Fog Creek Software
Discussion Board

Fort Knox or Hacker Heaven?

The "Subtle virus aimed at programmers" topic got me wondering what y'all have to protect your puters?

I got sucked into learning (anything new and shiny gets me) about PC security a while back and feel that my PC is fairly well guarded now.

- I run Sygate Fire Wall and have locked down both incoming and outgoing as much as possible.

Having a firewall is pretty pointless if you allow an app to access anything on the web, so I lock all my apps down to allow them only outgoing access to specific addresses and ports.

Although I allow Mozilla & Opera open access to the net, I don't allow plug-ins and am prompted to allow javascript. I don't allow most cookies either - they just plain sh*t me.

- I have a couple of different ad-ware style apps to clean out my system.

- AVG antivirus is my personal pref as it hasn't hurt me yet ;)

- I also run sniffers every so often to check what the traffics actually about.

I think you can take personal protection a little far, for example not allowing ANY site to use javascript. It's just too dang useful, and if you know the site, there shouldn't be a problem. I.e. if JoS wants to use Javascript I'd allow it.

I guess my question is, how guarded are you?

Jack of all
Wednesday, July 23, 2003

not at all :)

Im permanently connected to the internet, but I switch the computer off when I leave the office.

hacker heaven if anything, really the dangers of any hacker attacking me via the internet are _vastly_ overrated, its much more likely Ill have the computer pinched from my house during a burglary. (I work from home)

Wednesday, July 23, 2003

I don't have any antivirus software.

I run IE with the normal security settings.

I don't run outlook (or outlook express).

I've never had a virus.  Why?  Because I practice safe-internet (think safe-sex):  Don't run programs from people you don't trust.  Don't run ActiveX controls from gator or anything like that (same point as before).  Becareful installing P2P clients and stuff like that (same point again).  Firewall the internet connection -- block anything you aren't using.

It's really not that hard.

Almost Anonymous
Wednesday, July 23, 2003

I just use Mac OS X instead of Windows...

Wednesday, July 23, 2003

Pete, don't limit yourself to OSX.  There are 80,000+ more viruses available on Windows ;)  Viruses are apps too.

Thursday, July 24, 2003

I use a Commodore 64.  Ain't got no virus yet.

*this post has been closed captioned for the sarcasm impaired*

Thursday, July 24, 2003

I run ZoneAlarm, and have weekly jobs set up to run Ad-Aware and scan my drives for viruses. I feel pretty good about that setup.

However, I do have a question about what I suspect is a huge hole in my setup: I allow svchost.exe to access the net. My limited understanding is that any app can use this executable (identified as "Generic Host Process for Win32 Services") to access the web. If that's so, then allowing this program to communicate with the world really allows ANY program to do so.

Is that accurate? If so, I can modify my setup to prompt me when svchost.exe attempts to access the outside world, but when I get prompted, how would I know whether to allow the access or not?

Thursday, July 24, 2003

I run a dual boot XP/Linux system with a broadband connection, and the funny thing is that I feel safer when I'm running XP. I'm a Linux newbie, so I have no idea whether I've got the security settings properly set up for Linux at all.  Add to that, I spend so much time logged in as root to configure the system, that I'm really leaving myself wide open.

Some argue that Linux is more secure than Windows, but for a typical home user I'm not so sure.

Buns of steel, couch of magnet
Thursday, July 24, 2003

Zone Alarm Free.

IE for sites I know & trust and want to have cookied & keep my history, such as JOS, and my e-mail.

Mozilla (Firebird) as my default browser, so when I click a on my desktop or in my newsreader, Mozilla launches. It kills my everything after every session - cookies, history, forms (though it seems it doesn't actually remove these, even though I don't have it checked to store them).

Opera for a handful of sites too... There's very little difference between how I treat Opera and Mozilla at this point.

Web Mail only either via Mailshell (q.v.) or Squirrelmail for my pop3 accounts. I may be susceptible to invisible pixel tracking, but I rarely open spam.... (q.v. the recent threads on spam).

I also practice "Safe Internet" and never launch a program I don't trust, including ones my friends send me... especially ones my friends send me.

No virus or ad aware software... I've used them for years and I know what they do, and I know how to avoid getting the damn stuff on my computer in the first place.

I do plan on installing some ad aware & virus software in the near future though... just in case I got sloppy at any point in the past.
Thursday, July 24, 2003

I should also point out that I'm behind a router/firewall and I reboot my modem from time to time to get a new IP address from my ISP.
Thursday, July 24, 2003

Re: Zahid [QUOTE] However, I do have a question about what I suspect is a huge hole in my setup: I allow svchost.exe to access the net. My [cut/snip/hack] [UNQUOTE]

Your assumption about allowing svchost access is correct. A number of apps use it. To check out what's currently using it type "tasklist /svc" at the cmd prompt.

If you're unsure as to whether you want it to access the net I'd set your firewall to prompt. If you're trying to access the net with something and it pops up, give it a nod, if not, kill it.

Note: I've also noticed that if you're sharing a connection (through a home network etc) then all comms going through the connected PC are pumped out using svchost.

If I have this wrong, may my dog strike me down with a dry piece of toast.

Jack of all
Thursday, July 24, 2003

Sorry, not sure if "tasklist /svc" works on anything but XP...

Jack of all
Thursday, July 24, 2003

$80,000 HA firewall cluster.

Thursday, July 24, 2003

OpenBSD's  pf and NAT

Thursday, July 24, 2003

Is anyone aware of an "application level" firewall for Linux?

By "application level" I mean where you can configure allow/deny particular applications 'net access. Like ZoneAlarm's behaviour.

As opposed to "packet level" firewalls that are only interested in the packet and not what application is sending them. Like iptables' behaviour.

Don't get me wrong, a packet level firewall is pretty much required, you should have one sitting between your internal network and the internet. But I like the added security of having an application level firewall on each computer to protect against trojans and the like.

Bill Tomlinson
Thursday, July 24, 2003

I run MacOS X, with only the built-in firewall running.  I've also made sure to turn off all the "sharing" services except personal web sharing.

No problems thus far.

The Pedant, Brent P. Newhall
Thursday, July 24, 2003

I defrag my hard drive for thrills!

Thursday, July 24, 2003

As is the case with Almost Anonymous I don't run any Anti-Virus software and have never had a virus.

I run the Outpost firewall occasionally when browsing web sites with too many pop-ups and enough flashing/scrolling images to cause a misscarriage in pregnant woman.

Izaak Malone
Friday, July 25, 2003


Try the new (beta) google toolbar.  It blocks popups in IE and works great.  A nice minimalist solution to the problem.

Almost Anonymous
Saturday, July 26, 2003

*  Recent Topics

*  Fog Creek Home