Print Story ask Husi: how to not get pWnz0r3d
So I bought a Windows computer for my wife to use. I need to know how to get it online (using cable and my own router) so that I manage not to get it infected with every bit the filth and crap on the Internets. I've been using Macs for years, or else PCs that I don't administer, so you can see that this is virgin territory for me.

Any advice, folks? Much obliged in advance.
< I love comp days | BBC White season: 'Rivers of Blood' >
ask Husi: how to not get pWnz0r3d | 24 comments (24 topical, 0 hidden) | Trackback
Get by ad hoc (4.00 / 2) #1 Mon Sep 25, 2006 at 08:09:44 AM EST
this and this.

That's about it.
Once you get used to the idea that everything is equally true, decisions get much easier. -- johnny

thanks! by nathan (2.00 / 0) #3 Mon Sep 25, 2006 at 08:25:24 AM EST
Downloading em right now.

[ Parent ]
If you keep it behind the router by jayhawk88 (4.00 / 1) #2 Mon Sep 25, 2006 at 08:23:48 AM EST
...and keep AV and anti-spyware installed on it and updated, assuming she doesn't do Galactically Stupid things on it like downloading WinTools or opening .SCR files emailed to her, you should be fine. Also it probably goes without saying these days, but Windows Update every month as soon as possible after Patch Tuesday.

thanks! by nathan (2.00 / 0) #7 Mon Sep 25, 2006 at 09:01:59 AM EST
Uh... what's Patch Tuesday?

[ Parent ]
Microsoft releases it's patches by jayhawk88 (4.00 / 1) #13 Mon Sep 25, 2006 at 09:24:44 AM EST
On a monthly cycle, 2nd Tuesday of every month.

[ Parent ]
Windows Update is set to automatic by theboz (4.00 / 1) #11 Mon Sep 25, 2006 at 09:20:11 AM EST
It should download the patches with no user intervention unless you turn it off, at least in the newer releases of XP.
- - - - -
That's what I always say about you, boz, you have a good memory for random facts about pussy. -- joh3n
[ Parent ]
Yes by jayhawk88 (4.00 / 1) #12 Mon Sep 25, 2006 at 09:23:40 AM EST
Maybe it's my paranoia creeping through though, but I generally like to wait at least a day before installing new patches, just to make sure that I don't hear any reports about a certain update melting HD's or anything like that. But of course I guess that's what the "Download but wait for me to install" option is for.

[ Parent ]
Run everyone as a limited user. by lb008d (4.00 / 3) #4 Mon Sep 25, 2006 at 08:32:09 AM EST
Use Firefox instead of IE.
Use Gmail or something similar instead of Outlook.
Don't download and run everything you come across.

Using the above strategy I've never had to clear adware or viruses on my Windows machines.

that's all it takes, common sense? by nathan (4.00 / 1) #6 Mon Sep 25, 2006 at 09:01:42 AM EST
Mind you this computer comes configured to run as root. Haw haw haw. Likely!

Thanks for the advice.

[ Parent ]
Yes by jayhawk88 (4.00 / 3) #16 Mon Sep 25, 2006 at 09:30:51 AM EST
Common sense, in combination with a properly configured hardware firewall as someone pointed out, will keep one safe from probably 98% of problems out there. Once you understand why it is bad to do things like install Elf Bowling or whatever, the only thing you really have to seriously worry about on a home network is watching what your kids/SO/parents/friends do on your machines, and dipping your toe into the security underworld once in a while, just to keep track of whats going on. Bookmarking is a good way to do the latter.

[ Parent ]
Yup by Cloaked User (4.00 / 3) #18 Mon Sep 25, 2006 at 09:53:02 AM EST
I run as an admin account, but I keep my machine patched and don't use IE or OE and the only time I got hit was when I was stupid. (No antivirus software and running executables downloaded from the less salubrious parts of the net? I'm lucky it was a single, relatively harmless virus...)

Conversely, a friend's Linux box got rooted a couple of weeks ago because he hadn't been keeping it patched. He knows better, he just got careless...

95% of it is basic common sense (although given how many people fail it, I'm not sure it's all that common)

This is not a psychotic episode. It is a cleansing moment of clarity.

[ Parent ]
plus by ucblockhead (4.00 / 2) #8 Mon Sep 25, 2006 at 09:06:12 AM EST
Use a hardware firewall.
[ucblockhead is] useless and subhuman
[ Parent ]
Good one... by lb008d (4.00 / 1) #9 Mon Sep 25, 2006 at 09:17:59 AM EST
I've got a Netgear MR814 that seems to work well, although it sucks as a DNS server. I always have to configure my non-Windows machines to use upstream DNS servers.

I also have Windows set to automatically update itself, I don't remember if that's on by default or not.

[ Parent ]
Yeah by ucblockhead (4.00 / 2) #10 Mon Sep 25, 2006 at 09:20:01 AM EST
I do DNS manually. I have some linksys thing...I forget which.
[ucblockhead is] useless and subhuman
[ Parent ]
hey, I have the same router = by nathan (4.00 / 1) #19 Mon Sep 25, 2006 at 10:24:11 AM EST

[ Parent ]
I use my home PC with a non-admin acc't by clover kicker (4.00 / 2) #14 Mon Sep 25, 2006 at 09:27:48 AM EST
Not even power user.

Hopefully you don't have any retarded apps that think they need admin access.

Games can be a pain, but RUNAS.EXE /user:administrator is your friend.

[ Parent ]
WIPO: Prayer by DesiredUsername (2.00 / 0) #5 Mon Sep 25, 2006 at 08:34:07 AM EST
And if you somehow get infected anyway, the laying on of hands from orbit is the only way to be sure.

Now accepting suggestions for a new sigline
These four do well by greyrat (4.00 / 1) #15 Mon Sep 25, 2006 at 09:30:49 AM EST
and are free:
AVG Anti-virus
Zone Alarm - Firewall
Spybot - Spyware/Malware
Spyware Blaster - Spyware/Malware

But you'll need to keep up with updates, weekly at least.

Yes. All four. Together. At the same time. by greyrat (4.00 / 1) #17 Mon Sep 25, 2006 at 09:32:38 AM EST
Each does it own thing and each does it well -- especially considering the price.

[ Parent ]
Just keep it patched by debacle (4.00 / 1) #20 Mon Sep 25, 2006 at 10:44:54 AM EST
Remember a few simple rules:

When you boot, open taskmgr. You should be able to get down to 14 processes by killing the unnecessary ones. If you can't' something is wrong.

hijackthis and Ad-Aware. You shouldn't need them, but just in case.

Firefox. Disable all unnecessary services (messanger, etc) or just turn off automatic startup.

Also, you need to probably download SP2 and burn it to a CD before connecting your PC to the Internets. Chances are before you can get SP2 installed through the usual channels, something will fuck you up.


Yeah by ucblockhead (4.00 / 1) #24 Mon Sep 25, 2006 at 04:03:17 PM EST
It's not a bad idea to go google every process you see in task manager. There are sites that track what's normal and what's not.
[ucblockhead is] useless and subhuman
[ Parent ]
I live dangerously by riceowlguy (4.00 / 1) #21 Mon Sep 25, 2006 at 10:50:05 AM EST
Ever since Windows XP SP2 brought the free Windows firewall to us, I basically just make sure that during the computer install process I don't connect the system to the internet until the firewall is installed, and then I make sure to install all updates ASAP.  I don't run any kind of antivirus, anti-spyware or other BS.  I just don't open suspicious attachments, and as people have suggested, I run Firefizzle and Thunderbizzle instead of IE and Outlook or OE.  I've seen how my mom's PC is slow as dirt because of how my dad loads it down with every kind of security software known to man, because he doesn't trust her not to do dumb things on the 'Net.  That won't happen to me.

May I suggest by dmg (4.00 / 1) #22 Mon Sep 25, 2006 at 10:52:58 AM EST
You use a secure and trustworthy ISP?
Ain't no time for crossing over, from the PM to the dawn!
Maggotron is gonna rock them, Maggotron has got the bomb!
no way by nathan (4.00 / 2) #23 Mon Sep 25, 2006 at 03:33:56 PM EST
AOL is way too liberal for me. Teen sex chatrooms? Are you kidding? I get my Internets from these people.

[ Parent ]
ask Husi: how to not get pWnz0r3d | 24 comments (24 topical, 0 hidden) | Trackback