Posts

Showing posts from November, 2009

Make Windows remote login more secure without using a longer password: set a login lockout

This page has some useful info for making your WinXp remote desktop more secure. I wouldn't follow all the advice, but some of it is certainly useful. I'm a fan of changing the account lockout policy, in particular, since it makes it very hard to remotely connect and guess the password by trying a large dictionary of possible passwords. In short, it sets a limit on the number of failed attempts (per user), after which the account is locked for a specified amount of time (no login allowed, even if the password is right). They suggest a lockout rate of 3/3/3 (attempts/lockout time/reset failure count time), which would limit you to 1 password test a minute. This is the right idea, but for butterfingers here it could potentially lock me out, which I don't like. A better setting is 10/10/10, which would also limit the throughput to 1 guess/min, but would allow me to make up to 10 mistakes before any limit is encountered.

Note: this applies to everything, not just remote desktop. So you can use this to secure other remote login options, like SSHD (I use Cygwin's implementation).


Review: Bit Defender Free Edition - On demand Virus Scan

Many people say you *need* a real-time anti-virus program on your computer that constantly checks for virus infections every time you launch a program or load a document. I say: real time virus scan software can cause almost as much slowdown and crashes as the virus/malware you are trying to protect against. Better to run the scanner just once (on demand) - when you first download a new program. You save on computer resources, and avoid compatibility issues.


Bit Defender offers a free version of their anti-virus/malware scanner that only runs on demand - the big 'feature' they are offering in the non-free version is real-time protection. The download link is here. Note that they give you the hard sell - you have to repeatedly confirm that you really want the free version. A bad sign.

The installation is pretty invasive. Several programs are loaded into memory even when you aren't running a scan - the whole point of on-demand scanning is to avoid this kind of bloat! Also, an item is added to your context menu in explorer, with no clear way to turn it off.

When you start the program it also takes the opportunity to remind you that it's only the free version, and that you should upgrade. Well, that's fair game for any shareware app, but it is annoying, given that other free scanners don't do that. To top it off - the free program expires (in about 100 days, in my case), after which you must reinstall again. I don't think hassling users is a good way to get them to upgrade to the full version.

All in all, it seems that Bit Defender Free Edition is a reasonable choice for cleaning out a known infection, but is too annoying to regularly use as a on-demand scanner. The context menu does make it very easy to scan a file on demand, but at the cost of making your menu all that much more bloated. Give me a "send to" option, or let me drag and drop the file I want to scan. Within the main program have an option where you can select a particular folder for scanning (say, your download folder), and save that as a pre-defined 'task' you can activate with one click next time you start the program. That would be a fine option if didn't insist on nagging you about registering and loading needless programs into memory even when not scanning.

On the whole, I'm unimpressed. HouseCall seems to be a better option; it has fewer options, but works more or less how you want right out of the box, and isn't so annoying.

Review: Trend Micro "House Call" - free On demand Virus Scan

Many people say you *need* a real-time anti-virus program on your computer that constantly checks for virus infections every time you launch a program or load a document. I say: real time virus scan software can cause almost as much slowdown and crashes as the virus/malware you are trying to protect against. Better to run the scanner just once (on demand) - when you first download a new program. You save on computer resources, and avoid compatibility issues.

Today I consider a free On Demand anti-virus program: Trend Micro HouseCall (7.1 beta). This program will scan for spyware and viruses on the folder or disk drive of your choice, and each time you run it, it automatically checks for new updates. Since it's from a major Anti-Virus vendor, it's likely to be updated very frequently. And the interface, as you can see, is very simple. To install, you download HousecallLauncher.exe, which is deceptively small, and actually creates an installation in your Windows Temp dir, and downloads the latest anti-virus signatures. This installation seems to persist after you close the program (nothing stays resident in RAM, however).

Scanning is very fast if you select the default option, but this doesn't check all of your installed programs, so it's a bit misleading. A full scan checks every single file on your computer (independent of file time), and takes a really long time. For on-demand use, select the custom option, and then the directory where the newly downloaded file lives. The program can search inside ZIP files; I don't know about other archive types.

As an on-demand scanner, it's very reasonable, but not 100% optimal, for two reasons. First, it takes a while to load, and second, you have to navigate through the gui to select the target folder to scan (no drag-and-drop or command line options).

Email me

Name

Email *

Message *