System Updates Make sure you have the latest Windows and other Microsoft updates installed. Security researchers uncover new vulnerabilities in Windows components almost weekly, so make sure automatic updates is on, or visit Windows Update regularly. Also make sure you have the latest Service Pack installed - XP SP3, Vista SP2, Win7 SP1 and Windows 8.1. Viruses and worms can take advantage of vulnerabilities in Windows components to infect your system if you aren't up to date. Even if you use a pirated version of Windows, you can still turn on automatic updates.
XP, Vista and Windows 7 / 8 all come with Windows Update, but you can opt-in to use Microsoft Update which is essentially Windows Update with additional updates for other MS software (Office, Visual Studio, etc). I recommend you enable this by going to Windows Update and following the links to Microsoft Update.
Anti-Virus I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection and can cause performance and compatibility problems, but it helps a little bit. I generally recommend ESET products if you really need some form of anti-virus. Make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow the steps in this guide to try to avoid becoming infected in the first place.
Keep in mind that 3rd party anti-virus software can slow your PC down and introduce disastroussecurityholes.
Firewall Windows firewall is all you need. Most of you will be behind a NAT router which prevents incoming connections to your PC anyway without port forwarding, but as IPv6 uptake in the near future takes off, NAT will slowly die and your PC will have a public IP address. Windows firewall simply stops programs from accepting connections from the Internet unless you allow them, so if there are vulnerabilities in any networked programs, worms and viruses can't exploit them.
Some of you may think you need a more advanced 3rd party firewall that blocks programs from initiating connections, but if you need this then you've already failed. If a program you don't trust is already executing code on your PC then you lost the battle to begin with. Also 3rd party firewalls themselves can expose your system to risk, there is a long history of firewall software that contains exploitable vulnerabilities, as well as bad coding which can cripple your PC performance or cause random crashes, network issues or similar errors.
DEP (Data Execution Prevention) DEP (or NX as it's sometimes called) prevents computer code from executing from areas of memory that are marked as containing only data. This has been around on modern CPUs for a while but by default Windows will only apply DEP to Windows programs and services. Since web browsers, plugins, IM clients, etc are all common vectors for viruses and malware, it is a very good idea to have DEP apply to all programs as it mitigates a large number of attacks. That WMF exploit that infected people just by visiting a website? Blocked by DEP. That Warcraft 3 custom map exploit? Blocked by DEP. Those are just two examples I've personally tested. It's a great preventive measure that everyone should have enabled.
To enable DEP (procedure might be slightly different for Vista / Windows 7), right click My Computer, Properties, Advanced, Performance, Settings, Data Execution Prevention, and tick "Turn on DEP for all programs and services". Contrary to some reports, enabling DEP will not slow down your PC.
There may be old programs that rely on executing code from data memory that have not been updated for DEP compatibility. If you encounter a DEP violation, you will see a popup saying "To help protect your computer, Windows has closed this program". From that dialog you can add an exception, but only do this if you are sure the program is at fault (eg, by repeatedly being able to cause the DEP error yourself). If you are browsing the web and suddenly get a DEP violation, chances are something just tried to exploit your browser or a plugin so you would definitely not want to add an exception!
3rd party addons to programs can also cause DEP violations, eg if after enabling DEP you find your browser immediately exits with a DEP error, try disabling any plugins / addons or make sure they are all up to date. Windows Explorer also loads addons (shell extensions), so if you find Explorer is exiting with DEP violations and you feel comfortable with advanced tools, you can use AutoRuns to list your shell extensions and disable any problematic ones.
Despite the two paragraphs of compatibility warnings, 99.9% of you will have zero issues after enabling DEP, so don't be afraid .
Enhanced Mitigation Experience Toolkit Despite the long and scary looking name, EMET is a great piece of software. It's a free toolkit from Microsoft that allows you to apply advanced security techniques to any piece of software on your system. You can download it at http://technet.microsoft.com/en-us/security/jj653751. After you install it, run it and set the following System Options: DEP: Application Opt-Out, SEHOP: Application Opt-Out and ASLR: Application Opt-In. This will allow applications that support it to make use of advanced methods to hinder malware.
The part where EMET shines is it also allows you to force otherwise unsupported applications into using these advanced technologies. In the Configure Apps page, you can add an application and choose which protections to apply (leave them all on by default for most apps). I strongly recommend you add all your web browsers and other commonly targeted software such as VOIP / IM clients, PDF readers, etc. This will greatly reduce the risk of "zero day" (unpatched) exploits from affecting you. Note, if you use FireFox, also add "Plugin-Container.exe" to the list as this program houses Adobe Flash and other external plugins. You do not need to have EMET running for the protections to apply, they are loaded automatically once they are set.
Software Updates Every piece of software on your PC that interacts with the Internet or files could be a possible vector for virus / worm exploitation. It's very important you keep all your programs up to date as exploits are discovered for common products surprisingly often. I recommend using the Secunia Personal scanner which will scan your entire PC for any programs that might allow your system to be compromised. You'll be surprised what it finds. The latest version can even auto-install updates for you if you're lazy.
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.
Browsers and Plugins Since web exploits are the number one vector for malware, it's important to use a secure web browser. I strongly recommend Google Chrome as it has powerful sandboxing and isolation technologies to help prevent web-based malware from infecting your system. Firefox is OK, but it isn't as good as it used to be and Internet Explorer should really be a last resort. Chrome also has an excellent background automatic update system which is very important, an out of date browser is likely vulnerable to exploits.
Browsers are often extended with plugins, which while providing features like PDF viewing and streaming, also expose you to additional risk as a security vulnerability in a plugin can allow malware to exploit it and infect your PC. Many plugins do not auto update which makes managing your plugins quite important. Don't need to read PDF files in your browser? Disable Adobe PDF plugin so PDF files can't auto-load. Finished watching some stream that required a browser addon? Disable that addon. Installed a plugin from some strange Asian game that you're done playing? Now go and disable it. If you use Firefox or Chrome, you can do a very basic plugin check here: http://www.mozilla.com/en-US/plugincheck/.
To disable plugins in IE (you should do this even if IE isn't your main browser), goto Options -> Manage Addons
To disable plugins in Firefox, goto Addons -> Plugins.
To disable plugins in Chrome, go to chrome:plugins in the address bar.
To disable plugins in Opera, go to opera:plugins in the address bar.
Java Java is often installed for some other purpose such as running a program, but it also installs a browser plugin. These days, very few sites use the Java plugin so it's a good idea to disable it for extra security. As of 2013, Java has suffered from multiple major security issues that can result in drive-by malware installation, so if you do not use it (if you don't know, you most likely don't use it), I strongly suggest uninstalling Java or at the very least, removing the Java plugin from all of your browsers. JavaScript is entirely unrelated to the Java plugin and will continue to work fine.
Flash Player Flash player installs multiple versions - one for IE, one for Chrome / Firefox / Opera. Make sure both of them are up to date by visiting this page (once in Chrome, once in Firefox and once in IE) and comparing your version to the latest released version. If out of date, download and install the latest one. Flash should automatically update, but it only checks on startup of your PC which if you leave your PC running 24/7, may not be often enough.
Consider completely removing Flash if you can live without it. Most sites provide HTML5 compatible video players and Flash is mostly only used for advertising or small online games, yet exposes you to a lot of risk due to its poor security record.
Password Re-use One of the biggest threats to your online security is reusing passwords. When you use the same password in multiple places, any time one of those places is compromised, every other site where you use the same password is also compromised. What often happens is people re-use the same password at a forum or online store or similar, which is compromised by hackers, often exploiting old / insecure software running on the server. From there, they can download the entire user database, which often includes your email address. If you used the same password for your email account, then you're completely screwed - the hackers can log into your email, find every account you've signed up for, issue password resets, etc and completely compromise your online identity.
By cross-referencing usernames and emails, it's possible to exploit even further - if for example you're an admin on a forum and re-used the same password somewhere else which was stolen, hackers could compromise your admin account and then exploit your forum too, as admin accounts often provide elevated access that allows dumping the entire user database etc.
Unfortunately solving this issue is not so easy. You definitely won't be able to remember all your passwords, so the use of a password manager like Keepass or Lastpass is strongly recommended. Any time you sign up for a site, create a unique password and store it in your password manager. This greatly mitigates the risk if one of the sites is compromised, which happens a lot more often than you may think - sometimes even without the site owner knowing.
Awesome points, I was just helping my relatives with configuring their new crappy netbook, again though never fond of Windows Firewall. I'll just tell him to use it since hes not gonna use torrents or anything, expect for simple web browsing(Well it is a netbook to begin with). As for the plugins, I think its too much of a hassle and I dont think anyone is that paranoid.
Anti-Virus I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective.
Be aware that new PCs (netbooks too) often come preloaded with exploitable software, likely Adobe products. Disabling plugins you don't need / use isn't really paranoid, it helps to minimize the possible attack vector. I'm not trying to suggest you disable plugins every time you are done with them, just ones you don't use often. For example, I installed Octoshape or whatever it is to watch the WCG and some other random plugin to watch Blizzcon. Since those only happen once a year, I disable them after I'm done so the other 364 days of the year I'm not exposing myself should an exploit be developed for one of them.
Anti-Virus I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective.
Yea, been using Malwarebyte's for awhile.
edit: Totally forgot about Octoshape actually, used it once when WCG demanded it.
On January 09 2010 17:46 madnessman wrote: Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.
Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
On January 09 2010 17:46 madnessman wrote: Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.
Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?
I agree with virus scanners being to sensitive, unfortunately most of us or me stumble when something deep like a harmful rootkit hits your PC. All-be-it it comes to just being careful about everything.
On January 09 2010 17:46 madnessman wrote: Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.
Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?
NOD32 had almost 100% detection rate on the boards, but that was awhile ago.
To add another suggestion, I recommend the noscript addon for Firefox (http://noscript.net/). It blocks all javascript and flash by default, and lets you whitelist domains you trust as you visit them by clicking a button. That sounds really goddamn annoying, and it sort of is, at first, but after a day or two of browsing you'll have most of your trusted sites whitelisted. It's a good layer of protection when you visit sketchy sites, and it also blocks some shitty flash ads.
Wow, very good to know, I checked a lot of shit on my computer and now I feel much safer. Also, if anyone is using AVG antivirus get rid of it... Complete garbage.
Yeah I agree with Microsoft Security Essential being great and free. My uncle had some one year free subscription with McAfee and that didn't do jack for him (god that AV is so bad...), it missed so many things until I installed MSE for him.
Thanks for those tips though, they're really helpful and are great reminders for those who are always thinking about securing their PC. I didn't know about that DEP thing either.
Personally, I disable the Windows Update, Windows Firewall, and Security Center services (and many others) by going to Run > type services.msc Every year or so I download a new copy of the last Integration of Windows in a torrent and do a clean install instead of updating (which can cause performance issues.) I use a third party open source firewall because Windows Firewall (fine for many) doesn't give me nearly as much control as I enjoy tinkering with (trust me, it's like the UAC in Vista was thought out.) I only do virus scans on files I'm paranoid about before execution. I never run auto-protect type products because they can cause your computer to behave mysteriously. I don't use Microsoft's DEP that they introduced in Service Pack 2, and I hardly bother to update programs as a security measure. I can't remember the last time I had a virus/malware/etc...
Regarding free anti-virus choices, I really do think the MS Security Essentials is the best both in detection and resource usage. Also I forgot to mention in the guide, if you download something you think might be suspicious or you want a 2nd opinion on something your AV says is OK, you can upload it to www.virustotal.com to have it run through a ton of AV engines. Keep in mind new viruses will have a very low detection rate as a lot of AV vendors don't have good heuristic / emulation engines.
lol i just downloaded and did a quick scan with microsoft sec essnetials and foudn 2 win32.chepdu.I files lol well i dont even know what they did with my computer but they're gone now bwahawha
Very good post, hits a lot of points that a lot of people are unaware of. Even made me go "oh...right" a few times (I'm not as proactive as I should be about Windows' security because I only run it to play games).
In particular, the point about "if you're running software you don't trust, you've already lost" is an important one that a lot of people overlook.
It's amazing how people still refuse to enable Auto Update 12 years after that Windows 98 incident. It's by far the easiest and most effective measure you can take to secure your PC. Windows update, NAT, common sense and you are 99.9% safe.
Actually the points about Adobe products are very good, especially about the browser plugins. I can recommend Noscript for Firefox as well which disables all Flash / Reader / etc plugins by default.
On January 09 2010 17:46 madnessman wrote: Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.
Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?
NOD32 had almost 100% detection rate on the boards, but that was awhile ago.
It wasn't NOD32. I tried using NOD32 for a while but I didn't cleanly uninstall AVG so I kept on getting BSODs. Being too lazy to go through the registry and shit, I just uninstalled NOD32 and went back to AVG.
Very good guide, I strongly second the Microsoft security essentials as a 100% free (and legal to get free) antivirus program. imo you should add some tips on smart browsing, i.e. don't randomly download stuff, be wary of exe files, etc because it's more important than any security software
I know it may seem like common sense to a lot of people including me, but apparently it must not be that common if people can have antivirus + firewall and still get viruses while others may not have anything and still never get infected.
hm so i have windows firewall off since forever becouse of eset smart security firewall, always thought that i don't need it since obviously eset starts at startup... and it does work,online scans don't show anything and when something trys to infect, it does get blocked. should i seriously turn window's one on?
On January 09 2010 17:34 R1CH wrote: Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.
On January 09 2010 17:34 R1CH wrote: Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air
On January 09 2010 17:34 R1CH wrote: Adobe software in particular seems to have a very poor history
On January 09 2010 17:34 R1CH wrote: Adobe
Makes me rage so hard.
Aside from that, R1CH is absolutely right in that it's better and easier to prevent anything from getting onto your computer than trying to get it off. I'd bold literally everything R1CH said because it's all vital. Besides from the anti-virus, you can get away with disabling DEP, but only if you have compatibility issues. There's no real reason to turn it off.
NoScript is GOD. Everyone get it. I've pretty much stopped using any sort of anti-spyware programs now because I have literally everything that's untrusted blocked.
How do you feel about the FF addon KeyScrambler? I do pretty much everything in the OP's post already, but I also turn on KeyScrambler whenever I enter sensitive info (like online bank account logins/passwords, etc.).
Mostly worthless feel-good fake-security, or actually helpful?
Can anyone please tell me if Sandboxie is a valuable software? I am using it from time to time and on certain occasions if I am skeptical about a program. Or is this redundant with all the steps from the guide?
On January 11 2010 13:22 7Strife wrote: I'm an idiot
Congratulations, you probably have a rootkit.
As unlikely as it is either of us do unless you run a lot of badly peer reviewed torrents, porn codecs, etc; you may also have a rootkit. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Deamon Tools and Alcohol 120 use rootkits themselves in a helpful manner. If I had other rootkits installed then it isn't affecting my performance at all and isn't trying to communicate over a network. If I discovered I had one then I would reformat; not attempt to use programs to fix it. I have disc images of my clean installed OS with programs and settings so I could format and reinstall while I sleep.
"The old adage "an ounce of protection is worth a pound of cure" is incredibly apropos when it comes to rootkits. Rootkit writers and rootkit detection writers are engaged in an arms race. As soon as someone writes a better rootkit detector, someone else updates a rootkit so that it's even better camouflaged. "
On January 09 2010 17:34 R1CH wrote: Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.
Aside from that, R1CH is absolutely right in that it's better and easier to prevent anything from getting onto your computer than trying to get it off. I'd bold literally everything R1CH said because it's all vital. Besides from the anti-virus, you can get away with disabling DEP, but only if you have compatibility issues. There's no real reason to turn it off.
NoScript is GOD. Everyone get it. I've pretty much stopped using any sort of anti-spyware programs now because I have literally everything that's untrusted blocked.
Noscript just is a GUI for whats available in options on alot of browsers, it just allows for a quicker switching of turning on and off add ons and javascript etc. Which in most cases is just a pointless add on unless you randomly surf the web, for most part i keep to core reputable websites and don't randomly download and click things, common sense is the most powerful tool to keep a clean computer.
Also i'd find using FF with No Script a but funny as most ppl who spot FF do it for 2 reason, 1 customization with plug-ins add-ons etc, and then 2 for the speed. But what is the common bench most ppl weigh browsers with a javascript benchmark lol which no script disables by default!
Which then i'd get on a rant about IE8 and how people make it sound like a mix between a retard and someone with plague, but it's the most proactive in security and does far more then anyother browser to keep secure but is the most targeted (kind like wearing a bullet proof vest vs nothing but living in the worst parts of town vs in a nicer part) and it's speed is just fine as most webpages give you limited bandwidth and on avg the diff of speed is very minuscule between browsers when loading a complete webpage it matters little, i mean what kind of webpage is 100% javascript)
No Script;It breaks a lot of things so i don't use it.
On January 12 2010 15:48 Blind wrote: Does the advice for the System Updates still apply if I'm not running a real copy of Windows Vista?
Microsoft for a long time has allowed system critical updates though via the windows update for illegal copies although not their their site but only though the program itself. It's to keep the people who pay for their windows to be less likely to be infected, cleaner overall environment supposedly, less viruses on computers less viruses to go around over all. The OP said the same pretty much.
On January 12 2010 03:30 Carnac wrote: I'd like to add: don't have administrator rights on your normal user account.
lol
you may laugh at that but it really does improve the security of the system vista and 7 default vs XP default. It just pisses off users that install and uninstall and do random shit all the time.
Bumping this because it's helped me out a lot and other people should know about this too. And to the post that R1CH has posted above, that is true. Watch out with that. Every time some one ask me about securing their pc; I just refer them to this page/do it for them.
On March 01 2010 13:16 madsweepslol wrote: apple ftw
not if you're straight.
+1 for noscript/flashblock/adblock on firefox. Most pages look like a half-eaten sandwich with the ads turned off. No matter what the guy that raged about noscript says - it's amazing. I wouldn't be out on the web without it.
This guide was just what I needed, thanks once again R1CH!!!
On January 30 2010 09:01 R1CH wrote: Bump, there's some nasty rootkits going around through unpatched Adobe products, make sure you keep yourself safe!
So basically update all Adobe products? (Photoshop, Lightroom, Reader, etc?)
I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.
R1ch so have i just been really lucky then? Becuase these precations seems really over the top and scaremongering to me, I always turn off firewalls and i dont have any virus protection for the last 8 years running various winodws OS, using firefox, and I've only managed to get 1 vrius, and im on the internet at least 3-4 hours a day. I do have a router but that's it. I've never had any of my accouts for anything hacked/stolen and my cpu usage is pretty low when nothing is running, i try and keep an eye on it.
On March 03 2010 00:20 SkelA wrote: Edit: Ok found it but i have a pirated winxp and it asks me to validate windows .. can i still install?
I'm not sure but I think upon failing windows validation it will break your Windows Install
On March 02 2010 23:42 UdderChaos wrote: Becuase these precations seems really over the top and scaremongering to me.
I think this is a good set of standard, minimal precautions that should be taken. Over the top would involve some sort of virtualization / daily fresh installs going on.
On January 11 2010 13:22 7Strife wrote: "I'm an idiot"
Congratulations, you probably have a rootkit.
yeah he is an idiot because he doesn't blindly follow the shit you preach?
I have a friend who very rarely uses his computer and fucking autoupdate is always fucking hiom over because he can't use his cumpter when he wants to because 23123 updates have to be done first. Very efficient, right.
And always updating your software to the latest version per se is just as stupid as not updating at all. Are you a software engineer? Don't you know that you can open doors with updates just as easy as closing them?
An open source app can be all nice and fine and checked for malicious code then made closed source do an auto update and bam you have shit on your computer.
Such general security guidlines suck, as nothing will every replace using your own brain.
Btw, do you like it that almost all websites require "secure" ~8charater with number pws?
On March 02 2010 23:38 Durak wrote: I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.
Most free Korean games (or any games from Asia for that matter) use pseudo-rootkits as a crude form of anti-cheating. This usually includes packed/crypted executables that weren't designed for DEP. So yes, it's safe to run, but if it's GameGuard (a common antihack), this may cause crashing in other programs you have running at the same time, especially Firefox.
So would you recommend running noscript R1CH or is that overkill? My brother in law is like the biggest noscript fanboy I've ever seen but it seems a bit much.
On March 03 2010 02:48 WhuazGoodJaggah wrote: I have a friend who very rarely uses his computer and fucking autoupdate is always fucking hiom over because he can't use his cumpter when he wants to because 23123 updates have to be done first. Very efficient, right.
And always updating your software to the latest version per se is just as stupid as not updating at all. Are you a software engineer? Don't you know that you can open doors with updates just as easy as closing them?
Updates install in the background, it even tells you that you can continue using your computer while they install. Unless it's really old PC, updates can be installed with minimal interruption.
If you seriously think Microsoft and any other large vendor introduces new security holes with security updates then I don't know what to say. The Microsoft QA and testing department alone is bigger than entire companies. You're at far greater risk from known, exploitable vulnerabilities than hypothetical future security holes.
one of my XPs did validate security essentials, another one didnt. Im not sure if theres a way around that
R1CH, what do you think of avast? i found it useful when it blocked some sites from opening popups/running malicious scripts
also, how do i get rid of another version of XP, it still gives me a choice when i reboot. Is there a good way to import installed software or i have to redo it on a newer version?
also some link, esp updates, still open in IE, even though i have something else for defaiult browser. How do i fix that. Is installed IE in itself a threat even if im not using it?
On March 02 2010 23:38 Durak wrote: I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.
Most free Korean games (or any games from Asia for that matter) use pseudo-rootkits as a crude form of anti-cheating. This usually includes packed/crypted executables that weren't designed for DEP. So yes, it's safe to run, but if it's GameGuard (a common antihack), this may cause crashing in other programs you have running at the same time, especially Firefox.
Thanks R1CH. I appreciate your answer because it doesn't just tell me what to do but explains it.
Hi R1CH, I was wondering if I can get some advice and help from you. I mentioned this also on one of the blog that mention you and thought it might be more productive to say it here:
So basically starting yesterday, my laptop (windows 7 ultimate and very old since 2006) have randomly restarting and rebooting itself. Just RANDOMLY. There even isn't a pattern, whenever it feels like it. I touch the back part of laptop and it is hot but I wonder if it is really because of overheating since I don't have a blue screen and just restart. I feel like this laptop either has a virus or something OR it's time to slowly say goodbye to my 4 years old laptop and get a new laptop. In that case, can you recommend me a nice laptop to buy (I don't know how to build one but I suppose if I receive help...) that's inexpensive, like you did with the desktop specs?? :D
And also briefly mention what my problem could be with my current old laptop...
Also adding that I did follow your guide and have Microsoft Security Essential which works like a charm and free! And tell me if I should add any more info to this to clarify better if you are to help me. Thanks!!
All you really need is Spybot Search & Destroy with Teatimer, it will alert you of any registry changes so you could deny attacks from there. Well, plus Windows updates of course. I don't use Windows firewall, never.
Exploit code for another Adobe Reader bug was recently posted, so you can expect a fresh wave of PDF exploits in the wild pretty soon. This exploit allows remote code execution if successful, so if you haven't already, update / uninstall your Adobe Reader. I recommend disabling the browser plugin too so PDF files can't auto-open (eg from malicious banner ads), and/or switch to Foxit Reader which has a less worrying security history.
On March 07 2010 01:28 Biochemist wrote: How often do people intentionally package things like keyloggers/malicious rootkits/etc in pirated copies of major programs like windows/office?
More often than people downloading the programs like to think.
Okay i have read all the posts in this thread and i did everything the first post said. I am still curious as to what precautions are still necessary. I know that you don't download programs that are known to have viruses, however things like limewire, and torrent sites are visited often by most of us, does this protect against ALL of those things and the viruses associated with them? Also, do you advise (YES i am being serious and will do so if required) getting Linux for the "Sketchy" programs? Such as limewire and other things. Also, how do you feel about programs like RoboForm? (And no i didn't buy it i have PCWorld so i got a free version) Is it safe? is it Super unsafe?
Also
On March 06 2010 08:20 LuCky. wrote: OK Rich which web browser would you recommend?
-FF 3.6 -Opera 10.5 -Chrome 5.0
What DO u prefer?
And one last thing. Is there an adblocker for Opera?
I eagerly await your reply. :D TY for the help though.
Huge tip here: NEVER use NORTON Anti-Virus. Norton scans everything your computer is doing bit-by-bit and as a result it will SLOW DOWN your computer, you may not get any viruses but the computer will run so slow it will seem like it has one. AVG Pro is the way to go for me, its cheap, it doesn't slow down you computer, and it can be setup to run a scan when you shut down your computer (hit shutdown and go to bed, comp turns off when its done the scan). This way you will be sure you never get any viruses without having a resource hog of an application like Norton.
Edit Browser Choices: NEVER FF - Always buggy, lots of exploits IE 8/9 - Very secure browsers, in fact perhaps secure to the point of becoming slow. Chrome - By far the fastest and most efficient browser. However has trouble loading most ASP and .NET based websites. At the same time it offers a true hidden browsing options, which neither of the other two use. Opera - Have not used since version 7, can't really say here.
On May 07 2010 07:40 AmIGoingToGetBanned wrote: R1CH would you recommend Avast 5.0 (newest version) or MSE? I've heard great things about both, but I'm kind of confused.
Antivir seems to do the best when it comes to freeware antiviral programs. Results
If you're looking for an easy app to check for software updates then try File Hippo's Update Checker. I've tried secunia, which is quite good, but it's a little annoying to get an update.
On March 17 2010 04:43 R1CH wrote: Exploit code for another Adobe Reader bug was recently posted, so you can expect a fresh wave of PDF exploits in the wild pretty soon. This exploit allows remote code execution if successful, so if you haven't already, update / uninstall your Adobe Reader. I recommend disabling the browser plugin too so PDF files can't auto-open (eg from malicious banner ads), and/or switch to Foxit Reader which has a less worrying security history.
R1CH could I please ask you to link to an article or otherwise where I can find more information about this bug.
I'm an avid TL browser (browsing right now from work) and thought I could distribute this information to some of the techies in my office. They'll need more then just my claim of "R1CH from TL said it, it must be true!". In fact, if they find out I'm browsing gaming forums they might think I'm a geek. The cat isn't out of the bag yet...
Flash and adobe reader are popular places to hackers to target as adobe is usually slow to respond to anything and allow of poeple have it cross platform etc. http://blog.kowalczyk.info/software/sumatrapdf/index.html i personally use this pdf reader as it's tiny and gets the job done as far as it being any more secure ionno i don't care enough to find out i don't use pdf's often.
Might be strange to ask but is there a windows operating system you'd actually recommend? Would you use a different one depending on what tasks you used your PC for?
On May 06 2010 04:04 SichuanPanda wrote: Huge tip here: NEVER use NORTON Anti-Virus. Norton scans everything your computer is doing bit-by-bit and as a result it will SLOW DOWN your computer, you may not get any viruses but the computer will run so slow it will seem like it has one. AVG Pro is the way to go for me, its cheap, it doesn't slow down you computer, and it can be setup to run a scan when you shut down your computer (hit shutdown and go to bed, comp turns off when its done the scan). This way you will be sure you never get any viruses without having a resource hog of an application like Norton.
Edit Browser Choices: NEVER FF - Always buggy, lots of exploits IE 8/9 - Very secure browsers, in fact perhaps secure to the point of becoming slow. Chrome - By far the fastest and most efficient browser. However has trouble loading most ASP and .NET based websites. At the same time it offers a true hidden browsing options, which neither of the other two use. Opera - Have not used since version 7, can't really say here.
This is a wall of personal opinion and doesn't help anyone to secure their PCs. Don't listen to this guy and stick to the OP please people.
Wow, I didn't even know about dep. It seems like an obvious measure to be taken in modern Harvard architecture systems. In fact it seems so obvious that, at least on the surface, I'm not convinced that there isn't some sort of performance hit (i.e. why isn't it enabled by default??). I see it has hardware support though, so it must be reliable and useful. Thanks for pointing that out.
edit: looks like Windows simply performs a check on a bit in the processor that labels each page as executable or not, so should be no performance problem at all.
On May 07 2010 07:40 AmIGoingToGetBanned wrote: R1CH would you recommend Avast 5.0 (newest version) or MSE? I've heard great things about both, but I'm kind of confused.
I haven't tried the newest Avast, but I do recall having some issue of some sort with the older versions. Really though anti-virus is becoming less effective anyway, you need to protect yourself so that you aren't exposing your PC to risk of infection to begin with.
On May 09 2010 22:54 cibris wrote: Might be strange to ask but is there a windows operating system you'd actually recommend? Would you use a different one depending on what tasks you used your PC for?
I would probably move to Windows 7 soon, XP is getting close to end-of-life and there's no point going for Vista when you can get Windows 7. Unless I'm doing development for a specific operating system I can't really see myself switching OSes just for a task. I do all my Linux development using remote servers anyway, so it doesn't really matter what OS I have on my own PC.
On May 10 2010 00:08 deo1 wrote: Wow, I didn't even know about dep. It seems like an obvious measure to be taken in modern Harvard architecture systems. In fact it seems so obvious that, at least on the surface, I'm not convinced that there isn't some sort of performance hit (i.e. why isn't it enabled by default??).
It isn't enabled by default in the name of compatibility with badly coded programs .
On May 10 2010 01:13 disformation wrote: Awesome stuff. I wasn't aware of the Data Execution Prevention option and that Secunia tool is sooo helpful.
edit: with all that stuff, is it recommended to still use a tool like spybot - search&destroy?
if experience serves me correctly, Spybot SAD is actually one of the worst anti-spywares you can have for free today, man, it's just not like it used to be anymore. i suggest malwarebytes, whatever u do though, DONT GET AD-AWARE!
On May 10 2010 01:13 disformation wrote: Awesome stuff. I wasn't aware of the Data Execution Prevention option and that Secunia tool is sooo helpful.
edit: with all that stuff, is it recommended to still use a tool like spybot - search&destroy?
if experience serves me correctly, Spybot SAD is actually one of the worst anti-spywares you can have for free today, man, it's just not like it used to be anymore. i suggest malwarebytes, whatever u do though, DONT GET AD-AWARE!
I have done computer repair work for the past 5 years, and I have used Spybot SD the whole time. It has had its ups and downs, but I'd never say its bad. Any time you are removing spyware, you should never only be using one program anyway. I typically use Spybot and Malwarebytes together along with cleanup, ccleaner and hijackthis.
Bump! I wanted to thank you, because my 28-character password account (though I doubt the length truly matters if they want it badly enough) was broken into, and it also stored other passwords from long, long ago, and I immediately recalled the thread and found it very useful indeed.
Because I'm too lazy to search, what's your job, again? I'm assuming you majored in comp sci at X university and your career involves something...programming/IT based? Grasping at straws here...though I do know that it (embarrassingly broadly--referring to my guess) has to do with computers... Thanks again.
Is there any types of programs that tend to disagree with DEP SEHOP and ASLR. that and among the Nullpage HeapSpary or EAF. Or is it rare for a program to have issue with these features, and if there is an issue what would it manifest as, the program crashing? Just wondering if i could just turn that all on, but then i wonder if it's all nice and dandy then why doesn't Microsoft just have it already all turned on by default.
Secunia PSI now has a new version that can automatically install updates for you. Also fixed the EMET link since there is a new version available. The rest of the guide is still valid.
Hey Rich, do you have any additional suggestions if you don't have access to your router/don't know if it is NAT/don't know if you use one? I live in a dorm and we plug in to the wall. I tried putting a router between wall connection and my computer and it wouldn't work. Is the NAT router important or did I read too much into it? Thanks in advance.
hey R1ch, I'm really interested to know what do you think about Kaspersky?
I have been using it and it seems awesome. as far as I know he can detect what any running program is trying to execute and prevent it to be executed.
it also has Heuristic detection and some other things like e-mail anti virus, IM and Web anti virus and obviously many configuration options and more things, like preventing boot-infection, etc. etc. etc. lol
Have you tried it?
thanks for the guide! it's awesome, really good advices!
Anti virus is unnecessary these days. Google chrome is safer than any software you can get, and the rest is diligence on your part. If you're going to download torrents or anything from other users and sites, do your research. Read comments and look up the history of the provider if there is not comments.
ASUS had a strange setup with my laptop recovery media in that it split it into two disks. The first one was just the OS while the 2nd contained all the bloatware. I found that when I forced restarted the laptop when it requested the 2nd CD, I wound up with a clean Windows 7 installation (no drivers, no bloatware). Nice for it to work out in that favor since I can only get programs I want as well as install the latest drivers from their site.
Not tying to necropost something, but here's an explanation of the issue I'm currently having.
D3 was recently released and like many other people, my account has been compromised. Much of the information going around points to something like a keylogger. How can I find out what caused my account to be compromised and what is the best option for me?
I'm running a 64-bit Vista Home Premium HP laptop. I use Google Chrome and the only anti-malware software I use is MSE/Windows Firewall.
I can reinstall my OS no problem, did that 2 months ago. I'm just want to get more information about what happened and what I can do before I go through the 3-hour hassle of getting my PC back to a setting that I feel is secure.
How can I avoid this from happening in the future?
If only your bnet account was compromised, and nothing else, it probably isn't a keylogger. There was a problem with hackers using your player session in D3 if you logged in or something like that, blizzard should have fixed it though.
Browsing infection are getting more and more common these days, I see customers everyday that have these fraudulent anti-virus programs loaded that literally lock down your whole PC and some variants even flag all your data as hidden.
I do agree that the MSE is a good and simple anti-virus program for everyone to use. Companies like Symantec, Kaspersky etc.. are just a white-collar cash-cow programs that overload you with these 'security features' which I really don't see them work. I find it funny how it pretty much says "Oh I found this virus, but I can't remove it".
Essentially, my arsenal of tools to combat virus/spyware related issues are:
1) Malwarebytes 2) Combofix 3) MSE 4) A secondary PC with anti virus program 5) Windows Vista Pre-Installation DVD (fuck this is a beautiful disc)
Do you have an opinion of Comodo Internet Security? I started using it the other day, and I have a hunch it's a beastly security option. (Free, low on resource usage, frequent updates, AV, firewall, some option called Defense+)
Anyway, one of the things they offer to do for you as you install it, is to change your DNS settings to their safe servers. What do you think about that? Clever, or maybe not as important as I think?
Also, you talk a lot about Adobe products, don't you think it's better to just use alternative PDF readers for example than to constantly check for updates for Adobe manually?
I dislike Comodo, it installs a lot of kernel mode hooks that can break a lot of legit programs and cause Internet instability. Maybe it's improved since I last looked at it, but I don't see the point of anything beyond basic anti-virus for the home user.
He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?
On June 01 2012 01:37 GinDo wrote: He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?
Quick scan should be good enough to get most viruses. I only worry about a full scan when a quick scan detects something. Then I rin a full scan on malwarebytes.
On June 01 2012 01:37 GinDo wrote: He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?
Quick scan should be good enough to get most viruses. I only worry about a full scan when a quick scan detects something. Then I rin a full scan on malwarebytes.
Works for me.
Thanks for the tip. You wouldn't happen to know why it is so slow compared to other AV's?
Also here is a really well done guide oh how to use EMET and check if it's working, although probably still more involved then most people would be willing. Probably just skip to Recommended applications to add http://www.rationallyparanoid.com/articles/microsoft-emet-3.html
Also for those running windows 8, checking if it works is actually semi important as there are compatibility issues.
while i dont share your view of antivirus (i think its mandatory, because its preventing 99% of the infections you could get. ever had a friend to visit who brought his usb-stick with him to copy over a file for university? how wold your measures prevent the virus it contains in his autorun.inf from executing?), the other points are spot on (you could of course argue about the firewall, because there are trojans that collect data and send it to prepared servers, and the windows firewall does not block outgoing connections. ever torrented a game to try it? how do you know that the cracked executeable does not connect to the internet, sending your serials/logins to a nice database for later use?)
having coded some "client-server applications" myself, some detected, some not, i know many anti-virus programs report executables as malicious when they inject the winsock in a special way, but hey, i'd rather manual whitelist some programs than getting a virus that perhaps screws all my data and my operating system, steals my accounts and passwords or/and does illegal things i could be held responsible for in the worst case.
of course AV does not protect from a freshly written virus that spreads just some days, and of course they have false positives, but if this prevents your system from being compromised by the 99% of old trojans/virae that are still around, its totally worth it. not everyone has the knowledge to use his computer all the time in a way that prevents all sorts of infections, and noone should claim to be able to. reality is a bitch sometimes. so i would suggest everyone to use AV _always_. there really is no disadvantage, only a big advantage.
its funny that some really experienced pc users dont like AV, you are not the only one. i had the same problem with desktop firewalls, saying NAT + windows firewall would be sufficient. but its not in some situations. i think the dislike of AV and desktop firewalls comes from people with great knowledge being bugged by some people getting paranoid, because they have AV and a desktop firewall (sometimes even 2 desktop firewalls because they feel its safer^^) without being able to understand what they are doing ("hey, i blocked this suspicious program using port 139, but i think it was too late, because my internet was gone shortly after, so i reinstalled windows."), and so these experienced people want to take a stance against this paranoia. but: this does not justify to advise against AV/desktop firewall in general in my eyes as an easy way out. it just means you have to explain the people how to use it.
ps: i am responsible for some customer networks with 50+ client pcs for many years now, administrating both client and servers with the users being administrators on most of their PCs (because most customers want it this way. and if they want it this way, they get it, period. no arguing with a customer, if you want to earn money.) without antivirus these computers would be down or infected most of the times. i often get calls from people "my antivirus popped up that theres a file containing a virus on my pc, what should i do?" usually an email, an usb stick or a website. never had any infections the last 10 years thanks to antivirus.
Last time I was in here I got: Malwarebytes WSE Peerblock Use windows firewall
for my security. Peerblock hasn't been updated in forever though, is it still useful? I think they still update the lists though, but the website looks pretty dead.
Is WSE still the best and lightest AV? I recall it was WSE vs Avast for best free, lightweight, AV 2 years ago.
On December 02 2012 03:33 cari-kira wrote: while i dont share your view of antivirus (i think its mandatory, because its preventing 99% of the infections you could get. ever had a friend to visit who brought his usb-stick with him to copy over a file for university? how wold your measures prevent the virus it contains in his autorun.inf from executing?),
Pretty sure autorun has never run without user interaction since XP?
On December 02 2012 03:33 cari-kira wrote:ps: i am responsible for some customer networks with 50+ client pcs for many years now, administrating both client and servers with the users being administrators on most of their PCs (because most customers want it this way. and if they want it this way, they get it, period. no arguing with a customer, if you want to earn money.) without antivirus these computers would be down or infected most of the times. i often get calls from people "my antivirus popped up that theres a file containing a virus on my pc, what should i do?" usually an email, an usb stick or a website. never had any infections the last 10 years thanks to antivirus.
The requirements when managing dozens of computers used by other people are going to be completely different than the requirements of a single person using their own computer.
AV can be very good at reducing the number of infections you'll see in a population of dozens of idiots clicking on random shit whenever possible.
And for IE it's just smart to by default use ActiveX Filtering for websites, which can be access under safety in the commands bar. Mostly you become surprised how many sites actually support HTML5 video and you don't even need flash.
On January 31 2013 02:08 Mithriel wrote: Is EMET needed for windows 8 too? Ive went to the Windows website but under requirements it does not mention Windows 8.
Usually just means they havent made a version for 8 yet but you can use the 7 version till then if you get the right executable(32 vs 64)
On January 31 2013 02:08 Mithriel wrote: Is EMET needed for windows 8 too? Ive went to the Windows website but under requirements it does not mention Windows 8.
There is a EMET 3.5 Tech preview but even that doesn't work work 100% on windows 8 although it expands on some of the features that windows 8 has that 7 doesn't like full ASLRimplementation, i'm sure they are working on it but it's already been documented elsewhere that EMET doesn't always attach to processes in windows 8 and that probably has something to do with their additions and changes.
On March 01 2014 15:43 Garnet wrote: is using LastPass a good idea? what if someday it got hacked?
See https://lastpass.com/how-it-works/ - even if they get hacked, all the hackers will get access to is encrypted data. Your passwords are only decrypted on your PC.
Won't be noticeable. It's not at all like anti-virus software that intercepts and scans everything, it just inserts mitigations when a program starts and that's pretty much it.
So i realize this is thread is concerning prevention... But I was in between anti viruses for like a day and managed to get myself a vey horrible virus or adware that opens up new windows/tabs in my default browser, advertising sites like adf.ly... and i've tried everything in this guide plus various AV and things like malwarebytes superantisypware etc but they all found nothing and the problem persists... I don't know if this is the right thread but i'm unsure what other types of trojans and keyloggers that could be on my pc infecting my shit.. can someone help me? Ive tried everything except formatting which will be my last resort..
so far i found a program called rkill.exe on malwarebytes forum that stops the process temporarily... if some wizard in here could help me out i could provide the log that the program writes after it stops the process... maybe it could be of use to find out the source of the adware..
Rename the mbam.exe file to something like mbam1.exe and profit.
I quit using anti-virus a good minute ago. It is VERY easy to know when you have a virus. I'm sure I'm going to be called "stupid" or my claims are "ridiculous", but it's true. Haven't used anti-virus for about 6 years now and the few viruses that I did pick up were from me attempting to pirate something that I had no business dealing with.
"Crypting services are the primary reason that if you or someone within your organization is unfortunate enough to have opened a malware-laced attachment in an email in the first 12-24 hours after the bad guys blast it out in a spam run, there is an excellent chance that whatever antivirus tool you or your company relies upon will not detect this specimen as malicious."