Please discuss: internet security on dual boot systems

  • Thread starter Thread starter Walterius
  • Start date Start date
W

Walterius

I like to play at building various W2K systems around a core of one WME
system and one permanent W2k system. At the moment I have four W2K systems
and the WME system.

For security purposes, and to avoid endless updating and running of security
programs, I allow only one of the main W2K system access to the Internet. It
has a full complement of security tools: AVG, MSAS, SpyBot, Spyware Blaster,
Spyware Guard, Ad-Aware, and others that are more or less stealthy or only
run now and again (e.g. Hijack This, DCOMBobulateMe, etc.). I keep
everything up to date (every other day at least) and run them when updated
or when a day or two has elapsed.

I also visit only a few websites, noted for their safety, such as Wired.com,
NoNags Plus, DOMAI.com, and a few MSFT sites.

And I use EmpTemp, MRUBlaster, and CCleaner to keep my temporary files and
cookies near zero. I also use FireFox, which seems not only superior to but
safer than IE6 SP1.

My question is this: by having only one pgm with access to the Net, but only
one set of security pgms, am I at risk? Should I have five sets, update all
five daily, and run them as often as possible? Or am I reasonably safe the
way I am?

I have been running this way for several years, and only occasionally find
maybe one nasty, usually just minor spyware, and never any viruses or zombie
pgms, etc.

I feel safe. But is there a safer way?

Please also note that I have 56K dialup, which never exceeds 53K, and that
updating four or five sets of security pgms would be nigh impossible.
Happily, I am getting DSL Lite, which claims 256K, so things should loosen
up a bit.

I apologize for being long-winded, but this has been on my mind for a couple
of years.

Walterius

P.S.: I did not post to the MSAS groups because I couldn't reach them when I
wrote this.
 
It seems you enjoy playing around with systems and trying to lock them down
at least from a spyware / malware pov. I believe you are secure to "web
scumware" the obvious automated stuff. But security covers a huge scope. Let
me ask you:
Have you scanned your internet host? What services are running?
If you are firewalled to be invisible...good. Now only have to worry about
whats piggy backing on port 80 or what ever other net programs you use.
Have you considered using a packet sniffer(ethereal)?
Being on dial-up, it should be easy to analyze the data....maybe you can
find something talking back n forth even if its not spyware and just a
program updater.

what do you think?
 
Nick,

Thanks for your reply. I don't understand much of it, so pls bear with my
questions.

o I don't know how to scan my Internet host, what that is, or what purpose
scanning it serves.
o I can provide the rather large list of running services if it would help.
o I don't know what a packet sniffer (ethereal) is.

I just installed BellSouth DSL Light about five minutes ago, my present 56K
dialup (on which I am responding to you now) may go away momentarily. I do
not have DSL Light email set up yet. In other words, I may go into the black
hole of no email for a while.
 
DSL now working fine. email and news much faster.
Walterius said:
Nick,

Thanks for your reply. I don't understand much of it, so pls bear with my
questions.

o I don't know how to scan my Internet host, what that is, or what purpose
scanning it serves.
o I can provide the rather large list of running services if it would help.
o I don't know what a packet sniffer (ethereal) is.

I just installed BellSouth DSL Light about five minutes ago, my present 56K
dialup (on which I am responding to you now) may go away momentarily. I do
not have DSL Light email set up yet. In other words, I may go into the black
hole of no email for a while.

to but update
Click to expand...
 
Let me try n explain. Your IP address is your computer on the net or perhaps
in your case....DSL router. Its like this

ISP -> DSL Router (WAN IP / LAN IP) -> NAT translation -> Your Computer (LAN
IP)

Now that you have a router, it might be in your interest to google about:
"port forwarding" and UPnP for routers.

As for scanning, certain ports are "listening" for connections on your IP
address.
Google for: SuperScan
This is a good one for windows...it will scan your local computer / local
host to see what network ports you have "open"
Just because they are open doesnt mean you are insecure.
A firewall is good because you can close all your ports so when someone
scans your IP it looks as if no computer is there...and all ports are closed.
This is hardly practical because most users needs ports open to have some
sort of productivity online

Sniffing...this is looking at the data going over the wire
Google for: Ethereal
This program "sniffs" your network data (packets). This is somewhat advanced
but it looks like you are headed in this direction anyways and you might find
it interesting. Things you can do with sniffing are, discovering
passwords/detecting abnormal network traffic/observe what programs connect to
what internet hosts

Keep in mind now that you have DSL you are always online unless you
disconnect or disable your network. I advise to learn to secure you computer
so you can always have it online.
 
Quite honestly Walterius you have too much software on your system that is
alike. All you need is adaware, spybot, zonealarm and a good updated
antivirus. Keep them updated which you do and that is great. You would use
hijack this if severely infected which from your practices won't happen.

Now that you are on DSL you need to consider putting in a hardware firewall.
This will hide you on the internet. Personally I would recommend a wireless
[wpa] router. This gives you the ability in the future to add wireless
devices and there are cheaper than one without wireless.

Your concerns breakdown into three areas

Port trojans that come thru with you just being connected to the internet
Spyware/malware which you get from visiting even ligit sites
Virus's which you usually get via a download or email attachment.

A router/zonealarm will protect you from port trojans
Adaware/spybot will catch the the spyware/malware
Antivirus will catch them and minimize/eliminate any damage they wish to
cause.

Just like safely driving a car doesn't mean you are assured you won't get
into an accident, so also having protection on the internet won't prevent you
from having problems.

This is why you backup important information [which you don't mention doing].

You can test your system by going to Shield Up! and running their tests on
your system.
You can also download pre-populated HOSTS file [google hosts file] from the
internet that has the blacklisted sites listed to go to the bit bucket
[127.0.0.1] I find this alone eliminates tons of popups/ads and reduces my
spyware scan times with better results.

You can use firefox or download the google toolbar to eliminate popups.

What I think you are missing here in the thought process is being on the
internet is a risk. It is how you manage that risk that is important. You
can not eliminate the risk but you can reduce it by being prepared for it.

Best of luck!
 
Back
Top