MVP-HELP for Windows

...where you can have fun AND be secure

Blog

Windows Security Checklist - Part 8: IM Insecure

Posted on July 8, 2011 at 4:02 PM

by Larry Stevenson, aka Prince_Serendip, (former) CastleCops Staff Writer

Revised and republished: June 8, 2011

-

This article was first published on January 16, 2005. It's been six years, and not that much has changed in the instant messaging game. It's still insecure, and many of the tips and techniques provided then are just as useful now.

-

IM Insecure

-

Instant messaging allows you to know when your friends are online and send them messages in real-time. It's a great way to keep in touch with friends, family and business associates. It's is one of the fastest-growing and largest segments on the Internet. Instant messaging, or just IM, makes it easy and fun to keep in touch. As with any other activity on the Internet, pitfalls and dangers await the unwary. How can you use Instant Messages while still maintaining your privacy and security?

-

IM Threatened

-

Instant messenger server networks provide the ability to transfer text, voice, video messages and files. Thus, instant messages can transfer worms, viruses, trojans and spyware, otherwise known collectively as malware. IM's can also provide an access point for backdoor trojan horses. Cyber-criminals can use IMs to gain backdoor access to computers without opening a listening port, effectively bypassing the firewall. Finding victims does not require scanning unknown IP addresses, but by simply selecting from an updated directory of Buddy Lists. In addition to file transfers, all the major instant messenger networks support peer-to-peer (P2P) file sharing where one can share a directory or an entire drive. This means that all the files on a computer can be shared using the IM application, thus leading to the spread of files that are infected with malware. This also makes information being shared by IMs available for unauthorized viewing.

-

IM Wormy

-

Worms not only travel by email but also through instant messages. These threats can be dealt with by effective gateway (firewall) monitoring and by installing desktop antivirus protection. Be sure that the antivirus is set to maximum protection, and use the heuristics if you use Instant Messengers.

-

The way in which these worms replicate varies. Some of the worms spread by both email and instant messaging. Others spread only via IM. As more IM users become aware of the threats and how to prevent them, the success of these worms can be significantly reduced.

-

IM Backdoor Trojans

-

One can share every file on another computer using an instant messenger. All the popular instant messengers have file sharing capabilities or the ability to add how to do that by applying patches or plug-ins. As the instant messaging applications allow peer-to-peer file sharing, a trojan horse can configure the instant messaging application to share all files on the system with full access to everyone, and in this way gain backdoor access to the computer. The benefit for a cyber-criminal using an instant messenger to access files on a remote computer instead of installing a backdoor trojan horse is that even if the computer is using a dynamic IP address, the login name will probably never change. The cyber-criminal will also get a notification each time the victim computer is on-line. Keeping track of and accessing infected computers is very easy for the cyber-criminals. They do not need to open new suspicious ports for communication, but can use already open instant messaging ports.

-

Trojan horse programs exist that target instant messaging. Some modify configuration settings so file sharing is enabled for the entire hard drive. These types of trojans pose a large threat, as they allow anyone full file access to the computer. Trojans need you to install them, by clicking on a link, or downloading and installing something right away. Viruses and worms don't need you to infect your machine.

-

Classic backdoor trojan horses can use instant messengers to send messages to the author of the trojan, giving the cyber-criminal information about the infected computer. The cyber-criminal can harvest system information, cached passwords, and the IP address of the infected computer. In addition, the cyber-criminal can send messages to the infected computer via IM instructing it to perform some unauthorized action.

-

Backdoor trojan horses that allow access to the computer by using instant messenger applications may be harder to prevent than classic backdoor trojans. Classic backdoor trojans open an outgoing listening port on the computer, forming a connection with a remote machine. This can be blocked by a desktop firewall. If the trojan operates via the instant messaging application, it does not open a new port. The users have already created an "allow rule" in their desktop firewall products for instant messaging traffic to be outbound from their machines, thereby allowing the backdoor trojan horses using the same channels to go unblocked. The number of backdoor trojan horses using instant messengers is increasing steadily.

-

IM Hijackings and Impersonations

-

Cyber-criminals can impersonate other users in many different ways. The most frequently used attack is simply stealing the account information of an unsuspecting user.

-

To get the account information of a user, the cyber-criminal can use a password-stealing trojan horse. If the password for the instant messaging application is saved on the computer, the attacker could send a trojan to an unsuspecting user. When executed, the trojan would find the password for the IM account used by the victim and send it back to the cyber-criminal. The means for sending back the information varies. They include using the instant messenger itself, IRC, and email.

-

Since most of the major instant messaging protocols don't encrypt their network traffic, attackers can hijack connections via middleman attacks. By inserting messages into an ongoing chat-session, a cyber-criminal can impersonate one of the chatting parties.

-

Though more difficult, one can also hijack the entire connection by using a middleman attack. For example, a disconnect message, which appears to come from the server, can be sent to the victim from the cyber-criminal. This will cause the application to disconnect. The cyber-criminal can also use a simple denial of service exploit to keep the application disconnected.

-

Since the server keeps the connection open and does not know that the application has been disconnected, the cyber-criminal can then impersonate the victim.

-

IM Encrypted

-

Stolen account information for any instant messenger can obviously be very damaging. Because the cyber-criminals can use this information to disguise themselves as trusted users, the people on the victims Buddy Lists will trust the cyber-criminals and may share confidential information or execute malicious files. Losing a password for an instant messenger account can be dangerous for more people than just the user who lost it.

-

To mitigate against these kinds of problems you can share encrypted instant messages using products such as Trillian, IMsecure by ZoneLabs, Meebo, and Pidgin. All have/are freeware versions.

-

IM In-Denial

-

Instant messaging can make a computer vulnerable to denial of service (DoS) attacks. These attacks may have different end results: some DoS attacks make the instant messenger application crash, others will make it hang, and consume a large amount of CPU resources, causing the entire computer to become unstable.

-

Cyber-criminals have many ways to cause a denial of service on an instant messenger program. One common type of attack is flooding a particular user with a large number of messages. The popular instant messaging applications contain protection against flood-attacks by allowing the victim to ignore certain users. However, there are many tools that allow the cyber-criminal to use many accounts simultaneously, or to automatically create a large number of accounts to accomplish the flood-attack. Adding to this is the fact that once the flood-attack has started, and the victim realizes what has happened, the computer may become unresponsive. Putting the attacking user accounts on the ignore list of the IM program may be very difficult.

-

Even though denial of service attacks are more of an annoyance than they are dangerous, they can be used in combination with other attacks, such as the hijacking of a connection.

-

IM Not Keeping Secrets

-

Information disclosure could occur without the use of a trojan horse. When the data that is being transmitted over the instant messaging network is not encrypted, a network sniffer, which can sniff data on most types of networks, can be used to capture the instant messaging traffic. By using a sniffer, a cyber-criminal could sniff the packets from an entire IM chat session. This can be very dangerous, as they may gain access to privileged information. This is particularly perilous in the corporate environment, in which proprietary or other confidential information may be transmitted along the IM network.

-

IM Keeping Secrets

-

Most instant messaging applications allow all communications to be saved in log-files. Even though this is a feature that is often requested and required by businesses, it can be very dangerous to keep logs, as the logs may include sensitive data. This was made evident in a case where a cyber-criminal stole logs from an IM application belonging to the CEO for a company. The cyber-criminal posted the logs to several places on the Web, creating one of the worst possible corporate nightmares. The logs included sensitive company data regarding business partners, employees and affiliate websites. After the posting of the logs, several members of their senior staff resigned.

-

This case shows how dangerous it can be if a cyber-criminal is able to monitor IM sessions. Even though the log-files were stolen in this case, sniffing the data-packets could have caused the same damage. Encrypted IM chat and log files would have helped prevent this catastrophy. Storing sensitive files and chatlogs in an application such as My Lockbox is a way to worry-free computing. It has both a free version and paid.

-

Blocking IM: Forget it

-

The most effective way of preventing instant messaging is to deny it access to the network in the first place. Preventing the use of instant messaging is difficult. Simple port blocking firewalls will not be effective because IM applications can use common destination ports such as HTTP port 80 and FTP port 21. Most of the IM applications will auto-configure themselves to use other ports if the default port is blocked.

-

Firewalls with protocol analysis may prevent instant messaging applications from communicating via common destination ports, such as port 80, because instant messaging traffic is different from HTTP traffic. However, the latest versions of all the various IM applications embed the traffic data within an HTTP request, bypassing protocol analysis.

-

IM Security

-

Securing instant messaging is not a difficult task. One of the best ways to secure the information being transmitted along an IM network is to encrypt it. There are currently many companies that offer encrypted instant messaging communication. IM encryption applications are available, four of which are noted above. If P2P file transfer via the instant messaging network is not required, then disable it. A comparison and list of all IM applications can be seen at Wikipedia. Comparison of IM Clients.

-

Cyber-criminals generally target specific computer systems, so they are not the biggest threat for any IM network as a whole. However, worms are non-discriminating and target all the computer systems of a particular network. They appear to pose the biggest threat for the future. We have seen worms that use security exploits, becoming widespread in a very short period of time.

-

The number of worms for instant messaging is increasing each year, and looking at the success of some of these worms, clearly instant messaging is a primary platform for malicious threats. Many exploits are available for the various IM applications. Computer professionals and users alike need to be aware of the security issues involved with instant messaging. The best way to ensure the security of IM services is to educate users to the risks involved and the means of mitigating those risks.

-

Basic good security for instant messaging can be obtained, even for free.

-

Use a reputeable antivirus such as Avira AntiVir Personal Edition (When you install it you will be asked to install the Ask Toolbar and/or Webguard. It's up to you but you may not need them. See the Beefs and Bouquets heading of this site for more info.) Most antivirus applications can do the more popular trojans and worms.

-

MBAM: Detect and remove spyware and trojans using Malwarebytes Anti-Malware. The free version works only as an on-demand malware scanner and remover. The Pro version comes with realtime scanning and removal, which can be important to users of IM.

-

MSMVP HOSTS: Please refer to the previous article 7 for more info. The HOSTS can block any address, with or without a browser. It can protect you from clicking on links to malware sites in IM.

-

Windows Firewall or better

-

IMsecure by Zonelabs

-

Trillian

-

More about Meebo and Pidgin can be discovered at How to Encrypt Your Instant Messaging Chats by Tim Watson.

-

If you need further help with anything here, then come see us at SpywareHammer.

-

-

Best regards and always take care of your security.

Windows Security Checklist - Part 7: HOSTS: Blocking Unwanted Web Sites, Malware and Ads

Posted on December 24, 2010 at 6:27 AM

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 9, 2005

Revised and Updated: December 24, 2010

(Preamble skipped. You can read it below in previous articles.)


HOSTS: What It Does


To remove and block web site ads and banners, offensive content and malware, you can purchase specific software or you can use free techniques available for any browser. The HOSTS file is built into Windows but comes blank with no entries. It can be used to block ads, banners, cookies, web bugs, and even most hijackers, by blocking the Servers and sites that provide them on your own computer. The following entry 127.0.0.1 ads.badsoftware(example only).com blocks all files provided by the badsoftware Server to the web pages you look at while stopping it from tracking your movements.


The HOSTS is the first place a browser looks for an address after you click on a link or type one into your address bar (unless you are using a proxy server, more on that later). When you type in an URL such as www.happycampers(example only).com. If it does not find the domain name in the HOSTS file, only then does the browser ask the DNS server. It is this fact that makes the HOSTS file an excellent means for blocking web site ads and other threats.


HOSTS is a text file you can open in Notepad. At the top is an explanation of the simple syntax. Each line is an IP address, a domain name, and an optional comment placed after a # sign. A default entry in every HOSTS file looks like this:


127.0.0.1 LOCALHOST #THIS IS THE UNIVERSAL IP ADDRESS OF ALL LOCAL COMPUTERS


127.0.0.1 is an IP address called the "loopback" because it refers to your local computer only. The loopback address gives developers a way to test web software without being physically connected to a network. This prevents errors in network hardware or software from obscuring test results. The loopback address can be used to stop web ads from displaying.


To use the HOSTS file to block web ads, you add a list of hosts serving offensive or malicious content with these domains associated to the loopback address -- your own computer. When you go to a site that contains ads, the browser looks on your own machine for the ads and never visits the ad server. The ads are never displayed and the ad server has no opportunity to put tracking cookies on your computer.


Ad-blocking HOSTS files, for various purposes, are available for download on the Internet.


Regularly Updated AdServers List: http://pgl.yoyo.org/adservers/#foursteps


Windows automatically looks for the existence of a HOSTS (file) and if found, checks the HOSTS first for entries to the web pages you request. The 127.0.0.1 is the address that points to your computer, so when the entry "ad.doubleclick(example only).net" is requested your computer thinks 127.0.0.1 is the location of the file. When this file is not located it will say that it's unable to connect to that address on the page in your browser. It then skips onto the next file and thus the ad server is blocked from loading the banner, cookie, or (perhaps) malicious javascript file.


This takes nanoseconds, which is much faster than trying to get a file from the other side of the planet. Another nice feature of the HOSTS is that it is a two-way file, meaning if some malware does get into your system it cannot get out (call home) as long as the proper entries exist. For this reason it's essential to keep your HOSTS file up to date.


A very large HOSTS can slow down a browser on NTFS platforms (XP, Vista & Win7) To resolve this issue open the Services Editor.


Start > Run (type) "services.msc" (no quotes)

Scroll down to DNS Client,

Right-click and select: Properties

Click the drop-down arrow for Startup type

Select: Manual

Click: Apply/OK and restart.


HOSTS need regular updates since new ad servers keep popping up. If you see an ad while using an ad-blocking HOSTS file, it means one of two things, either the ad is hosted on the site's own server, or it is new. To find out where the ad is coming from, right-click on it and select "Copy Shortcut." If the ad is hosted on the site, you cannot block it with a HOSTS file as HOSTS files only block whole sites. For a new ad server, paste the domain portion of this URL into your HOSTS file with a redirect to 127.0.0.1.


Blocking More Than Ads with MVPS HOSTS


Traditionally, the HOSTS is used to block ads and banners, but it was determined by Microsoft MVPs (Most Valuable Professionals) that many of the parasites and malware that get onto our machines by surfing websites can also be blocked in this fashion.


It serves no purpose if you block the ad banner from displaying, as most other HOSTS files do, but get hijacked by a parasite from a script or download contained on the website. The object is to surf faster while preserving your safety, security and privacy.


Direct Download of the MVPS HOSTS: http://www.mvps.org/winhelp2002/hosts.zip


How to install MVPS HOSTS:


You can also right-click the link and select "Save Target As." Unzip in a "temp" folder and place in the appropriate installed location. The MVPS HOSTS zip comes with a batch file you can run in XP, Vista and Win7. In Vista and Win7 you will need to have Administrator rights to open and run it. It will automatically install the new HOSTS in the appropriate location, while making a backup of your old HOSTS.


Using HOSTS with Proxies


If you connect to the Internet using a remote proxy server, the HOSTS may not work. A remote proxy server does the DNS requesting for you preventing the HOSTS from being used. Your browser will route its request through your proxy server before your machine looks up an entry in HOSTS.

If you are using a proxy server:


In IE, go to the Internet Options > Connections tab and choose your connection.

Make sure the box called "bypass proxy server for local addresses" is checked.

This type of change should only be made on a stand-alone machine. If you are Networked (ie part of a large business or institution) you should check your configuration with your IT department prior to making any changes. You may also wish to check this change with your ISP (Internet Service Provider) as it could disconnect you from the Internet.


HOSTS: Problems and Solutions


The HOSTS technique is useful, but there can be some problems with it. Ad-blocking HOSTS files can include sites that have ad servers you do not want but you may still want to see them. This occurs because some ad servers provide other types of content. For example, the ad server akamai.com also provides streaming media for many web sites, including Microsoft, for whom they handle Windows Updates. If you block akamai.com, you will not be able to access Windows Updates.


You would like to see something else in place of ads, but in actual practice there are "Action Canceled"  or "(the browser) cannot display the web page" error messages repeated wherever an ad would have been. This can be fixed, as you will soon see.


Problems with delays occur. HOSTS redirect ad-server requests to IP addresses that are not servers. Internet Explorer will fail immediately if it cannot find a server, but other browsers can wait much longer before quitting.

Both these problems can be solved by installing a small, single purpose, local-only HTTP server that does nothing but serve GIF images (which you can determine) when requests are received on the loopback address. This replaces unsightly error messages with the images you prefer, and eliminates delays because the browser receives an immediate response.


 

A free utility for this purpose is eDexter. It also cures Opera's endless searchings. For more info and downloads: http://www.pyrenean.com/eDexter

It works in all Windows platforms, and is also available for use with Macintosh.


Back Button Problems


You click the Back button to return to the previous page and it appears that nothing happens. What usually occurs is that the HOSTS has blocked one or more ad pages that are embedded into the web page you were viewing. To verify this click the small drop-down arrow on the Back button. Is an ad server listed? In some cases the web page can contain a script to prevent the user from returning to a previous page. Simply skip to a valid link.


Making the HOSTS More Powerful


You can augment and strengthen your HOSTS with two freeware security applications.


SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected. Those who donate to SpywareBlaster can recieve automatic updates.


Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your HOSTS will be augmented with Spybot's protections against bad cookies and nasty web sites.


The HOSTS with these two applications work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious spyware and hijacker threats on demand.


Merry Christmas, Yuletide Greetings or Happy Winter Solstice to All, and always take care of your security.


This document is provided "AS-IS" without warranty, and confers no rights.

Windows Security Checklist - Part 6: Invisible Internet Browsing or Talk to the Proxy

Posted on June 20, 2010 at 6:37 PM

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: January 2, 2005

Revised and Updated: June 20, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 6: Invisible Internet Browsing or Talk to the Proxy


It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.


Invisible Internet Browsing


Each computer on the Internet is marked with its own special IP-address. (IP stands for Internet Protocol.) For cable users you probably have one or two static addresses that rarely change. For High Speed-DSL and Dialup users, you may have dynamic ones which change with each logon or fairly often. On high speed-DSL you can usually change your assigned IP address by turning your modem off, waiting 30 seconds and turning it back on, then reconnecting to your ISP's network. Dynamic IP's can be traced using Reverse-DNS where the network or ISP you are on allows for it. Each Reverse-DNS address is unique. Even if your dynamic IP-address changes, the Reverse-DNS address will remain the same.


Your IP-address allows your ISP and other computers to communicate with your PC. To be completely without an IP-address would be the same as a telephone without a dialtone. There would be no communication, and you would be offline. However, there are ways to mask or encrypt your IP-address.


Proxies are simply servers that connect users to a network. Usually it connects to another network (for example, the Internet) from a local network such as a business or even an ISP (Internet Service Provider). It allows many to access a network with one or several addresses. These servers can be very useful, contributing security, speed and privacy to those who wish to truly enjoy the Internet without giving up their identities.


There's basically three kinds of anonymous proxy services of interest to home users. Public Anonymous Proxy Listings which you can use by selecting, then inserting their addresses and port numbers into your web browser. You can find instructions for doing that with most popular browsers here: Using Proxies. Btw, their instuctions for Internet Explorer 6, apply to 7 and 8 as well. That article also explains about transparent, anonymous, distorting, and high anonymity proxies. Note: Try to avoid using proxy toolbar browser addons as many of these include tracking spyware, rather counterproductive to privacy.


By using an anonymous (http) proxy server, you are using their IP instead of your's to access the Internet. An anonymous proxy removes, masks or encrypts your IP on any requests you make when it passes these along to Internet websites. They talk to the proxy, not to you. For these proxies to be truly effective it is important to disable Java, Javascript and third-party cookies in your browser. If this detracts from your enjoyment then leave them on. Be aware though, that by doing so it is riskier. Additional risks also exist for these types of proxy servers, most especially from unencrypted traffic containing logins and passwords. If the anonymous public proxy you're using belongs to a malicious owner, you could be in trouble. You could likely encounter that kind of thing when using random choices from anonymous proxies lists without checking them to see if they're okay. You can look up IP addresses and whois at a site such as What Is My IP. You can find more such sites by searching for whois in your favorite search engine. Btw, Google is never anonymous. I use Scroogle all the time. Donations to Scroogle help us all, so be generous. As a general rule I stay away from anonymous proxies located in Eastern Europe, Russia, anywhere in Asia, Africa and South America.


Tip ...especially for dialup users: Large downloads can be agonizingly slow on dialup. By connecting to a web proxy server you can speed up the download by having the proxy get the files first, and then give them to you at their speed. You may have to test and expirement to find a server that can do that. You can also search for Premium Link Generator Sites. They have features where you can download large files from file sharing sites. You download the file to their server, then you get it from them. Be careful though, as there are some link/sync sites which offer browser addons that are spyware.


For large downloads, I would strongly advise that you get a Download Manager--even if you're on a high speed connection. These types of programs can resume downloads that have stopped without warning or become broken somehow. They can greatly speed up the download by simultaneously splitting the file into smaller segments and downloading them all at once. My favorite one is Free Download Manager.


Another kind of anonymous proxy server is accessed via a web page service. There's no need to program your browser. Simply open the web page and insert the URLs/addresses you wish to visit in their search bar. IPHider is one such service, and it's entirely free.


The third way is by means of a VPN, a Virtual Private Network. A few of these are free, but most are subscription based. Please refer to this article: 8 Free VPN Services.


Warning (Tip)...do not try to join security forum boards using an anonymous proxy. You could be banned. They don't trust members who are not forthcoming.


Besides using anonymous proxy servers on the web, you can use a free program that does even more. Proxomitron is shown below.


Proxomitron has these features:


Stop windows that pop-up, pop-under, or pop-over

Stop those un-closable endless banner chains

Stop pop-up JavaScript message boxes

Remove web-branding and other scripts tacked on by "free" web providers.

Convert most ads and banner pictures into simple text links

Freeze all animated gifs

Make blinking text appear as bold instead

Remove slow web counters

Stop web pages from "auto-refreshing"

Prevent pages from changing fonts

Get rid of or replace web page background images

Protect against getting "trapped" inside someone else's frames!

Make all frames resizable

Close top or bottom frame banner windows

Make background MIDI songs play only when you choose.

Remove status bar scroll-texts

Remove "dynamic" HTML from pages

Disguise your browser's identity and version from JavaScripts

Remove style sheets

Un-hide URLs when the mouse is over a link

Disable frames or tables altogether

Change or delete cookies

Change your browser's user-agent and other identifying fields

Hide where you've been previously from inquisitive web servers


For more information please refer to: The Proxomitron - Universal Web Filter


This article is meant to be a general introduction to the use of anonymous proxies, and not a detailed dissertation on the subject. Thanks for reading.


Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.

 


Windows Security Checklist, Part 5: Are Cookies Really GUID for You?

Posted on May 29, 2010 at 1:29 PM

by Larry Stevenson, aka Prince_Serendip

First published at CastleCops: December 26, 2004

Revised and updated: May 29, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 5: Are Cookies Really GUID for You?


It is not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.


Are Cookies Really GUID for You?


Cookies have received a lot of bad publicity, but you need cookies if you want to visit websites. And, rightfully so people want to know how to remove them from their computers. This becomes especially important with the kind of cookies allowed in your browser. It has become a popular practice among adware and spyware developers to use third-party cookies to insert Global Unique IDentifiers (GUID) onto your computer. GUIDs are mathematically generated, unique hexa-decimal numbers which can be used to track your activities anywhere online. It's the mathematical equivalent of a UPC barcode or RFID tag.


Cookies are not executable programs placed on your computer to collect data on your computer usage. They cannot replicate themselves. A cookie cannot read any data from your hard disk, including the data stored in other cookies, but they can be read. With a little clever manipulation, cookies can be cross-referenced between different sites monitored by a single company. Using cross-referenced cookies, that include GUIDs and your personal information between linked websites, it's possible to track your online activities in detail.


A cookie is just an ordinary DOS-text file, stored by your web browser, that is a record of specific information about each time you visit a particular website. The record in the cookie can contain any information, especially personal information and passwords. Cookies began in the early days of Netscape (1994), the first really popular web-browser, invented by Lou Montulli. The people at Netscape discovered that the Internet has amnesia.


Whenever you want a web page, you bring it up with your browser, either by typing in the name of the page or clicking on a link. When the browser opens the page for you, it disconnects from the computer that had the page.


This allows the Internet to have many connections. However, it makes your connections to the Internet a lot harder. Since you use separate connections with each web page, the website you are viewing cannot tell if you are the same person at each page in turn. This makes it harder to provide the proper information and to remember where you were.


Cookies are a way to solve this problem. Without cookies, websites and their servers have no memory. A cookie, like a car key, enables swift passage from one place to the next. Without a cookie, every time you open a new web page, the server where that page is stored will treat you like a totally new visitor.


Session cookies are used by web sites to ensure that you are recognised when you move from page to page within one site, and that any information you have entered is remembered. For example, if a commercial website did not use session cookies then items placed in a shopping basket would disappear by the time you reach the checkout. You can choose to accept session cookies by changing the settings in your browser. Session cookies are deleted when you logoff from the website or close your browser.


First-party cookies are for particular websites with which you have accounts. With these cookies, you can specify your personal preferences for the features that the web sites offer, such as to display the current weather conditions of the city you live in, provide the skin of your choice for the site, the colors you like, etc. Each time you visit that web site in the future, it automatically recalls your choices, using the cookie.


Third-party cookies come from a web site different from the one you are currently viewing. They provide extra content on the web site you are on, like a web site within a web site. These sites may use advertising from other web sites that may also use cookies. Often this type of cookie is used to track your web page use for advertising or marketing purposes. Third-party cookies may be temporary or persistent.


Advertising networks are companies that use third-party cookies, paying software developers and web sites money for allowing their ads to be shown when people use their software or visit their sites. The ads are often in the form of popups or banners, presenting you with some form of advertisement. The problem with these networks is that they place third-party cookies on your computer each time you open an ad served by the particular network. This allows the advertising network to track your movements across the Internet by reading the information contained in the cookies every time you connect to a site that they are on. Any of the most popular web search engines also do this by default. Information in the cookies is recorded on their servers, and the GUID numbers provide identification with time and date specified. It should be noted that cookies don't identify a specific person, but track the user account, computer and web browser. This kind of information can then be provided to law enforcement (for example) to assist an investigation if the user account has been engaging in illegal activites, or sold to another company seeking to use the information for their own purposes.


How to Block ID Tracking by Search Engines


Most major search engines online use tracking cookies, and record your IP address when you use them. The information recorded in their cookies is stored in permanent files on their servers hard drives. If you want your search history recorded for all posterity then by all means keep using them as you have in the past. Alternatives do exist. Two search engines (trusted) that don't use tracking cookies nor keep permanent records of your visits are Scroogle and Startpage.  Click on the links to see what each is about. Each has plugins so they can be added to your browser's search engine selections. Here's the multi-language plugin list on Scroogle for Firefox.


What To Do About Poisonous Cookies


Cookies are far from perfect. Although they are not executable they can be stolen, replaced, redirected, and rewritten for illegal or nefarious purposes. Instructions for blocking Third-Party cookies in Internet Explorer are provided below, and at the links for Firefox and Opera. But just blocking cookies may not be enough. Three freeware applications can provide extra muscle to stop poisonous cookies dead in their tracks. (I use these every day online.)


1. Get the MVPS-Hosts file. A full explanation of what the Hosts file does and how to install it are provided at this site. If you hate ads when you surf, this will get rid of them.


2. SpywareBlaster. Download, install, update and apply the update, and you're done. It's simplicity itself. It protects your browsers, and your computer so that malware cannot be loaded nor even opened. Keep it updated, and you're protected.


3. Spybot - Search & Destroy. Click through according to your language preference. On the next page, click on the symbol beside Spybot Search & Destroy in the upper-right corner to get started. Download and install it. Update it. After receiving the updates, click on the Immunize shield on the main window. Make sure there's a checkmark in the box beside Global Hosts, under the Windows heading down at the bottom. Then click on the green "+" beside Immunize at the top. It will take a minute or two, but when it's done your Hosts file will be augmented with Spybot's protections against bad cookies and nasty web sites.


These three work together to provide comprehensive malware protection online. Spybot Search & Destroy can also scan your hard drive for pernicious threats on demand.


Blocking Third-Party Cookies


You can learn how to configure your browser to accept only first-party and session cookies, and to deny all third-party cookies. Follow these steps to block only third-party cookies, for Internet Explorer 7+:


Click Tools > Internet Options, select the Privacy tab and click the Advanced button. Put a check in the box beside Override automatic cookie handling, then select Allow, Block or Prompt for First Party and Third Party cookies. In this case, Allow First Party and Block Third Party. By putting a check in the box beside Always allow Session cookies, these will be saved on your computer instead of being deleted when you close your browser. You don't have to keep them if you don't want to. Session cookies are used for browsing specific web sites, and using extra content they may have.


Enabling or Disabling Cookies in Firefox 3.6


Cookies for Opera 10.53


P3P (Privacy Preferences Platform)


Established by the World Wide Web Consortium (W3C), P3P provides Internet users with greater privacy when surfing the Internet. W3C is the official web standards body, which essentially attempts to bring law and order to the Internet.


P3P was started to reassure user concerns about the amount of data collected by websites. The idea is that any site gathering information about its users should state why it wants the information, and how long information will be kept. A user visiting a site with a P3P policy has access to its privacy policies and can decide whether or not to accept cookies or use that site at all. That's why you see so many sites that have stated privacy policies and terms of service. You need to read them carefully depending on how you choose to use those sites. For more information.


Here you have the basic nuts and bolts of cookies online, what to keep, what to avoid and how to mitigate against malware attacks through your browsers. It's still important to surf carefully, even with added protection. Malware authors are always trying to screw us over, so do your best to stay safe online.


Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.

 


Windows Security Checklist - Part 4: Securing Your Network Configuration or Home LAN Security

Posted on May 23, 2010 at 12:10 PM

First Published by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer: December 19, 2004

Revised and updated: May 23, 2010


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 4: Securing Your Network Configuration or Home LAN Security.


It's not as complicated as it may first appear, although there can be a lot of information to absorb. The Security Experts, Malware Removal Specialists, Hardware Experts and MVPs at SpywareHammer can help you if you have questions about any of these techniques.



Please take note that the following information and instructions are provided for single (private) computers, and private home-based Local Area Networks (LANs), not for commercial/business networks, nor for Microsoft legacy operating systems prior to Windows XP/Server 2003. This document is provided "AS-IS" without warranty, and confers no rights.


Why Disable NetBIOS?


NetBIOS (Network Basic Input-Output System) is a set of software interfaces that can allow the sharing of files or folders across a network with other hosts (computers) through Windows Network Shares. Developed in the 1980's, and brought forwards through all of Microsoft's operating systems up to and including Windows XP and Server 2003. It does not exist as such in Windows Vista and beyond due to security concerns. The Common Internet File System is the tool of NetBIOS. This permits a host to use remote files on another PC as if it was on their own computer. This makes NetBIOS a threat to individual privacy and security on the Internet for users of XP/Server 2003 operating systems. It can leave your PC open and vulnerable to anonymous logons, remote Registry accesses, and remote procedure calls, all from total strangers.


The importance to securing your home network configuration is understanding what is meant by binding. Binding means that there is a shared and continuous connection between two or more network services, communications drivers, and adapters. The easiest way of seeing these relationships is to organize the various network components into sections.


The Network Services Groups section contains application and server services used by your computer: Applications for Microsoft Family Logons, Microsoft Networks, File and Printer Sharing for the Microsoft Networks.


 

The Communications Protocol contains protocol drivers that apply various network communication protocols: TCP/IP, PX/SPX, NetBEUI (NetBEUI is the NetBIOS Extended User Interface, a more advanced form of NetBIOS.)


The Hardware Adapter section contains the actual peripheral adapters which connect the system to the Internet: Cable/DSL Interface, Dial-Up Adapter, Local Network Interface.


With this sectioned, the parts in each network group are seperate and divorced from the components in the other groups. However, when you get your XP/Server 2003 computer for the first time, brand new, all of these parts are bound together and interconnected by default. Having this many bindings to drivers, services and protocols allows unauthorized uses of your computer online by hackers, or anyone else.


If you are not interested in file-sharing (think also of P2P) and wish to have a more secure Internet experience, what you need to do is to disable the bindings to all protocols, services and adapters except for TCP/IP bound to either the Dial-up Adapter, the DSL Adapter, Cable Interface, or the LAN Interface. You need to be the administrator of your PC to change these settings. If you are only a user on another administrator's PC (e.g. students, office workers) you will need to let your IT people know of your concerns, and wishes regarding this issue before anything can be done. Some places provide instructions for those who need them.


For safer and more secure communications, the system's TCP/IP protocol is bound only to the interfaces or adapters that have contact with the Internet. Since the various Internet-using applications like web browsers, e-mail and proxies etc, do not use or need the Microsoft Networking services, there is no need to bind them to the global Internet TCP/IP protocol.

 

Adapters, Protocols, and Service Bindings


What are Network Adapters for Windows?


On Windows XP/Server 2003 click on Start, Control Panel, then double-click Network Connections. In Windows Vista and Winows 7 double-click Network and Sharing Center.


This will open a window containing a list, The following Network components are installed. This list contains a certain number of lines with an icon on their left. Each of these lines represents a Network Adapter.


On Windows Vista and higher you get a window showing a simplified view of all the connections and shares used by your computer. You can change them here if you wish. For more info please refer to http://www.online-tech-tips.com/windows-7/network-and-sharing-center-windows-7-overview/


A Network Adapter is a program component that helps your computer link a Network peripheral to Windows. Here are some explanations for a few classic Network Adapters.


Network Adapter examples for Ethernet ISA or PCI cards. You have these Adapters if you have an ADSL Internet connection or if your PC is connected to a Local Area Network (LAN). (From one of my old computers.)


(icon) 3Com Etherlink 10 ISA

(icon) SN-3200 PCI Ethernet Adapter


Remote Access Card type Adapters are used for telephone modems or ADSL USB modems.

(icon) Remote Access Card


What are Network Protocols?


Using TCP/IP as an example. Transmission Control Protocol/Internet Protocol: is the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is used by all the Internet, making it the global standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.


All communications between devices require that the devices agree on the format of the data. The set of rules defining a format is called a protocol. At the very least, a communications protocol must define the following:


-- rate of transmission (in baud or bps) (pronounced as bode and bips)

-- whether transmission is to be synchronous or asynchronous

-- whether data is to be transmitted in half-duplex or full-duplex mode


In addition, protocols can include sophisticated techniques for detecting and recovering from transmission errors and for encoding and decoding data.


Communications Protocols are compatible formats for transmitting data between two devices. The protocol determines the following:


-- type of error checking to be used

-- data compression method, if any

-- how the sending device will indicate that it has finished sending a message

-- how the receiving device will indicate that it has received a message


There are a variety of standard protocols from which programmers can choose. Each has particular advantages and disadvantages. Some are simpler than others, some are more reliable, and some are faster.


From a user's point of view, the only interesting aspect about protocols is that your computer or device must support the right ones if you want to communicate with other computers. The protocol can be provided either in hardware or in software.


Service Bindings: What are they?


With many server applications, a binding is an association between a network connection point (the combination of an IP address and a port number, for example) and a network service (e.g. a mail server or web proxy). This defines the interface over which a server process will provide service to a computer. It stands to reason that in order for a service to be accessible to a computer, it must be “bound” to an interface that is available to it.


Bindings allow PCs to connect to network services, and allows the administrator to specify which service will respond to the connections, and on which interfaces and ports. Security issues are associated with providing remote access to services. Bindings therefore need to be considered a point of security control.


Are You Vulnerable to NETBIOS Problems?
Try these tools to determine your NetBIOS vulnerabilities:


Nmap: Free network exploration and security auditing utility. http://nmap.org/


NLtest - very powerful tool, included in Windows Server 2003 Support Tools which can be found on the product CD. NLtest can obtain a wealth of information about potential configuration vulnerabilities.


For Windows XP, and Windows Server 2003, the Microsoft Baseline Security Analyser will report hosts that are vulnerable to SMB exploits and may be used to fix the problem. The tests can be run locally or on remote hosts. http://technet.microsoft.com/en-us/security/cc184924.aspx


Windows XP and Windows Server 2003 users can simply type net share from the command prompt to see what resources are being shared. For more information about the net share command, type net share /? Windows Vista and Windows 7 have this feature disabled by default.


Important Note: This article contains information about changing shared resources. Before changing any shared resource, make sure you understand how to restore the resource, if a problem occurs. For information about shared resources, click on the following articles to view them in the Microsoft Knowledge Base:


Saving and Restoring Existing Windows Shares

 


How to set, view, change, or remove special permissions for files and folders in Windows XP


How to disable simple file sharing and how to set permissions on a shared folder in Windows XP


How to Copy Files and Maintain NTFS and Share Permissions


Safely Block NetBIOS Ports Over TCP/IP to all Internet Traffic at the Firewall


This will prevent outside access to the contents of your hard drives via these ports whether you do file sharing or not. Block incoming and outgoing access to ports 135, 137, 138, 139, and 445 with your firewall.


ZoneAlarm does this by default when you set the Internet Zone Security level to high. The medium default security setting only blocks incoming access to NetBIOS ports, but you can manually change that to include outgoing. Remember that any setting lower than high is not recommended for use in the Internet Zone. Note that these configurations should be possible with other software and hardware firewalls. Please consult their manuals.


Disable NetBIOS Over TCP/IP By Using DHCP Server Options (for XP and Server 2003)


Disable NetBIOS in W2K/XP/2003


Author's Note: This article was published at a time when there was a dearth (not much) of understandable instructions on Home LAN Security issues. A lot more info is available now, but much of it still reads like technical manuals for starships. Hope this article helps you understand.


Best regards and always take care of your security.

 

 

 

 

 

 

 

 

 

 

Windows Security Checklist Part 3: Safe at Any Speed Online

Posted on April 25, 2010 at 3:11 PM

First published at CastleCops by Larry Stevenson, aka Prince_Serendip, CastleCops Staff Writer, December 12, 2004.


Edited, updated, and republished: April 25, 2010.


This article was originally written for Internet Explorer 6, but most of the information is still current and useful. Updates have been added for IE 7 & 8, Vista and Windows 7.


No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. Now we begin our next installment of the Windows Security Checklist, Part 3: Safe at Any Speed Online. (Btw, "Safe at Any Speed" is a futuristic, sci-fi short story by Larry Niven.)


It is not as complicated as it may first appear, although there is a lot of information to absorb. The experts at Spywarehammer.com can help you if you have questions about any of these techniques and applications. The applications featured here are compatible with all Windows platforms, unless otherwise noted.


Browsing the Shelves


Configure your browser for maximum privacy. **Force it to prompt you for permission for everything possible.** (To be absolutely honest I prefer settings which do not interfere with my surfing. Personally, I don't like a lot of promptings.) You can configure Internet Explorer to provide good security with a minimum of fuss. For more details on how to do this please refer to the following articles, depending on which version of Internet Explorer you are using:


IE6: http://www.helpwithwindows.com/techfiles/surf-safe.html


IE7: http://www.helpwithwindows.com/techfiles/ie7-surf-safe.html


IE8: http://cybercoyote.org/security/browsers.shtml


For all other browsers please refer to their Help sections.


With Internet Explorer, clear your browser cache, called "Temporary Internet Files" or TIF, and browser history often. Always clear these after visiting any site where you performed personal business such as online banking or buying products. Click Tools > Internet Options. On the General Tab see Browsing History and a button labelled "Delete..." For those who would prefer an application to do it for them, this little freeware can speed up the job. CCleaner at http://www.piriform.com/ccleaner

Other browsers, such as Opera and Firefox, can be set to clear cache and history just by closing the program.


For Internet Explorer users: Get a web content/browser filter to prevent remote site contact through ad banners and embedded web bugs. Proxomitron is an example of a web content filter. For more info, please visit http://www.proxomitron.info/ 


Also, get a cookie filter. They are built into most browsers these days, but third-party programs usually offer better filtering options. For IE there is CookieWall: http://www.analogx.com/contents/download/Network/cookie/Freeware.htm

Another excellent application for browser filtering and to prevent hijacks is WinPatrol: http://www.winpatrol.com/


Internet Explorer can be a safe and able browser if you configure and protect it properly. Some of the reasons as to why IE has had security problems are due to a combination of inept and uninformed users, malware writers and browser hackers. These articles help alleviate that by informing and educating all users.


Take Care of Your Information


 

Be careful about what information you share on websites. Use common sense when filling out forms or providing any personal data, unless you are completely sure it will not be misused. Read their Privacy Policy or Statement. Just because they have one does not mean they will not still use your information against your better wishes. Read it carefully. If it is vague, unclear, or absent, do not share anything with them.


Stay away from everything to do with mailing lists and requests to use your personal information. Avoid sites that offer some sort of prize or free gift in exchange for your contact details. These are sure to be some form of identity theft scam or for spam.


Do not use "click here to unsubscribe" with spam e-mails. What this really does is verify that the spam was delivered to a valid e-mail address and confirms that you saw it. The sender has no intention of honoring your request. By responding you are certain to get even more spam from the same sender, as well as those who were sold your confirmed address. Delete the spam without responding to anything. Most webmail outlets provide a place for spam. You may have to check it to be sure no legitimate e-mails are there before deleting.


Do not use your personal e-mail address when posting to message boards, or newsgroups. Always use a webmail address. Spiders and crawlers are constantly checking these places for valid addresses to use for spam. Many websites provide a choice in your profile whether to hide or reveal your e-mail address.


Also avoid giving your personal e-mail address to your friends. They may not be as well protected and informed as you. Use a disposable, free webmail account instead. These are easily obtained from Hotmail (Windows Live), Yahoo, Google etc.


Anonymizers or proxies can help where both privacy and security are at risk when browsing to new websites and posting to certain newsgroups.


Be informed. Visit Spywarehammer, and other security websites frequently. Read the news and apply what you learn.


Test the Waters First


Try one or both of the free services listed below to test the security of your computer connection to the Internet. Be sure to include a check for identity vulnerabilities and port scanning.


ShieldsUP! by Steve Gibson Research Corporation: https://www.grc.com/x/ne.dll?bh0bkyd2


Symantec Security Check: http://www.symantec.com/norton/sygate/index.jsp


Look at the results. Make adjustments to your firewall or network settings, and apply software patches as required for the best defense.


Check your firewall and router logs often for suspicious incoming or outgoing traffic. If you suspect that you are a victim of a hacker attack, that someone did in fact compromise your system for criminal intent, go to the Internet Crime Complaint Center: http://www.ic3.gov/complaint/default.aspx for instructions on gathering proof and filing a report. Look for changes on your hard drive, unknown or changed files and folders with decreased hard drive space. Do not delete. Quarantine anything suspicious as you will need this information for evidence. An easy way to quarantine files is to encrypt them so they cannot be opened except by you. A useful (free) tool for doing this is My LockBox: http://download.cnet.com/My-Lockbox/3000-2144_4-10789387.html My Lockbox can also be useful for protecting sensitive personal files and folders. Use strong passwords.


Always Have a Backup!


Keep current backups of all personal and system files. Backups restore lost data in the event that your system security is compromised or your critical files become corrupted. Keep copies of everything you need whether for a simple or a major restore. In the event of something catastrophic, like a hard disk failure or major file damage, you need to be prepared to re-install your Operating System. This means keeping your installation CD for Windows, the CDs/DVDs for all of the other programs you have installed, copies of programs downloaded put on CD/DVD, a flash/thumb drive, or an ISB Hard drive, and any personal files in a safe place seperate from your computer. These will be destroyed when you re-format a hard drive partition.


Always create a backup of your registry before installing any new program or making any changes to your system settings. Instructions to do this are in your Windows Help Files. An easy way to do this on XP, Vista and Windows 7 is to make a System Restore point. A shortcut is placed by default under System Tools in the Start Menu via Control Panel.


Added Security for Internet Explorer (any version)


An up-to-date Hosts file (free): http://www.mvps.org/winhelp2002/hosts.htm will block a lot of malware out there.


Spybot Search & Destroy (free): http://www.safer-networking.org/en/download/ will strengthen your Hosts file using the Immunize feature, as well as applying extra security to your browsers.


SpywareBlaster (free): http://www.javacoolsoftware.com/spywareblaster.html will bolster security on most of the popular browsers, a set-it and forget-it type of program.


You can't go far wrong by implementing the above advice and techniques to secure your browser and your computer. Good luck always favors the prepared. You can surf with confidence, knowing what to do if trouble comes. If you need further help, come see us at http://www.spywarehammer.com/



Best regards and always take care of your security!


This document is provided "AS-IS" without warranty, and confers no rights.


 

 


 

Windows Security Checklist: To Do and Do Not

Posted on March 1, 2009 at 4:41 PM

Windows Security Checklist: To Do and Do Not (revised)

by Larry Stevenson, aka Prince_Serendip, MVP - Consumer Security
First Published: December 5, 2004
Revised and Updated: Sunday, March 1, 2009

 

No one application nor technique can protect you at 100%, but you can still get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malwares almost to zero. We have done Firewalls and Antivirus applications. Now we begin our next installment of the Windows Security Checklist: To Do and Do Not.

 

It is not as complicated as it may first appear, although there is a lot of information to absorb. The  experts at Spywarehammer.com can help you if you have questions about any of these techniques and applications. The applications featured here are compatible with all Windows platforms, unless otherwise noted.

 

Be very cautious if you feel you must use any P2P (peer-to-peer) network service for sharing/swapping files across the Internet. In fact, we would prefer you do NOT use P2Ps such as BitTorrent, BearShare, BitComet, etc at all, as these can be conduits for malware. These programs may not have malware in them, but when you share files with other computers, you also share their dirt. Mud pies anyone?

 

Do not expose any drive folder other than the one chosen for access by these services. Secure your sensitive files on any computer you use to connect to the Internet. Do not place private files in folders that are configured as shared. Keep your virus scanner and firewall on at all times. Better yet, use a File/Folder Access Protection application to lock access to all other areas of your hard drive. Applications you could use are: WinPatrol: http://www.winpatrol.com/  FileChecker: http://www.javacoolsoftware.com/filechecker.html and WinGuard Pro: http://www.winguardpro.com/

 

Secure your Instant Messages (IMs). A good idea is to use an IM encryption utility to secure your MSN, Yahoo, or AIM messages. Some encryption utilities require use on both ends. ZoneLabs Extreme Security: http://www.zonealarm.com/security/en-us/zonealarm-extreme-security.htm and
Trillian Pro/Basic: http://www.ceruleanstudios.com/downloads/ provide encryption security for Instant Messaging. Trillian Basic is free.

 

Disable file transfers in IM programs, as this feature can enable the sharing of more than you intend, unless you're prepared to prevent it. MSN, AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, be certain it's a trusted source, otherwise use e-mail to verify that their request is valid.

 

Do remember that even though only one computer is actually making the internet connection, any other computer sharing that connection, or which is sharing files on a network, needs the same protection.

 

Do require a login user name and password for every computer connected to your Local Area Network (LAN). For any hard drives that are configured as shared: Windows XP and Vista users - do not configure share permissions to allow "anonymous logon" or any access by groups or users outside your LAN.

 

Do not let a downloaded application or any downloaded executable to launch on its own unless you're certain it's from a trusted source. Be cautious of downloading files that end in exe, bat, vbs, and com. Scan them with your antivirus or anti-malware applications BEFORE unzipping and opening them. Most anti-malware applications allow individual file scans by right-clicking them. Do not expect their real-time monitors to catch them all.

 

Do not accept and run an ActiveX Control or Java Class unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. If you are using Internet Explorer, these settings are located under Control Panel > Internet Options > Security > Internet - Custom Level. Mozilla, Firefox, and Opera users are prompted by default.

 

If you are using Internet Explorer disable "Allow software to run or install even if the signature is invalid" so your browser will be forced to prompt you if additional components are needed in order to display certain content. This setting is located under Control Panel > Internet Options > Advanced - Security.

 

Do not enable JavaScript for e-mail or e-mail attachments. While JavaScript may be fine for Internet browsing, it can be dangerous when enabled for e-mail. For more detailed instructions on how to disable JavaScript in Outlook and Outlook Express please go to: http://www.emailprivacy.info/disable_javascript

 

Disable HTML and USE PLAIN TEXT for e-mail. Use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Current e-mail worms can execute just by your viewing HTML-formatted content. Disable preview panes when accessing your mail. Check here for instructions to turn it off on Outlook and Outlook Express: http://apcsnh.com/vacm/previewpaneoff.html

 

Always view e-mail attachments seperately and only after they have been scanned for malware. Downloading them won't hurt your computer, if they are infected. It's only when you open them that they deliver their dirt. Even after proper scanning there's still a chance that they can infect your computer if their dirt evades your anti-malware scanners.

 

Do not submit secure forms (https) on insecure servers. Watch the address bar at the top of your browser when filling out forms online. If it begins with "http:" do NOT fill out and submit the form, if it's asking for private or personal information.

 

Do not ever use e-mail to send private financial information such as credit card or bank account numbers, or your SSN/SIN (US/Canada). Even if you use encryption and the e-mail is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and unencrypted.

 

Never respond to e-mail asking for private information. Telephone your financial institutions, and ASK them about it. Any e-mail you receive requesting your credit card or bank account numbers, or SSN/SIN either by e-mail or by a web site link is likely to be an identity theft scam. Never click on any links in such e-mail messages. Many banks will NEVER e-mail you about personal banking purposes. If in doubt, check it out!

 

Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit. Most secure websites for banking and credit card companies will not accept browsers with less.

 

As always, keep your operating system (OS) and browser up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches from Microsoft, as they are released. To learn more about what is being updated on a timely basis please go to Calendar of Updates at: http://www.calendarofupdates.com/updates/calendar.html

 

Best regards and always take care of your security.


This document is provided "AS-IS" without warranty, and confers no rights.

Windows Security Checklist (revised)

Posted on February 14, 2009 at 1:25 PM

Windows Security Checklist (revised)
By Larry Stevenson, aka Prince_Serendip - MVP Consumer Security
First Published: November 28, 2004
Revised and Updated: February 14, 2009

 

Firewalls and Antivirus Applications for Basic Protection
 

No one application nor technique can protect you at 100%, but you can get pretty close to that. When these guidelines are followed by Windows users, it can bring their chances of being infected by malware almost to zero. It is not as complicated as it may first appear, although there is a lot of information to absorb. If you have questions about any of these techniques and applications, the experts at SpywareHammer, and other reputeable security boards will be pleased to help you.


Firewalls

Your computer has 65,536 ports that can share information with the Internet or another computer. A good two-way firewall will monitor all outgoing and incoming traffic. It can alert you to anything out-of-the-ordinary, according to the rules or procedures you decide or ones already enabled by default. It can even close all of your ports at need. Put it at the highest level of security possible for your Internet zone. Set all programs to alert you for access (unless you despise popups like I do). You may also set programs you trust, and use frequently, to automatic (good idea). If you aren't sure about a program wanting access to or from your computer, you can deny it. Firewalls are an absolute must to prevent trojans, hacking attempts and to protect your private information.


Excellent Articles on Firewalls (see also the ElderGeek link below)

Personal Internet Firewalls that really work! http://www.grc.com/su-firewalls.htm

Firewalls and ZoneAlarm Guide and Tips http://www.markusjansson.net/eza.html

How Firewalls Work from HowStuffWorks http://www.howstuffworks.com/firewall.htm
 

Firewalls You Can Use

http://www.zonealarm.com/security/en/computer-security.htm?cid=W1000281 ZoneAlarm is newbie friendly. The Pro and Plus versions are paywares but it has a stripped-down, freeware version or Basic Firewall which provides optimum protection for most non-commercial purposes. (When you install it, you may need to avoid installing any extra toolbars. See below.)

 

http://www.sphinx-soft.com/index.html Sphinx Software provides firewalls for Windows Vista only, integrating all of your protections under one umbrella. Not free, but excellent.

 

Comodo Free Firewall and Antivirus is a nice basic package. It does the job and then some. (When you install it, you may need to avoid installing any extra toolbars.) http://www.personalfirewall.comodo.com/index.html


Online Armor comes highly recommended by Security Experts: http://www.online-armor.com/ It has a totally freeware version, firewall only.

 

**A word about extra toolbars. Some applications may supply a toolbar at install. Its search engine will cause targeted ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to them, or keywords appearing in your search queries. If you do not want these types of toolbars remove the checkmark in the box beside them during installation, or if you have gotten one try to remove it using Add/Remove Programs. If you are unable to remove a toolbar, please consult the experts at http://SpywareHammer.com/ They will help you.


Antivirus Applications

Installing an anti-virus program on your system is the next most essential security measure that you need. When a virus (or trojan) is detected, the program will move the infected file to a quarantine area for disinfection or removal. This prevents the malware file from making contact with any other program. As long as you keep the virus data files up-to-date (check every day or have it setup to do it automatically), configuration is often simple and detection is reliable. Apply all updates and program patches as they are released. Most applications have these tasks automated or you can schedule them yourself.

 

Enabling the Heuristics feature is important but be aware that this can detect more false positives. This detects possible viruses. Most antivirus companies do provide file analysis should you be unsure if a file is infected or not. Set it to scan all e-mail attachments and downloads before they are opened. If there are settings for scans of ActiveX controls and Java for harmful content, use them. It is important to allow the program to create "clean boot" or "Rescue" disks, as you never know when you might need them for an infected system.

 

The essential difference between viruses and trojans is viruses propogate themselves while trojans need youhttp://spywarehammer.com/ to download them by clicking a link or by opening an infected email and/or attachment. Remember, no antivirus  application is ever 100% accurate. There may be times when your application will not remove a particular threat. If this happens, please come to SpywareHammer, and we will help you. We do it for free.


Free Antivirus Applications You Can Use

 

AVPE: Avira or AntiVir Personal Edition by H+BEDV Datentechnik, GMBH is free for non-commercial use, offering effective protection against computer viruses, dialers and trojans on individual or private workstations. http://www.avira.com/en/download/index.html

 

AVG Antivirus by Grisoft. After 10 years and millions of free downloads it has released a completely updated and improved AVG Free version of its industry leading AVG Anti-Virus software. It detects viruses and  trojans. AVG is fairly simple to use and you can never turn it off. http://free.avg.com/

 

Last but not least, the default applications provided for Windows XP and Vista security have come a long ways from their beginnings. Both the Windows Firewall and Windows Defender provide good protection against today's Internet threats. For more info on the Windows Firewall (it's in plain English) go to: http://www.theeldergeek.com/windows_firewall.htm
For Windows Defender info can be found at http://www.microsoft.com/windows/products/winfamily/defender/default.mspx

 


Best regards and always take care of your security!

 

This document is provided "AS-IS" without warranty, and confers no rights.