quote:

ORIGINAL: berndn

The problem is not which AV solution you prefer. It's about the security stuff itself. The adobe security hole was known for some time. You had to rename a dll until weeks later Adobe had fixed it for the major versions.
Still I see lot of people with Reader 5/6/7 which are not updated

• Replace Acrobat/Adobe Reader with Foxit Reader.
  Foxit has a Java Script Console, so just make sure you disable java script in the preferences. Remove Adobe Reader from your system.
  
• Replace tools like Quicktime or RealPlayer with alternative plugins or tools. The neat side effect here is that QT's/RP's update/monitor processes won't load with windows anymore. (You might want to make sure to rename or delete files like QT.exe and other remaining files manually though, as registry entries may try to reinstall update routines on next boot).

quote:

ORIGINAL: Microsoft Bulletin from May 2009
("Null Byte overwrite vulnerability")

"Microsoft is warning against a critical security hole in DirectShow which allows attackers to control the affected system in case the user opened a specially made Quicktime media file."

• Always use more than one AV program. Make your main AV your the active AV-Shield that scans on read/write, and disable the other programs' shields. Then use the several AVs to scan all your drives/memory regulary. Make sure you scan EVERY file, because many scanners just use scan filters, which exclude alledgedly unimportant/harmless files. You want to scan more than just the usual suspects (like exe- or dll files). If your AV-program put a suspicious file (say a game dll) in quarantine, you can try to verify if it's a false alarm or not.
  Go to one of those online file-scanners and upload the file, there are some scanners that will check the file with up to 20 different AV scanners. You get a good idea about the accuracy/integrity of your main AV program that way, too. I've had a file here that was flagged as Virus by Avira's AntiVir version 9, but none of the other scanners on the online-platform would report an infection. So, AntiVir's heuristics settings were just too aggressive, producing a number of false alarms.
  
  
• Make sure you have a firewall that reports outgoing traffic (and the file- or process name that wants to contact external IPs) as well. There are still firewalls that don't display or document outbound traffic. If you have a good firewall, and if you know what you're doing, you can at least avoid that some malware injections (the malware/virus downloader or virus server - injected by visiting a website, or launched by the user, when executing unsafe/downloaded files) won't be able to contact external sources in order to download the actual main virus. Given, there are quite some cases where even the attempt to download the main virus may not be detected by the user, in case the virus code uses system processes and tunneling.
  
  Still, on XP, for example, in- and outbound traffic from/to Windows' "generic host process" should make you suspicious, even though the particular file (svchost.exe) is a legal component of windows, and even though the svchost process is needed; it may run in multiple instances (sometimes up to 5). There are viruses that pretend to be an instance of this legal process, but some viruses are able to just use such legitimate processes (as vehicle) to establish contact to external IPs to pull the main virus .... or, even worse, to grant remote access, acting as a server.
  I created a rule on my rig, that this process is not allowed to establish/accept UDP or TCP connections.
  
  
• Create a rule in your firewall that your machine does not reply to incoming ping requests (ICMP -> echo requests), many firewalls establish these rules (no incoming/outgoing ICMP) as default rule on installation.
  Hackers who scan multiple IP ranges will then think that your rig is either stealth or that the machine behind your particular IP is not running. They will head to the next IP range, in most cases, and won't bother to find an open port or to attempt a DOS (denial of service) attack.
  
  
• Disable Windows message system (used for admin messages), you can find a tool to disable it on the Shields Up page (link below).
  
  Google for tips regarding disabling services (start buttoon -> RUN -> "services.msc" on XP) that aren't needed but are in fact security risks. Disable services like the Taskplaner, the DHCP-Client (if you don't run a local PC-network), Universal Plug and Play. There are many tutorials on the net, delivering some insights regarding what services are really needed.
  
  The following URL is a translation (by google) of a German site, that contains a list of Windows services and tells you which services are really needed. Scroll down to view the chart containing Windows services. If you want a safe but fully functional (internet, printers, network) setup you can go for the "Recommended settings", but if you want to play it really safe (say you have a PC you use for your business only, or a rig you use for offline gaming ONLY), you can go for the "Tuner settings". You can even include some tuner settings if you go for the rec'ed settings, but should really know what a particular service does and what part of your system won't work IF you disable it.
  
  http://translate.google.com/translate?prev=hp&hl=de&js=y&u=http%3A%2F%2Fwww.windows-tweaks.info%2Fhtml%2Fdienste.html&sl=de&tl=en&history_state0=
  
  There are similar english webpages, but I found this German list to be the most complete one.
  
  
• Review the processes in your task list, and get some infos about internal (legit) windows processes and external (3rd party) processes here:
  http://www.answersthatwork.com/Tasklist_pages/tasklist.htm
  
  That page provides a list (alphabetically sorted) of all kinds of processes, and gives you a rough idea what a particular process might do, or which program had placed it in your batch of background processes. I am not sure how many VISTA processes made it into that list, but it's a decent source and some of the listed system processes might have been carried over to VISTA, too. If you can't find it here, just google a suspicious or unknown process. Again, you should check some reviews and get an external (freeware) process explorer, since the task manager won't show each and everything.
  
  
• Check if you have open ports. This may happen even if you have a software firewall.
  You can use sites like "Shields Up" or "Leak test" to get an idea how vulnerable your machine is:
  http://www.grc.com/default.htm
  
  https://www.grc.com/x/ne.dll?bh0bkyd2 (Shields Up)
  Use the buttons ("common ports", etc) to have the page scan your computer's common ports (service ports), pretty much the first ports below port 1024 (IIRC). Port 135 may be open on some machines, depending on what service pack you have. The site offers advice on how to close such ports. In case you are using a firewall (which you should do, and not just Windows' firewall :P) all ports should be closed (at least), if rules are set up properly and if ICMP requests are being blocked, they should be "stealth". Play around with the several buttons on the shields page. You can enter particular ports too, or move your mouse pointer over the results image, each block displays a port, and provides you with an idea what particular port is needed for what job/traffic.
  Example, in theory your browser only needs port 80 for browsing and port 443 for SSL-connections (e.g. for secure connections to member areas or online-banking), and maybe port 21 for FTP-connections, all via TCP. Incoming or outgoing requests on say port 53 and via UDP isn't necessary at all, and most likely an attempt to exploit stuff from a remote location. Firewalls are only useful if the user knows what he's doing, or if the Firewall employs an intelligent automated rule system that caters for such events.
  
  http://www.grc.com/lt/leaktest.htm
  
  
• Employ a custom "hosts"-file:
  
  http://www.mvps.org/winhelp2002/hosts.htm
  
  This host file will block tons of adware, ads on webpages, and sites that had been reported to contain malicious code/viruses.
  An additional (often underestimated) source of viruses/malware are innocent looking ads on webpages. The webmasters of the pages are often not able or not willing to inspect the content of the ads, especially if ads are handled by external trafficholders that keep rotating banners and ads. Injecting malicious code often happens through these ads, not just through bogus mainpages, and the original website may still be totally legitimate and trustworthy.
  
  EDIT: The HOSTS file is updated regularly, and if you're using it, it wouldn't just act like a banner-washer (as most advertizing networks can't be contacted anymore, since the hosts file re-routes the http-request to 127.0.0.1, a local IP on your machine, resulting in a message like "destination unreachable" in advertizing windows or frames), but it acts also as a security measure protecting you against well known and even new malicious websites.
  
  I don't recommend using the "restricted zone" rules and filters for Internet Explorer listed on the URL above, as it's easy to confuse buttons and rules, so that you end up allowing dangerous sites to get in the trusted zone. You have to know what you're doing. With the hosts file, it's easy to add your own URLs, plus you can disable the hosts file with a short batch file, in case you want to view all contents (or popup windows) on trustworthy sites. You can also use the hosts file as your custom "parental"-filter that way, as kids will never figure how to ship around these entries.
  
  I wrote a tiny script for use on XP to execute the renaming of the hosts file, which has no file extension, in order to en/disable the filter. I rarely use the batch, but it may be useful for other people:
  
  

  ECHO OFF
  ECHO Starting batch file....
  ECHO **********************************************************
  ECHO *      Renaming hosts.bak to hosts.alt                   *
  ECHO *      Renaming hosts     to hosts.bak                   *
  ECHO *      Renaming hosts.alt to hosts                       *
  ECHO *                                                        *
  ECHO *                                                        *
  ECHO **********************************************************
  copy c:\Windows\system32\drivers\etc\hosts.bak c:\Windows\system32\drivers\etc\hosts.alt
  copy c:\Windows\system32\drivers\etc\hosts c:\Windows\system32\drivers\etc\hosts.bak
  copy c:\Windows\system32\drivers\etc\hosts.alt c:\Windows\system32\drivers\etc\hosts
  echo **********************************************************
  echo *                   Files have been renamed.             *
  echo **********************************************************

  
  
  In case someone knows a better/smarter way of doing that, then i'd be pleased to get a hint. [:)] In order to get this batch thing to work properly, you have to rename the original windows HOSTS file to hosts.bak first and then you just paste the hosts file from the website in the windows folder displayed in the code.
  
  
• Use alternative browsers, like Firefox and/or Opera.
  
  
• Use alternative Email-programs like Thunderbird.
  
  
• Disable Java-Script in your browser, and enable it only if you really need it to view trustworthy content. You don't drive cross-country with your Luxury limo where you could employ your good old dirty 4-wheel pickup instead, right?
  
  
• Only install the JAVA runtime environment if you really really need it. JAVA is starting to get really popular, as it's way more powerful than java script applets or flash-content. Many pages don't look like they'd be java pages, but they are in fact already packed with the stuff. Uninstall JAVA if you don't need it for a particular game or app.

quote:

ORIGINAL: junk2drive

I use ZoneAlarm so at least I get warned if something is trying to go outbound.