On Wed, 10 Sep 2008 20:17:29 -0500, James Colbert wrote:
> I just picked up a laptop and am finishing the setup phase. I'll be
> installing Avast Anti-Virus, as I know it supports 64 bit and works
> reasonably well. Windows Defender is enabled, as is Windows firewall. Now
> I'd like to address strong security.
If you ever look for a good (better IMO) AV alternative:
Avira AntiVir« Personal - FREE Antivirus
(The free version won't scan your emails.)
Unless you are using Microsoft Outlook or Lotus Notes (MAPI or VIM),
scanning email is worthless.
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
Ensure your e-mail program is configured to display e-mail messages in
'Plain Text' only.
If you wish, you can remove the 'AntiVir Nagscreen'
In addition to WinDef you consider:
SuperAntispyware - Free
> This laptop will be used for business (and play as well, I suppose,
> especially during hurricane evacs).
Bad combo! Be very careful combining business with play :-)
> One concern I have are for those times
> when I must download banking transactions into Quicken and Quickbooks. I'd
> like to be sure that my passwords and the sensitive data I'll be downloading
> is not accessible to anyone else. These downloads might take place via a
> hotel network or via a Sprint (or similar) broadband device.
Ensure that passwords are never stored on your operating system. Use an
external media such as cd dvd or thumb drive.
> Although my office is behind a hardware firewall, I really have no
> experience when it comes to 'on the road security'. Is it feasible to bring
> a router with a firewall to place between my laptop and the hotel network,
> or should it all be handled by software (as I assume the case will be for
> the Sprint broadband).
There is nothing wrong taking your router and/or hardware firewall on the
road as well.
> I know that I am asking for more information than is probably practically
> posted here, but any information (including links) is greatly appreciated.
For Vista the most dependable defenses are:
1. Do not work in elevated level; Day-to-day work should be performed
while the User Account Control (UAC) is enabled.
User Account Control Step-by-Step Guide.
Understanding and Configuring User Account Control in Windows Vista.
2. Familiarize yourself with "Services Hardening in Windows Vista".
Services Hardening in Windows Vista
10 Immutable Laws of Security
3. Don't expose services to public networks.
Windows Vista Service Configurations Introduction
4. Keep your operating (OS) system (and all software on it)
updated/patched. (Got SP1 yet?).
Secunia Personal Software Inspector
M/S Security Baseline Analyzer 2.0
can assist also.
Why Service Packs are Better Than Patches.
5. Secure (Harden) Internet Explorer.
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
Internet Explorer Enhanced Security Configuration changes the browsing
The Internet Explorer 7 Security Status Bar
Extended Validation SSL Certificates
Note: *Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.*
You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
6. Review your installed 3rd party software applications/utilities;
Remove clutter, *including* 3rd party software personal firewall
application (PFW) - the one which claims:
"It can stop/control malicious outbound traffic".
7. Activate the build-in firewall and tack together its advanced
Tap into the Vista firewall's advanced configuration features
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Configure Vista Firewall to support outbound packet filtering
Vista Firewall Control (Free versions available)
7a.If on high-speed Internet connection use a router.
7b.Implement countermeasures against DNSChanger.
7c.Just in case, Wired Equivalent Privacy (WEP) has been
superseded by Wi-Fi Protected Access (WPA).
8. Utilize one (1) each 'real-time' anti-virus and anti-spy
9. Employ vital operating system monitoring utilities/applications.
Consider: Process Explorer, AutoRuns, TCPView, WALLWATCHER,
Wireshark, Port Reporter etc.
10.Routinely practice Safe-Hex.
Hundreds Click on 'Click Here to Get Infected' Ad
The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.
Don't forget cleaning and defragging HDD frequently.