Thread: Check your Windows 10 block settings
View Single Post
  #50   Report Post  
Posted to alt.home.repair
Don Y[_3_] Don Y[_3_] is offline
external usenet poster
  
Posts: 2,879
Default Check your Windows 10 block settings
On 10/18/2015 11:38 AM, Mayayana wrote:
| With banking, I just don't do it online. I take
| the approach of operating safely when online
| and avoiding banking, shopping, etc. Those things
| simply can't be made safe. Even with a read-only
| laptop you still risk things like man-in-the-middle
| attacks in your connection to the bank.
|
| Then you limit yourself to the range of banks (and other
| institutions) with which you can operate. And, your choices
| will diminish, over time.

I pay $1/month for a paper statement. I doubt

You're lucky. I've closed accounts when each notified me that
they wanted $8.95/month to mail me a single sheet of paper
with 1, 2 or, at most, *3* transactions on it! Note that
one of the banks was 1500 miles from here -- so its not
a "local phenomenon".

very much that I won't be able to get a statement
any time soon. Even if they didn't mail it, one can
go into any bank for a printout as desired. Doing risky
things online because I *might* have to someday is
not a good reason to me.

Do you own any securities? Do any "trading"?

| "Operating safely" is almost impossible. Too many drive-by
| attacks -- even on big "well known" sites. Hence the approach
| of getting the machine into a known, safe state and ensuring that
| it can't be changed from that state.

You sound like you know what you're doing, so I
wouldn't be inclined to tell you that you should change,
but my way also works. Nearly all possible online attacks
require javascript.

If you look at the history of vulnerabilities, you'd realize that's
not the case. Buffer overflow exploits are still common -- despite
EVERYONE knowing about this sort of potential problem (yet
continuing to write NEW code that has the same flaws).

Are *all* inbound ports on your machine closed?
Have a look at "Shield's Up": https://www.grc.com

Do you "NAT" your connections? Use a STATEFUL firewall?

Ever download/open a PDF?
http://securityxploded.com/pdf_vuln_exploits.php
Open a JPG?
https://www.f-secure.com/v-descs/ms04-028.shtml
Maybe a video (MP4)?
http://www.hacking-tutorial.com/hacking-tutorial/hacking-tutorial-windows-xp-sp3-using-adobe-flash-player-mp4-vulnerability/
Or, perhaps, music (MP3)?
http://www.gnucitizen.org/blog/backdooring-mp3-files/

I.e., any piece of code that can be coerced into "processing"
foreign data represents an attack surface. In the past, JPG's
have been used to inject malware, malformed URL's

Most of those also use secondary
vulnerabilities, such as iframes or Flash. I rarely enable
script online. When I do, I do it in Firefox with NoScript,
to limit the exposure. I don't have AV or malware
hunter software. And I've never had a malware problem
of any kind.

We don't run AV, here as it takes to big a hit on the machine's
performance, requires constant updates (sometimes *introducing*
bugs/false positives in the process), etc.

We practice "safe computing" -- much to SWMBO's dismay (as she
isn't allowed to view much of the cruft her friends send to her
as "funny links"). Periodically, I take the machine down and
mount the disk as a sercondary drive so I can scan it with a
current AV release -- just for peace of mind ("Nothing found
so we've been well behaved")

Of course, the machine is only useful to a hacker as a point from
which to possibly launch another attack -- there's nothing *here*
worth stealing or "snooping"!

I wouldn't recommend that approach to everyone.
People who don't want to learn the basics and do
want to access the Internet as "consumers", with
extensive functionality to shop, play games, bank,
Facebook, etc will need AV. But my way, understanding
the risks and disabling script, is far safer than the
person with all the latest patches and AV, but who
enables script online. There's simply no way to make
that safe.

Having NoScript block all domains, here, means I often
have to take several attempts to view a site -- successively
enabling more and more domains until the site "appears"
to work. Some sites are very deliberate in refusing to work
without Jscript enabled. Some refuse to work without Flash.

Each of these represents an inconvenience to me. But, as most
of the sites that I am interested in are highly technical,
I can put up with these occasional inconveniences.

Reply With QuoteReply With Quote