On 19 Feb 2005 at 6:49, dhbailey wrote: > Mark D Lew wrote: > > > My girlfriend has a WindowsXP system with Internet Explorer, which > > has been terribly buggy for about a month now. The whole time I've > > been telling her -- with playful exaggeration -- that Microsoft is > > evil and IE is garbage and if she had any sense she'd throw the > > whole thing out and get a real browser. Tonight, only a few days > > after a complete clean out of her hard drive and reinstallation of > > everything, which was supposed to fix everything, her IE is crashing > > again. In despair, she has called my bluff. "OK"", she says to me, > > "I'll get rid of IE. So what should I install instead?" > > > > I'm a lifelong Mac person, and I'm not all that computer-savvy > > anyway, so I'm not very good with practical suggestions. I know > > this list has plenty of smart PC users who know how to make Windows > > work without IE. . . .
Actually, you *can't* make Windows work without IE, as MS has hardwired calls to IE in certain context into OS components. MS had no technical need to do this -- they did it simply for the purposes of gaining some credibility in the claims in the DOJ suit that IE was irreversibly intertwined with the OS itself. It was all a lie, and a purposeful effort on MS's part to mislead, for little gain to the end user (and much exposure to vulnerability, as IE is one of the most insecure components of Windows). > > . . . Can someone perhaps tell me what I should suggest > > to my girlfriend? What browser do you recommend instead, and where > > does she go to download and install it? Are there any other simple > > precautions that can be taken, besides declining to open random exe > > files that get sent to her? (That much I know, at least.) She's > > got a high-speed cable connection. > > > > I've been using Netscape forever and have no problems with it. You > can get it at http://www.netscape.com. I know a lot of people have > their complaints about it, and many are using the new FireFox browser > which is available from http://www.mozilla.org/products/firefox/ . . . The rendering engine for Netscape is the same as the rendering engine in FireFox (Mozilla's Gecko, though it's an older version than FireFox; AOL is working on a new version of Netscape based on FireFox). > . . . and > many others use Opera, available from http://www.opera.com > > You'll find devotees of any of these -- I've also got IE on my > computer (WinXPpro) and use it occasionally and have never had a > problem. It's a good idea to simply avoid using IE except on the few sites (like WindowsUpdate) that require IE. There are very few such sites out there any longer. I can think of only one besides WindowsUpdate itself, and that's MSNBC, where the only browser that will properly play their media clips is IE (they browser detect and screw things up, forcing an upgrade to Windows Media Player, which one should avoid like the plague, since the recent versions have terribly crippling DRM features, as well as being massively bloated in comparison to older versions). I also think it's a good idea to never let your web browser (not just IE) connect directlly to the Internet, but to use a browser proxy like WebWasher, which scrubs out ads and other nefarious and annoying web content. Of course, that only really protects you if you also have a firewall that allows the browser proxy to connect to ports 80 and 443, but prohibits your browsers from connecting to anything outside your local machine. That means your browser can't do certain common underhanded things behind your back (like connecting on nonstandard ports via links buried in the HTML of a web page you've retrieved on the standard port 80). > Good luck. > > The biggest precaution she can take is to install an antivirus > program. > I've been using McAfee for the past 4 years and have no problems > with > it. Check it out at www.mcafee.com -- others use Norton Antivirus, > available from http://www.symantec.com/nav/nav_9xnt/ I don't use an anti-virus program myself, but recommend to my clients that they do so, simply because they don't have my technical experience and instincts. There's a very good free AV program, AVG: http://www.grisoft.com/ I have it installed for the occasional instance where I suspect a file and want to install it, as well as the once-in-a-blue-moon case where my machine behaves funny in a way that conceivably could be due to a virus. > The other biggest precaution she should take is to install a software > firewall in addition to the one built into WinXP. Both McAfee and > Norton have them for sale. I use McAfee. The easiest way to protect a PC that is connected full-time to the Internet is to buy a cheap broadband router and place it between your PC and your cable/DSL modem. It's pretty much plug-and-play (I've had clients buy one on my recommendation and install it themselves). What this accomplishes right away is to basic block all your PC's open ports, since these routers use NAT (Network Address Translation), which means your PC has an IP address that is not routable (i.e., not reachable from the Internet; the router takes care of getting round that limitation inside your network, i.e., on the PC side of the router). This means that any exploit that bounces up against your router has nowhere to go, since there's nothing listening on any of the ports on the router. This is quite in contrast to *not* having the router between your PC and the cable modem, where all your ports are blazing open, waiting for connections from outside (though WinXP SP2 apparently shuts down all but a handful of common ports). I do recommend a software firewall, though, because a software firewall can block nefarioius outbound connections. Exploits can get past the NAT router because it blocks only connection attempts and does not scan packets (though there are now firewall devices available in the consumer-level price range that do stateful packet sniffing, as well as content blocking; this means your AV protection could be in your router instead of on your PC; but those devices are more expensive and more complex to administer). Email is the most common vector. Should you accidentally execute a trojan or worm in an email message that your AV software knows nothing about, without a firewall your computer would then be able to communicate with the outside world, allowing someone else to take control of your computer and use it for their own purposes behind your back. Sound far-fetched? It's not! A large proportion of spam today comes precisely from home PCs that have been taken over by Trojans, and are controlled by hackers who sell the use of their network of trojaned PCs to spammers. A software firewall would prevent this, because it authorizes outgoing connections based on which software is requesting the outgoing connection. These things can be a pain when first installed, as you have to go through a whole lot of authorization steps for each of your applications that *should* be allowed to connect through the firewall. But once you've gotten through that, you can simply turn off notification of non-authorized connection attempts and let your firewall software stop all of them. Occasionally you might discover a piece of software that doesn't work, but you can then configure the firewall to allow it. So, these components are what I deem necessary for safe computing on an ordinary end user's Windows PC connected to the Internet full- time: 1. a NAT router (to block incoming connections) 2. a software firewall on the PC (to control outgoing connections) 3. an anti-virus scanner, running full-time 4. complete avoidance of the use of IE for browsing the web (except on the handfull of sites that still require it) 5. complete avoidance of any email client made by Microsoft (because those clients all incorporate IE into both the message display and the UI) -- David W. Fenton http://www.bway.net/~dfenton David Fenton Associates http://www.bway.net/~dfassoc _______________________________________________ Finale mailing list Finale@shsu.edu http://lists.shsu.edu/mailman/listinfo/finale