Leaving a computer as default is very unwise. First take off all the
crap software of the PC and that for me includes Norton and any Demo’s and Trial Versions. Then disable Services that do not need to be running by default (these could be a score), this can be done through a simple batch file. Now do a chkdsk and defrag (to organize the free space you just acquired. Look for factory installs like Backweb, Wild Tangent, Weather Bug etc, plus a lot more.
Now you install Avast, install all the current updates and set up properly. Install Ad-Aware SE and do a full scan, have all the latest updates on a utilities CD. Then do the same for Spybot S&D, update and do a full scan. Then install Spyware Blaster and the updates, Install Trojan Hunter (30 day trial) latest updates, do a full scan. Install a browser like Mozilla Firefox latest version or Opera. Install Dr Web’s hyperlink in-browser plug-in.
All maintenance icons are right above the Start button, like End It All, Reg Clean, Defrag, Quick Shutdown (as a shortcut to the normal shutdown process). Install a good software Firewall, and surf with Dropped Rights. Well this is just an example.
Oh, use Sun Java and take the other version off. Well the rest I leave to your imagination, System Monitor, Script Defender etc.
Some people do not and then some-one has to come along every month charging them 50 bucks or so for servicing. Oh, I regret I posted this.
We have the DropMyRights program not to fall prey to zero day exploits, even in a fully updated and patched browser. First in the Vista version MS will follow another policy. To surf with a full admin account other than for special purposes (updates etc.), and say this is safe under all circumstances is selling snake oil. That there is no need for an alternate browser, especially the browser with preference tab, NoScript and other built-in browser security is also questionable. Some disagree, IE is a day or two short and a dollar late.
With the Windows XP Firewall enabled you are not going to fall prey to Zero Day exploits. And you don’t have to run as a User, I run as an Admin 24/7 and I use IE. I almost forgot I don’t get infected with anything.
Your vision is very short-sighted, and you almost sound like an advert for the security of Microsoft products.
As added security XP firewall is OK. But to be real protected get a real software firewall as well. Even behind a router firewall, you still need a good software firewall to check outbound traffic. You seem to trust M$ security on its word and fully, and you will be one of the first users of their complete security solution for which they are getting aboard a consortium of 30 or so security vendors. What is MS definite answer to hidden rootkits?
They have not got any as for now. As the situation is now, it is save your data, then reformat and re-install. I still cannot get to any other conclusion, that an out of the box computer is not fully secure per se.
They are not sold that way. Why, and why we still have spam, and spyware, and adware etc. etc.?
Do you support end users that run Windows operating systems? I highly doubt it. A software firewall with out bound protection is good for a more experienced user but the standard XP firewall provides excellent protection for the average user. Out of curiosity do you run Linux? Because that is where all the run as user security advice comes from. It is just not practical and really is not necessary.
Why, and why we still have spam, and spyware, and adware etc. etc.?
Because no one uses my Security Guide? Why do you consistently rant about Microsoft when discussing anything? Seriously.
Maybe you still get adware and spyware in Windows? MSJVM still installed? Heh.
It is not necessary to use a limited account or an alternate browser.
Right, that’s that then. Every body: uninstall Firefox and Opera right now! DavidR: stop recommending DropYourRights, and take that link out of your signature right now, the Master has spoken!
Funnily enough, I never thought of Polonus as ranting. Can’t say that for others here though.
For users who aren’t installing and uninstalling software all the time, using a ‘user’ account makes sense. I took DavidR’s advice and installed DropMyRights. To me it makes sense.
Do you guys seriously support end users in any remote way?
Is that a condition for speaking? Yes. In a very modest way. I wouldn’t recommend DropYouRights to most, but I would recommend using a ‘user’ account for surfing.
I for one am very fond of Polonus and his postings. I never think of them as ranting.
I am not biased. I had a Microsoft Approved Training NT 4.0 with the Kernel. So there we did not speak about user rights. The term and basic concept in Microsoft is known as " trust", a more difficult concept to grasp, but very basic. XP was built on NT technology so basics are basics. And I am the last to say that the NT platform was unsafe a priori. That is why you run only those services you really need. My certifications are hanging here on the wall. We were out on this bootcamp course together with Linux people (I was not one of them), because everywhere new MS NT systems were then being rolled out, and they had to switch. Some of them had decades of experience. I learned and heard a lot there.
Well let me say this to you: “No platform is any safer than the way it is installed and secured (updates and all)”. My opinion is that the contribution of Open Source software to improve Windows platforms should be welcomed, not shunned.
A discussion is something that should be educating to those who has not been able to for their own opinions. Discussion is just there to make an informed opinion. And when a discussion is held to come to the truth of the matter, whatever it is, it is a good thing. Saying that someone is ranting is somewhere missing the point here.
It is just like with a lot of things, when it is printed or an official statement, does not mean it is the truth. I try to be open in a debate and learn from it. I learned a lot here, but what is the use of propagating absolute truths?
I know you guys don’t support end user buy what you are recommending. Drop My rights is not practical. It breaks alot of applications and at best merely protects IE from buffer overflows, it does not do what most people think it does. Limited user accounts have the same problem, numerous applications especially games break. This is not practical advice for home users and with proper security is not necessary.
Someone at Microsoft recommending something and what is deployed in the real world are two different things. Here is what I think the problem is, most people think securing Windows is hopeless or just cannot do it. Maybe they never remove MSJVM and keep getting spyware? They then think they need more protection like Hosts Files and limited user accounts. If you don’t get infected with anything why would you need these?