Prev: - I surrender (STUBBINGS, are you ready for a truce?)
Next: Calcurse: text-based calendar & scheduler
From: Baron d'Holbach ~1723-1789~ on 2 Jun 2010 03:26
On Mon, 31 May 2010 10:26:49 -0700, Young Bostelmann wrote:

> Microsoft keeps extending some support on XP. I was wondering how the
> tech gurus around ACF keep their XPs secure and optimized now that
> support is so flickering from Windows? Could you please discuss what is
> good management on XP,please?
> FYI: OS: Windows XP Serv.Pack 2 (purchased 2004), hardware: Dell
> Dimension 3000;
> browsers: FF,Iron, AV: Avira
> Thanks!

First of all, I'd use a limited account instead of an admin one, the
principle of least privileges is almost 40 years old:
http://en.wikipedia.org/wiki/Principle_of_least_privilege

I'm very surprised nobody here suggested it! ;)

Then, some useful links:
http://www.wilderssecurity.com/showthread.php?t=196737
http://www.mechbgon.com/srp/
http://www.mechbgon.com/build/security2.html

--
Una volta un poliziotto mi ha inseguito perche' non mi ero fermato a uno
stop. Mi ha chiesto se non l'avevo visto. Ho detto di si', ma non credo
a tutto quello che leggo.
From: John Corliss on 2 Jun 2010 07:50
Baron d'Holbach wrote:
> Young Bostelmann wrote:
>
>> Microsoft keeps extending some support on XP. I was wondering how the
>> tech gurus around ACF keep their XPs secure and optimized now that
>> support is so flickering from Windows? Could you please discuss what is
>> good management on XP,please?
>> FYI: OS: Windows XP Serv.Pack 2 (purchased 2004), hardware: Dell
>> Dimension 3000;
>> browsers: FF,Iron, AV: Avira
>> Thanks!
>
> First of all, I'd use a limited account instead of an admin one, the
> principle of least privileges is almost 40 years old:
> http://en.wikipedia.org/wiki/Principle_of_least_privilege
>
> I'm very surprised nobody here suggested it! ;)
>
> Then, some useful links:
> http://www.wilderssecurity.com/showthread.php?t=196737
> http://www.mechbgon.com/srp/
> http://www.mechbgon.com/build/security2.html

In Vista, Microsoft tried to shove the concept down everybody's
collective throats. You probably saw how well that idea went. They dealt
with the notion better in Windows 7 but for a person like me, running in
a non-administrator mode is about as attractive as Obama's "let them eat
cake" mandatory health insurance law.

I've been running my copy of XP in Administrative mode ever since I
first installed it on Dec. 16, 2005. I also no longer bother to run
anti-malware protection in the background because it just slows down my
computer too much. I've NEVER had any problems as a result of this.

How do I do it?

* I run an ancient software firewall (Kerio 2.1.5) and NEVER use Outlook
Express or (with the exception of Windows Update) Internet Explorer.
Instead, I use Firefox and Thunderbird.

* I fastidiously block popups (IMO, the biggest single source of
infection out there, next to attachment laden spam.)

* I pay my ISP $1 a month to scan my (in and out) email for malware.

* I changed my user ID to a randomized sequence of alphanumeric
characters and NEVER give it to anybody but friends and relatives with a
warning never to give it out. This pretty much ended spam.

* I NEVER respond to or even view spam on the rare occasion that it
leaks through my ISP's implementation of SpamAssassin on their mail
server (which I can configure for my account on their website, and have
set to an absolute whitelist.) I turn off the preview pane before
selecting spam and deleting it. Then I immediately empty my Trash folder.

* I rigged a power switch for my cable modem. If I ever got a firewall
alert that something was calling out, I'd turn off the modem and then
set a FW rule blocking the outcall, since I can then refer to the rule
to see what the offending executable is.

* I have several anti-rootkit programs which I run scans with
occasionally. They've never found anything.

* I use Sysinternals Process Explorer to keep an eye on what's running.
If I ever see anything that I'm not familiar with, I check it out on the
internet for more info. So far, all I've ever had to check out is stuff
that's been installed by new programs and which is harmless.

And there are probably other little tweaks and tricks I use which I
forgot to mention in this list.

I don't recommend this path for novices, but since I'm not exactly a
beginner to computing it works for me.

--
John Corliss BS206. Because of all the Googlespam, I block all posts
sent through Google Groups. I also block as many posts from anonymous
remailers (like x-privat.org for eg.) as possible due to forgeries
posted through them.

No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited,
trial or web wares OR warez for me, please. Adobe Flash sucks, DivX rules.
From: Baron d'Holbach ~1723-1789~ on 2 Jun 2010 08:20
On Wed, 02 Jun 2010 04:50:17 -0700, John Corliss wrote:

> In Vista, Microsoft tried to shove the concept down everybody's
> collective throats. You probably saw how well that idea went.

well, unfortunately they made it the other way round with UAC! :)

> They dealt
> with the notion better in Windows 7 but for a person like me, running in
> a non-administrator mode is about as attractive as Obama's "let them eat
> cake" mandatory health insurance law.

did you say "better"? :D

http://www.osnews.com/story/21653/Microsoft_Won_t_Fix_Windows_7_s_UAC
http://www.pretentiousname.com/misc/win7_uac_whitelist2.html

this bad *feature* is still present on a standard 7 installation
(sorry, shot isn't in english)

http://i46.tinypic.com/30bform.jpg

> I've been running my copy of XP in Administrative mode ever since I
> first installed it on Dec. 16, 2005. I also no longer bother to run
> anti-malware protection in the background because it just slows down my
> computer too much. I've NEVER had any problems as a result of this.

Well, I think it doesn't mean that much. It's like saying "I always use
my motorbike without any helmet, and I didn't get hurt, so it's perfectly
safe not using it."

This is what MS strongly suggests:

http://windows.microsoft.com/en-us/windows7/Why-use-a-standard-user-account-instead-of-an-administrator-account

--
Slackware GNU/Linux 13.1
2.6.33.4-smp
From: John Corliss on 2 Jun 2010 21:52
Baron d'Holbach wrote:
> John Corliss wrote:
>>
>> In Vista, Microsoft tried to shove the concept down everybody's
>> collective throats. You probably saw how well that idea went.
>
> well, unfortunately they made it the other way round with UAC! :)
>
>> They dealt
>> with the notion better in Windows 7 but for a person like me, running in
>> a non-administrator mode is about as attractive as Obama's "let them eat
>> cake" mandatory health insurance law.
>
> did you say "better"? :D
>
> http://www.osnews.com/story/21653/Microsoft_Won_t_Fix_Windows_7_s_UAC
> http://www.pretentiousname.com/misc/win7_uac_whitelist2.html
>
> this bad *feature* is still present on a standard 7 installation
> (sorry, shot isn't in english)
>
> http://i46.tinypic.com/30bform.jpg
>
>> I've been running my copy of XP in Administrative mode ever since I
>> first installed it on Dec. 16, 2005. I also no longer bother to run
>> anti-malware protection in the background because it just slows down my
>> computer too much. I've NEVER had any problems as a result of this.
>
> Well, I think it doesn't mean that much. It's like saying "I always use
> my motorbike without any helmet, and I didn't get hurt, so it's perfectly
> safe not using it."

Hmm... you seem to have left out part of what I said, so I'll put it
back in here:

> I don't recommend this path for novices, but since I'm not exactly a
> beginner to computing it works for me.

There, that's better.

> This is what MS strongly suggests:
>
> http://windows.microsoft.com/en-us/windows7/Why-use-a-standard-user-account-instead-of-an-administrator-account

"The standard account can help protect your computer by preventing users
from making changes that affect everyone who uses the computer..."

There are no other users on my computer.

--
John Corliss BS206. Because of all the Googlespam, I block all posts
sent through Google Groups. I also block as many posts from anonymous
remailers (like x-privat.org for eg.) as possible due to forgeries
posted through them.

No ad, CD, commercial, cripple, demo, nag, share, spy, time-limited,
trial or web wares OR warez for me, please. Adobe Flash sucks, DivX rules.
From: Baron d'Holbach ~1723-1789~ on 3 Jun 2010 14:58
On Wed, 02 Jun 2010 18:52:04 -0700, John Corliss wrote:

> Hmm... you seem to have left out part of what I said, so I'll put it
> back in here:
>
> > I don't recommend this path for novices, but since I'm not exactly a
> > beginner to computing it works for me.
>
> There, that's better.

:) ok, I left it out only because I didn't think it was relevant to the
discussion...only for that :)

> "The standard account can help protect your computer by preventing users
> from making changes that affect everyone who uses the computer..."
>
> There are no other users on my computer.

but I suppose that machine is online, isn't it? ;)

--
Ho scoperto che il mio certificato di nascita ha una data di scadenza.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: - I surrender (STUBBINGS, are you ready for a truce?)
Next: Calcurse: text-based calendar & scheduler