[Dshield] Zombie Prevention : May I Sample Some Opinion?

Stasiniewicz, Adam stasinia at msoe.edu
Tue Nov 15 19:49:21 GMT 2005


David,

Just a few suggestions:

-Turn on Automatic Updates.  I know MS used to have some problems in the
past with quality updates, but in recent years they have got their act
together to the point where I can have WSUS automatically push out
updates as soon as they come out and not worry about problems.

-I agree that a linksys/netgear box is useful, but they are only good
for "one way protection".  Having a client side firewall (even though it
might get spammy) does help out against mal-ware trying to propagate.
Also, a border firewall isn't going to help you if a computer on your
network is infected.

-Browser...  I honestly believe that once FireFox, Opera, Mozilla, etc
get to any sizable market share, they will have just as many problems as
IE.  I don't think MS employees "extra stupid" programmers, nor do I
think FireFox has "the world's best" programmers as far as I can tell,
it is the same grade of human being working at both.  And the numbers so
far agree with my theory (just look at the numbers Symantec came out
with a few months ago).  I am not saying that everyone should use IE, I
am just saying that jumping on the "lets all use FireFox" bandwagon,
might burn you in 1-2 years.  

But, if this was a perfect world, every browser out there would have
equal market share.  This way any exploits would have a much smaller
target audience and would hopefully minimize browser exploitation as a
whole.

-I agree with you on passwords, but short of turning on the password
complexity filters in apps, it is bit hard to get users to use anything
remotely complex.

-As for experimenting, well you don't learn anything if you don't
experiment.  You don't learn about the importance of backups until the
first time you use the wrong switch in FDISK.  So, granted you want
people to be safe, you still want them to learn.  And to learn you must
experiment.

-As for file sharing.  In a corporate environment you have this
wonderful thing called an AUP (i.e. file sharing = fired).  But for home
users that is a bit more difficult.  I have seen the amount of damage
file sharing can do to systems, so spare no expense telling users they
shouldn't do it.  But the people you really might want to tell (12-18
year olds) will probably not hear you message and fill their computer
will crap anyways.

Hope that helps,
Adam Stasiniewicz
Computer and Communication Services Department
Milwaukee School of Engineering

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of David Cary Hart
Sent: Tuesday, November 15, 2005 10:23 AM
To: DShield General Discussion List
Subject: [Dshield] Zombie Prevention : May I Sample Some Opinion?

Over the past week or so, I have received an increasing number of
contacts from "average" users regarding zombie prevention. Time for some
content on our site.

Some things like up-to-date patching, firewall and a virus scanner with
CURRENT definitions seem obvious. I'd like to sample some opinion on the
following and solicit any other ideas that you may have:

        Even a single home computer might benefit from a reasonably
        priced home router which enables you to create a simple hardware
        firewall.
        
        Get rid of Internet Explorer. Alternatives such as Firefox or
        Mozilla are safer.
        
        Use strong passwords; at least eight characters including a
        combination of letters and numbers.
        
        Do NOT experiment with running servers of any kind on Windows
        workstations.

What's the thinking du jour on p2p, IM, IRC and BitTorrent? Help me out
here, folks, without creating a thesis, what are some of the basics that
I am overlooking?


-- 
Our DNSRBL - 
       Eliminate Spam: http://www.TQMcube.com/spam_trap.htm
        Zombie Graphs: http://www.TQMcube.com/zombies.php
          GeoGraphics: http://www.TQMcube.com/origins.php
_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list