Fog Creek Software
Discussion Board

Poor poor me, the appendix

OK, I said the final chapter was it.  I lied :)  Yesterday I was digging a trench for a retaining wall, my neighbor came by to see what I was doing.  Turns out, he got nailed by Sobig.  Told my wife about it tonight, she has 3 co-workers that got nailed.  And my son called this monrning, he wanted virus cleaning software.

Wow.  I got 3 machines here, all running various flavors of Windows, none got hit.  I must be doin somethin right :)

My F'n Dell laptop, circa 6 months ago (got it march 2003), died last Thursday.  Still figuring out how to fix it (call Dell, answer questions, get more, investigate, lather, rinse repeat).  But it was my Win XP box, and my current Linux box.  I'm upgrading my PC for current linux, but it's not like I can take it to a house call.  Plus I like to play TFC, and I can't do that running Linux.

So.  How long will it take me to figure out Win XP Firewalls?  And how effective are they?  If I bill my ass out for an ungodly rate, think I could get away with spending $100 on a linksys blue box? :)  Once I figure out WinXP firewalls, what is a good rate to charge?

I'm kinda kidding, kinda not.  Once I learn Windows networking I can secure these boxes in maybe 2 hours, especially if they give me cash to buy linksys boxes.  Am I onto something here, or are there twisty passeges, all alike, I need to know about?

Poor poor me
Monday, August 25, 2003

Tell me about it. At my clients' last week, one of the contractors who empties the trash cans in the building (AKA contract janitor) was complaining that their Roadrunner connected PC at home was attacked by "something" and their PC was infested by viruses. Only now do these people think a firewall is important.

I am starting to think that an ordinary consumer stupidly running a PC connected bare to the internet with no firewall, etc should be categorized as a minor league felon, with appropriate fines for damage done by their unsecured system... Actually, I wonder why it has not happened already that there isn't a strict national ID database system that links any user to the IP address they happen to lease. I suspect it's coming if this continues.

A few weeks ago, I posted a question here asking about sources for internet security whitepapers and overviews to help this balky client of mine get a comfort level with internet security. If you email me privately I'll be happy to share what I've found. I think that there are vast opportunities available now to anyone who can provide companies with a deterministic solution to their internet security concerns. The hassle factor has to be incredible in affected companies.

As far as the "how" of security, the raw basics appear to be:

- Only connect a workstation or server through a firewall or NAT (network address translation) router. This largely makes your system invisible to probes and hackers.
- Windows XP has a built in software firewall, disabled by default for the maximum damage possible :-(. It does not protect against programs on your system getting access to the internet. It only protects against incoming requests.
- Keep anti-virus installed, updated, and running at all times on any machine with internet exposure.
- Switch off any services in Windows that you don't need. (Like EVERYONE needs their own personal NNTP and SMTP server, huh?)
- Turn off previewing in Outlook, or use an email client that doesn't preview email.

If you do these things, from what I've gleaned it appears that you're 99% secure. Hope that helps.

Bored Bystander
Monday, August 25, 2003

I think operating without firewalls is inevitable given the popularity of WiFi networks... I was at a company the other day that had very strong firewalls in place, but still got infected by laptops people had connected to the internet via non-company WiFi hotspots or at home.

To be 100% safe: Don't use a computer.

To be 99.999% safe: Don't run x86 processors.

To be 99% safe: Don't run Windows.

To be 80% safe: Install patches regularly. Don't use Internet Explorer. Don't use Outlook as your email client.

To be 50% safe: Use an anti-virus product, updated regularly.

Dan Maas
Monday, August 25, 2003

As long as the firewall software is hard to use (answering yes or no for packet to be blocked appears easy, but who knows about which one to block or not???) then no one will bother with software firewall. And to spend more money on hardware firewall? naah...maybe in rich countries, but in other part of the way Jose.

Unless the firewall is standard equipped with every PC, and it's easy to use.

Monday, August 25, 2003

Even easier - run windowsupdate weekly. None of the recent worms have any effect on an up to date windows machine.

Matthew Lock
Monday, August 25, 2003

"Turn off previewing in Outlook, or use an email client that doesn't preview email."

Bored, can you point to any problems with preview in a recent version of Outlook?

Just me (Sir to you)
Monday, August 25, 2003

It isn't stupid for a consumer to buy a consumer product, subscribe to a consumer service and not know that they need an extra layer to protect themselves.

It is not the fault of individual users if their machines are attacked.  If my machines were successfully attacked then I, knowing what I know with the experience I have, would have only myself to blame.

As for correlating IP addresses with individuals ummm how far has paranoia infected people?

Perhaps the same individual will welcome the chipping of all cars so that they can be automatically fined for speeding and parking, let alone so that their movements can be tracked.

Simon Lucy
Monday, August 25, 2003

If you can afford it, use a hardware firewall.

A nasty virus might be able to disable your software firewall, but it is far less likely to disable a hardware firewall.

David Jones
Monday, August 25, 2003

Bored Bystander >> I think that there are vast opportunities available now to anyone who can provide companies with a deterministic solution to their internet security concerns.

I worked for a while for a company that sells one of those vulnerability-testing applications, and even when talking with CIOs, it's not easy to buying a subscription is worth the money.

Much like selling insurance. You only realize how useful it is once you get hit...

Frederic Faure
Monday, August 25, 2003

Hmm firewalls arent necesary for personal desktops. Turning off unneeded services and running windows update is much easier and more secure that teaching basic users about firewalls.


Martin Schultz
Monday, August 25, 2003

A basic firewall/router/hub costs around $70.  Installation is about 3 minutes (well, 10 including reading the manual).  That protects you from all incoming port attacks.

If you use a mail client which doesn't automatically open attachments, and only download/install software from trusted sources, you can get by without a virus scanner.  But since a copy of McAfee is about $35, it's kind of a no-brainer to have the additional security.

So -- just a suggestion/idea -- if you want to sell a "complete" solution, bill yourself at $50/hour for two hours to install a Linksys router/fw and McAfee.  Your total fee is $200.

I've been thinking hard lately about doing this very thing.


Monday, August 25, 2003

Can anyone tell me what dangers I am exposing myself to by running Outlook XP with the preview pane enabled?
I thought Outlook XP runs HTML in a restricted zone, basically not allowing any scripting or active content whatsoever?

Just me (Sir to you)
Monday, August 25, 2003

First of all, on topic: PPM, I think that's a good business model, but you have to do it NOW while the attacks are still fresh in people's memories. Especially if you're targeting small businesses, you have a pretty small window within which to work. (Alliteration, anyone?)

Next, some security questions: Dan Maas says, "don't use IE". Why is that? I mean, I don't  :)  but my wife does, on a trusted machine on our home network. What does it do that it shouldn't, or vice versa?

And a couple of people mentioned turning off unneeded services. Which ones do you recommend (assuming I'm not serving anything at all)?

Monday, August 25, 2003

AFAIK, when you setup an internet connection using the builtin Wizard in Windows XP you're explicitly asked whether you want to turn on Windows' Internet Connection Firewall.
Also, most Windows machines used by friends of mine and their parents are "optimized", i.e. some young geek disabled all those features like ICF, "to make the system perform faster/better", or "because you never know what those services really do in the background", or "it does not work, anyway", or "Q3A will run 3 times faster if you turn those off".

Johnny Bravo
Monday, August 25, 2003

I always run the current version of Norton Anti-Virus, ZoneAlarm firewall, and Windows XP (through WindowsUpdate). I haven't had to worry about any attack yet. Strangely, one of the more consistent probes I've received was an HTTP stream from @Home/ATTBI/Comcast. Their embedded client support utility must use HTTP as a transport, but the strange part was that I never even installed their client and yet their server was "ping"ing me many times a day trying to contact their program. Quite annoying.

Monday, August 25, 2003

*  Recent Topics

*  Fog Creek Home