How much security? Theoretical question.

[Blackhawk]

I have two computers LANed through a Linksys router, which is connected via cable to the interthingy. One of the computers is used for practically all of the routine tasks - web browsing, downloading, writing, email, image manipulation, and so on. The second computer, the much faster one, is used almost exclusively for gaming, music, and watching the occasional video (it has the good speakers). Both are running XP Pro SP2.

The gaming machine is in need of a reformat soon. I am considering leaving almost everything off of it - just Windows, Opera for the occasional web need, drivers, a few run-on-demand maintenance utilities, and games. No email, no apperance enhancers, no keyboard/mouse programs no goodies, and no security programs. Everything I needed from the 'net would be downloaded on the second machine, scanned, tested, and then transferred over the LAN to the gaming rig.

I'm just looking for some opinions on all of this. I know it isn't the 'ideal' security plan, but with the router acting as a firewall, and no code being run on the gaming machine that isn't either off of a developer's disk or that hasn't been run on my utilility rig first, just how much security is necessary?

I've just gotten a bit sick of things - spyware, adware, and viruses have gotten so intrusive and clever lately that the protective software to prevent them has become more and more inconvenient. The latest Norton has caused me trouble on more than one game. Active spyware blockers, virus autoprotect scanning everything and its cousin, including all files transferred onto the system, executable or not. Office and utility aps constantly adding schedulers, hidden processes or updaters - it has gotten to the point that it has become irritating and obnoxious. I'd love to just be able to protect one rig out the wazoo where I don't have to worry about effects on performance, and use it as a screen for the second rig.

How practical is this? Any thoughts? This is a few weeks away (probably), so I thought this would be a good time to gather some feedback.

[Kraken]

It sounds like a good plan in my uninformed opinion. If the fast machine is mostly isolated from the Internet, it ought to be pretty safe. Paranois would compel me to run a virus scanner on it, though. Maybe Avast.

[Freezer-TPF-]

Personally, I think I would get tired of downloading on the one machine, testing, and transferring to the other machine rather quickly.

I do agree with getting rid of all unnecessary junk and having as clean a machine as possible. The only security stuff I run regularly is Sygate Personal Firewall and Norton Anti-Virus 2002 (with the current signatures). I also try to keep up to date with Windows security updates (manually, no autoupdate), though I am still avoiding SP2 for now. I don't have a router, just a single PC with a cable modem. As far as I know, a router will not stop outbound stuff if something like that does manage to get on your PC.

I don't run any of that active spyware blocking stuff (IMHO they are overkill unless you constantly surf with IE or install a bunch of random software on your PC that may come with hidden baddies), and I only enable the Norton Antivirus auto-protect when I am websurfing, never when installing software or running games, etc. It will still automatically scan my email in OE, etc even with auto-protect enabled. I scan my whole system with Norton every few months or so. I don't automatically schedule anything, except for Norton getting the latest virus defs. I guess I have Adaware and Spybot installed, but I hardly ever run them and when I do they never find anything. I use Firefox as my browser except for the rare page that seems to need IE.

[Blackhawk]

Personally, I think I would get tired of downloading on the one machine, testing, and transferring to the other machine rather quickly.

It isn't all that troublesome - all I would be transferring is movies, which aren't a high virus risk, and demos/patches/mods, which I don't download all that often. I download everything to a shared folder on my desktop anyway, so I can access it directly from both PCs without having to manually move it back and forth.

[Zaxxon]

I think you'd be fine just turning on SP2's firewall and leaving it at that. You won't be running any 'dangerous' Internet-downloaded apps, you won't be surfing, and you won't be perusing email--the three activities that bring you 90% of the malware out there. The other 10% comes from Windows vulnerabilities being exploited remotely, which the router & SP2's firewall should protect you from.

I have an AV program running on my 'power' rig, but that' more out of habit than anything else; I wouldn't be too concerned if I removed it.

[Arcanis]

I agree with Zaxxon your power sys should be safe with just a software firewall and the router if you arn't doing much surfing and the like. though av would be a nice fail safe to have. just turn it off during the day and back on to scan when done with the comper for the night. as for as spyware is concerned i like adaware and spybot search and destroy, both are quite good and free and don't interfere with gameing.

[martindemon]

I had exactly the same idea, I'm almost planning what I'll buy for an "internet" computer. I have a firewall, SP2 firewall, norton anti virus, adaware, spybot, spy sweeper, and I still have malware on my machine, even after I scan all my computer with these tools. I am fed up with them and I think I'll just unplug my main computer from the rooter. Then it will be 100% safe. I think I'll buy me a Shuttle barebone for 2nd computer, or something like that, like a Asus terminator, which is very cheap and works well for the application.

[godhugh]

Setup a Linux box as your firewall. You'll be secure as a bug in a rug.

[martindemon]

A linux box could be a partial solution but, having a 2nd computer, why not making it 100% safe by physically disconnecting the internet? Same hardware, but no hacker can enter my unplugged computer. Perhaps we could combine the solutions and have a linux computer for internet access and a windows computer to work isolated? Sounds tempting. Only problem is half life 2 but I think I,ll sell it anyway. I just can't finish it anyway; I'm bored.

[Blackhawk]

That concept is blocked by the fact that I do occasionally play multiplayer. Not a great deal, but sometimes.

[martindemon]

Then get 2 big computers; one contaminated for multiplayer and internet surfing, and one with the best stuff and totally disconnected
Or just accept the fact that sometimes, you will be internet raped... Like I am right now.