Anti-virus Software

[Skeddan]

Sophos.

 

Being behind a decent firewall in router helps a lot - as well as having IP address reservation etc.

 

With Windows it's a good idea to disable unnecessary services - as well as not using Admin if you can, not sharing the computer with anyone else, and being careful what you install, run etc.

 

Ultimately often the best way of cleaning infections and problems is re-installing. Have image of the builds you want to be able to restore back to, and use that. A 15 min re-install of C drive can be a lot easier than trying to iron out problems and infections.

[Slim]

as well as having IP address reservation etc.

 

Explain that one to me?

[pongo]

Stevep: Aye, cos linux doesn't have rootkits eh?

 

Not to argue - but Stevep did specifically write Ubuntu, rather than Linux in general. Have you ever actually seen or heard of a home installation of Ubuntu getting a root kit installed?

 

Granted it's a theoretical possibility - but Ubuntu seems fairly well locked down. No?

[Slim]

Not to argue - but Stevep did specifically write Ubuntu, rather than Linux in general. Have you ever actually seen or heard of a home installation of Ubuntu getting a root kit installed?

 

Granted it's a theoretical possibility - but Ubuntu seems fairly well locked down. No?

 

It is, but there's still cases of rootkits under ubuntu. Causes can be something as daft as a crappy password, to a zero day exploit or a daft repository used. Like windows, linux is a big complex bit of software, there's frequent patches because there's frequent security holes discovered.

[thebees]

Get a Mac and forget about viruses forever

[pongo]

Get a Mac and forget about viruses forever

 

Two things:

 

4. Slim is going to have stuff to say about that

2. Do not jinx us - it's only a matter of time. And Macs do still face various security threats - although none of those drive by Activex vulnerabilities which are built into Windows.

1. Scripting poses a risk to people on any platform which allows scripting. And the web becomes virtually unusable if you switch off scripting or install No Script.

3. I've installed Intego Virus Barrier X5 on our MacBooks since they do at least probably stop us from forwarding a Windows virus or trojan which we might receive in emails. Intego have also previously been pretty quick to identify other OSX vulnerabilities. I doubt that I really need it though and do not bother with AV on my Mac desktop.

[Slim]

4. Slim is going to have stuff to say about that

 

Yeah, it's a load of bollocks Viruses really haven't been a threat on pc's either for a while.

 

You have to look at what realistically infects most pc's, which isn't viruses, but trojans. These are programs that users actually install knowingly, and in the main virus checkers are playing catch up with peoples stupidity. Macs aren't targetted by these simply because there's not that many mac users around compared to pc users around. This doesn't mean you couldn't write a mac trojan, you can, it just means less people are arsed.

 

Now a virus or worms are more about zero day type exploits, which macs are often vulnerable too, macs have to be patched for flaws, just like PC's and Linux machines. Again, fewer of these flaws are targetted towards macs, so you are less likely to be infected.

 

The real threat to many is protecting from their own stupidity, stopping them runnign things they shouldn't, stopping them replying to phishing emails (which work on macs just the same as on pc's, or linux machines), which is the area most modern anti virus apps look to now.

 

2. Do not jinx us - it's only a matter of time. And Macs do still face various security threats - although none of those drive by Activex vulnerabilities which are built into Windows.

 

There's still similar vectors, such as office macros, java, flash, adobe apps such as acrobat. Yes, these very often just open a way to exploit other vulnerabilities which will mostl likely be windows specific, but that again is a popularity issue, not a technical weakness.

 

1. Scripting poses a risk to people on any platform which allows scripting. And the web becomes virtually unusable if you switch off scripting or install No Script.

 

Spot on yes, and xss. Safari's been critisised here too compared to other browsers.

 

Macs and Linux workstations do tend to have better configurations out of the box than windows xp machines, but I'm not sure its fair to bang on about that still given vista's been out so long, and it's default is to pretty well locked down in comparrision.

[pongo]

One reason why Macs do tend to be more secure:

 

Apple has the advantage of supplying a closed system. They can get a patch out quickly because they only have to test it on a limited number of machines. This is a clear advantage of proprietary systems.

 

Windows software has to run on all sorts of different hardware - with the potential for all sorts of different problems. Any patch potentially also involves everyone who ever shipped a driver.

[Skeddan]

as well as having IP address reservation etc.

Explain that one to me?

Router used as DHCP server assigns IP addresses to devices. Each IP address is reserved for a specific device with given MAC address - i.e. a device with particular MAC address will always get 192.168.0.3 and so on. So the range of IP addresses can be limited to the number of devices you actually have, and each IP address is reserved to a given MAC address. Can also set up 'Access List' - i.e. only allow devices with MAC address specified in list to connect to the network.

[Slim]

Router used as DHCP server assigns IP addresses to devices. Each IP address is reserved for a specific device with given MAC address - i.e. a device with particular MAC address will always get 192.168.0.3 and so on. So the range of IP addresses can be limited to the number of devices you actually have, and each IP address is reserved to a given MAC address. Can also set up 'Access List' - i.e. only allow devices with MAC address specified in list to connect to the network.

 

See what you're getting at, and it's a good practice, but not sure it's relevant in an anti virus discussion?

[ans]

It's not

[joeyconcrete]

That's also assuming someone just doesn't give themself a static IP address ignoring any reservations you setup. Whilst MAC-based wireless ACLs are fairly common on consumer kit, its uncommon to expect such a thing on a wired network.

[pongo]

Router used as DHCP server assigns IP addresses to devices. Each IP address is reserved for a specific device with given MAC address - i.e. a device with particular MAC address will always get 192.168.0.3 and so on. So the range of IP addresses can be limited to the number of devices you actually have, and each IP address is reserved to a given MAC address. Can also set up 'Access List' - i.e. only allow devices with MAC address specified in list to connect to the network.

 

See what you're getting at, and it's a good practice, but not sure it's relevant in an anti virus discussion?

 

agree that this is veering away from virus talk. But on this specific subject:

 

1. MAC addresses can be spoofed relatively trivially. ETA - if the bad guy can read the traffic and therefore know what MAC addresses are in use.

2. TKIP has been semi hacked - the door is partially open - this calls into question the security of some versions of WPA (ie any installation of WPA which is using TKIP). AFAIK it's roughly at the point WEP was when it was known to be breakable but was not yet trivial.

[joeyconcrete]

agree that this is veering away from virus talk. But on this specific subject:

 

I like computer security, so I like this veering.

 

1. MAC addresses can be spoofed relatively trivially. ETA - if the bad guy can read the traffic and therefore know what MAC addresses are in use.

2. TKIP has been semi hacked - the door is partially open - this calls into question the security of some versions of WPA (ie any installation of WPA which is using TKIP). AFAIK it's roughly at the point WEP was when it was known to be breakable but was not yet trivial.

 

1. True, for home users. 802.1X is the common thing on Enterprise networks to combat this, where switches require a supplicant to authenticate against a back-end system (RADIUS, Active-Directory etc).

2. Most of the newer kit does AES, which is stronger, it depends if these weaknesses are in the key exchange (802.11i is the standard I think). It's all relative though. If you next-door neighbor is intent on cracking your WPA, you have to wonder why.

[thebees]

Wot? I was also suggesting a Mac to Mo because he's into music stuff and they are undoubtedly the class leaders for interfacing with midi instruments and the like. I dont know what all that WEP/ AES, 801X monkey jive talk is so I will just be happy that I'm fortunate as far as to not be surfing/downloading virusy things goes. /leaves discussion because she's well out of her depth

x