A little computer advice

[scipioafricanus]

Being a Mac user (desktop, 2007 iMac, running 10.6.8), what anti-virus/malware programs do you recommend? For virus, I have Sophos and the now dreaded Nortons.

SA

[Weetabix]

What do you recommend for a physical firewall?

The internet service in my building just changed to a "public-facing" internet. I assume that's what you meant about exposing a machine to the bare internet?

Any way to combine a physical firewall with something that will let us VPN (or otherwise connect) to our office file server so we can work remotely?

[Netpackrat]

Being a Mac user (desktop, 2007 iMac, running 10.6.8), what anti-virus/malware programs do you recommend?

The OS.

[308Mike]

Being a Mac user (desktop, 2007 iMac, running 10.6.8), what anti-virus/malware programs do you recommend?

The OS.

Actually, if you are sharing NOTHING on the network, then you pretty much have nothing vulnerable on the OS side (unless your machine has been compromised via browser or malware/adware/trojans). Once you share ANYTHING, you become vulnerable (on a variety of points).

Other than email, the BIGGEST access point on machines is via shared services. If you share NOTHING, and your system isn't already compromised, then how can you be cracked/compromised????

Besides network shares, and browser vulnerabilities (AND into the OS - ESPECIALLY with IE), how else can you get into a machine (especially if the machine is NOT sharing ANY resources - besides via the browsers and perhaps any other network services)????

When our office was filled with Win 98SE machines and NOTHING shared on them, along with our Netware 4.11 network, nothing was available to someone pen-testing our network (and we had more than a couple do it WITHOUT NOTICE). Unfortunately, as the Winblows machines became more complex, securing them also became MUCH MORE complex too.

Keeping a NetWare machine secure was MUCH easier and FAR MORE SECURE than any Windows server at the time! Unfortunately, the they made the workstations FAR harder to secure until you applied LOTS of policies and and included them in the machine's domain once they attached to it.

Of course, Microsquish counted on this them presenting their products to CIOs and others - 'cause the companies would MUCH RATHER pay someone a LOT less to keep their network secure by pointing and clicking than paying someone who KNEW what they were actually doing (via UNIX and/or NetWare with ADS). It's little wonder so many networks and machine started being compromised once everyone started migrating to Microsquish (remember the ADMIN compromise)???

Yet, the STILL stuck to their assessments and put ALL their eggs in the Microsquish basket, and watched compromise after compromise until Microsquish started plugging the holes and others started looking for other LINUX answers ('cause they didn't trust SUN to give them a fair value for their money and could get about the same security for next to NOTHING using LINUX).

REMEMBER those years??? I certainly do!!

[mekender]

The virus thing...

Well... I'll illustrate the issue with an anecdote...

I took a family friend on as an emergency client. They home school, and the system they use for homeschooling was well hosed up, to the point where it was completely unusable. It would boot, but applications and web pages wouldn't load, it would reboot randomly etc...

I looked at it... No exaggeration, there were over 6,000 individual pieces of malware, spyware, adware... and that's with 4 different AV/adware/spyware/anti-malware packages running, including the commercial and updated norton 360. They also had 4 different "system optimizer" or "system cleaner" packages running, and god knows how much other "helpful" garbage.

He asked what I charged and I said "I'm doing this as a family friend, because to clean this up... Labor alone would be more than you make in two weeks. It's going to take me at least two full days. It'd be faster to wipe it and start over but you don't have backups or install disks for a bunch of this stuff. Even then, I really recommend wiping it when you get the chance, because I might have missed something.

And yes, it did take two full days... actually more than. I actually put over 20 hours into cleaning the system up, then rebuilding it to a consistent and usable state, then locking it down and putting tools in place to... I wish I could say prevent, but it's a windows machine so I can only say reduce the likelihood... of that sort of thing ever happening again.

Just so he would understand and appreciate the amount of work involved, and what that kind of work costs, I printed him up an invoice, with a 100% discount. Yes, it was more than he made in two weeks. He just about crapped his pants.

So, my advice on the virus thing is this... Wipe the machine completely, and install from scratch. If you can't do that yourself, donate the machine or give it to a smart kid who can, and buy a new one. It'll be cheaper and easier for you.

Oh and NEVER EVER EVER EVER buy or install norton, or mcaffee, or frankly any of the major vendors anti-virus, "security suite" or software "firewall" packages, and never buy or install a "system cleaner" (except piriforms ccleaner aka crap cleaner, which I install on every windows machine automatically). If they come on your computer from the factory, clean them off completely before you try to run anything. They are actively harmful.

For anti-malware, use windows security essentials, and comodo, AVG, or malwarebytes as a secondary scanner, and run Winpatrol to keep control of your computers settings and startup programs etc...

In general, don't be an idiot. Don't download anything, or open attachments or web pages, you don't know, or are not well known and trusted sources etc... etc... Virus scan everything before you open it, and turn on live virus scanning in your security software.

Oh and NEVER load or use a browser toolbar of any kind, unless you are absolutely sure you want to use it, exactly what it does and who it came from.

Most importantly, always live behind a physical firewall. Never expose a windows machine to the bare internet, no matter what kind of software "firewalll" you have running (software firewalls don't protect you worth a damn. Also they shouldn't be called firewalls, because they aren't). You WILL be compromised, within minutes, without question.

As someone that has done consumer PC support for more than 15 years, I concur 100%.

I would add that for anti-malware I like HijackThis... For AV, I like Avast over AVG as I have had way too many false positives with AVG.

Also for system cleanup, I like CCleaner a LOT, but you have to be careful with it, there is a drive wiper option that will irreversibly erase a hard drive and I have had people do it.

Way back in the Windows 98 days, I spent a good bit of time doing phone support for Gateway on their incoming 1-900 line. People would pay me $2 a minute to fix their virus problems. Generally any attempt to clean a virus took more than 2 hours of time and that was with a step by step removal process that was written down in great detail. And this was in the days before everyone had always on internet and viruses started seeking out other viruses to download. Back then the process usually went something like this:

1. Boot to safe mode
2. Clear startup
3. Delete registry keys
4. Delete specific files
5. Uninstall suspicious programs
6. Reboot and check for the virus

Generally speaking our first step was to try to convince the person to let us start a re-format process. If we could do that, we would get it started and then get off the phone, this would take about 20 minutes, versus the many hours to clean it.

Fast forward 15 years and I can guarantee you 100% that if you find one virus on a machine, there will be at least a dozen. And cleaning them will be FAR more involved than what I just described. In short it is almost always easier and faster to wipe the drive.

[308Mike]

In this day and age, the VAST MAJORITY of machine compromises occur via browsers (malware/adware/viruses) and unsecured shares accessed by other compromised machines on the network.

If you eliminate scripts on web browsers, you'll eliminate over 90% of browser compromises and with regards to IE; MACHINE compromises as well. WHAT IDIOT incorporated a web browser into their OPERATING SYSTEM?????? GAH!!!

Anyway, if you have a decent AV program to scan your emails (especially after you pull them down from your provider and they might have missed SOMETHING), as long as you don't allow active scripts to run inside your email client (without an AV plug-in), you'll do better than 90% of the rest of the morons online. People simply don't realize just how easily or quickly their machine may be compromised as long as it offers services to a network (if the machine offers NO services and CAN NOT do so, any compromise is likely to fail - unless it finds another way to create a share to the outside world).

A LOT of problems are created by browsing unsafe sites and trying to download programs people believe are CUTE and useable to express their EMOTIONS (think all those stupid smiley faces and other bullshit & toolbars they installed to make their messages and emails so "cute").

WHAT A BUNCH OF MORONS (even if they didn't realize it)!!!

Most problems are user INSTALLED, whether they realize it or not - and then they wonder why their machine is running so damned slow with 10 Toolbars - EACH with certain "cute" smilies they want to have available to send to others - who, for the most part don't give a DAMNED about their STUPID SMILIES included in their email/messages.

And they ALWAYS wonder (and complain about their browser toolbars UNinstallation) when you try and clean up their machines, about WHY their computer is running SO DAMNED SLOW!!!!! But they are AMAZED when it starts running SO MUCH BETTER!!! But they simply CAN NOT make the connection!!

ARGH!!!!!!

[Weetabix]

What do you recommend for a physical firewall?

The internet service in my building just changed to a "public-facing" internet. I assume that's what you meant about exposing a machine to the bare internet?

Any way to combine a physical firewall with something that will let us VPN (or otherwise connect) to our office file server so we can work remotely?

Should I be nervous about this public facing thing?

[BobbyK]

What do you recommend for a physical firewall?

The internet service in my building just changed to a "public-facing" internet. I assume that's what you meant about exposing a machine to the bare internet?

Any way to combine a physical firewall with something that will let us VPN (or otherwise connect) to our office file server so we can work remotely?

Should I be nervous about this public facing thing?

Hell yes.

[308Mike]

What do you recommend for a physical firewall?

The internet service in my building just changed to a "public-facing" internet. I assume that's what you meant about exposing a machine to the bare internet?

Any way to combine a physical firewall with something that will let us VPN (or otherwise connect) to our office file server so we can work remotely?

Should I be nervous about this public facing thing?

ABSOLUTELY!

Since your building is going to be a public facing Internet site, then why not use them as your host/backbone and set up your own company network with ACLs, port blocking, etc, and allow VPN connectivity to an inside site (perhaps a Citrix server via Cisco VPN Concentrator and Cisco clients on home machines)? Even most home routers today have VPN capability, but for a business, I'd go with commercial-grade hardware & software.

I'm sure Chris and/or Bobby can give you much more current info than I have (which is several years old) - I'm just making some suggestions or questions.

[BobbyK]

Sophos offers a free "Home Use" license for their UTM appliance. It's good for up to 50 internal IPs, you supply your own hardware. Any decent beater PC that you can shove a couple of NICs in will do.