Skip to comments.Computer Question: Security, Windows XP vs Windows 7 Ultimate
Posted on 07/05/2011 12:46:30 AM PDT by Yosemitest
Thanks, you agree with post #85
Another neat thing about virtual machines is, you can have two, three, many virtual machines on the same Mac. All they take up is disk space (and RAM, but only when they're running). You could put your TurboTax and other sensitve stuff in one VM and keep all the rest in another and only start up the TurboTax machine when you actually need it.
And, I'm pretty sure TurboTax exists for the Mac, anyway, so maybe converting to Mac native is the way to go.
I want to keep using my notes in MY Documents on FR with political and religious responses.
Stuff like that is probably a prime candidate for conversion to Mac native, depending on what you've been using to keep your notes.
So what security would you recommend if I use Windows 7 with Parallels under IMac?
Would Online Armor++ be enough or would you use Eset, Zone Alarm?
Most of the notes are on Notepad or Word.
Online Armour is a great software for security if you’re intrested in a premium purchase and subscription expense.
The subject is quite contentious, but my recommendation for no purchase / subscription expense product is Comodo Internet Security FREE. They do have a licensed version, but the extra bell and whistle IMHO can be done w/out. Unless the user absolutely needs someoby to hold their hand (24/7 phone support may have its merits)
It has all the protection of FWBuilder, IPTables and Squid for ‘Nix systems. Its AV is very good. Quite frankly, if anything gets through a properly configured Comodo firewall & HIPS (host intrusion protection) it is because the user allowed that to happen and they deserve their malware infection. Just like the law, ignorance is no excuse.
That nowtisthstanding, Comdodo does require some user expertice with regards to configuration for ultimate protection. The neophyte user settings are pretty good though. Configuring Comodo for maximum protection will force the user to become intimately familiar with normal functionality of their system. THAT is the first defense against becoming hijacked and infested.
No sane user would rely on a ‘blackbox’ for their security and anti-malware software though; it is naivete at its most foolish epitome.
I would strongly recommend against using Zone Alarm for a firewall.
I agree. I just want a system that I don't have to spend sooooooooo much time defending from malware. Most of my friends that have switch to the IMac/Apple are very happy. But many of them still need a Windows based platform to respond to some of the task the military requires of them, such as responding to home family when overseas, or e-mail attachments. But slowly they're weeding out Microsoft, and eventually won't need it anymore."The only thing that matters is how hard it is for me to keep my computer exclusively under my control."
It is natural for a multiuser operating system to have better robustness than an OS which is initially designed with the naive assumption that the owner of the computer will actually be in direct control of all inputs. Even sneakernet communication via floppy disks put paid to that idea. And as for the enormously powerful, thus unavoidable, Internet . . .
Mac OS X, as you likely know, is reallyo trulio Unix. Pretty much the gold standard for robustness, in my understanding.
I'm not sure I've seen your handle on Swordmaker's Apple threads, so I'll mention that as you contemplate the switch to a Mac you could do worse than to tune in. That thread is about Mac security and the Skype issue, a good place to start if you're not already on board. In Reply #11 on that thread, Swordmaker advises on how to switch your routine operations account to a standard, rather than an Administrative, user in order to limit the vulnerability of your system.
64-bit computing isn’t “poppycock”. That alone is worth the move to W7.
Sounds good. Thanks for the link.
It looks like you can do everything you want to do on a Mac. To read and edit your documents (MS Office files) on a Mac, you’ll need to download OpenOffice (free) or buy Apple iWork ($50) or MS Office for Mac ($200 and up, unless you’re a student). Your pictures will all open natively. My old saved TurboTax files are PDFs, which will open on a Mac. TurboTax will also run on a Mac from either the CD version or the web-based version.
Since you just want Windows for comfort as opposed to there being an app that needs Windows to run, I wouldn’t spend money on a new version. Just use whatever version of XP you already have lying around. All your stuff going forward will be from your Mac so you really only care about backwards compatibility, not forwards compatibility. For security, there are a few good free suggestions in this thread, but you can just set up my Windows VM installation so that it can’t access the internet. You can do all your email and web browsing on the Mac, and manually move files back and forth if there is a need to do something in the Windows VM. Then you don’t have to worry about security at all.
Mainstream full Windows support is minimum five years after release, or two years after the release of the successor product. Microsoft offers extended support five more years, or two years after the second successor product. Security fixes are available to the public during this period. That means you will get at least security fixes for Windows 7 through minimum 2019.
Microsoft has problems, but their long-term support for systems is very good, far better than Apple.
Sometimes old, poorly-written software has a problem with newer OS versions.
My oldest remembrance of this was the Atari. The OS had various “entry points” for programs to do things, but many developers went directly into the inner OS locations to do things. Atari updates the OS, changing the internals but retaining the documented entry points. Suddenly things stop working.
In Windows I remember the move to FAT32. One program written in the FAT16 days wouldn’t install because it looked at the hard drive directly to determine free space. A FAT32 drive freaked it out, the error handling resulting in the program reporting no free space. This wouldn’t have happened had the program just properly asked the OS for the amount of free space.
Drivers are a different deal though, almost always OS version specific.
Ghost is a pretty awesome tool. One of the few things Symantec hasn’t screwed up.
You should be good to go, then. A good free Notepad replacement on the Mac is TextWrangler.
If your Office needs are reasonably basic (no fancy VBA-based
Excel applications, for instance), you should look at OpenOffice and LibreOffice. LibreOffice is a recent fork of OpenOffice (see the Wikipedia). A group of OpenOffice developers decided they didn't like the direction Oracle was taking with the assets it had acquired in its acquisition of Sun. OpenOffice / LibreOffice document files are interchangeable with Microsoft Office (as long as you avoid certain advanced features, such as macros).
Another Mac pointer: I rarely use the Dock. I keep it hidden below the bottom of the laptop monitor, configured to appear only if I move the mouse there. I might check it once in a while to access the wastebasket or check status.
To launch apps, I use Spotlight. I type Cmd-Spacebar. The Spotlight textbox appears in the upper right. Then I type a few characters of the app's name (e.g., F-i-r or C-h-r), whereupon Spotlight instantly locates the app (Firefox or Google Chrome in this example). Then I hit Enter, and the app launches. Spotlight learns what you tend to look for and prioritizes what you are likely to choose when there are multiple matches. I find using it much easier than managing the Dock or rummaging through the Applications folder.
Another handy use of Spotlight is difficult words. Cmd-Spacebar and type an obscure word. Spotlight will pop a Definition link to the top. Hit return, and the Mac Dictionary opens to the definition.
See http://www.matousec.com/ for more information.
I believe they scored around 37% which I found shocking at the time I was using it. My knowledge is an outgrowth of discovering that both Zone Alarm and Norton System Works Professional 2003 would not install on a Windows Server 2003 Standard. I was able to obtain that O/S gratis due to Microsofts philanthropic program Dreamsparks which entails students licensed copies of various Microsoft titles free of charge. At the time I was taking a college course in Microsft Server Management. I also was able to obtain licenses for Visual Studio 2008 Professoinal, SQL Server 2008 and several others, all for free as a student.
Since I was both long-term unemployed and a student, I nneded to find suitable alternatives for AV & firewall that were free. That's when I discovered that both Norton & Zone Alarm actually fared quite poorly. An AV that scored rather well is Rising. However, investigation reveals that it phones home to China for its AV def updates. You'll do well also with Lavasoft's latest incarnation of Ad-Aware (also free). The boys at Wilders Security forum were speaking very highly of its AV engine a while back. The engine was acquired from another company that had a very high reputation. It is a solid piece of technology.
Malwarebytes is another solid technology to have installed purely for serendipity reasons. Its not so good at prevention, but it scores the highest in removal ability. Its always good to have as a backstop when another anti-malware squawks but can't remove the offense. One never needs to run its manual scan for any real reason except when adjunct AV can not remove a particular infection. One never wants to have to install anything when one is already infected.
I'm very happy with Comodo. I have no interest to get into a political imbroglio concerning it and its competetor's fanbois, nor the business squabble between Matousec and the owners of Online Armour (which frankly I find disgusting), and all the Comdodo competetor fanbois screaming ad hominem at Matousec becuase their pet software fails testing by Matousec.
My security is backstopped with SpyBot Search & Destroy v1.62 and Windows Defender, along with periodic update of HOST file from http://winhelp2002.mvps.org/hosts.htm (which appears to be down at this time). The entries in HOST from mvps.org will prevent navigation to known malware sites. Moreover, Spybot's real-time protection transparently blocks download of cookies from known malware sites. Moreover, its immunize feature adds its own URLs into the HOST file and enters those into the browser restricted zone.
In conjunction with this I have the Content_IE5 folder blocked in Comodo for all executables and archive files thereby protecting me from virtually any drive-by download attack. Furthermore, SVCHost has been hardened so that it can not be tricked to execute anything without permission out of any temp folder.
After a year and 1/2 of operation, the security baseline for the O/S and all applications have been sufficiently established that anything makes the slightest move on my system and Comodo will alert somethings up. Those things that Comdodo monitors and alerts on are:
The firewall is likewise just as robust allowing establishment of global rules for both inbound / outbound screening. It is a true stateful inspection technology, and so unsolicited connection attempts are dropped transparent to the user. Were Comodo firewall excells is in its notificatio of outbound connection attempts. It informs in detail what is attempting connection, where its attempting connection to and what specific IP protocols are being implemented for the connection.
As I indicate Comodo is very comprehensive and very robust. And its FREE. The support forums are outstanding. However, the more proficient, adept and competent the user is specifically concerning networking, internet connectivity protocol, and fundamental operating system functionality the greater degree of hardening that the user will be able to configure. That being said, the default neophyte user config is way better than nothing, and heads and shoulders above all but the highest fee based products.
The two noteworthy competitors in that regard: Online Armour and Swiss based Avira. You could go Comodo sans the AV at installation time and run with Avira and you'd be rock solid. But I'd question why waste the money? Reliance on AV means its already gotton through the HIPS and firewall and now has a beachhead on your system. The user is in trouble at that point regardless of how effective the AV is.
It’s OK, but I don’t recommend running any AV on Macs. Unless you are desirous of preventing the re-transmission of Windows viruses in forwarded emails, there is currently little purpose in running one on an OSX Mac. There are Zero known self-relocating, self-installing, self-transmitting viruses for OSX and only 22 Trojans in five families, all of which are easily avoided and identified by the OS itself which will warn the user if he attempts to download, install, or run one of them. Apple pushes updates to that Trojan identifying system since the MacDefender Trojan reared it’s head. I’m not sure about Intego but at least one of the free Mac AV solutions TURNED OFF the native anti Trojan protection so THEIR AV could report finding some Mac malware... Turning it off was necessary because the OSX Trojan protection intercepted the malware before the AV could see it!
Self-relocating=self-replicating. Dang auto-correcting dictionary.
By Todd R. Weiss, Computerworld | Published: 00:00, 20 February 04
Turn your monitor upside down. Or stand on your head :-p
I rarely hear of Apple support that is not great. In any case, you always get a native English speaker who knows what he's doing, not an unintelligible Indian running a checklist. As to whether the $250 is worth it, that's always a gamble with anything. The Equipment's generally good quality, and Apple been known to support out-of-warranty equipment.
To compare, Dell gives you a year hardware support standard, same as Apple. For the software, you'll get better support than you do with Windows. The only sticker is that in a few years Apple will likely not be actively supporting your version of the OS anymore, and you will need to upgrade to stay current. In the past upgrades cost $129, but lately they've been $39. I've upgraded 10.4 to 10.5 to 10.6, and it's been brain-dead easy all the way through.
With all the free versions and paid versions of software that I've tried, I agree with you about Norton.
I also found Mcafee to be slow to find a problem.
My best finder of problems, short of Online Armor++, was Advanced SystemCare Free (formerly Advanced WindowsCare Personal), but several technicians told me to delete it, because they stole code from other companies.
It was great for keeping Windows in line from registry errors, but several people told me that it probably was the source for my virus problems.
I haven't tried Windows Defender, and I found Windows Security Essentials a major power hog, and it didn't play well with other software, so I uninstalled it.
I really like SpywareBlaster, Spybot-Search & Destroy, CCleaner, RootRepeal - Rootkit Detector, and Secunia Personal Software Inspector.
I also use Malwarebytes Anti-Malware and SUPERAntiSpyware - LIFETIME SUBSCRIPTION.
I need to know how to lock down a folder. Online Armor can lock down a file, but doesn't offer the ability to lock down a folder.
And I need to know how to lock down the Content_IE5 folder. I'm just now learning how to get control of SVCHost but I need to know more about the port In/Out and TCP/UPD controls.
From what I’ve read about Parallels, you have to have a program to firewall and protect the Windows folder under Parallels, as if it were a separate computer.
I think I get it.
If your Mac is the only thing accessing the internet, no. If you have your Windows install accessing the internet, it's sandboxed and you do have to run it as a Windows install... with all the protections you would use as though it were a stand-alone Windows. However, if you are using a virtualized HD file, with a backup, it's trivial to throw out the compromised virtual HD and replace it with a copy of your clean backup and go on your merry way in the matter of seconds.
Thanks, now if I can just remember NOT TO ACCESS the internet when in the windows mode.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.