oh noes! Let's all go buy Macs! That way, when we do get a virus, we'll only have a very limited amound of hardware and software available to be affected! WOOT
Naw... I'll just stick by Windows Server 2003 SP #1 fully hotfix patched (& current on that note), for now @ least, & doing what I do, to get THIS kind of security analysis score:
I never suck in virus' either! The 2 the times I thought I did, the past 15 years now? They were my own fault (running 2 antivirus once, & another I don't know WHAT caused it, or I can't recall specifics anymore) in "false positives"!
Ever since I started implementing a BOAT LOAD of things ANYONE can do, if they take 45 min. - 1 hr. running, or doing:
- Using some security & speed oriented .reg file hacks
- gpedit.msc (altering various policies for better security)
- secpol.msc (hardening default security policies)
- lusrmgr.msc (hardening default userrights)
- regedit.exe (registry hive ACL rights)
- explorer.exe (NTFS rights)
- Turning off java/javascript & ActiveX/ActiveScripting in browsers
- Using Tcp/IP ports filtrating (easy to do in IP properties)
- Turning off Services I do NOT use that may have holes
- AntiVirus (AntiVir, NOD32, AVG, or Norton Corporate 10.2 edition (my favs @ least - I keep 1 resident, & one other as a 2nd opinion))
- AntiSpyware program (I like AdAware & SpyBot + use both, 2nd opinion stuff again)
- SEVERAL AntiRootkit programs (GMER, AVG, BitDefender, BlackLight, Rootkit Buster, Rootkit Revealer, AntiRootKit, Rootkit Hook Analyzer, Sophos - all many doctors opinions from what I feel IS the biggest threat out there now, rootkits)
- + using a hardware NAT firewall in combination w/ a software firewall (ZoneAlarm used to be good, & the native Windows firewall isn't bad, except for noting outgoing packets)
- Keeping up on Microsoft security patches to the OS & programs from them I use
- Being SMART about not opening email attachments & also using TEXT or RTF as my email reading format too
- After trimming services I do NOT use (& even the ones I don't as well, set disabled or not), I secure them ALL, per this thread:
http://forums.techpowerup.com/showthread.php?t=16097
- Using adbanner blocking HOSTS files (adbanners have been found to hold malicious code more than a few times the past 4-5 years now mind you)
*
HARD TO BELIEVE ON THAT NOTE OF ADBANNERS HOUSING MALWARES IN SCRIPT & MORE?
CHECK THIS, DATED TODAY 02/21/2007:
Microsoft apologises for serving malware
http://apcmag.com/5382/microsoft_apologises_for_serving_malware_to_customers
* YOU DO ALL OF THAT? Yes, You CAN be safe online & use Windows, just takes a bit of work... 1 hr. implementing it all, & maybe another 1/2 hr. testing it (like when you secure services - I did a BIG list, but not every possible service under the sun, because I have not run them ALL!)
MS ships their Operating Systems 'generic' enough to run on anything FULL FUNCTION, right outta the box... this can be its 'problem' too!
APK
P.S.=> Funny thing is though, I don't think we'll EVER be "110% solid secure" unless we go OFFLINE... @ least not for another 5 yrs. or so & then I think we'll be REALLY close @ least!
Microsoft's taking the RIGHT steps, in the RIGHT direction in their apps & OS, & so are other vendors too... this is a GREAT trend!
Heck - funny thing is? Snort turned up a security hole the other day... a program you CAN use to defend yourself... mistakes & oversights get made is all, still now even.
Today? It's the "Wild West" still, not as bad as it used to be in the earlier days/decades, but still 'risky' to an extent... still in the Stone Age guys, you'll miss these days, when they are gone... apk
)
I just grassed them up to barclays and I dont get anything like that anymore..