Monday, September 20, 2004

Enforced security

It's Monday, so it must be time for another round of spyware, spam and virus attacks in my inbox.
Ah, but what's this.... up-to-date anti-virus, a firewall, intrusion protection and even WinXP Service Pack 2.... curses, no luck here malware, just move along now....

I take as much personal responsibility for the integrity of my computers as I can. A defence in depth strategy means I probably waste CPU cycles warding off an evil eye that will never get as far as that level of protection, but it sure makes me feel better.

So, what do I consider adequate;

  • All incoming mail is pre-screened for Spam and viruses via (and yup, I report spammers to their ISP as part of my daily routine) ... cuts out a lot of the chaff, and acts as a first-line against virus infection
  • My PC runs a firewall. For choice, Kerio Personal Firewall, or Outpost (although ZoneAlarm is pretty good as well and very approachable). Having the Internet Firewall on by default in WinXP sp2 is a good step in the right direction, but as it has no outbound management it's a false sense of security if you are compromised.
  • Spyware, Trojans, Diallers, Adware, Hijackers... all these are risks you take when you venture onto the electric internet... The most well known defences against these are Adaware and Spybot Search & Destroy... both of which are good, but I'm very impressed with a new utility by the name of PrevX Home which is much more reactive because unlike the others (and most anti-virus software) it does not rely on pre-defined pattern or signature files, but more by observing behaviour.
  • Virus infection can be fatal for a machine. Too many people install the anti-virus that comes with their PC and when the free period expire never update it.... so each day they become less use, until the day a newer infection that their latest signature file was installed. Even a day out of date can be a day too long. Personally I swear by NOD32. Mcafee have had some recent issues (both PC and Mac) but both they and Symantec have good, reliable protection - provided users make sure they keep it up to date.
  • DSL connection is via a hardware router which includes basic firewall and address translation to make sure no machine is directly visible unless it initiates the outbound connection.

so, why does this all matter.... I have to take these measures, and wade through pages of spam every day because the vast majority of users out there don't know how to take these precautions, and / or despite reading about it every few days in the paper they still assume it's nothing to do with them... well, they need a wake up call... running an unpatched, unprotected Win98 is like trying to travel a freeway on a high power motorcycle with no protective gear.... it's going to go horribly wrong one day.

so, a radical suggestion.... WinXP service pack 2 adds a neat(ish) new feature that allows the OS to monitor firewall and antivirus status... what if that info was available to an ISP and they had the ability to block you from going anywhere by Windows Update, anti virus sites and firewall sites..... at least that way users are forced to consider what they're doing, or not doing, to help keep the internet safe

No comments: