Antivirus programs for XP - best ones?

Discussion in 'Computer Security' started by ~BD~, Jul 12, 2009.

  1. ~BD~

    ~BD~ Guest

    Here is a post by Stefan Kanthak - the content of which seems
    particularly good to me (although it has upset folk elsewhere!)

    What views do the experts in *this* group have about Stefan's comments?

    Thanks.

    "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    news:...

    >ALL Anti-somethings are more or less useless, especially since
    > they CAN'T protect against new and yet unknown malware. It just needs
    > ONE failure and your system is toast. And all Anti-something software
    > enlarges the attack surface.
    >
    > So: setup your OS properly and harden it!
    >
    > 1. DON'T create user accounts during setup as they will become
    > administrative accounts.
    > Create "restricted" or "standard" user account(s) after setup and
    > use ONLY these accounts for everyday work.
    >
    > 2. Remove all optional components which installed automatically but
    > you don't need.
    >
    > 3. Turn off all unused services: you won't need File and Printer
    > Sharing
    > when you don't have a LAN, and almost never DCOM or RPC.
    > See <http://ntsvcfg.de/ntsvcfg_eng.html> for more.
    >
    > 4. Turn off possibly dangerous functions like AutoRun and AutoPlay!
    >
    > 5. Turn on Software Restriction Policies a.k.a. SAFER (unfortunately
    > XP Home needs the registry to be edited directly) and set the
    > default level to "Not allowed" except for the "Administrators"
    > (and remove .LNK from the list of executables): this allows
    > execution only in %SystemRoot% and below as well as %ProgramFiles%
    > and below.
    >
    > Thus your standard user(s) can only run applications installed
    > into paths where they don't have write access, and vice versa.
    >
    > Additionally consider
    >
    > <http://blogs.msdn.com/michael_howard/archive/2005/01/31/363985.aspx>
    >
    > 6. Use a safe(r) browser and MUA/NUA or at least configure both the
    > Internet Explorer and Outlook Express/Windows Mail for safety:
    > no HTML in mail/news, no ActiveX, no Active Scripting, no picture
    > preview, ...
    >
    > 7. Don't use functions "Remember my password" or autocompletion of
    > passwords.
    > Turn of transmission of passwords and user credentials in clear
    > text!
    >
    > 8. Don't open (email) attachments you didn't expect, don't open
    > files (.PDF, .CHM, ...) from sources you don't or can't trust.
    >
    > Don't use (the full-featured) Word, Excel and PowerPoint to open
    > files you get per mail/floppy/USB or downloaded from the net, but
    > use the free-of-charge Word/Excel/PowerPoint viewers. These will
    > not run VBA-Code and macros.
    >
    > 9. Keep your system and ALL installed applications uptodate (Microsoft
    > Update in automatic mode with "no reboot with users logged on" will
    > do a good job for most of Microsofts applications).
    >
    > Stefan
     
    ~BD~, Jul 12, 2009
    #1
    1. Advertising

  2. ~BD~

    Todd H. Guest

    I basically agree with everything he says except the first bit which
    can be read as a categorical rejection of AV programs. They're
    definitely part of a risk management approach, and will catch some
    things. I wouldn't have a corporate desktop out there without one,
    for instance.

    Some AV programs have heuristic based engines that do a "better than
    nothing" job of detecting previously unknown malware doing malware
    like things, so there is a place for them, but it's no silver bullet.

    You do have to operate knowing that AV is relatively easy to evade
    (via repacking, slightly tweaking existing nastyware, writing custom
    nastyware, etc), and that having it doesn't mean you can just go
    downloading whatever the hell ya want, or having your [insert any
    major login site] web page open while surfing pr0n sites and hoping
    there's not an CSRF or XSS issue with the pr0n site that might try to
    have some fun with it.

    All the other things he mentioned are good practices.

    NOD32 isn't a horrible anti-virus. Symantec's corporate product isn't
    all that annoying. I haven't seen their Norton line stuff in some
    years but boy it was annoying as hell last time I did. Symantec's
    engine does a decent job it seems, though.

    http://www.av-comparatives.org/ is a useful site. They split
    testing into on-demand scanning and proactive protection.



    "~BD~" <> writes:
    > Here is a post by Stefan Kanthak - the content of which seems
    > particularly good to me (although it has upset folk elsewhere!)
    >
    > What views do the experts in *this* group have about Stefan's comments?
    >
    > Thanks.
    >
    > "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    > news:...
    >
    > >ALL Anti-somethings are more or less useless, especially since
    >> they CAN'T protect against new and yet unknown malware. It just needs
    >> ONE failure and your system is toast. And all Anti-something software
    >> enlarges the attack surface.
    >>
    >> So: setup your OS properly and harden it!
    >>
    >> 1. DON'T create user accounts during setup as they will become
    >> administrative accounts.
    >> Create "restricted" or "standard" user account(s) after setup and
    >> use ONLY these accounts for everyday work.
    >>
    >> 2. Remove all optional components which installed automatically but
    >> you don't need.
    >>
    >> 3. Turn off all unused services: you won't need File and Printer
    >> Sharing
    >> when you don't have a LAN, and almost never DCOM or RPC.
    >> See <http://ntsvcfg.de/ntsvcfg_eng.html> for more.
    >>
    >> 4. Turn off possibly dangerous functions like AutoRun and AutoPlay!
    >>
    >> 5. Turn on Software Restriction Policies a.k.a. SAFER (unfortunately
    >> XP Home needs the registry to be edited directly) and set the
    >> default level to "Not allowed" except for the "Administrators"
    >> (and remove .LNK from the list of executables): this allows
    >> execution only in %SystemRoot% and below as well as %ProgramFiles%
    >> and below.
    >>
    >> Thus your standard user(s) can only run applications installed
    >> into paths where they don't have write access, and vice versa.
    >>
    >> Additionally consider
    >>
    >> <http://blogs.msdn.com/michael_howard/archive/2005/01/31/363985.aspx>
    >>
    >> 6. Use a safe(r) browser and MUA/NUA or at least configure both the
    >> Internet Explorer and Outlook Express/Windows Mail for safety:
    >> no HTML in mail/news, no ActiveX, no Active Scripting, no picture
    >> preview, ...
    >>
    >> 7. Don't use functions "Remember my password" or autocompletion of
    >> passwords.
    >> Turn of transmission of passwords and user credentials in clear
    >> text!
    >>
    >> 8. Don't open (email) attachments you didn't expect, don't open
    >> files (.PDF, .CHM, ...) from sources you don't or can't trust.
    >>
    >> Don't use (the full-featured) Word, Excel and PowerPoint to open
    >> files you get per mail/floppy/USB or downloaded from the net, but
    >> use the free-of-charge Word/Excel/PowerPoint viewers. These will
    >> not run VBA-Code and macros.
    >>
    >> 9. Keep your system and ALL installed applications uptodate (Microsoft
    >> Update in automatic mode with "no reboot with users logged on" will
    >> do a good job for most of Microsofts applications).
    >>
    >> Stefan

    >
    >


    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jul 13, 2009
    #2
    1. Advertising

  3. ~BD~

    ~BD~ Guest

    Many thanks for your views, Todd.

    FYI, I was 'loaned' a copy of the Corporate Symantec product which
    seemed to work flawlessly. It was just after I'd mentioned this on the
    Aumha forum that 'they' became all funny with me - and shortly after
    decided to ban me from their forum.

    What if? (No evidence!!) one were to visit their site to have ones
    computer 'cleaned' - but, after downloading and running all manner of
    software on instruction, one was pronounced 'clean' - but had, in fact,
    been co-opted into a huge botnet. How would the average guy or gal know?

    Always wondering! <smile>
    --
    Dave


    "Todd H." <> wrote in message
    news:...
    >
    > I basically agree with everything he says except the first bit which
    > can be read as a categorical rejection of AV programs. They're
    > definitely part of a risk management approach, and will catch some
    > things. I wouldn't have a corporate desktop out there without one,
    > for instance.
    >
    > Some AV programs have heuristic based engines that do a "better than
    > nothing" job of detecting previously unknown malware doing malware
    > like things, so there is a place for them, but it's no silver bullet.
    >
    > You do have to operate knowing that AV is relatively easy to evade
    > (via repacking, slightly tweaking existing nastyware, writing custom
    > nastyware, etc), and that having it doesn't mean you can just go
    > downloading whatever the hell ya want, or having your [insert any
    > major login site] web page open while surfing pr0n sites and hoping
    > there's not an CSRF or XSS issue with the pr0n site that might try to
    > have some fun with it.
    >
    > All the other things he mentioned are good practices.
    >
    > NOD32 isn't a horrible anti-virus. Symantec's corporate product isn't
    > all that annoying. I haven't seen their Norton line stuff in some
    > years but boy it was annoying as hell last time I did. Symantec's
    > engine does a decent job it seems, though.
    >
    > http://www.av-comparatives.org/ is a useful site. They split
    > testing into on-demand scanning and proactive protection.
    >
    >
    >
    > "~BD~" <> writes:
    >> Here is a post by Stefan Kanthak - the content of which seems
    >> particularly good to me (although it has upset folk elsewhere!)
    >>
    >> What views do the experts in *this* group have about Stefan's
    >> comments?
    >>
    >> Thanks.
    >>
    >> "Stefan Kanthak" <postmaster@[127.0.0.1]> wrote in message
    >> news:...
    >>
    >> >ALL Anti-somethings are more or less useless, especially since
    >>> they CAN'T protect against new and yet unknown malware. It just
    >>> needs
    >>> ONE failure and your system is toast. And all Anti-something
    >>> software
    >>> enlarges the attack surface.
    >>>
    >>> So: setup your OS properly and harden it!
    >>>
    >>> 1. DON'T create user accounts during setup as they will become
    >>> administrative accounts.
    >>> Create "restricted" or "standard" user account(s) after setup and
    >>> use ONLY these accounts for everyday work.
    >>>
    >>> 2. Remove all optional components which installed automatically but
    >>> you don't need.
    >>>
    >>> 3. Turn off all unused services: you won't need File and Printer
    >>> Sharing
    >>> when you don't have a LAN, and almost never DCOM or RPC.
    >>> See <http://ntsvcfg.de/ntsvcfg_eng.html> for more.
    >>>
    >>> 4. Turn off possibly dangerous functions like AutoRun and AutoPlay!
    >>>
    >>> 5. Turn on Software Restriction Policies a.k.a. SAFER (unfortunately
    >>> XP Home needs the registry to be edited directly) and set the
    >>> default level to "Not allowed" except for the "Administrators"
    >>> (and remove .LNK from the list of executables): this allows
    >>> execution only in %SystemRoot% and below as well as %ProgramFiles%
    >>> and below.
    >>>
    >>> Thus your standard user(s) can only run applications installed
    >>> into paths where they don't have write access, and vice versa.
    >>>
    >>> Additionally consider
    >>>
    >>> <http://blogs.msdn.com/michael_howard/archive/2005/01/31/363985.aspx>
    >>>
    >>> 6. Use a safe(r) browser and MUA/NUA or at least configure both the
    >>> Internet Explorer and Outlook Express/Windows Mail for safety:
    >>> no HTML in mail/news, no ActiveX, no Active Scripting, no picture
    >>> preview, ...
    >>>
    >>> 7. Don't use functions "Remember my password" or autocompletion of
    >>> passwords.
    >>> Turn of transmission of passwords and user credentials in clear
    >>> text!
    >>>
    >>> 8. Don't open (email) attachments you didn't expect, don't open
    >>> files (.PDF, .CHM, ...) from sources you don't or can't trust.
    >>>
    >>> Don't use (the full-featured) Word, Excel and PowerPoint to open
    >>> files you get per mail/floppy/USB or downloaded from the net, but
    >>> use the free-of-charge Word/Excel/PowerPoint viewers. These will
    >>> not run VBA-Code and macros.
    >>>
    >>> 9. Keep your system and ALL installed applications uptodate
    >>> (Microsoft
    >>> Update in automatic mode with "no reboot with users logged on"
    >>> will
    >>> do a good job for most of Microsofts applications).
    >>>
    >>> Stefan

    >>
    >>

    >
    > --
    > Todd H.
    > http://www.toddh.net/
     
    ~BD~, Jul 13, 2009
    #3
  4. ~BD~

    Todd H. Guest

    "~BD~" <> writes:

    > Many thanks for your views, Todd.
    >
    > FYI, I was 'loaned' a copy of the Corporate Symantec product which
    > seemed to work flawlessly. It was just after I'd mentioned this on the
    > Aumha forum that 'they' became all funny with me - and shortly after
    > decided to ban me from their forum.
    >
    > What if? (No evidence!!) one were to visit their site to have ones
    > computer 'cleaned' - but, after downloading and running all manner of
    > software on instruction, one was pronounced 'clean' - but had, in fact,
    > been co-opted into a huge botnet. How would the average guy or gal know?
    >
    > Always wondering! <smile>


    It's hard. You'd have to have a baseline of network traffic and
    perhaps anomalous traffic would give you a hint. Essentially no one
    has that.

    When in doubt, fdisk, format, and reinstall from original readonly
    media.
     
    Todd H., Jul 13, 2009
    #4
  5. ~BD~

    ~BD~ Guest

    "Todd H." <> wrote in message
    news:...
    > "~BD~" <> writes:
    >
    >> Many thanks for your views, Todd.
    >>
    >> FYI, I was 'loaned' a copy of the Corporate Symantec product which
    >> seemed to work flawlessly. It was just after I'd mentioned this on
    >> the
    >> Aumha forum that 'they' became all funny with me - and shortly after
    >> decided to ban me from their forum.
    >>
    >> What if? (No evidence!!) one were to visit their site to have ones
    >> computer 'cleaned' - but, after downloading and running all manner of
    >> software on instruction, one was pronounced 'clean' - but had, in
    >> fact,
    >> been co-opted into a huge botnet. How would the average guy or gal
    >> know?
    >>
    >> Always wondering! <smile>

    >
    > It's hard. You'd have to have a baseline of network traffic and
    > perhaps anomalous traffic would give you a hint. Essentially no one
    > has that.
    >
    > When in doubt, fdisk, format, and reinstall from original readonly
    > media.
    >


    Agreed. Totally! :)

    Consider those who have no clue, Todd.

    I once thought I was sharp about 'protection' - yet I got burnt.

    Many people I speak to in the real world have no clue about security
    matters relating to 'computing' but, even worse, don't seem to care at
    all!

    Most folk think I'm daft when I suggest that even swopping out a hard
    disk for a brand new one might not 'clean' a compromised machine - I'm
    still not certain about that! The Police advised me to scrap my PC after
    it had been compromised. I did .......... eventually!

    Thanks for discussing, Todd.

    --
    Dave
     
    ~BD~, Jul 13, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. PowerPost2000

    Hard drives--Are big ones more delicate than smaller ones?

    PowerPost2000, Mar 1, 2005, in forum: Computer Support
    Replies:
    2
    Views:
    511
    Togobacteria Peptidovorans Xylosoxydans Rymovirus
    Mar 1, 2005
  2. michael

    The Best Ones

    michael, Jun 20, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    418
    =?ISO-8859-1?Q?R=F4g=EAr?=
    Jun 20, 2005
  3. wm2004

    The Best Personal Firewalls - Which Ones?

    wm2004, Jan 30, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    420
    donutbandit
    Jan 30, 2004
  4. Brian J

    Which ones are best in the medium range?

    Brian J, Nov 30, 2004, in forum: Digital Photography
    Replies:
    0
    Views:
    267
    Brian J
    Nov 30, 2004
  5. Giuen
    Replies:
    0
    Views:
    1,158
    Giuen
    Sep 12, 2008
Loading...

Share This Page