Software Firewalls

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
computer would not boot, so I am wondering if there is a firewall out there
that is compatible with the SP2 firewall.
34 answers Last reply
More about software firewalls
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Rod P." wrote:

    > I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
    > computer would not boot, so I am wondering if there is a firewall out there
    > that is compatible with the SP2 firewall.

    Yeah. The SP2 firewall. Once you install SP2 and keep it up to date, you
    really don't need a third party firewall as long as you use other measures to
    keep viruses, trojans, worms, adware, and spyware from getting on your system
    in the first place -- and you will also be free of all the problems (did
    someone mention Zone Alarm?) that people seem to experience whenever they
    attempt to install a third party firewall with SP2 (as you can quickly learn
    by regularly following these newsgroups).

    If, despite all this, you want to use a third party firewall, you should
    turn off the Windows firewall. You should have only one firewall running at
    any time on your system. Ditto for antivirus.

    Ken
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I run ZA on SP2 and there are no compatibility issues, you should disable
    windows firewall, because it s not recomended to run 2 firewalls at same
    time.

    "Rod P." <RodP@discussions.microsoft.com> wrote in message
    news:B9AD7BE0-296F-4261-880F-97E49C0AEC15@microsoft.com...
    >I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
    > computer would not boot, so I am wondering if there is a firewall out
    > there
    > that is compatible with the SP2 firewall.
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I use ZA with XP Pro SP2 and have had no problems on any of the 6 machines I
    use it with. I would NOT recommend the XP Firewall as the other person
    suggested. The Windows Firewall is crude at best.


    "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
    news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    > "Rod P." wrote:
    >
    >> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
    >> computer would not boot, so I am wondering if there is a firewall out
    >> there
    >> that is compatible with the SP2 firewall.
    >
    > Yeah. The SP2 firewall. Once you install SP2 and keep it up to date, you
    > really don't need a third party firewall as long as you use other measures
    > to
    > keep viruses, trojans, worms, adware, and spyware from getting on your
    > system
    > in the first place -- and you will also be free of all the problems (did
    > someone mention Zone Alarm?) that people seem to experience whenever they
    > attempt to install a third party firewall with SP2 (as you can quickly
    > learn
    > by regularly following these newsgroups).
    >
    > If, despite all this, you want to use a third party firewall, you should
    > turn off the Windows firewall. You should have only one firewall running
    > at
    > any time on your system. Ditto for antivirus.
    >
    > Ken
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Rod P. wrote:
    > I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but my
    > computer would not boot, so I am wondering if there is a firewall out
    > there that is compatible with the SP2 firewall.

    Zone Alarm does work with SP2.. If you have the latest version.
    Also many other firewalls work with SP2 - given you disable the built in
    firewall.

    ZoneAlarm (Free and up)
    http://snipurl.com/6ohg

    Kerio Personal Firewall (KPF) (Free and up)
    http://www.kerio.com/kpf_download.html

    Outpost Firewall from Agnitum (Free and up)
    http://www.agnitum.com/download/

    Sygate Personal Firewall (Free and up)
    http://smb.sygate.com/buy/download_buy.htm

    Symantec's Norton Personal Firewall (~$25 and up)
    http://www.symantec.com/sabu/nis/npf/

    BlackICE PC Protection ($39.95 and up)
    http://blackice.iss.net/

    --
    <- Shenan ->
    --
    The information is provided "as is", it is suggested you research for
    yourself before you take any advice - you are the one ultimately
    responsible for your actions/problems/solutions. Know what you are
    getting into before you jump in with both feet.
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    > I use ZA with XP Pro SP2 and have had no problems on any of the 6
    > machines I use it with. I would NOT recommend the XP Firewall as the
    > other person suggested. The Windows Firewall is crude at best.

    I'd say "simple", rather than "crude". It blocks *all* inbound traffic by
    default....and no outbound, which is often enough.

    I personally don't use it myself, but I've found that for the majority of
    home/small biz users, it's very confusing for them to continually get popup
    messages asking if they want to allow blah.exe to access the Internet. They
    either click No all the time out of (reasonable) paranoia and mess up
    something, or they allow things they shouldn't.

    I prefer perimeter network firewalls, even for home networks.
    >
    >
    > "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
    > news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    >> "Rod P." wrote:
    >>
    >>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but
    >>> my computer would not boot, so I am wondering if there is a
    >>> firewall out there
    >>> that is compatible with the SP2 firewall.
    >>
    >> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
    >> date, you really don't need a third party firewall as long as you
    >> use other measures to
    >> keep viruses, trojans, worms, adware, and spyware from getting on
    >> your system
    >> in the first place -- and you will also be free of all the problems
    >> (did someone mention Zone Alarm?) that people seem to experience
    >> whenever they attempt to install a third party firewall with SP2 (as
    >> you can quickly learn
    >> by regularly following these newsgroups).
    >>
    >> If, despite all this, you want to use a third party firewall, you
    >> should turn off the Windows firewall. You should have only one
    >> firewall running at
    >> any time on your system. Ditto for antivirus.
    >>
    >> Ken
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I agree with most of what you say with exception that no outbound blocking
    is usually enough. As you know, *most/many* home users are oblivious to
    what is running on their PCs and *many* have spyware/adware that they don't
    even know about. Having no outbound blocking for *most* people in these
    circumstances is like leaving the bank vault open and walking away. For
    this reason, I say the Windows Firewall is crude at best.

    I whole-heartedly agree that a perimeter firewall is a much better solution.
    Myself, I use a hardware firewall at my network perimeter and software
    firewalls (ZA) on each of my client machines.


    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
    news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
    > Scott M. wrote:
    >> I use ZA with XP Pro SP2 and have had no problems on any of the 6
    >> machines I use it with. I would NOT recommend the XP Firewall as the
    >> other person suggested. The Windows Firewall is crude at best.
    >
    > I'd say "simple", rather than "crude". It blocks *all* inbound traffic by
    > default....and no outbound, which is often enough.
    >
    > I personally don't use it myself, but I've found that for the majority of
    > home/small biz users, it's very confusing for them to continually get
    > popup
    > messages asking if they want to allow blah.exe to access the Internet.
    > They
    > either click No all the time out of (reasonable) paranoia and mess up
    > something, or they allow things they shouldn't.
    >
    > I prefer perimeter network firewalls, even for home networks.
    >>
    >>
    >> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in message
    >> news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    >>> "Rod P." wrote:
    >>>
    >>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro, but
    >>>> my computer would not boot, so I am wondering if there is a
    >>>> firewall out there
    >>>> that is compatible with the SP2 firewall.
    >>>
    >>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
    >>> date, you really don't need a third party firewall as long as you
    >>> use other measures to
    >>> keep viruses, trojans, worms, adware, and spyware from getting on
    >>> your system
    >>> in the first place -- and you will also be free of all the problems
    >>> (did someone mention Zone Alarm?) that people seem to experience
    >>> whenever they attempt to install a third party firewall with SP2 (as
    >>> you can quickly learn
    >>> by regularly following these newsgroups).
    >>>
    >>> If, despite all this, you want to use a third party firewall, you
    >>> should turn off the Windows firewall. You should have only one
    >>> firewall running at
    >>> any time on your system. Ditto for antivirus.
    >>>
    >>> Ken
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    > I agree with most of what you say with exception that no outbound
    > blocking is usually enough.

    For home/novice users, it usually is, unless they have something else
    (gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
    outbound). These things are inexpensive nowadays. I see no reason not to
    have one.

    > As you know, *most/many* home users are
    > oblivious to what is running on their PCs and *many* have
    > spyware/adware that they don't even know about. Having no outbound
    > blocking for *most* people in these circumstances is like leaving the
    > bank vault open and walking away.

    Well - I somewhat disagree. First, the spyware got in there somehow - and it
    didn't just blithely wander in through the guy's cable modem when he wasn't
    looking, & install itself. And spyware infestation is not going to be
    stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
    safe hex, XP SP2, tightening browser security, running antispyware software
    (Microsoft's beta, or others). In fact - this is a must, regardless.

    Re *trojans* (which are more of an issue in the context we're discussing
    here) yes, one can do the whole internet a favor by not allowing all but
    needed traffic outbound, it's true - and this is a Good Thing. However,
    again, the trojan got in somehow and didn't just blithely wander in through
    the... (see above). And the aforementioned guy needs good antivirus
    software, kept updated regularly and needs to know how to practice safe hex,
    as well as running WU regularly. Again, this is a must, regardless.

    If this guy doesn't get how to deal with the above, you think he's going to
    know exactly what to do when his local fw software asks him whether he would
    like to allow svchost.exe to access the Internet? I don't. He'll get
    frustrated and pick the wrong choice- or he'll simply turn off the annoying
    thing to avoid being asked.

    > For this reason, I say the Windows
    > Firewall is crude at best.

    Yes, it's simple, or if you must insist, I'll allow you your "crude." But it
    won't be any *less* useful than a third party application with regard to
    spyware. Spyware comes in and runs - it doesn't then launch attacks to the
    Internet.
    >
    > I whole-heartedly agree that a perimeter firewall is a much better
    > solution. Myself, I use a hardware firewall at my network perimeter
    > and software firewalls (ZA) on each of my client machines.

    Yep - belt & suspenders, but your clients had better be pretty savvy unless
    you don't present them with "pick yes or no" messages.
    >
    >
    > "Lanwench [MVP - Exchange]"
    > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
    > message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
    >> Scott M. wrote:
    >>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
    >>> machines I use it with. I would NOT recommend the XP Firewall as
    >>> the other person suggested. The Windows Firewall is crude at best.
    >>
    >> I'd say "simple", rather than "crude". It blocks *all* inbound
    >> traffic by default....and no outbound, which is often enough.
    >>
    >> I personally don't use it myself, but I've found that for the
    >> majority of home/small biz users, it's very confusing for them to
    >> continually get popup
    >> messages asking if they want to allow blah.exe to access the
    >> Internet. They
    >> either click No all the time out of (reasonable) paranoia and mess up
    >> something, or they allow things they shouldn't.
    >>
    >> I prefer perimeter network firewalls, even for home networks.
    >>>
    >>>
    >>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
    >>> message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    >>>> "Rod P." wrote:
    >>>>
    >>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
    >>>>> but my computer would not boot, so I am wondering if there is a
    >>>>> firewall out there
    >>>>> that is compatible with the SP2 firewall.
    >>>>
    >>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
    >>>> date, you really don't need a third party firewall as long as you
    >>>> use other measures to
    >>>> keep viruses, trojans, worms, adware, and spyware from getting on
    >>>> your system
    >>>> in the first place -- and you will also be free of all the problems
    >>>> (did someone mention Zone Alarm?) that people seem to experience
    >>>> whenever they attempt to install a third party firewall with SP2
    >>>> (as you can quickly learn
    >>>> by regularly following these newsgroups).
    >>>>
    >>>> If, despite all this, you want to use a third party firewall, you
    >>>> should turn off the Windows firewall. You should have only one
    >>>> firewall running at
    >>>> any time on your system. Ditto for antivirus.
    >>>>
    >>>> Ken
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    > These things are inexpensive nowadays. I see no reason not to have one.

    I agree, but nontheless the general computer user has no clue about such
    things.

    > Well - I somewhat disagree. First, the spyware got in there somehow - and
    > it
    > didn't just blithely wander in through the guy's cable modem when he
    > wasn't
    > looking, & install itself. And spyware infestation is not going to be
    > stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
    > safe hex, XP SP2, tightening browser security, running antispyware
    > software
    > (Microsoft's beta, or others). In fact - this is a must, regardless.

    I agree, but nontheless the general computer user doesn't tighten browser
    security or keep their anti-virus software up to date.

    > Re *trojans* (which are more of an issue in the context we're discussing
    > here) yes, one can do the whole internet a favor by not allowing all but
    > needed traffic outbound, it's true - and this is a Good Thing. However,
    > again, the trojan got in somehow and didn't just blithely wander in
    > through
    > the... (see above). And the aforementioned guy needs good antivirus
    > software, kept updated regularly and needs to know how to practice safe
    > hex,
    > as well as running WU regularly. Again, this is a must, regardless.

    See last comment.

    > If this guy doesn't get how to deal with the above, you think he's going
    > to
    > know exactly what to do when his local fw software asks him whether he
    > would
    > like to allow svchost.exe to access the Internet? I don't. He'll get
    > frustrated and pick the wrong choice- or he'll simply turn off the
    > annoying
    > thing to avoid being asked.

    In my experience, I disagree. Being asked (outbound filtering) gives
    someone a better chance than not being asked at all (Windows Firewall). If
    someone is going to take the time to install a software firewall, then they
    are doing so because they know and care about the safety of their pc. True,
    they may not always know what the message is exactly asking, but these days
    (ZA specifically), it's not hard to find out more info. when those messages
    come up.

    >> For this reason, I say the Windows
    >> Firewall is crude at best.
    >
    > Yes, it's simple, or if you must insist, I'll allow you your "crude." But
    > it
    > won't be any *less* useful than a third party application with regard to
    > spyware. Spyware comes in and runs - it doesn't then launch attacks to the
    > Internet.

    No, but it does report back to some machine as to what it has been spying
    on. And, thanks for *allowing* me my own opinion. :)
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    there once was a time when using multiple anti-spyware programs
    protected people from contracting spyware infections. this is no longer
    true. new spyware is being developed so fast, that even the best
    anti-spyware program fails to stop over 1/3 of all spyware. this is
    proven by tests documented at the following web site:
    http://windowssecrets.com/050127/#story1

    there once was a time when the only way you could get a
    virus/worm/Trojan/spyware infection was to intentionally click on
    something. this is no longer true. these days, infectious code is much
    more sophisticated, and can be acquired even by clicking on Nothing.
    these are called "No-click attacks". plenty of sources of information
    can be found by searching Google for "No-click attack".

    they can occur not only through E-mail and web browsing, but also
    through IM programs. in fact, the No-click attack vulnerability got so
    bad, that Microsoft has stopped people from signing into MSN Messenger
    until they install the newest upgrade, because you could be attacked
    with an infection using MSN Messenger, even if you clicked on Nothing.

    anti-virus programs are of some help, but even with frequent updates,
    they still only recognize infections known up until yesterday. they
    might or might not recognize new infections spreading today, so PCs will
    always be vulnerable to new infections until the anti-virus software
    maker develops the signature, makes it available, and the PC acquires
    it. this can mean a vulnerability of hours or days. therefore, it is
    easy to acquire a newly released virus/worm, without knowing it.

    and anti-virus programs fail miserably when it comes to
    detecting/removing Trojans. these Trojans can be easily acquired
    nowadays too, with the sophistication of "No-click" E-mail attachments,
    and your friend's name in the From field. the web site
    www.anti-trojan-software-reviews.com states
    "Most folk harbor the belief that they are totally protected from
    malicious trojan horses by their anti-virus scanner. The bad news is
    that many anti-virus scanners give only limited protection against
    trojans. Just how limited can be gauged from the fact that Norton
    Anti-Virus 2004 missed every single trojan in the test data set we used
    in these series of reviews."

    of course, your years of knowledge and experience about how to correctly
    tweak every program and router can stop practically all of these
    infections, but 99% of average PC users in the world will never acquire
    (and have no desire to spend time acquiring) the same years of
    knowledge and experience that you have. they truly want to practice
    "safe-hex" and they think they know what it means (do not visit Bangkok
    porn sites), but since they really don't know what "safe hex" means, and
    don't know that they don't know, their only protection is their cheap
    $25 router (which has no firewall), and/or a free software firewall. of
    course, neither one will guarantee 100% security.

    but at least these 99% of average PC users in the world have a fighting
    chance with a free software firewall. and yes, they can defeat it
    easily by saying "Yes" to everything, just as easily as they can defeat
    their cheap router by allowing Outbound communication on every port.
    but with a software firewall, at least they get a chance by seeing and
    deciding how to answer a pop-up question. plus, 99% of the time it is
    not a mysteriously complicated question. if ZoneAlarm asks me "Do you
    want XYZ program to access the internet", i would say Yes, if i just now
    launched it. if i did not launch XYZ program, and ZoneAlarm suddenly
    asks me out of no where "Do you want XYZ program to access the
    internet", i would say "What for? i didn't just launch that program.".

    yes, there will always be the unclear 1% leading to confusion. but if
    people refuse to ask an expert or search Google, then they deserve the
    consequences of taking that "leap in the dark". a cheap $25 router, on
    the other hand, would never ask the question, because it is either
    totally clueless to this Outbound breach of security, or is easily
    tricked into approving it using the trick documented by the LeakTest
    program at www.grc.com

    the best solution is documented at
    www.firewallguide.com which states the following:
    Bottom Line -- If a personal firewall is the sheriff, a posse is needed
    to help the sheriff capture the pests sent out by Internet outlaws like
    spyware, browser hijackers, viruses, Trojan horses, worms, phishing,
    spam and hybrids thereof.
    A layered approach is best to protect your security and privacy:
    * First line of defense -- Choose an Internet service provider
    (ISP), an email service and/or a website hosting service that offers
    online virus, spam and content filters.
    * Second line of defense -- Install a hardware router with a built
    in firewall between your modem and your computer or network.
    * Third line of defense -- Use personal firewall, anti-virus,
    anti-Trojan, anti-spyware, anti-spam, anti-phishing, and privacy
    software on your desktop computer and every computer on your network.


    Lanwench [MVP - Exchange] wrote:
    > Scott M. wrote:
    >
    >>I agree with most of what you say with exception that no outbound
    >>blocking is usually enough.
    >
    >
    > For home/novice users, it usually is, unless they have something else
    > (gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
    > outbound). These things are inexpensive nowadays. I see no reason not to
    > have one.
    >
    >
    >> As you know, *most/many* home users are
    >>oblivious to what is running on their PCs and *many* have
    >>spyware/adware that they don't even know about. Having no outbound
    >>blocking for *most* people in these circumstances is like leaving the
    >>bank vault open and walking away.
    >
    >
    > Well - I somewhat disagree. First, the spyware got in there somehow - and it
    > didn't just blithely wander in through the guy's cable modem when he wasn't
    > looking, & install itself. And spyware infestation is not going to be
    > stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
    > safe hex, XP SP2, tightening browser security, running antispyware software
    > (Microsoft's beta, or others). In fact - this is a must, regardless.
    >
    > Re *trojans* (which are more of an issue in the context we're discussing
    > here) yes, one can do the whole internet a favor by not allowing all but
    > needed traffic outbound, it's true - and this is a Good Thing. However,
    > again, the trojan got in somehow and didn't just blithely wander in through
    > the... (see above). And the aforementioned guy needs good antivirus
    > software, kept updated regularly and needs to know how to practice safe hex,
    > as well as running WU regularly. Again, this is a must, regardless.
    >
    > If this guy doesn't get how to deal with the above, you think he's going to
    > know exactly what to do when his local fw software asks him whether he would
    > like to allow svchost.exe to access the Internet? I don't. He'll get
    > frustrated and pick the wrong choice- or he'll simply turn off the annoying
    > thing to avoid being asked.
    >
    >
    >> For this reason, I say the Windows
    >>Firewall is crude at best.
    >
    >
    > Yes, it's simple, or if you must insist, I'll allow you your "crude." But it
    > won't be any *less* useful than a third party application with regard to
    > spyware. Spyware comes in and runs - it doesn't then launch attacks to the
    > Internet.
    >
    >>I whole-heartedly agree that a perimeter firewall is a much better
    >>solution. Myself, I use a hardware firewall at my network perimeter
    >>and software firewalls (ZA) on each of my client machines.
    >
    >
    > Yep - belt & suspenders, but your clients had better be pretty savvy unless
    > you don't present them with "pick yes or no" messages.
    >
    >>
    >>"Lanwench [MVP - Exchange]"
    >><lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
    >>message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
    >>
    >>>Scott M. wrote:
    >>>
    >>>>I use ZA with XP Pro SP2 and have had no problems on any of the 6
    >>>>machines I use it with. I would NOT recommend the XP Firewall as
    >>>>the other person suggested. The Windows Firewall is crude at best.
    >>>
    >>>I'd say "simple", rather than "crude". It blocks *all* inbound
    >>>traffic by default....and no outbound, which is often enough.
    >>>
    >>>I personally don't use it myself, but I've found that for the
    >>>majority of home/small biz users, it's very confusing for them to
    >>>continually get popup
    >>>messages asking if they want to allow blah.exe to access the
    >>>Internet. They
    >>>either click No all the time out of (reasonable) paranoia and mess up
    >>>something, or they allow things they shouldn't.
    >>>
    >>>I prefer perimeter network firewalls, even for home networks.
    >>>
    >>>>
    >>>>"Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
    >>>>message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    >>>>
    >>>>>"Rod P." wrote:
    >>>>>
    >>>>>
    >>>>>>I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
    >>>>>>but my computer would not boot, so I am wondering if there is a
    >>>>>>firewall out there
    >>>>>>that is compatible with the SP2 firewall.
    >>>>>
    >>>>>Yeah. The SP2 firewall. Once you install SP2 and keep it up to
    >>>>>date, you really don't need a third party firewall as long as you
    >>>>>use other measures to
    >>>>>keep viruses, trojans, worms, adware, and spyware from getting on
    >>>>>your system
    >>>>>in the first place -- and you will also be free of all the problems
    >>>>>(did someone mention Zone Alarm?) that people seem to experience
    >>>>>whenever they attempt to install a third party firewall with SP2
    >>>>>(as you can quickly learn
    >>>>>by regularly following these newsgroups).
    >>>>>
    >>>>>If, despite all this, you want to use a third party firewall, you
    >>>>>should turn off the Windows firewall. You should have only one
    >>>>>firewall running at
    >>>>>any time on your system. Ditto for antivirus.
    >>>>>
    >>>>>Ken
    >
    >
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    there once was a time when the only way to get an infection from an
    Email message was to click on something. this is no longer true.
    the following came out a year ago on April 15:

    "The latest Netsky is squirming across the Internet as an email without
    an attachment. Experienced Internet veterans have grown suspicious of
    any email with an attachment. It's almost always going to be infected
    with a worm or virus. Well, Netsky.v has monkey-wrenched us all with a
    way to infect computers via email with no double-click required!

    Yep, you heard me right, by using a combination of Windows security
    flaws, the creators of Netsky.v figured out how to infect a vulnerable
    computer without requiring the computer's owner to double-click on an
    attached file. If the computer is vulnerable, and isn't protected by
    up-to-date antivirus software, Netsky.v will automatically infect the
    victim system. How's that for an eye opener?

    Not only does it infect the victim system with its own wormy code, but
    it also installs its own mail, web, and ftp servers which it uses to
    spread itself to other computers."

    quoted from http://www.hiwaayviruscenter.com/blog/archives/000006.html

    now maybe somebody will say, "since MS fixed that flaw, it is no longer
    an issue." maybe, if "it" only means that particular mutation of
    virus/worm. but the bigger problem (No-click attacks) has just begun,
    now that Pandora's box is open.


    JW wrote:
    > there once was a time when using multiple anti-spyware programs
    > protected people from contracting spyware infections. this is no longer
    > true. new spyware is being developed so fast, that even the best
    > anti-spyware program fails to stop over 1/3 of all spyware. this is
    > proven by tests documented at the following web site:
    > http://windowssecrets.com/050127/#story1
    >
    > there once was a time when the only way you could get a
    > virus/worm/Trojan/spyware infection was to intentionally click on
    > something. this is no longer true. these days, infectious code is much
    > more sophisticated, and can be acquired even by clicking on Nothing.
    > these are called "No-click attacks". plenty of sources of information
    > can be found by searching Google for "No-click attack".
    >
    > they can occur not only through E-mail and web browsing, but also
    > through IM programs. in fact, the No-click attack vulnerability got so
    > bad, that Microsoft has stopped people from signing into MSN Messenger
    > until they install the newest upgrade, because you could be attacked
    > with an infection using MSN Messenger, even if you clicked on Nothing.
    >
    > anti-virus programs are of some help, but even with frequent updates,
    > they still only recognize infections known up until yesterday. they
    > might or might not recognize new infections spreading today, so PCs will
    > always be vulnerable to new infections until the anti-virus software
    > maker develops the signature, makes it available, and the PC acquires
    > it. this can mean a vulnerability of hours or days. therefore, it is
    > easy to acquire a newly released virus/worm, without knowing it.
    >
    > and anti-virus programs fail miserably when it comes to
    > detecting/removing Trojans. these Trojans can be easily acquired
    > nowadays too, with the sophistication of "No-click" E-mail attachments,
    > and your friend's name in the From field. the web site
    > www.anti-trojan-software-reviews.com states
    > "Most folk harbor the belief that they are totally protected from
    > malicious trojan horses by their anti-virus scanner. The bad news is
    > that many anti-virus scanners give only limited protection against
    > trojans. Just how limited can be gauged from the fact that Norton
    > Anti-Virus 2004 missed every single trojan in the test data set we used
    > in these series of reviews."
    >
    > of course, your years of knowledge and experience about how to correctly
    > tweak every program and router can stop practically all of these
    > infections, but 99% of average PC users in the world will never acquire
    > (and have no desire to spend time acquiring) the same years of
    > knowledge and experience that you have. they truly want to practice
    > "safe-hex" and they think they know what it means (do not visit Bangkok
    > porn sites), but since they really don't know what "safe hex" means, and
    > don't know that they don't know, their only protection is their cheap
    > $25 router (which has no firewall), and/or a free software firewall. of
    > course, neither one will guarantee 100% security.
    >
    > but at least these 99% of average PC users in the world have a fighting
    > chance with a free software firewall. and yes, they can defeat it
    > easily by saying "Yes" to everything, just as easily as they can defeat
    > their cheap router by allowing Outbound communication on every port. but
    > with a software firewall, at least they get a chance by seeing and
    > deciding how to answer a pop-up question. plus, 99% of the time it is
    > not a mysteriously complicated question. if ZoneAlarm asks me "Do you
    > want XYZ program to access the internet", i would say Yes, if i just now
    > launched it. if i did not launch XYZ program, and ZoneAlarm suddenly
    > asks me out of no where "Do you want XYZ program to access the
    > internet", i would say "What for? i didn't just launch that program.".
    >
    > yes, there will always be the unclear 1% leading to confusion. but if
    > people refuse to ask an expert or search Google, then they deserve the
    > consequences of taking that "leap in the dark". a cheap $25 router, on
    > the other hand, would never ask the question, because it is either
    > totally clueless to this Outbound breach of security, or is easily
    > tricked into approving it using the trick documented by the LeakTest
    > program at www.grc.com
    >
    > the best solution is documented at
    > www.firewallguide.com which states the following:
    > Bottom Line -- If a personal firewall is the sheriff, a posse is needed
    > to help the sheriff capture the pests sent out by Internet outlaws like
    > spyware, browser hijackers, viruses, Trojan horses, worms, phishing,
    > spam and hybrids thereof.
    > A layered approach is best to protect your security and privacy:
    > * First line of defense -- Choose an Internet service provider
    > (ISP), an email service and/or a website hosting service that offers
    > online virus, spam and content filters.
    > * Second line of defense -- Install a hardware router with a built
    > in firewall between your modem and your computer or network.
    > * Third line of defense -- Use personal firewall, anti-virus,
    > anti-Trojan, anti-spyware, anti-spam, anti-phishing, and privacy
    > software on your desktop computer and every computer on your network.
    >
    >
    >
    >
    >
    >
    > Lanwench [MVP - Exchange] wrote:
    >
    >> Scott M. wrote:
    >>
    >>> I agree with most of what you say with exception that no outbound
    >>> blocking is usually enough.
    >>
    >>
    >>
    >> For home/novice users, it usually is, unless they have something else
    >> (gateway/firewall appliance blocking all but, say, 80, 443, 110 and 25
    >> outbound). These things are inexpensive nowadays. I see no reason not to
    >> have one.
    >>
    >>
    >>> As you know, *most/many* home users are
    >>> oblivious to what is running on their PCs and *many* have
    >>> spyware/adware that they don't even know about. Having no outbound
    >>> blocking for *most* people in these circumstances is like leaving the
    >>> bank vault open and walking away.
    >>
    >>
    >>
    >> Well - I somewhat disagree. First, the spyware got in there somehow -
    >> and it
    >> didn't just blithely wander in through the guy's cable modem when he
    >> wasn't
    >> looking, & install itself. And spyware infestation is not going to be
    >> stopped by disabling TCP port X Y or Z outbound. Spyware is prevented by
    >> safe hex, XP SP2, tightening browser security, running antispyware
    >> software
    >> (Microsoft's beta, or others). In fact - this is a must, regardless.
    >>
    >> Re *trojans* (which are more of an issue in the context we're discussing
    >> here) yes, one can do the whole internet a favor by not allowing all but
    >> needed traffic outbound, it's true - and this is a Good Thing. However,
    >> again, the trojan got in somehow and didn't just blithely wander in
    >> through
    >> the... (see above). And the aforementioned guy needs good antivirus
    >> software, kept updated regularly and needs to know how to practice
    >> safe hex,
    >> as well as running WU regularly. Again, this is a must, regardless.
    >>
    >> If this guy doesn't get how to deal with the above, you think he's
    >> going to
    >> know exactly what to do when his local fw software asks him whether he
    >> would
    >> like to allow svchost.exe to access the Internet? I don't. He'll get
    >> frustrated and pick the wrong choice- or he'll simply turn off the
    >> annoying
    >> thing to avoid being asked.
    >>
    >>
    >>> For this reason, I say the Windows
    >>> Firewall is crude at best.
    >>
    >>
    >>
    >> Yes, it's simple, or if you must insist, I'll allow you your "crude."
    >> But it
    >> won't be any *less* useful than a third party application with regard to
    >> spyware. Spyware comes in and runs - it doesn't then launch attacks to
    >> the
    >> Internet.
    >>
    >>> I whole-heartedly agree that a perimeter firewall is a much better
    >>> solution. Myself, I use a hardware firewall at my network perimeter
    >>> and software firewalls (ZA) on each of my client machines.
    >>
    >>
    >>
    >> Yep - belt & suspenders, but your clients had better be pretty savvy
    >> unless
    >> you don't present them with "pick yes or no" messages.
    >>
    >>>
    >>> "Lanwench [MVP - Exchange]"
    >>> <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
    >>> message news:%23$4EM5cIFHA.3888@TK2MSFTNGP10.phx.gbl...
    >>>
    >>>> Scott M. wrote:
    >>>>
    >>>>> I use ZA with XP Pro SP2 and have had no problems on any of the 6
    >>>>> machines I use it with. I would NOT recommend the XP Firewall as
    >>>>> the other person suggested. The Windows Firewall is crude at best.
    >>>>
    >>>>
    >>>> I'd say "simple", rather than "crude". It blocks *all* inbound
    >>>> traffic by default....and no outbound, which is often enough.
    >>>>
    >>>> I personally don't use it myself, but I've found that for the
    >>>> majority of home/small biz users, it's very confusing for them to
    >>>> continually get popup
    >>>> messages asking if they want to allow blah.exe to access the
    >>>> Internet. They
    >>>> either click No all the time out of (reasonable) paranoia and mess up
    >>>> something, or they allow things they shouldn't.
    >>>>
    >>>> I prefer perimeter network firewalls, even for home networks.
    >>>>
    >>>>>
    >>>>> "Ken Gardner" <KenGardner@discussions.microsoft.com> wrote in
    >>>>> message news:14147609-4F15-47CE-B7EA-C313C8D87FEB@microsoft.com...
    >>>>>
    >>>>>> "Rod P." wrote:
    >>>>>>
    >>>>>>
    >>>>>>> I have Windows XP Pro SP2 and I tried to install ZoneAlarm Pro,
    >>>>>>> but my computer would not boot, so I am wondering if there is a
    >>>>>>> firewall out there
    >>>>>>> that is compatible with the SP2 firewall.
    >>>>>>
    >>>>>>
    >>>>>> Yeah. The SP2 firewall. Once you install SP2 and keep it up to
    >>>>>> date, you really don't need a third party firewall as long as you
    >>>>>> use other measures to
    >>>>>> keep viruses, trojans, worms, adware, and spyware from getting on
    >>>>>> your system
    >>>>>> in the first place -- and you will also be free of all the problems
    >>>>>> (did someone mention Zone Alarm?) that people seem to experience
    >>>>>> whenever they attempt to install a third party firewall with SP2
    >>>>>> (as you can quickly learn
    >>>>>> by regularly following these newsgroups).
    >>>>>>
    >>>>>> If, despite all this, you want to use a third party firewall, you
    >>>>>> should turn off the Windows firewall. You should have only one
    >>>>>> firewall running at
    >>>>>> any time on your system. Ditto for antivirus.
    >>>>>>
    >>>>>> Ken
    >>
    >>
    >>
    >>
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    >> These things are inexpensive nowadays. I see no reason not to have
    >> one.
    >
    > I agree, but nontheless the general computer user has no clue about
    > such things.
    >
    >> Well - I somewhat disagree. First, the spyware got in there somehow
    >> - and it
    >> didn't just blithely wander in through the guy's cable modem when he
    >> wasn't
    >> looking, & install itself. And spyware infestation is not going to be
    >> stopped by disabling TCP port X Y or Z outbound. Spyware is
    >> prevented by safe hex, XP SP2, tightening browser security, running
    >> antispyware software
    >> (Microsoft's beta, or others). In fact - this is a must, regardless.
    >
    > I agree, but nontheless the general computer user doesn't tighten
    > browser security or keep their anti-virus software up to date.
    >
    >> Re *trojans* (which are more of an issue in the context we're
    >> discussing here) yes, one can do the whole internet a favor by not
    >> allowing all but needed traffic outbound, it's true - and this is a
    >> Good Thing. However, again, the trojan got in somehow and didn't
    >> just blithely wander in through
    >> the... (see above). And the aforementioned guy needs good antivirus
    >> software, kept updated regularly and needs to know how to practice
    >> safe hex,
    >> as well as running WU regularly. Again, this is a must, regardless.
    >
    > See last comment.
    >
    >> If this guy doesn't get how to deal with the above, you think he's
    >> going to
    >> know exactly what to do when his local fw software asks him whether
    >> he would
    >> like to allow svchost.exe to access the Internet? I don't. He'll get
    >> frustrated and pick the wrong choice- or he'll simply turn off the
    >> annoying
    >> thing to avoid being asked.
    >
    > In my experience, I disagree. Being asked (outbound filtering) gives
    > someone a better chance than not being asked at all (Windows
    > Firewall). If someone is going to take the time to install a
    > software firewall, then they are doing so because they know and care
    > about the safety of their pc. True, they may not always know what
    > the message is exactly asking, but these days (ZA specifically), it's
    > not hard to find out more info. when those messages come up.
    >
    >>> For this reason, I say the Windows
    >>> Firewall is crude at best.
    >>
    >> Yes, it's simple, or if you must insist, I'll allow you your
    >> "crude." But it
    >> won't be any *less* useful than a third party application with
    >> regard to spyware. Spyware comes in and runs - it doesn't then
    >> launch attacks to the Internet.
    >
    > No, but it does report back to some machine as to what it has been
    > spying on. And, thanks for *allowing* me my own opinion. :)

    No worries - you are permitted 2 more no-charge opinions for the duration of
    this calendar year - then it's on to $10/per., or you can purchase a 5-pack.
    :D

    I see your points and don't entirely disagree - but I still stand by mine as
    you stand by yours. It's nice to debate these sorts of things with someone
    who doesn't resort to name calling or red-faced indignant tirades - thanks
    for being an actual grown-up human rather than a bored teenager looking for
    an argument, as one often finds in the XP groups for some reason...

    Pax,
    LW
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    WHO ME!? WHAT ARE YOU TALKING ABOUT!? WHY DON'T YOU JUST @#$#@$%!%%~^&^^$%^

    LOL!

    Take care :)


    "Lanwench [MVP - Exchange]"
    <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
    news:upr8T5nIFHA.2656@TK2MSFTNGP09.phx.gbl...
    > Scott M. wrote:
    >>> These things are inexpensive nowadays. I see no reason not to have
    >>> one.
    >>
    >> I agree, but nontheless the general computer user has no clue about
    >> such things.
    >>
    >>> Well - I somewhat disagree. First, the spyware got in there somehow
    >>> - and it
    >>> didn't just blithely wander in through the guy's cable modem when he
    >>> wasn't
    >>> looking, & install itself. And spyware infestation is not going to be
    >>> stopped by disabling TCP port X Y or Z outbound. Spyware is
    >>> prevented by safe hex, XP SP2, tightening browser security, running
    >>> antispyware software
    >>> (Microsoft's beta, or others). In fact - this is a must, regardless.
    >>
    >> I agree, but nontheless the general computer user doesn't tighten
    >> browser security or keep their anti-virus software up to date.
    >>
    >>> Re *trojans* (which are more of an issue in the context we're
    >>> discussing here) yes, one can do the whole internet a favor by not
    >>> allowing all but needed traffic outbound, it's true - and this is a
    >>> Good Thing. However, again, the trojan got in somehow and didn't
    >>> just blithely wander in through
    >>> the... (see above). And the aforementioned guy needs good antivirus
    >>> software, kept updated regularly and needs to know how to practice
    >>> safe hex,
    >>> as well as running WU regularly. Again, this is a must, regardless.
    >>
    >> See last comment.
    >>
    >>> If this guy doesn't get how to deal with the above, you think he's
    >>> going to
    >>> know exactly what to do when his local fw software asks him whether
    >>> he would
    >>> like to allow svchost.exe to access the Internet? I don't. He'll get
    >>> frustrated and pick the wrong choice- or he'll simply turn off the
    >>> annoying
    >>> thing to avoid being asked.
    >>
    >> In my experience, I disagree. Being asked (outbound filtering) gives
    >> someone a better chance than not being asked at all (Windows
    >> Firewall). If someone is going to take the time to install a
    >> software firewall, then they are doing so because they know and care
    >> about the safety of their pc. True, they may not always know what
    >> the message is exactly asking, but these days (ZA specifically), it's
    >> not hard to find out more info. when those messages come up.
    >>
    >>>> For this reason, I say the Windows
    >>>> Firewall is crude at best.
    >>>
    >>> Yes, it's simple, or if you must insist, I'll allow you your
    >>> "crude." But it
    >>> won't be any *less* useful than a third party application with
    >>> regard to spyware. Spyware comes in and runs - it doesn't then
    >>> launch attacks to the Internet.
    >>
    >> No, but it does report back to some machine as to what it has been
    >> spying on. And, thanks for *allowing* me my own opinion. :)
    >
    > No worries - you are permitted 2 more no-charge opinions for the duration
    > of
    > this calendar year - then it's on to $10/per., or you can purchase a
    > 5-pack.
    > :D
    >
    > I see your points and don't entirely disagree - but I still stand by mine
    > as
    > you stand by yours. It's nice to debate these sorts of things with someone
    > who doesn't resort to name calling or red-faced indignant tirades - thanks
    > for being an actual grown-up human rather than a bored teenager looking
    > for
    > an argument, as one often finds in the XP groups for some reason...
    >
    > Pax,
    > LW
    >
    >
  13. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    JW wrote:
    > there once was a time when the only way to get an infection from an
    > Email message was to click on something. this is no longer true.
    > the following came out a year ago on April 15:
    >
    > "The latest Netsky is squirming across the Internet as an email
    > without an attachment. Experienced Internet veterans have grown
    > suspicious of any email with an attachment. It's almost always going
    > to be infected with a worm or virus. Well, Netsky.v has
    > monkey-wrenched us all with a way to infect computers via email with
    > no double-click required!
    >
    > Yep, you heard me right, by using a combination of Windows security
    > flaws, the creators of Netsky.v figured out how to infect a vulnerable
    > computer without requiring the computer's owner to double-click on an
    > attached file.

    From what I know, Netsky and variants have *always* used an attachment to
    get onto a computer. Now, it's true, from there it can easily spread to
    other computers on the network - no e-mail required - but the initial
    infection did/does come in via an attachment, with a variable file name &
    extension.

    > If the computer is vulnerable, and isn't protected by
    > up-to-date antivirus software, Netsky.v will automatically infect the
    > victim system. How's that for an eye opener?

    What's so eye-opening about getting an infection because one isn't using up
    to date AV software or practicing safe hex? That's a given - even if you
    update daily, it's possible that your AV mfr hasn't released a pattern file
    that can detect it yet, as you mentioned.

    On networks running their own mail servers (which is what I mainly deal
    with), I block a boatload of file extensions & also scan the entirety of the
    message itself. Attachment types to block include exe, com, cmd, bat, pif,
    scr, etc etc etc - and I also scan within zip files. And all users are
    taught NEVER to open file attachments they aren't expecting, not even from
    Great Aunt Gladys. No software or system is as important a preventative as
    is user training...

    Of course, some of the above isn't an option for small/home networks - but
    there are myriad ways to prevent virus infections, and most of the home
    computers I've set up for friends (& have trained said friends in using) run
    just fine w/o viruses, trojans, etc - I'd say that spyware is usually a much
    larger problem than viruses are these days, honestly.

    >
    > Not only does it infect the victim system with its own wormy code, but
    > it also installs its own mail, web, and ftp servers which it uses to
    > spread itself to other computers."
    >
    > quoted from
    > http://www.hiwaayviruscenter.com/blog/archives/000006.html
    >
    > now maybe somebody will say, "since MS fixed that flaw, it is no
    > longer an issue." maybe, if "it" only means that particular mutation
    > of virus/worm. but the bigger problem (No-click attacks) has just
    > begun, now that Pandora's box is open.

    Well, outside the fact that Netsky is indeed delivered via an attachment in
    the first place, this is all pretty common sense stuff if you ask me. Keep
    everything patched and updated. Use current-generation versions of Windows,
    Office, whatever. Keep your firewall ON all the time. Use very good AV
    software (have it also scan mail if possible) that you update very
    frequently, and exercise caution - treat everything as malicious unless
    proven otherwise. Netsky ain't the only game in town. Even home users need
    to practice safe hex - and it is to be hoped that after having been 'stung'
    once, they will learn how to prevent such stinging in the future.
    >

    >
    <snip>
  14. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    > WHO ME!? WHAT ARE YOU TALKING ABOUT!? WHY DON'T YOU JUST
    > @#$#@$%!%%~^&^^$%^
    >
    > LOL!

    The "all caps" is an especially nice touch.
    >
    > Take care :)

    You too!

    >
    >
    >
    > "Lanwench [MVP - Exchange]"
    > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
    > message news:upr8T5nIFHA.2656@TK2MSFTNGP09.phx.gbl...
    >> Scott M. wrote:
    >>>> These things are inexpensive nowadays. I see no reason not to have
    >>>> one.
    >>>
    >>> I agree, but nontheless the general computer user has no clue about
    >>> such things.
    >>>
    >>>> Well - I somewhat disagree. First, the spyware got in there somehow
    >>>> - and it
    >>>> didn't just blithely wander in through the guy's cable modem when
    >>>> he wasn't
    >>>> looking, & install itself. And spyware infestation is not going to
    >>>> be stopped by disabling TCP port X Y or Z outbound. Spyware is
    >>>> prevented by safe hex, XP SP2, tightening browser security, running
    >>>> antispyware software
    >>>> (Microsoft's beta, or others). In fact - this is a must,
    >>>> regardless.
    >>>
    >>> I agree, but nontheless the general computer user doesn't tighten
    >>> browser security or keep their anti-virus software up to date.
    >>>
    >>>> Re *trojans* (which are more of an issue in the context we're
    >>>> discussing here) yes, one can do the whole internet a favor by not
    >>>> allowing all but needed traffic outbound, it's true - and this is a
    >>>> Good Thing. However, again, the trojan got in somehow and didn't
    >>>> just blithely wander in through
    >>>> the... (see above). And the aforementioned guy needs good antivirus
    >>>> software, kept updated regularly and needs to know how to practice
    >>>> safe hex,
    >>>> as well as running WU regularly. Again, this is a must, regardless.
    >>>
    >>> See last comment.
    >>>
    >>>> If this guy doesn't get how to deal with the above, you think he's
    >>>> going to
    >>>> know exactly what to do when his local fw software asks him whether
    >>>> he would
    >>>> like to allow svchost.exe to access the Internet? I don't. He'll
    >>>> get frustrated and pick the wrong choice- or he'll simply turn off
    >>>> the annoying
    >>>> thing to avoid being asked.
    >>>
    >>> In my experience, I disagree. Being asked (outbound filtering)
    >>> gives someone a better chance than not being asked at all (Windows
    >>> Firewall). If someone is going to take the time to install a
    >>> software firewall, then they are doing so because they know and care
    >>> about the safety of their pc. True, they may not always know what
    >>> the message is exactly asking, but these days (ZA specifically),
    >>> it's not hard to find out more info. when those messages come up.
    >>>
    >>>>> For this reason, I say the Windows
    >>>>> Firewall is crude at best.
    >>>>
    >>>> Yes, it's simple, or if you must insist, I'll allow you your
    >>>> "crude." But it
    >>>> won't be any *less* useful than a third party application with
    >>>> regard to spyware. Spyware comes in and runs - it doesn't then
    >>>> launch attacks to the Internet.
    >>>
    >>> No, but it does report back to some machine as to what it has been
    >>> spying on. And, thanks for *allowing* me my own opinion. :)
    >>
    >> No worries - you are permitted 2 more no-charge opinions for the
    >> duration of
    >> this calendar year - then it's on to $10/per., or you can purchase a
    >> 5-pack.
    >>> D
    >>
    >> I see your points and don't entirely disagree - but I still stand by
    >> mine as
    >> you stand by yours. It's nice to debate these sorts of things with
    >> someone who doesn't resort to name calling or red-faced indignant
    >> tirades - thanks for being an actual grown-up human rather than a
    >> bored teenager looking for
    >> an argument, as one often finds in the XP groups for some reason...
    >>
    >> Pax,
    >> LW
  15. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    ||| These things are inexpensive nowadays. I see no reason not to have
    ||| one.
    ||
    || I agree, but nontheless the general computer user has no clue about
    || such things.
    ||

    And that's because they are not told about security at point of purchase!
    It's my view that Joe Public (ie those who are buying computers outside of a
    corporate scenario) should be TOLD about computer security when they buy
    one. For example, I was watching a show on a cable channel here in the UK
    the other day going through the basics of computing. The presenter had gone
    RIGHT through almost everything to do with getting an ISP, logging on,
    browsing the internet and email use before even MENTIONING the fact that
    "you might consider using a firewall", and I think they only did that
    because I rang them up and told them about the ommission! The security
    aspect should have been the FIRST thing the program covered!

    --
    Interim Systems and Management Accounting
    Gordon Burgess-Parker
    Director
    www.gbpcomputing.co.uk
  16. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Gordon wrote:

    >
    > And that's because they are not told about security at point of purchase!


    And do they also not have access to television news, newspapers, and
    magazines? The only person who can _reasonably_ claim to be unaware of
    the rampant computer secure threats has been living in a cave in upper
    Slovakia for the past ten years, with no contact with the outside world.


    > It's my view that Joe Public (ie those who are buying computers outside of a
    > corporate scenario) should be TOLD about computer security when they buy
    > one.


    Do you also want to tell them that fire is hot and water is wet? How
    much hand-holding do you think is sufficient? Should each person also
    have his/her own crossing guard to help him/her cross streets?


    --

    Bruce Chambers

    Help us help you:
    http://dts-l.org/goodpost.htm
    http://www.catb.org/~esr/faqs/smart-questions.html

    You can have peace. Or you can have freedom. Don't ever count on having
    both at once. - RAH
  17. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    You've shown us why this isn't done though. The sellers very rarely know
    themselves what the risks are. And, quite frankly, the sellers don't want
    to tell you about the risks because they fear that would jeopardize the
    sale.

    No, you can't rest the responsibility on the seller. Caveat Emptor (let the
    buyer beware).


    "Gordon" <gordonbp1@yahoo.co.uk.invalid> wrote in message
    news:eimpMdmIFHA.1172@TK2MSFTNGP12.phx.gbl...
    > Scott M. wrote:
    > ||| These things are inexpensive nowadays. I see no reason not to have
    > ||| one.
    > ||
    > || I agree, but nontheless the general computer user has no clue about
    > || such things.
    > ||
    >
    > And that's because they are not told about security at point of purchase!
    > It's my view that Joe Public (ie those who are buying computers outside of
    > a corporate scenario) should be TOLD about computer security when they buy
    > one. For example, I was watching a show on a cable channel here in the UK
    > the other day going through the basics of computing. The presenter had
    > gone RIGHT through almost everything to do with getting an ISP, logging
    > on, browsing the internet and email use before even MENTIONING the fact
    > that "you might consider using a firewall", and I think they only did that
    > because I rang them up and told them about the ommission! The security
    > aspect should have been the FIRST thing the program covered!
    >
    > --
    > Interim Systems and Management Accounting
    > Gordon Burgess-Parker
    > Director
    > www.gbpcomputing.co.uk
    >
  18. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Bruce Chambers wrote:
    > Gordon wrote:
    >
    >>
    >> And that's because they are not told about security at point of
    >> purchase!
    >
    >
    > And do they also not have access to television news, newspapers, and
    > magazines? The only person who can _reasonably_ claim to be unaware
    > of the rampant computer secure threats has been living in a cave in
    > upper Slovakia for the past ten years, with no contact with the
    > outside world.

    I hear you can get decent wi-fi there, if you live in the *front* of the
    cave. ;-)
    >
    >
    >> It's my view that Joe Public (ie those who are buying computers
    >> outside of a corporate scenario) should be TOLD about computer
    >> security when they buy one.
    >
    >
    > Do you also want to tell them that fire is hot and water is wet? How
    > much hand-holding do you think is sufficient? Should each person also
    > have his/her own crossing guard to help him/her cross streets?

    Agreed - as I've alway said, a computer is not a toasteroven, no matter what
    the advertisers tell you.
  19. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Bruce Chambers wrote:
    || Gordon wrote:
    ||
    |||
    ||| And that's because they are not told about security at point of
    ||| purchase!
    ||
    ||
    || And do they also not have access to television news, newspapers, and
    || magazines? The only person who can _reasonably_ claim to be unaware
    || of the rampant computer secure threats has been living in a cave in
    || upper Slovakia for the past ten years, with no contact with the
    || outside world.
    ||
    ||
    ||| It's my view that Joe Public (ie those who are buying computers
    ||| outside of a corporate scenario) should be TOLD about computer
    ||| security when they buy one.
    ||
    ||
    || Do you also want to tell them that fire is hot and water is wet? How
    || much hand-holding do you think is sufficient? Should each person
    || also have his/her own crossing guard to help him/her cross streets?
    ||
    ||
    ||
    ||

    The general public don't view computers as "dangerous" (well, not in the
    sense of crossing the road being dangerous). If you cross the road and don't
    look, YOU get killed - there's no knock-on effect that kills thousands of
    others! Unlike viruses where if YOU get one, it's highly likely that you
    will spread it to thousands of others!

    --
    Interim Systems and Management Accounting
    Gordon Burgess-Parker
    Director
    www.gbpcomputing.co.uk
  20. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    i really liked your statement
    "No software or system is as important a preventative as
    is user training..."
    that might be the biggest missing link in PC security nowadays.

    thanks for your reply and the insight of your experience.
    it is not really eye-opening that one can get a PC infection, if one is
    using AV software that is not up-to-date. what is eye-popping to me is
    that one can have everything up-to-date, and still get infected, even by
    clicking on Nothing at all. the most recent example of this is the time
    period leading up to the most recent patch for MSN Messenger. just open
    the program, and zap, you are infected, if your buddy's icon was infected.

    while it is all common sense to somebody who has spent years training
    and implementing IT security, the fact remains that if you ask 99% of
    average non-technical PC users in the world, "What is safe-hex", 99 out
    of 100 answers will be different, ranging the full spectrum, from the
    many ways to tweak and configure programs and routers that you have
    learned through training over the years, to total naivety at the other
    end of the spectrum (just avoid porn sites). moral of the story is --
    common sense to you and me is Not common sense to the less-educated.

    thanks again for your feedback


    Lanwench [MVP - Exchange] wrote:
    > JW wrote:
    >
    >>there once was a time when the only way to get an infection from an
    >>Email message was to click on something. this is no longer true.
    >>the following came out a year ago on April 15:
    >>
    >>"The latest Netsky is squirming across the Internet as an email
    >>without an attachment. Experienced Internet veterans have grown
    >>suspicious of any email with an attachment. It's almost always going
    >>to be infected with a worm or virus. Well, Netsky.v has
    >>monkey-wrenched us all with a way to infect computers via email with
    >>no double-click required!
    >>
    >>Yep, you heard me right, by using a combination of Windows security
    >>flaws, the creators of Netsky.v figured out how to infect a vulnerable
    >>computer without requiring the computer's owner to double-click on an
    >>attached file.
    >
    >
    > From what I know, Netsky and variants have *always* used an attachment to
    > get onto a computer. Now, it's true, from there it can easily spread to
    > other computers on the network - no e-mail required - but the initial
    > infection did/does come in via an attachment, with a variable file name &
    > extension.
    >
    >
    >> If the computer is vulnerable, and isn't protected by
    >>up-to-date antivirus software, Netsky.v will automatically infect the
    >>victim system. How's that for an eye opener?
    >
    >
    > What's so eye-opening about getting an infection because one isn't using up
    > to date AV software or practicing safe hex? That's a given - even if you
    > update daily, it's possible that your AV mfr hasn't released a pattern file
    > that can detect it yet, as you mentioned.
    >
    > On networks running their own mail servers (which is what I mainly deal
    > with), I block a boatload of file extensions & also scan the entirety of the
    > message itself. Attachment types to block include exe, com, cmd, bat, pif,
    > scr, etc etc etc - and I also scan within zip files. And all users are
    > taught NEVER to open file attachments they aren't expecting, not even from
    > Great Aunt Gladys. No software or system is as important a preventative as
    > is user training...
    >
    > Of course, some of the above isn't an option for small/home networks - but
    > there are myriad ways to prevent virus infections, and most of the home
    > computers I've set up for friends (& have trained said friends in using) run
    > just fine w/o viruses, trojans, etc - I'd say that spyware is usually a much
    > larger problem than viruses are these days, honestly.
    >
    >
    >>Not only does it infect the victim system with its own wormy code, but
    >>it also installs its own mail, web, and ftp servers which it uses to
    >>spread itself to other computers."
    >>
    >>quoted from
    >>http://www.hiwaayviruscenter.com/blog/archives/000006.html
    >>
    >>now maybe somebody will say, "since MS fixed that flaw, it is no
    >>longer an issue." maybe, if "it" only means that particular mutation
    >>of virus/worm. but the bigger problem (No-click attacks) has just
    >>begun, now that Pandora's box is open.
    >
    >
    > Well, outside the fact that Netsky is indeed delivered via an attachment in
    > the first place, this is all pretty common sense stuff if you ask me. Keep
    > everything patched and updated. Use current-generation versions of Windows,
    > Office, whatever. Keep your firewall ON all the time. Use very good AV
    > software (have it also scan mail if possible) that you update very
    > frequently, and exercise caution - treat everything as malicious unless
    > proven otherwise. Netsky ain't the only game in town. Even home users need
    > to practice safe hex - and it is to be hoped that after having been 'stung'
    > once, they will learn how to prevent such stinging in the future.
    >
    >
    > <snip>
    >
    >
  21. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"
    >JW wrote:

    >> there once was a time when the only way to get an infection from an
    >> Email message was to click on something. this is no longer true.

    It hasn't been true for a long time.

    Limiting discussion to malware arriving via email (as opposed to
    diskettes, CDRs, peer-to-peer file sharing, LAN, IM, chat, direct
    network attacks via the Internet, hostile web sites, etc.)...

    1) By design

    A few years ago, some thought it would be nice to add eye candy such
    as bold text, fancy fonts, inline graphics etc. (and indeed it is).

    Outlook first did this in a proprietary way, which was Bad, because
    email is supposed to be a standard, not a special format bound to one
    particular email application. Do you want to send email or Outlook
    mail? I don't deal with Outlook mail, so goodbye.

    The next logical step was to find an open standard for "rich" text,
    and HTML came to mind. But HTML does more than allow bold, fonts,
    inline graphics etc.; it also allows program (scripts, Java etc.) to
    be embedded, files to be automatically linked to via the Internet, and
    arbitrary text to be laid over URL links.

    The most obvious of these risks was scripts and other active content.
    Some email applications were smart enough to suppress these (e.g.
    Eudora, Pegasus), others were aware enough to offer suppression of
    these (Netscape Mail) and others hadn't a clue (OE, Outlook 2000).

    The result: By design, the more clueless email apps will autorun
    programmatic material in email "message text" when you "read" it.
    This is a clear escalation of risk, and when coupled with automatic
    preview as is the case in OE, the result is it becomes impossible to
    highlight a message to delete it without it running as code.

    BubbleBoy demonstrated the concept, Kak used it to spread widely
    through OE, and others (BleBla.B, San, Valentine) followed this up to
    the extent of adding data-destructive payloads.

    2) By design cluelessness

    If autorunning scripts by design was dumb intent (or an obliviousness
    of implication), then the next layer of badness was design laxity.

    Files can be encoded within email messages in various ways. When the
    message is plain text, these files are to be linked to as attachments,
    but HTML allows certain types of files to be "opened" (intention:
    displayed) as part of the message. This is how inline graphics and
    autoplaying MIDI tunes work.

    There are four layers of content description at work here:
    a) The enclosure (encoding) of the file itself
    b) The MIME type of the file
    c) The file name extension of the file
    d) the internal type header data and structure of the file

    Where a standard defines an encoding process, as it does for (a), then
    all defining criteria should be met before you decode the file. This
    MS failed to do, so some improperly-coded files that might be ignored
    by some software (e.g. virus checker) may be decoded as files by MS.

    Where there is risk, design should be shrink-wrapped around intent.
    This applies to (a), (b) and (c), but once again MS has consistently
    failed to apply risk awareness to mismatches between these layers. So
    we see raw code in .PIF "shortcuts" being run ("opened") as code, Word
    macros in .RTF being run even though they should not be there, and in
    this case, raw code files mis-represented at the MIME level being
    "opened" (run) as raw code when the "message text" is "read".

    This is an extreme escalation of risk; you think you are "reading
    message text" (or maybe you're just trying to highlight a message to
    delete it, and the preview "reads" it for you) but what you are really
    doing is running raw code. BadTrans.B was the first to exploit this
    clickless email attack, and it's been routine for malware ever since.

    3) Via defective code

    MS responded to the above as code defects and patched them, somewhat
    tardily (WinME's OE still autoran scripts by default, even after Kak
    was In The Wild). But if there was a barnacle of defective code, it
    was on the back of a volcano of bad design (scripts in "message text")
    or absence of code design (failure to sanity-check MIME type against
    file .ext against contents of file).

    Unlike silly design, true code defects are truly insane, running
    roughshod over any sort of safety or risk awareness. That means you
    typically can't defend against these via tighter settings; the only
    fix is to patch the code defect, or use a non-defective alternate app.

    There have been true code defects that facilitate clickless attack via
    email, and I expect there will be more in the future. So even if,
    right now as at March 2005, you are fully patched and risk managed
    against clickless email attacks - tomorrw's another day.

    >> the following came out a year ago on April 15:

    >> "The latest Netsky is squirming across the Internet as an email
    >> without an attachment.

    Now that can mean one or more of several things:
    - an insane message structure that exploits a raw code defect
    - an improperly-enclosed/encoded file
    - a MIME-spoofed file the email app will open inline
    - an explicit attachment
    - a masked link that pulls down malware when clicked
    - a remote graphic link that pulls down malware (no click)
    - scripts or active content embedded within the "message"
    - a valid but insane file that exploits when opened inline

    On the last, think of the GDIPlus defect that allows a real (but
    malformed) JPEG file to run itself as raw code. Once again, that's
    insane, and not something you can manage via safety settings.

    >> Yep, you heard me right, by using a combination of Windows security
    >> flaws, the creators of Netsky.v figured out how to infect a vulnerable
    >> computer without requiring the computer's owner to double-click on an
    >> attached file.

    Old news, but still serious news that is worth hearing.

    >What's so eye-opening about getting an infection because one isn't using up
    >to date AV software or practicing safe hex? That's a given - even if you
    >update daily, it's possible that your AV mfr hasn't released a pattern file
    >that can detect it yet, as you mentioned.

    Plus, you can't practice Safe Hex if the system is insane (code flaws)
    or stupid (inexcusably bad design) to take risks with unsolicited
    material on the user's behalf.

    You can't Just Say No if you werer never asked.

    >On networks running their own mail servers (which is what I mainly deal
    >with), I block a boatload of file extensions & also scan the entirety of the
    >message itself. Attachment types to block include exe, com, cmd, bat, pif,
    >scr, etc etc etc - and I also scan within zip files.

    That's risk filtering, which modern OE and Outlook can apply in a
    rather crude manner. ISPs can't do that for consumers, though what
    they can and often do do is scan for known malware. But a new (Day
    Zero) malware will cut through the ISP's scanner for the same reason
    it cut through the sender's av, and your av.

    >I'd say that spyware is usually a much larger problem than viruses
    >are these days, honestly.

    Larger in bulk, yes - though traditional malware may bite a lot harder
    (cause more damage) than commercial malware ("spyware")

    >Well, outside the fact that Netsky is indeed delivered via an attachment in
    >the first place, this is all pretty common sense stuff if you ask me. Keep
    >everything patched and updated. Use current-generation versions of Windows

    Er... no. Yes to upgrading or avoiding vulnerable edge-facing
    subsystems such as IE, WMP and MSware email, but I'd take a patched-up
    Win98SE over an out-the-box XP Gold any day of the year.

    >Keep your firewall ON all the time. Use very good AV software (have it
    >also scan mail if possible) that you update very frequently

    A free av updated daily's better than a commercial av updated once a
    week, IMO. regular updates can be difficult for dial-up users, but
    they have to just do what is required.


    >-- Risk Management is the clue that asks:
    "Why do I keep open buckets of petrol next to all the
    ashtrays in the lounge, when I don't even have a car?"
    >----------------------- ------ ---- --- -- - - - -
  22. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    cquirke (MVP Windows shell/user) wrote:
    > On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"

    <snip>
    > There have been true code defects that facilitate clickless attack via
    > email, and I expect there will be more in the future. So even if,
    > right now as at March 2005, you are fully patched and risk managed
    > against clickless email attacks - tomorrw's another day.

    Sadly, always true.
    >
    >>> the following came out a year ago on April 15:
    >
    >>> "The latest Netsky is squirming across the Internet as an email
    >>> without an attachment.
    >
    > Now that can mean one or more of several things:
    > - an insane message structure that exploits a raw code defect
    > - an improperly-enclosed/encoded file
    > - a MIME-spoofed file the email app will open inline
    > - an explicit attachment
    > - a masked link that pulls down malware when clicked
    > - a remote graphic link that pulls down malware (no click)
    > - scripts or active content embedded within the "message"
    > - a valid but insane file that exploits when opened inline
    >
    > On the last, think of the GDIPlus defect that allows a real (but
    > malformed) JPEG file to run itself as raw code. Once again, that's
    > insane, and not something you can manage via safety settings.
    >
    >>> Yep, you heard me right, by using a combination of Windows security
    >>> flaws, the creators of Netsky.v figured out how to infect a
    >>> vulnerable computer without requiring the computer's owner to
    >>> double-click on an attached file.
    >
    > Old news, but still serious news that is worth hearing.
    >
    >> What's so eye-opening about getting an infection because one isn't
    >> using up to date AV software or practicing safe hex? That's a given
    >> - even if you update daily, it's possible that your AV mfr hasn't
    >> released a pattern file that can detect it yet, as you mentioned.
    >
    > Plus, you can't practice Safe Hex if the system is insane (code flaws)
    > or stupid (inexcusably bad design) to take risks with unsolicited
    > material on the user's behalf.

    True. However, much of this can be mitigated by using current-gen stuff,
    keeping it patched, firewalled, and exercising a "I trust nothing til it
    demonstrates it is safe" policy - I say much, not all.

    >
    > You can't Just Say No if you werer never asked.

    No. But you can lock down your browser (whatever you use) such that it may
    be somewhat inconvenient to use, and hence lower your risk of any infection,
    by usually saying No by default unless specifically told to permit Yes.

    >
    >> On networks running their own mail servers (which is what I mainly
    >> deal with), I block a boatload of file extensions & also scan the
    >> entirety of the message itself. Attachment types to block include
    >> exe, com, cmd, bat, pif, scr, etc etc etc - and I also scan within
    >> zip files.
    >
    > That's risk filtering, which modern OE and Outlook can apply in a
    > rather crude manner. ISPs can't do that for consumers, though what
    > they can and often do do is scan for known malware. But a new (Day
    > Zero) malware will cut through the ISP's scanner for the same reason
    > it cut through the sender's av, and your av.

    Sure - no question. One is only ever about a few steps away from the
    marauders. This is all risk management, plain and simple.
    >
    >> I'd say that spyware is usually a much larger problem than viruses
    >> are these days, honestly.
    >
    > Larger in bulk, yes - though traditional malware may bite a lot harder
    > (cause more damage) than commercial malware ("spyware")

    Yes. That was implied. Let's accept the fact that "spyware" has become a
    generic term, not unlike "Kleenex" or "Cellophane". To most people,
    spyware/malware/adware/scumware are all interchangeable - I'm in Rome, doing
    as the Romans do, despite my own ornery nature.

    >
    >> Well, outside the fact that Netsky is indeed delivered via an
    >> attachment in the first place, this is all pretty common sense stuff
    >> if you ask me. Keep everything patched and updated. Use
    >> current-generation versions of Windows
    >
    > Er... no. Yes to upgrading or avoiding vulnerable edge-facing
    > subsystems such as IE, WMP and MSware email, but I'd take a patched-up
    > Win98SE over an out-the-box XP Gold any day of the year.

    XP Gold isn't truly considered current generation now, is it.;-)
    I was fairly happy with 98SE for a while - the best of the non-NT breed.

    >
    >> Keep your firewall ON all the time. Use very good AV software (have
    >> it
    >> also scan mail if possible) that you update very frequently
    >
    > A free av updated daily's better than a commercial av updated once a
    > week, IMO. regular updates can be difficult for dial-up users, but
    > they have to just do what is required.

    Yep, in most cases.
  23. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    "Gordon" <gordonbp1@yahoo.co.uk.invalid> wrote in message > And that's
    because they are not told about security at point of purchase!
    > It's my view that Joe Public (ie those who are buying computers outside of
    > a corporate scenario) should be TOLD about computer security when they buy
    > one. For example, I was watching a show on a cable channel here in the UK
    > the other day going through the basics of computing. The presenter had
    > gone RIGHT through almost everything to do with getting an ISP, logging
    > on, browsing the internet and email use before even MENTIONING the fact
    > that "you might consider using a firewall", and I think they only did that
    > because I rang them up and told them about the ommission! The security
    > aspect should have been the FIRST thing the program covered!
    >

    This is a very interesting discussion. I'm going to print it out for my
    customers. For my small business customers I recommend at least one computer
    set up ready to go with the point of sales software and not hooked up to the
    internet in any way. That way when the point of sales go down they can
    restore last night's backup and still make sales with a reasonably up to
    date database. It's a hard sell, They don't want to pay for a PC and not use
    it. They don't believe the internet is that dangerous. The common response
    is "I've got Norton and I do Windows updates". It's scary how many of them
    have a Norton subscription that expired last month, no fire wall (although
    usually a router), SP1 (they heard SP2 caused too many problems) and the
    last time anyone scanned for spyware was the last time I was there. All I
    can do is point out the folly of their ways to them. Even when it's pointed
    out and made clear it will cost them money by calling me in once a month to
    fix things there still seems to be a "Oh well it can't be helped" attitude
    when in reality it can be mitigated to a large degree.

    Kerry
    Kerry Brown
  24. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    if you're still listening, cquirke, i would appreciate your opinion of
    the effectiveness of SurfinGuard Pro by Finjan, or any other products
    that intercept PC infections by running them in a caged sandbox.


    cquirke (MVP Windows shell/user) wrote:
    > On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"
    >
    >>JW wrote:
    >
    >
    >>>there once was a time when the only way to get an infection from an
    >>>Email message was to click on something. this is no longer true.
    >
    >
    > It hasn't been true for a long time.
    >
    > Limiting discussion to malware arriving via email (as opposed to
    > diskettes, CDRs, peer-to-peer file sharing, LAN, IM, chat, direct
    > network attacks via the Internet, hostile web sites, etc.)...
    >
    > 1) By design
    >
    > A few years ago, some thought it would be nice to add eye candy such
    > as bold text, fancy fonts, inline graphics etc. (and indeed it is).
    >
    > Outlook first did this in a proprietary way, which was Bad, because
    > email is supposed to be a standard, not a special format bound to one
    > particular email application. Do you want to send email or Outlook
    > mail? I don't deal with Outlook mail, so goodbye.
    >
    > The next logical step was to find an open standard for "rich" text,
    > and HTML came to mind. But HTML does more than allow bold, fonts,
    > inline graphics etc.; it also allows program (scripts, Java etc.) to
    > be embedded, files to be automatically linked to via the Internet, and
    > arbitrary text to be laid over URL links.
    >
    > The most obvious of these risks was scripts and other active content.
    > Some email applications were smart enough to suppress these (e.g.
    > Eudora, Pegasus), others were aware enough to offer suppression of
    > these (Netscape Mail) and others hadn't a clue (OE, Outlook 2000).
    >
    > The result: By design, the more clueless email apps will autorun
    > programmatic material in email "message text" when you "read" it.
    > This is a clear escalation of risk, and when coupled with automatic
    > preview as is the case in OE, the result is it becomes impossible to
    > highlight a message to delete it without it running as code.
    >
    > BubbleBoy demonstrated the concept, Kak used it to spread widely
    > through OE, and others (BleBla.B, San, Valentine) followed this up to
    > the extent of adding data-destructive payloads.
    >
    > 2) By design cluelessness
    >
    > If autorunning scripts by design was dumb intent (or an obliviousness
    > of implication), then the next layer of badness was design laxity.
    >
    > Files can be encoded within email messages in various ways. When the
    > message is plain text, these files are to be linked to as attachments,
    > but HTML allows certain types of files to be "opened" (intention:
    > displayed) as part of the message. This is how inline graphics and
    > autoplaying MIDI tunes work.
    >
    > There are four layers of content description at work here:
    > a) The enclosure (encoding) of the file itself
    > b) The MIME type of the file
    > c) The file name extension of the file
    > d) the internal type header data and structure of the file
    >
    > Where a standard defines an encoding process, as it does for (a), then
    > all defining criteria should be met before you decode the file. This
    > MS failed to do, so some improperly-coded files that might be ignored
    > by some software (e.g. virus checker) may be decoded as files by MS.
    >
    > Where there is risk, design should be shrink-wrapped around intent.
    > This applies to (a), (b) and (c), but once again MS has consistently
    > failed to apply risk awareness to mismatches between these layers. So
    > we see raw code in .PIF "shortcuts" being run ("opened") as code, Word
    > macros in .RTF being run even though they should not be there, and in
    > this case, raw code files mis-represented at the MIME level being
    > "opened" (run) as raw code when the "message text" is "read".
    >
    > This is an extreme escalation of risk; you think you are "reading
    > message text" (or maybe you're just trying to highlight a message to
    > delete it, and the preview "reads" it for you) but what you are really
    > doing is running raw code. BadTrans.B was the first to exploit this
    > clickless email attack, and it's been routine for malware ever since.
    >
    > 3) Via defective code
    >
    > MS responded to the above as code defects and patched them, somewhat
    > tardily (WinME's OE still autoran scripts by default, even after Kak
    > was In The Wild). But if there was a barnacle of defective code, it
    > was on the back of a volcano of bad design (scripts in "message text")
    > or absence of code design (failure to sanity-check MIME type against
    > file .ext against contents of file).
    >
    > Unlike silly design, true code defects are truly insane, running
    > roughshod over any sort of safety or risk awareness. That means you
    > typically can't defend against these via tighter settings; the only
    > fix is to patch the code defect, or use a non-defective alternate app.
    >
    > There have been true code defects that facilitate clickless attack via
    > email, and I expect there will be more in the future. So even if,
    > right now as at March 2005, you are fully patched and risk managed
    > against clickless email attacks - tomorrw's another day.
    >
    >
    >>>the following came out a year ago on April 15:
    >
    >
    >>>"The latest Netsky is squirming across the Internet as an email
    >>>without an attachment.
    >
    >
    > Now that can mean one or more of several things:
    > - an insane message structure that exploits a raw code defect
    > - an improperly-enclosed/encoded file
    > - a MIME-spoofed file the email app will open inline
    > - an explicit attachment
    > - a masked link that pulls down malware when clicked
    > - a remote graphic link that pulls down malware (no click)
    > - scripts or active content embedded within the "message"
    > - a valid but insane file that exploits when opened inline
    >
    > On the last, think of the GDIPlus defect that allows a real (but
    > malformed) JPEG file to run itself as raw code. Once again, that's
    > insane, and not something you can manage via safety settings.
    >
    >
    >>>Yep, you heard me right, by using a combination of Windows security
    >>>flaws, the creators of Netsky.v figured out how to infect a vulnerable
    >>>computer without requiring the computer's owner to double-click on an
    >>>attached file.
    >
    >
    > Old news, but still serious news that is worth hearing.
    >
    >
    >>What's so eye-opening about getting an infection because one isn't using up
    >>to date AV software or practicing safe hex? That's a given - even if you
    >>update daily, it's possible that your AV mfr hasn't released a pattern file
    >>that can detect it yet, as you mentioned.
    >
    >
    > Plus, you can't practice Safe Hex if the system is insane (code flaws)
    > or stupid (inexcusably bad design) to take risks with unsolicited
    > material on the user's behalf.
    >
    > You can't Just Say No if you werer never asked.
    >
    >
    >>On networks running their own mail servers (which is what I mainly deal
    >>with), I block a boatload of file extensions & also scan the entirety of the
    >>message itself. Attachment types to block include exe, com, cmd, bat, pif,
    >>scr, etc etc etc - and I also scan within zip files.
    >
    >
    > That's risk filtering, which modern OE and Outlook can apply in a
    > rather crude manner. ISPs can't do that for consumers, though what
    > they can and often do do is scan for known malware. But a new (Day
    > Zero) malware will cut through the ISP's scanner for the same reason
    > it cut through the sender's av, and your av.
    >
    >
    >>I'd say that spyware is usually a much larger problem than viruses
    >>are these days, honestly.
    >
    >
    > Larger in bulk, yes - though traditional malware may bite a lot harder
    > (cause more damage) than commercial malware ("spyware")
    >
    >
    >>Well, outside the fact that Netsky is indeed delivered via an attachment in
    >>the first place, this is all pretty common sense stuff if you ask me. Keep
    >>everything patched and updated. Use current-generation versions of Windows
    >
    >
    > Er... no. Yes to upgrading or avoiding vulnerable edge-facing
    > subsystems such as IE, WMP and MSware email, but I'd take a patched-up
    > Win98SE over an out-the-box XP Gold any day of the year.
    >
    >
    >>Keep your firewall ON all the time. Use very good AV software (have it
    >>also scan mail if possible) that you update very frequently
    >
    >
    > A free av updated daily's better than a commercial av updated once a
    > week, IMO. regular updates can be difficult for dial-up users, but
    > they have to just do what is required.
    >
    >
    >
    >>-- Risk Management is the clue that asks:
    >
    > "Why do I keep open buckets of petrol next to all the
    > ashtrays in the lounge, when I don't even have a car?"
    >
    >>----------------------- ------ ---- --- -- - - - -
  25. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    i meant to say

    ....or any other products that intercept PC infections by running
    scripts, ActiveX, and other mobile code in a caged sandbox.


    JW wrote:
    > if you're still listening, cquirke, i would appreciate your opinion of
    > the effectiveness of SurfinGuard Pro by Finjan, or any other products
    > that intercept PC infections by running them in a caged sandbox.
    >
    >
    >
    > cquirke (MVP Windows shell/user) wrote:
    >
    >> On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"
    >>
    >>> JW wrote:
    >>
    >>
    >>
    >>>> there once was a time when the only way to get an infection from an
    >>>> Email message was to click on something. this is no longer true.
    >>
    >>
    >>
    >> It hasn't been true for a long time.
    >>
    >> Limiting discussion to malware arriving via email (as opposed to
    >> diskettes, CDRs, peer-to-peer file sharing, LAN, IM, chat, direct
    >> network attacks via the Internet, hostile web sites, etc.)...
    >>
    >> 1) By design
    >>
    >> A few years ago, some thought it would be nice to add eye candy such
    >> as bold text, fancy fonts, inline graphics etc. (and indeed it is).
    >> Outlook first did this in a proprietary way, which was Bad, because
    >> email is supposed to be a standard, not a special format bound to one
    >> particular email application. Do you want to send email or Outlook
    >> mail? I don't deal with Outlook mail, so goodbye.
    >>
    >> The next logical step was to find an open standard for "rich" text,
    >> and HTML came to mind. But HTML does more than allow bold, fonts,
    >> inline graphics etc.; it also allows program (scripts, Java etc.) to
    >> be embedded, files to be automatically linked to via the Internet, and
    >> arbitrary text to be laid over URL links.
    >>
    >> The most obvious of these risks was scripts and other active content.
    >> Some email applications were smart enough to suppress these (e.g.
    >> Eudora, Pegasus), others were aware enough to offer suppression of
    >> these (Netscape Mail) and others hadn't a clue (OE, Outlook 2000).
    >>
    >> The result: By design, the more clueless email apps will autorun
    >> programmatic material in email "message text" when you "read" it.
    >> This is a clear escalation of risk, and when coupled with automatic
    >> preview as is the case in OE, the result is it becomes impossible to
    >> highlight a message to delete it without it running as code.
    >>
    >> BubbleBoy demonstrated the concept, Kak used it to spread widely
    >> through OE, and others (BleBla.B, San, Valentine) followed this up to
    >> the extent of adding data-destructive payloads.
    >>
    >> 2) By design cluelessness
    >>
    >> If autorunning scripts by design was dumb intent (or an obliviousness
    >> of implication), then the next layer of badness was design laxity.
    >>
    >> Files can be encoded within email messages in various ways. When the
    >> message is plain text, these files are to be linked to as attachments,
    >> but HTML allows certain types of files to be "opened" (intention:
    >> displayed) as part of the message. This is how inline graphics and
    >> autoplaying MIDI tunes work.
    >>
    >> There are four layers of content description at work here:
    >> a) The enclosure (encoding) of the file itself
    >> b) The MIME type of the file
    >> c) The file name extension of the file
    >> d) the internal type header data and structure of the file
    >>
    >> Where a standard defines an encoding process, as it does for (a), then
    >> all defining criteria should be met before you decode the file. This
    >> MS failed to do, so some improperly-coded files that might be ignored
    >> by some software (e.g. virus checker) may be decoded as files by MS.
    >>
    >> Where there is risk, design should be shrink-wrapped around intent.
    >> This applies to (a), (b) and (c), but once again MS has consistently
    >> failed to apply risk awareness to mismatches between these layers. So
    >> we see raw code in .PIF "shortcuts" being run ("opened") as code, Word
    >> macros in .RTF being run even though they should not be there, and in
    >> this case, raw code files mis-represented at the MIME level being
    >> "opened" (run) as raw code when the "message text" is "read".
    >>
    >> This is an extreme escalation of risk; you think you are "reading
    >> message text" (or maybe you're just trying to highlight a message to
    >> delete it, and the preview "reads" it for you) but what you are really
    >> doing is running raw code. BadTrans.B was the first to exploit this
    >> clickless email attack, and it's been routine for malware ever since.
    >>
    >> 3) Via defective code
    >>
    >> MS responded to the above as code defects and patched them, somewhat
    >> tardily (WinME's OE still autoran scripts by default, even after Kak
    >> was In The Wild). But if there was a barnacle of defective code, it
    >> was on the back of a volcano of bad design (scripts in "message text")
    >> or absence of code design (failure to sanity-check MIME type against
    >> file .ext against contents of file).
    >>
    >> Unlike silly design, true code defects are truly insane, running
    >> roughshod over any sort of safety or risk awareness. That means you
    >> typically can't defend against these via tighter settings; the only
    >> fix is to patch the code defect, or use a non-defective alternate app.
    >>
    >> There have been true code defects that facilitate clickless attack via
    >> email, and I expect there will be more in the future. So even if,
    >> right now as at March 2005, you are fully patched and risk managed
    >> against clickless email attacks - tomorrw's another day.
    >>
    >>
    >>>> the following came out a year ago on April 15:
    >>
    >>
    >>
    >>>> "The latest Netsky is squirming across the Internet as an email
    >>>> without an attachment.
    >>
    >>
    >>
    >> Now that can mean one or more of several things:
    >> - an insane message structure that exploits a raw code defect
    >> - an improperly-enclosed/encoded file
    >> - a MIME-spoofed file the email app will open inline
    >> - an explicit attachment
    >> - a masked link that pulls down malware when clicked
    >> - a remote graphic link that pulls down malware (no click)
    >> - scripts or active content embedded within the "message"
    >> - a valid but insane file that exploits when opened inline
    >>
    >> On the last, think of the GDIPlus defect that allows a real (but
    >> malformed) JPEG file to run itself as raw code. Once again, that's
    >> insane, and not something you can manage via safety settings.
    >>
    >>
    >>>> Yep, you heard me right, by using a combination of Windows security
    >>>> flaws, the creators of Netsky.v figured out how to infect a vulnerable
    >>>> computer without requiring the computer's owner to double-click on an
    >>>> attached file.
    >>
    >>
    >>
    >> Old news, but still serious news that is worth hearing.
    >>
    >>
    >>> What's so eye-opening about getting an infection because one isn't
    >>> using up
    >>> to date AV software or practicing safe hex? That's a given - even if you
    >>> update daily, it's possible that your AV mfr hasn't released a
    >>> pattern file
    >>> that can detect it yet, as you mentioned.
    >>
    >>
    >>
    >> Plus, you can't practice Safe Hex if the system is insane (code flaws)
    >> or stupid (inexcusably bad design) to take risks with unsolicited
    >> material on the user's behalf.
    >> You can't Just Say No if you werer never asked.
    >>
    >>
    >>> On networks running their own mail servers (which is what I mainly deal
    >>> with), I block a boatload of file extensions & also scan the entirety
    >>> of the
    >>> message itself. Attachment types to block include exe, com, cmd, bat,
    >>> pif,
    >>> scr, etc etc etc - and I also scan within zip files.
    >>
    >>
    >>
    >> That's risk filtering, which modern OE and Outlook can apply in a
    >> rather crude manner. ISPs can't do that for consumers, though what
    >> they can and often do do is scan for known malware. But a new (Day
    >> Zero) malware will cut through the ISP's scanner for the same reason
    >> it cut through the sender's av, and your av.
    >>
    >>
    >>> I'd say that spyware is usually a much larger problem than viruses
    >>> are these days, honestly.
    >>
    >>
    >>
    >> Larger in bulk, yes - though traditional malware may bite a lot harder
    >> (cause more damage) than commercial malware ("spyware")
    >>
    >>
    >>> Well, outside the fact that Netsky is indeed delivered via an
    >>> attachment in
    >>> the first place, this is all pretty common sense stuff if you ask me.
    >>> Keep
    >>> everything patched and updated. Use current-generation versions of
    >>> Windows
    >>
    >>
    >>
    >> Er... no. Yes to upgrading or avoiding vulnerable edge-facing
    >> subsystems such as IE, WMP and MSware email, but I'd take a patched-up
    >> Win98SE over an out-the-box XP Gold any day of the year.
    >>
    >>
    >>> Keep your firewall ON all the time. Use very good AV software (have
    >>> it also scan mail if possible) that you update very frequently
    >>
    >>
    >>
    >> A free av updated daily's better than a commercial av updated once a
    >> week, IMO. regular updates can be difficult for dial-up users, but
    >> they have to just do what is required.
    >>
    >>
    >>
    >>> -- Risk Management is the clue that asks:
    >>
    >>
    >> "Why do I keep open buckets of petrol next to all the
    >> ashtrays in the lounge, when I don't even have a car?"
    >>
    >>> ----------------------- ------ ---- --- -- - - - -
  26. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Kerry Brown wrote:
    || They don't| believe the internet is that dangerous. The common response
    is "I've
    || got Norton and I do Windows updates". It's scary how many of them
    || have a Norton subscription that expired last month,

    Even more scary is the places I've been where the Norton AV expired last
    YEAR! (Or whenever the free trial was up, after the machine was bought!)


    --
    Interim Systems and Management Accounting
    Gordon Burgess-Parker
    Director
    www.gbpcomputing.co.uk
  27. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Even MORE scary is when the user doesn't understand what you mean when you
    say the AV has expired. They believe that the initial purchase is all they
    need to do to be eternally protected.

    "Gordon" <gordonbp1@yahoo.co.uk.invalid> wrote in message
    news:OzVu7W7IFHA.4060@TK2MSFTNGP14.phx.gbl...
    > Kerry Brown wrote:
    > || They don't| believe the internet is that dangerous. The common response
    > is "I've
    > || got Norton and I do Windows updates". It's scary how many of them
    > || have a Norton subscription that expired last month,
    >
    > Even more scary is the places I've been where the Norton AV expired last
    > YEAR! (Or whenever the free trial was up, after the machine was bought!)
    >
    >
    > --
    > Interim Systems and Management Accounting
    > Gordon Burgess-Parker
    > Director
    > www.gbpcomputing.co.uk
    >
  28. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    On Mon, 7 Mar 2005 19:08:08 -0500, "Lanwench [MVP - Exchange]"
    >cquirke (MVP Windows shell/user) wrote:
    >> On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"

    >> Plus, you can't practice Safe Hex if the system is insane (code flaws)
    >> or stupid (inexcusably bad design) to take risks with unsolicited
    >> material on the user's behalf.

    >True. However, much of this can be mitigated by using current-gen stuff,
    >keeping it patched, firewalled, and exercising a "I trust nothing til it
    >demonstrates it is safe" policy - I say much, not all.

    Yep - the bottom line is, it's "all of the above". This question
    blows up whenever someone pronounces the problem as being solely due
    to users (e.g. one poster who still speaks of commercial malware in
    terms of "software you chose to install") or system software (e.g. as
    if all malware were clickless in nature).

    >Let's accept the fact that "spyware" has become a generic term,
    >not unlike "Kleenex" or "Cellophane".

    Let's not. One's understanding flows from the terms one uses, and the
    more inaccurate these are, the more mental dissonance is involved in
    understanding things. So I'll still refer to commercial malware as
    commercial malware, even if I have to write extra text bridging the
    gap between that term and "spyware" :-)

    The other reason is that one of the defining things about commercial
    malware is that because the vendors are commercial entities with
    pretentions to legitimacy, they can sue you for calling them bad
    things. So a creator of pushed software that steals revenue from
    sites by covering the ads (or the whole page) with their own material
    can win thier case as long as they don't send info home, because if
    they don't gather info from your PC, they are not "spyware".

    >XP Gold isn't truly considered current generation now, is it.;-)

    Yes and no.

    The good news is that XP Gold users don't have to pay for SP2 as a new
    Windows version, in order to get an updated installation CD.

    The bad news is that XP Gold users cannot get an updated installation
    CD. They can get SP2 on a CD, yes, but that's not the same thing.

    So as long as "just" re-install Windows (either as a "repair install"
    or fresh) is seen as a valid maintenance strategy, XP Gold lives.

    >I was fairly happy with 98SE for a while - the best of the non-NT breed.

    Using it still, as the phone answering software doesn't work on XP
    (seems as if phone messaging is too drab an application for anyone to
    do it properly; MS hasn't taken an interest)

    >> A free av updated daily's better than a commercial av updated once a
    >> week, IMO. regular updates can be difficult for dial-up users, but
    >> they have to just do what is required.

    >Yep, in most cases.

    I'm trying to think of an av that's bad enough to be the exception to
    this rule, and failing :-)


    >--------------- ----- ---- --- -- - - -
    Never turn your back on an installer program
    >--------------- ----- ---- --- -- - - -
  29. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    cquirke (MVP Windows shell/user) wrote:
    > On Mon, 7 Mar 2005 19:08:08 -0500, "Lanwench [MVP - Exchange]"
    >
    >>cquirke (MVP Windows shell/user) wrote:
    >>
    >>>On Sun, 6 Mar 2005 14:28:07 -0500, "Lanwench [MVP - Exchange]"
    >
    >
    >>>Plus, you can't practice Safe Hex if the system is insane (code flaws)
    >>>or stupid (inexcusably bad design) to take risks with unsolicited
    >>>material on the user's behalf.
    >
    >
    >>True. However, much of this can be mitigated by using current-gen stuff,
    >>keeping it patched, firewalled, and exercising a "I trust nothing til it
    >>demonstrates it is safe" policy - I say much, not all.
    >
    >
    > Yep - the bottom line is, it's "all of the above". This question
    > blows up whenever someone pronounces the problem as being solely due
    > to users (e.g. one poster who still speaks of commercial malware in
    > terms of "software you chose to install") or system software (e.g. as
    > if all malware were clickless in nature).
    >
    >
    >>Let's accept the fact that "spyware" has become a generic term,
    >>not unlike "Kleenex" or "Cellophane".
    >
    >
    > Let's not. One's understanding flows from the terms one uses, and the
    > more inaccurate these are, the more mental dissonance is involved in
    > understanding things. So I'll still refer to commercial malware as
    > commercial malware, even if I have to write extra text bridging the
    > gap between that term and "spyware" :-)
    >
    > The other reason is that one of the defining things about commercial
    > malware is that because the vendors are commercial entities with
    > pretentions to legitimacy, they can sue you for calling them bad
    > things. So a creator of pushed software that steals revenue from
    > sites by covering the ads (or the whole page) with their own material
    > can win thier case as long as they don't send info home, because if
    > they don't gather info from your PC, they are not "spyware".
    >
    >
    >>XP Gold isn't truly considered current generation now, is it.;-)
    >
    >
    > Yes and no.
    >
    > The good news is that XP Gold users don't have to pay for SP2 as a new
    > Windows version, in order to get an updated installation CD.
    >
    > The bad news is that XP Gold users cannot get an updated installation
    > CD. They can get SP2 on a CD, yes, but that's not the same thing.
    >
    > So as long as "just" re-install Windows (either as a "repair install"
    > or fresh) is seen as a valid maintenance strategy, XP Gold lives.
    >
    >
    >>I was fairly happy with 98SE for a while - the best of the non-NT breed.
    >
    >
    > Using it still, as the phone answering software doesn't work on XP
    > (seems as if phone messaging is too drab an application for anyone to
    > do it properly; MS hasn't taken an interest)
    >
    >
    >>>A free av updated daily's better than a commercial av updated once a
    >>>week, IMO. regular updates can be difficult for dial-up users, but
    >>>they have to just do what is required.
    >
    >
    >>Yep, in most cases.
    >
    >
    > I'm trying to think of an av that's bad enough to be the exception to
    > this rule, and failing :-)
    >


    maybe the free AVG AntiVirus program by Grisoft is an example.

    according to tests conducted for the following article (not conducted by
    the actual writers/editors of PC World), up-to-date AVG only caught 82%
    of all malware included in the test, and only caught 24% of all Trojans
    included in the test.

    http://www.pcworld.com/reviews/article/0,aid,115939,pg,5,00.asp

    if McAfee were not updated but once a week, it would still detect 99% of
    all malware and Trojans, minus the number of new infections spread
    within the last 7 days.

    remember i said "maybe". i know this is offset by the probability that
    attacks by new infections are greater than by old infections.
  30. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    > Even MORE scary is when the user doesn't understand what you mean
    > when you say the AV has expired. They believe that the initial
    > purchase is all they need to do to be eternally protected.

    "Yes, I have antivirus. Norton version 0 came with my Gateway when I bought
    it in 1995. What do you mean "subscribe" ?"
    >
    > "Gordon" <gordonbp1@yahoo.co.uk.invalid> wrote in message
    > news:OzVu7W7IFHA.4060@TK2MSFTNGP14.phx.gbl...
    >> Kerry Brown wrote:
    >>>> They don't| believe the internet is that dangerous. The common
    >>>> response is "I've got Norton and I do Windows updates". It's scary
    >>>> how many of them
    >>>> have a Norton subscription that expired last month,
    >>
    >> Even more scary is the places I've been where the Norton AV expired
    >> last YEAR! (Or whenever the free trial was up, after the machine was
    >> bought!)
    >>
    >>
    >> --
    >> Interim Systems and Management Accounting
    >> Gordon Burgess-Parker
    >> Director
    >> www.gbpcomputing.co.uk
  31. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    > "Yes, I have antivirus. Norton version 0 came with my Gateway when I
    > bought
    > it in 1995. What do you mean "subscribe" ?"

    YES!!! Absolutely! Can't tell you how many times I've heard that.
  32. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Scott M. wrote:
    >> "Yes, I have antivirus. Norton version 0 came with my Gateway when I
    >> bought
    >> it in 1995. What do you mean "subscribe" ?"
    >
    > YES!!! Absolutely! Can't tell you how many times I've heard that.

    Me too. That's one of the reasons I rarely do any work on home computers -
    if they pay me cash, maybe - and only then if I know it's a newish computer,
    already in pretty decent overall shape, they have all their software
    installation media, etc. Otherwise I suggest that the user take the PC to a
    computer repair store as they likely can't afford to pay me my hourly rate
    for as long as it will take me to fix their stuff up.
  33. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    > Me too. That's one of the reasons I rarely do any work on home computers -
    > if they pay me cash, maybe - and only then if I know it's a newish
    > computer,
    > already in pretty decent overall shape, they have all their software
    > installation media, etc. Otherwise I suggest that the user take the PC to
    > a
    > computer repair store as they likely can't afford to pay me my hourly rate
    > for as long as it will take me to fix their stuff up.
    >
    >

    I wish I could pick and choose but I made my decision when I decided I
    wanted a rural life. I have to take the work that presents itself :-)

    Kerry
  34. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    I only do work like this for friends and relatives, but when I do, the
    problems are usually so bad that a complete formatting of the hard drive
    (along with an FDISK /mbr) is in order. It turns out to be a whole lot
    easier than chasing every bad registry key and trojan.


    "Kerry Brown" <kerry@kdbNOSPAMsystems.c*o*m> wrote in message
    news:uPoZ1SsJFHA.1096@tk2msftngp13.phx.gbl...
    >> Me too. That's one of the reasons I rarely do any work on home
    >> computers -
    >> if they pay me cash, maybe - and only then if I know it's a newish
    >> computer,
    >> already in pretty decent overall shape, they have all their software
    >> installation media, etc. Otherwise I suggest that the user take the PC to
    >> a
    >> computer repair store as they likely can't afford to pay me my hourly
    >> rate
    >> for as long as it will take me to fix their stuff up.
    >>
    >>
    >
    > I wish I could pick and choose but I made my decision when I decided I
    > wanted a rural life. I have to take the work that presents itself :-)
    >
    > Kerry
    >
    >
Ask a new question

Read More

Firewalls Software Windows XP