Ultimate security

Discussion in 'Computer Security' started by Nowhere, Aug 23, 2005.

  1. Nowhere

    Nowhere Guest

    I have a laptop Xp, how do I make it completely secure and safe, on and off
    line? Thanks...
     
    Nowhere, Aug 23, 2005
    #1
    1. Advertising

  2. Nowhere

    Kiyoshi H Guest

    You can never make it "completely safe", but you can make it pretty safe.

    There are some nice security templates on the website of NSA:
    http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1

    But if you want a safe system... don't use Windows.

    - Kiyoshi

    Nowhere wrote:
    > I have a laptop Xp, how do I make it completely secure and safe, on and off
    > line? Thanks...
    >
    >
     
    Kiyoshi H, Aug 23, 2005
    #2
    1. Advertising

  3. Nowhere

    Imhotep Guest

    Nowhere wrote:

    > I have a laptop Xp, how do I make it completely secure and safe, on and
    > off line? Thanks...


    Ditching Microsoft would be a good start! If Linux/BSD is not your thing
    check out the Macs. They are very nice.

    Honestly, your question is very broad. However, here are some things to
    consider:

    1) DO NOT allow users to be in the admin group (this alone will prevent 80%
    of crapware from being installed.)

    2) Remove all unnecessary services. If you do not use it, disable it!

    3) Use a firewall

    4) Stay the hell away from IE and active-x

    5) Install multiple anti-spyware apps. Update and scan everyday.

    6) Install anti-virus

    7) Configure your automatic update to update (or at least check) everyday

    ....or simply go with Linux, BSD or a Mac and just enjoy then Internet like
    it is supposed to be...your choice.

    Im
     
    Imhotep, Aug 23, 2005
    #3
  4. Take a hammer and smash it to tiny pieces. That is the only way to make it
    completely safe and secure at all times.

    "Nowhere" <> wrote in message
    news:defhvg$fvq$...
    >I have a laptop Xp, how do I make it completely secure and safe, on and off
    > line? Thanks...
    >
    >
     
    Teeny & Allen, Aug 23, 2005
    #4
  5. Nowhere

    Notan Guest

    Imhotep wrote:
    >
    > <snip>
    >
    > 4) Stay the hell away from IE and active-x
    >
    > 7) Configure your automatic update to update (or at least check) everyday


    If I'm not mistaken, Windows Update utilizes ActiveX.

    Notan
     
    Notan, Aug 23, 2005
    #5
  6. "Notan" <> wrote in message
    news:...
    > Imhotep wrote:
    > >
    > > <snip>
    > >
    > > 4) Stay the hell away from IE and active-x
    > >
    > > 7) Configure your automatic update to update (or at least check)

    everyday
    >
    > If I'm not mistaken, Windows Update utilizes ActiveX.


    "Never ruin a good story with facts" (can't remember whom, so - Anon)

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Aug 23, 2005
    #6
  7. Nowhere

    Winged Guest

    Imhotep wrote:
    > Nowhere wrote:
    >
    >
    >>I have a laptop Xp, how do I make it completely secure and safe, on and
    >>off line? Thanks...

    >
    >
    > Ditching Microsoft would be a good start! If Linux/BSD is not your thing
    > check out the Macs. They are very nice.
    >
    > Honestly, your question is very broad. However, here are some things to
    > consider:
    >
    > 1) DO NOT allow users to be in the admin group (this alone will prevent 80%
    > of crapware from being installed.)
    >
    > 2) Remove all unnecessary services. If you do not use it, disable it!
    >
    > 3) Use a firewall
    >
    > 4) Stay the hell away from IE and active-x
    >
    > 5) Install multiple anti-spyware apps. Update and scan everyday.
    >
    > 6) Install anti-virus
    >
    > 7) Configure your automatic update to update (or at least check) everyday
    >
    > ....or simply go with Linux, BSD or a Mac and just enjoy then Internet like
    > it is supposed to be...your choice.
    >
    > Im



    While not disagreeing with most of your post, I have found daily
    scanning and updating for spyware not required at the frequency you
    suggest.

    I will occasionally scan (currently I scan at the same time I do a
    monthly AV scan (don't find nothing there either)with several products,
    but it has been months since I found anything more than a cookie even on
    a WinXP box.

    I would further recommend however to ensure you do NOT use Outlook
    Express. It has all the flaws of IE and adds a few more in the process.

    Even Outlook "can" be dangerous improperly configured, though it may be
    configured to operate securely. I have not found the same true for
    outlook express. Outlook is significantly more secure than its little
    brother, but it must be configured securely like any other application.

    I use neither for personal use but use Outlook for mail as a business
    client. There are a number of other clients available that provide
    significantly better protection than OE. I use Thunderbird in the
    personal setting and have had no issues, but I have it locked down
    fairly tight.

    Using FireFox (without the lure of outside plug-ins) I have found FF
    very competent, though I do have things like Java applets denied at most
    sites. Though I use anything but IE for routine browsing and
    applications that touch the web all have their rights dropped to a user
    with very limited write permissions. In my case, no web application is
    permitted to write to the registry or store files outside of specific
    areas. There are several browsers other than IE that would be as good
    as FF.

    The next biggest issue you have is downloading unknown code from unknown
    locations and installing it on a system (this also applies to LINUX).
    There are many "free" packages that contain spyware as well as a few
    commercial products as well. I want nothing phoning home without my
    permission.

    Learning to operate safely, browse safely is one of the biggest
    preventions. You spend your time in the muck of the Internet, your
    going to get dirty.

    There is no such thing as a "completely secure" computer irrespective of
    operating system, in the real world. I have seen compromised systems on
    every major platform including mainframe systems. Security is always
    relative and a balance of usability versus security versus money.
    Computer mission requirements often dictate choices in the OS as well as
    the hardware used. Like it or not there are some requirements or
    combinations thereof, that may dictate the OS and platform used. But if
    you follow the guidelines above you will be reasonably secure. The
    advice of reducing services needed, and connections to the minimum
    required applies to Linux, Unix, Irix as well as WinX boxes.


    I am still waiting for the perfect computer, but when she comes along I
    will know her. But that computer will probably kill me because of the
    threat I pose.


    Winged
     
    Winged, Aug 24, 2005
    #7
  8. Nowhere

    Winged Guest

    Nowhere wrote:
    > I have a laptop Xp, how do I make it completely secure and safe, on and off
    > line? Thanks...
    >
    >

    First get a non-ferrous container. Line it with 1 inch plate non ferrous
    metal drilling holes every 1/2 in in the lid for adequate ventilation.

    Next place laptop in the the bottom of container (container should be
    near the size of the laptop. Mix about 1 liter of epoxy resin. Pour
    resin in all orifices of laptop including covering the keyboard. Close
    laptop lid and allow resin to dry. Next fill the remaining free space
    of the container with common cement and close container lid.

    Take laptop and container to the Central Pacific Trough (Pacific Ocean).
    When a depth of 15000 feet or greater is found, drop the laptop
    container into the ocean and enjoy the rest of your cruise being assured
    your laptop is completely safe and secure.

    Winged
     
    Winged, Aug 24, 2005
    #8
  9. Nowhere

    Imhotep Guest

    Notan wrote:

    > Imhotep wrote:
    >>
    >> <snip>
    >>
    >> 4) Stay the hell away from IE and active-x
    >>
    >> 7) Configure your automatic update to update (or at least check) everyday

    >
    > If I'm not mistaken, Windows Update utilizes ActiveX.
    >
    > Notan


    Yes, you are correct. The one significant windows site uses one of the worse
    protocols constructed. Are you really surprised?
     
    Imhotep, Aug 24, 2005
    #9
  10. Nowhere

    David Guest

    First off, there is no such thing as "completely secure", save salvation
    in heaven.

    Second off, don't use windows, use linux or BSD (preferably OpenBSD).
    If you have to use windows do what the other posters have said to
    minimize risk.

    If you use linux or OpenBSD, use a hardened profile, configure strict
    quotas, use ACLs at the disk (with reiserFS), network (with firewalls
    and packet filters), file (with permissions), and kernel (with SElinux
    and PAX) level, start up minimal services, set up a strict firewall
    and/or packet filter with iptables and/or pf, monitor all information
    flowing from the network interfaces, log every event of every process at
    debug level, update all applications to the latest version before you
    use them, check the source code of your applications to make sure they
    are secure, and encrypt all partisions except /boot with loop-aes and
    the AES-256 cipher with 65 keyrounds and a 4096-bit gpg key on a
    tamer-proof removable media. Or get a life.

    As you can see, it's a lot of work to get _really_ secure. For normal
    use, restrict services, check windows updates, and generally watch what
    you download on the net.

    good luck,
    David

    Nowhere wrote:
    > I have a laptop Xp, how do I make it completely secure and safe, on and off
    > line? Thanks...
    >
    >
     
    David, Aug 30, 2005
    #10
  11. Nowhere

    Jim Watt Guest

    On Wed, 24 Aug 2005 01:54:06 GMT, Imhotep <> wrote:

    >Notan wrote:
    >
    >> Imhotep wrote:
    >>>
    >>> <snip>
    >>>
    >>> 4) Stay the hell away from IE and active-x
    >>>
    >>> 7) Configure your automatic update to update (or at least check) everyday

    >>
    >> If I'm not mistaken, Windows Update utilizes ActiveX.
    >>
    >> Notan

    >
    >Yes, you are correct. The one significant windows site uses one of the worse
    >protocols constructed. Are you really surprised?


    There is nothing wrong with activex providing you trust the people
    who wrote it.

    but you have an obsession with slagging MS
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Aug 30, 2005
    #11
  12. Nowhere

    Imhotep Guest

    Jim Watt wrote:

    > On Wed, 24 Aug 2005 01:54:06 GMT, Imhotep <> wrote:
    >
    >>Notan wrote:
    >>
    >>> Imhotep wrote:
    >>>>
    >>>> <snip>
    >>>>
    >>>> 4) Stay the hell away from IE and active-x
    >>>>
    >>>> 7) Configure your automatic update to update (or at least check)
    >>>> everyday
    >>>
    >>> If I'm not mistaken, Windows Update utilizes ActiveX.
    >>>
    >>> Notan

    >>
    >>Yes, you are correct. The one significant windows site uses one of the
    >>worse protocols constructed. Are you really surprised?

    >
    > There is nothing wrong with activex providing you trust the people
    > who wrote it.


    Yet another mindless comment from you.

    A lot spyware apps require two basic things 1) Active-X 2) local Admin
    privs. Not using Active X and not being a local admin is just a smart way
    to go if you can not learn another OS.

    Second your comment is mindless...and I quote you:

    "There is nothing wrong with activex providing you trust the people
    who wrote it."

    Do you know every writer of every active-x app for every web site you go to?
    Even if you do most people do not. It makes much more sense to not use it
    (unless going to the MS web site for an update)...

    > but you have an obsession with slagging MS


    An you have an obsession for being a moron but, I don't hold that against
    you much. Like agreeing that NZ does not need better protection from
    SPAM...still waiting on you to explain why, since you agree with MS, you
    are hiding your email address?


    Im
    > --
    > Jim Watt
    > http://www.gibnet.com
     
    Imhotep, Aug 30, 2005
    #12
  13. Nowhere

    Jim Watt Guest

    On Tue, 30 Aug 2005 12:30:13 GMT, Imhotep <> wrote:

    >Jim Watt wrote:
    >
    >> On Wed, 24 Aug 2005 01:54:06 GMT, Imhotep <> wrote:
    >>
    >>>Notan wrote:
    >>>
    >>>> Imhotep wrote:
    >>>>>
    >>>>> <snip>
    >>>>>
    >>>>> 4) Stay the hell away from IE and active-x
    >>>>>
    >>>>> 7) Configure your automatic update to update (or at least check)
    >>>>> everyday
    >>>>
    >>>> If I'm not mistaken, Windows Update utilizes ActiveX.
    >>>>
    >>>> Notan
    >>>
    >>>Yes, you are correct. The one significant windows site uses one of the
    >>>worse protocols constructed. Are you really surprised?

    >>
    >> There is nothing wrong with activex providing you trust the people
    >> who wrote it.

    >
    >Yet another mindless comment from you.


    do you +have+ to reply to everything and be abusive ?


    >Do you know every writer of every active-x app for every web site you go to?


    If its digitally signed by Microsoft its OK, otherwise I don't accept
    it.

    >SPAM...still waiting on you to explain why, since you agree with MS, you
    >are hiding your email address?


    Can I suggest you hold your breath, and please recall that you have
    been advised that SPAM is a registered trade mark.


    Jim Watt http://www.gibnet.com

    "Arguing with anonymous strangers on the Internet is a sucker's game because
    they almost always turn out to be - or to be indistinguishable from - self-righteous
    sixteen-year-olds possessing infinite amounts of free time."

    .... Neil Stephenson, Cryptonomicon
     
    Jim Watt, Aug 30, 2005
    #13
  14. Nowhere

    Imhotep Guest

    Jim Watt wrote:

    > On Tue, 30 Aug 2005 12:30:13 GMT, Imhotep <> wrote:
    >
    >>Jim Watt wrote:
    >>
    >>> On Wed, 24 Aug 2005 01:54:06 GMT, Imhotep <> wrote:
    >>>
    >>>>Notan wrote:
    >>>>
    >>>>> Imhotep wrote:
    >>>>>>
    >>>>>> <snip>
    >>>>>>
    >>>>>> 4) Stay the hell away from IE and active-x
    >>>>>>
    >>>>>> 7) Configure your automatic update to update (or at least check)
    >>>>>> everyday
    >>>>>
    >>>>> If I'm not mistaken, Windows Update utilizes ActiveX.
    >>>>>
    >>>>> Notan
    >>>>
    >>>>Yes, you are correct. The one significant windows site uses one of the
    >>>>worse protocols constructed. Are you really surprised?
    >>>
    >>> There is nothing wrong with activex providing you trust the people
    >>> who wrote it.

    >>
    >>Yet another mindless comment from you.

    >
    > do you +have+ to reply to everything and be abusive ?


    Well, you replied to me and I replied to you. As for abusive, you are the
    one with serious anger management and racism issues. You reply quite rudely
    to people then ask them why they are acting abusive? Are you in denial
    much?

    >
    >
    >>Do you know every writer of every active-x app for every web site you go
    >>to?

    >
    > If its digitally signed by Microsoft its OK, otherwise I don't accept
    > it.
    >
    >>SPAM...still waiting on you to explain why, since you agree with MS, you
    >>are hiding your email address?

    >
    > Can I suggest you hold your breath, and please recall that you have
    > been advised that SPAM is a registered trade mark.


    Who cares...um not me...Again, you side stepped answering the question. Try
    answering the question then try suggesting the differences between spam and
    SPAM...

    >
    >
    > Jim Watt http://www.gibnet.com
    >
    > "Arguing with anonymous strangers on the Internet is a sucker's game
    > because they almost always turn out to be - or to be indistinguishable
    > from - self-righteous sixteen-year-olds possessing infinite amounts of
    > free time."
    >
    > ... Neil Stephenson, Cryptonomicon
     
    Imhotep, Aug 30, 2005
    #14
  15. Nowhere

    Jim Watt Guest

    On Tue, 30 Aug 2005 21:21:04 GMT, Imhotep <> wrote:

    >>>Yet another mindless comment from you.

    >>
    >> do you +have+ to reply to everything and be abusive ?

    >
    >Well, you replied to me and I replied to you. As for abusive, you are the
    >one with serious anger management and racism issues.


    so you say, quite how you infer that from posting that a large
    percentage of the residents of India are illiterate remains a mystery
    but go complain to the CIA about their website which supports
    the argument.

    As for living in cardboard boxes, many yorkshiremen dream of that
    luxury.
    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Aug 31, 2005
    #15
  16. Notan wrote:

    > Imhotep wrote:
    >
    >><snip>
    >>
    >>4) Stay the hell away from IE and active-x
    >>
    >>7) Configure your automatic update to update (or at least check) everyday

    >
    >
    > If I'm not mistaken, Windows Update utilizes ActiveX.
    >
    > Notan


    Only to inspect, install and upgrade itself. And there is a way around
    that (we filter ActiveX on the firewall, and Windows Update works fine).

    John
     
    John Veldhuis, Sep 1, 2005
    #16
  17. Nowhere

    Imhotep Guest

    Jim Watt wrote:

    > On Tue, 30 Aug 2005 21:21:04 GMT, Imhotep <> wrote:
    >
    >>>>Yet another mindless comment from you.
    >>>
    >>> do you +have+ to reply to everything and be abusive ?

    >>
    >>Well, you replied to me and I replied to you. As for abusive, you are the
    >>one with serious anger management and racism issues.

    >
    > so you say, quite how you infer that from posting that a large
    > percentage of the residents of India are illiterate remains a mystery
    > but go complain to the CIA about their website which supports
    > the argument.
    >
    > As for living in cardboard boxes, many yorkshiremen dream of that
    > luxury.
    > --
    > Jim Watt
    > http://www.gibnet.com


    Jim you made a racist statement. You can try sugar coat it if you want, but
    I know what you are all about. Cease you bigotry, there is no place for
    that kind of senseless hate...

    Most racistism stems from a weak view of oneself. May some counseling would
    help you....

    Good Luck,
    Im
     
    Imhotep, Sep 5, 2005
    #17
  18. Nowhere

    Management Guest

    Imhotep wrote:
    <SNIP>
    >
    > Jim you made a racist statement. You can try sugar coat it if you want, but
    > I know what you are all about. Cease you bigotry, there is no place for
    > that kind of senseless hate...
    >
    > Most racistism stems from a weak view of oneself. May some counseling would
    > help you....
    >
    > Good Luck,
    > Im


    Imhotep,

    Don't feed the troll!!!


    Charlie.

    --
    Broadcasting to the environs
    www.radiowymsey.org
     
    Management, Sep 6, 2005
    #18
  19. Nowhere

    Imhotep Guest

    Management wrote:

    > Imhotep wrote:
    > <SNIP>
    >>
    >> Jim you made a racist statement. You can try sugar coat it if you want,
    >> but I know what you are all about. Cease you bigotry, there is no place
    >> for that kind of senseless hate...
    >>
    >> Most racistism stems from a weak view of oneself. May some counseling
    >> would help you....
    >>
    >> Good Luck,
    >> Im

    >
    > Imhotep,
    >
    > Don't feed the troll!!!
    >
    >
    > Charlie.
    >


    Ya, you're right...

    Imhotep
     
    Imhotep, Sep 7, 2005
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand
    Replies:
    2
    Views:
    1,030
    unholy
    Jun 29, 2005
  2. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    619
    COMSOLIT Messmer
    Sep 5, 2003
  3. Doug MacLean
    Replies:
    0
    Views:
    1,022
    Doug MacLean
    Sep 10, 2004
  4. Ed Zagmoon

    I've developed the ultimate security system!!!

    Ed Zagmoon, Nov 21, 2006, in forum: Computer Security
    Replies:
    6
    Views:
    465
  5. Novice

    file security in windows 7 ultimate

    Novice, Apr 28, 2010, in forum: Windows 64bit
    Replies:
    2
    Views:
    2,694
    James Kosin
    Apr 29, 2010
Loading...

Share This Page