Problems? See this thread at archive.org.
I am posting this guide because i see alot of questions on this site and many other forums regarding Security. I fix and clean Computers as a 2nd job on my own. I have seen pretty much every piece of malware known to man and dealt with it in some way or another. I have manually removed rootkits and what not. with that being Said i have Written a guide here that will do 3 things
This Guide is for XP and Vista
1. Secure your system.
2. not hog up your system resources.
3. Give you Protection against "Zero Day" Attacks.
Step 1: Practicing Principle of Least Privledge
The 1st step to securing your System is not running as an Administrator all the time. Vista by default with User Account Control turn on sort of does this(its a band-aid) You should always create a 2nd account on your PC/Laptop that is a "Limited Account" (Standard Account on Vista)
Why do i need a Standard Account on Vista With User Account Control turned on? Answer: Because i have personally seen and there is Malware out there that can "Simulate" mouse clicks. What stops it from just clikcing Continue? for User Account Control to be effective it needs to require a password, User a standard user account in this scenario helps that, and will require a password instead of just hitting continue. defeating the simulated click attack. The last thing you want is to run a piece of malware with Administrative rights.
On Windows XP a Limited account will be a "huge" piece of armor in your fight against viruses, spyware, and other nasties, just like a Standard Account in vista, a Limited account in XP will not allow programs to write to the Windows or Program Files directory, or add keys to HKey Local Machine, in other words changes will only affect the current user account and not the whole machine(ie everyone) effectively preventing most root kits and other nasties from installing files with a .sys extension(software driver files)
On windows XP if you want to install a program from a Limited Account, simply Right click the File, Select "Run as" select the bottom radio button, select your administrator account and type the password.
2: Install a Light Weight Anti-virus: I recommend AVG as i feel it is the lightest and most reliable. No Av will detect everything, but it doesn't have to. Running as a Standard/Limited user instead of an Administrator or Power User makes up for this, Besides, AVG will run and update fine from a Standard/Limited account. also, it does not consume amny system resources or slow down your machine.
The Anti-Virus is actually only going to play a "Back-up" role. It is essential, but Definitions can't keep up with todays current threats, below is where your "Real" protection will lie.
3. Install HIPS(Host Based Intrusion Prevention System): HIPS is the future. It will be your 1st line of Defense. Its ability to stop threats before any definitions become available for it is invaluable. Vista Users allready have Windows Defender, XP users should download it. ! tweak to Windows Defender will give you Full blown HIPS(Defender's True Strength)
Simply Click Tools, Microsoft Spynet and select the radio button "Join Spynet with an Advanced Membership" This turns on Defender's Full Blown HIPS.
Defender's Spyware Scanning is good enough, but the HIPS is where its true strength lies, and its very good too.
Your 2nd Program will be a tiny little program called WinPatrol you can get it at http://www.winpatrol.com. It is your 2nd HIPS it also has advanced Key logger detection. It will run in the background.
When using HIPS Defender/Winpatrol, if you visit a site and they alert you of Drivers, Services, etc being installed that you did not try to install, you can simply deny it and stop it dead in its tracks, you wouldn't believe how many times these 2 HIPS programs have saved me, Especially WinPatrol.
4.Firewall: Here on vista or XP the Windows Firewall is enough. Some people think outbound protection is necessary, but it is not. Your goal is to keep malware from ever being installed, the programs above accomplish that, there is no need for outbound filtering. all software firewalls like norton, McAfee, etc do is consume unnecessary resources. Windows firewall by default on both XP and Vista will block "All" incoming traffic, nothing will be allowed in unless "you" explicitly allow it. The HIPS programs above will keep anything malicious from dialing out.(Vista also users what Microsoft calls "Windows Hardening Service" to control outbound traffic in certain situations automatically)
5. Enabling DEP(Data Execution Prevention) 90% of all nasties use some sort of "buffer Overflow" attack. What a buffer overflow does is it writes to memory locations reserved for other programs. that is a simple way to sum it up. by default XP and Vista only have DEP enabled for Windows Programs and Services, you need to turn it on for everything
On Vista or XP Right Click My Computer, Select Properties, Click the Advanced Tab, then Click Settings Button then the DEP Tab. Select the Radio button that says "Enable DEP for all Programs and Services except those i select" click apply, click OK, reboot computer for changes to take effect.
Now you are taking Advantage of your Computer's Processor to Protect you. AMD calls it "Advanced Virus Protection" Intel calls it "Execute Disable Bit" When you launch applications, your Processor will now mark areas of memory as "no write" if an application attempts to write to these flaged memory locations, your Processor will "put the hammer down" on it and shut it down before it can do any damage. Vista will tell you if DEP closes something, on XP the symptoms are you launch a program, and it immedialty closes. You cna add Exceptions to the Exceptions tab in the same place you turned on DEP, but remember, if you except an application, you will no longer be protected by your processor when running that app
DEP if enabled would have stoped the sasser and blaster worms dead in their tracks, they never effected any of my unpatched machines due to DEP
6. Installing a Anti-Trojan: This software will be different. It will not run in realtime, it will only be used to to update and scan your machine once a month. A2 free edition is what i reccommend. It is a "dedicated" Anti-trojan. It specilizes in removing trojans. It has over 1 million+ signatures in its database. you can get it here http://www.emsisoft.com/en/software/free/
just update it and scan your system with it once a month. also, you can right click individual files and scan them on demand with it. download an app you never used before? scan it with A2 and see what the results are. A2 will keep backdoors and other things off your system
Conclusion: Following this guide, your computer will now be more secure, run much lighter, consume much less system resources, and just overall run faster and you will have a more secure and enjoyable user experience. the Antivirus i recommend it because i have used it for years, but you can use AntiVir or Avast in place of AVG if you want. but Avast does have problems updating from a Limited Account in Windows XP
happy computing
-
-
Cheers for the guide, Respect +1
-
-
-
OK, it makes me more happy then.
Though, I have my concerns about the effectiveness of McAffee. I am using bitdefender now (i mean, right now i am writing from linux ).
-
-
While it is true that malware exists that can simulate mouse clicks, I think you are missing something. UAC is more that just a popup "click me". UAC basically stops everything and places a "virtual desktop" with a popup requiring you to approve the action that triggered the UAC prompt.
The important points are that nothing has ran at the point where the prompt appears, and the "virtual desktop" (remember the screen dims) prevents an application from performing simulated mouse clicks. Also, if I remember correctly - UAC prompts aren't affected by the "snap to" mouse function, so the mouse pointer does not move to the highlighted prompt button automatically.
From MS - In Windows Vista you will notice that, by default when User Account Control prompts appear, the rest of the screen is darkened. The prompts are being displayed in the Secure Desktop mode. The same mode you see when you log on or press CTL+ALT+DELETE. Displaying User Account Control elevation dialogs on the Secure Desktop helps protect the user from unknowingly allowing a program to run with elevated privileges without their consent. Without this protection, it is much easier to create malware that tricks the user into approving an elevation request prompt that they really wanted to deny. The Secure Desktop helps protect against this because other software running on the machine is blocked from interacting with the user's interface.
Just my .02
-
Sorry Thaansa, It's not my intention to hijack the OP's thread. If you talk to 100 people you will get 100 very different opinions!
Personally, I run the suite version of NOD32 called Eset Smart Security. It is the only security/anti-virus/anti-spyware software on my system. I trust it that much!
I do an huge amount of downloading, uploading, ftp, email, etc and have never had an issue.
If you don't feel comfortable with one program you can install SpywareBlaster and any other programs listed in the original post that you feel comfortable with. I would suggest that if you install anti-spyware/anti-malware/anti-trojan programs that you are careful to only run one in real time. You can have the others as additional scanning tools. I don't care much for Windows Defender. OK, I think it's next to worthless.
1. always keep a backup
2. use firefox or opera
3. use your best judgement when surfing and downloading
4. run a good anti-virus, such as NOD or Kaspersky, that does a good job with spyware.
5. use a firewall
6. don't load up on a bunch of programs that all run at startup.
7. try to live with UAC
8. the best way to stay safe is use the computer between your ears. -
Nice guide.
(constructive criticism)
I feel that it is worth acknowledging AVG, Avast and Avira all as viable choices as a free AV in the guide, because a reader should now all his viable choices rather than being given one which, if he doesn't like it, is forced to look questioningly elsewhere. As far as firewalls, Comodo, Online Armor and Jetico are also worh mentioning specifically so that a reader also has something specific to find. I though Data Execution Prevention was enabled by default, but maybe my memory is bad. As far as HIPS, there is sadly very little in the market that is free, and while you can recommend WinPatrol, Threatifre (which is not truely HIPS) and Windows Defender, I honestly don't have much faith in any of them. Microsoft is really not the company that should be relied on to secure your insecure Microsoft-based laptop, Threatfire is fine in concept but I have had useability issues in current versions that were not there previously (a sign of deterioration?), and i'm not entirely sure how secure WinPatrol actually is. Very few 'serious' security set-ups i've seen are based around WinPatrol.
As a another possible solution for security, virtualization could be used. Sandboxie specifically is an excellent security-based tool that is intended to protect a computer from threats by containing them in a restricted 'sandbox.' In combination with other methods, the odds of a spyware or virus infection of damaging a computer when it is inadvertantly contained in a sandbox is unlikely. -
A Guide to LightWeight Laptop Security
Discussion in 'Security and Anti-Virus Software' started by Woody79_00, Feb 18, 2008.
