Security for Windows 7

Topic

New Reply

I have read the recent articles concerning security for Windows 7. I am using Microsoft Widows Essentials with Trusee Rapport as a support for sensitive areas.

What is your view on the various pai and free security systems availabe and do you prefer a different way forward that what I am using and if so. Why?

Gerrimac:rolleyes:

Reply | Quote

Replies

This same topic has been asked and discussed several times in this forum:

Which Anti Virus

MSE, How good is it?

Anti Virus Thoughts

Recommend AV software

and others.

Reply | Quote

Trusteer Rapport is usually touted by banks as extra security, if you bank using your computer, you’d be safer doing it via a live Linux distro like Ubuntu.

Rapport can also trigger BSOD’s.

Reply | Quote

Many than:rolleyes:ks for all the advice given by fellow loungers. This is my first post and i have been most impressed with all replies

Gerrimac

Reply | Quote

if you bank using your computer, you’d be safer doing it via a live Linux distro like Ubuntu.

Why?

Rapport can also trigger BSOD’s.

So can any program.

Bruce

Reply | Quote

Sorry Bruce, I hadn’t noticed your questions:
1: How can a CD become infected when it’s read-only?
2: No they can’t, most programs are kept way clear of the Windows kernel and can only crash themselves and maybe trigger Explorer to crash as a result; most of the time I see Rapport listed as loaded in a BSOD crash dump, it ends up as being implicated in the crash.

Reply | Quote

Sorry Bruce, I hadn’t noticed your questions:
1: How can a CD become infected when it’s read-only?
2: No they can’t, most programs are kept way clear of the Windows kernel and can only crash themselves and maybe trigger Explorer to crash as a result; most of the time I see Rapport listed as loaded in a BSOD crash dump, it ends up as being implicated in the crash.

1) Linux Live is not a CD. It is a RAM-resident OS. It can become infected during use, and for that session, the PC would be at risk. Lots of personal data could be stolen before the session is ended. And Linux Live can and does write to the hard drive. So can anything malicious which might be able to operate during the session. That having been said, Linux doesn’t get infected by Windows malware, so malware in a Linux session isn’t really much of an issue. But many web sites need to use Active-X controls or other Windows-specific technologies. Those sites will not admit Linux beyond the initial log-ins.

2) I’m with BruceR on this one. I’ve seen ProSet Wireless, Acronis True Image Home, Firefox, Super Antispyware (while updating) and other Windows programs crash with BSODs. While not every program has ever done this, an amazing variety of programs somehow manage to outstrip the available system resources, and sure enough, BSOD is the result. BSOD may be generated in the Windows Kernel (often due to driver issues or hardware resources being improperly accessed), but its origins and causes can be elsewhere in the OS or in programs.

From Wikipedia:

Some users have reported problems with Rapport, including high CPU utilisation and difficulty in removing the software.^[10] Recently, updates made to Rapport have caused user machines to fail at boot-up with a Blue Screen of Death; the problems are resolved by renaming the file RapportEI.sys.^[10]
In a recent presentation given at 44con, bypassing Trusteer Rapport’s keylogger protection was shown to be relatively trivial.^[11]

RapportEI.sys was at the roots of these BSODs, it seems.That’s a System Kernel Level Driver issue. Classic. The renaming totally defeats the security provided by Rapport, as the renamed System Kernel Level Driver won’t be invoked by the program.

Brian Krebbs analyzes Rapport’s security in this article.

-- rc primak

Reply | Quote

Sorry Bruce, I hadn’t noticed your questions:
1: How can a CD become infected when it’s read-only?

Are bank sites a common source of viruses?

Bruce

Reply | Quote

Are bank sites a common source of viruses?

Bruce

Which part of my original comment do you not understand?

Trusteer Rapport is usually touted by banks as extra security, if you bank using your computer, you’d be safer doing it via a live Linux distro like Ubuntu.

Rapport can also trigger BSOD’s.

Reply | Quote

Which part of my original comment do you not understand?

This bit: “if you bank using your computer, you’d be safer doing it via a live Linux distro”.

That was what I quoted before asking “Why?”

Is that what you do?

Bruce

Reply | Quote

I’m probably the odd man out in here;

I use MSE with MBAM’s free edition for supplemental spot checking and nothing else.
I also have UAC turned completely off and do not operate outside my admin account.

I use the default Windows 7 firewall with a hardware router.

The largest extent of my security goes into the way I use my computer and a backup regimen in place that I can rely on.
If I ever need to do a system recovery it would not take any longer than 20 min to an hour.

I have yet to encounter a serious issue since moving to Windows 7 64 bit with this setup.

Reply | Quote

Many thanks to eveyone for your very good advice.

Gerrimac:rolleyes:

Reply | Quote

Actually Clint, my setup is almost identical to yours. I firmly believe in a multi-layered security system. The only difference is Malwarebytes Pro in real time.

Reply | Quote

Ted, you said

Actually Clint, my setup is almost identical to yours. I firmly believe in a multi-layered security system. The only difference is Malwarebytes Pro in real time.

Did you drop the third party firewall in addition to the Windows firewall?

Jerry

Reply | Quote

*The same old security advice preached over the years, like scrutinizing email attachments and avoiding using email links, are
just as valuable today as they were when Windows 98 first came out, or earlier.
*Keeping up on the shenanigans spammer’s and other miscreants use in everyday web browsing and websites too, goes a long way in preventing, or at least
catching and curtailing browser redirects, …that seems to be quite common problem today.

Browser redirects, I find, are among the worst of it. Using taskmanager to close them out are a pain in the butt, but that is what needs to be done
when your browser gets intractably redirected. These days you can have 10 browser windows open and 4 to 6 of them may be redirected or rendered useless.
More of an anoyance than anything, but novices can easily pick up something nasty in the process.

*Another big problem for many users are a bad habbit of installing software directly from an internet site’s download link. Go to the main site to download
a specific program if possible and avoid third party links when possible…and allow your AV/AM app to do it’s job after the app has been downloaded to a secure location.

Some of the best security will be one’s working knowledge of his/her own setup; what software processes are running and the why/where/when/how of it.
Just an indepth overall knowledge of what’s running in your system will make it much easier when it comes time to spot something that doesn’t look right.

And of course the most important; a tried and true means of a backup and restoration regimen.
There are many possibilities and regimens, find one that works best for you and don’t rely on System Restore, it’s a bandaid solution at best for n00bs with no other working recourse. In otherwords, it’s not to be relied upon for your sole means of getting yourself out of trouble.

Reply | Quote

Yes, I dropped the 3rd party firewall a while ago when they sold out to Emisoft and changed the version levels.

Reply | Quote

@Clint
My wife’s PC encounters browser redirect problem very recently.
I ran Mbam Free from CD. Did not find any. Downloaded a fresh Mbam Free. Founding nothing. The already ‘Real Time Protection’ MSE was no help on detecting beforehand. Also ran MSE full scan; found nothing.
1. Would you give us a tutorial on getting rid of this annoying redirect?
2. My wife was a venturous kind. Could you give a ‘talk’ on how the infection occur?
3. Is log on as User better than Admin against this infection?
System Info:
Vista32, Firefox and IE. MSE for real-time protection; up to date.
Has router as hardware firewall.
[Log on as Admin while surfing (!).]
IE gets more redirects. Firefox too but seems less than IE.

Reply | Quote

Clint is 100% correct. You can’t stop everything, but knowledge is one of your best defenses.

Regarding A/V, I’ve long been a proponent for paid products, Kaspersky being my most recent favorite. Still there’s something to be said for free products. In particular MSE. At work we’re implementing SCCM (Microsoft Systems Center) which also gives us Microsoft Endpoint Protection. MS Endpoint Protection is nothing more than MSE with an enterprise management layer over the top. We were skeptical at first but have had several glowing recommendations by people in IT that have no special reason to endorse Microsoft. Once my current supscription to Kaspersky is up at home, I’m switching to MSE.

Reply | Quote

I use a setup for Windows 7 very similar to CLiNT. But since I have a 64-bit installation, I prefer a native 64-bit scanner for second opinions. MBAM, while good, is a hybrid 32/64 application. Super Antispyware is a native 64-bit scanner. I haven’t tried to install Version 5.5 into Windows 8 RP yet, so I also use a shortcut to my Windows 7 installation of SAS to scan Win 8 RP (pinned to the Win 8 taskbar on the Legacy Desktop). SAS Definitions have to be updated in both OSes to be up to date, but otherwise, the scanner seems to be doing its job equally well on either side of my dual-boot setup. Windows 8 renames MSE as Windows Defender, but otherwise, there’s little if any difference.

So my setup for Windows 7 is MSE-4 plus Super Antispyware 64-bit. I see no reason to add anything else, except to place privacy controls into both IE 9/10 and Chrome browsers. (I don’t use Firefox in Windows 7 because I didn’t like the way it was using system resources. And in Win 8 there’s no Metro version of Firefox.) Browser choice is not so important as being careful in web browsing, email viewing and downloading behaviors. Among other user habits.

-- rc primak

Reply | Quote

@scaisson
Most if not all of the browser redirects I have encountered did not leave a lasting impression. (nothing installed into the OS’s code or otherwise)
This is by far the most common; browsing the internet when all of a sudden with your nest click you get redirected to another site, and if you’ve had several browser tabs open, some of them may be affected as well. But quite often it’s confined to those open browser windows and nothing infectious gets through….provided they are closed down and usually with taskmanager, one should, obviously, avoid clicking on anything in the redirected browser window(s). Many times you’ll see they are aggressive ads.

So there won’t be much one can do to avoid this sort of browser redirect, and it will be far more prevalent on the darker seedier side of the internet, among other places. And yes, it does seem to occure more often in IE than many other browsers.

One thing that one should do after encountering these redirects would be to empty the browser’s cache. MSE has on occasion detected things like this lurking in there: Rogue:JS/FakePAV. (after encountering a page with the following…)

Every once in a while I’ll run into a redirect that sends me to a page with the fake “Windows Antivirus 2012”, that is when taskmanager should be used.
It’s far better to loose all your open browser windows than to get infected by this thing.

Limited User Account
Yes, it would be better to browse while in a limited user account as opposed to a full admin account.
I have a bad habbit of not doing this as I have used the admin account soly for many years and I just can’t get myself into switching to a more limited account for some tasks. It took me years to even consider password protecting the admin account, that’s how lazy I am.

Super Antispyware
Yes, I do have a version of Super Antispyware waiting in the wings, not installed on my system, and probably in need of a version update,
but I do like to keep copies around in the event I need a second, second opinion. I like to keep the amount of installed programs to a
minimal.

Reply | Quote

Bob, I suggested banking via a Linux live distro, not surfing for hours from it then going to do your banking. Those sites don’t need to use ActiveX either – they chose to design them that way, poor ‘expert’ advice, perhaps?

Bad drivers, hardware and (partially removed) malware are the majority cause of BSOD’s, drivers include low-level programs like Acronis, SuperantiSpyware (though if it crashed during an update, it was more likely to have been triggered by an infection or bad drivers/hardware) and security programs generally (even those that were ‘uninstalled’).

To take your Firefox as an example of a program that ’causes’ BSOD’s, I have analysed somewhere in the region of 250 crashes across 110 machines in the last 10 weeks and none have been down to Firefox, or any ‘normal’ program. I’ve also looked at probably a similar number of analyses online in that period and I saw none there either.

When it comes to Windows resources running low, most users would recognize there’s a problem before the crash happens – the machine would slow to a crawl – I know, I’ve done it many times in the past. Overloading a computer to that extent does not mean a program like Firefox is responsible for the memory leak, look to the add-ons, plugins, Windows damage by ‘cleaners’, bad ‘tweaks’, remnants of old security software, torrents running in the background; heck even Windows Updates causes more BSOD’s than normal programs. Sure there are exceptions – but they are exceptionally rare with modern OS’s.

Edit, I forgot to list motherboard ‘utilities’ as a major BSOD cause in para. 2.

Re. your edit: I was a sometime user of Rapport for about a year or so, mid 2008 (probably after reading BK’s first report on Rapport) to probably late 2010 in several long testing sessions, but never saw any real problems from it, I did start noticing comments and problems from other users about it from about mid-2009 onwards. I don’t recall any involvement with a Rapport BSOD until last year, since then I’ve dealt with 2 or 3 more and advised it’s removal a similar number of times during BSOD troubleshooting.

Reply | Quote

Bruce, the discussion is about security for Windows 7. Assuming the OP (and most readers) doesn’t have a Windows 7 machine set aside purely for banking, they would need to use their everyday machine, as that machine is used for multiple tasks: browsing, emailing, social networking, etc., it has a relatively high potential for becoming infected.

A safer way to bank would be to use a live Linux distro on that machine – for banking.

Once the banking is completed, reboot into W7 and continue normal tasks.

Can you follow that? If not, where did I lose you?

No, I don’t bank online.

Reply | Quote

Bruce, the discussion is about security for Windows 7.

So Linux is off-topic?

Assuming the OP (and most readers) doesn’t have a Windows 7 machine set aside purely for banking, they would need to use their everyday machine, as that machine is used for multiple tasks: browsing, emailing, social networking, etc., it has a relatively high potential for becoming infected.

I’d like to think that most Windows 7 machines used for those things and banking, including mine, have an extremely low potential for becoming infected.

Especially little chance of a keylogger (including form grabber or screen capture); which is the relevant threat here, right?

A safer way to bank would be to use a live Linux distro on that machine – for banking.

Once the banking is completed, reboot into W7 and continue normal tasks.

Can you follow that? If not, where did I lose you?

Just about. But you didn’t spell out that the purpose would be to avoid a pre-existing infection with a keylogger.

Wouldn’t only the most paranoid one in a million want to reboot every time before checking their bank balance?

No, I don’t bank online.

I didn’t realise that was feasible these days. You still get dead-tree statements via snail mail?

Why did you use Rapport if you don’t bank online? Isn’t it only available for download from banks?

Bruce

Reply | Quote

Ok Bruce,

The following link is to a description of a fairly typical illustration of how malware is distributed: http://blogs.technet.com/b/mmpc/archive/2012/04/27/a-tangled-web.aspx

Would you care to guess, explain or describe which machine has the higher potential for exploitation via this kind of method, a typical Windows 7 machine or a live Linux distro used exclusively for banking?

Reply | Quote

I’d like to report my experience on cleaning malware, particularly redirect malware. As I posted previously, my wife’s laptop got infected by redirect rootkit (more later on ‘rootkit’). I was able to cleaned it, with some heartburns, and left somewhat a distaste about MS Security Essentials, MSE. More on that later.

The major infection is ‘book kit’, not rootkit. Book kit infects the MBR of the boot hdd. As such it’d restart when you reboot, and reinfect the PC. Many anti-malware could not detect it because it resides in MBR. Worse, once it starts, it creates mulitples of itself in the hdd, and also downloads other malware. In my case, it even blocks MSE and other anti-malware. The worst part is it communicates with the infector. The PC is somewhat monitored and controlled by the infector. The PC will be monitored by the infector who can take defensive actions against your disinfecting efforts. The latter is my case!

Even running TDDSkiller, awsMBR, Catchme, and 6 other virus cleaners, did not help. Always got re-inffected because of counter measures. Soon I realized and pulled the network plug. It worked but short victory. Then the PC was in endless reboot cycle. MSE attempts to cleaning at boot (because it detects virus), but the PC reboots by malware, stopping a complete cleaning by MSE.
This endless reboot is the nightmare. The culprit? MSE!
MSE cleaning is incomplete in previous boot. The malware shuts PC down first, stopping a complete clean. Thus, repeats reboot endlessly.
Solutlion to stop reboot endlessly: (Quick, only 1 minute to do it!)
1. As soon as you enter your logon password, press Ctrl-Alt-Del to get to Task Manager. Click the box ‘all users’ to show all processes. In process tab, look for MSE process: ‘MsMpEng.exe’. Right click and kill the process. Do it quick, and as soon as the process appears. Wait, don’t go away! It’ll come back a few times. Keep killing it fast, until it does not come back. Now the one-minute-to-reboot stops.
2. Start-Search or Run, enter msconfig.exe and start it. In the General tab, click ‘Selective Startup’. Sub boxes are defaults.
3. In Services tab, find and UNcheck ‘Ms Antimalware Services’.
4. In Startup tab, UNcheck ‘Ms Security Client’.
This will stop MSE loading and running at boot up. Now it won’t reboot endlessly.
4. Pull the network plug if not already! Power off PC then on. Uninstall MSE immediately. (MSE cannot be uninstalled in Safe Mode. The endless reboot cycle will also happen in Safe Mode.)
5. Preferably use a CD/DVD to start TDDSkiller, AntiMalwareBytes, etc. This will prevent being modified by malware because it is a CD. The software will find virus, MBR infection, and clean them. This time, the remote virus guy cannot make counter measures because there is no network.
6. Reboot. Run msconfig.exe. Make sure MSE is not there. Then in General tab, click ‘Normal’ Startup. Reboot.
7. If in doubt, *full scan* again with the available anti-malware software.
8. Reconnect network. Reboot.
9. At this point, you can even download and re-install MSE. [Recommend against it.]

For any other anti-malware, other than MSE, you can disable it without this endless reboot, and leaving you only (exactly) 1 minute to do the msconfig.exe mod. I’m not fast enough, I have to kill MSE process first (via Task Manager).
I now have **serious second thoughts** about MSE.

Reply | Quote

The following link is to a description of a fairly typical illustration of how malware is distributed: http://blogs.technet.com/b/mmpc/archive/2012/04/27/a-tangled-web.aspx

Would you care to guess, explain or describe which machine has the higher potential for exploitation via this kind of method, a typical Windows 7 machine or a live Linux distro used exclusively for banking?

No hint of a keylogger there, so what’s the relevance to banking?

But, as shown by the link from that page to Exploit:Java/CVE-2010-0840, Microsoft Security Essentials has protected against that exploit for the last 18 months.

Bruce

Reply | Quote

There is NO AV/AM app that catches all nasties. That is why I have a multi-layered approach. I do use MSE on several PC’s. I also have Malwarebytes Pro on my laptop (recent addition) I have both a S/W firewall (Windows) and a H/W firewall in my router. I have NEVER had an infection. Perhaps I’m real lucky, or perhaps my habits are safer, who knows.

The easiest way to eliminate a virus or malware is to format and restore from an Image. When I create an Image it includes both my dual boot OS’s and my MBR. Then if somehow something gets through my defenses, I simply restore from my Up To Date Image (did I mention I recreate Images whenever I make a change on my PC). It takes less than 10 minutes, and voila, the nasty is gone.

Reply | Quote

My recipe for security: Emsisoft Anti-malware, a consistently top ranked double scanner AV and antimalware app; Online Armor Pro, a network and OS software firewall, excellent one and that will stay out of your way after a short initial effort configuring it. All this behind a hardware firewall. I also manually run the free version of Malwarebytes antimalware.

Reply | Quote

Bruce, it’s described as a fairly typiical method of how malware is distributed, which malware is distrubuted is highly variable.

Do you really think keyloggers are the only risk to online banking?

Reply | Quote

Do you really think keyloggers are the only risk to online banking?

Yes.

Bruce

Reply | Quote

Then you’re sadly mistaken or deliberately being obtuse.

Explain please how you think using a live Linux distro for banking is more risky than a normally used Windows 7 install?

Reply | Quote

Explain please how you think using a live Linux distro for banking is more risky than a normally used Windows 7 install?

I don’t.

Bruce

Reply | Quote

Windows 7 isn’t insecure, neither is IE9 for banking. I do it every day without any issue whatsoever.
In fact, I do many if not all of my purchases over the internet without ever running into a problem.

If your a malware magnet then you’ve probably got no business doing your banking over the internet in the first place.
In that case one would need to learn the how/what/why/where/when of personal computer security.

Reply | Quote

Back to security …
As posted by Ted, re-image the infected hdd is a much faster method to cure infection. I for one do that myself. I even go one further, I have a ‘virgin install’ image of freshly installed Windows on disc and USB hdd. The scheme is not unlike today’s laptop ‘Recovery’ method. ‘Back to the Big Bang’ any time I want, and quickly. Can even image to new PC, via the extra step of ‘Windows Repair’.

Endless reboot is a nightmare, especially for laptops. (Pull the battery to stop endless reboot, all the while it is rebooting?)
Maybe laptop builders should put a dead man’s switch somewhere.

But software people are looking for software solutions. “Look, mom. My hands are clean! I only touch the keyboard!”
…
From the experience, I now recommend not to installing MSE.

Antimalwarebytes, Avast, work fine to me. At the least, you can stop or uninstall 3rd party anti-malware in Safe Mode. And no endless reboot! MSE cannot be uninstalled in Safe Mode; MSE is too integrated to the OS.

In some cases, re-image hdd may not be the choice. There maybe important files.

In my wife’s case, she should have stored all important files in the company’s server. My wife’s laptop is her company’s property. But she’s one of the founders of the company. She can do no wrong!
As usual, customers are always right. Difficult and frustrating as it is, it is as true as Quantum Physics and Uncertainty Principle. We cannot avoid it.

I’m now in the process of implementing sandboxing to wrap around IE, Firefox, and Chrome. Hopefully this helps security on web surfing.

Reply | Quote

In answer to the Linux Live issue of slow loading and the need to reboot after using the CD, did you guys ever consider installing Linux onto a Flash Drive or external USB Drive, and booting it from there? Not instant OS switching, even with EasyBCD as a Boot Manager, but faster than throwing in a CD, restarting the computer, and then doing the reverse when finished. And the same or better security as using the Live CD. (Can you arrange things so that programs running off a USB device don’t have write access to the Internal Hard Drive? RAM resident programs may not have that type of isolation potential.)

Maybe Linux Live itself is RAM resident, but the OS has full access to the internal Hard Drive(s) and can write to them. That said, there is, last I knew, little or no known Linux malware which can be transmitted or run from remote sources. Hence the Linux security edge. It’s the OS itself, not how you run it.

And yeah, Linux as an alternative seems to me to be getting a bit near the off-topic edge in this thread.

-- rc primak

Reply | Quote

That said, there is, last I knew, little or no known Linux malware which can be transmitted or run from remote sources. Hence the Linus security edge. It’s the OS itself, not how you run it.

I can believe “little”, in comparison with Windows, but isn’t “or no” a bit of a stretch? What’s the significance of “which can be transmitted or run from remote sources”?

A “partial” list of Linux malware contains more than a few, and is accompanied by a comment that “The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the rise in recent years”: http://en.wikipedia.org/wiki/Linux_malware

Bruce

Reply | Quote

I can believe “little”, in comparison with Windows, but isn’t “or no” a bit of a stretch? What’s the significance of “which can be transmitted or run from remote sources”?

A “partial” list of Linux malware contains more than a few, and is accompanied by a comment that “The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the rise in recent years”: http://en.wikipedia.org/wiki/Linux_malware

Bruce

Thanks for the update. But does all of this mean that it is time for Linux users to start using software firewalls and Antivirus programs? And which of these programs is written for Linux and actually works with Linux without the drag on system performance which has plagued Windows antivirus programs for years? Are Linux antivirus and firewall programs independently evaluated by anyone? How do we know whether they do anything useful?

From that same Wikipedia article:

There has not yet been a widespread Linux malware threat of the type that Microsoft Windows software faces; this is commonly attributed to the small number of users running Linux as a desktop operating system^[1], the malware’s lack of root access and fast updates to most Linux vulnerabilities.^[2]
The number of malicious programs — including viruses, Trojans, and other threats — specifically written for Linux has been on the rise in recent years and more than doubled during 2005 from 422 to 863.^[3]

2005 was a long time ago. That citation really needs an update. Nevertheless…

863 total known threats (most of which require someone to be sitting at the individual computer and to have Root access) is a far cry from the tens of thousands of widespread Windows threats. Still, getting hit by even one of these Linux threats could spoil one’s whole day (or at least the half-hour it would take to reformat and reinstall from a known clean Linux backup image).

By the way, programs running in Linux do not generally need any Root or Home Directory access when executing. In fact, one mitigation measure is to use the Command Prompt and specifically designate the Linux Home and Root Directories as NoExec. And Linux does not have a Registry to mess with.

See Post #10 in THIS Linux Forum thread. The available Linux antivirus programs are scanning mostly for Windows and WINE threats. There is essentially nothing to scan for in Linux itself, according to the poster.

And all the Linux scanners I’ve seen so far are 32-bit scanners. They would not catch 64-bit threats, if such exist. AVG and Avast have free Linux versions (although installing and running them has had some bugs), and McAffee offers a paid five-user (minimum) antivirus program for Linux. None of these programs says it scans for Linux-specific threats.

Most Linux users seem to favor putting their firewall at the router. If you’ve ever wondered what WRT means in recent Linksys router model numbers, read this article (the part which deals with OpenWRT) .

Here‘s an article which lists Linux and FreeBSD software firewalls.

Ubuntu and most other Linux distros come with built-in firewalls of their own. Additional software is usually not necessary at the individual computer level. But some users may want to configure Linux firewalls. UFW (Uncomplicated Firewall) is used in Ubuntu. There’s a graphical front-end called GUFW. Other distros have Firestarter. And it escalates from there.

So the options are out there to harden Linux security. But again, most of this is to protect Windows or WINE from infections which are not specific to Linux. And little evidence seems to point towards widespread security threats to Linux.

I’ve never been a Linux user, so I don’t know the difficulty level in setting up any of these programs or configuring these features. But most of the How-To’s seem pretty straightforward and readable to a Linux Newbie such as myself.

Although this is a Windows forum, I’d like to read a bit more about Linux security software as it is now, not in 2005.

-- rc primak

Reply | Quote

Although this is a Windows forum, I’d like to read a bit more about Linux security software as it is now, not in 2005.

Well, there’s not going to be less malware now than then; so “no known Linux malware ” IS a big stretch.

Isn’t all malware “transmitted or run from remote sources”?

Or is Linux also vulnerable to some other type?

Bruce

Reply | Quote

Well, there’s not going to be less malware now than then; so “no known Linux malware ” IS a big stretch.

Isn’t all malware “transmitted or run from remote sources”?

Or is Linux also vulnerable to some other type?

Bruce

Absolute claims are of course unsustainable. Little chance of a downloaded infection is still pretty accurate for Linux when properly configured. Better than Windows, although Windows can also be configured to be very secure. And user behavior does make a big difference in any online security issues.

In addition to remote sources of infection (which in Linux are rare indeed), Linux is vulnerable to local attacks (not so rare, it seems) if the attacker can gain direct access to a server or a computer and can gain Root privileges on that machine. I think you knew that already, Bruce.

I don’t know how Linux and Windows compare with regard to USB devices which are set up to infect local computers or networks. But I would think Linux would be more secure in this respect as well. Not perfect, but better protected than Windows.

For that matter, Windows can be locally attacked, or can be attacked through a USB device. But why bother to do this, when the real money motive is in browser originated downloads which can be crafted (only too easily) to infect a Windows computer? Linux is inherently less vulnerable to the browser download route than Windows. I think most computer security experts who don’t work for Microsoft agree on this point. Microsoft employees or partners may disagree.

But Linux users should not become complacent about browser security. Read THIS ARTICLE to see the shocking truth about Linux users’ complacency about browser security. More secure than Windows does not mean bulletproof. Especially if your browser is not up to date and secured properly. Even under Linux.

-- rc primak

Reply | Quote

I run my main Win7 computer with layered security from the Windows Firewall with Advanced settings to MSE, Malwarebytes, Superantispyware, Firefox with Adblock+, Betterprivacy, Ghostery, and NoScript.
UAC is set to max and I operate from a user account.

While not a scanner, I also run my browser in Sandboxie and white list what is allowed to run in it and what is allowed internet access through it.

This has worked well for me, but as mentioned, security begins with wise caution by the user.

Banking, anything of importance to me requiring a secure link, business affairs, is done on a dedicated computer set up as above, but never used for ‘surfing’. It’s an inexpensive 2 year old $300 Compaq running Win 7.
I’ve thought about Linux ( Live and installed ) but I don’t know enough about Linux security to trust banking, etc, with a Linux system I’d instal/maintain…..so it’s Windows for me as it’s what I started with years ago and what I’m now familiar with ( relative to Linux ) and the info I glean from forums like this one, that help me keep up with security.

edit: and don’t forget to do the updates on Windows and the other software you run.

Reply | Quote

I’ve been going online since Windows for Workgroups 3.11. There were no browsers. Going online meant logging onto a message board. Everything was text only. I have schlepped along since then with Internet Explorer through its various revisions and updates; it was free. Netscape wasn’t.

I’m now using Windows 7 64-bit with IE-9 64-bit. I’ve edited the registry so that IE-9 64-bit is default in every instance that calls for Internet Explorer.

I’ve been using MSE 64-bit since Microsoft made it available. Prior to that I used Eset NOD32. Prior to that I used Norton until they decided that they knew what I wanted better than I did. It got to be too intrusive and resource hungry, just like Norton and McAfee before it. So far, MSE is still lean and mean.

On occaision I visit known bad sites to test MSE, and there are sights it will block from opening unless I override. I don’t override, because I already know what’s there, but it does confirm my confidence in MSE.

In all my years, I personally have been involved in only two viral exploits. One came from the boot sector of a floppy drive which had been given to me by an IT pro. Imagine that! The second was with my wife’s office computer which was infected directly by the Verizon server.

That one was very nasty. It took me four days to get back to GO. I got just XP going again, plugged back into the DSL modem, and immediately got re-infected with the same virus. I had a long, long talk with escalating levels of Verizon Tech Support until I finally got someone with enough authority to actually initiate a check of their local server. After just a few minutes, I was instructed NOT to reconnect to my wife’s DSL modem until I received a call from Verizon. It took them a day.

But that was about 7 years ago, security is much better now.
I feel quite safe using Windows 7 (fully updated) and IE 9 (fully updated) and MSE (fully updated), together with my router’s hardware firewall. According to Shields UP! from Gibson Research my computer will respond to a ping request, but nothing more. Aside from that, it is totally invisible; all ports are in “stealth mode”.

I do all my banking online, and pay everything but my utility bill online (I live in a small town). The only time I have had an incident with my credit card was when I was ordering an air conditioner part BY PHONE. Visa caught that one, and the $1,000+ charges that were bogus were taken back off my card by Visa. All in all, I feel quite safe.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

For those that do use the internet for frequent commerce and business transactions, a separate credit card with a very specific set limit
from a company with a good track record when it comes to fraud protection and prevention is a good way to go.

Look into your credit card to see what it offers in terms of internet security and fraud prevention practices and update it as needed to maximize your protection.
If you find yourself doing alot of business over the internet and your current card doesn’t quite measure up, look for a company that does offer protection
and preventative measures suitable to your practices.

Another thing to do is avoid having websites store your credit card infomation. You’ll want to keep control of those details by not have them sitting
on someone’s server, regardless of the security practices they may have in place.

Reply | Quote