Hello,
I've been using SPF Pro for a while now, and it gives me a
fairly good sense of security. Has anybody else on here had experience
with this software? Is it a false sense of security? What other software
could you recommend for Windows 2003?
m.
--
"Arrr! The laws of science be a harsh mistress!"
-- Bender
Marie Cox
> I've been using SPF Pro for a while now, and it gives me a
> fairly good sense of security. Has anybody else on here had experience
> with this software?
"Experience" as in "having used it": no.
"Experience" as in "having taken a closer look at it": yes.
> Is it a false sense of security?
Yes. Sygate is broken by design as it has an interactive service running
with SYSTEM privileges. That's a big no-no.
> What other software could you recommend for Windows 2003?
Use the Windows-Firewall and Software Restriction Policies. And of
course:
- Don't use admin accounts for day-to-day work.
- Keep the system patched.
- Disable services you don't need.
- Disable autoruns.
- Avoid IE and O(E).
....
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
In article <50v6m9F1hovvjU2@mid.individual.net>,
Ansgar -59cobalt- Wiechers (usenet-2007@planetcobalt.net) wrote:
[snip]
>> Is it a false sense of security?
>
> Yes. Sygate is broken by design as it has an interactive service running
> with SYSTEM privileges. That's a big no-no.
>
>> What other software could you recommend for Windows 2003?
>
> Use the Windows-Firewall and Software Restriction Policies. And of
> course:
>
> - Don't use admin accounts for day-to-day work.
> - Keep the system patched.
> - Disable services you don't need.
> - Disable autoruns.
> - Avoid IE and O(E).
> ...
>
> cu
> 59cobalt
Okay, thanks for the info. :)
m.
--
"Arrr! The laws of science be a harsh mistress!"
-- Bender
Post removed (X-No-Archive: yes)
In article <0ccde2415bf59168258bf523de3d8852@mixmaster.it>,
George Orwell (nobody@mixmaster.it) wrote:
[snip]
>
> Go here and test your firewall.
> http://www.pcflank.com/test.htm
According to this, the only thing I have to worry about is rogue cookies
giving out info about me. Also according to this, I should have some
firewall option to stop it happening, but I can't seem to find it.
>
> Go here and learn which spyware detectors are trustworthy.
> http://www.spywarewarrior.com/rogue_anti-spyware.htm
I'm glad Ad-Aware is considered trustworthy. I think I'll try that
Spybot S&D as well, to be extra safe.
[snip]
>
> Make sure you are using good anti-virus product.
I'm using AVG Pro. I don't know if it's any good, but it supports
Windows 2003, and that makes it better than every other one I've tried.
>
> Windows firewall does not keep stuff from getting out.
This was the first thing I disabled.
>
> Lastly, stop listening to most of the jerks in here who consider
> nothing is really worth using because everything has some fault or
> other.
But it's so hard to know who's a jerk and who isn't! I don't know
anything about this sort of thing, and it's very easy for me to assume
that everybody else does. :(
Thanks for the infos :)
m.
--
"Arrr! The laws of science be a harsh mistress!"
-- Bender
In article <45aa9888$0$31241$da0feed9@news.zen.co.uk>,
Marie Cox (dont@email.me) wrote:
[snip]
>
> I'm glad Ad-Aware is considered trustworthy. I think I'll try that
> Spybot S&D as well, to be extra safe.
>
Spybot just found about 50 'items' that Ad-Aware missed. I love free
stuff :)
m.
--
"Arrr! The laws of science be a harsh mistress!"
-- Bender
Marie Cox napisa³(a):
> In article <45aa9888$0$31241$da0feed9@news.zen.co.uk>,
> Marie Cox (dont@email.me) wrote:
>
> [snip]
>> I'm glad Ad-Aware is considered trustworthy. I think I'll try that
>> Spybot S&D as well, to be extra safe.
>>
>
> Spybot just found about 50 'items' that Ad-Aware missed. I love free
> stuff :)
>
> m.
>
It is the best proof that both your firewall and AV are a piece of junk! :)
Marie Cox
> In article <0ccde2415bf59168258bf523de3d8852@mixmaster.it>,
> George Orwell (nobody@mixmaster.it) wrote:
>> Lastly, stop listening to most of the jerks in here who consider
>> nothing is really worth using because everything has some fault or
>> other.
>
> But it's so hard to know who's a jerk and who isn't!
Posting through anonymous remailers and belittling other posters are two
very strong indicators.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Post removed (X-No-Archive: yes)
Post removed (X-No-Archive: yes)
Marie Cox
$fa0fcedb@news.zen.co.uk:
> Hello,
> I've been using SPF Pro for a while now, and it gives me a
> fairly good sense of security. Has anybody else on here had experience
> with this software? Is it a false sense of security? What other
software
> could you recommend for Windows 2003?
>
> m.
>
I used it a fair bit on stand alone 2K systems just simply because it was
a cleaner app than Zone alarm or any of the others, and Symantec
applications were at the point where I didn't really trust them anymore
from bloat. With XP's built in abilities I dropped it for no other reason
that it was un-necessary for the task at hand- protecting stand alone
systems outside of my network. I had fairly good luck with it, and really
had no complaints. The biggest thing I looked for was that it be as
silent in it's dealings with the job it needed to do as possible so as
not to disturb the users too much. This was accomplished through the
proper setup for that purpose and it pretty much left them alone
afterwards.
If you are comfortable with it, I say run it. There is no 100% certain
solution to it other than to cut your ethernet cable, so what you are
doing is a step in the right direction, at least you are using something,
and asking for opinions/ advice. Undoubtedly there will be a barrage of
posts telling you this is flawed, that is flawed, this and that leak, but
the fact is, all of the security solutions have some flaw or another, and
the only real secure system is that which has succumbed to the cable
cutters;-)
To sum it up, if you are comfortable with the app, then go with it. Each
will have good points and bad. The one thing I might suggest (quietly
though) is to look at implementing a perimeter solution. From your
original post, you are using 2K3, and that would lead me to the
conclusion that there is at least a small office environment. Just a
suggestion though, never hurts.
--
Back to your bridge Troll! You have no powers here!
Post removed (X-No-Archive: yes)
In article
> Marie Cox napisal(a):
> > In article <45aa9888$0$31241$da0feed9@news.zen.co.uk>,
> > Marie Cox (dont@email.me) wrote:
> >
> > [snip]
> >> I'm glad Ad-Aware is considered trustworthy. I think I'll try that
> >> Spybot S&D as well, to be extra safe.
> >>
> >
> > Spybot just found about 50 'items' that Ad-Aware missed. I love free
> > stuff :)
> >
> > m.
> >
>
> It is the best proof that both your firewall and AV are a piece of junk! :)
>
Thats a rather vauge statement to make isnt it?.Can you clarify?.To make
such a statement i guess you know what the 50 items detected by spybot
were and what settings were used for spybot avg and sygate?.If so please
divulge.
me
Post removed (X-No-Archive: yes)
Ansgar,
| Use the Windows-Firewall and Software Restriction Policies.
I use WinFW but am unsure re Software Restriction Policies. Please
elaborate.
| - Disable autoruns.
Does this include auto updateing of resident (real-time) AV application and
MS patches etc.?
| - Avoid IE and O(E).
Have you reviewed IE7 yet? (I have 'hardened' it considerably, practice
safe-hex and don't think its any less secure than Firefox/Opera).
I never had problems running OE6, you've got to know how to handle it though
:)
BTW, have you got an opinion re http://seconfig.sytes.net/
and
http://www.ntsvcfg.de/ntsvcfg_eng.html#_chklst ?
Mel :)
Mel Bourne
> | Use the Windows-Firewall and Software Restriction Policies.
>
> I use WinFW but am unsure re Software Restriction Policies. Please
> elaborate.
Software Restriction Policies [1] help preventing malicious code from
being executed on a given system, although they are no silver bullet.
You still have to make decisions about which software to add to the list
and which not (e.g. when installing new software), thus it's still a
good idea to side it with a virus scanner (IMHO). However, it's a far
more reasonable approach than the concept implemented by most software
firewalls to try and control malicious software *after* it was executed.
> | - Disable autoruns.
>
> Does this include auto updateing of resident (real-time) AV
> application and MS patches etc.?
No. By "autoruns" I meant mainly the automatic exeution of stuff when
inserting a CD/DVD or other exchangeable media. Poor wording on my part.
Sorry.
Of course it's also a good idea to check what's automatically started on
system startup or logon as well as what's executed periodically, but
that's a different story.
> | - Avoid IE and O(E).
>
> Have you reviewed IE7 yet?
No.
> (I have 'hardened' it considerably, practice safe-hex and don't think
> its any less secure than Firefox/Opera).
I am aware of the fact that IE can be locked down, however, that takes a
good amount of fine-tuning. Also IE has a history of bugs (partially due
to its integration with the system and the incorporation of ActiveX),
and I'm not too confident that this is going to change with IE 7. Plus,
I prefer separation of web browser and operating system so that I can
replace the web browser when I feel there's need for it.
> I never had problems running OE6, you've got to know how to handle it
> though :)
I'm pretty much capable of doing that. However, why would I bother when
there are mail clients that can be used rather painlessly (and without
inheriting all IE bugs by using its engine)?
> BTW, have you got an opinion re http://seconfig.sytes.net/
As of yet I haven't looked at Seconfig XP, but judging from the
description on the page it seems to do more or less the same things as
win32sec [2] or the script from ntsvcfg.de.
> and
> http://www.ntsvcfg.de/ntsvcfg_eng.html#_chklst ?
You may want to take a closer look at the script provided there. ;)
[1] http://www.microsoft.com/technet/prodtechnol/winxppro/mainta in/rstrplcy.mspx
[2] http://www.dingens.org/
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
Post removed (X-No-Archive: yes)
In article <9106b3b178a8dd5ca3bd7bf025869655@mixmaster.it>,
George Orwell (nobody@mixmaster.it) wrote:
[snip]
>
> Go into the MODE menu of Spybot and the Advanced mode. That will allow
> TeaTimer to watch your registry and warn you every time some program
> tries writing to your registry. But before that, read the following
> paragraph in regard to TeaTimer.
>
> You should download the new TeaTimer exe which does not have the
> graphical problems of the older version in Spybot. It's here:
> http://forums.spybot.info/showthread.php?t=9474
>
> Now your registry has a goodly degree of protection.
>=====
> As for your AVG anti-virus, get another, preferably, Kaspersky (KAV).
> (I used AVG some years back and found my machine terribly infected with
> viruses and trojans.)
>
[snip]
Okay, I did the Spybot thing you said, and nothing seems to have
changed, so I'm just gonna assume that it's working. Spybot keeps
finding a load of dodgy cookies. Is there any way I can block these as
they happen?
I got Kaspersky as well, and that hasn't found anything so
maybe AVG just got lucky.
Thanks for all your info, and thanks to everyone else who's provided
info as well.
m.
--
"Arrr! The laws of science be a harsh mistress!"
-- Bender
Post removed (X-No-Archive: yes)