear to the users and newbies.

> Combin the above with a little education, we will win the war on

> malware in a very short time.

....and then you wake up...

April 23, 2009

On Wed, 22 Apr 2009 18:47:08 -0400, "FromTheRafters" <erratic

@nomail.afraid.org> wrote:

>From:

>

>http://technet.microsoft.com/en-us/library/cc507878.aspx

>

>"Virus Scanning Programs

>

>Most anti-virus software has a real-time scanner program that starts

>when the user logs in and scans all files accessed by the user, looking

>for possible virus contamination. Make sure your rules allow your virus

>scanning programs to run."

>

>Why would they mention that if it were no longer needed?

Try keeping things in their proper perspective.

>> Now I do agree with you, that there is a little chance to get infected

>> when I use my admin account to install new software.

>> But is it really a threat?.

>

>Maybe not now, as malware writers have plenty of low hanging fruit to

>harvest. Things could change though.

As humans we can imagine all kinds of stuff. But try to keep some

realism to the discussion.

>> You only have to follow one rule. Always download software from

>> trusted sources and think.

>> You would have the same issue if you want to find a good plummer or

>> restaurant. What do you do?.

>> You do some research (google), ask your friends or famile, ask your

>> co-workers, ask in forums etc.

>> Even a complete newbie, should be able to handle that.

>> To me its really that simple. There is no reason to complicate that

>> fact and spread fear to the users and newbies.

>> Combin the above with a little education, we will win the war on

>> malware in a very short time.

>

>...and then you wake up...

and try staying a little serious.

April 24, 2009

"Root Kit" <b__nice@hotmail.com> wrote in message

news:rbl1v4168hmdiqdellga8jk60bf3q5hdeh@4ax.com...

> On Wed, 22 Apr 2009 18:47:08 -0400, "FromTheRafters" <erratic

> @nomail.afraid.org> wrote:

>

>>From:

>>

>>http://technet.microsoft.com/en-us/library/cc507878.aspx

>>

>>"Virus Scanning Programs

>>

>>Most anti-virus software has a real-time scanner program that starts

>>when the user logs in and scans all files accessed by the user,

>>looking

>>for possible virus contamination. Make sure your rules allow your

>>virus

>>scanning programs to run."

>>

>>Why would they mention that if it were no longer needed?

>

> Try keeping things in their proper perspective.

>

>>> Now I do agree with you, that there is a little chance to get

>>> infected

>>> when I use my admin account to install new software.

>>> But is it really a threat?.

>>

>>Maybe not now, as malware writers have plenty of low hanging fruit to

>>harvest. Things could change though.

>

> As humans we can imagine all kinds of stuff. But try to keep some

> realism to the discussion.

>

>>> You only have to follow one rule. Always download software from

>>> trusted sources and think.

>>> You would have the same issue if you want to find a good plummer or

>>> restaurant. What do you do?.

>>> You do some research (google), ask your friends or famile, ask your

>>> co-workers, ask in forums etc.

>>> Even a complete newbie, should be able to handle that.

>>> To me its really that simple. There is no reason to complicate that

>>> fact and spread fear to the users and newbies.

>>> Combin the above with a little education, we will win the war on

>>> malware in a very short time.

>>

>>...and then you wake up...

>

> and try staying a little serious.

I am serious. AV is still needed even after a strict adherence to what

Jesper has outlined. You could still have your files infected through

worm intrusion or by viral infiltration into the trusted source

scenario.

Another tidbit from the same document:

"Scope of Software Restriction Policies

Software restriction policies do not apply to the following:

[] Drivers or other kernel-mode software.

[] Any program run by the SYSTEM account.

[] Macros in Microsoft Office 2000 or Office XP documents.

[] Programs written for the common language run time. (These programs

use the Code Access Security Policy.)"

Malware is the way it is, because the environment is the way it is.

Reduce the quantity of the low hanging fruit, and malware will become

more sophisticated. AV will still be necessary.

April 26, 2009

"FromTheRafters" <erratic @nomail.afraid.org> skrev i meddelelsen

news:uy5HjMHxJHA.4648@TK2MSFTNGP06.phx.gbl...

> "Root Kit" <b__nice@hotmail.com> wrote in message

> news:rbl1v4168hmdiqdellga8jk60bf3q5hdeh@4ax.com...

>> On Wed, 22 Apr 2009 18:47:08 -0400, "FromTheRafters" <erratic

>> @nomail.afraid.org> wrote:

>>

>>>From:

>>>

>>>http://technet.microsoft.com/en-us/library/cc507878.aspx

>>>

>>>"Virus Scanning Programs

>>>

>>>Most anti-virus software has a real-time scanner program that starts

>>>when the user logs in and scans all files accessed by the user, looking

>>>for possible virus contamination. Make sure your rules allow your virus

>>>scanning programs to run."

>>>

>>>Why would they mention that if it were no longer needed?

>>

>> Try keeping things in their proper perspective.

>>

>>>> Now I do agree with you, that there is a little chance to get infected

>>>> when I use my admin account to install new software.

>>>> But is it really a threat?.

>>>

>>>Maybe not now, as malware writers have plenty of low hanging fruit to

>>>harvest. Things could change though.

>>

>> As humans we can imagine all kinds of stuff. But try to keep some

>> realism to the discussion.

>>

>>>> You only have to follow one rule. Always download software from

>>>> trusted sources and think.

>>>> You would have the same issue if you want to find a good plummer or

>>>> restaurant. What do you do?.

>>>> You do some research (google), ask your friends or famile, ask your

>>>> co-workers, ask in forums etc.

>>>> Even a complete newbie, should be able to handle that.

>>>> To me its really that simple. There is no reason to complicate that

>>>> fact and spread fear to the users and newbies.

>>>> Combin the above with a little education, we will win the war on

>>>> malware in a very short time.

>>>

>>>...and then you wake up...

>>

>> and try staying a little serious.

>

> I am serious. AV is still needed even after a strict adherence to what

> Jesper has outlined. You could still have your files infected through worm

> intrusion or by viral infiltration into the trusted source scenario.

>

> Another tidbit from the same document:

>

> "Scope of Software Restriction Policies

>

> Software restriction policies do not apply to the following:

>

> [] Drivers or other kernel-mode software.

>

> [] Any program run by the SYSTEM account.

>

> [] Macros in Microsoft Office 2000 or Office XP documents.

>

> [] Programs written for the common language run time. (These programs use

> the Code Access Security Policy.)"

If you follow the 6 headlines I listed previous, none of the above will be a

problem.

I you install drivers/application with a admin account from cracksite.com,

nothing can help you.

> Malware is the way it is, because the environment is the way it is. Reduce

> the quantity of the low hanging fruit, and malware will become more

> sophisticated. AV will still be necessary.

Let me try to sum up, how the situation is today regarding "fight malware".

Please have a look at the links below and cry or laugh together with me.

quote:

After I installed spybot, mbma, Hijackthis, also run F-secure, Panda,

Kaspersky online scan (Kaspersky only scan for 51% after running for 7hrs,

so I stopped it and did not finish that scan), my pc is SUPER slow, take

ages to load, worrying might be conflict with my current firewall system

(I read FAQ saying I should only have 1 anti-virus, 1- antispy, 1-

anti-malware, 1-firewall, my firewall also includes anti-virus and anti-spy

function),

I uninstalled spybot, mbma, Hijackthis yesterday while waiting for your

reply.

My pc remains super slow when I try to access the internet even after the

above uninstallation .

As you pointed out in your reply, I should not skip any steps. That is why I

want to ask you first before go ahead.

Do I just need to reinstall Hijackthis, (without reinstall spybot and mbma),

then follow your RSIT instruction?

Or I need to reinstall spybot, mbma, Hijackthis, then continue with your

RSIT steps?

http://www.spywareinfoforum.com/index.php?...pic=122965&st=0

quote:

I'm in a great deal of a mess. I was downloading different antiviruses

(Kaspersky and a newer ESET) and then I blue screened out of nowhere while

running Kaspersky.

Now everytime I restart I blue screen. I don't know what to do. Can someone

help?

Also, I don't have tanything to backup onto and my laptop didn't come with

the OS discs.

http://www.spywareinfoforum.com/index.php?showtopic=123581

quote:

NIS09 DID NOT Detect 8 Threats & 23 Infected Objects..and 16 suspicious

Objects??

http://community.norton.com/norton/board/m...scending&page=1

The same problems goes on and on in all the security forums today.

The conclusion must be like this "If malware wont take down your computer,

you can be absolutely sure that your Anti 2009 application will do the job".

So, no we don't need more security applications, we need a secure standard

setup and 5 min. education.

/Jesper

April 26, 2009

"Jesper Ravn" <jesper_ravn@hotmail.com> wrote in message

news:3BFB9D76-C403-4BDF-AC0E-28FA535ABDD2@microsoft.com...

[...]

I laughed, I cried...

> The same problems goes on and on in all the security forums today.

> The conclusion must be like this "If malware wont take down your

> computer, you can be absolutely sure that your Anti 2009 application

> will do the job".

> So, no we don't need more security applications, we need a secure

> standard setup and 5 min. education.

I agree, a person shouldn't need all that. Most of it can be done

completely without by just doing as you suggest. Chances are good that a

person will never encounter a virus on their machine in that scenario.

Chances are good that someone will be infected despite the measures to

avoid it - if you don't want to be that person, use antivirus in

addition to those methods.

Sign In

Windows Firewall and 3rd Party Firewall

Recommended Posts

Guest JamesJ

Popular Days

Popular Days

Guest JamesJ

Guest Jesper Ravn

Guest Jesper Ravn

Guest Jesper Ravn

Guest JamesJ

Guest Jesper Ravn

Guest FromTheRafters

Guest FromTheRafters

Guest FromTheRafters

Guest Jesper Ravn

Guest Jesper Ravn

Guest Jesper Ravn

Guest huhansen318@hotmail.com

Guest FromTheRafters

Guest FromTheRafters

Guest FromTheRafters

Guest Mads Petersen

Guest Jesper Ravn

Guest FromTheRafters

Guest Root Kit

Guest FromTheRafters

Guest Jesper Ravn

Guest FromTheRafters

Join the conversation

Browse

Activity

Support