Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: What else should I be doing?

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    19

    Question What else should I be doing?

    I am a simple home user running a Win98SE dial-up box. I have firewall and anti-trojan software running at all times. I update my anti-virus and anti-trojan app.s several times a week, and run a full system scan with each at least once a week. My main browser is Mozilla (I use IE for only two sites), and I thoroughly delete all temp files, internet caches and coookies three or four times a week. Apart from Mozilla and my AT and AV auto-update functions, every app. has to ask permission to connect every time. I don't use OE, and all my personal data, including the data files for my email client, Pegasus, are stored in a PGPdisk that is unmounted when I am online, except for the brief periods needed to check for new email.

    Bearing in mind that I am joe very ordinary, are the above measures providing a level of security adequate for my situation, or is there something else that I should do, aprt from unplug my box?

  2. #2
    Junior Member
    Join Date
    Jan 2002
    Posts
    19
    Originally posted here by khakisrule
    Switch to *nix. For security, for configurability, and for all the xtra power.

    I plan to.

    I tried Mandrake 7.1 some months back, but discovered that at the time Linux did not like my crappy integrated sound/video card. Buying a new box is out of the question due to terminal penury, but I am saving up for a sound card and video card that will enable me to make the switch within the next few months. Of course, by then, my puir wee AMD k6-2 400 will be even more markedly antediluvian.

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Max given your OS you are doing everything right. Just bear in mind that your OS was not your choice cause you bought your computer. It is not the only OS but for the most part you need the OS to pass on even an email. Not my rule just a fact that M$ is guilty and we all pay.
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Wow, dude, unmounting you're pgpdisk when online... you're paranoid!

    But seriously, I think you're doing pretty good...
    As long as you went trough the usual procedure of making sure sharing is disable and etc, you should be fine.

    Only other thing you might want to be carefull about is making sure you keep up to date (both in software/patches and knowledge of that software and protocols vulnerabilities) of other services you might use (chat clients, instant messengers..

    Oh yeah, don't forget rule #1: use good passwords!

    Otherwise, you should be fine... (think of it this way, other hosts make much more appealing targets!)

    Ammo
    Credit travels up, blame travels down -- The Boss

  5. #5
    Junior Member
    Join Date
    Jan 2002
    Posts
    19
    Originally posted here by ammo
    Wow, dude, unmounting you're pgpdisk when online... you're paranoid!

    But seriously, I think you're doing pretty good...
    As long as you went trough the usual procedure of making sure sharing is disable and etc, you should be fine.


    Only other thing you might want to be carefull about is making sure you keep up to date (both in software/patches and knowledge of that software and protocols vulnerabilities) of other services you might use (chat clients, instant messengers..

    Oh yeah, don't forget rule #1: use good passwords!

    Otherwise, you should be fine... (think of it this way, other hosts make much more appealing targets!)

    Ammo
    Thanks. Sharing is disabled, I have no chat or IM clients installed on my box, and although some of my site login passwords are probably a little weak, the password to my PGPdisk is a mix of uppercase, lowercase and numerals, and uses non-English words. I also change my site login passwords when I remember to do so, probably not often enough.

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    242
    wow.
    my pages: (great resources for everyone)
    geeksarecool.com resource for computers, hacking, virii, wutnot.
    thepillbox.net archive of logs and resource for laughter.
    --enjoy these pages, as they grow.

  7. #7
    ->While some may say you are paranoid, I think your protocols may be a little strong if you do no "important" work in the net but it is still a good practice... Many catastrophic incidents and compromises happen from simple weaknesses in protocols that can be exploited short of using sophisticated cracking techniques. As we head into the future, I think your policies will serve you well.
    ->As far as passwords go, look into diceware ( http://world.std.com/~reinhold/diceware.html ) but then you may already know this if using PGP. It's a way to introduce a little entropy into the mix, and is at the very least an interesting read.
    Obey All Orders Without Question...The comfort you\'ve demanded is now mandatory. --Jello Biafra

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i don't know how far you want to take this. turn off active scripting, have your browser ask permission before running any scripts of accepting cookies from each site. Get a copy on bugnosis from privacy.org installed. this will alert you to web-bugs and such. delete the .dat file hiding in your temporary internet files, this does not get deleted when you clean out this directory and keeps a record of where you go. And then, if your really feeling frisky find all the places windows hides the list of sites you visit, in the system registry and lose them. do a search for antionline in the reg., etc.

    then of course there's physical security, secured doors and windows, dont have your monitor face the window and avoid reflective surfaces in the room. an electrically charged wire mesh should encompass the area the computer is in as the emf generated by the moniter can be used to reproduce screen shots. Do frequent volt and ohm readings on your phone line and watch for changes. each phone on the circuit has about 500 ohms in the ringing coil. If you phone gives part of a ring when you hang up. destroy everything cause thats a wire tap.

    And if you still have time left...please have a talk to all the users on my network. they havn't a clue..... just kidding about the physical security, thats not absolutly necessary, well some of it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Junior Member
    Join Date
    Jan 2002
    Posts
    19
    Thanks for the reminder about diceware. When I was first pointed to it, I was very new, and it seemed a bit beyond me. Time for another read, I think

    Originally posted here by Tedob1
    Get a copy on bugnosis from privacy.org installed. this will alert you to web-bugs and such. delete the .dat file hiding in your temporary internet files, this does not get deleted when you clean out this directory and keeps a record of where you go. And then, if your really feeling frisky find all the places windows hides the list of sites you visit, in the system registry and lose them. do a search for antionline in the reg., etc.

    then of course there's physical security, secured doors and windows, dont have your monitor face the window and avoid reflective surfaces in the room. an electrically charged wire mesh should encompass the area the computer is in as the emf generated by the moniter can be used to reproduce screen shots. Do frequent volt and ohm readings on your phone line and watch for changes. each phone on the circuit has about 500 ohms in the ringing coil. If you phone gives part of a ring when you hang up. destroy everything cause thats a wire tap.

    And if you still have time left...please have a talk to all the users on my network. they havn't a clue..... just kidding about the physical security, thats not absolutly necessary, well some of it.

    Thanks for the tips, especially about bugnosis. On the subject of index.dat files, I am in the habit of writing out their location then rebooting into DOS to delete them manually. Would this be effective in getting rid of them?
    As it happens, my monitor does face away from the window and is not near any reflective surfaces.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    LoL

    Dos is the place to get them little buggers.

    Bugnosis is really great, i have it on every computer i use, every bug that trys to load i write its address in my hosts file resolved to 127.0.0.1. some sites are so disguesting with their selling of my privacy with web-bugs ill never go back to them.

    i just noticed you said you delete them manually, you could do it with a batchfile and get rid of the short-cuts to myfavorites (documents)at the same time.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •