Am I Safe?

[John R]

Running MS XP Home Edition with MS Firewall, Avast Anti-virus, Spyware
Blaster and Ad-Aware SE. Is this enough for good security? I recently went
to MS Firewall rather than ZoneAlarm because boot time was very long with
ZoneAlarm.

 

[Xandros]

That's the basics and should be fine for most providing you keep updated. Do
you have a router? That is another level of protection that you should have
especially if you are online 24/7

 

[Ed Metcalfe]

That's the basics and should be fine for most providing you keep updated.
Do you have a router? That is another level of protection that you should
have especially if you are online 24/7

The router recommendation is a good one. I'd also recommend ensuring you are
not going online logged into an account with Admin privileges.

Ed Metcalfe.

 

[Fuzzy Logic]

Running MS XP Home Edition with MS Firewall, Avast Anti-virus, Spyware
Blaster and Ad-Aware SE. Is this enough for good security? I recently went
to MS Firewall rather than ZoneAlarm because boot time was very long with
ZoneAlarm.

Ensure you have the latest updates for your OS and any installed software.
Don't open unsolicited email/attachments and try to avoid malicious web
sites.

 

[DL]

MS Firewall is one way, stops incoming, Zone Alarm is two way, stops
incoming and outgoing - one of the reasons load time is longer.
Dont get in a twist over boot time unless 5+ mins - just make a cup of
coffee

 

[Ken]

The router recommendation is a good one. I'd also recommend ensuring you are
not going online logged into an account with Admin privileges.

Ed Metcalfe.

Why not go online as an admin? I am the only user of my
system and by default am an administrator (I think). Never
wanted to be bothered with a logon password. Am I in big
trouble now?

If I try to create a "user" account does that mean I have to
reinstall all my applications? Will my data (4 years worth)
be unaccessible? etc., etc.

Ken

 

[Ed Metcalfe]

Why not go online as an admin? I am the only user of my system and by
default am an administrator (I think). Never wanted to be bothered with a
logon password. Am I in big trouble now?

If I try to create a "user" account does that mean I have to reinstall all
my applications? Will my data (4 years worth) be unaccessible? etc., etc.

Ken

Ken,

Logging on as Admin means any malware you download can very easily run with
the same priveleges you have. This makes it *much* easier for malware to
install itself on your system.

If you're reasonably careful what sites you visit, what you download, etc
you're probably okay. Running as a limited user just makes it harder for the
nasties to install themselves on your machine. It also limits what files
they have access to.

Ed Metcalfe.

 

[Ace]

Well.. being online with admin righted accounts puts you at risk of being
hammered by whatever happens to be the latest and greatest in malware.
And those only need 1 chance, which they can fully utilise on an account
with full rights to the entire system.
Less than .5 seconds to ruin those 4 years for you, consider that.

Your applications are readily accessible, just copy the icons over to the
new account if they aren't already there through the All Users profile.
Some odd programs may require read/write permissions on your new user
account, these are easily set.
The new account won't require a password if you so desire.
Your data can also be linked to the new account, My Documents contents
can be copied over, and mailboxes can be imported.
Kinda depends on how much time you're willing to spend.

 

[Frank Saunders MS-MVP IE,OE/WM]

Running MS XP Home Edition with MS Firewall, Avast Anti-virus, Spyware
Blaster and Ad-Aware SE. Is this enough for good security? I recently went
to MS Firewall rather than ZoneAlarm because boot time was very long with
ZoneAlarm.

That leaves you reasonably safe. Knowing that you can never be totally safe
unless you stay off the Internet and never open any email attachments (and
maybe not even then), there isn't a lot of sense in putting a lot more
effort into it, although a router with its own firewall would be a nice
addition. Keep all important files backed up on CDs and don't expect those
to last more than five years.

 

[Guest]

By far the most important security enhancement is to stop using Internet
Explorer, and get Firefox, Seamonkey, or Opera.

Even with AV and firewall, you only have to visit one dodgy site with IE
(and it could even be a typo like microsft.com) and you've got a 'drive-by
download' of malware.

Eliminate this risk-vector, plus operate basic commonsense principles of not
running untrusted programs, and the chances of being hit by malware are quite
small.

BTW, an alternative to running as a limited user -if that is too
problematic, and it usually is- BeyondLogic's TrustNoExe will allow you to
define the locations from where executables can be launched. This mitigates
the risk from downloaded files, CDs etc.

 

[JD]

Why not go online as an admin? I am the only user of my system and by
default am an administrator (I think). Never wanted to be bothered with
a logon password. Am I in big trouble now?

If I try to create a "user" account does that mean I have to reinstall
all my applications? Will my data (4 years worth) be unaccessible? etc.,
etc.

Ken

There appears to be a work-around but I've never tried it:

http://msdn2.microsoft.com/en-us/library/ms972827.aspx

 

[Frank Saunders MS-MVP IE,OE/WM]

By far the most important security enhancement is to stop using Internet
Explorer, and get Firefox, Seamonkey, or Opera.

Nonsense.
Except for the paranoid.

 

[Guest]

"Frank Saunders MS-MVP IE,OE/WM" battles the popups to write:

Nonsense.
Except for the paranoid.

Simple fact is, those sites where we've managed to get IE use under strict
control suffer very few malware incidents. That, and executable email
attachments, are the main attack-vectors.

Whenever a computer gets hit by malware, a quick spot of forensics will
inevitably reveal pr0n/gambling/socialising sites or whatever in the recent
IE history. Cannot be a coincidence!

Yet, we had one disciplinary case where four users were surfing pr0n
virtually all day every day. That is, until I spotted their activities in the
network logs. Of note was that none of the computers involved had gone down
with malware. They were using Firefox.

No, not so much paranoia as frantically denying the (overwhelming) evidence,
whatever the term is for that.

 

[Daave]

Yet, we had one disciplinary case where four users were surfing pr0n
virtually all day every day. That is, until I spotted their
activities in the network logs. Of note was that none of the
computers involved had gone down with malware. They were using
Firefox.

What would you attribute this to? Lack of ActiveX? Or is Firefox just
safer out of the box than IE out of the box? I would like to think that
IE may be configured to be just as safe. But I guess I can see why
recommending Firefox to reckless clueless newbs may be a good idea.

Another possible reason is that those who are motivated to use Firefox
may already have a somewhat better handle on how to avoid malware in the
first place. By any chance were they running helpful plugins?

 

[Ed Metcalfe]

Another possible reason is that those who are motivated to use Firefox
may already have a somewhat better handle on how to avoid malware in the
first place. By any chance were they running helpful plugins?

I think that's probably a very good reason. In my experience the majority of
malware I am called on to deal with has been as a result of somebody
downloading something after being presented with an IE "Are you sure you
want to....?" prompt. A lot of users will click Yes without understanding
what the risks are. Somebody with enough knowhow to move to Firefox or
Opera.is probably less likely to do this.

Ed Metcalfe.

 

[Ed Metcalfe]

Anteaus wrote:


What would you attribute this to? Lack of ActiveX?

Oh, and yes I'd say lack of ActiveX in a browser is definitely a good thing
from a security point of view. Although and client-side code execution is
potentially risky.

Ed Metcalfe.

 

[Sir_George]

Running MS XP Home Edition with MS Firewall, Avast Anti-virus, Spyware
Blaster and Ad-Aware SE. Is this enough for good security? I recently
went to MS Firewall rather than ZoneAlarm because boot time was very
long with ZoneAlarm.

Others have mentioned running IE with reduced rights...no admin privledges.
There is a handy little utility that permits you to do exactly that. It is
free and available for download at the following site;

www.intelliadmin.com

Visit the following link for a screenshot;

http://pcwin.com/Utilities/Reduced_Permissions/screen.htm