Comments on: Take Back the Net - Secure Your Computer!

By: Reindeer

Reindeer — Thu, 08 Jun 2006 06:40:47 +0000

I run Linux with SELinux (Secure and Enhanced Linux) turned on and a firewall. I run a web server that is locked down tight. I don’t use HTML email, or accept HMTL emails. I don’t open attachments or use file sharing programs like Kazaa or Napster or Gnutella, as you never know what your getting, and MPEG, MP3 and JPG files can contain viruses. All you have to do is double click on them, and BAM! Your system is infected. I use secure Instant Messaging using the SILC (Secure Internet Live Chat) protocol. I never share files over IM. As a result I have not had a single virus or intrusion since 2001, when I switched from Windows to Redhat (now Fedora) Linux. I switched because even though I am a programmer who is well schooled in locking down Windows, my system was hijacked, and my web server used to spawn more viruses. I realized that the good folks in Redmond whose code I respect, have no intention of making Windows secure and safe from intrusions. They just don’t believe in security. I’m not sure why. My Windows system had all of the same safeguards that I have mentioned, but this virus exploited a flaw in Microsoft’s personal web server, and overwhelmed it. My suggestion to those that need to keep their data secure and don’t want to lose anything is to abandon Microsoft products and switch to Fedora Core Linux which has the SELinux security feature, or some other distrobution like Debian or SUSE, and follow all of the precautions mentioned above and the standard security procedures, and you won’t have to run antivirus software or ever worry about intrusions. I don’t run anti-virus software. I don’t need it. I am not anti-Microsoft. I am pro-keeping my data. If the good folks at Microsoft lock down their systems and work with the public to fix the security issues in a timely and open fashion, then my opinion will change, and I will once again recommend them. Until then, I know of no other way to really be secure except to use something else.

By: Moca

Moca — Sat, 03 Jun 2006 15:27:38 +0000

As for prevention, using Firefox will help…Not using Outlook Express will help.
Dropping Windows for a Mac or a version of Linux like PCLinux will fix the bot problem on a given machine for good.
Getting people to do everything outlined on this page is not easy due to a variety of reasons intrinsic in human nature.
I never had problems when I had Windows,but I worked hard to protect my computer..Most people don’t.
I’ve always been careful about where my e mail is placed,most people arn’t.
I run Linux…I wish more people did.
Just telling people to do “whatever” is not going to help cause most people just won’t do what it takes to secure their machines.
I don’t know what the answer is,I wish i did.
Blue frog had the right idea and I hear Black Frog will replace them.
How much can they help? it’s hard to say..But if spammers can do this,think what terrorists could do..
It boggles my mind that this is not taken more seariously.

By: JMJM

JMJM — Fri, 02 Jun 2006 10:10:37 +0000

Is RemoveIt anti-virus or anti-spyware?
I already have an anti-virus program (AntiVir) which I am happy with, and don’t want to change, but I’m not Averse to another anti-spyware program (in addition to Ad-Aware and Spybot).

By: Phantom of Phury

Phantom of Phury — Wed, 31 May 2006 21:14:07 +0000

Although I commend your recommendations, it really is not enough. I work every day on repairing someone’s PC that “got lost” in the spyware, browser hijackers, etc., and I strongly recommend having at least two or three anti-spyware utilities installed. SpyBot S&D works well, as does RemoveIt Pro XT-SE, and both are free. Although having multiple anti-spyware programs installed provides better protection than just one program, the opposite is usually true with anti-virus software. Grisoft’s AVG is top-notch anti-virus protection and is highly recommended and, unlike anti-spyware programs, MOST anti-virus programs will conflict with one another, so you are limited to having just one program running. Stick with AVG.

By: Spiderich

Spiderich — Tue, 30 May 2006 14:18:33 +0000

Alas burying our heads in the sand and walking away does no one any good. Conscious effort as well as good security measures will always help. I love the information age and technology and no matter what others do I will always try and thwart their efforts. It is a shame though that many spend the best years of their lives causing problems when they could be putting it to good use getting useful jobs.

And btw I also like to cycle and walk outdoors especially on those cloudless sun filled days!

By: machiner

machiner — Sun, 21 May 2006 17:47:35 +0000

Nossir — this is not going to help. Most trojans and viruses disable anti-viruses and firewalls the moment they get to your machine — often they reboot your machine firmly entrenching themselves in as many “run” locations as they can. When your machine reboots you have no firewall and no anti-virus.

There are more insidious ones as well, as well as weaker and less threatening ones — but who needs ANY?

Your steps may seem like good ideas, and perhaps at one time they were. However in today’s malicious internet climate those steps will do nothing to protect you. Really.

Instead - on a Windows box, goto your Admin Tools in your Control Panel, then to Services…starting disabling services:

Server
Messenger
Computer Browser
Remote Registry
Web Client

There are more. There are some to set to Manual as well. You should also turn off that rediculous media PLayer Licensing thing as well. That’s not what it’s called — but people will see what I mean in their services widget.

You should also immediately add another user profile as a “limited” user and make that the profile you use everyday. As well as for all of the other users on the box.

Also — in Internet Explorer settings, there are MANY things to disable, even after upgrading to SP2 for XP.

I don’t even begin to address the way people compute or various programs that will assist in killing your machine(r) — there are many.

I do advocate running SpyBot Search and Destroy on a Windows box, and changing a few Registry settings immediately after stopping services.

The steps are many to “secure” a Windows box. However they are very necessary.

I have been doing this for years, as have many of you - no doubt, and we all have our techniques. However, my “customers” don’t ever call me a second time. Well, many do — when they want another computer! A quiet customer is a happy customer.

If you cannot bring yourselves to lock-down your Windows box — then you should probably unplug it and sell it for parts. The zombie machines on the net are windows boxes and hijacked web servers (Linux AND Windows). Without these compromised boxes we are all better off.

Additionally, if you cannot even understand what I am talking about — perhaps you should ask the neighborhood “computer-guy” to back up your stuff, save your data, and instrall Debian or other Linux distro. You’ll be infinitely better off and if you think you won’t have your programs or be able to migrate your saved data in to Linux programs — you’ve been listening to all of the wrong people.

Computers suck — go outside and meet your neighbors.

–machiner

By: Tom Kohls

Tom Kohls — Fri, 19 May 2006 22:01:33 +0000

I appreciate this advice and have done all three previously. I am wondering if that is enough. Is there any test or service that can let you know if you are fully protected from hackers? Please do a follow up on this article if there is something else we need to do.
Thanks for all the alerts that keep us alert!

By: Darknet

Darknet — Thu, 18 May 2006 09:06:43 +0000

They are gone for good..it’s only sensible though, there was too much collateral damage.