Quote:
Originally Posted by kennyc
What? NO VIRUS SCANNER? Are you Serious?
Or are you talking about login security?
|
It's entirely possible to run without A/V relatively safely. I
do run A/V, but could drop it without problems.
The trick is thinking about the problem the right way. Viruses and spyware/malware are like diseases. Diseases get
into the the body via vectors. Ward the vectors, and you don't get the disease.
Many tools out there make the assumption you are infected and attempt to cure the disease. I find it easier to just not get infected in the first place.
My rough rules of thumb are
1.
Don't use Internet Explorer as your browser. Many exploits target security holes in IE and Windows, and bounce off if IE is not the browser.
I use Firefox, with the
NoScript extension.
2. Keep Windows fully patched. Turn Automatic Updates
on, and get and install critical patches as released.
3. Consider
not running as Administrator. This is the default behavior for Windows Vista and Windows 7. Prior to that, Windows assumed the logged in user was also an Administrator with all powers. Most exploits require Admin rights to do their dirty work, and fail if the user is not Administrator.
4. Turn
off the Windows default of hiding extensions of known file types. (In XP, you can do this by opening My Documents, andf clicking on Tools/Folder Options. Select the View tab, and
uncheck Hide extensions for known file types. See below for why.)
5. Run a good A/V package, and make sure the virus signatures are up to date.
I use Symantec Corporate, courtesy of an employer site license, and get new A/V signatures delivered automatically each week.
6. Run a firewall. Windows Firewall will do, though better third party products exist.
I have three - the hardware firewall in my router, Windows Firewall, left active because it doesn't conflict with anuthing, and the last freeware version of the old Sygate Personal Firewall, bought and killed off by Symantec. It has the best interface I've seen in a firewall.
7. Be
very careful about what you view in email. Poisoned attachments are a favorite distribution method for bad stuff. Be sure you know who it's really from and what it really is.
I use GMail as my primary account, checking my others. Attachments stay on Google's servers unless I specifically choose to download them, and I know what they are and where they are from before doing so.
As part and parcel of email security, see #4 above. If hiding the extension of known file types is checked, you don't know that the "cute_kitten_picture.jpg" file that arrived in email is really "cute_kitten_picture.jpg.
exe", and will install something nasty if you open it.
7. Be very careful about what you download and from where. Download software only from known good sources, that check on their end.
8. Be aware that the Internet is like a big city. It has bad neighborhoods. Watch where you go and what you do when there.
9. See Rule 1.
I haven't had a serious problem in many years because I followed the practices above. I could actually drop A/V, because it never finds anything. (The last time it did, it was false positives on some
ancient MS-DOS programs I still use.)
I also don't run "active" anti-spyware/malware defenses doing real time checking. They don't find anything because I avoid getting it. I occasionally run on demand checks with things like Ad-Aware, Spybot Search and Destroy, and Malware Bytes. The worst they find are "tracking" cookies, which are at worst a nuisance.
Good surfing habits are your best defense.
______
Dennis