»

[Tesral]

Anyone with an Amiga out on the net, check out this site.

http://grc.com/nat/nat.htm

Yes, only the lamest person in the world writes Amiga worms, but with only super-user mode on the Amiga every bit of security you can add helps. And it works for any computer on a broadband connection, regardless of the OS.

In the septic broth that is the Internet you need every edge you can get.

[Zac67]

This is just standard NAT routing - what's so special about it?
If you just hook your Miggy to the 'net for browsing, you've got nothing to worry about anyway; apart from being an extremely exotic platform not worth attacking there are simply no services anyone from outside could connect to.
However, if you're running network services (SMB, FTP, ...) then you must secure them one way or another, and NAT's one of them. ;-)

[Tesral]

Quote:

Zac67 wrote:
This is just standard NAT routing - what's so special about it?
If you just hook your Miggy to the 'net for browsing, you've got nothing to worry about anyway; apart from being an extremely exotic platform not worth attacking there are simply no services anyone from outside could connect to.
However, if you're running network services (SMB, FTP, ...) then you must secure them one way or another, and NAT's one of them. ;-)

That fact that "standard NAT routing" is an effective firewall against incoming crud. I don't trust the Exotic Platform thing. Security by Obscurity works into the day it doesn't. Then it is too late.

I also am one of doubtless many Amiga users that has other platforms as well. In my case Linux boxes. These computers also need protection, certainly more protection than Amigas. Linux by itself is a robust system, but you can never be too safe. And even an Amiga can use a little help.

[Piru]

While GRC has some useful tools and info, the website is really silly in presentation. There is nothing special in any of the things covered there, yet it is presented as something ubercool and unique and something never heard of before (try using their security scan tools). Also they're overzealous about leaking ANY info of your system. I'd claim that having auth service open to everyone isn't a security risk.

Ok, this is mostly whining about the style, GRC facts are mostly correct.

Yet, NAT is just one way of protection.

Regarding AmigaOS and internet security: AmigaOS is inheritly insecure due to lack of memory protection and stoneage TCP/IP stacks and services. There are numerous apps that use the unfiltered data passed to the app from the net. It's trivial to crash amiga connected directly to the internet. I'd never connect any Amiga directly to the internet, and I strongly suggest no-one does. Use NAT and/or firewall (linux or bsd boxen, or some hw firewall solution).

[mikeymike]

Tesral, seriously, you need to stop reading grc.com. It consists of semi-sensible security advice in a "the marsians are coming" wrapper.

[mikeymike]

Quote:

Security by Obscurity works into the day it doesn't. Then it is too late.

Half-correct. If you employ security through obscurity as one of the methods you use to protect a computer system, it works nicely.

For example, you're running a machine with a service allowing remote users to log in. Let's say FTP. Now run the main part of the service over a non-standard port, say port 4242. 99% of port scans won't identify it properly, and suddenly you go from having big log files full of failed login attempts to almost completely clean ones.

[Tesral]

Quote:

Ok, this is mostly whining about the style, GRC facts are mostly correct.

Yet, NAT is just one way of protection.

I don't give a flying fig about style. The fact are correct.

Yes, Nat is only one layer. However it is a good layer, and an easy one to acquire and use.

[Tesral]

Quote:

mikeymike wrote:
Tesral, seriously, you need to stop reading grc.com. It consists of semi-sensible security advice in a "the marsians are coming" wrapper.

And if you hang an unprotected windoze box on the net it will not last an hour (A good reason to not use windoze if I've ever heard one.). That too is a fact. It is hardly tinfoil hat paranoia to protect yourself against what is real.

It is folly to reject a truthful message because you don't like the messenger.

[Hyperspeed]

I tend to favour the theory that paranoia keeps you alive.

I read about the NAT thing before but didn't like it for some reason, I think it totally stopped the ability for you to offer FTP services and stuff and buggered with POP3?

Not sure. I wouldn't use a wireless network if it was the only option left on the planet - you know you can hijack those from an aeroplane? Some guy was recently jailed for war chalking in London too, the first conviction of it's kind.

I've written to Virus Help Denmark about Amiga security as I believe a good virus checker could incorporate Ad-Aware/Spybot style TCP monitoring and warnings of cookies etc. In fact whenever I exit Voyager 2 on the net it always seems to send data to the modem for some reason. Wouldn't mind knowing what it's doing and where this data is going!

It's amazing how much data can be transmitted in a few bytes file hidden in RAM:Env/ also... some rogue software only needs to keep a file here updated with a keystroke or two and it could make off with passwords, not to mention taking screenshots and altering binaries!

On another note, when the martians do come I hope they're the 3-breasted kind from Total Recall.

:-D

[Dr_Righteous]

What I want to know is, when was the last time someone actually wrote a VIRUS?! Seriously... Any kiddie can write malware scripts. Actual viruses seem to be a thing of the past. You actually had to (for lack of a better term) respect the guys who wrote real viruses. Scripts and worms are about as creative as a 9 year old with a can of black spraypaint.

[Tesral]

Quote:

Dr_Righteous wrote:
What I want to know is, when was the last time someone actually wrote a VIRUS?! Seriously... Any kiddie can write malware scripts. Actual viruses seem to be a thing of the past. You actually had to (for lack of a better term) respect the guys who wrote real viruses. Scripts and worms are about as creative as a 9 year old with a can of black spraypaint.

Why work that hard when microsoft makes it easy. Where do you want to go today?

[kd7ota]

Well, reading this thread really didn't appeal to me.

Internet security? Hah, I know a good security, and that being not browsing through porn or warez sites! :-D

I do not have a virus scanner because its useless to me. I never had a single virus in about 2 years. If you are smart about browsing the internet, then you are safe. My windows xp with SP2 helps it ALOT. Least SP2 prevents alot of the ActiveX content that auto installs itself withour your approval, thats one big way of messing up stuff.

Only firewall I have is the standard XP one, and that has done a fantastic job. No adware has yet installed itself on this computer.

The main key is, don't browse sites that you know will try to infect your machine. :-D

(Post not to be taken personally. ) :-D :-)

[mikeymike]

Quote:

And if you hang an unprotected windoze box on the net it will not last an hour

What do you mean by unprotected? My home PC (with broadband connection) has no firewall and no active AV, is that unprotected? It hasn't been victim to anything "getting in" (virus, trojan, whatever), and I've had broadband for about 5 years. That I know how to tweak Windows to close all Windows-related ports, so that it hasn't been vulnerable to anything so far, and that I keep it patched (but not too aggressively), has something to do with that I think.

Quote:

(A good reason to not use windoze if I've ever heard one.). That too is a fact. It is hardly tinfoil hat paranoia to protect yourself against what is real.

It is folly to reject a truthful message because you don't like the messenger.

A little paranoia is good. Grc.com-fueled paranoia is too much, as your post shows because you've gone into tin-hat mode rather than discussing specifics.

----

@ whoever posted this

Quote:

Not sure. I wouldn't use a wireless network if it was the only option left on the planet - you know you can hijack those from an aeroplane?

Christ. Yeah, if you're not willing to secure something, including your car, you shouldn't have one. There are plenty of information sources on the Internet for securing wireless networks. A properly-configured wireless network is fallible, just like any server is to a brute-force attack, but there is no such thing as perfect.

[Waccoon]

Quote:

And if you hang an unprotected windoze box on the net it will not last an hour (A good reason to not use windoze if I've ever heard one.). That too is a fact.

Bull!

Dammit, if everyone just screams, "Blame Microsoft!", nothing is ever going to improve. People need to understand what the problem is before it can be fixed. The biggest killer of comptuers is stupidity.

99% of all infections come from idiots that voluntarily install every damn piece of software imaginable on their machines without so much as a blink. I see it every time I fix someone's computer. Computers are tools, and if you don't know how to use a tool, you're liable to cut your own leg off with it.

I have no anti-virus or anti-spam software on my machine. I also regularly use IE when FireFox decides it doesn't want to boot up anymore, and Outlook Express has been my e-mail client for a decade. My system is clean as bleach. Miracle? Of course not. I just have a retail version of Win2000, and don't have AIM on my computer. :-)

The real problem is all those OEMs that have garbage pre-installed on the hard drive. People blame Microsoft for lots of things that aren't even built into Windows. They tell people to relax because their uber-cool software will handle everything and keep people safe. Yeah, just pay up and all will be fine. No, no... don't learn anything about how crap gets on your system... just buy our junk and you can confidently install every free game and trial offer you come across. You'll be safe! Honest! Oh yeah, and don't forget to click "Yes" every time you see an ActiveX prompt, without reading the security disclaimer. Always saying "Yes" is good!

Besides, if something goes south, you can always yell at everyone's favorite scapegoat. That's a lot easier than going through all the trouble of, oh, actually learning what you did wrong.

Oh yeah, and some things are universal across all OSes. If you observe MikeyMike's FTP example, you'll notice that it works the same way regardless of what OS (or even which FTP server) you use. The belief that Linux and Macintoshes are immune to attacks is bunk. Ask any server newbie that had his Linux/Apache machine hacked.

[fx]

Well said ... But I must say I actually managed to get a Virus in Windows XP SP1 when I was surfing directly connected to the Internet via Dial-up some month ago. I used IE because I was not gonna stay online for long and it would take forever to download Firefox on Dialup. Oh, and I was not surfing any porn or warez sites, I mostly downloaded stuff from Aminet.