|
|
|
Mordel's Bar & Grill |
|
  |
» |
| View previous topic :: View next topic |
| Author |
Message |
Motown Scrapper
Clan Ice Hellions
Galaxy Commander
Joined: 24-Jul-2003 00:00
Posts: 2074
Location: United States
|
 Posted: 12-Mar-2005 10:44 Post subject: Computer Security Tips |
  |
|
Computer Security Tips
Do’s and Don’ts
DO run a firewall program and learn how to do at least the basic settings. The more you can learn about configuring a firewall the better. Thankfully this has become much easier because software manufacturers have provided quite a few reliable and easy to use programs in the last few years. A good firewall program will notify you of intrusion attempts from the internet and of possible problems with programs on your computer. These problems will show up in the form of unwanted activity such as trying to access the internet without your permission or knowledge. This type of activity is a good indicator of Spyware, Malware, Adware, and Virus programs.
Note: You should only install and use one firewall programs. If you run more than one program you will encounter problems, some of which can be severe. Exceptions to this are. Windows XP has a built in firewall that should not have a problem with other firewall programs. So if you have Windows XP you should always turn this firewall on. Secondly if you are using a router, hub, switch with a built in NAT firewall, this will not interfere with you firewall software.
DO use a router, switch, or hub with a built in NAT firewall if you are using a broadband connection. I.e. Cable or DSL provider for internet access. This will provide you with a great deal of security since it stops virtually all intrusions on the internet and makes your true IP address invisible to everyone but your ISP provider.
Note: It is always a good idea to still use a firewall program. Many people are under the misconception that all they need is the NAT firewall of their router or switch but it is not the case. Think of firewalls as security for your home. A hardware firewall such as in a router or switch would be equivalent to a wall around your property. Your firewall program is your alarm system to protect you from intruders that get into your home by other means. I.e. When you allow someone to come in to you property you are letting them past your outer wall. This is what happens when you install programs which may contain Spyware, Malware, Adware, and Virus programs. Or open e-mail attachments that may be infected.
DO run an anti-virus program. This is different than a firewall program, which is made to keep people out. Think of your anti-virus program as an exterminator to find and kill the bugs and pests that get into your house. A good exterminating service will prevent them from getting in to your house in the first place, and quickly act to eliminate any that do. That’s just what your anti-virus program does. I have included a list of the top free programs in the list of websites at the end of this document. I do however recommend purchasing an anti-virus program such as Norton etc… since they include a lot of features not found in the free programs.
NOTE: NEVER!!!!! Install or run more than one anti-virus program on your system. If you do attempt to use more than one program you WILL run into severe problems. If you are going to try or use a different anti-virus program, make sure to completely uninstall your anti-virus program and reboot your computer before installing the new one.
DO run anti-spyware programs. Yes I did say programs as in multiple programs. Unlike anti-virus and firewall programs it is not only safe but necessary to run multiple programs. Why you ask? Because of the vast and ever growing amount of spyware, malware, and adware programs, it is impossible to catch all of these programs with a single utility program. In fact the best any of the anti-virus programs will do is 60% of them. By running multiple programs you will overlap and cover yourself. The most recommended programs to run in combination are:
Ad-Aware (free for personal use)
Spybot Search and Destroy (free for personal use)
Spyware Blaster (free for personal use)
Spyware Sweeper (a free trial version is available but you will not be able to keep it up to date. It is however one of the best and most affordable programs available)
BHO Demon (a program designed to help protect you form browser hijack attempts. Browser hijackers are programs that install toolbars and features into your web browser without your knowledge or permission often resulting in unwanted web pages and popup ads.)
DO purge your temporary internet folder, history folder, temp, and cookies folder when you close your browser. Not only will this improve you system performance but helps to protect your privacy. Additionally Spware, Malware, and Virus programs have a tendency to hide themselves in these folders and reinstall themselves after you have removed them elsewhere on your computer.
Note: Windows XP and Windows 2000 users need to do this for each individual user separately, or use a program that will do this.
DO run “msconfig” from the windows start menu. Carefully inspect your start up programs for any unknown or unwanted programs an turn off any non essential programs. This is also how you stop unwanted programs for appearing in your system tray and taking up system resources. A non essential program is any program not necessary for normal system operation or security. Many programs (most notably ISP programs such as AOL, internet communication programs like AIM, Yahoo, ICQ etc… and various other programs) have a tendency to install an icon in the system tray. The problem with this is that the program is then running in the background tying up system resources.
Tip: If you have a program that is non essential but frequently used activate your quick launch toolbar and place an icon for the program there. This way it is easily accessible but won’t take up valuable system resources.
DO Backup your important data on a regular basis
DO create a system restore point on Windows XP systems before installing software and drivers. More importantly create regular back up points so you can undo negative changes from Spyware, Malware, Adware, and Virus programs. Also delete old restore point as this will take up valuable hard drive space. You only need a couple of working restore points so don’t let them get out of control.
IMPORTANT: After creating a system restore point disable the restore feature until needed. The reason for this is many of your virus programs (usually the real nasty ones such as the Blaster worm and Sasser worms) will infect your restore files when your anti-virus program detects then tries to remove them. Once they infect these files they can’t be removed. At that point your only option is to wipe your hard drive and reinstall everything. And more than likely if you haven’t backed up your files you will lose them.
DO follow a regular maintenance program. Much of this work can be configured through your applications to happen automatically. Here is a recommended schedule.
Maintenance Schedule
1 Check for Windows Updates Weekly (a)
2 Download anti-virus definitions Daily
3 Download anti-spyware definitions Weekly
4 Perform full anti-virus scan Weekly
5 Perform full anti-spyware scan Weekly (b)
6 Check for Firewall Updates Weekly
7 Perform Disk cleanup At least once a month
8 Defrag Hard Drive Weekly
9 Create system restore point Weekly
10 Check for Web Browser Updates Weekly
(a) Turn on the windows update feature but set it to notify you of updates not to automatically install them. This way you can choose what to update. Always do the critical and security updates. Review the recommended updates to see if you need them and if they apply to you. Even if you have the feature being updated installed, if you don’t use it you probably don’t needed to update it. Be careful about driver updates and make sure they correspond to your hardware, Microsoft doesn’t always get this one right. And often in the case of video drivers you probably have a more current version installed if you have been checking the hardware manufacturer’s sight regularly.
(b) If you use the internet a lot it is a good idea to run your anti-spyware scan daily.
DO scan all e-mail attachments before opening them even if you know the sender.
Tip #1: If any of the files are .doc .vbs or .js open them with notepad first instead of Word this will prevent macro viruses or unsafe scripts from running.
Tip #2: If you have an anti-virus program such as Norton etc… You can activate e-mail protection features. I recommend scanning files both incoming and outgoing. Some people might think it is time consuming, but it really doesn’t take that much extra time. I feel better about doing it this way not only to protect myself but others as well.
DO use available web resources to check your security. I have included websites to scan for viruses and spyware as well as system security and web browser security.
DON’T open e-mail or attachments from sources you don’t know.
DON’T download application or utilities from unknown sources. Use a reputable website for downloads.
DON’T respond to popup notices when browsing the internet telling you about an alert or that your system is infected. Do not press the OK or CANCEL buttons on the ad or notice because more often than not pressing either button will infect your system or reroute your browser. To close the window use the “X” button in the upper right corner of the ad/notice panel to close it. If there is no “x” hit Ctrl + Alt + Del and close the window from inside the program manager feature of Windows. There is a difference in the way your firewall, anti-virus or anti-spyware programs notify you of a threat. If your not sure of what their alerts look like use the help feature in those programs and they should show you what they look like. Also most of them have tutorials that show you. This ploy of an alert popup is used for one of 5 purposes. First it may direct you to another website used to infect your system or to try to hack into your computer. Second it is a method used to place toolbars or other web features into your browser in order to hijack it. Third it is a way to install spyware, malware, or adware onto your computer. Fourth many unscrupulous firms use it as a way of scaring you into buying their spyware, adware or virus removal programs. Invariably theses are rogue programs, i.e. Spyware, Malware, or Adware programs that masquerade as legitimate programs. They offer you no protection at all, and many times are designed to deactivate your current security programs. Finally this ploy is also used as a tool for “phishing”.
Note: “phishing” is literally the method criminals use to fish for information. They often use alerts and other scare tactic methods to catch you off guard and steal your information. Never answer account (ISP, bank, corporate, etc…) information of any type done by these alerts or notices. If you receive any notices or alerts in this manner or by e-mail take the following steps. First copy down any and all possible information as follows;
URL Address (Address of the website sending the alert. If it doesn’t appear in the address panel then right click the alert or popup and choose properties and it should give you the address
E-mail Address (Address of the sender. Most e-mail client programs have a method to check the properties of the e-mail. It is a good idea to do this and copy the information to a text file
Save a copy of the e-mail, alert, or notice (Do this in a text form not as a word document. This protects you from macro viruses and unsafe scripts.
Contact the proper entity (That is to say. You’re Bank, ISP, Employer, Mortgage Company, etc. This is to see if there is any legitimacy to the notification. More importantly to notify them of the situation. Many people fail to do this key step and it is the most important. The institution will begin their own investigation to protect themselves as well as you, remember they have a lot of customers to worry about this happening to so they have an enormous risk also. And finally you need to have documentation as quickly and as early as possible to protect yourself from identity theft, and to ultimately repair any damage done.
DON’T download files from warez sites. While it may be appealing to download full versions of expensive software for free, it’s not worth the risk. Legal matters aside, many of these programs are missing files or have files inserted into them. The real dangers are these extra files in the form of Spyware, Key Loggers, Trojans, and viruses. The old adage’s of “it’s too good to be true” and “nothing is every truly free” are apt to be proven correct. While it is possible to do this activity much more safely by getting to the true underground, most people will never get anywhere close to the elite hacking circles to do so. In lieu of this download the trial ware or shareware version of these programs for free from the software vendors. Then if you like it you can purchase the full program legitimately. And for those of you who still insist upon trying to get it free, I guess you’ll have to track down a true hacker to be reasonably safe (A good thing to do is to see if he/she has tried the program their giving you themselves. You can bet their going to check it out thoroughly in order to protect themselves) and keep in mind there are laws involved here.
DON’T install more than one firewall or firewall application. You only need one of each any more will cause lots of conflicts and problems. I know this is a redundancy from earlier in this document but it is necessary for two reasons. First I have been contacted about this problem too often, sop I want to prevent it. Second has to deal with the biggest reason for being contacted. If you are using AOL 9.0 they have their own versions of anti-virus, anti-spyware, and firewall included in their software. It will interfere with your anti-virus and firewall software. It will even interfere with your anti-spyware software. There are plenty of reputable websites reporting on this problem. AOL has had problems with firewalls for at least 9 years now. Mostly because they want to control what you access and the content of what you access. The same holds true for their anti-spyware programs. Many of the violator of Spyware Adware, and Spam that are blocked by other programs are not blocked by AOL because the pay AOL to allow them access to their ISP customers. An easy way to verify these claims is to take a look at the amount of this activity that AOL users are exposed to. It has also been reported that AOL 9.0 disable many of the anti-spyware and ant-spam programs. I have included security and information sites in the website list so people can check on the ISP they use if they have any concerns. At this point the vast majority of them do not engage in these practices.
Note: I have mentioned AOL here because of the scope and severity of the problem being reported with them. However as to the request of individuals for specific anti-AOL sites, I am not including them on the website list. The purpose of this document is for legitimate and reliable information. If anyone wants to check up on AOL just type in AOL or anti-AOL into any good search engine and you will be deluged with sites.
DON’T install toolbars or applications with checking up on them first. Most toolbars for browsers are chock full of Spyware, Malware, and Adware. Worse once installed they are almost impossible to remove from your system. The same holds true for most free “cute” programs such as Bonzi Buddy, weather bug, weathercast, etc. While having a talking Purple Gorilla or other such creature on you desktop seems like fun, you have to consider is it worth the cost of your privacy or security. The same holds true for programs to provide weather or other information. Most information can be accessed form safe sites very easily. A good indicator about these programs is the fact that they install them selves to the system tray, so they start the moment you boot up your computer. Once started, they continue to run in the background tying up system resources. But the worst part is whether you are on line or not these programs are keeping track of what you do on your computer (what sort of program you have on your computer, how long you use a program, how often you use a program, What websites you visit, how long you are at he website, what you do at the website, and the list goes on an on.). And once you connect to the internet these programs transmit this information to the companies that created the Spyware and Adware programs. As to the claim that it is harmless and they don’t ask for your name or personal information, well that’s partially true. You see you are already identified by a coded number corresponding to the information in their database that you filled out when you first activated your program. Or the got it form your computer already. The average computer has you Name, Address, Phone Numbers, etc. already stored in dozens of locations on you hard drive. As to the people that say they have nothing to hide, well the Identity thieves of the world would like to thank you at this time for your cooperation.
Many people have a false sense of security bout the internet and their computer. The reality is the internet and your computer is like the real world. There are lots of wonderful places to go and see at the touch of button. But just like the real world it has it’s seedier and more dangerous side. This should not prevent us from experiencing the opportunities. Just use a little common sense like you would in the real world. And having all the security knowledge and software in the world means nothing if you don’t use it. You lock your doors and windows for protection when necessary (use a firewall). You use an exterminator to protect you home from termites, roaches, and other pests Use an anti virus program). You screen your calls and throw away junk mail (use anti-spyware and anti-spam programs). So take a little time and precaution to make yourself and your family safe. Make sure to use your security programs and keep them up to date. Then sit back and do what you wanted to do in the first place, enjoy your computer. Remember a little time setting up your security goes a long way. And if you configure the programs correctly they will do their updates and scans for you so you have very little to do for maintenance.
A Few Additional Concerns
Chat Rooms and Forums Gaming Sites: Areas often overlooked are chat rooms and gaming sites. Except for parents worrying about Cyber-Perverts, most people don’t think twice about chat rooms. Even fewer realize that online game sites and forums are just different forms of chat rooms, but they are chat rooms just the same. Few people understand the risks posed at these sites. The problem arises from how these forms of communications operate. In order to provide an easier flow of traffic they bypass the normal method of establishing what is known as a trust (A sort of security handshake allowing two computers to conduct business securely.) between computers. While participating at any of these types, you leave yourself vulnerable to a host of security problems not covered by the normal protection methods. Unbeknownst to you any number of individuals can be keeping tabs on you and hacking into your system. There are individuals practicing the art of lurking. It’s like being in your home without realizing someone is hiding in your closet or peeping through an open window. It’s very easy to do and up until recently hard to detect and protect yourself from. Luckily there are ways to protect yourself and family.
The first is the basics for parents to do when they are concerned about their kids. Most Web Browsers today have built in security feature usually accessed through the options or preferences portions of the browser program. These included content controls, security controls and filter controls. Most also include ways to prohibit, allow, or restrict individual sites. This is important since content filter are not fool proof and they sometimes block legitimate sites while allowing other sites that are offensive. A prime example (which you may remember hitting the national news) is in March of 2001 Paul Hawkley a 15 yr old in Komo Washington was doing a report on the Whitehouse and decided to get some information off the internet. He typed in whitehouse.com thinking it would take him to the official government site. Oops it took him to an adult porno site bypassing all filters. An update to this particular story is that in March of 2005, the website address whitehouse.com will be officially owned by the national real estate company that has a legitimate website thewhitehouse.com. It took them several years of litigation and pressure to close down the former adult site. The point is that for parents, installing cyber nanny or similar software (much of it free) is a good idea for extra protection. But nothing is fool proof so you still have to keep an eye on their internet use.
For users of Windows XP and Windows 2000 have separate login accounts for each individual. This way you can customize the web browser settings for each individual person. This way junior doesn’t end up going to one of dads adult websites that mom doesn’t like dad going to. For users of Windows 98 and Windows Me forget this idea. Even if you don’t know it your kids do, it’s simple to get around login names and passwords for these operating systems. Unlike XP and 2000 you can’t make the login accounts and passwords secure all they have to do is hit the cancel button. Try it … see what I mean.
Teach kids not to give out personal information. If they want to meet someone have them arrange it through the parents in a safe manner. Remind them that they don’t know who their really chatting with it could be some 50 year old Cyber-Pervert or other type of scumbag. Many times these individual will know all the current lingo including leet speak (parents if you don’t know what leet is I suggest you hit the web and find out) so the kids think their talking to another kid. They will also since bogus pictures so kids think it’s another kid. At this point it is a good idea to show them how easy it is to send a picture to anyone and reality it is a picture of the real person. It’s a good time to point out a fact few adults are aware of. There is actually more misrepresentation by adults to each other in this type of form, so be careful about cyber chatting and romance on the internet. The same precautions apply to adults and then some. Few people are aware of the amount of identity theft, fraud and violent crimes that are committed against lonely adults.
A final positive note several companies have been working on instant messaging protection software mostly on the corporate and enterprise platforms, however some of this technology is trickling down to the consumer software level albeit slowly. About a year ago Zone Labs (makers of Zone Alarm firewall and other security software) introduced IM Secure which is available in both free and paid versions. The paid version contains additional features for Spam and Adware protection (an important step considering the FTC study showing that 100% of the e-mail addresses involved in chat room is being recorded by spammers and 66% of e-mail addresses from forums are being nabbed. Less than 9% is derived from standard e-mail, which is surprisingly considering the lack of security most people have for their e-mail.) because of their connection to this security vulnerability. While not yet perfect the performance is increasing steadily for this product. And at this time it is the only viable stand alone option. It should also be noted that companies such as Symantec (makers of the Norton line of security software) and Network Associates (makers of the McAfee line of security software) have included this technology into their anti-virus products.
Peer 2 Peer network sharing: This is the most common way on the internet for people to download files (in particular, media files such as songs and video) through sites such as Kazaa, Bearshare, etc. These sites actually don’t have all these files stored on servers; rather they are stored on millions of computers worldwide belonging to millions of people. How it works is through the process of file sharing where an individual has a file on their computer that they allow others to download in exchange for allowing other people to access files on their computer. This creates a large network of files stored among a large group of computers worldwide. To make this work they use what is known as peer 2 peer networking, which essentially links everyone into a common network. The problem is that you are bypassing the normal security protocols and allowing anyone to access your computer. The concept becomes misguided in the belief that whoever accesses your computer will only access the files you want to share. This is a little naïve in thinking that once you allow this level of access that no one will abuse it. But you have just allowed them full access to you computer and the full content of your hard drive. If you want to use this type of service then configure your firewall to block outgoing traffic of files from your computer (which it should be noted is usually a violation of most of these sites policies) in order to minimize the risk. Furthermore there are only a couple of sites that use anonymous networks (non of the major ones do) which means it is actually quite easy for the RIAA and the MIAA to track people down for copyright infringement through file sharing.
Cookies: Just a quick explanation as to what they are. Believe it or not the much hated cookie actually started out as a noble piece of software. When it was designed by Microsoft it was actually a technical innovation, a small packet of instructions to greatly improve internet performance. What a cookie does in its truest form is to take a look at two computers trying to communicate and given them a simplified set of instructs to communicate better. Basically it determines the capabilities of each computer and streamlines the instructions they need for optimum communication.
Years ago however some Brainchild realized that you would end up with lots of different cookie files, because their were so many different computers out their and sense one side of the instruction was always for the same computer most of the information would stay the same except for minor changes. The other part of the information would always detail the site that computer was going to. By changing the structure of these cookies one could track the habits of a particular computer user, hence the dawn of the “BAD” cookie. Not all cookies are bad some (such as the ones from Microsoft’s site) are actually doing the job they were intended to. But most have evolved into the “evil” “BAD” cookie which not only allows the originating site to track what you doing, but any other site you go to can access this information if they want to. Almost all session cookies are harmless many are beneficial in doing the job they were intended to do so originally. It is the other types of cookies we need to be cautious of.
Most web browsers allow you to control your cookies through settings in options or preferences. Many browsers particularly those based on the Internet Explorer Kernel (a kernel is the core set of code instructions that are the heart of a program) allow you to be prompted when a site tries to place a cookie. If a website only needs one small session cookie, what’s up with all the rest? Simple marketing companies have learned how to track you. What to do? Take control of these cookies. Some people like to use programs such as cookie cruncher to take revenge. What up with the revenge? What’s the big deal? Well most of these people have learned how much they are deluged by lots of needless and obnoxious cookies. Want to learn what they have? Try doing this. Set your browser to prompt for cookies. Then when you are prompted for cookies (some sites aren’t bad, just the normal good session cookie, most sites have quite a few cookies, and some just deluge you with a torrent of cookies, many from the same advertising firms) click on the info button. See who is tying to place the cookie (usually an ad company) now look for the end date (the date the cookie expires on your computer and stops tracking you) and be ready for a surprise. Most of these cookies won’t expire for decades many are there long after we’ve passed away. And I have seen a couple that don’t expire for thousands of years. So who needs cookies like this? Take control and set your cookie control to accept session cookies and to block or prompt you for the others. Keep in mind some sites will not allow you to connect or browse them unless you accept cookies. Look at the site and decide the validity of the need for the cookies. Some cookies such as employment sites or sites that you have member log in rights require cookies to track individuals to determine if the correct person has logged on. After you are done at the sites just delete the cookies.
Bottom line. Take control of your privacy. Protect you rights and information. You can do this manually or by using programs to control cookies. Much of the control is already available through you browser, just choose you settings. Many firewall programs contain controls that will supersede some web browser controls. Or you can install cookie control programs, and there are a lot of free ones out there.
A final note for those of you who want to find out even more about the cookies that web sites are trying to put on your computer. A company called Nirsoft makes a fantastic program called IE Cookie View. This little Gem is free and will reveal every piece of information possible about a cookie. It will also allow you to integrate the feature into your Internet Explorer Toolbar (don’t worry - no spyware here just an awesome program) so you can check a cookie out in real time as it tries to put itself on the computer. You can even track the changes that happen as you continue to browse to other sites. So much for marketing people that say cookies are harmless and their not tracking you. Now for the Geeks and Waldo’s out there, I saved the best for last. If you really, really, want to mess with them this program will let you edit the information contained in any cookie so it will contain whatever you want to put in it. Alas this one is for the true geeks since most (but not all) of this information is written in computer language code. I must admit I have fun with this one by purposefully leaving altered cookies in place for a few days or weeks. After going to selected sites that are known to use loads of cookies to track people for spam and ad purposes, the few incidents of spam I did have dried up. Sorry but I can’t repeat what I wrote (censored) in code, but they got the message.
Useful Websites
Free Anti-virus websites
Anti-Vir Home Page http://www.free-av.com/
AVG anti-virus http://www.grisoft.com/us/us_index.php
Avast Home edition http://www.avast.com/
Free anti spyware websites
Ad-Aware Home Page http://lavasoft.element5.com/default.shtml.en
Spybot Search & Destroy Home Page http://www.safernetworking.org/en/home/index.html
SpywareBlaster Home Page http://www.javacoolsoftware.com/
Definitive Solutions http://www.definitivesolutions.com/
(The makers of BHO Demon)
Free firewall Websites
Zone labs (Zone Alarm) http://www.zonelabs.com/store/content/home.jsp
(Free version of Zone Alarm Firewall also IMSecure for instant messaging protection)
Kerio Personal Firewall web page http://www.kerio.com/kpf_home.html
(Kerio Personal Firewall 4 is the free version)
Sygate Personal Firewall http://smb.sygate.com/
Cookie Control
Ampsoft (Home of Cookie Monster) http://www.ampsoft.net/
(Look on the utilities page for the Cookie monster download)
Nirsoft (Makers of IE Cookie View) http://www.nirsoft.net/utils/iecookies.html
(A fantastic program that is unbelievably small, good for the average person, GREAT for the Geeks)
Analog X (Makers of Cookie Wall) http://www.analogx.com/contents/download/network/cookie.htm
(makers of a lot of nice software utilities, Cookie Wall acts like a Firewall for Cookies)
Software Downloads
MajorGeeks http://www.majorgeeks.com/
(Great site for utility applications of all types. Many of the free programs listed can be downloaded here)
NoNags software downloads http://nonags.com/
(Good source for all types of free programs)
Tucows http://www.tucows.com/
(One of the oldest and largest sites out there - over 40,000 programs available)
Spychecker Web Site http://www.spychecker.com/
(Good source for freeware and trial versions of security software of all types)
Sofotex http://www.sofotex.com/
(Good source of shareware, trialware, and freeware. Includes reviews for almost every program)
Snap files download site http://www.webattack.com/
(Don’t be alarmed by the website address - its safe)
Virus information sites
Symantec Virus page (Norton’s) http://www.symantec.com/avcenter/index.html
McAfee’s virus research center page http://vil.nai.com/vil/default.asp
(Formerly Avert Labs)
Sophos Virus information page http://www.sophos.com/virusinfo/
Virus Bulletin home page http://www.virusbtn.com/
(One of the oldest and most comprehensive sites anywhere)
Datafellows (f-protect) virus info page http://www.datafellows.com/virus-info/v-pics/
(A great choice to check on virus information since they are the only ones I know of that give actual screenshots of how your computer looks from the virus and the screenshots of the virus messages.)
Computer Associates Virus info page http://www3.ca.com/securityadvisor/virusinfo/default.aspx
Trend Micro Virus info page http://www.trendmicro.com/vinfo/virusencyclo/default.asp
Spyware information sites
Computer Associates Spyware info page http://www3.ca.com/securityadvisor/pest/browse.aspx
Spyware Warrior http://www.spywarewarrior.com/
(One of the best sites out there for spyware and adware info. Check out the entire website it is huge. Which you don’t realize from their main page, but once you start to check out each of the six category panels on the main page you will see what I mean)
Spware info.com home page http://www.spywareinfo.com/
(Check out there more links section it is loaded with all sorts of helpful security links)
General security information sites
Microsoft’s Security site http://www.windowsecurity.com/
Microsoft’s Technet site http://www.microsoft.com/technet/default.mspx
(Microsoft’s IT technical site)
Microsoft’s Knowledge Base http://support.microsoft.com/default.aspx?scid=FH;EN-US;KBHOWTO
(Main information database for Microsoft Support Center)
Federal trade commission internet page http://www.ftc.gov/bcp/menu-internet.htm
(Web page for the FTC concerning internet security)
CIAC home page http://www.ciac.org/ciac/index.html
(The main computer security site for the DOE - the Granddaddy of all security sites)
Computer Associates Vulnerability page http://www3.ca.com/securityadvisor/vulninfo/
(Provides a comprehensive listing of security vulnerabilities in Microsoft products)
Hoaxes and Misinformation
HoaxBusters http://hoaxbusters.ciac.org/HBUrbanMyths.shtml#emailtax
Urban Legends reference http://www.snopes.com/snopes.asp
(Probably the best source for checking on hoaxes and Urban Myths and Legends)
leet information
The free dictionary.com (leet definition) http://encyclopedia.thefreedictionary.com/L33t
(This is the page that comes up when you type in leet for a search at the free dictionary web page it has a lot of information links throughout the page. This is a good starting point for information.)
Wikipedia leet definition page http://en.wikipedia.org/wiki/Leet
(Another good beginning page with a fair amount of links)
Information websites
Lockergnome http://www.lockergnome.com/
Dummies Web Site http://www.dummies.com/WileyCDA/
(From the people who brought us the great line of ____ for Dummies books)
Urban Legends reference http://www.snopes.com/snopes.asp
(Probably the best source for checking on hoaxes and Urban Myths and Legends)
These are just some of the pages I have found useful on a regular basis. I chose these sites for their content, but also because overall they will provide you with hundreds of useful links to other sites for information. Many of the sites also have the programs I recommended on their website for easy download.
Checking for security
Web Browser Checks
If you want to see hoe secure your web browser is you can test them at the following three sites:
The Scanit Browser Security Test Page http://bcheck.scanit.be/bcheck/
The Qualys Free Browser Checkup Page http://browsercheck.qualys.com/
The Verisign Browser Check Page http://www.verisign.com/advisor/check.html
Overall System Security Check
Gibson Research Shields Up Page https://www.grc.com/x/ne.dll?bh0bkyd2
Mcafee’s online security check http://us.mcafee.com/MySecurityStatus/default.asp?cid=9916
Free online Virus scan
(It is a good idea to disable your fire wall just prior to running an online virus scan to avoid any problems.)
Trend Micro online virus scan http://housecall.trendmicro.com/
BitDefender online virus scan http://www.bitdefender.com/scan/licence.php
Panda Active Scan http://www.pandasoftware.com/activescan/com/activescan_principal.htm
McAfee Free online virus scan http://us.mcafee.com/root/mfs/default.asp?cid=9914
Symantec Security Scan (Two different Scans, one for viruses, the other for internet security)
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
Free online Spyware scan
Spyware info online scan http://www.spywareinfo.com/xscan.php
Webroot Spy Audit http://www.webroot.com/services/spyaudit_03.htm
Alternative Web browsers
In the wake of security concerns about the Internet Explorer Browser many people have switched to alternate browsers. Alternative browsers do over a hope for more security, but they are not foolproof. Even the much touted Firefox has security issues. Many of these new browsers are actually built around the Internet Explorer Kernel. Here are the ones that are considered the top of the pack:
Mozilla Firefox: From the Mozilla organization an open source software program the offers the most scalable structure by far. From the base program you can customize to your needs and desires with probably the largest selection of plug ins and extensions available.
Avant Browser: Based on the Internet Explorer Kernel this browser is leaner and much faster than Internet explorer. Even though it is much smaller in size than Internet explorer it offers a lot more enhancements and features. Among these are tabbed browsing, rss feed capabilities, image zoom and more. But it amazing accomplishes all this while delivering less of a load on system resources than any browser I have tried yet. I have had over a hundred pages open in this browser with only a 3% increase on system load (the load level of the computer with no programs running). Any of the other browsers doing this would cause at least a 12% load (even using RAM Idle Pro to manage resources). All this form a free browser. I’m impressed.
Opera: The free version drives me nuts with all the advertising. However if you purchase the full license ($39.00) you eliminate the problem. One of the fastest web browsers available with lots of features including an e-mail client, and chat room integration.
Deepnet Explorer: The newest Browser available based on the Internet Explorer Kernel. All the features of the Avant browser and a lot more. This browser offers The most security features yet including full content filtering, advanced cookie manage, a pop blocker that also works on floating ads, proxy management, and component management. Perhaps is biggest security feature is its phishing alarm system to help protect you from internet fraud. This high level of security is very important since this is also the first web browser to offer P2P file sharing integration with control features to help protect your security. It also includes tab browsing, rss feed integration and news integration. Version 1.3.2 is available from their web site. I just received their 1.4 beta version to test so I will let you know how it performs (particularly in regards to P2P and security.
Mozilla Firefox http://www.mozilla.org/
Avant Browser http://www.avantbrowser.com/
Deepnet Explorer http://www.deepnetexplorer.com/
(The newest and most unique browser, loaded full of features, and receiving extremely strong reviews from tech sites and security sites)
Slim Browser http://www.flashpeak.com/
Opera Browser http://www.opera.com/
Search engines and toolbars
Two more areas of concern are search engines and toolbar. There are a confusing number of search engines available today. Unfortunately many of them such as AOL search and Yahoo search amongst many others are accused of many deceptive practices. Among these are content and subject filtering, a practice by which they control what you access. They do this be suppressing information and allowing only those sites they want you to access and even redirecting you to similarly named or appearing sites instead of the site you actually want. This is usually done because the site they direct you towards has an advertising agreement with them. So greed wins out over providing service to the internet user. Google the largest search engine out there tries to keep it’s advertisers in line while providing service to everyone. They achieve this through ad and advertising links. They try to keep things above board as any frequent user knows, if you click on a green highlighted word in the search results page your going to get kicked to an ad or sponsored site. Although this may be annoying at times (especially for new users) it does seem a reasonable price to endure for a more honest service. Furthermore Google has a very good track record of holding any advertiser, regardless of their size, accountable for violating its code of conduct. Including going as far, as to boot the largest web ad firm (WhenU Corp.) to the curb for deceptive practices. So to those who have belly ached about Google, Lighten up. While they may not be choice for search engines, I respect them for trying to keep things honest and above board.
Many of the websites I have provided touch upon this subject in much more detail. It is a good idea to read up on this subject so that you have a better chance of finding what you want with a good browser. My personal favorite is mamma.com, which delivers a good concise result group (usually an average of 50 to 60 sites per topic inquiry) without having to weed through hundreds or thousands of results to find the ones that actually relate to what I want. It is also one of the few search engines still supporting Boolean protocols, which make it a lot easier to narrow a search.
Next is the subject of toolbars. There has been an explosion of toolbars, promising all sorts of wonderful features. In reality most of these are just window dressing for some of the most aggressive and destructive spyware around. Please do your homework and find out all you can about them before you install them. The easiest way to do this is to type the name of the toolbar into a reliable search engine, and you will quickly find out most of them are spyware. It is very important to do so because many of them are based on the Vx2 software which is virtually impossible to remove. Most of the time your only option, as a few of you have found out is to reformat your hard drive and reinstall everything. Increasingly however they are using deceptive means to get you to download them, usually masquerading as something else. The most common practice is what Is referred to as the drive by download. It happens when you visit a web site and a notice pops up on the screen telling you your browser lacks a specific plug-in that is necessary to view the site or an image correctly. Then as we discussed earlier it doesn’t matter if you click ok or cancel, either one starts the download and automatic installation. The safest thing to do is to write down the name of the file that they say is needed. Next lose the alert window by clicking the “X” close on the program name bar at the top of the window usually the “X” is at the very upper right hand corner. Then look up that file in the search engine. If it is a legitimate file, let’s say Macromedia Flash Player 7, then go to the Macromedia site and download it from there. Many times if it is a plug-in, you can download it from your browsers home page. Don’t download it from the website that popped up the alert because you could still end up being ticked into downloading a file that is masquerading as a legitimate file.
File research
A constant question I receive is how do I find out this information so quickly and easily. There are some very simple steps to follow. Let’s say you notice a file on your computer that you don’t recognize. Most of the time you can right click the file, then choose properties on the pop up menu. Most of the time this will give you the information you need to identify it. If not, just type the exact file name into a reliable search engine and voila, up comes the information. (Hint: an even easier way is to just type it into the address window of your browser and it will automatically initiate the search.) Another good place to look is Microsoft’s Knowledge Base, (I included the link in the website list) just type it into the search window, and look it up. This is also a great place to type in a question or phrase relating to a problem ex: system freezes on shutdown. If there are a lot of response to a question, you can quickly refine you search. Microsoft’s search engines fully support the Boolean protocols. (At this point many of you are scratching your heads because I mentioned Boolean search protocols again. Boolean search protocols are something that is more familiar to us old timers, but believe me they are worthwhile learning. Don’t worry it’s real easy.)
Error codes:
Contrary to what some of you think I don’t know all the error codes of the top of my head. But I do know how to easily find them. In fact the best place to find the windows error codes is Microsoft’s Knowledge Base. Just type the error code as it appeared on the screen into the search window and look it up. Sometimes nothing is found but don’t despair. Try again with only part of the error code (perhaps the first two-thirds of it) and see if that helps. If not trim it down again. Usually by trying different parts of the code you’ll be able to track it down. Similarly if you can’t locate it there try Microsoft’s TechNet site in the same manner. These are also useful sites to look up hardware error codes. A good source for Modem error codes is ModemHelp.net http://www.modemhelp.net/ also for lots of other helpful information on modem problems.
Boolean search protocols:
All right, here we go. It’s really very simple. By using only three operating functions you can great refine you web search. These operators are based upon Boolean logic from mathematics. The operators are and (use the + symbol), or (use the - symbol), not (use “ “). Let’s say we wanted to find Ford Motor Company in Dearborn Michigan. If you typed that into a search engine you would probably get every thing relating to Ford Motor Company worldwide, along with anything relating to or containing the word Michigan, and the same for the word Dearborn. As you can imagine you would have thousands if not million s of results. But if we typed in Ford Motor Company + Dearborn + Michigan We would get only those relating to what we wanted. If we typed Ford Motor Company “ “ Dearborn + Michigan, we would get everything for Ford Motor Company in Michigan excluding Dearborn. If we typed in Ford Motor Company - Dearborn + Michigan, we would get everything relating to Ford Motor Company in Michigan and everything relating to Dearborn in Michigan. So you can see that by using just three symbols in various combinations it is very easy to refine our search.
2/18/2005
_________________
Having more fun than a human being should be allowed to have-Rush Limbaugh www.rushlimbaugh.com
Force of nature
Still crazy after all these years
|
|
| Back to top |
  
|
Alexander
Heavy Horse Merc Brigade
Commanding Officer
Joined: 04-Feb-2002 00:00
Posts: 828
Location: Canada
|
| Posted: 13-Mar-2005 21:19 Post subject: RE: Computer Security Tips |
|
|
Damn. Now if only I had the patience and the ability to read!
Really good stuff though. Thanks.
_________________
War is God's way of teaching geography.
*******
Commanding Officer, North West Armoured Cavalry
|
|
| Back to top |
|
Erenon
Blighted Sun Battalion
2nd Company
"Seraph's Slaughter"
Sergeant
Joined: 04-Jun-2004 00:00
Posts: 976
Location: Singapore
|
| Posted: 13-Mar-2005 23:16 Post subject: RE: Computer Security Tips |
|
|
Simple method. Get a Mac OS X machine.. like a Mac Mini.
Flame away!
_________________
"My job is to keep the majority of people in this country alive. That's it. If fifty-one percent eat a meal tomorrow and forty-nine percent don't, I've done my job." - The Beast (AKA The President), Transmetropolitan
|
|
| Back to top |
|
|
|
| |
» |
All times are GMT-04:00 |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
|
|
|
|
