Service pack2 built-in virus scanner

Back to integrating AV with Windows-

I honestly dont like the idea of having software bundled in with Windows. I like the idea of being able to plug in whatever I need, and knowing that I have nothing more, nothing less. I built my own computer for this same reason, nothing is soldered down, nothing is more powerful than it needs to be, and I know how to plug or unplug any part that needs to be changed. If they want to integrate AV with windows, then they better give me an option to remove it cleanly so I can still use Norton, which I like very much.

I subscribe to my own philosophy. Antivirus and Firewall software are no longer optional, they are essential. If you do not run a virus scanner or firewall, YOU ARE PART OF THE PROBLEM. I don't care which product gets used and who innovates the process to bring use into the mainstream. They are needed, they are necessary tools, and if Microsoft incorporates some features to mitigate the problem, then it could be a welcome addition to securing the PC. After all that is the ultimate goal to my philosophy.

Quote:

---

Originally posted here by HDD
I to am very paranoid about this. What makes Microsoft products so superior to others? The WindowsXP firewall is a complete joke. First thing I did was disable it where ever I could find it.
Also will this firewall be configurable? Because I sure could never work out how to configure it and to be honest I'm not to bothered about it either as long as its not in my way.
And what will happen to others like McAfee, Symatec, Sygate, ZoneLabs, etc.? Will their products still work, or will the Microsoft firewall work at such a level that it will dominate?

---

You call it a joke.. why? because you see everyone else call it a joke? Do you know anything about it. No configuration?? You can specify the services to allow and everything else is blocked, and sure it's only one way, but that's all the average home user needs. Most people I know don't run firewalls because they hate having to allow their software. Sure we'd like them to run a good firewall, but at least they have ICF running which is better than nothing.

As for configuration, You have port specification and loggin options under the actual ICF settings, you have TCP/UDP/ICMP filtering under TCP/IP Advanced options for a Connection and you also have IPSEC Policies. Going in and setting those up is no different from setting up an ipchains or an iptables firewall rule set. You can be as custom as you want with your policies. From this IP to this IP on these ports and stuff like that. run gpedit.msc and select Local Computer Policy --> Computer Configuration --> Windows Settings --> Security Settings --> IP Security Policy. So few people make use of Group Policy, but it is quite an amazing aspect of Windows, for security and for other uses. I know in network services right now they are developing a Policy to restrict spyware/adware from accessing the machines in the labs.

Quote:

---

As for virus scanner on the other hand, I'm not to sure about that either. Well first thing is that why bother? Why can't Microsoft leave McAfee and Symatec alone? They are doing a very good job at the moments and always have done so why try to interfare?

---

Leave McAfee alone? Symantec is a great AV provider, however McAfee should not be in business, I pray that microsoft AV puts them out of business. The University of Guelph in Guelph, Ontario, Canada provides all their students in res. with a copy of McAfee. When my cousin and her roommates moved to a house and we set-up their network, we also ensured McAfee was up to date. The computers seemed to be having problems, so I removed McAfee and installed AVG Free (yes free software that out performs McAfee). I found over 500 virii on one of the PCs. Since starting here and servicing res. computers at Fanshawe College, I've noticed several students running McAfee (usually up-to-date, otherwise I update it). I've removed McAfee on as many of these PCs as possible and here's my reason why. I had one computer come in, it wouldn't boot and when it did, it would take forever to load. I used a boot disk and scanned with the DOS NAV. I found 1125 virii on the machine. I had another computer with McAfee, I removed it and installed AVG, I found 3700+ virii (a record as far as I know, considering the machine wasn't purposely infected). Based on those results, McAfee is doing a HORRID job and should not be around.

Quote:

---

Linux doesn't (by default) install all these directorys on different partitions. Also it doesn't matter to much on what partition a file is on but what permissions are given to it.
However I do agree that the Windows permission system is fairly stupid. They should learn (not copy) from *nix.

---

The partition it is on matters from certain points of view. If you run out of diskspace on /var, or /usr becomes corrupted, at least you still have /home as a valid partition. Sure a better practice would be to back-up but this will save you from having to restore that portion of the disk. As for the Windows permission system being stupid????? Are you still using FAT32? NTFS is just as versitile, if not more so, as ext2/3 and rieser or any other FS that *nix uses. You can restrict by user and by group.

I seriously think you should stop bashing Microsoft (everyone that's doing it that is). They are making an effort, and attempting to better their product. Regardless of what you say or think, they have a good product, otherwise so many people wouldn't be using it. Half the problems that arise are due to incompetant admins and lack of real computer knowledge. However perhaps that's Microsofts fault too? Maybe they should require you be trained before using their operating system? Throw a new computer user into Linux, hell throw them into OpenBSD. Suddenly you'll see a lot more exploits and worms coming out for those operating systems. Right now those operating systems are used by people with a decent understanding of computers.. or at least in most cases they are. That is why they stand the test of time so much better. The users patch them, they firewall them and they lock them down. Start running Enterprise software across linux systems, that multiple users of various computer knowledge levels require access to, you'll notice the same things as you see in current Windows environments...

As for those of you still using your "l33t sp34k", I agree with pooh sun tzu. Give it up already, it's old and rather pathetic... most of you using it have no idea what you are talking about.

How about you learn how to really use the operating system, instead of skimming it. Learn Group Policy, learn what other options are in the background of the Microsoft enviroment and shut the F@#$ up bashing something that you have no clue about.

Peace,
HT

I would like to add support with HTRegs comments, as he hit the nail right on the head in regards to configuring the firewall and packet filtering, BUILT INTO XP. While it may not have 100% customization, ie. zonealarm, it has enough to lock the system down tight even to a kernel level. It's still security, it's still customizable, and it is still built into XP.

TCP/IP filtering configuration for ports and protocols :

I totally agree that Microsoft include an antivirus, firewall, Windows Media Player, Internet browser or whatever you have in mind in their OS. The fact is that 80% of peoples who are using Windows are complete computer illiterate. In those 20% left that know how to configure, tweak a computer, probably only 10% of those user know about computer security! That means a big 2% of the global Windows users that are aware and have good knowledge on computer security while using their Windows machine.

You’ll probably don’t agree with my number but the fact MOST windows user don’t know how to configured Windows at all. Customer think computer are like most electronic; tv, dvd, vcr. You buy them, plug them and use them. No maintenance at all. When the true is a computer is like a car; if you don’t take care of it, I’ll die on you someday and cost your fortune to repair.

We are entering a new age for the earth, the digital age! And we move in the digital age way to fast for normal mankind to follow! 25 years ago, nobody has a PC, nobody know Internet. Today, if you don’t have access to a PC connect to the Internet with a word processor program, you really suck! This is WAY too fast for mankind.

Have you ever watch children who were raise with computer in their house? Every family I go, a child knows more computer configuration that both parent together even if their parent uses those same computers at work 40 hours per week. Those children are raise with computer and know how to use them! Older peoples were not raise with computer so they don’t know how to use them.

Basically, most peoples don’t know how to use a computer because most peoples weren’t raise in the digital age. Few peoples were able to make it to digital age without being raise in it but not a lot of them.

If you go back in time, computers are getting interesting in 1995? Why 1995? Because Windows 95 was release and it’s was the first OS with a user friendly GUI. (Mac came first but their GUI was not a user friendly). This OS was the first (and still the only) OS build for illiterate computer user. That is the reason why Microsoft is a monopole now. They are the only company that release a user friendly OS. You didn’t have another choose for OS that Windows for those computer illiterate users our there.

Now, Microsoft is stuck. Their base users are still mostly computer illiterate. They still need do everything for them. That is why Microsoft is implanting anti-virus, firewall, media player, internet browser, automatic patch system, and more for them in Windows. They do it because most computer users are illiterate and until those computer illiterate get literate or die, Microsoft will have to continue implanting more stuff in Windows.

Quote:

---

Originally posted here by pooh sun tzu
I would like to add support with HTRegs comments, as he hit the nail right on the head in regards to configuring the firewall and packet filtering, BUILT INTO XP. While it may not have 100% customization, ie. zonealarm, it has enough to lock the system down tight even to a kernel level. It's still security, it's still customizable, and it is still built into XP.

TCP/IP filtering configuration for ports and protocols :

---

Hey Hey,


Thanks for the support PST, but look into gpedit.msc sometime. It's actually just as customizeable as zonealarm if not more so. It definately beats out the free version. You can even block access to websites. Instead of modifying your hosts file to stop ads, add a group policy that completely blocks access to those domain names. The IPSEC is absoluately amazing.

Peace,
HT

Agreed, but didn't want to bring up services and IPSEC policies lest the argument "THatz why i h8 winderz, cuz it Haz all tH15 stUf runnin". But you bring up the excellent point none the less. I have a thing or two to still learn about the IPSEC protocol handling, but I imagine it could end up being as powerful as zone alarm :) Thanks for the encouragement, I'll certainly take more time to devel into IPSEC and group policy handling.

(wait... does that mean *nix users would have to RTFM?)

Quote:

---

If you go back in time, computers are getting interesting in 1995? Why 1995? Because Windows 95 was release and it’s was the first OS with a user friendly GUI. (Mac came first but their GUI was not a user friendly). This OS was the first (and still the only) OS build for illiterate computer user. That is the reason why Microsoft is a monopole now. They are the only company that release a user friendly OS. You didn’t have another choose for OS that Windows for those computer illiterate users our there.

---

Not even going to touch that one! :D Especially since the rest of the post was very good. :)

I applaud Microsoft's decision to include antivirus in their next update package. It's amazing how many people won't bother to download even a free version of an antivirus and, if they do won't keep it updated. Hopefully, this new pack will include auto updating. I wonder if, since Microsoft bought RAV antivirus that it will be the one included. RAV was/is one of the top 5 av programs available.

As for the upgraded firewall, I like hardware but also understand that just as many people who don't have antivirus software also don't have a firewall.

As for me, would I use the new firewall......probably not. I have a good antivirus in place, BUT if the new antivirus is RAV and comes with lifetime updates, I would be tempted to use it rather than what I've got now, which has six or seven months left on the license.

I'm sorry but I'm going to have to disagree with most of what you've said.

Quote:

---

Originally posted here by HTRegz
[B]You can be as custom as you want with your policies. From this IP to this IP on these ports and stuff like that. run gpedit.msc and select Local Computer Policy --> Computer Configuration --> Windows Settings --> Security Settings --> IP Security Policy.

---

I'm still looking for that, I've tried using the Start -> Run. I've searched my whole hard drive so I guess its just my computer thats screwed up.

Quote:

---

Leave McAfee alone? Symantec is a great AV provider, however McAfee should not be in business, I pray that microsoft AV puts them out of business.

---

I'm sorry but this is very much simply a matter of opinion and nothing else. I have found McAfee's Virus Scan very good (and yes I am aware of the fact that many disagree). On the other hand I have found Norton to be rather annoying. Once again this is a matter of opinion and nothing else, so don't take any offence.

Quote:

---

The partition it is on matters from certain points of view. If you run out of diskspace on /var, or /usr becomes corrupted, at least you still have /home as a valid partition. Sure a better practice would be to back-up but this will save you from having to restore that portion of the disk.

---

If you make two partitions and one of them fails then you'll still have the other one. It doesn't matter what OS you are using. So whats you point?

Quote:

---

I seriously think you should stop bashing Microsoft (everyone that's doing it that is). They are making an effort, and attempting to better their product. Regardless of what you say or think, they have a good product, otherwise so many people wouldn't be using it.

---

I'm sorry, no offence, but I majorly disagree with that. Yes, I don't belive for a split second that users use Windows because they were given the choice. Because Microsoft has monopoly over the computer market they give no choice to the customer. The average customer is unaware of the fact that there even are other OS's in existance. Microsoft are playing a very dirty game, and I belive that this is simply another scheme to try and gain trust from the average user.
They have done this before, they did it with Internet Explorer in order to take Netscape out of business. They've done it with Windows Media Player in order to cut down on competition. This is nothing else but a big con.

Quote:

---

Half the problems that arise are due to incompetant admins and lack of real computer knowledge. However perhaps that's Microsofts fault too? Maybe they should require you be trained before using their operating system?

---

hmm, well I wouldn't blame Microsoft for this one. I blame the user. I have nothing against people who are willing to learn. But you wouldn't have a car for long if you couldn't drive it so why do people who couldn't care less about computers (and yes there are people out there who say "well I'm not to bothered if I get hacked, there is nothing important on my computer anyways") still refuse to learn and refuse to get rid of it if they don't care?