Some Security Ideas | Ford Explorer - Ford Ranger Forums - Serious Explorations

  • Register Today It's free! This box and some ads will disappear once registered!

Some Security Ideas

exploded99

Well-Known Member
Joined
June 20, 2005
Messages
320
Reaction score
0
City, State
Denver
Year, Model & Trim Level
99 AWD
Okay, I just finished recovering from a trojan. I spent some time researching ways to improve security while surfing the internet and thought I would share some things I found with everybody -

1. First and foremost.

QUIT USING INTERNET EXPLORER! It is riddled with security problems. Go to http://secunia.com and check out the reported vulnerabilities for Internet Explorer - 5 or 6, whichever you use. There are over 20 unpatched problems. At least one problem is "extremely critical" (they do not use that category lightly!) and means you are VERY vulnerable to attack, and hackers have been aware of it for 6 MONTHS. Don't want to get too detailed here, but IE has "system" level access in XP, which is equivalent (or better) than administrator access. Other browsers run as applications, don't have that access, and are consequently safer.

While you are there, check the security issues for Mozilla Firefox and Opera. Both are quite good, with the latest Opera having only one "low risk" open security issue. Start using either one of these browsers for web surfing.

You can still use IE for accessing windows update. You can set IE to access trusted websites only, and then make sure windows update is the only trusted website.

Another real benefit of both Opera and Firefox is that they are quicker than IE. This speeds up web surfing. A nice little trick with Opera is to set the maximum open connections to a server to 4 if you use dialup access. This usually gets the web page content onto your screen more quickly, as the ads have to wait to download. Many websites like ebay open the maximum number of connections possible to your browser, so you may have 16 or 20 open connections attempting to download content and ads at the same time. No big deal if you have a high speed connection, but for dialup users you should see a real improvement.

For those of you who looked at Opera previously, it is no longer "ad-ware". They changed it to a regular browser at Version 8.5.


2. Look at Sandboxie.

http://www.sandboxie.com. This program will sandbox your browser while surfing the internet. Sandboxing means that a separate area will be created on your harddrive where Sandboxie will execute disk writes. If you happen across a worm / trojan, etc. it will execute in the "sandboxed" region of your harddrive, and NOT be written to your actual windows file system. When you clean out the sandbox, the worm / trojan is eliminated.

If you download a file that you want to keep into the sandbox, Sandboxie has a tool to save it into your regular windows file system.

Note that Sandboxie is still in development. There are some reported issues, but I have been using it for a couple of weeks with XP Pro and Opera to surf the internet and it has performed flawlessly. It sandboxes IE, Opera, and Mozilla automatically. It also works with Outlook Express so you can sandbox any malicious attachments in your emails that try to execute. Other mail programs are not yet automatically supported.

Contribute to the developer if you like/use the product.


3. If you are not impressed with Sandboxie, consider Prevx1.

This is a commercial product, last I looked it was on "special" for 15 bucks for a one year license. It stops unknown programs from executing, and asks your permission to execute them. You have a choice of executing them in a protected area somewhat like Sandboxie. Free trial period.


4. If you are using XP Pro, visit the NIST government website.

(http://csrc.nist.gov/itsec/guidance_WinXP.html) and download their XP security guide and security scripts (Sorry, won't work on XP Home). These scripts set up a local security policy on your computer, and tighten and enhance many registry settings involving security, as well as adding several new registry settings. This was just issued in NOV 2005, so it is Service Pack 2 aware. XP Home users might download it and read the security guide - it may teach you some things. The price is FREE.

NSA also has a guide and security scripts, but theirs has not been updated for XP SP2.

There are several NIST scripts that set levels of security based on your need to access networks with your computer and your need to run older aps that "break" when attempting to run them in XP native 32 bit modes. If you do not network your PC, but run as a standalone, try the highest level security script. I have had no problems since installing it.


5. Firewalls

For those of you that have kids, there is a free version of Netveda firewall at www.netveda.com. This firewall can be configured to limit access to websites by each user, it can use lists of kid approved websites from several organizations limiting access to those sites, strip out objectionable words and phrases, and limit times users can access the internet. It will take a little learning to set up, but what firewall doesn't?. After you set it up for each user, log on as that child and try to do prohibited things. This should confirm your setup.

Tech support is supposed to be good if you buy the licensed version and need help. $39.95 per year.

6. VPN's

For those of you that want to use VPN's to connect to other users, there is a new product available at www.hamachi.cc. Hamachi is free right now at version .9.9.9. It is considered VERY secure by Gibson at www.grc.com - the shields up website. He discusses it there. It can be used to set up private gaming networks, and there are already some networks set up on Hamachi's website. It works on macs as well as windows. I think there is a linux version, not sure on that.

7. Backups.

No one likes to do them, but if you get hit by a virus or your laptop gets stolen, they are a lifesaver.

So, check out Image for Windows at http://www.terabyteunlimited.com. It creates an exact "image" of your system drive ( or any other drive on your p.c.). If you get hacked, or your hard drive dies, you stick your image disks in the dvd drive, and the program will automatically restore your hard drive to your last backup. No reinstalling windows and all your apps - security settings, users, everything is just as it was. This program is "lite" - it does not require many computer resources, is easy to use to create a backup to dvd, and is quite robust. It supports usb as well as firewire.

$27.00 bucks!

I used to use DriveImage by Powerquest (they were good) but Norton bought them, and the Norton tech support stinks. Image has been very reliable and easy to use while rebuilding my P.C.

What's a Rootkit?

Using items 1 and 2 (or 1 and 3) will significantly reduce your open "attack surface" on the net. If you haven't heard about rootkits, do a little research on the net - it may convince you to make some of these changes. They are the latest "virus", and if you get one you will probably end up reinstalling XP on a clean harddrive. If a rootkit installs on your PC, the hacker owns your machine. He can hide anything from you, even if you are an admin on your system. He can access any file on your PC, you will never know. There currently is no 100% protection against a rootkit, but these changes should help you reduce your risk quite a bit.



Sorry for the long post, but I think some of you will get some help from this! :D
 
<

Join the Elite Explorers $20 Gets rid of the ads!

Elite Explorer members see no advertisements, no banner ads, no double underlined links, can add their own profile photo, upload photo attachments in all forums, and Media Gallery, create and save more private conversations, and more. Join Today. Your support is greatly appreciated.




Rick

Pumpkin Pilot
Staff member
Admin
Elite Explorer
Joined
February 8, 1999
Messages
33,368
Reaction score
1,735
City, State
Wayoutin, Aridzona
Year, Model & Trim Level
'93 XL Pumpkin Edition
Callsign
AB7FH
Thanks for a very informative post. I have never been an IE, or an Outlook user. I used to use Netscape and now I use Firefox. For email I've always used Eudora.
 
<



exploded99

Well-Known Member
Joined
June 20, 2005
Messages
320
Reaction score
0
City, State
Denver
Year, Model & Trim Level
99 AWD
Goof on Hamachi. Linux is available, OS/X is "experimental".Try out Hamachi if you VPN - it is good stuff. There will be a "premium" pay service of course. I think the guy that wrote it will be rich before long.

Thanks Rick, I think IE is now under 70% of the market. I'm glad to be using something else.
 
<



Howard

Moderator Elite Explorer
Staff member
Moderator
Elite Explorer
Joined
May 17, 2002
Messages
4,184
Reaction score
4
City, State
Milton Keynes
Year, Model & Trim Level
1998 SOHC UK SPEC
Some good tips. :thumbsup:

I have to say that I have used IE since the early days and , while it is nowhere near perfect, I have never had any trouble with either viruses or trojans. I have collected the odd ad-ware/spyware item but these have been quickly dealt with by using Spybot search and destroy in combination with Ad-Aware.

There are some other "common sense" things you can do. Always use a limited account to operate you pc and not one with administrator rights. Do not download anything that you are not 100% sure of the source. Run a good anti-virus program and check your whole disk regularly. Partition your disk (or have more than one disk) and set it up so that your document folder is on the second disk/partition. That way if you have to re-install you can format the 'C' drive without loosing anything. Most importantly though is backups. If you don't do them be prepared to loose all your data.

I run my machine 24/7 and have automated scans to run every night. Anti-virus and anti-spyware/ad-aware are set to auto up date every 2 hours.



Finally the old adage is true. If something is free then beware of the added content.
 
<



Rhett

Let Them Eat Cake
Elite Explorer
Joined
May 13, 2000
Messages
4,662
Reaction score
97
City, State
Cape Girardeau, MO
Year, Model & Trim Level
94 Sport 4x4
Something I read about the other day was that it's advisable to install your OS on the second partition (D: drive for most people). The idea is that this provides another layer of protection against trojans, worms, etc. that expect the OS to be on the C: drive.

I have never tried this in practice. The theory was, if you partition a small c: drive, say, a couple of gigs, your d: partition will still be on the fast part of the hard drive, AND you'll have that extra hacker protection. I don't know if this idea is a worthwhile one or not.
 
<



exploded99

Well-Known Member
Joined
June 20, 2005
Messages
320
Reaction score
0
City, State
Denver
Year, Model & Trim Level
99 AWD
Howards got some good tips there. Running on a limited permission account is important.

Setting up the system on d: will foil some exploits if all other defenses fail - It used to cause some problems with programs that expected to be installed on the c: drive, but I think those days are pretty well over.

Once you have a good firewall, the next biggest security holes are your browser and email programs - there are so many ways to get executables onto your system using this route.

Sandboxie and Prevx are "preventative" measures that stop these exploits by catching them before they can execute to your file system. With one of these installed, you should not get to the point where you would have to rely on having the system on drive d:. No reason not to do that however, if you are doing a new system install.
 
<



Rhett

Let Them Eat Cake
Elite Explorer
Joined
May 13, 2000
Messages
4,662
Reaction score
97
City, State
Cape Girardeau, MO
Year, Model & Trim Level
94 Sport 4x4
exploded99 said:
Howards got some good tips there. Running on a limited permission account is important.

Doesn't this cause problems when installing some programs that require the installer to have administrator rights? Or could you install with an admin account but yet still use the program as non-admin?

exploded99 said:
Setting up the system on d: will foil some exploits if all other defenses fail - It used to cause some problems with programs that expected to be installed on the c: drive, but I think those days are pretty well over.

Yes, the thing I was reading about that said that it would only stop the "CRUDEST" of attacks. Many newer virus/worms/troj's are intelligent enough to find the OS or target file(s) irregardless of where it's installed.

exploded99 said:
With one of these installed, you should not get to the point where you would have to rely on having the system on drive d:. No reason not to do that however, if you are doing a new system install.

I'll probably do it that way just for the heck of it. :D The C: drive I will make a small FAT32 partition just in case I want to drop linux or something on it, and just in case I have a CSF (catastrophic system failure!!) and have problems using the CD to re-do the OS to where I can access the hard drive.

Now the only question is if I should buy a WD Raptor 10000 rpm drive as the boot/OS drive, or just stick with a single slower 7200 rpm drive. I'm tempted...
 
<



Howard

Moderator Elite Explorer
Staff member
Moderator
Elite Explorer
Joined
May 17, 2002
Messages
4,184
Reaction score
4
City, State
Milton Keynes
Year, Model & Trim Level
1998 SOHC UK SPEC
Rhett said:
Doesn't this cause problems when installing some programs that require the installer to have administrator rights? Or could you install with an admin account but yet still use the program as non-admin?

As you sumised the program is installed with an admin account and then go back to the limited one. If the program refuses to run you can set it up to run using an admin account.

How to Use the RUN AS Command to Start a Program as an Administrator
As an administrator, you can use the run as command to start a program. To do so:
1. Locate the program you want to start in Windows Explorer, the Microsoft Management Console (MMC), or Control Panel.
2. Press and hold down the SHIFT key while you right-click the program icon, and then click Run as.
3. Click Run the program as the following user, and then type the user name, password, and domain of the administrator account that you want to use.
 
<



Top