Page 1 of 2 12 LastLast
Results 1 to 16 of 21

Thread: Don't connect to the internet (hack threat) but connect to get antivirus and OS patch

  1. #1
    Registered+
    Join Date
    Dec 2009
    Posts
    30
    Thanks
    3
    Thanked
    2 times in 2 posts

    Don't connect to the internet (hack threat) but connect to get antivirus and OS patch

    Okay, so I know an unpatched machine can get swallowed by hackers in really not very minutes.
    But you also need to connected to the 'net to get patches.

    What is a person to do?!

    (or is it just rely on a firewall?)

    Cheers
    R

  2. #2
    Account closed at user request
    Join Date
    Aug 2005
    Location
    Edinburgh
    Posts
    2,427
    Thanks
    846
    Thanked
    379 times in 294 posts
    • blueball's system
      • Motherboard:
      • Gigabyte Z270 - HD3P
      • CPU:
      • i7-7700K (4 x 4.2GHz plus HT)
      • Memory:
      • Team Group Vulcan T-Force 32GB (2x16GB) DDR4 PC4-19200C14 2400MHz
      • Storage:
      • 1TB Samsung 960 EVO NVMe PCIE M.2 plus Samsung 860 EVO 4TB SSD
      • Graphics card(s):
      • ASUS RTX 2080 Ti ROG Strix OC
      • PSU:
      • Corsair HX850 850 W Full Modular 80 Plus Platinum
      • Case:
      • Corsair Carbide 330R Ultra Silent Midi Tower
      • Operating System:
      • Win 7 Ultimate x64 (using wufuc to allow Win7 to run on this CPU)
      • Monitor(s):
      • BenQ GW2765HT LED IPS 27 inch 2560x1440
      • Internet:
      • Virgin Media 380Mb

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    What operating system do you need AV for? If Win7 then get the free MSE direct from Microsoft from the following link - with a firewall enabled you will not be at risk
    https://support.microsoft.com/en-gb/...tials-download
    If Win 8, 8.1 or 10 then Windows Defender is built in and you don't need to download AV - just ensure it is running.

  3. #3
    Registered+
    Join Date
    Dec 2009
    Posts
    30
    Thanks
    3
    Thanked
    2 times in 2 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Thanks BB.

    It's W10.

    Am I just far too old-school to trust Windows Defender? I think so. But clearly I need to revisit my views.

    I'm currently using Kaspersky Internet Security for anti-virus duties, FWIW.

  4. #4
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,102
    Thanks
    501
    Thanked
    1,041 times in 885 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    That timing made perfect sense back in the dial-up days when a PC would be directly connected to the internet.

    If you are on broadband and going through a router, people can't directly connect to your PC from the outside thanks to the router firewall and address translation. That helps a lot.

    I don't think the Windows Defender is much worse than other virus programs, they all seem to cause problems occasionally. I would try and get it to update itself as soon as possible after install though.

    So my usual sequence is:
    * Install Windows 10.
    * Update Windows built in antivirus.
    * Force any other OS updates to install.
    * Use Edge browser to get Chrome.
    * Optionally, install other virus scanner (I use Avast, but on lightly used machines I might not bother).

  5. #5
    Senior Member Jonj1611's Avatar
    Join Date
    Jun 2008
    Posts
    3,386
    Thanks
    814
    Thanked
    343 times in 285 posts
    • Jonj1611's system
      • Motherboard:
      • Gigabyte Gaming 5 X370
      • CPU:
      • Ryzen 7 1700X
      • Memory:
      • 16GB DDR4 3000Mhz
      • Storage:
      • 500GB Samsung 970 EVO, 1 x 1TB, 1 x 2TB
      • Graphics card(s):
      • 8GB EVGA GTX1080 FTW2
      • PSU:
      • EVGA 750W SuperNova G2
      • Case:
      • Coolermaster H500
      • Operating System:
      • Windows 10 Pro 64-Bit
      • Monitor(s):
      • Acer 31.5" QHD IPS LED
      • Internet:
      • Virgin Fibre

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    The chances of you connecting to the internet and getting attacked by "hackers" is incredibly slim, connect to the internet and patch your machine. Worry less
    Jon

  6. #6
    Registered+
    Join Date
    Dec 2009
    Posts
    30
    Thanks
    3
    Thanked
    2 times in 2 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    I like the last sentiment, Jon

    Yeah, I should really find the articles I mentioned (possibly from Ars) which seemed to suggest things even behind a NAT had been got. But, well, that might be a figment of my imagination - it seems implausible.

  7. #7
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,102
    Thanks
    501
    Thanked
    1,041 times in 885 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Retne View Post
    I like the last sentiment, Jon

    Yeah, I should really find the articles I mentioned (possibly from Ars) which seemed to suggest things even behind a NAT had been got. But, well, that might be a figment of my imagination - it seems implausible.
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched

  8. #8
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    19,381
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Jonj1611 View Post
    The chances of you connecting to the internet and getting attacked by "hackers" is incredibly slim, connect to the internet and patch your machine. Worry less
    That is true provided you are behind a router’s firewall with NAT and no open ports (or if you do have open ports, you know why and have taken appropriate additional precautions)

    A computer connected directly to the internet without those precautions is vulnerable to attack. That doesn’t necessarily mean it will be hacked, but the risk is considerably higher, especially if, like many users, your routinely operate with admin privileges.

    Even if you are connected behind a firewall, you should create a low privilege user account for everyday use, and only use your admin accounts for system administration. You should also configure windows defender and firewall to restrict access as much as possible, while still doing what you need to do with the machine.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  9. #9
    Senior Member
    Join Date
    Mar 2005
    Posts
    4,593
    Thanks
    145
    Thanked
    311 times in 249 posts
    • badass's system
      • Motherboard:
      • ASUS P8Z77-m pro
      • CPU:
      • Core i5 3570K
      • Memory:
      • 32GB
      • Storage:
      • 1TB Samsung 850 EVO, 2TB WD Green
      • Graphics card(s):
      • Radeon RX 580
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG02-F
      • Operating System:
      • Windows 10 X64
      • Monitor(s):
      • Del U2311, LG226WTQ
      • Internet:
      • 80/20 FTTC

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched
    Exactly this.
    "In a perfect world... spammers would get caught, go to jail, and share a cell with many men who have enlarged their penises, taken Viagra and are looking for a new relationship."

  10. #10
    Senior Member Jonj1611's Avatar
    Join Date
    Jun 2008
    Posts
    3,386
    Thanks
    814
    Thanked
    343 times in 285 posts
    • Jonj1611's system
      • Motherboard:
      • Gigabyte Gaming 5 X370
      • CPU:
      • Ryzen 7 1700X
      • Memory:
      • 16GB DDR4 3000Mhz
      • Storage:
      • 500GB Samsung 970 EVO, 1 x 1TB, 1 x 2TB
      • Graphics card(s):
      • 8GB EVGA GTX1080 FTW2
      • PSU:
      • EVGA 750W SuperNova G2
      • Case:
      • Coolermaster H500
      • Operating System:
      • Windows 10 Pro 64-Bit
      • Monitor(s):
      • Acer 31.5" QHD IPS LED
      • Internet:
      • Virgin Fibre

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by peterb View Post
    That is true provided you are behind a router’s firewall with NAT and no open ports (or if you do have open ports, you know why and have taken appropriate additional precautions)

    A computer connected directly to the internet without those precautions is vulnerable to attack. That doesn’t necessarily mean it will be hacked, but the risk is considerably higher, especially if, like many users, your routinely operate with admin privileges.

    Even if you are connected behind a firewall, you should create a low privilege user account for everyday use, and only use your admin accounts for system administration. You should also configure windows defender and firewall to restrict access as much as possible, while still doing what you need to do with the machine.
    Yes I agree with that but maybe my idea of connecting to the internet is different, I wasn't referring to surfing the net, I was talking about connecting to broadband or whatever and then getting the patches/updates for your machine. I would be extremely surprised if anyone would be "hacked" or attacked in that scenario.

    My very example was based on the OP who said they need to connect to the net to get patches but are worried about being hacked.
    Jon

  11. #11
    Senior Member
    Join Date
    Aug 2016
    Posts
    970
    Thanks
    129
    Thanked
    208 times in 160 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    There are things like drive by java or flash attacks where just visiting a web page gets you infected. Hence my sequence above, use Windows update to get Microsoft's built in anti virus etc up to date before you hit the web. But even then if you just pile in the risks aren't that bad compared to older versions of Windows with direct internet connections where the time to patch was twice the average infection time if you weren't patched
    The other thing to bear in mind is exactly whatvis being done with the "at risk" system.

    If you're browsing all over the net, and if that includes some less savoury sites, then the risk is considerably higher than if you ONLY connect to update the OS and get specific application patches, from trustworthy sites.

    I'd accept that there's a risk, even with those trustworthy sites, but it's pretty small if you connect, do the updating, then disconnect.

    And let's all remember, regardless of what we have installed, or what precautions we take, connecting at all implies an element of risk. All our precautions, settings and defensive software/hardware can do is minimise it, not eliminate it.

    Which is partly why several of my machines are on an old WinXP network (wired, no wifi) and air-gapped. Everything, including XP, simply works, does what I need and expect of it, so I don't upgrade anything on that. The instant I were to connect, an risk surface is exposed to attack. No connection, no attack .... unless someone physically breaks in and evn that risk eliminates about 99.999% of potential hackers by sheer geography.

    This is all about a balance between risk levels and the tije, effort, expense and system slow-down resulting from defending.

    So one strategy retne might consider, if the net connection is only needed for OS updates and some patches, is something like your basic precautions, and then staying disconnected the rest of the time.

    Risk free? Nor entirely. But minimal risk? I'd say so.

  12. #12
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    19,381
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    The other option for risk free surfing is to use a CD/DVD live version of Linux with no hard drive on the system. When you have finished, switch off and everything is gone.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  13. #13
    root Member DanceswithUnix's Avatar
    Join Date
    Jan 2006
    Location
    In the middle of a core dump
    Posts
    10,102
    Thanks
    501
    Thanked
    1,041 times in 885 posts
    • DanceswithUnix's system
      • Motherboard:
      • Asus X470-PRO
      • CPU:
      • 3700X
      • Memory:
      • 16GB 3200MHz
      • Storage:
      • 1TB Linux, 1TB Games (Win 10)
      • Graphics card(s):
      • Asus Strix RX Vega 56
      • PSU:
      • 650W Corsair TX
      • Case:
      • Antec 300
      • Operating System:
      • Fedora 30 + Win 10 Pro 64 (yuk)
      • Monitor(s):
      • Benq XL2730Z 1440p + Samsung 2343BW 2048x1152
      • Internet:
      • Zen 80Mb/20Mb VDSL

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by Saracen999 View Post
    If you're browsing all over the net, and if that includes some less savoury sites, then the risk is considerably higher than if you ONLY connect to update the OS and get specific application patches, from trustworthy sites.
    The worst risk seems to be embedded into the adverts that sites use. That's why I said to delay firing up the browser until Windows Update says there is nothing more to patch. You might not get an optimal system just using update (video drivers will probably suck for starters) but it should get you a safe baseline with minimal effort or complexity.

  14. Received thanks from:

    Saracen999 (06-08-2019)

  15. #14
    Senior Member
    Join Date
    Aug 2016
    Posts
    970
    Thanks
    129
    Thanked
    208 times in 160 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Agreed, DwU.

  16. #15
    Admin team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    19,381
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by DanceswithUnix View Post
    The worst risk seems to be embedded into the adverts that sites use. That's why I said to delay firing up the browser until Windows Update says there is nothing more to patch. You might not get an optimal system just using update (video drivers will probably suck for starters) but it should get you a safe baseline with minimal effort or complexity.
    Another good reason to use PiHole.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  17. #16
    Senior Member
    Join Date
    Aug 2016
    Posts
    970
    Thanks
    129
    Thanked
    208 times in 160 posts

    Re: Don't connect to the internet (hack threat) but connect to get antivirus and OS p

    Quote Originally Posted by peterb View Post
    Another good reason to use PiHole.
    /Note to self - get butt in gear and do this.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •