C&I security FAQ
Thread Starter
Join Date: Sep 2002
Location: Chichester, UK
Posts: 1,650
Likes: 0
Received 0 Likes
on
0 Posts
C&I security FAQ
Folks, I'm going to put together a brief guide to a secure computer to go as a sticky at the top (will bump off Secure XP and Guide to Spyware etc., both of which are linked). First draft below - comments, hardware/software recommendations, additions, links to old but useful threads etc. welcome.
I want to keep it simple enough that a total novice can follow it without problems, so no tweaking services, registry stuff or anything like that.
Update your operating system
Many of the recent outbreaks of viruses, worms and trojans have exploited holes in Windows that are already known and have been fixed by Microsoft. Windows includes a tool, "Windows Update" to download an install these fixes as they become available. Instructions for using it are here.
Instructions for creating a CD to protect a fresh Windows XP installation can be found in the Secure Windows XP Install thread.
Keeping up to date also applies if you are running Linux or Mac OS - both provide similar tools to Windows Update.
Run a firewall
A firewall is a piece of software that monitors all incoming network traffic and allows in only the connections that are known and trusted. All operating systems have security flaws, some known, some yet to be discovered, and firewall software controls access to the network services you need open and closes off those you don't, so even if the operating system is flawed the vulnerabilities cannot be accessed from the Internet. They also makes your computer "invisible" on the Internet; if you can't be found, you can't be attacked.
For professional security, the rule is you never connect a computer directly to an untrusted network, irrespective of the operating system it is running. Dedicated firewall hardware sits between the computer and the internet. For home use a software firewall is adequate. Zone Alarm is simple to use, and is free for personal use.
Software firewalls are not perfect - the W32.Witty.Worm spread via a flaw in the BlackICE software firewall - but are far better than nothing. However, for home broadband connections, you might still consider a hardware firewall.
Spyware
Spyware is sofware that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. The information collected varies, and the software may degrade performance of your computer.
See the Guide for Eliminating Spyware, Adware, and Random Popups .
Run anti-virus software
Two golden rules here - run anti-virus software, and keep it up to date. Old software is worse than useless, it makes you think you're protected without offering useful protection.
{recommendations for specific products?}
Trend Micro offer a free online virus scan. McAfee also offer one. These should be your first check if you think you have a virus.
I want to keep it simple enough that a total novice can follow it without problems, so no tweaking services, registry stuff or anything like that.
Update your operating system
Many of the recent outbreaks of viruses, worms and trojans have exploited holes in Windows that are already known and have been fixed by Microsoft. Windows includes a tool, "Windows Update" to download an install these fixes as they become available. Instructions for using it are here.
Instructions for creating a CD to protect a fresh Windows XP installation can be found in the Secure Windows XP Install thread.
Keeping up to date also applies if you are running Linux or Mac OS - both provide similar tools to Windows Update.
Run a firewall
A firewall is a piece of software that monitors all incoming network traffic and allows in only the connections that are known and trusted. All operating systems have security flaws, some known, some yet to be discovered, and firewall software controls access to the network services you need open and closes off those you don't, so even if the operating system is flawed the vulnerabilities cannot be accessed from the Internet. They also makes your computer "invisible" on the Internet; if you can't be found, you can't be attacked.
For professional security, the rule is you never connect a computer directly to an untrusted network, irrespective of the operating system it is running. Dedicated firewall hardware sits between the computer and the internet. For home use a software firewall is adequate. Zone Alarm is simple to use, and is free for personal use.
Software firewalls are not perfect - the W32.Witty.Worm spread via a flaw in the BlackICE software firewall - but are far better than nothing. However, for home broadband connections, you might still consider a hardware firewall.
Spyware
Spyware is sofware that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties. The information collected varies, and the software may degrade performance of your computer.
See the Guide for Eliminating Spyware, Adware, and Random Popups .
Run anti-virus software
Two golden rules here - run anti-virus software, and keep it up to date. Old software is worse than useless, it makes you think you're protected without offering useful protection.
{recommendations for specific products?}
Trend Micro offer a free online virus scan. McAfee also offer one. These should be your first check if you think you have a virus.
Join Date: May 2004
Location: Shrewsbury, UK
Posts: 18
Likes: 0
Received 0 Likes
on
0 Posts
Can I suggest two tools at grc.com?
Firstly, the famous Shields Up! to check if your firewall is working
Secondly, some very useful (and free) tools are here. I would suggest
they are all small and quick, and don't disable anything important. Your firewall should guard them all anyway, but better safe.
As for anti-virus, I like PC-cillin Internet Security.
Will
Firstly, the famous Shields Up! to check if your firewall is working
Secondly, some very useful (and free) tools are here. I would suggest
- Shoot The Messenger
- UnPlug n' Pray
- DCOMbobulator
they are all small and quick, and don't disable anything important. Your firewall should guard them all anyway, but better safe.
As for anti-virus, I like PC-cillin Internet Security.
Will
Join Date: Mar 2003
Location: Canada
Age: 42
Posts: 54
Likes: 0
Received 0 Likes
on
0 Posts
Anti-Virus -- Panda Anti-Virus or BitDefender
Panda Titanium is not free, but worth every penny. It includes an awesome firewall and anti-spyware software.
Spyware --
Ad-Aware AND ALSO USE
Spy Bot 'Search & Destroy'
Using this combination guarantees you excellent spyware malware protection.
P2P Protection --
If you use Peer-to-Peer programs, you MUST protect yourself from the nosy folks at the RIAA, MPAA, and their subcontractors.
Peer Guardian - Simple Use Program
ProtoWall Advanced Program, with greater protection.
Thats what I have to offer
-Chris
http://www.jetthrust.com
- The Aviation Network
Panda Titanium is not free, but worth every penny. It includes an awesome firewall and anti-spyware software.
Spyware --
Ad-Aware AND ALSO USE
Spy Bot 'Search & Destroy'
Using this combination guarantees you excellent spyware malware protection.
P2P Protection --
If you use Peer-to-Peer programs, you MUST protect yourself from the nosy folks at the RIAA, MPAA, and their subcontractors.
Peer Guardian - Simple Use Program
ProtoWall Advanced Program, with greater protection.
Thats what I have to offer
-Chris
http://www.jetthrust.com
- The Aviation Network
Join Date: Jul 2002
Location: Northampton UK
Posts: 537
Likes: 0
Received 0 Likes
on
0 Posts
Guest
Posts: n/a
Hardware and software firewalls aim to stop malicious software (and other attacks) coming in; AV software aims to prevent it, as far as possible, from taking up residence; there are various products, too well-known here for me to mention, which can be used to detect spyware/adware; software firewalls also aim to detect malicious software by detecting any network activity (e.g. unexpected outgoing traffic) it may perform. The only thing (only thing? ) missing from the puzzle is host-based intrusion detection, which aims to prevent and detect any activity by malicious software on the host, viz. inappropriate file and registry activity.
It may be worth taking a look at Prevx , which is free for private use and quite effective - the only problem area for my money being the false positives if you leave it running while installing software.
It may be worth taking a look at Prevx , which is free for private use and quite effective - the only problem area for my money being the false positives if you leave it running while installing software.
Kaffir Lime Leaf Junkie
Join Date: Sep 2002
Location: on the edge of a mountain
Posts: 102
Likes: 0
Received 0 Likes
on
0 Posts
Tuba Mirum ,
Re Prevex, I installed it and my PC speed reduced drastically. Maybe due to Prevex or maybe an overload of defence softwares.
With Windows XP fam. I have a router (with firewall) run AdAware, SyyBot, AVG Antivirus, Norton AntiVirus and a ZoneLabs firewall. I guess that all added together makes the PC work a bit too hard.
Disabeled Prevex and I'm (nearly) back to normal.
Re Prevex, I installed it and my PC speed reduced drastically. Maybe due to Prevex or maybe an overload of defence softwares.
With Windows XP fam. I have a router (with firewall) run AdAware, SyyBot, AVG Antivirus, Norton AntiVirus and a ZoneLabs firewall. I guess that all added together makes the PC work a bit too hard.
Disabeled Prevex and I'm (nearly) back to normal.
Guest
Posts: n/a
IFTB, there's bound to be an overhead with any software that monitors activity in real time, but I must say I haven't had the sort of problems that you've experienced. I'll have a look at my setup at home and see whether I can make it cause that kind of slowdown for me.
Couldn't just be a memory problem, could it? How much memory do you have on your XP system? (I have 256MB.)
Cheers
Couldn't just be a memory problem, could it? How much memory do you have on your XP system? (I have 256MB.)
Cheers
Join Date: Jan 2002
Location: UK
Posts: 369
Likes: 0
Received 0 Likes
on
0 Posts
There is another important thing you can do to help secure any Windows 2K and above system and that is to run as a least privilaged user for as much as possible. This means that if anything nasty can get through the damage it can do is limited.
Software is getting better and it is becomming increasingly possible to run alot of software using an account with reduced privilages. I believe the new Microsoft OS due out early next year will encourage running with least privilage, I know the linux community recommends that you dont log on to the root account unless you are needing to do administrative tasks.
If there are any software developers reading this make sure that your software can run under accounts with restricted privilages.
Software is getting better and it is becomming increasingly possible to run alot of software using an account with reduced privilages. I believe the new Microsoft OS due out early next year will encourage running with least privilage, I know the linux community recommends that you dont log on to the root account unless you are needing to do administrative tasks.
If there are any software developers reading this make sure that your software can run under accounts with restricted privilages.