Securing my Windows machine

Hello,

I'm going to try follow some of the suggestions in
http://groups.google.com/group/alt.c...d848b4368e3fa9
I feel as though I have the time to.

But before I do, I'd like to have a few questions answered.

1. If I use a firewall that only allows 1 port for accessing the
internet, how can I get a 0day attack?
2. If you download malware onto a VM, it's restricted to the VM. Other
than this, how do VMs increase one's security?
3. How does a HOST file increase security if you have a firewall that
blocks ports?

TIA,
Fred

On 4/14/2011 4:02 AM, Fred wrote:
> Hello,
>
> I'm going to try follow some of the suggestions in
> http://groups.google.com/group/alt.c...d848b4368e3fa9
> I feel as though I have the time to.

You shouldn't be connected to the Internet unless you've followed all
the reasonable precautions. The above thread is a year and a half old
and I saw my fingerprints there. I hope you aren't using an
unprotected system.

> But before I do, I'd like to have a few questions answered.
>
> 1. If I use a firewall that only allows 1 port for accessing the
> internet, how can I get a 0day attack?

You may have a massive misunderstanding of how firewalls work. Perhaps
a bit more self-study will clear that up.

> 2. If you download malware onto a VM, it's restricted to the VM. Other
> than this, how do VMs increase one's security?

What part of the VM? The guest?

> 3. How does a HOST file increase security if you have a firewall that
> blocks ports?

Again your probable firewall misunderstanding is keeping you from
understanding. A good HOSTS (plural) file will keep you away from
individual bad IP addresses and IP names. Just having a firewall isn't
the solution. The firewall needs to have been 'told' what specific
rules to follow. (Filters)

BTW - Do you have a good NAT router? What antimalware protections do
you have?

> TIA,
> Fred

On Thu, 14 Apr 2011 04:02:39 -0700 (PDT), Fred wrote:

> I'm going to try follow some of the suggestions in

Since you are running Ubuntu the majority of your malware problems are
non-existent. :-D

> 1. If I use a firewall that only allows 1 port for accessing the internet,

Then I will guess it is not going to work very well, if at
all. More than one port is needed.

> how can I get a 0day attack?

By the method dictated by the 0day malware.

> 2. If you download malware onto a VM, it's restricted to the VM.

Most of the time. Not always.

> Other than this, how do VMs increase one's security?

Define security. The malware can run in the VM unless you delete the
guest machine after each use.

The really smart malware can detect that it is in a VM and will not
infect the system.

> 3. How does a HOST file increase security

Not by much. All you could have there is a few know malware ip addresses
compared to number of malware infected systems on the Internet.

>if you have a firewall that blocks ports?

If you are using a hosts file to block known malware infested sites,
it will only prevent access to those ip addresses for all ports.

You need to learn how a firewall works. Your basic firewall will block
all inbound connection attempts. You should be running a firewall to
prevent inbound connections to any deamon/service you have enabled on
your system. Your fancier firewalls will allow you
to block outbound connections by application.

Your signature based AV software is almost useless for real time
detection/protection. Last stat I saw was 7,000 new malware apps per day.
Good news, very little malware will run on your linux OS. 8-)

The majority of criminals and malware writers no longer attempt
inbound access to your system. They are coming in via exploits of
applications you use to view content on the Internet and by putting their
payload in files/media you download (flash, pdf, gif, MP3, WMA, WMV, MP2,...)

For intrusion detection I will recommend aide.
I suggest privoxy instead of a hosts file and for your starter rules list
there is http://www.neilvandyke.org/privoxy-rules/

I run firefox with the NoScript add on torqued down pretty tight to
keep java* exploits down to a minimum.

I use different linux accounts for browsing and any internet account
needing a login and password. I use sudo to pop into the account as
needed. Click a desktop shortcut and I am good to go. You can set the
account's .bash_logout to submit a "at" job to delete and tar in a
pristine copy of files.

On Apr 14, 10:14*pm, 1PW <1...@INVALID.net> wrote:
> On 4/14/2011 4:02 AM, Fred wrote:
>
> > Hello,
>
> > I'm going to try follow some of the suggestions in
> >http://groups.google.com/group/alt.c...owse_thread/th...
> > I feel as though I have the time to.
>
> You shouldn't be connected to the Internet unless you've followed all
> the reasonable precautions. The above thread is a year and a half old
> and I saw my fingerprints there. I hope you aren't using an
> unprotected system.
>
> > But before I do, I'd like to have a few questions answered.
>
> > 1. If I use a firewall that only allows 1 port for accessing the
> > internet, how can I get a 0day attack?
>
> You may have a massive misunderstanding of how firewalls work. Perhaps
> a bit more self-study will clear that up.
>

I've done a bit of reading. I think I understand now.

> <snip>
> BTW - Do you have a good NAT router? *What antimalware protections do
> you have?
> <snip>

I use the WGR614.
I've yet to protect the machine. My 'kit' is currently Avast, Sunbelt,
WinPatrol, a HOSTS file, and FF (+ NoScript). In the thread I
referenced, SyncBack Freeware was recommended - does it do incremental
backup like rsync? There is the shortest paragraph on what it does on
2brightsparks.com.

Fred

On 4/15/2011 3:04 AM, Fred wrote:
> On Apr 14, 10:14 pm, 1PW <1...@INVALID.net> wrote:
>> On 4/14/2011 4:02 AM, Fred wrote:
>>
>>> Hello,
>>
>>> I'm going to try follow some of the suggestions in
>>> http://groups.google.com/group/alt.c...owse_thread/th...
>>> I feel as though I have the time to.
>>
>> You shouldn't be connected to the Internet unless you've followed all
>> the reasonable precautions. The above thread is a year and a half old
>> and I saw my fingerprints there. I hope you aren't using an
>> unprotected system.
>>
>>> But before I do, I'd like to have a few questions answered.
>>
>>> 1. If I use a firewall that only allows 1 port for accessing the
>>> internet, how can I get a 0day attack?
>>
>> You may have a massive misunderstanding of how firewalls work. Perhaps
>> a bit more self-study will clear that up.
>>
>
> I've done a bit of reading. I think I understand now.

Terrific! Nobody learns it all in one day.

>> <snip>
>> BTW - Do you have a good NAT router? What antimalware protections do
>> you have?
>> <snip>
>
> I use the WGR614.
> I've yet to protect the machine. My 'kit' is currently Avast, Sunbelt,
> WinPatrol, a HOSTS file, and FF (+ NoScript). In the thread I
> referenced, SyncBack Freeware was recommended - does it do incremental
> backup like rsync? There is the shortest paragraph on what it does on
> 2brightsparks.com.
>
> Fred

We should have asked you what exact OS you're using too. Additional
overlapping protection can be had with SpywareBlaster. You might also
think about using Sandboxie while browsing. I'm particularly partial
to using HostsMan for maintaining your HOSTS file automatically.

I have no experience with SyncBack. Sorry.

Although I'm quite biased, you might consider running MBAM PRO for its
additional levels of protection.

--
1PW

1PW wrote:
> On 4/15/2011 3:04 AM, Fred wrote:
>
>
>
> > On Apr 14, 10:14 pm, 1PW <1...@INVALID.net> wrote:
> >> On 4/14/2011 4:02 AM, Fred wrote:
>
> >>> Hello,
>
> >>> I'm going to try follow some of the suggestions in
> >>>http://groups.google.com/group/alt.c...owse_thread/th....
> >>> I feel as though I have the time to.
>
> >> You shouldn't be connected to the Internet unless you've followed all
> >> the reasonable precautions. The above thread is a year and a half old
> >> and I saw my fingerprints there. I hope you aren't using an
> >> unprotected system.
>
> >>> But before I do, I'd like to have a few questions answered.
>
> >>> 1. If I use a firewall that only allows 1 port for accessing the
> >>> internet, how can I get a 0day attack?
>
> >> You may have a massive misunderstanding of how firewalls work. Perhaps
> >> a bit more self-study will clear that up.
>
> > I've done a bit of reading. I think I understand now.
>
> Terrific! Nobody learns it all in one day.
>
> >> <snip>
> >> BTW - Do you have a good NAT router? *What antimalware protections do
> >> you have?
> >> <snip>
>
> > I use the WGR614.
> > I've yet to protect the machine. My 'kit' is currently Avast, Sunbelt,
> > WinPatrol, a HOSTS file, and FF (+ NoScript). In the thread I
> > referenced, SyncBack Freeware was recommended - does it do incremental
> > backup like rsync? There is the shortest paragraph on what it does on
> > 2brightsparks.com.
>
> > Fred
>
> We should have asked you what exact OS you're using too. Additional
> overlapping protection can be had with SpywareBlaster. You might also
> think about using Sandboxie while browsing. I'm particularly partial
> to using HostsMan for maintaining your HOSTS file automatically.
>
> I have no experience with SyncBack. Sorry.
>
> Although I'm quite biased, you might consider running MBAM PRO for its
> additional levels of protection.
> <snip>

Thanks for some more information.
I'm adding Sandboxie to the kit. Hostsman is replacing the HOSTS file
suggested by an unknown in the referenced thread. After googling
'rsync windows', I've found Syncrify for incremental backup.

Wow! I've gone from:
assuming that this group could be a place to ask _really_ basic
security questions (showing OK knowledge with operating systems, poor
knowledge in security) (and being seen as a troll) to posting some
useful (for me, at least) discussion.

Thanks.

Fred

Sunbelt doesn't work on Windows 7. What firewall do you recommend for
Windows 7?

TIA,
Fred