[wallijonn]

Welly,

Why do people disable system restore?

Why do you have any automatic updates enabled?

http://www.interhack.net/people/cmcu...e-oil-faq.html

 

[Welly Wu]

Wallijonn:

Thanks for that article. It was enlightening.

Let me answer your questions first before I ask you some questions. If you are talking about the automatic updates option within the Microsoft Windows XP Professional OS, then I will update my above reply by stating that I disabled automatic updates to the OS. If you are talking about enabling automatic updates in the above (mostly utility) programs I use, well, I do so because I don't want to risk the chance of forgetting to update the software on a periodic basis. Most of the automatic updates are database definition updates and not necessarily version upgrades. I disabled system restore because it's just a system resource hog and I make full / differential backups weekly. My reasoning is that the master backups and incremental backups are my fall safe. I tried System Restore and it doesn't allow me to go back four weeks or longer with absolute certainty. I know GoBack exists but I find that to be better although it doesn't live up to its' marketing hype that it will allow users to restore to any previous system settings no matter how long ago.

Regarding the cryptography snake-oil article, are you saying that AES / RSA fall into the same traps outlined in the article? In other words, what do you think about those encryption systems / algorithms?

 

[vwap]

Welly ... You're nuts.

 

[Welly Wu]

Quote:

Originally Posted by Wodgy Welly, since this is a home PC you need to guard against three things: 1) someone across the network stealing your data 2) someone gaining physical access to your computer 3) someone stealing your hardware. To guard against #1 you need to put your computer behind a firewall or NAT box. Software firewalls are not good enough. You should turn on the built-in Windows XP firewall, but that is not enough. You need a proper firewall box. Software firewalls like Zonealarm, etc. are okay but generally not worth the money because they do not provide comparable protection to a hardware firewall. To guard against #2, a passworded Windows screensaver is fine. Seriously. It uses exactly the same login mechanism as Windows itself. Don't buy into the hype and buy unnecessary add-on products. #3 is the most dangerous. If someone steals your hardware you risk them gaining access to all the data stored therein. To prevent this, turn on NTFS encryption for each of your hard drives and encrypt all the files. Once you do this, if someone gains physical access to your hard drive, they will not be able to read your files. Password-protected dongles/USB keyfobs are unnecessary (and often laughable) gimmicks. You can format a USB key drive to NTFS and turn on NTFS encryption on it just like you can on a regular hard drive. There is no need to buy or use proprietary software solutions. Don't fall for the advertising/gimmicks/hype. Microsoft's NTFS has been audited for C2-level security by the US Department of Defense. None of the commercial products priced at consumer levels have.

Wodgy:

I know that you were trying to help me out here but I tried to encrypt my entire HDD. It worked albeit some files remained unencrypted. The problem is this: after I encrypted most of my HDD, I could not install new programs because the temporary directory used to store the installation files of applications was encrypted and inaccessible. Therefore, the installation failed. This happened to me when I had to re-install VCOM SystemSuite 5 and Grisoft AVG Anti-Virus System again. So, I decided to decrypt my HDD and I think a bit about this. I may re-encrypt but decide to either specify a different temporary HDD and leave it unencrypted. I have to think about it because I literally did not sleep last night trying to solve computer problems related to the encryption problems.

 

[Welly Wu]

VWAP:

You're helpful.

 

[wallijonn]

Welly,

I see any update software (Real Player, messengers, et. al.) as potential security holes. Somewhere a port must be defined. I think a hacker can masquerade as this app and can therefore gain unauthorised access to your machine. When it comes to Anti-Virus updates it is only enabled through my restricted account. My firewall updates I prefer to execute manually. I see my System Restore to be a temporary measure.

How come you do not use EFS if you have WXP Pro?

Do you use RegSpy? www.utils32.com/regspy.htm

As to encryption, did you look at the times involved to decipher a 45 bit key? I would rather try a 128 bit cipher, preferably a 512 bit cipher.

I personally do not like "GoBack". It must be removed before an image copy can be made of the disk drive, then reinstalled afterwards. It could get messy as it uses authorisation keys, many times necessiatating a call to their support for another install key.

I would rather do a monthly image copy with weekly backups to CDRs and DVDRs. That won't clean up a bloated registry, though. That's where RegSpy comes in.

What do you think of this product?:
http://www.asiertech.com/primary/Technology1.htm

 

[Welly Wu]

Quote:

Originally Posted by wallijonn Welly, I see any update software (Real Player, messengers, et. al.) as potential security holes. Somewhere a port must be defined. I think a hacker can masquerade as this app and can therefore gain unauthorised access to your machine. When it comes to Anti-Virus updates it is only enabled through my restricted account. My firewall updates I prefer to execute manually. I see my System Restore to be a temporary measure. How come you do not use EFS if you have WXP Pro? Do you use RegSpy? www.utils32.com/regspy.htm As to encryption, did you look at the times involved to decipher a 45 bit key? I would rather try a 128 bit cipher, preferably a 512 bit cipher. I personally do not like "GoBack". It must be removed before an image copy can be made of the disk drive, then reinstalled afterwards. It could get messy as it uses authorisation keys, many times necessiatating a call to their support for another install key. I would rather do a monthly image copy with weekly backups to CDRs and DVDRs. That won't clean up a bloated registry, though. That's where RegSpy comes in. What do you think of this product?: http://www.asiertech.com/primary/Technology1.htm

Wallijonn:

To manage my Windows registry, I use VCOMM SystemSuite to clean it, fix errors, and defrag it. In terms of protecting it, I really haven't thought about that. So, RegSpy is interesting.

The article you provided about snake oil terminology regarding encryption came to mind when you provided the link to ASIER. Did you think about that and get kind of suspicious? How the heck do you propose even trying it out without risking that it is 1. too new to be proven to be reliable and secure, and 2. not risking your entire computer security IF you should be able to install the software on your PC in some hidden ways?

 

[wallijonn]

Quote:

Did you think about that and get kind of suspicious?

Of course I did. Which is why I was asking if you had heard of it. I would evaluate it by either setting up a test station or by doing an image of my working disk drive, then using the image to do the testing (in case it wasn't imaged correctly).

 

[zachary80]

Maybe I missed something, but have you considered moving the security important files off the computer and onto various types of external storage? Then you would only have to worry about physical access.

Also, in Windows XP, make sure the "Administrator" account has a very tough password. I could be wrong, but most people don't know about it because you have to boot into safe mode to have access to it. It is from there that you have greater power than even the standard Admin account.

 

[Wodgy]

Quote:

Originally Posted by Welly Wu I know that you were trying to help me out here but I tried to encrypt my entire HDD. It worked albeit some files remained unencrypted. The problem is this: after I encrypted most of my HDD, I could not install new programs because the temporary directory used to store the installation files of applications was encrypted and inaccessible. Therefore, the installation failed.

Sorry to hear about those problems. I can pretty much guarantee you that your guess about the cause not the explanation for the problems you were having (assuming you were using NTFS encryption, not some third party program). The temporary directory should have been transparently accessible to the installation programs, regardless of whether it was encrypted. You may want to check Microsoft's support/knowledgebase website for a better understanding of the problem.

If you're having trouble, you can always just encrypt your data files or your "My Documents" directory and all subdirectories. That's basically all you really need. I use NTFS encryption on my entire portable USB hard drive, just in case I lose it or it gets taken by someone. I haven't had any problems.

 

[mikeliao]

Quote:

Originally Posted by Welly Wu PERSONAL FINANCES PROTOCOLS: 1. I change my banking routing number, credit card numbers, debit card numbers, PINs once every quarter 2. I read financial newspapers, books, and watch tv programs 3. I just hired a certified financial planner to help me "cover my bases"

Sorry to sidetrack the computer security issue.

For #1, you can't change a bank's routing number....unless you mean something other than a bank's routing number. Regularly changing your credit and debit cards is going to make your credit/financial history look very suspicious. You're going to get turned down for lots of loans in the future.
For #3, to get a certified financial planner certificate, you basically have to pay a fee and file an application. It really depends on the person you hire. Best suggestion is to go with a large company or bank to help. And even then, unless you're dropping over a million and getting the attention of private banking divisions, CFP will sell you very generic products/services.


Ummm, as for your computer security issue, you know that no matter how much software and hardware you put into it, it'll still be vunerable in one way or another. Consider if the data needs to be on the computer. Data that doesn't have to be on the vunerable computer can be store offsite in a nice heavy safe. Or in your case maybe printed out or stored on an encrypted USB dongle and placed in a safe deposit box.

 

[bangraman]

Jeesus Welly, what do you store on your PC? Illegal ****?

 

[Welly Wu]

I take my security very seriously.

 

[bootman]

You want to be safe?

Lose the wireless and store the important stuff offline.
(ie removable hard drive, dvd-r, cd-r etc.)

Don't want your OS hacked?
Get Linux.
Or if that is not an option, lose the broadband connection.
(or disconnect it unless you are downloading or uploading)

And remember one thing.
drawing attention to yourself by going overboard with changing IDs, bank # etc. will only get you in trouble in the long run.
(Think about how you are going to explain all the high security to the feds in this politcal climate.)

 

[Wodgy]

I think it's admirable that you're taking precautions, Welly.

It's hardly paranoia. You've probably seen the recent reports that in 2003 nearly 10 million Americans were victims of identity theft. That's basically one in every thirty people. If you subtract away kids and oldsters it's probably one in every twenty people.

Windows is very difficult to secure. Linux is also very difficult to secure (for different reasons). Apple machines would probably be just as bad if they were as large a target. You really have to be careful whatever you do.