Okay, so I know an unpatched machine can get swallowed by hackers in really not very minutes.
But you also need to connected to the 'net to get patches.
What is a person to do?!
(or is it just rely on a firewall?)
Cheers
R
Okay, so I know an unpatched machine can get swallowed by hackers in really not very minutes.
But you also need to connected to the 'net to get patches.
What is a person to do?!
(or is it just rely on a firewall?)
Cheers
R
What operating system do you need AV for? If Win7 then get the free MSE direct from Microsoft from the following link - with a firewall enabled you will not be at risk
https://support.microsoft.com/en-gb/...tials-download
If Win 8, 8.1 or 10 then Windows Defender is built in and you don't need to download AV - just ensure it is running.
Thanks BB.
It's W10.
Am I just far too old-school to trust Windows Defender? I think so. But clearly I need to revisit my views.
I'm currently using Kaspersky Internet Security for anti-virus duties, FWIW.
That timing made perfect sense back in the dial-up days when a PC would be directly connected to the internet.
If you are on broadband and going through a router, people can't directly connect to your PC from the outside thanks to the router firewall and address translation. That helps a lot.
I don't think the Windows Defender is much worse than other virus programs, they all seem to cause problems occasionally. I would try and get it to update itself as soon as possible after install though.
So my usual sequence is:
* Install Windows 10.
* Update Windows built in antivirus.
* Force any other OS updates to install.
* Use Edge browser to get Chrome.
* Optionally, install other virus scanner (I use Avast, but on lightly used machines I might not bother).
The chances of you connecting to the internet and getting attacked by "hackers" is incredibly slim, connect to the internet and patch your machine. Worry less
Jon
I like the last sentiment, Jon
Yeah, I should really find the articles I mentioned (possibly from Ars) which seemed to suggest things even behind a NAT had been got. But, well, that might be a figment of my imagination - it seems implausible.
There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched
That is true provided you are behind a router’s firewall with NAT and no open ports (or if you do have open ports, you know why and have taken appropriate additional precautions)
A computer connected directly to the internet without those precautions is vulnerable to attack. That doesn’t necessarily mean it will be hacked, but the risk is considerably higher, especially if, like many users, your routinely operate with admin privileges.
Even if you are connected behind a firewall, you should create a low privilege user account for everyday use, and only use your admin accounts for system administration. You should also configure windows defender and firewall to restrict access as much as possible, while still doing what you need to do with the machine.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
"In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."
Yes I agree with that but maybe my idea of connecting to the internet is different, I wasn't referring to surfing the net, I was talking about connecting to broadband or whatever and then getting the patches/updates for your machine. I would be extremely surprised if anyone would be "hacked" or attacked in that scenario.
My very example was based on the OP who said they need to connect to the net to get patches but are worried about being hacked.
Jon
The other thing to bear in mind is exactly whatvis being done with the "at risk" system.
If you're browsing all over the net, and if that includes some less savoury sites, then the risk is considerably higher than if you ONLY connect to update the OS and get specific application patches, from trustworthy sites.
I'd accept that there's a risk, even with those trustworthy sites, but it's pretty small if you connect, do the updating, then disconnect.
And let's all remember, regardless of what we have installed, or what precautions we take, connecting at all implies an element of risk. All our precautions, settings and defensive software/hardware can do is minimise it, not eliminate it.
Which is partly why several of my machines are on an old WinXP network (wired, no wifi) and air-gapped. Everything, including XP, simply works, does what I need and expect of it, so I don't upgrade anything on that. The instant I were to connect, an risk surface is exposed to attack. No connection, no attack .... unless someone physically breaks in and evn that risk eliminates about 99.999% of potential hackers by sheer geography.
This is all about a balance between risk levels and the tije, effort, expense and system slow-down resulting from defending.
So one strategy retne might consider, if the net connection is only needed for OS updates and some patches, is something like your basic precautions, and then staying disconnected the rest of the time.
Risk free? Nor entirely. But minimal risk? I'd say so.
The other option for risk free surfing is to use a CD/DVD live version of Linux with no hard drive on the system. When you have finished, switch off and everything is gone.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
The worst risk seems to be embedded into the adverts that sites use. That's why I said to delay firing up the browser until Windows Update says there is nothing more to patch. You might not get an optimal system just using update (video drivers will probably suck for starters) but it should get you a safe baseline with minimal effort or complexity.
Saracen999 (06-08-2019)
Agreed, DwU.
There are currently 1 users browsing this thread. (0 members and 1 guests)