Originally posted by: drjman
I usually reinstall my entire system every 4-6 months so virus protection is a moot point.
If you reformat your system, does that undo the damage after a keystroke logger snags a copy of your credit-card number, your WoW log-in, eBay, PayPal, bank or other logins?
Nope. And that's where the motivation is for the bad guys nowdays, it's financially driven.
An active anti-virus isn't needed unless you're surfing the shady sites...
Not true. Take a look at the Bofra incident at The Register, which is certainly not a shady site. Or I could cite the example where Interland got hacked, and my own employer's website (hosted on Interland servers) began trying to feed our own computers malware. And guess what website I'd set as the homepage?
😕 Yeah, you got it.
😛 Active antivirus protection to the rescue...
My suggestion would be for people to learn how to use a layered defense:
1) post Software questions in the software section of the Forums
🙂 That prevents heckling by smart-alecks like me
😀
2) use a
Limited user account for daily-driver stuff. It's arbitrary damage containment against many software exploits, including as-yet-unknown ones. Zero performance hit, no signature updates required, no cost.
3) if you have WinXP Professional Edition, add a
SRP to your Limited account for the same reason. Zero performance hit, no signature updates required, no cost.
4) take a snack break
😀
5) Keep your system updated with not only Automatic Updates, but by uninstalling unnecessary software, and updating the rest of your software monthly (browsers, IM clients, email clients, Flash, QuickTime/iTunes, WinAmp and other media players, etc).
Secunia's online checkup might surprise you, give it a try and see if your rig needs some security updates. Keeping stuff updated has no performance hit, and generally doesn't cost anything.
6) Fully enable your hardware Data Execution Prevention
like this pic shows for arbitrary protection against some types of exploits. Zero performance hit, zero cost, zero updates required.
7) use a router as your perimeter firewall, and consider
locking it down to allow ONLY the ports you actually NEED. What a concept, huh?
😛 If your router has wireless, turn it off if you don't use it, so no one can mooch off of you. Otherwise, enable the highest encryption level it allows (WPA2 or WPA, preferably). Zero performance hit.
8) I'd use the Windows Firewall to block inbound attacks against any other computers sharing your router, or else a third-party firewall software.
9) Yes, use common sense and stay away from warez and the rest of it.
10) don't run publicly-available services on your system.
11) Use a current-generation antivirus and
configure it! Finish the job: go through the options, enable the heuristics and extra detections, and
schedule a nightly scan. I generally suggest AOL Kaspersky if you want a freebie for home use, or Kaspersky 6.0 if you need a pay-for one because you use it for commercial use.
I study the security scene daily and it's time for people to figure out that the bad guys can make off with your money, identity info, documents, they can steal your CD keys to sell them, they can steal your WoW stuff and sell it, it's
money, your money, that they're after now. Put away the "haha I can just reformat LOL" way of thinking, people... that won't fix the damage they want to do.
/soapbox
