North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: New Computer? Six Steps to Safer Surfing

  • From: Charles Cala
  • Date: Mon Dec 20 11:21:51 2004
  • Comment: DomainKeys? See
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; b=IQsT3r6gmeJxb3H2/kDXPKRljtUDqL8YwxUAczvkHZOOhfetMjaZbGcJv8jY6YmXQfX90+cz2jXW0VrIpt4zX/K7Ys9PrDSrObOo6ftZiP2SkB78x3qt/QDf3Ac1lFdECZRxNAPM/386EhI0B+kuuFzHPu+Lp5mzLSvfpQGlFfQ= ;

I call “shenanigans” .

--- Larry Smith <[email protected]> wrote: 
> On Sunday 19 December 2004 16:47, Sean Donelan wrote:
> > The really
> > scary thing is the infection rate of Home/SOHO computers with
> > AV/firewalls is higher than "naked" computers.
This flies in the face of both logic _AND_ my experience in the field.

After the .bomb exploded I did windows stuff to pay the rent, 
and there were 4 basic “groupings” of infection routes.
(from the viewpoint of the infected box)

External, uninvited (unpatched /unfiltered windows box)
External invited (laptop from home)
Internal intentional download/install (gambling, porn players with ad ware)
Internal unintentional download (but all I did was install these 
extra fonts and smiles, I did not want my machine to become a Spam factory)

It is probably a “duh” to most of the readers on this list but ill say it now
for those that actually go through the archives to look for their answers 
before posting to NANOG.

Just like in a REAL network (one that serves lots of end customers, and vars) 
security SHOULD follow a layered approach, and be monitored for compliance.

Installing a hardware based firewall is the a good first defense, not using 
silly programs is another. (i.e. IE) people will for the most part follow 
the “lazy path”  that allows them the most pleasure.

In the places that I have installed a hardware filter/firewall 
I have not seen ANY infections that are related to just the machine 
“being online”, ALL have been the result of the use asking for these 
programs to be run, (in one form or another).

> I am very interested in "where" this informatio is published and how it was 
> obtained....

As am I. Since the price of a simple nat/filter box has come down 
to under $100 they should(should as defined by RFC) be installed 
as a “package” with the cable modem/dsl/modem/net hole.

Could you please let us know where you got the supporting 
data for your theory. I know that the infection rate is high 
for the PC world, but figuring out the invited vs. uninvited 
infection rate, is of value to the discussion of end user 
firewall/filter use.

The spam/virus issue won’t go away until those who 
prepare, propagate and profit, are removed from the matter.

Either by, filters on the net, jail time/fines, or blood loss, (perhaps
proper application of all options) all the people involved in 
spreading this malware should be discouraged from doing so.

Lets clean up our frends/co-workers pc’s this coming year.

When ever I go to someone’s house I'm making sure that their 
antivirus software is installed and up to date, box is patched, 
and that they have some sort of hardware based firewall.

I’ve already given a few away as x-mas presents this year,
and installed them. How about you?

"less bitchin, more fixin!" -charles 


"champagne for my real friends, 
real pain for my sham friends" - ed norton