Talk:Windows XP/Security Software

Also check out Computers_for_Beginners/Security (similar topic, has material that would fit nicely).

Referenced tools/programs can be free or proprietary.

General notes
What follows will find a place in the wikibook if actually useful for a novice user.

Managing passwords is important for security.
 * Random letters and numbers are hard to remember, and do not improve security (Prof. Ross Anderson dixit)
 * Another suggestion would be to use word initials in a long sentence.
 * Bruce Schneier suggested making a note of a complex password and keeping it in your wallet. Contrariwise, stick-em-up's attached to a computer screen with a password written on them are questionable.

Computer security does not only deal with malware, but also with preventing data loss (how to make backups in WinXP?) Redundancy using RAIDs?

There are also side-channel attacks like Tempest (electromagnetic leakage of information, e.g. the contents of a computer screen) but they are a bit far-fetched for a home user.

Trying to make sense of definitions:

Malware (malicious software) is a generic term for software that does something sneaky. It can be a virus (replicates on your file system), worm (spreads over a network), dialer (worst case scenario: silently drops your connection, dials a premium-rate number, and changes your dialup parameters to always use that number. Luckily ADSL and cable connections are immune; your phone company may also give you the option to block certain calls, and/or be obliged by law [?] to refund you if you have been cheated in this way), browser hijacker (changes the browser home page: typically a search portal with pay-per-click links or something more unpleasant; may lock it from changes, may reset it at every reboot), backdoor (RAT, remote access trojan), keylogger (intercepts passwords and credit card numbers as you type them, sent elsewhere along with screenshots), botnet client (DDoS attacks, spam relayers), macro virus (written in a [human-readable?] macro language, works only when executed by the host program; since it depends only on that program's macro features it may be multi-platform), rootkit (stealth techniques, "sits" between the system and the user and gives false information about the system, e.g. hiding files)


 * Is a logic bomb simply a payload-carrying malware?
 * A trojan (horse) is not a specific type of malware but more of a packaging format (tries to deceive you into activating it, requires user intervention like opening an email attachment).
 * A malformed data file may act as a dropper (it contains malicious code that exploits a buffer overflow or similar bug to execute when the file is opened by its associated program)

Deception is an important part of any war.
 * spyware, steal/thiefware: ... jargon?
 * "ransomware" recently appeared: it extorts money by locking you from your data (e.g. encrypting or deleting a file every 30 minutes). You are forced to transfer money on some bank account to make it stop. Backups should work. Although the actual implementations had weak cryptography, expect them to get better.
 * Bogus "anti-spyware": claims to remove evil spyware, but actually a hoax (to make a quick buck) or a trojan installer. It may be bundled with spyware, and actually remove spyware and then install other spyware. The "bad guys" are cheating each other too.


 * "ActiveX vulnerabilities? ActiveX is a vulnerability" [?].


 * Malware is an excellent reason to avoid porn/casino sites, even if you like them. And monitor what your children are doing on the Internet!

How you could get infected: In the olden days of DOS (before the availability of the Internet), floppy disks (and Bulletin Board Systems, reminiscent of today's FTP servers) with, say, copies of pirated software were the only vehicles for viruses. You either executed an infected program or accidentally left a disk in your floppy drive while booting the system (boot sector viruses). Viruses were constrained in size because of limited memory (in DOS real mode, 8080-CPU compatible, programs could only use the first 640KB of RAM).

These days are long gone. ...

USB Memory sticks can perform a data transferal using DMA (Direct Memory Access). [TODO:explain it better...] Until this vulnerability is fixed, you shouldn't out of curiosity plug in anything you find lying around...

To find out if a program has been trojaned: compare its digital fingerprint with the expected one (use SHA-1, flaws have been found in MD5). If they differ, the downloaded file is either corrupt or not what you expect it to be.

Passwords
Worth a mention that there are a number of free password programs out there that (AFAIK) offer good password security? -- Herby talk thyme 09:04, 16 December 2006 (UTC)

Good morning, Herby! Probably worth it. I only tried Password Safe some time ago but didn't like it because it wasn't flexible (mandatory 5-min password expiration, obfuscation). At home my security requirements are not so demanding. BTW, I usually write my passwords h4x0r style, do you think that is good practice? Tortoise 09:39, 16 December 2006 (UTC)
 * Use Keepass myself - a year or so back I realised it was getting out of hand (using the same password for almost everything) so wandered around the web a bit and found that one best for me. A site that probably got me most interested in comp security would be www.grc.com - first thing I do on a new machine is check shieldsup.  BTW what timezone are you (tho won't be around now for a couple of hours)?
 * When I get time I think I'll do a "browser" bit (something I feel strongly that people should understand better) - subpage maybe? -- Herby talk thyme 09:48, 16 December 2006 (UTC)

Perhaps you could write about the password programs since you seem to have more experience. My timezone is +01:00 GMT (Italy), yours? Tortoise 10:32, 16 December 2006 (UTC)


 * Hum - the problem is as always - time. By comparison to some things I am quite passionate about computer security.  As you say there are different issues comparing home and work - I trust me!  I'll look at the password issue.
 * I do think browsers are something that should be addressed. Just because a machine arrived with IE doesn't make it right.  I am basically anti MS however the point is more that exploits will be more often/easily found in IE.  These days FF (with spellcheck) and some extension such as Noscript combined with a well loaded HOSTS file can make clicking on links a much less risky business.  When I evaluate links here for spam/appropriateness if they don't load as a result of the HOSTS file I remove them anyway for others safety.
 * FWIW this is one I really like - - deals in a very elegant neat way with services & startup items (IMO).
 * I'm UK based. You've done good work on that article, I hope you stick around and keep contributing - let me know if I can help and I will try and contribute to the page myself -- Herby  talk thyme 12:50, 16 December 2006 (UTC)

If you meant to point me to the 'Starter' Program, have a look at http://www.sysinternals.com ... (gosh, Microsoft acquired them in July... but the programs are still there). I'm not sure what you mean with doing the 'Services' subpage together... I don't like to casually write about something I know little about. Tortoise 16:57, 16 December 2006 (UTC)

@Herby: Sorry for disappearing, my ADSL connection stopped working today (seems ISP's fault). Since you have little time don't worry about style, just list facts you know somewhere (or give pointers). And don't feel compelled to dedicate hours on end to the wikibook -- have a life (I hope you don't find this offensive). BTW I never logged out before disconnecting, does this mean I appeared to be online forever? Tortoise 19:16, 17 December 2006 (UTC)

Style?
Just wondering if standardising the style would be good - after I'd done mine in the form of something to be typed I realised you had done it a little differently. Fell free to change mine or talk it thro. Lunch where you are sounds waaay better than what I just had! -- Herby talk thyme 13:32, 16 December 2006 (UTC)

Not sure... I never seem to make up my mind. Samples:
 * 1) Type   and then choose Yes.
 * 2) Type "format c: /q" and then choose Yes. (bad style I think)
 * 3) Type format c: /q and then choose Yes.

Ah, got it. We'll use your style. Quickly typed and can be easily changed later using a text search. Tortoise 14:29, 16 December 2006 (UTC)