Personal PC Security

[morganlefay]

this is what I use: Brains

....Its amazing how many people dont have any...or use them......

Although some may say I have become jaded in my old age

Attached is one of my favorites.....

[Synja]

Well... I have a router... but I really only use it for port forwarding and logging. And of course occasionally blocking a port so I can test a service without the entire world being able to see it.


Other than that, the machines are individually locked down. My XP box has almost no services running and administers all the other machines through SSH. I have also configured extremely strict local policies. I have no firewall, and about once a month at this point use an online AV scanner.

My www/file/IRC server is a SuSE 9.2 machine, same basic security precautions, actually somewhat stricter in some ways due to the services running. This is where users/groups are used the most.

My soon to be mailserver/undecided is a netBSD machine... locked down insanely tight since there is technically no need for actual users.... And I don't really like BSD, so I don't really have any temptation to play with it.

And... I know there's another computer somewhere, I just can't think of it.

Oh yeah... there's a Mac. The security precautions on it are the hostname "*******" and the fact that it's a old ass power mac that can't even run Netscape well. I mean... if there's any machine that you don't really want to see inside, it'll be that one.

[Digoy]

Hi Spyder

Why would it be a risk? There are quiiite a few good freeware security applications out there, some of them I'd take over buying a product. Just because they are free doesn't mean that it presents a "risk" of sorts to your system, no?

I didn't mean that installing the freeware itself would be a risk, I do use it in addition to my regular software like I said. I meant that I've seen too many free solutions fail and not protect the user. Norton and Spy Sweeper are updated 1-2 times per week, for example, and most freeeware solutions are updated far less frequently and have much smaller libraries.
I use what works for me. I've never had a single problem using the software that I pay for and I know that I am fully protected. I didn't think some folks would get so hot about it, but whatever.

[Synja]

Just remember... real security comes from the OS and its configuration, not from 3rd party software.

The fat that your AV catches a virus is a bad sign. Most people don't realize that in order for it to be found, it had tog et in. You need to prevent it from getting in.

[Spyder32]

I didn't mean that installing the freeware itself would be a risk, I do use it in addition to my regular software like I said. I meant that I've seen too many free solutions fail and not protect the user.

No doubt, they aren't the best at protecting the end-user.

most freeeware solutions are updated far less frequently and have much smaller libraries.

Honestly though, you can't possibly expect them to be.. unless the coding for the application is damn near genius.

I didn't think some folks would get so hot about it, but whatever.

Relax man, no one is getting hot over it mate.. merely offering a difference of opinion, that's all.

Synja: You are correct. In the end, real security comes from the user operating the machine, not the tools he owns. You're also correct in saying that if an A/V catches a virus then that's typically not a good sign. I, personally have stopped about 98% of the viruses coming my way via e-mail messages, downloads, etc just by using common sense and being smart.

[nihil]

Norton and Spy Sweeper are updated 1-2 times per week, for example, and most freeeware solutions are updated far less frequently and have much smaller libraries.

I have Avast! and AVG.....................both are updated at least daily. You must realise that AV etc is retrospective so if your machine is already infected, you probably won't detect that until you run a scan with the updated signatures/patterns.

The size of the virus library is BS, pure BS and nothing less. I really don't give a monkey's whether some virus from 1980 is detected...............it won't run in my environment anyway and hasn't been seen for twenty years

The other point is that some AV companies detect generically whilst others will rename on every typo and punctuation error.