Quote:
Originally Posted by Jaglavak
All routers ever created in the history of the universe have a built in web page or two that controls all the security settings and whatnot. That's the local IP address, which can only be accessed from your side of the router and not the internet side. |
Hopefully. Most routers allow access from the Internet side, but no one (not even D-Link) turns that on by default.
Quote:
Originally Posted by Jaglavak
If you lock up all the stuff you don't use and set all the security features to unabomber it makes life difficult for bad guys. If you do it right your system just won't respond to any outside signals at all, only packets coming from your box.
|
No offense, but that's what hardware firewalls are for.
Quote:
Originally Posted by Jaglavak
Even that is not necessarily 100% watertight because your own box will play double agent against you. The reason there are all these problems is there's a bunch of security holes built into windows either on purpose or through sloppy coding.
|
Well, those have gone down considerably since the Trustworthy Computing Initiative, which is why "commercial" malware authors largely moved on to softer targets like Flash, PDF, TeamViewer, and anti-virus software itself.
Quote:
Originally Posted by Jaglavak
Most of them relate to features that do stuff for you, like remote desktop, chat clients, or torrents.
|
I hate to nitpick, but only RDP is built in to Windows, and then only in Pro and Enterprise versions. Microsoft doesn't really make a popular chat client, outside of Lync\Skype. And MS doesn't make a torrent client at all.
Quote:
Originally Posted by Jaglavak
Go through all of the several dozen running services and find out what they do and if you want your box to be doing that.
|
This is absolutely the
worst possible advice to give someone who doesn't understand what services are. I mean, don't get me wrong I
like it - I've earned a couple thousand dollars from people who tried to "fix their computers" by turning off some service, especially BITS - but it's not advice I'd ever give anyone.
Quote:
Originally Posted by Jaglavak
But even that is not necessarily 100% watertight because your web browser will play double agent against you. Once again this is because of features that you may want such as playing videos or automatic logins. But if you uninstall adobe flash and install extensions for ad blocking and script blocking and WebRTC blocking and HTTP referer blocking then you can surf in reasonable safety.
|
Jeez - so basically OP should take his computer outside and set it on fire just to be sure? I've owned a "modern" computer since 1996, and have had a grand total of ONE virus infection, and that back in 1999, and was my own damn fault for downloading pirated software at 4AM and not checking it out before running it. I visit the darkest corners of the music\TV\movie pirate internet several times a day. Yes, I go to porn sites. And my Windows 10 Pro box has all the default settings. My router has UPnP and WPS disabled, but has default settings otherwise. I even have 3389 open for RDP. And I never get viruses or malware.
The problem with malware isn't software or hardware, it's bad user behavior. And, as the old saying goes, you just can't fix stupid. One of my clients will literally click on
anything in an email: she once got a virus from clicking on a phishing email allegedly from Scotland's Clydesdale Bank... even though she's never stepped foot in Scotland, her business doesn't do
any business in Scotland, the business uses a local commercial bank with a name not in any way similar to "Clydesdale", and her personal accounts are at all the big banks - Wells, BoA, etc. Her explanation: "well, I thought it might be important".
