Victory or Defeat

Installation of service packs , enthusiastically recommended by many security specialists, eliminates most security holes that had been detected when the specific service pack was developed and released. However, many security holes remain that were not detected . Therefore, the situation in general remains the same. It is better to find a simple and practical solution that eliminates the holes instead of fussing on every occasion. This is the more so if you consider that Microsoft stops supporting "obsolete" operating systems and browsers, but the prospect of migrating to the "superprotected" Windows XP doesn't make hackers like me rejoice. I'd be better off to immediately migrate to FreeBSD.

Unfortunately, it is impossible to invent a universal heal against all troubles. Nevertheless, it is realistic to improve the protection of your computer. Go to ControlPanel , choose the Internet Options applet, and go to the Security tab. Press the Custom Level button to open the Security Settings window (Fig. 7.5). Make the browser ask your permission for launching programs and files in an IFRAME and executing ActiveX scripts in all security zones (Internet, local intranet, trusted sites and restricted sites). Most sites are displayed normally without scripts. As regards sites, on which scripts are required, it is possible to enable them explicitly (however, these must be the reliable sites of large companies, not the tanks full of viruses).

Figure 7.5: Security settings in the browser

An even better approach is installing VMware and starting the browser under control of the virtual machine. In this case, it is possible to safely surf the Internet without fearing that your computer will be infected. VMware protects only against attacks on the browser, not against those on the operating system. Therefore, you'll also need a firewall. In Windows XP, there is the built-in Windows firewall. For fans of Windows 2000 (I also prefer this operating system), I strongly recommend installing Sygate Personal Firewall 4.5 (it is free for home users). Newer versions are no longer freeware.

Working with virtual machines is not convenient . They require a large amount of memory and powerful processors. A compromise would be to create a new user account with limited permissions ( Control Panel ’ Users and passwords ), restrict its access to all valuable folders and documents ( File properties ’ Security ), and start Internet Explorer and Outlook Express on that account ( Shortcut properties ’ Run as ).

When saving Web pages to the disk, bear in mind that when HTML files are opened locally, Internet security settings are not enforced. Thus, Java scripts and floating frames are executed automatically, without asking the user's permission; therefore, the virus can easily infect the main host system.