Page 1 of 2 12 LastLast
Results 1 to 16 of 21

Thread: Don't connect to the internet (hack threat) but connect to get antivirus and OS patch

  1. #1
    Registered+
    Join Date
    Dec 2009
    Posts
    33
    Thanks
    6
    Thanked
    2 times in 2 posts

    Don't connect to the internet (hack threat) but connect to get antivirus and OS patch

    Okay, so I know an unpatched machine can get swallowed by hackers in really not very minutes.
    But you also need to connected to the 'net to get patches.

    What is a person to do?!

    (or is it just rely on a firewall?)

    Cheers
    R

  2. #2
    blueball
    Guest

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    What operating system do you need AV for? If Win7 then get the free MSE direct from Microsoft from the following link - with a firewall enabled you will not be at risk
    https://support.microsoft.com/en-gb/...tials-download
    If Win 8, 8.1 or 10 then Windows Defender is built in and you don't need to download AV - just ensure it is running.

  3. #3
    Registered+
    Join Date
    Dec 2009
    Posts
    33
    Thanks
    6
    Thanked
    2 times in 2 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Thanks BB.

    It's W10.

    Am I just far too old-school to trust Windows Defender? I think so. But clearly I need to revisit my views.

    I'm currently using Kaspersky Internet Security for anti-virus duties, FWIW.

  4. #4
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,978
    Thanks
    778
    Thanked
    1,586 times in 1,341 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 5900X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 2TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 39 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 900Mb/900Mb (CityFibre FttP)

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    That timing made perfect sense back in the dial-up days when a PC would be directly connected to the internet.

    If you are on broadband and going through a router, people can't directly connect to your PC from the outside thanks to the router firewall and address translation. That helps a lot.

    I don't think the Windows Defender is much worse than other virus programs, they all seem to cause problems occasionally. I would try and get it to update itself as soon as possible after install though.

    So my usual sequence is:
    * Install Windows 10.
    * Update Windows built in antivirus.
    * Force any other OS updates to install.
    * Use Edge browser to get Chrome.
    * Optionally, install other virus scanner (I use Avast, but on lightly used machines I might not bother).

  5. #5
    Super Moderator Jonj1611's Avatar
    Join Date
    Jun 2008
    Posts
    5,718
    Thanks
    1,754
    Thanked
    994 times in 761 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    The chances of you connecting to the internet and getting attacked by "hackers" is incredibly slim, connect to the internet and patch your machine. Worry less
    Jon

  6. #6
    Registered+
    Join Date
    Dec 2009
    Posts
    33
    Thanks
    6
    Thanked
    2 times in 2 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    I like the last sentiment, Jon

    Yeah, I should really find the articles I mentioned (possibly from Ars) which seemed to suggest things even behind a NAT had been got. But, well, that might be a figment of my imagination - it seems implausible.

  7. #7
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,978
    Thanks
    778
    Thanked
    1,586 times in 1,341 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 5900X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 2TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 39 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 900Mb/900Mb (CityFibre FttP)

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Retne View Post
    I like the last sentiment, Jon

    Yeah, I should really find the articles I mentioned (possibly from Ars) which seemed to suggest things even behind a NAT had been got. But, well, that might be a figment of my imagination - it seems implausible.
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched

  8. #8
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Jonj1611 View Post
    The chances of you connecting to the internet and getting attacked by "hackers" is incredibly slim, connect to the internet and patch your machine. Worry less
    That is true provided you are behind a router’s firewall with NAT and no open ports (or if you do have open ports, you know why and have taken appropriate additional precautions)

    A computer connected directly to the internet without those precautions is vulnerable to attack. That doesn’t necessarily mean it will be hacked, but the risk is considerably higher, especially if, like many users, your routinely operate with admin privileges.

    Even if you are connected behind a firewall, you should create a low privilege user account for everyday use, and only use your admin accounts for system administration. You should also configure windows defender and firewall to restrict access as much as possible, while still doing what you need to do with the machine.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  9. #9
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,932
    Thanks
    171
    Thanked
    383 times in 310 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched
    Exactly this.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  10. #10
    Super Moderator Jonj1611's Avatar
    Join Date
    Jun 2008
    Posts
    5,718
    Thanks
    1,754
    Thanked
    994 times in 761 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by peterb View Post
    That is true provided you are behind a router’s firewall with NAT and no open ports (or if you do have open ports, you know why and have taken appropriate additional precautions)

    A computer connected directly to the internet without those precautions is vulnerable to attack. That doesn’t necessarily mean it will be hacked, but the risk is considerably higher, especially if, like many users, your routinely operate with admin privileges.

    Even if you are connected behind a firewall, you should create a low privilege user account for everyday use, and only use your admin accounts for system administration. You should also configure windows defender and firewall to restrict access as much as possible, while still doing what you need to do with the machine.
    Yes I agree with that but maybe my idea of connecting to the internet is different, I wasn't referring to surfing the net, I was talking about connecting to broadband or whatever and then getting the patches/updates for your machine. I would be extremely surprised if anyone would be "hacked" or attacked in that scenario.

    My very example was based on the OP who said they need to connect to the net to get patches but are worried about being hacked.
    Jon

  11. #11
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,894
    Thanks
    934
    Thanked
    971 times in 717 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched
    The other thing to bear in mind is exactly whatvis being done with the "at risk" system.

    If you're browsing all over the net, and if that includes some less savoury sites, then the risk is considerably higher than if you ONLY connect to update the OS and get specific application patches, from trustworthy sites.

    I'd accept that there's a risk, even with those trustworthy sites, but it's pretty small if you connect, do the updating, then disconnect.

    And let's all remember, regardless of what we have installed, or what precautions we take, connecting at all implies an element of risk. All our precautions, settings and defensive software/hardware can do is minimise it, not eliminate it.

    Which is partly why several of my machines are on an old WinXP network (wired, no wifi) and air-gapped. Everything, including XP, simply works, does what I need and expect of it, so I don't upgrade anything on that. The instant I were to connect, an risk surface is exposed to attack. No connection, no attack .... unless someone physically breaks in and evn that risk eliminates about 99.999% of potential hackers by sheer geography.

    This is all about a balance between risk levels and the tije, effort, expense and system slow-down resulting from defending.

    So one strategy retne might consider, if the net connection is only needed for OS updates and some patches, is something like your basic precautions, and then staying disconnected the rest of the time.

    Risk free? Nor entirely. But minimal risk? I'd say so.

  12. #12
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    The other option for risk free surfing is to use a CD/DVD live version of Linux with no hard drive on the system. When you have finished, switch off and everything is gone.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  13. #13
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    12,978
    Thanks
    778
    Thanked
    1,586 times in 1,341 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 5900X
      • Memory:
      • 32GB 3200MHz ECC
      • Storage:
      • 2TB Linux, 2TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 39 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Iiyama 27" 1440p
      • Internet:
      • Zen 900Mb/900Mb (CityFibre FttP)

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Saracen999 View Post
    If you're browsing all over the net, and if that includes some less savoury sites, then the risk is considerably higher than if you ONLY connect to update the OS and get specific application patches, from trustworthy sites.
    The worst risk seems to be embedded into the adverts that sites use. That's why I said to delay firing up the browser until Windows Update says there is nothing more to patch. You might not get an optimal system just using update (video drivers will probably suck for starters) but it should get you a safe baseline with minimal effort or complexity.

  14. Received thanks from:

    Saracen999 (06-08-2019)

  15. #14
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,894
    Thanks
    934
    Thanked
    971 times in 717 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Agreed, DwU.

  16. #15
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    The worst risk seems to be embedded into the adverts that sites use. That's why I said to delay firing up the browser until Windows Update says there is nothing more to patch. You might not get an optimal system just using update (video drivers will probably suck for starters) but it should get you a safe baseline with minimal effort or complexity.
    Another good reason to use PiHole.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  17. #16
    Senior Member
    Join Date
    Aug 2016
    Posts
    3,894
    Thanks
    934
    Thanked
    971 times in 717 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by peterb View Post
    Another good reason to use PiHole.
    /Note to self - get butt in gear and do this.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •