NetBIOS? RPC? Remote Registry? WMI? DCOM?
uPnP?

These are the stuff that you must plug
prior to secure Internet Explorer and most other Windows insecurities. Browser
attacks can ONLY occur if one uses the Browser, network attacks taking advantage of the services listed above, can be successful
as soon as you connect the Windows host to a network... meaning, even before you launch your Securely configured Internet Explorer, your computer might already be compromised on the Network side of things, so ask yourself the question.. which is more important?

Antivirus? Yes, it's good, but is not the
appropriate way to secure e-mail. For those who aren't aware of the "History" of Internet Protocols:

SMTP:

Originally used to send Electronic Messages,
today, is used to send messages, files,
web pages etc....

FTP

Originally used to send / recieve Files,
now people prefer using E-Mail, no wonder
why we see a growth in e-mail based attacks
since a few years.

I mean, when one sends me an e-mail with an attachement, I delete the e-mail alltogether.
I force people to send me files through
FTP and electronic messages via E-Mail.
My FTP Server have an antivirus engine
running on it, since running antivirus software on my PC will slow it down. I'm not rich, i'm mister everybody, with a decent computer but not a rocket launcher.

The biggest problem with Windows security is not Microsoft, it's not the Software even if
it's filled with bugs, it's not the ISP Link
which is "Unsecure", it's the user... People
are using computers in the same way that an
electrician would use a hacksaw to screw a lightbulb... The list is useless if users do not use their computers "in a secure manner"

That's all I can say.

Bye Bye.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/220/25105#25105