A little computer advice

[skb12172]

Downloaded Classic Shell. Already love it. Many thanks!

[skb12172]

I've been experimenting a bit. I think I prefer the Windows 7 shell. I'm still getting to know the program, though. Thanks, again!

[Cybrludite]

And whatever you do, never *EVER* use ask.com as your search engine. We could cut out almost all of our homepage hijacks and a goodly chunk of our malware calls by blocking that one site. Unfortunately, the doctors insist on being able to use all the search engines...

[308Mike]

And whatever you do, never *EVER* use ask.com as your search engine. We could cut out almost all of our homepage hijacks and a goodly chunk of our malware calls by blocking that one site. Unfortunately, the doctors insist on being able to use all the search engines...

I'm assuming they're all on Windows? Can you push a policy to put ask.com in Restricted Sites Zone (IE) - AND block the installation of toolbars (except Administrator approved)? That'll block almost all scripts and ActiveX crap hitting the machines from ask.com.

[Cybrludite]

And whatever you do, never *EVER* use ask.com as your search engine. We could cut out almost all of our homepage hijacks and a goodly chunk of our malware calls by blocking that one site. Unfortunately, the doctors insist on being able to use all the search engines...

I'm assuming they're all on Windows? Can you push a policy to put ask.com in Restricted Sites Zone (IE) - AND block the installation of toolbars (except Administrator approved)? That'll block almost all scripts and ActiveX crap hitting the machines from ask.com.

We're able to, but are not allowed to.

[308Mike]

And whatever you do, never *EVER* use ask.com as your search engine. We could cut out almost all of our homepage hijacks and a goodly chunk of our malware calls by blocking that one site. Unfortunately, the doctors insist on being able to use all the search engines...

I'm assuming they're all on Windows? Can you push a policy to put ask.com in Restricted Sites Zone (IE) - AND block the installation of toolbars (except Administrator approved)? That'll block almost all scripts and ActiveX crap hitting the machines from ask.com.

We're able to, but are not allowed to.

Por que?? They are not being stopped from using the search engine, and you're simply protecting the integrity of the network and all that PHI accessible with those machines. Certain agencies would be REALLY pissed about compromised PHI simply due to someone's desire to kiss the biggest butt they can find.

I'm sure I'm preaching to the choir, so perhaps the politics might change if framed the right way to help them understand just what they stand to lose (even if it's only a couple of patient records, they'd be in HUGE trouble).

[Rich Jordan]

Don't run normally as administrator (or an administrator group user). Over the last week or two on Security Now podcast (Steve Gibson, Twit.tv) they were talking about a study that running a windows box as a non-admin user effectively prevented a significant majority of exploits. Running IE as a non-admin user (and not being stupid and clicking on everything) apparently prevented nearly all IE-based exploits from taking root. They took the report seriously. I haven't researched it (too busy changing diapers on user wintel PCs again...)

Link to the report is here

WRT an external firewall; my company is a reseller for SonicWALL, which is now a Dell company (keeping fingers crossed that doesn't turn out bad). They are _not_ consumer-router cheap, and if you opt for the subscription services you get a nice annual fee tacked on. Gateway antivirus, anti-spyware, intrusion prevention via "deep packet inspection", content filtering (keep the kids away from the porn...). I like them a lot, but, full disclosure, I don't have much experience with competing products. I have one at home (TZ100), and at one of the parent's home. Company discount FTW.

[Greg]

The average time between a windows box being placed unprotected on the public internet, and that box being compromised, is approximately 4 minutes and 30 seconds.

At the very least, a NAT router is an ABSOLUTE NECESSITY, if not a real firewall.

A fresh OS install from disk, WILL be compromised before you can patch it. Had to explain that to my brother, as I gifted him the NAT router.

[xyz_pilot]

What router/firewall would you buy for a house on a budget.

Would like a mixture of wire and wi hi internet for up to 10 devises?

[mekender]

I am using this one, have for a while.

http://www.amazon.com/ASUS-Dual-Band-Wi ... ess+router