[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: RE: Looking for strategy for home users, and students
From: "Maceluch, Markian W." <markian.maceluch () ilearning ! com>
Date: 2004-11-23 22:15:24
Message-ID: CE3E07066B9623488CA613E8803F6E31E43AD0 () mail ! ilearning ! com
[Download RAW message or body]
I'd also agree on the SR, though I have seen viruses hide in them and difficult to \
remove at that point for some home end users. In simple instances SR saved a rebuild \
or SR didn't help.
As for Web protection, I've only had better success with Webroot SpySweeper.
I've implemented the Enterprise version though the standalone has much more control \
at the end user level and used that for special instances. Also combined with \
real-time Antivirus (AV) such as Symantec helps.
BlackIce, hum remember 2002 on Ping vulnerability. Seems to stick in my mind and for \
end users - too complicated but not for us techies though. ZoneAlarm might be a \
better bet but then again Feb 2004 they had a Medium vulnerability issue. Of courses \
getting a router with (so called firewall) which is really NATing helps at the \
primary entry point, XP firewall On unless using a personal 3rd party firewall. \
Remember, XP firewall prevents inbound to PC, but not outbound from rogue or \
phone-home software in the system.
Spam - Inboxer worked well before I implemented Postini at Enterprise level.
Back on the firewall/gateway. If getting Access point, try 256 WPA encryption, turn \
off SID and implement MAC filtering. If using VPN, make sure it is VPN capable. The \
Linksys WCG200 is a good unit, apparently prevent DOS (Denial of Service) uses SPI \
firewall and supports access list.
Less software the better is key.
As everyone would agree, backup, backup, backup. Use external OneTouch backup \
drives. Western Digital Dual-option External Hard Drive or Maxtor OneTouch \
USB/Firewire or similar LaCie, Iomega etc.
Markian Maceluch
Senior Systems Analyst, Product Development Tech (R&D)
Thomson NETg (formerly Capstar / iLearning)
__________________________________________________
-----Original Message-----
From: Steve Wechsler [mailto:mowgreen@mvps.org]
Sent: Tuesday, November 23, 2004 2:34 PM
To: Patch Management Mailing List
Subject: Re: Looking for strategy for home users, and students
> - If Windows XP / 2K is in use, Turn OFF the System Recovery to stop some
> viruses / malicious codes hide in there
Speaking as a primarily home PC Tech here:
That's like plugging up your nostrils because you might catch a
cold. Sorry, I *strongly disagree* with disabling SR for home Users.
Setting it to it's minimum size and teaching Users when to utilize
it is what I'd recommend . Most home Users need a lifeboat.
Disabling SR gives them none.
Steve Wechsler
MS-MVP
Orhan O. Bag wrote:
> Hi,
>
> For a personal use, I recommend the fallowing options as the basics of the
> defense :
>
> - Strong and powerful Operating System with full support
> - Personal Firewall ( Black Ice is practical )
> - Antivirus Software ( having a real and full support behind for updates and
> alerts )
> - If Windows XP / 2K is in use, Turn OFF the System Recovery to stop some
> viruses / malicious codes hide in there
> - Regular and Periodic Back-Ups (on CDs - DVDs - FDDs or on a second or
> external HDD - memory bar) of important Data ( you can have a Ghost Image
> with a Clear Installation including full patches and main data then use it
> to recover your HDD )
> - A Patch management software ( Shavlik HFNetChkPro is Free for your because
> you will be licensed in the evaluation limits, which has a "number of
> license" limit -- I assume you will have a single PC; remember that it is
> able to use it on a PC ) to install ALL Service Packs and Patches ( not
> only critical ones )
> - Try to be Up-To-Date with your applications running on the PC. So, just
> keep contact with the vendors web sites to get the latest patches - updates
> of your applications.
> - AdAware is a nice tool to clean-up many "unwanted" files and settings
> - do not forget that any software may cause a vulnerability in your PC, so
> you have to taka care of security news and publications on the web
> - if you are able you can use a hardware firewall but, be sure that it
> really have a support on updates of new issues
> - Do not open any suspicious messages even if comes from your MOM or from
> YOU :)
> - try to use a encryption software to keep your important data in safe
> - use strong passwords ( minimum 7 characters long in alpha numeric +
> characters like !@ )
> - do not use / stop unnecessary shares
> - DO NOT store any valuable passwords in your computer ( bank account
> details, etc. )
> - Do not use any software if you do not need , and if you do not know it
> very well
> - Do not believe all e-mails and do not trust the links on them
>
> Stressed ?? We have to ;)
>
> Best Regards.
>
>
> Orhan O. Bag
> General Manager
>
>
>
> ---------------------------------------------------------------------
> Issos Enterprises Co. Ltd. Tel : ( +90 ) 312 441 27 88
> Cinnah Caddesi 44 / 6 Fax : ( +90 ) 312 441 27 88
> 06680 Cankaya, Url : www.issos.com
> Ankara - TURKEY E-mail : orhan.bag@issos.com
> ---------------------------------------------------------------------
>
>
> -----Original Message-----
> From: Bott, Bruce - SICA [mailto:bbott@simpson.com]
> Sent: 22 Kasım 2004 Pazartesi 23:50
> To: Patch Management Mailing List
> Subject: RE: Looking for strategy for home users, and students
>
> Ditto most all of Greg's recommendations.
>
> Here's my personal 'order of priority'
> (assuming a broadband connection... for
> dial-up, I'd move Zonealarm to the top of the list)
>
> 1) Hardware Firewall w/Switch (I use a Linksys)
> 2) AV Program of your choice
> 3) XP SP2 with Windows Update in Auto Mode. Firewall on.
> 4) Spybot (update weekly)
> 5) Spywareblaster (Update weekly)
> 6) Alternative Browser
> 7) DVD Burner or USB Disk or USB Memory stick for backups.
> 8) ZoneAlarm (freeware version)
>
> -- bb
>
>
> -----Original Message-----
> From: Playle, Greg [mailto:Greg.Playle@si-intl.com]
> Sent: Monday, November 22, 2004 12:00 PM
> To: Patch Management Mailing List
> Subject: RE: Looking for strategy for home users, and students
>
> What do people recommend to their home users?
> - A hardware firewall / router / NAT. $60 at local computer
> mega-mart.
> - Backups
> - A separate machine for the kids / family members / visitors to use
> and download music, browser helper objects, and advertisements
> - A software firewall.
> - An anti-malware package (e.g. from license the company provides,
> or from the home user's favorite vendor)
> - Backups
> - Weekly updates. Saturday morning, get a cuppa, sit down and
> update.... ("more honored in the breach," so to speak...)
> - Mozilla instead of IE.
> - Did I mention backups?
>
> The ones that have followed this advice have suffered far less pain than the
> ones that owe me coffee for a month, after recovering their machine,
> checking account information, and wine cellar lists....
>
> On a more serious note, if they must work from home, I recommend the
> company consider providing them a licensed software firewall and
> anti-malware package. In some cases, the company has issued laptops,
> already set up with firewall, etc.
>
> Greg Playle, CISSP
>
> -----Original Message-----
> From: James H Moore [mailto:jhmfa@rit.edu]
> Sent: Monday, November 22, 2004 12:28 PM
> To: Patch Management Mailing List
> Subject: Looking for strategy for home users, and students
>
> I am looking for a site or a strategy for supporting our end users in their
> quest for security at home. MS Windows update is great, for MS products.
>
> There are other services, but some install agents that haven't been
> independently tested from a security standpoint. Others don't offer links
> to patches, but supply the patches themselves. I know that this is a
> thankless job, and is getting bigger.
>
> McAfee used to offer a product called "OilChange" but I never found out what
> happened to it.
>
> So the bottom line is: What do people recommend to their home users?
>
> Jim
>
> - - -
> Jim Moore, CISSP, IAM
> Information Security Officer
> Rochester Institute of Technology
> 13 Lomb Memorial Drive
> Rochester, NY 14623-5603
> Office: 585-475-5406
> Lab: 585-475-4122
> Fax: 585-475-7950
>
> "Distrust and caution are the parents of security." -- Benjamin Franklin
>
> "We will bankrupt ourselves in the vain search for absolute security."
> -- Dwight D. Eisenhower
>
>
> ---
> To unsubscribe send a blank email to
> leave-patchmanagement@patchmanagement.org
>
>
>
> ---
> To unsubscribe send a blank email to
> leave-patchmanagement@patchmanagement.org
>
>
>
>
> ---
> To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
>
---
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
---
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic