exploded99
Well-Known Member
- Joined
- June 20, 2005
- Messages
- 320
- Reaction score
- 0
- City, State
- Denver
- Year, Model & Trim Level
- 99 AWD
Okay, I just finished recovering from a trojan. I spent some time researching ways to improve security while surfing the internet and thought I would share some things I found with everybody -
1. First and foremost.
QUIT USING INTERNET EXPLORER! It is riddled with security problems. Go to http://secunia.com and check out the reported vulnerabilities for Internet Explorer - 5 or 6, whichever you use. There are over 20 unpatched problems. At least one problem is "extremely critical" (they do not use that category lightly!) and means you are VERY vulnerable to attack, and hackers have been aware of it for 6 MONTHS. Don't want to get too detailed here, but IE has "system" level access in XP, which is equivalent (or better) than administrator access. Other browsers run as applications, don't have that access, and are consequently safer.
While you are there, check the security issues for Mozilla Firefox and Opera. Both are quite good, with the latest Opera having only one "low risk" open security issue. Start using either one of these browsers for web surfing.
You can still use IE for accessing windows update. You can set IE to access trusted websites only, and then make sure windows update is the only trusted website.
Another real benefit of both Opera and Firefox is that they are quicker than IE. This speeds up web surfing. A nice little trick with Opera is to set the maximum open connections to a server to 4 if you use dialup access. This usually gets the web page content onto your screen more quickly, as the ads have to wait to download. Many websites like ebay open the maximum number of connections possible to your browser, so you may have 16 or 20 open connections attempting to download content and ads at the same time. No big deal if you have a high speed connection, but for dialup users you should see a real improvement.
For those of you who looked at Opera previously, it is no longer "ad-ware". They changed it to a regular browser at Version 8.5.
2. Look at Sandboxie.
http://www.sandboxie.com. This program will sandbox your browser while surfing the internet. Sandboxing means that a separate area will be created on your harddrive where Sandboxie will execute disk writes. If you happen across a worm / trojan, etc. it will execute in the "sandboxed" region of your harddrive, and NOT be written to your actual windows file system. When you clean out the sandbox, the worm / trojan is eliminated.
If you download a file that you want to keep into the sandbox, Sandboxie has a tool to save it into your regular windows file system.
Note that Sandboxie is still in development. There are some reported issues, but I have been using it for a couple of weeks with XP Pro and Opera to surf the internet and it has performed flawlessly. It sandboxes IE, Opera, and Mozilla automatically. It also works with Outlook Express so you can sandbox any malicious attachments in your emails that try to execute. Other mail programs are not yet automatically supported.
Contribute to the developer if you like/use the product.
3. If you are not impressed with Sandboxie, consider Prevx1.
This is a commercial product, last I looked it was on "special" for 15 bucks for a one year license. It stops unknown programs from executing, and asks your permission to execute them. You have a choice of executing them in a protected area somewhat like Sandboxie. Free trial period.
4. If you are using XP Pro, visit the NIST government website.
(http://csrc.nist.gov/itsec/guidance_WinXP.html) and download their XP security guide and security scripts (Sorry, won't work on XP Home). These scripts set up a local security policy on your computer, and tighten and enhance many registry settings involving security, as well as adding several new registry settings. This was just issued in NOV 2005, so it is Service Pack 2 aware. XP Home users might download it and read the security guide - it may teach you some things. The price is FREE.
NSA also has a guide and security scripts, but theirs has not been updated for XP SP2.
There are several NIST scripts that set levels of security based on your need to access networks with your computer and your need to run older aps that "break" when attempting to run them in XP native 32 bit modes. If you do not network your PC, but run as a standalone, try the highest level security script. I have had no problems since installing it.
5. Firewalls
For those of you that have kids, there is a free version of Netveda firewall at www.netveda.com. This firewall can be configured to limit access to websites by each user, it can use lists of kid approved websites from several organizations limiting access to those sites, strip out objectionable words and phrases, and limit times users can access the internet. It will take a little learning to set up, but what firewall doesn't?. After you set it up for each user, log on as that child and try to do prohibited things. This should confirm your setup.
Tech support is supposed to be good if you buy the licensed version and need help. $39.95 per year.
6. VPN's
For those of you that want to use VPN's to connect to other users, there is a new product available at www.hamachi.cc. Hamachi is free right now at version .9.9.9. It is considered VERY secure by Gibson at www.grc.com - the shields up website. He discusses it there. It can be used to set up private gaming networks, and there are already some networks set up on Hamachi's website. It works on macs as well as windows. I think there is a linux version, not sure on that.
7. Backups.
No one likes to do them, but if you get hit by a virus or your laptop gets stolen, they are a lifesaver.
So, check out Image for Windows at http://www.terabyteunlimited.com. It creates an exact "image" of your system drive ( or any other drive on your p.c.). If you get hacked, or your hard drive dies, you stick your image disks in the dvd drive, and the program will automatically restore your hard drive to your last backup. No reinstalling windows and all your apps - security settings, users, everything is just as it was. This program is "lite" - it does not require many computer resources, is easy to use to create a backup to dvd, and is quite robust. It supports usb as well as firewire.
$27.00 bucks!
I used to use DriveImage by Powerquest (they were good) but Norton bought them, and the Norton tech support stinks. Image has been very reliable and easy to use while rebuilding my P.C.
What's a Rootkit?
Using items 1 and 2 (or 1 and 3) will significantly reduce your open "attack surface" on the net. If you haven't heard about rootkits, do a little research on the net - it may convince you to make some of these changes. They are the latest "virus", and if you get one you will probably end up reinstalling XP on a clean harddrive. If a rootkit installs on your PC, the hacker owns your machine. He can hide anything from you, even if you are an admin on your system. He can access any file on your PC, you will never know. There currently is no 100% protection against a rootkit, but these changes should help you reduce your risk quite a bit.
Sorry for the long post, but I think some of you will get some help from this!
1. First and foremost.
QUIT USING INTERNET EXPLORER! It is riddled with security problems. Go to http://secunia.com and check out the reported vulnerabilities for Internet Explorer - 5 or 6, whichever you use. There are over 20 unpatched problems. At least one problem is "extremely critical" (they do not use that category lightly!) and means you are VERY vulnerable to attack, and hackers have been aware of it for 6 MONTHS. Don't want to get too detailed here, but IE has "system" level access in XP, which is equivalent (or better) than administrator access. Other browsers run as applications, don't have that access, and are consequently safer.
While you are there, check the security issues for Mozilla Firefox and Opera. Both are quite good, with the latest Opera having only one "low risk" open security issue. Start using either one of these browsers for web surfing.
You can still use IE for accessing windows update. You can set IE to access trusted websites only, and then make sure windows update is the only trusted website.
Another real benefit of both Opera and Firefox is that they are quicker than IE. This speeds up web surfing. A nice little trick with Opera is to set the maximum open connections to a server to 4 if you use dialup access. This usually gets the web page content onto your screen more quickly, as the ads have to wait to download. Many websites like ebay open the maximum number of connections possible to your browser, so you may have 16 or 20 open connections attempting to download content and ads at the same time. No big deal if you have a high speed connection, but for dialup users you should see a real improvement.
For those of you who looked at Opera previously, it is no longer "ad-ware". They changed it to a regular browser at Version 8.5.
2. Look at Sandboxie.
http://www.sandboxie.com. This program will sandbox your browser while surfing the internet. Sandboxing means that a separate area will be created on your harddrive where Sandboxie will execute disk writes. If you happen across a worm / trojan, etc. it will execute in the "sandboxed" region of your harddrive, and NOT be written to your actual windows file system. When you clean out the sandbox, the worm / trojan is eliminated.
If you download a file that you want to keep into the sandbox, Sandboxie has a tool to save it into your regular windows file system.
Note that Sandboxie is still in development. There are some reported issues, but I have been using it for a couple of weeks with XP Pro and Opera to surf the internet and it has performed flawlessly. It sandboxes IE, Opera, and Mozilla automatically. It also works with Outlook Express so you can sandbox any malicious attachments in your emails that try to execute. Other mail programs are not yet automatically supported.
Contribute to the developer if you like/use the product.
3. If you are not impressed with Sandboxie, consider Prevx1.
This is a commercial product, last I looked it was on "special" for 15 bucks for a one year license. It stops unknown programs from executing, and asks your permission to execute them. You have a choice of executing them in a protected area somewhat like Sandboxie. Free trial period.
4. If you are using XP Pro, visit the NIST government website.
(http://csrc.nist.gov/itsec/guidance_WinXP.html) and download their XP security guide and security scripts (Sorry, won't work on XP Home). These scripts set up a local security policy on your computer, and tighten and enhance many registry settings involving security, as well as adding several new registry settings. This was just issued in NOV 2005, so it is Service Pack 2 aware. XP Home users might download it and read the security guide - it may teach you some things. The price is FREE.
NSA also has a guide and security scripts, but theirs has not been updated for XP SP2.
There are several NIST scripts that set levels of security based on your need to access networks with your computer and your need to run older aps that "break" when attempting to run them in XP native 32 bit modes. If you do not network your PC, but run as a standalone, try the highest level security script. I have had no problems since installing it.
5. Firewalls
For those of you that have kids, there is a free version of Netveda firewall at www.netveda.com. This firewall can be configured to limit access to websites by each user, it can use lists of kid approved websites from several organizations limiting access to those sites, strip out objectionable words and phrases, and limit times users can access the internet. It will take a little learning to set up, but what firewall doesn't?. After you set it up for each user, log on as that child and try to do prohibited things. This should confirm your setup.
Tech support is supposed to be good if you buy the licensed version and need help. $39.95 per year.
6. VPN's
For those of you that want to use VPN's to connect to other users, there is a new product available at www.hamachi.cc. Hamachi is free right now at version .9.9.9. It is considered VERY secure by Gibson at www.grc.com - the shields up website. He discusses it there. It can be used to set up private gaming networks, and there are already some networks set up on Hamachi's website. It works on macs as well as windows. I think there is a linux version, not sure on that.
7. Backups.
No one likes to do them, but if you get hit by a virus or your laptop gets stolen, they are a lifesaver.
So, check out Image for Windows at http://www.terabyteunlimited.com. It creates an exact "image" of your system drive ( or any other drive on your p.c.). If you get hacked, or your hard drive dies, you stick your image disks in the dvd drive, and the program will automatically restore your hard drive to your last backup. No reinstalling windows and all your apps - security settings, users, everything is just as it was. This program is "lite" - it does not require many computer resources, is easy to use to create a backup to dvd, and is quite robust. It supports usb as well as firewire.
$27.00 bucks!
I used to use DriveImage by Powerquest (they were good) but Norton bought them, and the Norton tech support stinks. Image has been very reliable and easy to use while rebuilding my P.C.
What's a Rootkit?
Using items 1 and 2 (or 1 and 3) will significantly reduce your open "attack surface" on the net. If you haven't heard about rootkits, do a little research on the net - it may convince you to make some of these changes. They are the latest "virus", and if you get one you will probably end up reinstalling XP on a clean harddrive. If a rootkit installs on your PC, the hacker owns your machine. He can hide anything from you, even if you are an admin on your system. He can access any file on your PC, you will never know. There currently is no 100% protection against a rootkit, but these changes should help you reduce your risk quite a bit.
Sorry for the long post, but I think some of you will get some help from this!
