Windows Secrets Security Baseline

Topic

New Reply

This week’s edition of Windows Secrets Newsletter just hit the stands, and Ryan Russel’s Top Story discusses changes in the WSN Security Baseline. (Wi
[See the full post at: Windows Secrets Security Baseline]

Reply | Quote

Replies

Thanks for mentioning AVG free and something else not mentioned in the good newsletter. I can’t figure out Secunia’s offer of new version, if it’s free and how to, as well as getting all the patches done. Didn’t someone say that a different company didn’t change their warning after one made the update?

Still learnin’…thanks. This is an unsolicited endorsement for your book and this site. Forgot to say I like the photo with the little elephants…

Reply | Quote

Sanda –

Secunia PSI is free for personal use. You can follow the link in the blog and install it, and you’ll never be bothered for money.

At least, that’s the way it works this week. I don’t think Secunia has any plans to charge for PSI.

Reply | Quote

Several things about the Windows Secrets Article bothered me, and I have taken up my concerns there. But Woody, do you use any sort of software firewall? I thought you previously have recommended Comodo Free Version.

Comodo recently upgraded their offerings, and I now use their Free Firewall with Defense+ and the Comodo Memory Firewall (for Windows XP Pro). For Vista, I don’t think I’m as enthusiastic about the Comodo Memory Firewall. The combination was not known to PC Magazine’s Neil Rubenking when he published his less-than enthusiastic review of Comodo CIS suite recently. I wrote him an e-mail about what I think he did not get right, and have yet to hear back from him.

Also, I continue to caution people that AVG Free has no rootkit protection at all. This could be remedied with F-Secure’s Blacklight Rootkit Detector, and I think Woody’s recent Windows Secrets special edition articles pointed out his enthusiasm for that product.

And for proactive protection, PC Tools Threatfire 3.5 cannot be beat, but it conflicts with AVG. It works just fine with Avast, which has rootkit protection built in. Combined with the free Super Antispyware (for scanning only), the protection is pretty good.

Firefox 3 already contains a plugin version of Super Ad Blocker, so Adblock Plus is no longer necessary. And switch off the AVG Link Scanner, if you want Firefox to perform well. NoScript is a must with Firefox, and Windows Secrets also recently advised how to set Flash Player settings to gain better protections and privacy.

That’s about all I would add to this discussion at this time.

Reply | Quote

Bob –

Nope, I only use the Windows Firewall, inadequate as it may be.

The problem with rootkit detection is the quality of the detectors that run under Windows. Blacklight has the advantage that you can cold boot to it.

I always turn off the AVG LinkScanner, for privacy reasonsl – the performance boost is an added benefit. I’ll be writing about that in my Windows 7 book.

Reply | Quote

I’m using Webroot Internet Security Essentials and it works pretty well for me. Of course, I paid for it though. Not sure how much I like the programs interface, as it seems sort of cheap. All I’ve ever used in the past is Norton, but the Geek dudes at BB assured me Webroot was way better.

Do you think maybe they were just pimping a program that BB made a deal with? I’d always heard that Norton was the best and it always did its job and worked very well for me.

As a PC amateur, I don’t feel comfortable using programs that I have to play with and make decisions for. I just want to open it up and let it do its job and be able to trust it.

Reply | Quote

Tim —

Read reviews, such as those at PC MAgazine, where Webroot has been evaluated. It falls short in many departments, and there’s independent lab testing to back up that finding. Norton 360 requires almost no user intervention, and is a good all-in-one solution.

Me, I prefer to tweak and fiddle with security settings, so I use Comodo’s firewall and Avast 4.8 Antivirus. Actually, Avast does not require much user interaction either, once it is set up.

But Zone Alarm and Norton Internet Security, as well as AVG, may need a bit of user interaction now and then. I like that, but you obviously do not.

Reply | Quote

Bob –

Thanks for the advice. My subscription with Webroot runs out in December, so I’ll stick with it until then, but I think I’m going to go back to Norton after that.

As I said, I just want a protection program that I can open, let it do its thing and trust.

Reply | Quote

My thoughts on security software:

1) Antivirus:
Like Woody, I heartily recommended AVG’s free version for many years. That came to an abrupt end in July 2008, when AVG’s makers apparently fired their staff and replaced them with drunken, suicidal, lying baboons.
They’re officially NUTS.
Let me recap the main tragedies in AVG from July/version 8.x onward:

In a single month, AVG false-flagged as viruses three important programs: an essential part of the Windows operating system, the popular ZoneAlarm firewall, and Adobe Flash!
Read more: http://www.theregister.co.uk/2008/11/14/avg_false_positive_flash/

I scanned two PCs with AVG 7.5 and Nod32 which labeled them “clean”, then installed AVG 8.0 which found 166 suspicious files per clean machine. The scary files were… merely cookies from sites AVG didn’t recognize! AVG has gone from “sensible” to “chicken little” status, because it’s trying to scare us with bogeymen!

AVG 8.x pre-scans links on your webbrowser. This is hard to turn off, and plays havoc with your bandwidth and the webmaster’s statistics. AVG’s president said “if you want to make an omelette, y’gotta break a few eggs”. Arrogant! Read more: http://www.theregister.co.uk/2008/06/26/avg_disguises_fake_traffic_as_ie6/

AVG 8.x is no longer merely an anti-virus. It contains anti-spyware components that are difficult or impossible to turn off. For people like me who want to choose each security component individually, this sort of bundling with unworthy anti-spyware is deeply resented. Worse, it phones home statistics about your browsing habits. Who needs a security product that declares war on your privacy? That’s …not “security”. It’s big brother looking over your shoulder and down into your shorts. That’s spyware operating under the label of “anti-spyware”!

Nod32 and Avast!: Same story, to a lesser degree: these two programs force-feed you anti-spyware software bundled into the free antivirus, and make it very difficult to remove or disable those features.

Avira free edition: This is the one for me!
It does an extraordinarily good job as an anti-virus, and contains no features that you don’t want except for an occasional nag screen asking if you’d like to buy their non-free version. It also contains an anti-rootkit that requires a little menu-hunting to turn on. I hesitate to recommend Avira as an anti-rootkit, however, because rootkits are evolving resistance so quickly: it’s simply impossible to recommend any anti-rootkit without adding “the supremacy of this anti-rootkit may be short-lived”.

Reply | Quote

2) Security suites:

A bad idea, in general. At best, the suites might have one or two good components bundled with several inferior components. It’s far better for you to choose each component individually.

There are other reasons to dislike security suites. Some of them are resource pigs. Most notably, Norton Symantec security suite (and McCaffee too) turns a normally peppy machine into a sluggish “slaptop”. Those suites are crapware given away for free with new PCs because unsuspecting new users are the only folks who might let this ball-and-chain junk onto their PCs…and who might not notice the performance degradation they cause.

Worse, Norton Security Suite in particular is difficult to uninstall. It often requires the IT guy to do a lot of homework, rebooting, and downloading of specialized uninstall tools from Norton-Symantec’s site.

Me, I’d rather gargle broken glass than put Norton-Symantec on a friend’s PC.

Reply | Quote

3) Firewalls:

MS’s “firewall”? Woody’s lingering emotional attachment to this lemon is inexplicable, unless he just likes that lemony citrus aroma. To me, it just stinks.

MS’s firewall is really HALF a firewall: it protects (marginally) against incoming hack attempts, but does nothing (NOTHING) to monitor or block outbound traffic. This second half of normal firewall activity is NOT ignorable: it’s essential.

MS’s quaint assurance that they’re giving you a “firewall” brings to mind the Buddhist koan, “What is the sound of one hand clapping?” …to which the answer is, “The whooshing sound caused by your privacy and security whizzing past, unimpeded.” To buy MS’s sales pitch that this half-a-firewall is complete, you’d have to be thinking with half-a-brain.

That’s right: once spyware’s gotten onto your PC, MS’s firewall does nothing to impede or identify it.

Worse, MS’s firewall comes from Microsoft. “Quis custodiet ipsos custodes?” Translation: “Who will watch the watchmen?” MS has a long history of phoning home and lying about it. For example, they denied that Windows patches catalog ALL software (not just MS software) on your PC and phones home that data (’til a German reporter outed them using a packet sniffer). MS also phones home title information about what you play on Windows Media Player– a “feature” that you can turn off, but turn right back on again when you install a WMP upgrade.

MS is notorious for treating your privacy and rights like Redmond toilet paper. Are these the guys you want “protecting” you?

Zone Alarm:
In version 6.x two years ago, Zone Alarm was shown to be phoning home. At first Zone Alarm’s makers denied the truth of the allegation; later, they claimed it was a simple bug. The offending code, however, was prominently placed in easily amended areas, and should have shown up on ANY sort of quality testing. So they’re either lying, or incredibly sloppy. Do you trust a company like that ?
Read more: http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html

Comodo:
Great free firewall. Slightly hard to use for newbies, with lots of pop-ups in learning mode.

Sunbelt (formerly Kerio) personal firewall: Good basic free firewall, either in nerd-friendly “learning” mode (with lots of pop-ups) or in newbie-friendly mode (when it’s placed in simple no-pop-ups mode).
Caveat: Although the paid-for version is only US$10, don’t spend your money and don’t register your copy, because the company automatically spams the email address you supplied.

Reply | Quote

4) Anti-Spyware:

“Spybot Search and Destroy” is free and top-notch, though its interface is not automated enough to be newbie-friendly.
Caveat: The “teatimer” Windows registry protector bundled with Spybot installs whether you want it to or not, and is an unwelcome addition to what is otherwise a slim, no-nonsense anti-spyware program.

“Lavasoft Ad-Aware” free edition is a great backup anti-spyware program that I like to run in addition to Spybot.

Reply | Quote

5) Let me introduce a brand new security category: “security & privacy protection from Microsoft”.

This is a little different from MS-DEFCON, and ‘yes, we need it’. Trusting MS with your rights and security is worse than trusting a hungry streetdog alone in a room with your ham sammitch.

Windows, IE, error reporting, ActiveX, Windows Media Player…they all have a dark side that may include huge security holes, phoning home, DRM invasiveness, reaching into your PC from outside (WGA) to turn things on and off against your will, and other unwanted habits. And the future looks even more bleak: MS is banking on the future of its O/S and media player resting firmly on invasive, fragile, PC-slowing DRM…not to please you, but rather to please software and entertainment vendors. MS wants to please THEM, NOT YOU, and have you foot the bill while giving up your privacy & PC performance. The “my” in “My computer”, “my program files”, and “my documents” is slowly becoming a joke in Redmond.

I heartily recommend “XP-Antispy”, a free program that gives you simple on-off control for about 20 of Microsoft’s worst offenders.
( http://www.xp-antispy.org ) Currently it’s available for Windows XP; they’re working on a version for Vista and Win7, but honestly, if you “upgrade”..errrr…”upSETgrade”? “backgrade”?…to Vista or Windows 7, you’re already guilty of trusting MS with way, waaay too much control over your privacy & PC.

Reply | Quote