Since TechRepublic is a community of IT professionals, I'm sure there are many ideas floating around about what steps to take when preparing a new PC for the Internet? What have we missed?
Do you have a standard procedure for preparing your PCs?
Discussion on:
View:
Show:
Not mentioning the FREE Microsoft AntiSpyware specifically and is a significant omission and step 1 should include a firewall, rather than mentioning it as an afterthought in step 4.
I wouldn't consider a router merely "another significant" layer; it should be considered an ESSENTIAL layer of protection.
Unfortunately, the last time I allowed AOL to be installed on a system, it created a VPN tunnel right through my router (with VPN pass-through as a feature), defeating that layer of protection. For the first time ever, the Norton Internet Security log was showing all kinds of port scans and hacking attempts that had never been able to get that far before.
While their VPN was protecting my AOL connection from outsiders, it was opening up my system to all the hackers from within the AOL community.
I don't know if AOL still does that (I haven't allowed it to be installed since v6 or 7), but that was enough reason to ban it from my system. I was only installing it for the trial period so I could help to support a client using it, but that client is on their own now!
I wouldn't consider a router merely "another significant" layer; it should be considered an ESSENTIAL layer of protection.
Unfortunately, the last time I allowed AOL to be installed on a system, it created a VPN tunnel right through my router (with VPN pass-through as a feature), defeating that layer of protection. For the first time ever, the Norton Internet Security log was showing all kinds of port scans and hacking attempts that had never been able to get that far before.
While their VPN was protecting my AOL connection from outsiders, it was opening up my system to all the hackers from within the AOL community.
I don't know if AOL still does that (I haven't allowed it to be installed since v6 or 7), but that was enough reason to ban it from my system. I was only installing it for the trial period so I could help to support a client using it, but that client is on their own now!
It would not matter the order you install the AV and firewall as the computer is not connected to the internet until AFTER all ten steps are done.
I ALWAYS do the AV, then the spyware software. Then I RUN BOTH.
After the scans are done, then I reboot and continue very identical to that list.
After all updates and restore points are done, I defrag then reboot.
Then the FIRST thing I do after I am live, is to apply any MS updates.
Software firewall AND router are strongly recommened, with a clear understanding that the computer will be toast if they don't.
If they chose not to follow this advice, I have no problem six months later charging another $120 to wipe and reload the system.
I ALWAYS do the AV, then the spyware software. Then I RUN BOTH.
After the scans are done, then I reboot and continue very identical to that list.
After all updates and restore points are done, I defrag then reboot.
Then the FIRST thing I do after I am live, is to apply any MS updates.
Software firewall AND router are strongly recommened, with a clear understanding that the computer will be toast if they don't.
If they chose not to follow this advice, I have no problem six months later charging another $120 to wipe and reload the system.
I'd typically charge $200 to wipe and reload, assuming no wacky hardware issues that require major additional work because "someone" *cough*theclient*cough* lost all the driver installers. I'd charge by the hour if they wanted the system cleaned up without a nuke and pave treatment, which would sometimes end up costing more (depending on how badly they let the system get hosed and how much time I ended up needing to parse the registry by eye).
As much money as I made at that, I much preferred customers who just used a decent router/firewall appliance, plus less-vulnerable software (Firefox and Thunderbird instead of IE and OE, f'rinstance) and saved me the trouble.
As much money as I made at that, I much preferred customers who just used a decent router/firewall appliance, plus less-vulnerable software (Firefox and Thunderbird instead of IE and OE, f'rinstance) and saved me the trouble.
Apotheon
I tire of the "corporate" dog-eat-dog computing environment and am considering a change I am sure consulting would be just the opposite
Question - in your $200 wipe/reload fee how much data preservation and application loading did you typically include? Did you get much push-back from the "I only paid $500 for the whole machine, I can't afford $200 for a reload" crowd?
thanks,
CL
I tire of the "corporate" dog-eat-dog computing environment and am considering a change I am sure consulting would be just the opposite
Question - in your $200 wipe/reload fee how much data preservation and application loading did you typically include? Did you get much push-back from the "I only paid $500 for the whole machine, I can't afford $200 for a reload" crowd?
thanks,
CL
I'd typically just copy everything on the hard drive to CDs or to another hard drive, nuke and pave, then either create a directory to move everything to from the backup on the other hard drive or just hand over the CDs. In either case, I'd say "Use this at your own risk. I recommend against it." I'd do that much only if I was feeling generous, basically. A nuke and pave is generally exactly what it sounds like: burn the village to save it. If your primary concern is data recovery, you'll have to pay for the time spent on cleaning up the data so that it's not a threat.
There have been times when I've told someone it's going to cost $200 to reload the OS with no data recovery, and was told pretty much exactly what you said: "It only cost me such-and-such to buy the computer in the first place!" At that point, the correct answer has always been "You could always just format and reinstall it yourself, or buy a new computer, then." I wasn't cruel about it: I'd offer advice, help 'em get a good deal (at a nominal profit to the consultancy), and so on. Frankly, though, if they wanted professional support, they'd have to realize that they'd be paying professional rates.
Plus, y'know, one or two times of this, and they suddenly start listening when I make recommendations about what sort of software to use, the importance of a router/firewall, and so on. I really did aim to help my clients save money, which is why they kept calling us -- but I couldn't justify just doing work for free, or at a massive discount, when that takes away from the time I could be using to do work that pays the bills.
Consulting's a pain in the butt, by the way, and one of the major reasons for that is that though it pays very well when it pays, it pays irregularly. I prefer a steady paycheck. It makes budgeting much, much easier. Plus, y'know, I've got a great job in a primarily Linux-based shop. I don't really have to deal with crap like spyware, adware, viruses, and so on. Even with the few Windows systems, I pretty much control the environment. My biggest support concern with the Windows systems is Microsoft screwing everything up with a broken patch.
There have been times when I've told someone it's going to cost $200 to reload the OS with no data recovery, and was told pretty much exactly what you said: "It only cost me such-and-such to buy the computer in the first place!" At that point, the correct answer has always been "You could always just format and reinstall it yourself, or buy a new computer, then." I wasn't cruel about it: I'd offer advice, help 'em get a good deal (at a nominal profit to the consultancy), and so on. Frankly, though, if they wanted professional support, they'd have to realize that they'd be paying professional rates.
Plus, y'know, one or two times of this, and they suddenly start listening when I make recommendations about what sort of software to use, the importance of a router/firewall, and so on. I really did aim to help my clients save money, which is why they kept calling us -- but I couldn't justify just doing work for free, or at a massive discount, when that takes away from the time I could be using to do work that pays the bills.
Consulting's a pain in the butt, by the way, and one of the major reasons for that is that though it pays very well when it pays, it pays irregularly. I prefer a steady paycheck. It makes budgeting much, much easier. Plus, y'know, I've got a great job in a primarily Linux-based shop. I don't really have to deal with crap like spyware, adware, viruses, and so on. Even with the few Windows systems, I pretty much control the environment. My biggest support concern with the Windows systems is Microsoft screwing everything up with a broken patch.
Apotheon:
THANKS for the reply! I was afraid that would be the most frequent response "I only paid $400 for the whole @#$$%#$^ computer...". I do like your response very much, and will take liberties with it if I end up going that way. I'm an older geek and can probably deal with the fluctuation in income but would not enjoy getting beat about my rates every time I made a "house call". If not a long commute I would offer to "take it back to the shop" so as to not be sitting around watching counter-spy do its work.... that way would be able to do something else productive and keep the bill lower @ the same time.
thanks again!
CF
THANKS for the reply! I was afraid that would be the most frequent response "I only paid $400 for the whole @#$$%#$^ computer...". I do like your response very much, and will take liberties with it if I end up going that way. I'm an older geek and can probably deal with the fluctuation in income but would not enjoy getting beat about my rates every time I made a "house call". If not a long commute I would offer to "take it back to the shop" so as to not be sitting around watching counter-spy do its work.... that way would be able to do something else productive and keep the bill lower @ the same time.
thanks again!
CF
My thought was to download all desired programs and updates to a HDD. Copy them to CD's unopened. That would allow installing updated programs and patches before the new PC ever headed off to the wild side.
There exists a utility called 'WSUS Offline Update'. It was originally developed and published by the German pc magazine C'T, but recently it got its own web page :
www.wsusoffline.net
It allows you to collect OS and Office updates from the internet once, to be used later after Windows re-installation(s).
Even in case of the updates not having been brought up the most recent level, the installation of the majority of available updates will make the retrieval of the few remaining ones by Windows Update a much, much safer event.
www.wsusoffline.net
It allows you to collect OS and Office updates from the internet once, to be used later after Windows re-installation(s).
Even in case of the updates not having been brought up the most recent level, the installation of the majority of available updates will make the retrieval of the few remaining ones by Windows Update a much, much safer event.
The steps mentioned in the article are very good but apart from installing and anti-virus, anti-spyware and firewall, I go a step further and install SafeSystem, which is a security tool that perfectly complements my other security programs. This program doesn't need to know in advance which virus, worm, spyware or malicious code is trying to infect my computer, it simply doesn't allow any program to be installed or copied to my system while I'm surfing the Web or working with my computer.
I found SafeSystem at: http://www.gemiscorp.com/english/safesystem/info.html
Also, you can see a good PR about this program at: http://www.prweb.com/releases/2006/1/prweb339444.htm
IMPORTANT: I want to clarify that I don't have any direct or indirect relation with the company that owns the product I'm suggesting, so my posts shouldn't be considered SPAM.
I found SafeSystem at: http://www.gemiscorp.com/english/safesystem/info.html
Also, you can see a good PR about this program at: http://www.prweb.com/releases/2006/1/prweb339444.htm
IMPORTANT: I want to clarify that I don't have any direct or indirect relation with the company that owns the product I'm suggesting, so my posts shouldn't be considered SPAM.
Using a Sonicwall with content filter and AOL still lets one user, the owner, through to filtered sites/keywords.
What a nightmare, I try to isolate his machine as much as possible.
Hey he is the one paying for the fix
What a nightmare, I try to isolate his machine as much as possible.
Hey he is the one paying for the fix
It seems to me that this should have been about PCs in general, and not Windows-specific. Sure, there's more that needs doing with a Windows system if you want a (somewhat) secure system than with a Linux system, but that doesn't mean you have to run Linux bare-assed.
why it was .01
that gives 99 more steps to hit 1.0
so we can even include distro centric securing areas.
that gives 99 more steps to hit 1.0
so we can even include distro centric securing areas.
With Windows Vista around the corner and Windows 2k being pushed out of the support cycle, the costs involved with the 'necessary' upgrades that a lot of organisations will be facing makes a look at Linux security in a business environment a worthwhile topic to investigate.
(That's what I think anyway)
(That's what I think anyway)
I've had 3 different callers within the last 24 hours who, after loading the most recent version of Vista onto their machines. In all 3 cases, the resolve was a complete wipe and reinstall of the OS.
Put linux on it. Then install WMware and run ANY preferred Windows on top of that, if you for some obscure reason MUST use native Windows.
Put linux on it. Then install WMware and run ANY preferred Windows on top of that, if you for some obscure reason MUST use native Windows.
Put linux on it.
Then install WMware and run ANY preferred Windows on top of that, if you for some obscure reason MUST use native Windows.
Then install WMware and run ANY preferred Windows on top of that, if you for some obscure reason MUST use native Windows.
So many novice PC users have norton/symantec installed with their PC "from new". The trouble is that such people tend not to pay the fees required to keep the anti-virus up to date. So what happens next is that these virus libraries become out of date AND...
And the worst is these novice users still think they are fully protected. They cannot/do not want to afford the prices for these products but think they are running in the background and protecting them.
Such pre-installed programs are the worst enemy of those trying to protect against viruses. They consume computer resources and are very bad protection against the latest viruses. You can easily argue it is these anti-virus programs that actually help new viruses propagate!
And the worst is these novice users still think they are fully protected. They cannot/do not want to afford the prices for these products but think they are running in the background and protecting them.
Such pre-installed programs are the worst enemy of those trying to protect against viruses. They consume computer resources and are very bad protection against the latest viruses. You can easily argue it is these anti-virus programs that actually help new viruses propagate!
You suggest putting Adaware on the PC before going on the Net, but some antivirus programs a nailing Adaware for it's activities and ability to provide information about you instead of protecting you. When my antivirus software identified Adaware as a problem, I tried to uninstall Adaware, but it wouldn't uninstall properly. That makes me distrust it even more. Before I ever use it again, I'd need to know that I can get rid of it if when it causes problems, and I'd want to see some reviews that clarify whether it's really blocking spyware, or just stopping it's own spyware competitors.
Make sure you're really using Lavasoft Ad-Aware, and not a counterfeit. There are literally hundreds of things named similarly to Ad-Aware that claim to do the same thing, trying to capitalize on the name, and the only one that isn't adware or spyware itself is the original Ad-Aware from Lavasoft.
Ad-Aware SE of Lavasoft Sweden at present is the free, uninstalleable, correct version, free for home use!
As others have also added, the humbugs and fakes are numerous, also you need to check for new data files (def.ref), usually at least weekly!
It might not delete all problems, but it is a reliable proven tool!
John
from Hungary
As others have also added, the humbugs and fakes are numerous, also you need to check for new data files (def.ref), usually at least weekly!
It might not delete all problems, but it is a reliable proven tool!
John
from Hungary
Spybot Search & Destroy (also FREE) by Safer Networking make a perfect duo! Just make sure SbS&D's "Resident 'Tea Timer'" is on.
They both UNinstall quite cleanly.
I've use these two programs together for over five years and have found them to be extremely reliable. My computer(s) haven't been infected with anything without me knowing it and giving me the chance to take care of it IMMEDIATELY before losing data. And that has only happened a very small of times. But, I'm a home user. I also practice "safe surfing" techniques, never use Outlook for mail and don't open ANYthing from someone I don't know (even through Y!).
They both UNinstall quite cleanly.
I've use these two programs together for over five years and have found them to be extremely reliable. My computer(s) haven't been infected with anything without me knowing it and giving me the chance to take care of it IMMEDIATELY before losing data. And that has only happened a very small of times. But, I'm a home user. I also practice "safe surfing" techniques, never use Outlook for mail and don't open ANYthing from someone I don't know (even through Y!).
I have been using these two free anti-spyware tools for at least three years now. As btljooz mentioned they do compliment each other perfectly.
They are both regularly mentioned and highly rated by various PC magazines and are completely safe to use. I have never had any problems uninstalling them.
Obviously, as with any programs, make sure you download the installers from the manufacturers site or reliable source. I always d/l Ad-Aware from Lavasoft directly.
I also use Kaspersky Anti-Virus, I find it's a lot more efficient and unobtrusive than Symantec or McAfee products. It will list some Ad-Aware files after a scan, but only to say they were password protected and it was unable to scan them. Don't confuse this with a possitive virus detection, the files are perfectly safe.
They are both regularly mentioned and highly rated by various PC magazines and are completely safe to use. I have never had any problems uninstalling them.
Obviously, as with any programs, make sure you download the installers from the manufacturers site or reliable source. I always d/l Ad-Aware from Lavasoft directly.
I also use Kaspersky Anti-Virus, I find it's a lot more efficient and unobtrusive than Symantec or McAfee products. It will list some Ad-Aware files after a scan, but only to say they were password protected and it was unable to scan them. Don't confuse this with a possitive virus detection, the files are perfectly safe.
I've installed AVG Anti-Virus Free, Lavasoft AD-Aware, Spybot S&D, and SpywareBlaster as a package on all the machines I've sold or repaired for almost 3 years now (well over 200). Not a one has become infected! I believe the page blocking abilities (immunization)of Spybot and SpywareBlaster contributes mostly to this. Had a customer bring in an old Win ME machine I worked 3 years ago yesterday that was slowing down. Not a single infection, pretty good testament to how well these programs work.
ccleaner (crap cleaner)
I found this little beauty one day whilst idly browsing the net, It removes the crap that ad-aware or spybot dont catch.
It also has a startup menu editor and a very useful uninstaller service, much better than using add/remove programs.
www.ccleaner.com
I found this little beauty one day whilst idly browsing the net, It removes the crap that ad-aware or spybot dont catch.
It also has a startup menu editor and a very useful uninstaller service, much better than using add/remove programs.
www.ccleaner.com
the adaware is bad, it is spyware.
ad-awaer from lavasoft is not an issue and it is anti-spyware
ad-awaer from lavasoft is not an issue and it is anti-spyware
Myself
1. I always make sure that my clients have a decent firewall on
right away right after startup and before registration and before
connecting the internet and configure the firewall.
2.Install AVG antivirus. it is free and works better than
Symantec.
3.Get the updates
4. Get OS updates
5. Advise them client on importance of making sure they
regularly check for updates av, firewall, OS
6. train client on importance of not clicking on attachments from
people they dont know, or have not advised them in advance
that they are sending something other than message.
7. Inform them of d/l and the dangers involved.
8. Change from Outlook or express to something less open like
Thunderbird. or Eudora
9. Make sure the client knows how to do all updates and keep
thier computer secure and what could happen if they dont.
10. TELL THEM HOW MUCH IT WILL COST TO FIX IT AFTER
THEY GET THE COMPUTER COMPROMISED $100 EACH TIME
1. I always make sure that my clients have a decent firewall on
right away right after startup and before registration and before
connecting the internet and configure the firewall.
2.Install AVG antivirus. it is free and works better than
Symantec.
3.Get the updates
4. Get OS updates
5. Advise them client on importance of making sure they
regularly check for updates av, firewall, OS
6. train client on importance of not clicking on attachments from
people they dont know, or have not advised them in advance
that they are sending something other than message.
7. Inform them of d/l and the dangers involved.
8. Change from Outlook or express to something less open like
Thunderbird. or Eudora
9. Make sure the client knows how to do all updates and keep
thier computer secure and what could happen if they dont.
10. TELL THEM HOW MUCH IT WILL COST TO FIX IT AFTER
THEY GET THE COMPUTER COMPROMISED $100 EACH TIME
Rather than simply advising the client on the importance of checking for updates, I schedule it to occur periodically, in addition to enabling auto-update wherever possible.
These are all scheduled to run late at night and "wake" the computer, assuming a broadband connection. The system is already configured to go back to sleep after 1 hour of inactivity.
Since I use Norton Internet Security for my clients, I create a scheduled LiveUpdate to occur weekly, just to get the non-critical updates that aren't automatically pushed.
I do the same for Windows Update (now Microsoft Update) and tell the client to click on "Custom" when they find Windows Update open in IE in the morning, and call me - if they have any questions about the results. If they use Office a lot, I also create a scheduled Office Update. Although it is now covered by MS Update, the Office Update doesn't even require the user to click a button to scan; the results are ready and waiting when they wake up the system in the morning.
I also schedule weekly scans for Spy Sweeper, CounterSpy (or MSAS), Spybot S&D and NAV and confirm that ScanDisk and Defrag are scheduled as needed according to their usage profile. Most of these anti-spyware products have an option to update automagically prior to a scan.
Of course I don't schedule these to occur all on the same night. A different item runs each night and if I have to double up, I separate their schedules appropriately, to avoid conflicts.
These are all scheduled to run late at night and "wake" the computer, assuming a broadband connection. The system is already configured to go back to sleep after 1 hour of inactivity.
Since I use Norton Internet Security for my clients, I create a scheduled LiveUpdate to occur weekly, just to get the non-critical updates that aren't automatically pushed.
I do the same for Windows Update (now Microsoft Update) and tell the client to click on "Custom" when they find Windows Update open in IE in the morning, and call me - if they have any questions about the results. If they use Office a lot, I also create a scheduled Office Update. Although it is now covered by MS Update, the Office Update doesn't even require the user to click a button to scan; the results are ready and waiting when they wake up the system in the morning.
I also schedule weekly scans for Spy Sweeper, CounterSpy (or MSAS), Spybot S&D and NAV and confirm that ScanDisk and Defrag are scheduled as needed according to their usage profile. Most of these anti-spyware products have an option to update automagically prior to a scan.
Of course I don't schedule these to occur all on the same night. A different item runs each night and if I have to double up, I separate their schedules appropriately, to avoid conflicts.
Hey ITSecurityGuy. Configuring scheduled scans and Automatic Updates wherever possible sounds like a really great way to protect naive and unsophisticated users before you allow them to connect to the Internet and to protect them afterwards. The devil is in the details.
I don't know about Norton Internet Security, but last I knew, Norton had not fixed the security problem that their Norton Antivirus AutoUpdate had to be run by an account with Administrator privileges. The Windows XP "run as" facility does not allow Norton Antivirus AutoUpdates. This means that an account with Administrator privileges must schedule the AutoUpdate and be logged into the computer when the update occurs. Essentially you must always be logged on as an Administrator to use the AutoUpdate feature.
Although Windows Updates may be mending their ways, I believe that this is also true for applying Windows AutoUpdates. Anyone can download them but to apply them you have to be a member of the Administrators group. I am not familiar with the privileges required by the other programs you are scheduling.
Security best practice says never run with more privileges than you absolutely have to have. The principle of least privileges puts one more layer of security between the latest unpatched exploit and full control of your computer. I wonder how secure it is to always leave an Administrator account available for the latest unpatched exploit, so that you can schedule automatic updates?
Of course, if you don't schedule automatic updates using an always logged on Admin account, and you always assign every user a non-Admin account for day to day use, then I'm sure that Granddad, Mom, the Kids and Joe Smallbusiness all know that on a daily basis they need to close all their apps and use Windows XP fast user switching to log into the renamed Administrator account with a strong password to get their Norton Anti-virus updates and apply all their Windows and Office Critical Updates, then log out of the Admin account before they go back to doing whatever they really wanted to be doing.
And if the updates require a reboot, I am sure they will remember to log back into the renamed Administrator account after the reboot to let the updates finish applying before they log back out of the Admin account and log back in to their non-Admin account so that they can go back to what they were trying to use the computer to accomplish.
In my opinion naive users, security and Windows shouldn't be used in the same sentence.
I don't know about Norton Internet Security, but last I knew, Norton had not fixed the security problem that their Norton Antivirus AutoUpdate had to be run by an account with Administrator privileges. The Windows XP "run as" facility does not allow Norton Antivirus AutoUpdates. This means that an account with Administrator privileges must schedule the AutoUpdate and be logged into the computer when the update occurs. Essentially you must always be logged on as an Administrator to use the AutoUpdate feature.
Although Windows Updates may be mending their ways, I believe that this is also true for applying Windows AutoUpdates. Anyone can download them but to apply them you have to be a member of the Administrators group. I am not familiar with the privileges required by the other programs you are scheduling.
Security best practice says never run with more privileges than you absolutely have to have. The principle of least privileges puts one more layer of security between the latest unpatched exploit and full control of your computer. I wonder how secure it is to always leave an Administrator account available for the latest unpatched exploit, so that you can schedule automatic updates?
Of course, if you don't schedule automatic updates using an always logged on Admin account, and you always assign every user a non-Admin account for day to day use, then I'm sure that Granddad, Mom, the Kids and Joe Smallbusiness all know that on a daily basis they need to close all their apps and use Windows XP fast user switching to log into the renamed Administrator account with a strong password to get their Norton Anti-virus updates and apply all their Windows and Office Critical Updates, then log out of the Admin account before they go back to doing whatever they really wanted to be doing.
And if the updates require a reboot, I am sure they will remember to log back into the renamed Administrator account after the reboot to let the updates finish applying before they log back out of the Admin account and log back in to their non-Admin account so that they can go back to what they were trying to use the computer to accomplish.
In my opinion naive users, security and Windows shouldn't be used in the same sentence.
I agree with your concern, but you seem to have come back around to my unstated conclusion that limited user accounts are not practical for non-domain PCs, as implemented in XP. I look forward to Vista's improvements in this area.
You all know (of course) that AVG Free is free ONLY for personal and private use therefore installing it on a client's business computer is breaking the licensing agreement.
my standard procedure is to set it up so that it is not complicated to the user. take away all those useless programs. set up antivirsus and let it roll.
I will do these things,
* install good antivirus
* install good spyware control program
* keep system free with good memory space and diskspace
* create a seperate login for internet browsing
* make a copy of book disk and OS disk (sometimes it is required)
* use a proper downloading manager
* use Opera browser
* configure email clients instead of webmails
i have to think about more points..
* install good antivirus
* install good spyware control program
* keep system free with good memory space and diskspace
* create a seperate login for internet browsing
* make a copy of book disk and OS disk (sometimes it is required)
* use a proper downloading manager
* use Opera browser
* configure email clients instead of webmails
i have to think about more points..
Is replace Microsoft Windows with a linux Distribution. Any linux Distribution will do, but for ease of use, and the GUI administration tools I suggest Mandriva or SuSE.
I think that step one is unrealistic for 98% of computer users.
Step 1. Should be purchase the computer from a knowledgeable computer store / VAR that does the service packs, critical updates, and anti-virus installation and updates before delivering the computer to the end user.
Step 2. Use a router for cable or ADSL Internet access. Turn off wireless or at least secure the wireless with WAP. Make your first connection to the Internet is via CAT5 network cable connected to the router. Ideally the router has real firewall protection and does not just rely simply on NAT to provide protection. I think that stateful packet inspection is essential though most routers only offer NAT protection.
Step 3. If the major brand computer company does not prepare the computer for using the Internet safely then basically follow the instructions from Mark Kaelin.
I would suggest that within 24 hours of accessing the Internet that the end user run a full virus scan (Norton, McAfee, TrendMicro), SpyBot scan and an Ad-aware scan. If the computer scans find any viruses then use the Windows XP or restore CDs to start over again. If the computer finds any serious malware then it should be scanned again within 24 hours to make sure that computer is now malware free.
As the owner and one of the techies that works on several new computers and numerous fresh installations of Windows everyday I believe that the most important thing is to have multiple backups of important documents, e-mail, and pictures onto CD-R, flash drive, external hard drive, tape backup, DVD-R. Afterall a lot of viruses and malware come in the 5'10" variety which can strike within 12 minutes of accessing the Internet and almost always within 30 days of accessing the Internet even with MS critical updates and quality anti-virus protection.
I hope my opinions lead to further discussion.
Step 1. Should be purchase the computer from a knowledgeable computer store / VAR that does the service packs, critical updates, and anti-virus installation and updates before delivering the computer to the end user.
Step 2. Use a router for cable or ADSL Internet access. Turn off wireless or at least secure the wireless with WAP. Make your first connection to the Internet is via CAT5 network cable connected to the router. Ideally the router has real firewall protection and does not just rely simply on NAT to provide protection. I think that stateful packet inspection is essential though most routers only offer NAT protection.
Step 3. If the major brand computer company does not prepare the computer for using the Internet safely then basically follow the instructions from Mark Kaelin.
I would suggest that within 24 hours of accessing the Internet that the end user run a full virus scan (Norton, McAfee, TrendMicro), SpyBot scan and an Ad-aware scan. If the computer scans find any viruses then use the Windows XP or restore CDs to start over again. If the computer finds any serious malware then it should be scanned again within 24 hours to make sure that computer is now malware free.
As the owner and one of the techies that works on several new computers and numerous fresh installations of Windows everyday I believe that the most important thing is to have multiple backups of important documents, e-mail, and pictures onto CD-R, flash drive, external hard drive, tape backup, DVD-R. Afterall a lot of viruses and malware come in the 5'10" variety which can strike within 12 minutes of accessing the Internet and almost always within 30 days of accessing the Internet even with MS critical updates and quality anti-virus protection.
I hope my opinions lead to further discussion.
use old images to set up the machines. So it's likely to be out of datae in many respects when you plug it in.
Also I would never recommend subscription model av to a home user. They are too likely to let it lapse. AVG auto updates, so does Sygate for a software firewall.
AVG now auto updates the software it self as well as definitions.
Hostageware has no place for home users.
Also I would never recommend subscription model av to a home user. They are too likely to let it lapse. AVG auto updates, so does Sygate for a software firewall.
AVG now auto updates the software it self as well as definitions.
Hostageware has no place for home users.
Microsoft is one of the rishest companies in the world. Linux was put together by a bunch of amatures. Am I the only one who sees an irony in this?
I've installed a couple of machines for clients, out of the box and unprotected. Then I ran intrusion testing on them and fonnd.. nothing!
I'm amazed, simply amazed, that anybody who calls themselves a computer expert would advocate a solution that 1) costs more 2) doesn't come with lots and lots of applications (C, Perl, Open Office, MySQL, etc., etc., etc.) 3) is less efficient, 4) is less secure.
GIven that the machines are crackable within minutes of getting it out of the box, how do you justify giving those machines to computer-illiterate customers?
I've installed a couple of machines for clients, out of the box and unprotected. Then I ran intrusion testing on them and fonnd.. nothing!
I'm amazed, simply amazed, that anybody who calls themselves a computer expert would advocate a solution that 1) costs more 2) doesn't come with lots and lots of applications (C, Perl, Open Office, MySQL, etc., etc., etc.) 3) is less efficient, 4) is less secure.
GIven that the machines are crackable within minutes of getting it out of the box, how do you justify giving those machines to computer-illiterate customers?
...computer illiterate PC "techs" who know very little else.
I have multiple CNE\CNA quallies, a couple of MCSE quallies and am now going the Linux route. I have built several PCs (all SUSE) for friends who are very happy. They too see the irony that you mentioned above. And now that you can get a refund form DELL for the MS "tax" a Dell PC gets even cheaper - although all the machines I have done so far have been custom built by another shop for me. One couple who have a SUSE machine love the fact that they are runnig Linux. For a fairly computer illiterate couple they had heard of Linux and think that they are now cool in having it at home. They are not young - both in their fifties. Smashing
I have multiple CNE\CNA quallies, a couple of MCSE quallies and am now going the Linux route. I have built several PCs (all SUSE) for friends who are very happy. They too see the irony that you mentioned above. And now that you can get a refund form DELL for the MS "tax" a Dell PC gets even cheaper - although all the machines I have done so far have been custom built by another shop for me. One couple who have a SUSE machine love the fact that they are runnig Linux. For a fairly computer illiterate couple they had heard of Linux and think that they are now cool in having it at home. They are not young - both in their fifties. Smashing
I run a mac/windows network through a Linux Server.
Anybody care to guess which platform causes 90% of the
problems?
Could you imagine peoples reaction if, when buying a car,
you had to go through some 10-step procedure to ensure it
worked ok?
I am guessing that Microsoft is kind of betting the farm on
Vista to be their saviour from all this crap, good luck to
them.
Anybody care to guess which platform causes 90% of the
problems?
Could you imagine peoples reaction if, when buying a car,
you had to go through some 10-step procedure to ensure it
worked ok?
I am guessing that Microsoft is kind of betting the farm on
Vista to be their saviour from all this crap, good luck to
them.
Since my agency is part of a group of state agencies, our network is bogged down with viruses and worms from unprotected computers.
12 seconds after plugging a new computer into the network, the machine would instantly be infected.
I have placed all shared printers on print servers, and I have also disabled the Remote Registry, Server Service, Computer Browser service and installed Symantec Anti-virus before plugging into the network.
12 seconds after plugging a new computer into the network, the machine would instantly be infected.
I have placed all shared printers on print servers, and I have also disabled the Remote Registry, Server Service, Computer Browser service and installed Symantec Anti-virus before plugging into the network.
I always format the disc so that there is an operating system partition and a data partition, and teach users how to use it. Then I move the mail folders etc. onto the data partition.
I also try and get people to consider the Computer as a filing cabinet, with Windows explorer the means of finding stuff, and double clicking on files to open them - let the file determine the application.
That way I can back up the whole partition easily, and also restore the operating system without losing data. [which of course you have to do with windows periodically].
I also try and get people to consider the Computer as a filing cabinet, with Windows explorer the means of finding stuff, and double clicking on files to open them - let the file determine the application.
That way I can back up the whole partition easily, and also restore the operating system without losing data. [which of course you have to do with windows periodically].
Agree 100%! Having one gigantic partition - especially with todays massive drives is just asking for problems, and is just plain lazy!
But I go even farther than that! I use Partition Magic and split into 4 partitions. Then I use Norton Ghost to copy the system and data partitions completely. Then I Use Partition Magic to HIDE the copies! making them effectively invisible to Windows.
This has saved my bacon more than once when a user has screwed something up, or when malware has taken its toll!
When people go on vacation, I do a complete servicing of their system to ensure that all patches have been applied, and that the machine is virus and malware free. Then I re-ghost the hidden copies.
I am pretty much a one man show and I just cannot aford the time to play around trying to fiure out if malware has been truly completely removed! An ounce of prevention is worth sixteen tonnes of cure from where I sit. Barring an actual hard drive crash, I could have most users "up and running" in 30 minutes! They might have to pick up some pieces, but that is THEIR time - not mine! And for some "mission critical" PCs (like the CEO and the Head of R&D) I actually do an additional ghost onto and external hard drive and then stash the drive - just in case! Hard drives are CHEAP - lost productivity is NOT!
And generally, we don't have problems - well not ones that have a lasting impact.
A couple of other things I do before commissioning a system:
1) Use SpinRite 6 to do a complete scan of the hard drive to make sure it is sound
2) Use RAMExam to do a comprehensive memory test
Years ago when I set up my first WinNT server, I had heard all the horror stories. When I did my research, it occurred to me that most people were not validating the hardware before deploying it! So I did just that. I tested EVERYTHING. Then I made sure I had all the correct drivers on disk BEFORE the install!
That installation AND deploymet went off without a hitch, and took less than a day - and that server was rock solid. Only required reboot for MS Updates.
It is very easy to take pot-shots at Micro$haft, but often the problems can be traced back to flakey hardware! If you make sure the hardware is sound before deployment, then you take that variable out of the support equation. And that is a GOOD thing!
But I go even farther than that! I use Partition Magic and split into 4 partitions. Then I use Norton Ghost to copy the system and data partitions completely. Then I Use Partition Magic to HIDE the copies! making them effectively invisible to Windows.
This has saved my bacon more than once when a user has screwed something up, or when malware has taken its toll!
When people go on vacation, I do a complete servicing of their system to ensure that all patches have been applied, and that the machine is virus and malware free. Then I re-ghost the hidden copies.
I am pretty much a one man show and I just cannot aford the time to play around trying to fiure out if malware has been truly completely removed! An ounce of prevention is worth sixteen tonnes of cure from where I sit. Barring an actual hard drive crash, I could have most users "up and running" in 30 minutes! They might have to pick up some pieces, but that is THEIR time - not mine!
And for some "mission critical" PCs (like the CEO and the Head of R&D) I actually do an additional ghost onto and external hard drive and then stash the drive - just in case! Hard drives are CHEAP - lost productivity is NOT!And generally, we don't have problems - well not ones that have a lasting impact.
A couple of other things I do before commissioning a system:
1) Use SpinRite 6 to do a complete scan of the hard drive to make sure it is sound
2) Use RAMExam to do a comprehensive memory test
Years ago when I set up my first WinNT server, I had heard all the horror stories. When I did my research, it occurred to me that most people were not validating the hardware before deploying it! So I did just that. I tested EVERYTHING. Then I made sure I had all the correct drivers on disk BEFORE the install!
That installation AND deploymet went off without a hitch, and took less than a day - and that server was rock solid. Only required reboot for MS Updates.
It is very easy to take pot-shots at Micro$haft, but often the problems can be traced back to flakey hardware! If you make sure the hardware is sound before deployment, then you take that variable out of the support equation. And that is a GOOD thing!
I partition my drive so my OS and programs are in a separate partition. This way the primary files are separated from the user's data. Then I Ghost the partition before I go on the Internet or give the PC to a user. This has saved my cookies more than once.
This is a good practise, and is commonplace and second nature anywhere else than in Windows.
Unfortunately Windows will try to create 'Documents and settings' - including'MyDocuments and other personal stuff - on the C: drive at any given opportunity.
Unfortunately Windows will try to create 'Documents and settings' - including'MyDocuments and other personal stuff - on the C: drive at any given opportunity.
If the OS didn't come with a firewall then go to the Zone Labs website, for example, and get the free firewall downloaded, click & install, reboot into safe mode and installed first thing before anything else. Next is Antivirus. Then any updates that may exist for the OS. Then anti-spyware and anti-adware.
I sit on a corporate network, and services state is:
Disabled: 45
Automatic : 26
Manual: 24
Security apps services: 8
Most of those set to manual, could really be disabled.
All these services are a potential security risk, and ALL of them are switched on as default. It is really amazing just how much unneeded stuff are running on a PC.
In the network settings remove 'File and printer sharing for Microsoft networks'. Many people think this is needed for being on a MS network, but the explanation reads 'Allows other computers to access resources on your computer' - and thats exactly what it does.
Remove all unwanted protocols, and now we have dumped efficient NetWare for clumsy Windows, this normally means that you remove anything except IP.
Windows is a swiss armyknife system, it has fair tools for everything, but not the real professionel tools. Remove or disable EVERYTHING that you are not going to need, and your systems will run smoother and with fewer errors. Throw out excess luggage.
Disabled: 45
Automatic : 26
Manual: 24
Security apps services: 8
Most of those set to manual, could really be disabled.
All these services are a potential security risk, and ALL of them are switched on as default. It is really amazing just how much unneeded stuff are running on a PC.
In the network settings remove 'File and printer sharing for Microsoft networks'. Many people think this is needed for being on a MS network, but the explanation reads 'Allows other computers to access resources on your computer' - and thats exactly what it does.
Remove all unwanted protocols, and now we have dumped efficient NetWare for clumsy Windows, this normally means that you remove anything except IP.
Windows is a swiss armyknife system, it has fair tools for everything, but not the real professionel tools. Remove or disable EVERYTHING that you are not going to need, and your systems will run smoother and with fewer errors. Throw out excess luggage.
I'd suggest inventorying it, perhaps with a comprehensive, free tool such as WinAudit, that records as much specific information, serial numbers, MAC addresses of NICs, serial numbers of drives, installed software versions and licenses, etc.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
