Re: Just venting (totally OT)
- From: real-address-in-sig@xxxxxxxxxxxxxxx (Rowland McDonnell)
- Date: Fri, 1 Feb 2008 17:50:18 +0000
<Evil_Nigel@xxxxxxxxxxxxx> wrote:
x-no-archive: yes
On Jan 30, 6:01 pm, Loz <lozz...@xxxxxxxxxxx> wrote:
I personally use
1) AVG antivirus 7.5
http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0
2)Comodo Firewall 3
http://www.personalfirewall.comodo.com/
3) PC tools starter edition Spyware Doctor (via googlepack)
http://www.pctools.com/spyware-doctor/google_pack/
Looks a decent set to me.
AVG antivirus has been shown in recent tests to miss most - not just a
few, but *MOST* - of the viruses that are doing the rounds at the
moment.
Your information is, I'm afraid, out of date again.
Yep :-)You can have as many browsers on your pc as you want. I've got
IE, Firefox and Opera.
I should add that many browsers only let you have one version at a
time, so it's IE6 or IE7, not both.
If and only if you're talking about `versions installed for a single
user account'.
Internet Explorer is ok but coz 75% or so of the world use it virus
writers specifically write their nasties to exploit vulnerabilities in
Internet Explorer. Thus firefox is more secure, and I like it coz it is
also faster and not made by Microsoft ;-)
You're not wrong there. Unfortunately there are a large number of
sites out there that only work properly with IE.
The number of sites like that is much, much smaller than it was a decade
ago.
That is because a lot of people do not use MS IE. A decade or so ago,
MS IE usage was up in the region of 98% IIRC.
The three biggest significant factors in this are that MS dropped MS IE
on everything except Windoze, the rise of Linux (also the Mac platfrom
recovering from a near-fatal illness), and Firefox has come along.
So: MS IE can now only run on MS Windoze, which is gradually losing
market share. And MS IE is very slow compared to the competition, not
to mention IE being less compatible with Web standards and so on.
When the latest stats show that *at least* 1/3 of Web site visits are
made `not MS IE', if you make your Website IE only, you're being a bit
silly.
It's why all reputable Website development firms test on multiple
browsers and multiple operating systems. Only companies that aren't Web
development firms but want to develop their own Websites make the
mistake of excluding the `1/3 of Web users and rising' that don't use MS
IE.
I was really
surprised when the FT100 company told me that they only worked with
IE7 because IE6 was still the majority browser at the time (July).
It's nice to see Firefox doing so well (I found up-to-date stats
showing it up to 30% and Microsoft just below 70%).
The measurements all have a lot of wobble on them. btw, if Firefox is
at 30%, then MS IE is just below 65% according to the measurements,
which overstate the useage share of MS IE for reasons explained
elsewhere. There are other Web browser out there, and Safari's got 5%
or thereabouts all on its own.
I'll try to put some perspective behind this firewall stuff.
Average Joe on a budget might well go into PC World, buy a cheap
internet modem without a firewall,
But no-one uses normal modems any more, surely?
Surely we `all' have routers operating network address translation (NAT)
these days? Even the cheapest router can't work without running NAT and
that's yer basic rock solid protection that makes a firewall pretty much
redundant.
use the default Microsoft firewall
and never get hacked.
Well, you wouldn't. Nuffin' wrong with the MS firewall that I've heard
of - beyond the controls perhaps being a bit crude, I gather the basic
firewall itself does the job perfectly adequately.
There are very few active hackers out there and
lots of Average Joes, and hackers prefer to target interesting
computers like the government or companies.
And even then, they can't get past the firewalls. So they don't try
that route any more to speak of.
One reason that hackers don't target `average Joes' is that it's
impossible even to identify their computers on the 'net if they're
hidden behind a router. With big operations, they have an identifiable
'net presence and so can be spotted more easily.
Average Joes are mainly
left to passive traps like viruses and spyware.
Spoofing and phishing are the modern blights.
If you sit behind a router with a firewall, you're a hell of a lot
more secure than Average Joe. It's like having a huge fence topped by
razor wire round your property, and gates at the front with a security
guard. Hoodies, gypsies and Mormons stand no chance.
It's more like having your entire home hidden underground with a small
shack sat on top, looking identical to all the other small shacks in the
street, with no-one answering the door if you knock and no way to break
down the door.
The hacker basically has to turn up dressed like a pizza delivery boy,
carrying a pizza and tell the security guard "Pizza for Loz at number
seven".
Umm. No, that's just wrong - in practice, if not theory. Practically
speaking, the hacker has to get invited in by the PC behind the router.
The level of sophistication you're talking about with your analogy -
packet spoofing, yes? - is so hard to do that it's surely only going to
people like the CIA and GCHQ who are set up to do it, along - perhaps -
with a tiny number of `freelance' groups (not individuals).
Since that mode of attack is impractically difficult, because the router
hides everything behind it completely from the outside world, the
real-life attacks that are made these days are different.
The reason the mode of attack Nigel outlines is so hard is down to
Network Address Translation - sometimes called a firewall by some, but
the usual `on your PC firewall' is somewhat different. That's what I
call `a real firewall' - it analyses the data coming in and decides what
to permit and what not.
Some routers have a firewall like that built into them, which provides a
massive security overload if you ask me but I'm very happy to have such
stuff built into my router, I can tell you. I've also got a firewall
running on my Mac (well, be silly not to, what with it coming with the
OS).
The only practical attacks on home computers these days involve
persuading/tricking the user of a computer behind the wall to install
some software on their computer that will invite a hacker in (so don't
open that dodgy email!). Either that, or exploiting a security hole in
its Web browser (or similar software) so that they can tell the PC to
install the software remotely.
The firewall on each computer is like having another security
guard at the your front door who knows you haven't ordered a pizza.
It's another level of protection which doesn't duplicate what you've
already got.
And I'm afraid that's just plain wrong too. My router contains network
address translation and a firewall that operates in the same mode as the
firewall on my Mac. It's massive overkill and probably does nothing to
increase my protection.
The reason for that is that the protection you get from NAT and any
firewall is so damned good that the hackers are, pretty much all of
them, not even trying to get in that way. They use other attacks
against which a firewall and NAT are absolutely no protection against.
It's these other attacks that are the ones you should be worried about,
and the ones you need protection against. You've *got* protection
against the old-fashioned attacks that Nigel's on about.
It's not perfect - the only way to be completely safe is to be like
the military and have a private network not connected to the outside
world.
`The military' also uses the internet. The US military tries to keep
itself safe by suing people who try to hack into its internet connected
computers. That is of course going to prove an effective tactic in time
of war.
And having a private network that you think isn't connected to the rest
of the world is only a useful protection if it's *really* not connected
to the rest of the world. If someone's got access to your network
cable, or to your radio transmissions, they can tap in.
The military need to add various layers of protection on top of the
obvious `let's not connect it to the internet ourselves', including
special networking protocols (so its data cannot propagate on the normal
internet), strong encryption of all traffic, and so on. This is what
they do.
But if you're paranoid, or your company can't afford to take
any unnecessary risks, installing a firewall on each PC is a small
price to pay.
The problem with your advice is that it's virtually no protection at all
these days because the hackers have given up - most of them - trying to
get through firewalls. Your out of date again, I'm afraid.
What's important is to be protected against the real risks that are
really around these days.
And I can't explain that without going into a lot of techical details.
The problem is that there's a lot of very bad - due to it being badly
out of date - advice going around. Your advice, for example.
Here's one example to demonstrate what's bad about it.
A couple of years ago, I used a virus scanner. Virex 7. I also got a
lot of viruses sent to me in spam. I found that Virex's virus
definitions lagged behind the viruses by 2-3 months, typically.
What that means is this: the actual viruses that are actually doing the
rounds *now* were not spotted by the anti-virus software until they had
been circulating for several weeks, minimum.
Loz carelessly assumes that the anti-virus firms are on the ball. Loz
told me that I'd have to be unlucky to meet a virus before the
anti-virus firm had released a new signature file to detect it.
Thing is, Virex was *always* 2-3 months behind in spotting viruses. I
checked, you see. They were sloppy: they didn't keep up with the actual
real virus threat. Loz is wrong in his comforting assumptions. He's
not checked the reality of what's what - I did check. And I was to
begin with faintly disbelieving, and then utterly appalled that people
relied on this stuff - as Loz does. He's been fooled by the anti-virus
scan con, basically.
My experience is that the anti-virus firm I `relied' on was well behind
the times as a matter of routine. And you know what? This Virex
scanner - and it was the Mac version - was unable to detect any Mac
viruses at all!
Anti virus scanners have got *WORSE* since then, according to recent
tests.
<http://arstechnica.com/news.ars/post/20071223-report-antivirus-applicat
ions-getting-weaker-over-time.html>
"In early 2007, the packages averaged about 40-50 percent accuracy. In
c't's most recent test at the end of the year, the average dropped to
20-30. At the positive end of that scale though, NOD32 and BitDefender
are at the top of the new list with 68 and 41 percent accuracy,
respectively."
If you want real protection, it seems that the only anti-virus package
worth considering at the moment is NOD32. It's a good 'un.
<http://en.wikipedia.org/wiki/Nod32#Reception>
`It has been tested 50 times by Virus Bulletin and has passed 47 times,
the highest pass rate of the tested anti-virus products.'
The rest of them have been shown in recent tests to miss more than half
of the viruses that are active at the moment. And even the best misses
about 1/3 of the current virus threat - the *BEST* anti-virus scanner
going misses 1/3 of the viruses you'll meet.
That's not very good protection at all if you ask me.
Rowland.
--
Remove the animal for email address: rowland.mcdonnell@xxxxxxxxxxxxxxx
Sorry - the spam got to me
http://www.mag-uk.org http://www.bmf.co.uk
UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
.
- Follow-Ups:
- Re: Just venting (totally OT)
- From: Evil_Nigel
- Re: Just venting (totally OT)
- Prev by Date: Re: Britney Spears IS Bipolar!
- Next by Date: Re: Just venting (totally OT)
- Previous by thread: empty feeling
- Next by thread: Re: Just venting (totally OT)
- Index(es):
Relevant Pages
|
Loading
