No comments yet?
Well yea, I do tend to bring up and ask questions about subjects that are at least at times aggravating.
The reason my questions are aggravating this time is because there are no good answers. The majority of the tools recommended throughout the global pri/sec community DO NOT PROTECT.
In the last half decade, the malware propagators have gotten very clever. Unfortunately, most users are still using and being advised to use the same type of security tools and techniques used five or more years ago.
What is worse is that the tools most recommended are just purely reactionary and more often than not create more damage than the infection itself. These reactionary tools rarely have the signatures developed in time to stop an infection and the false positives and faulty removal routines litterally rip the system and innocent applications apart. A good percentage of users just trust their malware scanners to remove items without any thought given to what the items being removed are. Then users can't understand why their systems and programs don't function well anymore.
I wont even much get into the subject of all the 'rogue' tools. Ref;
http://www.spywarewarrior.com/rogue_anti-spyware.htm IMO the majority of anti-malware scanners belong in the 'rogue' category or are at best just outdated and useless endeavors. When folks have an infection, they are much better advised to seek out a tech board like this one where experienced folks are trained to help remove the nasties.
And with some rooters it is impossible for anyone or any tool to find all of the possible policy changes made that can leave the system vulnerable to further exploits. In some cases, even the best audits fail. In these cases nothing short of a reinstall can secure the system again. Can you spell 'downtime'?
For a long time now (more than half a decade) we've had better technologies. I wonder why there hasn't been more development in the past few years. So why now aren't we using and recommending the tools that have been developed that really do protect. Well, I've heard almost every excuse in the world now. Most amount to; 'the users are too stupid or too lazy to learn something new'. My thoughts on this opinion of users is; HOGWASH.
How is it that I've taught dozens of noobs in recent months how to really protect their systems? Most of them take to it almost instantly.
How is it that none of the 600+ appliances and users accross multiple SOHOs in my care have ever had an unwanted ware installed?...not once in the past half decade+. It seems to me that many of the anti-malware product developers are quite happy selling subscriptions for products that aren't real solutions. hmmm
"Do you think any user can really protect his system for FREE?"
I think the answer is YES.
"How?"
By using a better firewall;
Ref;
http://www.voiceofthepublic.com/test_tools/firewall.htmlCan a user still get infected using a HIPS type firewall?
Yes, but if it happens it will be because the user allowed it to happen.
"Are there any tools that can protect me even from my own doing?"
Yes, to a degree, but those also have weaknesses. Ref;
http://www.voiceofthepublic.com/test_tools/twohips.html No tool is or ever will be a 100% secure. However, using a HIPS solution is a 100% increase in security as opposed to depending on tools like resident scanners and end point packet filters that really don't protect much.
For more info you might like to have a look at this series;
http://www.techsupportalert.com/security_mess.htm If you are interested in some of the simple to use tests spoken of here, you can find them and a few more here;
http://www.voiceofthepublic.com/test_tools/testfiles.htmlBTW I'm not really suggesting that users throw their resident scanners and packet filters away. Many folk will still need these tools in order to feel secure. Some users still need things like cookie control and the like too. However, I again suggest that users check with folks in the know before removing anything they don't explicitly recognize in a scanner results log. Just one false positive or faulty removal routine can and many times have caused catastrophic results.
There are plenty of tech boards around...why not use them instead of periodically ripping the guts out of your system? Ref;
http://asap.maddoktor2.com/As always, JMO
