I have a nagging thought that somewhere or other I've seen a ready-mixed smooth finishing plaster (or equivalent) that can be applied by paintbrush or roller. Is there really such a product or am I dreaming?
Bert
I have a nagging thought that somewhere or other I've seen a ready-mixed smooth finishing plaster (or equivalent) that can be applied by paintbrush or roller. Is there really such a product or am I dreaming?
Bert
NAT router will stop any connections being made to your PC. It doesn't stop existing ones being hijacked, but this is beyond most script kiddies.
Not sure about 'out of bounds' packets, but if these are outwardly directed to teh router, then it is what has to deal with them, and will hopefully reject them.
NAT router basically stops all direct attacks. That leaves things you might catch via web browsing download or e-mail.
Run Norton.
I haven't got infected using this system. Norton has caught a few dozen e-mail viruses, and lord knows how many unkonown attacks have arrived at the router and been discarded.
That's a feature (or not) of the firewall, and nothing to do with where it's installed.
Software firewall on a Windows PC is rather ineffective because it can be disabled, which is exactly what one (at least) of the recent rounds of viruses does. The firewall needs to be somewhere where it cannot be configured/disabled via the network (which on a Windows PC, also means by the user). There is nowhere in a Windows PC where that requirement is met. Ideally, it is a separate box with no configuration access via the network (other than for passing packets through). If you normally use Unix on a PC and you don't normally use root (certainly not for anything involving networking), then a firewall in the same box as your normal working box is going to be secure enough for most home users.
Personally, I use an old 486DX33 as a firewall, brought out of retirement running Unix. It is inaccessible via the network; it can only be accessed for configuration/admin purposes from its console. I did provide the means to remote power-cycle it (as it's not easy to physically access), but that proved unnecessary as it's never crashed/locked-up/rebooted in the two years it's been running. Running my DSL line flat out (512k business line) doesn't manage to get the 486 to even 10% CPU utilisation, so you could say it's rather badly over-powered for the task ;-)
A highly rated firewall comes from ZoneAlarm,
There is a basic free version and free automatic upgrades for any new types of "evil" out there.
I've used it for the past couple of months and am very pleased.
What you say regarding executables is true. However I was not talking about executables, but HTML related exploits. Since OE still insists on rendering HTML content in emails, and on using IE as a render engine(!) it will allways be vulnerable to this type of attack. This is an achitectural issue that will in all likelyhood continue until MS address some of the fundamental mechanics of how it handles non text emails.
I stand by my advice - If you want to be safe, and you insist on using Outlook or OE - turn off the preview pane. That way to can delete a message without giving it any chance to render.
To quote from MS03-014 (April this year):-
"However if the user was not using Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or 2000 in conjunction with the Outlook Email Security Update, the attacker could cause an attack to trigger automatically without the user having to click on a URL contained in an e-mail."
While I am sure it does not apply as much to the usualy pretty clued up members of this group, it is worrying the number (at least 50%) of customers systems I see that are still running the original versions of OE/IE that were installed with the OS - no service packs, hot fixes, or any other patches, and Windows Update never having been run.
It sure is! ;O)
I keep reading specs, and some days bring a little more hope than others. I really glad it's not an urgent matter; I'd end up broke or barmy over it! some of the Zyxel stuff seems interesting at present. Not enough users about to get any very conclusive owner opinions yet though.
Thanks for the advice. BTW, I'm not tight by any stretch, but on one or two items down the years, I've noted (with hindsight) that I paid too much for what turned out to be underspeced goods when the chips were down. Having become wary of that, I now really enjoy finding a bargain due to doing adequate research. That I do it seems to annoy some, I can only imagine they never tried it, or at least did not get a result that way, perhaps they're just plain daft! ;O) (present company....... etc.)
Take Care, Gnube {too thick for linux}
I`ve sorted out so many systems recently for people who didn`t have any patches / updates / virus checkers / firewall etc that i`m inclined to disagree.
New users *should* be a little more informed about what can and will happen to their system if they do nothing.
Tanatos (bugbear) was the latest virus to be found on a colleagues` system, and that was just last night. He hasn`t got a virus checker etc etc and has never applied any updates. The scary part is, his son is a
*manager* of a computer shop.
However, if the router can be compromised - and some of the cheap ones can by swamping with traffic - then various accesses can be gained.
As long as it remains working correctly in the event of being swamped.
.andy
To email, substitute .nospam with .gl
It is better than nothing, but keep in mind that it is only as good as the underlying environment. In the case of Windows, that is very questionnable since it is quite easy to attack Windows (especially anything Win9x based) in such a way that buffers are overrun. This can then provide access where you didn't imagine that it would be.
.andy
To email, substitute .nospam with .gl
Except of course there aren't any of those about, and even if there were, it would make a lot more sense to advise the user to simply turn off HTML in emails, since there's no way a user can know 100% that the content of an email is not legitimate - if you're concerned about HTML exploits - turn off HTML, it's a simple setting.
Jim.
Glad you are so confident ;-)
You are right - that would be the ideal solution. Alas MS do not provide an easy option for doing it in most versions of OE.
You can disable *sending" email in HTML format simply enough - but that does not prevent OE from rendering received emails that contain HTML in the preview window. OE 6 has an extra option to view messages in plain text only (although even that still does some rendering) previous versions don't.
Even if you do manage to disable rendering of HTML, the major security risk is still the usual MS achillies heel - that the _default_ action (and hence that used by 95% of the user base) is to render received emails that contain HTML.
Turning off preview will save any of these worries - 99% of spam you can normally identify and delete based on its "from" & "subject" fields. It's not exactly a hardship to then double click the first email you actually want to read is it?
An abomination I never use...
So a laptop p133 might also suffice?
To avoid moving parts I wondered about running above laptop with a smart card and ide converter instead of the hard drive, is this feasible?
In another group I was advised that the firewall computer should be dedicated to the task and not also motor a telephone line for faxes, is this reasonable?
AJH
Yes, though it might be hard to get two Ethernet interfaces into an older one without an expansion dock. If your net interface is a serial modem, no problem - serial out to the modem, PCMCIA card or (rarely) built-in Ethernet for the domestic side. Older laptops won't have USB either, cutting out one of the other ways of getting a second Ethernet port. Laptops sometimes have less common hardware in them, making it a bit more of a pain to get OpenBSD or Linux-as-Smoothwall or similar to come up initially: drivers are usually available on the Net but need some searching out. But if you have an old laptop otherwise unused, it's a fine use for it.
No need: the amount of memory in use for a dedicated firewall box is unlikely to cause much in the way of disk accesses.
Broadly sensible - "dedicated" means just that, so the less you add-on as extras, the smaller the chance that there'll be exploitable vulnerabilities in it.
HTH - Stefek
Must be pork in them there trees.... here comes another:
Just to add to that, my virus checker also spots malicious web code and has flagged up quite a few exploits in the past.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.