Your Windows computer security config? - Page 2
Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Your Windows computer security config?

  1. #11
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    norton AV corp out of the ones Ive used i like this the best

    TC (the Cleaner) its expired but the registry monitor is still working. one of these days ill buy it. its really quite good. i like the pop up you get everytime a piece of software decides it wants to make a registry entry. i can accept or reject the change or it can open an editor to the key in question

    Tiny FW or sometimes ZA i like tinys logs better

    Ad-Aware which i run ever month or so and am always suprised at what it finds.

    BitDefender for mIRC from avert although i hardly use IRC my typing sucks

    packetMon from AnalogX mostly to keep an eye on any new software i install, what it wants to send out and where. my FWs set to prevent this but i still want to know anyway

    i run ip-tools while im surfing and fport if i see anything strange reporting on my system.

    Oh yeah! SamSpade is a must. thats the second thing i ad to a new install (AV first)

    I had a port monitor on but i found that it reported everything that happened as a trojan so i uninstalled it and just reley on tiny.

    I have IE set to prompt on everthing. much too severe for most i guess. every page i open on ao also requires me to left arrow and enter if i want the jave scripts to run. i accept or reject every cookie except for sites like this. its become second nature and im never bothered by pop-ups.

    Bugnosis from the bugnosis.org this helps me decide if i want to come back to a site or not. if they dont value the privacy of their viewers i don't value them.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #12
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    My setup is 2 Machines
    Win XP Pro machine - up to date
    Ad-Aware and HouseCall Antivirus Run on a regular basis
    Ethereal running most of the time.
    Shared Folders are all password protected - 8 Character Alphanumeric + shares are renamed oddly
    running smtp, pop3, httpd, and ftpd

    other is a Win2K Pro Laptop SP3 completely up to date
    Command AntiVirus + ad-aware once a month
    again ethereal running almost constantly
    Shared folders set-up the same as the XP machine

    I've given up on firewalls... when I ran before i had conseal with a custom rule set, and in *nix i ran a nice ipfwadm and then ipchains ruleset.. .. and always had ippl running.. an ippl win port would be nice to see .. it's a great utility.
    I am however downloading the VisNetic Firewall to give it a test drive.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #13
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    when i had Windows still (damn i miss it) i had, zone alarm, (then went to zone alarm pro) black ice firewall and black ice defender corporate edition (logs and watches everything including programs, like i had to tell it it was ok to hear a CD) port blocker, macfee anti virii, norton also, nortson system works, ummmm, gates firewall and go back, (if someone somehow got in and there was a chance of a backdoor installed id go back to before it happened) and of course BACK UPS.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #14
    Good question,

    I run Norton Anti-Virus
    and:
    1. Disabled NetBios over TCP/IP

    2. Disabled Client for Microsoft Networks

    3. Disabled Universal Plug and Play

    4. I use Outpost Firewall

    5. I also use a router

    6. Disabled File and Printer Sharing

    and I use Ad-aware and considering on using another program to safely overwrite any files in my recycle bin...and I never keep any personal stuff in my pc's hard drive, such as my social security number etc..
    Light thinks it travels faster than anything but it is wrong. No matter how fast light travels it finds the darkness has always got there first, and is waiting for it.-Reaper Man

  5. #15
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Yes jaguar, im sure you could....but do not forget that its not a school computer, and our users are secretarys who only know applications such as excel, word, and a few others. There is no need to setup too much physical security. And even if they could do some of the things you mentioned, there is no work data on the clients themselves, all the work is saved on servers directly. And the servers are locked up in my office. So only i have access to them. But remotely i believe that our system is pretty secure against kiddies or most of the common internet threats. Also what i forgot to mention, the admins including myself monitor the system constantly, and a user cannot reach the outside due to the proxy filtering (no files are allowed to leave the network) and also the firewall will not allow any connections other than destination ports 80, 25, 110. Now since our company is security related (home security www.alarms.gr ) we dont fear so much any physical breaches (we have 24 hour cameras everywhere, including other security related gadgets). The only way to actually really secure a computer in the sense as you mean it, i would have to setup a restricted account on a linux box (which is not possible at work since our users work on software thats strictly for windows). Again i point out that there is no real need for physical security. And even if someone finds a work station unattended, our policy is to not have any logged in machines with no users on them. So you would have to be able to logon first. Did i mention that non of the clients have cd roms, or floppy drives (xcept 3), and the network cables are inside the wall (you would have a hard time disconnecting the cable from the box itself). The most important thing is not the things that i have mentioned above so far, but its the admins themselves. Always monitoring, keeping the machines upto date, reading the log files, and we (admins) also have access to the monitors for the cameras. Then again, we are not a large company (we have about 25 - 30 users) but our data is in some sense sensitive. The keyword to all this is called "security policy". We have strict policies and we constantly make sure that everyone abides by them.


    -instronics-
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  6. #16
    Banned
    Join Date
    Mar 2002
    Posts
    594
    instronics, man, thats a serious setup up, if you dont mind me asking, what kind of company do you work at? some much security, im guessing government??

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides