[plug] Blacklisted mail server?

Daniel Foote freefoote at gmail.com
Mon May 8 08:39:29 WST 2006


> But viruses will always exist, and often the most successful ones
> require user intervention to be executed in the first place.  So as
> such, there is no security hole to exploit for a virus to spread if it
> requires a user to open the attachment.  Having security holes does make
> it easier for things to be exploited, but people will always be the main
> factor.
>
> It could be argued that a well-configured Windows system will be fairly
> safe as well.  The problem is that the majority of Windows systems
> aren't well-configured.. because they are left at default settings for
> everything.

Very true.

My machines are behind a NAT, and for the Linux machines, this is
enough for me. But any Windows boxes immediately get a third party
software firewall installed - of choice at the moment is Sunbelt/Kerio
Personal Firewall. I'm not usually interested in incoming connections,
but outgoing connections, which Kerio handles very well.

(Kerio, by the way, is very nice. Easy to use, very easy to make rules
that allow full LAN access, but no internet access (quick sandboxing
of programs). Also has a nice connection monitor, so you can quickly
see what is listening, what is connected, and how much data you are
sending. It has a free version that doesn't have the "web filter" and
a few other bits of fluff, but is otherwise very functional.)

My parents machine (which I rarely see or touch since I moved out) has
Kerio installed, with basic rules to make it work - Firefox is set up,
IE is disabled at the firewall level (and I've explained why to my
parents, and it has never caused an issue). Things that generate
traffic that I have not made rules for will prompt - I have told them
to allow it if they did something that would need the internet just
before (eg, try to load a web-based clipart into office - allow once
off). They have not had any issues with it in several months.

One time my parents did open an email attachment, which then started
overwriting executables and sending spam. It happened to overwrite the
firewalls executable file, and after the next boot, had free rein on
the system. I caught it because I saw net traffic but no reason for it
- attempting to ask the firewall what was going on failed. I caught
that only 48 hours after it was installed - but still, the spam was
sent. The parents learned from that, though.

Daniel Foote.



More information about the plug mailing list