Running XP with no firewall,anti-virus or update, And pc is fine!

[albator]

Whilst I do agree that you are being very cautious with the sites that you visit and of course taking care with all email attachments (and of course not clicking on links in junk emails), have you thought that perhaps the reason you are not getting any problems is (and this is only a thought) but if you are using a wireless router, this in itself may be heavily firewalled.

The reason I say this, is that I tried that very test. At one point my wireless router packed in, so I had to use my old SAGEM tiscali modem, which was a direct usb connection, and no firewall of any kind. Within half an hour, quite a few files appeared on the c drive, and when I did a search of the C drive using "Files Created Today", at least 5 new ones appeared in System32 with very suspicios filenames, eg xyxyyxfffs.exe or dgfgfgfgf.dll

Having said that, I imagine it is more as you say, that you are perhaps using a wireless router with built in protection, aswell as of course regular microsoft updates, which does indeed prove that perhaps you can save the high prices demanded by some of the anti virus and firewall software companies, especially Kapersky, which is very over priced compared to Norton.

By the way PANDA make antivirus and firewall software, excellent value and excellent product.

No, no wireless router. No windows updates except spk2.

I have a bridged direct connection 5Mbs DSL.

Edited May 4, 2007 by albator

[kelaniz]

I can't believe the number of people who still use bloatware like *cough*Symantec*cough* and a few unnamed apps that are even worse. I don't care how much RAM some people have. An AV solution shouldn't require 5 automatic services and consume 120-180MB ram when idling. That's just ridiculous.

I've used NOD32 for a few years, and even with its unfortunate recent trend towards wasteful memory usage, It still stays under 40MB (average is ~25MB). I'm still happy with it. AVG and a few other smaller packages are also pretty good.

The point of my rant is, if you avoid AV and security solutions solely for performance boosts, there's almost always a better alternative. When I saw what software firewalls did to my boxes, I got a NAT router. When I saw a 5-second delay opening freakin' notepad after my former job installed Symantec crap on everything, I got them to switch to something better.

I had to take my router offline for a few hours last week to resolder something, and for fun, I started a comprehensive network monitor. (Note: I left my last provider in 2003 partly because a good chunk of my bandwidth was being consumed by fending off the constant portscans and connection attempts from their id*** users.) Well, big surprise, 4 years later, a different provider and a different state, it was 10x worse than before. I watched this monitor for awhile to see what these guys were trying these days. While 97% of the ~10,000 attempts I logged over 12 hours were harmless port scans & connect attempts to Telnet/SSH/FTP/NetBIOS/Game servers, I saw at least 2 separate series of events that were *manual* attempts to infiltrate both routers and every flavor of every OS I've ever heard of. I was impressed.

Please believe me when I tell you, you could have an 128 char password, and avoid the web entirely, but there's a lot of people who could still make your box blink like a Christmas tree from halfway around the world. There are vulnerabilities in hardware and software that were discovered by the wrong people. Consequently, they're not reported, and probably never will be. (Honestly, now. How many of us, upon discovering a unique way to break into any box, would share such a powerful secret?).

End result: We all remain vulnerable no matter how many patches we apply, or how sexy our firewall is.

You guys claiming you have no updates, no ports blocked, no firewall, and no AV protection are just asking for a rude surprise. That's partly because most of you use some form of broadband (Cable users are *really* asking for it.), but mostly because you're openly bragging about it on a high-traffic forum.

Good luck with that.

Kel

[eyeball]

What an awesome reply Kel

you explained this way better than i could, and this:

"Honestly, now. How many of us, upon discovering a unique way to break into any box, would share such a powerful secret?"

just hits the nail bang on the head, its so true, its scary lol

cheers

[kelaniz]

Validation. Sweet! I expected to get deluged with flamed from people thinking I sounded like an a**. That tends to happen when I post late at night in a sleep-deprived state.

Seriously, though. At the risk of contradicting myself, I have one more comment: It bugs me how anal some people can be about security, yet their knowledge of what those actual threats are is practically nonexistent. Take the infamous virus. Chances are, if you grab a file from a reputable shareware repository, it's been virus scanned several times: By the author after creation, by the author's and/or the site's ISP during the upload, by the site upon receipt, re-scanned by the site after virus def updates, and finally, scanned by the user who downloads it. The same goes for email. Virii are simply not as big a threat as Joe User thinks they are. That perception is thanks to some brilliant marketing. It's rare when a single industry can create global paranoia on such a large scale.

I've been online in one form or another since 1983. Sure, I got a few bugs in my Apple/Atari BBS days, but since I migrated to the 'net in 1993, I've gotten exactly 12 virii. With the exception of one trojan that my mom accidentally let loose on my box (one of those cute little executable animations she inexplicably loves) the other 11 were obtained when I stupidly downloaded illegal stuff through filesharing and questionable websites. Avoid that, and 90% of the crap we worry about will never happen.

Now, spyware and malware. Those annoyances definitely aren't exclusive to questionable sites. But being aware of what each is, and how it works makes it pretty easy to avoid...or at least to recover from. Once I added a robust HOSTS file and started using the Adblock addon for Firefox, I haven't seen a single instance of ad/spy/malware or a popup since.

So, if you take a few smart precautions: decent AV, software/hardware firewall, kep your box updated with security patches, use some kind of IP-based blocklist/filter, don't try to set a 24-hour warez downloading World Record, and you'll be OK.

Sure, there's always the tiny chance one of the black hats I mentioned earlier might decide to make you have a bad day, but frankly, there's nothing you can do about that other than selling the computer and picking up basket-weaving. I suppose you could begin mastering the intricacies of security so you could design some brilliant solutions. Good luck with that one.

Kel