# General Security Information, How to tighten Security Settings and Warnings



## dvk01

This advice is reposted from the advice given by Tony Klein, the acknowledged spyware & malware expert who supports many forums on the net.

I have added a few minor updates to it

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download! 
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2) Go to IE > Tools > Windows Update > Product Updates, and install ALL Security Updates listed. 
It's important to always keep current with the latest security fixes from Microsoft. Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3) Go to Internet Options/Security/Internet, press 'default level', then OK. 
Now press "Custom Level." 
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. 
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it? 
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive. 
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install  Javacool's SpywareBlaster  It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects. 
Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) 
Press "select all", then "kill all checked", and you're done. 
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. 
Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection. 
Don't forget to check for updates every week or so.

Let's also not forget that SpyBot Search and Destroy has the Immunize feature which works roughly the same way. 
It can't hurt to use both.

5) Another brilliant program by Javacool we recommend is SpywareGuard. 
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard. It now also features Download Protection and Browser Hijacking Protection!

6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

7) The  IE hosts file  blocks ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems.
Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements.It Now includes most major parasites, hijackers and unwanted Search Engines!
In many cases this can speed the loading of web pages by not having to wait for these ads, banners, hit counters, etc. to load. 
This also helps to protect your Privacy by blocking servers that track your viewing habits, known as "click-thru tracking".

However as time has progressed the focus of this project has changed from blocking ads/banners to protecting the user from the many parasites that now exist on the Internet. It doesn't serve much purpose if you block the ad banner from displaying, but get hijacked by a parasite from an evil script or download contained on the web site. The object is to surf faster while preserving your Safety, Security and Privacy.

Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is http://www.wilderssecurity.com/

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

If you are using XP or windows 2000 or 2003 then this application will also help a lot to prevent hijacking
https://www.prevx.com

And make sure your Antivirus and firewall is switched on and kept updated


----------



## gotrootdude

*GotRoot's beginner's guide to Internet security. *

First I'd like to start with a some quick definitions of terms.

Virus: Any program that replicates itself.

Trojan: A program or script that comes in a form that hides its true identity and purpose, or slips in by a hidden method.

Hijacker: A program or script that changes system settings, can change internet settings, and reroute web pages.

Spyware: Small programs which attempt to monitor your habits on the internet. While some spyware will attempt to stay hidden from detection, some will make it's presence known through popup advertisements related to your websurfing habits. While spyware companies claim the software is harmless, infected consumers suffer annoying advertisements, slowdowns, crashes, and other problems.

Worm: A virus that attempts to replicate itself though networked computers using shared files/drives, or vulnerabilities in the operating system.

Keyloggers: Programs that log keypresses, used to steal passwords.

Downloaders: Programs that use security flaws to download unwanted programs in the background. Virus's can use downloaders to update themselves.

Phishers: Email that comes with the purpose of stealing information. The email is normally disquised as coming from a respectable business, and may contain a link for you to "update your account".. Don't do it, it's a trick. If you have a question whether or not the email is real, then call the business and ask.

Malware: Software designed specifically to damage or disrupt a system. Can also be software that features deceptive licenses and tricks the user into installing unwanted programs alongside purposely installed software.

Let's collect some highly respected tools. *(Please do not add unrecommended tools to your system without researching them first, some software supposedly written to protect your system can cause more harm than good!)*

Spybot Search & Destroy 
http://www.safer-networking.org/en/download/index.html (Antispyware) Make sure to enable Tea Timer protection to prevent system setting changes. Also, make sure to use the innoculate feature to block access to known spyware websites.

Adaware 
http://www.lavasoftusa.com/ (antispyware)

HijackThis 
http://www.spywareinfo.com/~merijn/downloads.html (hijacker/spyware/virus detection tool) Useful for posting a log for experts to diagnose your machine.

CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
A small utility for removing CoolWebSearch (aka CoolWwwSearch, YouFindAll, White-Pages.ws and a dozen other names). Spybot S&D and Ad-aware tend to forget essential parts of the hijack, so until they update, you can use this to completely remove the hijack. This program is updated to remove the new variants once they come out. (keep it in case you ever need it)

LSPfix
http://www.cexx.org/lspfix.htm
Fixes internet connection broken by spyware removal. Keep it in your arsenal.

Winsock fix for XP
http://members.shaw.ca/techcd/WinsockXPFix.exe
Fixes internet connection broken by spyware removal. Keep it in your arsenal.

* Both LSPfix and Winsockfix can be kept on a floppy as a form of insurance when cleaning a system of spyware*

Procrecon 
http://www.webchitect.com/ProcRecon/download.html (useful for stopping running virus/spyware programs, has a extremely useful feature of attempting to stop all unneccesary programs running with one button press)

Useing these Tools should remove and prevent the majority of spyware infections!

Now let's go on to misconceptions about security.
A common misconception about security is that a firewall is all the protection you need. This is not true. A firewall will only protect against worms, and hackers attempting to access your machine through openings in your OS and network settings. It does not protect against virus's that you download and install, spyware, trojans, or hijackers. While it is useful and necessary, it's usefullness is highly exaggerated, it will not fully protect you. Nevertheless, make sure you use one!

Another common misconception is that antivirus programs will remove or delete a virus. This isn't what antivirus programs are built for. Antivirus programs are built to detect the presence of a virus, and aid in preventing a virus from infecting your machine, they are not built to remove every virus once a virus is installed. While some antivirus programs will remove a virus, they will not remove every infection. If your PC has contracted a virus, and your antivirus program reports it, you need to annotate any information your antivirus program gives you and search for more information on it's removal until you know the virus is removed.

Another misconception is that your fully protected! No matter how well you secure yourself, there is nothing that will fully protect you short of isolating the machine away from network connections and people.

HOW TO SECURE YOURSELF: OR : FINALLY THE GOOD STUFF

1: Run a firewall to protect against worms and hackers. I put this first as it's the simplest step, but as I said before, in terms of security it's not going to keep you safe by itself. What firewall you use is up to you. My personal recommendation is ZoneAlarm. http://www.zonelabs.com/store/content/home.jsp (freeware version available)

2: Run a antivirus. Although it probably won't remove all virus's, it should let you know where the virus is at and when to get help. What antivirus program you decide to use is completely up to you. My personal recommendation is any Trend Micro antivirus product such as PCcillin. http://www.trendmicro.com/en/home/us/personal.htm (AVG antivirus is highly rated and available in freeware form) http://free.grisoft.com/

3: Secure your browser. This is where it gets a bit complicated. There are many ways to do this, and many programs that will aid in doing it. One of the best approaches is to run a alternative browser, such as firefox, which may not be as targeted by hackers as often as Internet explorer for exploits. I will relate this mainly to Internet Explorer, as it is the most common browser used. I highly recommend you enter your internet security settings by clicking tools/internet options/security tab, and setting your security to at least the medium level. Whenever you send credit card information, look for a picture of a lock on the bottom status bar of the browser. Don't send the information if the lock is not there or shows the lock open. My personal recommendation is to use portable firefox on a USB drive. http://johnhaller.com/jh/mozilla/

4. Secure your OS. It's important to run a update for your OS as new vulnerabilities and exploits are discovered. The same is true for all your programs. Schedule time to keep your software up to date.

5. I also suggest you use a startup manager. A startup manager will aid you in getting to know what is starting up when you boot your machine. A good startup manager will also aid you in removing unwanted startup programs, and can make your machine more responsive while booting. My personal recommendation is Startup Delayer. http://www.r2.com.au/software.php?page=2&show=startdelay

6. Watch your e-mail. If your email application allows it, then disable images in your email. *Never open an attachment without virus-scanning it first. Never respond to request for personal information through a embedded link.* Use spam filters.. I recommend using spampal for pop email clients. http://www.spampal.org/

7. Secure your wireless network. While I won't go into depth on this, a good read is here: http://www.practicallynetworked.com/support/wireless_secure.htm

8. Secure your network. Don't needlessly share folders and files within your network. Use logins and passwords.

Now I must remind you,a misconception is that your fully protected! No matter how well you secure yourself, there is nothing that will fully protect you short of isolating the machine away from network connections and people.

* I'm infected, what do I do?*

If you can, run your antivirus , and antispyware tools from safe mode. If not, run procrecon (see link above) to shut down un-needed programs and run the mentioned tools (run them multiple times, sometimes one virus can hide another, sometimes virus's are programed to hide from one tool and not another). If all else fails, don't give up, here are a couple of places that can aid you.

http://housecall.trendmicro.com/ (online virus scan)

http://www.techguy.org/ (can diagnose hijackthis logs, virus's and give further aid)

http://www.techsupportforums.com (can diagnose hijackthis logs, virus's and give further aid)

This guide is just beginning.. It was written to introduce my fellow employees at work to security and is in no way complete. Please feel free to add tool recommendations, comments, and further instructions.


----------



## dvk01

When your antivirus warns you about a virus in a file looking like this and says that it can't delete it :

C:\DOCUME~1\User name\LOCALS~1\Temp\AAWTMP\lots of numbers & letters\lots of numbers and letters\name of file 

Don't panic 

It is the temporary folder that ADAWARE is using to unpack and examine files while running. The folder is automatically deleted when you close adaware, that is why you can't find it when you go looking.

The solution to the problem is to either turn off the antivirus resident protection while running adaware as otherwise that file gets locked and neither adaware or your antivirus can delete it 

or make a note of the file name at the end of the long list and then after the scan has been done search for that file and delete it manually

Normally adaware will have deleted it though from it's original location, but in some cases it's only because adaware has unpacked it, that the AV is seeing the file at all as it's so well hidden inside a zipped or cab folder normally where tha AV won't see it in normal scans


----------



## gotrootdude

Time to add another tool. Just had time to try the new microsoft antispyware tool beta. http://www.download.com/Microsoft-Anti-Spyware-Beta/3000-8022_4-10353597.html

Impressive, it picked up a few things spybot and adaware didn't.. I didn't remove them because the things it found were intentionally installed, but it looks to be a winner. :up:

Warning: this software (for some reason) list phone recording software as spyware. I guess it kinda fits the definition..


----------



## dvk01

* *Click here* to download *HJTsetup.exe*

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Addition Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## siljaline

*Blocking Unwanted Parasites with a Hosts File*
http://www.mvps.org/winhelp2002/hosts.htm
http://www.mvps.org/winhelp2002/hosts.zip (52 kb)
http://www.mvps.org/winhelp2002/hosts.txt (231 kb)

Note: The "text" version also make a good reference for determining culprit 
URLs.

*Silj*


----------

