[PLUG] Winders Security Software Recommendations

Zot O'Connor zot at whiteknighthackers.com
Thu Nov 6 10:48:02 UTC 2003 

On Thu, 2003-11-06 at 07:50, Derek Loree wrote:
> On Thu, 2003-11-06 at 00:44, Jason Van Cleve wrote:
> > Sorry if this is a tad OT, but I need some quick advice from you
> network admins.  What are the going recommendations for firewall
> software and virus software, on Windoze boxen.  This is for an
> extremely end-user demographic--farmers on dial-up, in fact--so it has
> to be easy to install.  (And hardware firewalls are out, because these
> people could never be persuaded to buy one.)  Probably around 50%
> Win98 and 50% XP.
> > 
> I still have to recommend dial-on-demand floppy routers, the hardware
> can be found for next to nothing, and once they are set-up nobody has to
> mess with anything.  On a winblowz box, you never know when some popup
> will install a server that will get by zonealarm (or disable it).

I am assuming this is a rollout to many people.  A added box has a
number of new points of failure:

1)  The hardware (Chips, memory, etc.).
2)  The floppy.
3)  Its network card.
4)  The network card in the windows box.
5)  The cable (assuming a crossover).
6)  The power supply to the box.
7)  People believing that the "box" is broken.

1-6 are huge when everything is remote.  

7 is enormous.  People see this "other" box, and it does black magic,
and therefore it is the evil thing.  I am not exaggerating.  I had a
tech savvy client call me 6 or 7 times because the proxies I built were
down.  I would walk them through a process to only discover that the
proxies were clearly blocking only HTTP calls that were routed to the
database, the same database that went down repeatedly.  Each time I had
to explain how difficult it would be for the proxy to suddenly go down
for one type of call over the other when it did no content filtering. 
But each time they blamed the black box rather than run a simple test. 
I finally created an active web page to do monitoring, but that is
another story of human stupidity.

The main advantage of a box approach is with SSH you can log in and
monitor the connectivity and answer questions.

The real problem is the box only protects against direct port attacks
per se.  If you add squid it can filter adware, some malicious code.  If
you add A/V streams it will catch downloaded streams.

It will not catch malware that is not detected in streams.  It will not
protect IE from attacks (unless the filter is updated constantly).

It will not protect if these machines are portable.


 
-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

More information about the PLUG mailing list