• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 10:35
CEST 16:35
KST 23:35
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Code S RO8 Preview: herO, Zoun, Bunny, Classic7Code S RO8 Preview: Rogue, GuMiho, Solar, Maru3BGE Stara Zagora 2025: Info & Preview27Code S RO12 Preview: GuMiho, Bunny, SHIN, ByuN3The Memories We Share - Facing the Final(?) GSL47
Community News
BGE Stara Zagora 2025 - Replay Pack2Weekly Cups (June 2-8): herO doubles down1[BSL20] ProLeague: Bracket Stage & Dates9GSL Ro4 and Finals moved to Sunday June 15th13Weekly Cups (May 27-June 1): ByuN goes back-to-back0
StarCraft 2
General
The SCII GOAT: A statistical Evaluation Jim claims he and Firefly were involved in match-fixing Code S RO8 Preview: herO, Zoun, Bunny, Classic DreamHack Dallas 2025 - Official Replay Pack BGE Stara Zagora 2025 - Replay Pack
Tourneys
[GSL 2025] Code S: Season 2 - Ro8 - Group B [GSL 2025] Code S: Season 2 - Ro8 - Group A RSL: Revival, a new crowdfunded tournament series SOOPer7s Showmatches 2025 Sparkling Tuna Cup - Weekly Open Tournament
Strategy
[G] Darkgrid Layout Simple Questions Simple Answers [G] PvT Cheese: 13 Gate Proxy Robo
Custom Maps
[UMS] Zillion Zerglings
External Content
Mutation # 477 Slow and Steady Mutation # 476 Charnel House Mutation # 475 Hard Target Mutation # 474 Futile Resistance
Brood War
General
BGH auto balance -> http://bghmmr.eu/ FlaSh Witnesses SCV Pull Off the Impossible vs Shu BW General Discussion StarCraft & BroodWar Campaign Speedrun Quest Will foreigners ever be able to challenge Koreans?
Tourneys
[ASL19] Grand Finals [BSL20] GosuLeague RO16 - Tue & Wed 20:00+CET NA Team League 6/8/2025 [Megathread] Daily Proleagues
Strategy
I am doing this better than progamers do. [G] How to get started on ladder as a new Z player
Other Games
General Games
Path of Exile Stormgate/Frost Giant Megathread Nintendo Switch Thread Beyond All Reason What do you want from future RTS games?
Dota 2
Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Heroes of StarCraft mini-set
TL Mafia
TL Mafia Community Thread Vanilla Mini Mafia
Community
General
US Politics Mega-thread UK Politics Mega-thread Things Aren’t Peaceful in Palestine Russo-Ukrainian War Thread Vape Nation Thread
Fan Clubs
Maru Fan Club Serral Fan Club
Media & Entertainment
Korean Music Discussion [Manga] One Piece
Sports
TeamLiquid Health and Fitness Initiative For 2023 2024 - 2025 Football Thread Formula 1 Discussion NHL Playoffs 2024
World Cup 2022
Tech Support
Computer Build, Upgrade & Buying Resource Thread
TL Community
The Automated Ban List
Blogs
A Better Routine For Progame…
TrAiDoS
StarCraft improvement
iopq
Heero Yuy & the Tax…
KrillinFromwales
I was completely wrong ab…
jameswatts
Need Your Help/Advice
Glider
Trip to the Zoo
micronesia
Customize Sidebar...

Website Feedback

Closed Threads



Active: 29320 users

[Guide] Securing your PC

Forum Index > Tech Support
Post a Reply
Normal
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
Last Edited: 2016-12-29 22:45:59
January 09 2010 08:34 GMT
#1
Here's a short guide to securing your Windows PC.

System Updates
Make sure you have the latest Windows and other Microsoft updates installed. Security researchers uncover new vulnerabilities in Windows components almost weekly, so make sure automatic updates is on, or visit Windows Update regularly. Also make sure you have the latest Service Pack installed - XP SP3, Vista SP2, Win7 SP1 and Windows 8.1. Viruses and worms can take advantage of vulnerabilities in Windows components to infect your system if you aren't up to date. Even if you use a pirated version of Windows, you can still turn on automatic updates.

XP, Vista and Windows 7 / 8 all come with Windows Update, but you can opt-in to use Microsoft Update which is essentially Windows Update with additional updates for other MS software (Office, Visual Studio, etc). I recommend you enable this by going to Windows Update and following the links to Microsoft Update.

Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection and can cause performance and compatibility problems, but it helps a little bit. I generally recommend ESET products if you really need some form of anti-virus. Make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow the steps in this guide to try to avoid becoming infected in the first place.

Keep in mind that 3rd party anti-virus software can slow your PC down and introduce disastrous security holes.

Firewall
Windows firewall is all you need. Most of you will be behind a NAT router which prevents incoming connections to your PC anyway without port forwarding, but as IPv6 uptake in the near future takes off, NAT will slowly die and your PC will have a public IP address. Windows firewall simply stops programs from accepting connections from the Internet unless you allow them, so if there are vulnerabilities in any networked programs, worms and viruses can't exploit them.

Some of you may think you need a more advanced 3rd party firewall that blocks programs from initiating connections, but if you need this then you've already failed. If a program you don't trust is already executing code on your PC then you lost the battle to begin with. Also 3rd party firewalls themselves can expose your system to risk, there is a long history of firewall software that contains exploitable vulnerabilities, as well as bad coding which can cripple your PC performance or cause random crashes, network issues or similar errors.

DEP (Data Execution Prevention)
DEP (or NX as it's sometimes called) prevents computer code from executing from areas of memory that are marked as containing only data. This has been around on modern CPUs for a while but by default Windows will only apply DEP to Windows programs and services. Since web browsers, plugins, IM clients, etc are all common vectors for viruses and malware, it is a very good idea to have DEP apply to all programs as it mitigates a large number of attacks. That WMF exploit that infected people just by visiting a website? Blocked by DEP. That Warcraft 3 custom map exploit? Blocked by DEP. Those are just two examples I've personally tested. It's a great preventive measure that everyone should have enabled.

To enable DEP (procedure might be slightly different for Vista / Windows 7), right click My Computer, Properties, Advanced, Performance, Settings, Data Execution Prevention, and tick "Turn on DEP for all programs and services". Contrary to some reports, enabling DEP will not slow down your PC.

There may be old programs that rely on executing code from data memory that have not been updated for DEP compatibility. If you encounter a DEP violation, you will see a popup saying "To help protect your computer, Windows has closed this program". From that dialog you can add an exception, but only do this if you are sure the program is at fault (eg, by repeatedly being able to cause the DEP error yourself). If you are browsing the web and suddenly get a DEP violation, chances are something just tried to exploit your browser or a plugin so you would definitely not want to add an exception!

3rd party addons to programs can also cause DEP violations, eg if after enabling DEP you find your browser immediately exits with a DEP error, try disabling any plugins / addons or make sure they are all up to date. Windows Explorer also loads addons (shell extensions), so if you find Explorer is exiting with DEP violations and you feel comfortable with advanced tools, you can use AutoRuns to list your shell extensions and disable any problematic ones.

Despite the two paragraphs of compatibility warnings, 99.9% of you will have zero issues after enabling DEP, so don't be afraid .

Enhanced Mitigation Experience Toolkit
Despite the long and scary looking name, EMET is a great piece of software. It's a free toolkit from Microsoft that allows you to apply advanced security techniques to any piece of software on your system. You can download it at http://technet.microsoft.com/en-us/security/jj653751. After you install it, run it and set the following System Options: DEP: Application Opt-Out, SEHOP: Application Opt-Out and ASLR: Application Opt-In. This will allow applications that support it to make use of advanced methods to hinder malware.

The part where EMET shines is it also allows you to force otherwise unsupported applications into using these advanced technologies. In the Configure Apps page, you can add an application and choose which protections to apply (leave them all on by default for most apps). I strongly recommend you add all your web browsers and other commonly targeted software such as VOIP / IM clients, PDF readers, etc. This will greatly reduce the risk of "zero day" (unpatched) exploits from affecting you. Note, if you use FireFox, also add "Plugin-Container.exe" to the list as this program houses Adobe Flash and other external plugins. You do not need to have EMET running for the protections to apply, they are loaded automatically once they are set.

Software Updates
Every piece of software on your PC that interacts with the Internet or files could be a possible vector for virus / worm exploitation. It's very important you keep all your programs up to date as exploits are discovered for common products surprisingly often. I recommend using the Secunia Personal scanner which will scan your entire PC for any programs that might allow your system to be compromised. You'll be surprised what it finds. The latest version can even auto-install updates for you if you're lazy.

Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.

Browsers and Plugins
Since web exploits are the number one vector for malware, it's important to use a secure web browser. I strongly recommend Google Chrome as it has powerful sandboxing and isolation technologies to help prevent web-based malware from infecting your system. Firefox is OK, but it isn't as good as it used to be and Internet Explorer should really be a last resort. Chrome also has an excellent background automatic update system which is very important, an out of date browser is likely vulnerable to exploits.

Browsers are often extended with plugins, which while providing features like PDF viewing and streaming, also expose you to additional risk as a security vulnerability in a plugin can allow malware to exploit it and infect your PC. Many plugins do not auto update which makes managing your plugins quite important. Don't need to read PDF files in your browser? Disable Adobe PDF plugin so PDF files can't auto-load. Finished watching some stream that required a browser addon? Disable that addon. Installed a plugin from some strange Asian game that you're done playing? Now go and disable it. If you use Firefox or Chrome, you can do a very basic plugin check here: http://www.mozilla.com/en-US/plugincheck/.

To disable plugins in IE (you should do this even if IE isn't your main browser), goto Options -> Manage Addons

To disable plugins in Firefox, goto Addons -> Plugins.

To disable plugins in Chrome, go to chrome:plugins in the address bar.

To disable plugins in Opera, go to opera:plugins in the address bar.

Java
Java is often installed for some other purpose such as running a program, but it also installs a browser plugin. These days, very few sites use the Java plugin so it's a good idea to disable it for extra security. As of 2013, Java has suffered from multiple major security issues that can result in drive-by malware installation, so if you do not use it (if you don't know, you most likely don't use it), I strongly suggest uninstalling Java or at the very least, removing the Java plugin from all of your browsers. JavaScript is entirely unrelated to the Java plugin and will continue to work fine.

Flash Player
Flash player installs multiple versions - one for IE, one for Chrome / Firefox / Opera. Make sure both of them are up to date by visiting this page (once in Chrome, once in Firefox and once in IE) and comparing your version to the latest released version. If out of date, download and install the latest one. Flash should automatically update, but it only checks on startup of your PC which if you leave your PC running 24/7, may not be often enough.

Consider completely removing Flash if you can live without it. Most sites provide HTML5 compatible video players and Flash is mostly only used for advertising or small online games, yet exposes you to a lot of risk due to its poor security record.


Password Re-use
One of the biggest threats to your online security is reusing passwords. When you use the same password in multiple places, any time one of those places is compromised, every other site where you use the same password is also compromised. What often happens is people re-use the same password at a forum or online store or similar, which is compromised by hackers, often exploiting old / insecure software running on the server. From there, they can download the entire user database, which often includes your email address. If you used the same password for your email account, then you're completely screwed - the hackers can log into your email, find every account you've signed up for, issue password resets, etc and completely compromise your online identity.

By cross-referencing usernames and emails, it's possible to exploit even further - if for example you're an admin on a forum and re-used the same password somewhere else which was stolen, hackers could compromise your admin account and then exploit your forum too, as admin accounts often provide elevated access that allows dumping the entire user database etc.

Unfortunately solving this issue is not so easy. You definitely won't be able to remember all your passwords, so the use of a password manager like Keepass or Lastpass is strongly recommended. Any time you sign up for a site, create a unique password and store it in your password manager. This greatly mitigates the risk if one of the sites is compromised, which happens a lot more often than you may think - sometimes even without the site owner knowing.
AdministratorTwitter: @R1CH_TL
Disregard
Profile Blog Joined March 2007
China10252 Posts
January 09 2010 08:42 GMT
#2
Awesome points, I was just helping my relatives with configuring their new crappy netbook, again though never fond of Windows Firewall. I'll just tell him to use it since hes not gonna use torrents or anything, expect for simple web browsing(Well it is a netbook to begin with). As for the plugins, I think its too much of a hassle and I dont think anyone is that paranoid.
"If I had to take a drug in order to be free, I'm screwed. Freedom exists in the mind, otherwise it doesn't exist."
madnessman
Profile Blog Joined May 2009
United States1581 Posts
January 09 2010 08:46 GMT
#3
Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.


Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 09 2010 08:47 GMT
#4
Be aware that new PCs (netbooks too) often come preloaded with exploitable software, likely Adobe products. Disabling plugins you don't need / use isn't really paranoid, it helps to minimize the possible attack vector. I'm not trying to suggest you disable plugins every time you are done with them, just ones you don't use often. For example, I installed Octoshape or whatever it is to watch the WCG and some other random plugin to watch Blizzcon. Since those only happen once a year, I disable them after I'm done so the other 364 days of the year I'm not exposing myself should an exploit be developed for one of them.
AdministratorTwitter: @R1CH_TL
Disregard
Profile Blog Joined March 2007
China10252 Posts
Last Edited: 2010-01-09 08:51:35
January 09 2010 08:49 GMT
#5
On January 09 2010 17:46 madnessman wrote:
Show nested quote +
Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.


Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective.


Yea, been using Malwarebyte's for awhile.

edit: Totally forgot about Octoshape actually, used it once when WCG demanded it.
"If I had to take a drug in order to be free, I'm screwed. Freedom exists in the mind, otherwise it doesn't exist."
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 09 2010 08:52 GMT
#6
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.

Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
AdministratorTwitter: @R1CH_TL
madnessman
Profile Blog Joined May 2009
United States1581 Posts
January 09 2010 08:58 GMT
#7
On January 09 2010 17:52 R1CH wrote:
Show nested quote +
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.

Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.


True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?
agarfin
Profile Joined May 2009
United States106 Posts
January 09 2010 08:58 GMT
#8
How do you feel about Kaspersky?
Disregard
Profile Blog Joined March 2007
China10252 Posts
January 09 2010 08:59 GMT
#9
I agree with virus scanners being to sensitive, unfortunately most of us or me stumble when something deep like a harmful rootkit hits your PC. All-be-it it comes to just being careful about everything.
"If I had to take a drug in order to be free, I'm screwed. Freedom exists in the mind, otherwise it doesn't exist."
Disregard
Profile Blog Joined March 2007
China10252 Posts
January 09 2010 09:00 GMT
#10
On January 09 2010 17:58 madnessman wrote:
Show nested quote +
On January 09 2010 17:52 R1CH wrote:
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.

Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.


True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?


NOD32 had almost 100% detection rate on the boards, but that was awhile ago.
"If I had to take a drug in order to be free, I'm screwed. Freedom exists in the mind, otherwise it doesn't exist."
JohnColtrane
Profile Blog Joined July 2008
Australia4813 Posts
January 11 2010 01:10 GMT
#11
thank you very much for this
HEY MEYT
timmeh
Profile Joined September 2009
Austria177 Posts
Last Edited: 2010-01-11 01:25:21
January 11 2010 01:24 GMT
#12
-deleted-

p.s. sorry :D
;o
seRapH
Profile Blog Joined April 2009
United States9756 Posts
January 11 2010 01:54 GMT
#13
thanks, this will be seriously useful
boomer hands
GrayArea
Profile Blog Joined December 2007
United States872 Posts
January 11 2010 02:03 GMT
#14
Nice guide, thanks for posting. I've always felt that virus scanners didn't really help in protecting my computer.
Kang Min Fighting!
Licmyobelisk
Profile Blog Joined August 2008
Philippines3682 Posts
January 11 2010 02:07 GMT
#15
love you R1CH you're my Idol ^_^
I don't think I've ever wished my opponent good luck prior to a game. When I play, I play to win. I hope every opponent I ever have is cursed with fucking terrible luck. I hope they're stuck playing underneath a stepladder with a black cat in attendance a
triangle
Profile Blog Joined October 2007
United States3803 Posts
January 11 2010 02:10 GMT
#16
Thanks for the DEP reccomendation -- didn't know about that!
Also known as waterfall / w4terfall
hoborg
Profile Blog Joined December 2009
United States430 Posts
January 11 2010 02:17 GMT
#17
Thanks for the guide.

To add another suggestion, I recommend the noscript addon for Firefox (http://noscript.net/). It blocks all javascript and flash by default, and lets you whitelist domains you trust as you visit them by clicking a button. That sounds really goddamn annoying, and it sort of is, at first, but after a day or two of browsing you'll have most of your trusted sites whitelisted. It's a good layer of protection when you visit sketchy sites, and it also blocks some shitty flash ads.
blbl | CJ and ACE fighting!
meeple
Profile Blog Joined April 2009
Canada10211 Posts
January 11 2010 02:25 GMT
#18
Interesting... I didn't even know about DEP... always thought I was fairly secure...
micronesia
Profile Blog Joined July 2006
United States24648 Posts
January 11 2010 02:32 GMT
#19
Thank you for the tips. It's rare to find practical information on this topic but it's very important for all of us.
ModeratorThere are animal crackers for people and there are people crackers for animals.
GreEny K
Profile Joined February 2008
Germany7312 Posts
January 11 2010 02:43 GMT
#20
Wow, very good to know, I checked a lot of shit on my computer and now I feel much safer. Also, if anyone is using AVG antivirus get rid of it... Complete garbage.
Why would you ever choose failure, when success is an option.
JohnColtrane
Profile Blog Joined July 2008
Australia4813 Posts
Last Edited: 2010-01-11 03:10:31
January 11 2010 03:10 GMT
#21
is Avira recommended for a paranoid PC user?

whoa john is a siege tank now
HEY MEYT
Hyde
Profile Blog Joined November 2007
Australia14568 Posts
January 11 2010 03:25 GMT
#22
Yeah I agree with Microsoft Security Essential being great and free. My uncle had some one year free subscription with McAfee and that didn't do jack for him (god that AV is so bad...), it missed so many things until I installed MSE for him.

Thanks for those tips though, they're really helpful and are great reminders for those who are always thinking about securing their PC. I didn't know about that DEP thing either.
Because when you left, Brood War was all spotlights and titans. Now, with the death of the big leagues, Brood War has moved to the basements and carparks. Now, Brood War is unlicensed brawls, lost teeth, and bloody fights for fistfulls of money - SirJolt
prOxi.swAMi
Profile Blog Joined November 2004
Australia3091 Posts
Last Edited: 2010-01-11 03:29:48
January 11 2010 03:29 GMT
#23
edit: nvm
Oh no
Plexa
Profile Blog Joined October 2005
Aotearoa39261 Posts
January 11 2010 03:54 GMT
#24
I feel like I know nothing
But now I feel safer =]

Thanks R1CH!
Administrator~ Spirit will set you free ~
7Strife
Profile Joined December 2009
United States104 Posts
Last Edited: 2010-01-11 04:33:23
January 11 2010 04:22 GMT
#25
Personally, I disable the Windows Update, Windows Firewall, and Security Center services (and many others) by going to Run > type services.msc Every year or so I download a new copy of the last Integration of Windows in a torrent and do a clean install instead of updating (which can cause performance issues.) I use a third party open source firewall because Windows Firewall (fine for many) doesn't give me nearly as much control as I enjoy tinkering with (trust me, it's like the UAC in Vista was thought out.) I only do virus scans on files I'm paranoid about before execution. I never run auto-protect type products because they can cause your computer to behave mysteriously. I don't use Microsoft's DEP that they introduced in Service Pack 2, and I hardly bother to update programs as a security measure. I can't remember the last time I had a virus/malware/etc...
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 11 2010 04:54 GMT
#26
Regarding free anti-virus choices, I really do think the MS Security Essentials is the best both in detection and resource usage. Also I forgot to mention in the guide, if you download something you think might be suspicious or you want a 2nd opinion on something your AV says is OK, you can upload it to www.virustotal.com to have it run through a ton of AV engines. Keep in mind new viruses will have a very low detection rate as a lot of AV vendors don't have good heuristic / emulation engines.
AdministratorTwitter: @R1CH_TL
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 11 2010 04:55 GMT
#27
On January 11 2010 13:22 7Strife wrote:
I'm an idiot


Congratulations, you probably have a rootkit.
AdministratorTwitter: @R1CH_TL
alffla
Profile Blog Joined November 2005
Hong Kong20321 Posts
January 11 2010 06:42 GMT
#28
thanks r1ch lol i nevr really cared about antirvirus stuff o_ O haha

and my norton antirvirus kept spammign me for subscription or whatever so i guess it was time i removed it lawl D:
Graphicssavior[gm] : What is a “yawn” rape ;; Masumune - It was the year of the pig for those fucking defilers. Chill - A clinic you say? okum: SC without Korean yelling is like porn without sex. konamix: HAPPY BIRTHDAY MOMMY!
da_head
Profile Blog Joined November 2008
Canada3350 Posts
January 11 2010 06:45 GMT
#29
thanks for the dep tip
When they see MC Probe, all the ladies disrobe.
Saturnize
Profile Blog Joined November 2009
United States2473 Posts
January 11 2010 06:57 GMT
#30
All i need is Microsoft Security Essentials. My computer hasn't had any problems for the longest time now.
"Time to put the mustard on the hotdog. -_-"
alffla
Profile Blog Joined November 2005
Hong Kong20321 Posts
January 11 2010 07:03 GMT
#31
lol i just downloaded and did a quick scan with microsoft sec essnetials and foudn 2 win32.chepdu.I files lol well i dont even know what they did with my computer but they're gone now bwahawha
Graphicssavior[gm] : What is a “yawn” rape ;; Masumune - It was the year of the pig for those fucking defilers. Chill - A clinic you say? okum: SC without Korean yelling is like porn without sex. konamix: HAPPY BIRTHDAY MOMMY!
Cambium
Profile Blog Joined June 2004
United States16368 Posts
January 11 2010 07:10 GMT
#32
On January 11 2010 15:57 Saturnize wrote:
All i need is Microsoft Security Essentials. My computer hasn't had any problems for the longest time now.


Yea, it's actually very good. I'm surprised so many people don't have it installed.
When you want something, all the universe conspires in helping you to achieve it.
proberecall
Profile Joined August 2009
United States104 Posts
January 11 2010 07:19 GMT
#33
very informative resource put up here. thank you very much
CaptainPlatypus
Profile Blog Joined March 2009
United States852 Posts
January 11 2010 07:20 GMT
#34
Very good post, hits a lot of points that a lot of people are unaware of. Even made me go "oh...right" a few times (I'm not as proactive as I should be about Windows' security because I only run it to play games).

In particular, the point about "if you're running software you don't trust, you've already lost" is an important one that a lot of people overlook.
zatic
Profile Blog Joined September 2007
Zurich15325 Posts
Last Edited: 2010-01-11 09:52:11
January 11 2010 09:50 GMT
#35
Signed 100%. Read and follow people.

It's amazing how people still refuse to enable Auto Update 12 years after that Windows 98 incident. It's by far the easiest and most effective measure you can take to secure your PC. Windows update, NAT, common sense and you are 99.9% safe.

Actually the points about Adobe products are very good, especially about the browser plugins. I can recommend Noscript for Firefox as well which disables all Flash / Reader / etc plugins by default.
ModeratorI know Teamliquid is known as a massive building
madnessman
Profile Blog Joined May 2009
United States1581 Posts
January 11 2010 10:24 GMT
#36
On January 09 2010 18:00 Disregard wrote:
Show nested quote +
On January 09 2010 17:58 madnessman wrote:
On January 09 2010 17:52 R1CH wrote:
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!

"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.

Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.


True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?


NOD32 had almost 100% detection rate on the boards, but that was awhile ago.


It wasn't NOD32. I tried using NOD32 for a while but I didn't cleanly uninstall AVG so I kept on getting BSODs. Being too lazy to go through the registry and shit, I just uninstalled NOD32 and went back to AVG.
writer22816
Profile Blog Joined September 2008
United States5775 Posts
Last Edited: 2010-01-11 10:31:18
January 11 2010 10:30 GMT
#37
Very good guide, I strongly second the Microsoft security essentials as a 100% free (and legal to get free) antivirus program. imo you should add some tips on smart browsing, i.e. don't randomly download stuff, be wary of exe files, etc because it's more important than any security software

I know it may seem like common sense to a lot of people including me, but apparently it must not be that common if people can have antivirus + firewall and still get viruses while others may not have anything and still never get infected.
8/4/12 never forget, never forgive.
Itachii
Profile Blog Joined April 2008
Poland12466 Posts
Last Edited: 2010-01-11 11:13:05
January 11 2010 11:12 GMT
#38
hm so i have windows firewall off since forever becouse of eset smart security firewall, always thought that i don't need it since obviously eset starts at startup...
and it does work,online scans don't show anything and when something trys to infect, it does get blocked.
should i seriously turn window's one on?
La parole nous a été donnée pour déguiser notre pensée
SchOOl_VicTIm
Profile Blog Joined September 2004
Greece2394 Posts
January 11 2010 11:15 GMT
#39
It says MS Security Essentials not available in my region... wtf =/
Mystlord *
Profile Blog Joined July 2008
United States10264 Posts
Last Edited: 2010-01-11 11:23:00
January 11 2010 11:22 GMT
#40
On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.

On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air

On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history

On January 09 2010 17:34 R1CH wrote:
Adobe


Makes me rage so hard.

Aside from that, R1CH is absolutely right in that it's better and easier to prevent anything from getting onto your computer than trying to get it off. I'd bold literally everything R1CH said because it's all vital. Besides from the anti-virus, you can get away with disabling DEP, but only if you have compatibility issues. There's no real reason to turn it off.

NoScript is GOD. Everyone get it. I've pretty much stopped using any sort of anti-spyware programs now because I have literally everything that's untrusted blocked.
It is impossible to be a citizen if you don't make an effort to understand the most basic activities of your government. It is very difficult to thrive in an increasingly competitive world if you're a nation of doods.
dnosrc
Profile Joined May 2009
Germany454 Posts
January 11 2010 12:14 GMT
#41
You forgot one important point:

After an infection you have to reinstall windows. There is no way to be sure you cleared your PC after that.
Hinanawi
Profile Blog Joined July 2009
United States2250 Posts
January 11 2010 13:00 GMT
#42
How do you feel about the FF addon KeyScrambler? I do pretty much everything in the OP's post already, but I also turn on KeyScrambler whenever I enter sensitive info (like online bank account logins/passwords, etc.).

Mostly worthless feel-good fake-security, or actually helpful?
Favorite progamers (in order): Flash, Stork, Violet, Sea. ||| Get better soon, Violet!
St3MoR
Profile Joined November 2002
Spain3256 Posts
January 11 2010 13:07 GMT
#43
+1 noscript love
Prophet in TL of the Makoto0124 ways
Schnake
Profile Joined September 2003
Germany2819 Posts
January 11 2010 13:41 GMT
#44
Can anyone please tell me if Sandboxie is a valuable software? I am using it from time to time and on certain occasions if I am skeptical about a program. Or is this redundant with all the steps from the guide?
"Alán Shore" and "August Terran" @ LoL EUW - liquidparty
7Strife
Profile Joined December 2009
United States104 Posts
Last Edited: 2010-01-11 18:36:16
January 11 2010 18:18 GMT
#45
On January 11 2010 13:55 R1CH wrote:
Show nested quote +
On January 11 2010 13:22 7Strife wrote:
I'm an idiot


Congratulations, you probably have a rootkit.

As unlikely as it is either of us do unless you run a lot of badly peer reviewed torrents, porn codecs, etc; you may also have a rootkit. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security scan and surveillance mechanisms such as anti-virus or anti-spyware scan. Deamon Tools and Alcohol 120 use rootkits themselves in a helpful manner. If I had other rootkits installed then it isn't affecting my performance at all and isn't trying to communicate over a network. If I discovered I had one then I would reformat; not attempt to use programs to fix it. I have disc images of my clean installed OS with programs and settings so I could format and reinstall while I sleep.

"The old adage "an ounce of protection is worth a pound of cure" is incredibly apropos when it comes to rootkits. Rootkit writers and rootkit detection writers are engaged in an arms race. As soon as someone writes a better rootkit detector, someone else updates a rootkit so that it's even better camouflaged. "

http://www.google.com/#hl=en&q=Defending Against Rootkits&aq=f&aqi=&oq=&fp=292ac4760832f3c4
Carnac
Profile Blog Joined December 2003
Germany / USA16648 Posts
January 11 2010 18:30 GMT
#46
I'd like to add: don't have administrator rights on your normal user account.
ModeratorHi! I'm a .signature *virus*! Copy me into your ~/.signature to help me spread!
semantics
Profile Blog Joined November 2009
10040 Posts
Last Edited: 2010-01-11 20:40:26
January 11 2010 18:34 GMT
#47
On January 11 2010 20:22 Mystlord wrote:
Show nested quote +
On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.

Show nested quote +
On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air

Show nested quote +
On January 09 2010 17:34 R1CH wrote:
Adobe software in particular seems to have a very poor history

Show nested quote +
On January 09 2010 17:34 R1CH wrote:
Adobe


Makes me rage so hard.

Aside from that, R1CH is absolutely right in that it's better and easier to prevent anything from getting onto your computer than trying to get it off. I'd bold literally everything R1CH said because it's all vital. Besides from the anti-virus, you can get away with disabling DEP, but only if you have compatibility issues. There's no real reason to turn it off.

NoScript is GOD. Everyone get it. I've pretty much stopped using any sort of anti-spyware programs now because I have literally everything that's untrusted blocked.

Noscript just is a GUI for whats available in options on alot of browsers, it just allows for a quicker switching of turning on and off add ons and javascript etc. Which in most cases is just a pointless add on unless you randomly surf the web, for most part i keep to core reputable websites and don't randomly download and click things, common sense is the most powerful tool to keep a clean computer.

Also i'd find using FF with No Script a but funny as most ppl who spot FF do it for 2 reason, 1 customization with plug-ins add-ons etc, and then 2 for the speed. But what is the common bench most ppl weigh browsers with a javascript benchmark lol which no script disables by default!

Which then i'd get on a rant about IE8 and how people make it sound like a mix between a retard and someone with plague, but it's the most proactive in security and does far more then anyother browser to keep secure but is the most targeted (kind like wearing a bullet proof vest vs nothing but living in the worst parts of town vs in a nicer part) and it's speed is just fine as most webpages give you limited bandwidth and on avg the diff of speed is very minuscule between browsers when loading a complete webpage it matters little, i mean what kind of webpage is 100% javascript)

No Script;It breaks a lot of things so i don't use it.
Blind
Profile Blog Joined December 2002
United States2528 Posts
January 12 2010 06:48 GMT
#48
Does the advice for the System Updates still apply if I'm not running a real copy of Windows Vista?
semantics
Profile Blog Joined November 2009
10040 Posts
January 12 2010 09:37 GMT
#49
On January 12 2010 15:48 Blind wrote:
Does the advice for the System Updates still apply if I'm not running a real copy of Windows Vista?

Microsoft for a long time has allowed system critical updates though via the windows update for illegal copies although not their their site but only though the program itself. It's to keep the people who pay for their windows to be less likely to be infected, cleaner overall environment supposedly, less viruses on computers less viruses to go around over all. The OP said the same pretty much.
Saturnize
Profile Blog Joined November 2009
United States2473 Posts
January 12 2010 09:47 GMT
#50
On January 12 2010 03:30 Carnac wrote:
I'd like to add: don't have administrator rights on your normal user account.


lol
"Time to put the mustard on the hotdog. -_-"
semantics
Profile Blog Joined November 2009
10040 Posts
January 12 2010 09:59 GMT
#51
On January 12 2010 18:47 Saturnize wrote:
Show nested quote +
On January 12 2010 03:30 Carnac wrote:
I'd like to add: don't have administrator rights on your normal user account.


lol

you may laugh at that but it really does improve the security of the system vista and 7 default vs XP default. It just pisses off users that install and uninstall and do random shit all the time.
Saturnize
Profile Blog Joined November 2009
United States2473 Posts
January 12 2010 10:19 GMT
#52
I just like to have control over the computer i own thats all ^^
"Time to put the mustard on the hotdog. -_-"
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 30 2010 00:01 GMT
#53
Bump, there's some nasty rootkits going around through unpatched Adobe products, make sure you keep yourself safe!
AdministratorTwitter: @R1CH_TL
ShoCkeyy
Profile Blog Joined July 2008
7815 Posts
March 01 2010 01:02 GMT
#54
Bumping this because it's helped me out a lot and other people should know about this too. And to the post that R1CH has posted above, that is true. Watch out with that. Every time some one ask me about securing their pc; I just refer them to this page/do it for them.
Life?
madsweepslol
Profile Joined February 2010
161 Posts
March 01 2010 04:16 GMT
#55
<.<



>.>



apple ftw
Emon_
Profile Blog Joined November 2009
3925 Posts
Last Edited: 2010-03-02 08:51:07
March 02 2010 08:49 GMT
#56
On March 01 2010 13:16 madsweepslol wrote:
apple ftw

not if you're straight.

+1 for noscript/flashblock/adblock on firefox. Most pages look like a half-eaten sandwich with the ads turned off. No matter what the guy that raged about noscript says - it's amazing. I wouldn't be out on the web without it.

"I know that human beings and fish can coexist peacefully" -GWB ||
CharlieMurphy
Profile Blog Joined March 2006
United States22895 Posts
Last Edited: 2010-03-02 10:47:17
March 02 2010 10:44 GMT
#57
If you use a pirated version of Windows, you can still turn on automatic updates.

r1ch,
enlighten me on how to get passed the windows genuine thing? I can't update without installing that pos first.
..and then I would, ya know, check em'. (Aka SpoR)
konadora *
Profile Blog Joined February 2009
Singapore66155 Posts
Last Edited: 2010-03-02 11:08:44
March 02 2010 10:58 GMT
#58
This guide was just what I needed, thanks once again R1CH!!!

On January 30 2010 09:01 R1CH wrote:
Bump, there's some nasty rootkits going around through unpatched Adobe products, make sure you keep yourself safe!


So basically update all Adobe products? (Photoshop, Lightroom, Reader, etc?)
POGGERS
d_so
Profile Blog Joined December 2007
Korea (South)3262 Posts
March 02 2010 14:24 GMT
#59
bumping this so i remember to do everything it says tomorrow morning
manner
Durak
Profile Blog Joined January 2008
Canada3684 Posts
March 02 2010 14:38 GMT
#60
I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.
UdderChaos
Profile Blog Joined February 2010
United Kingdom707 Posts
March 02 2010 14:42 GMT
#61
R1ch so have i just been really lucky then? Becuase these precations seems really over the top and scaremongering to me, I always turn off firewalls and i dont have any virus protection for the last 8 years running various winodws OS, using firefox, and I've only managed to get 1 vrius, and im on the internet at least 3-4 hours a day. I do have a router but that's it. I've never had any of my accouts for anything hacked/stolen and my cpu usage is pretty low when nothing is running, i try and keep an eye on it.
Nunquam iens addo vos sursum
SkelA
Profile Blog Joined January 2007
Macedonia13032 Posts
Last Edited: 2010-03-02 15:28:24
March 02 2010 15:20 GMT
#62
On January 11 2010 20:15 SchOOl_VicTIm wrote:
It says MS Security Essentials not available in my region... wtf =/



Same here .. so where i can download that pls !

Edit: Ok found it but i have a pirated winxp and it asks me to validate windows .. can i still install?
Stork and KHAN fan till 2012 ...
yenta
Profile Blog Joined April 2006
Poland1142 Posts
Last Edited: 2010-03-02 16:35:43
March 02 2010 16:30 GMT
#63
On March 03 2010 00:20 SkelA wrote:
Edit: Ok found it but i have a pirated winxp and it asks me to validate windows .. can i still install?

I'm not sure but I think upon failing windows validation it will break your Windows Install

On March 02 2010 23:42 UdderChaos wrote:
Becuase these precations seems really over the top and scaremongering to me.

I think this is a good set of standard, minimal precautions that should be taken. Over the top would involve some sort of virtualization / daily fresh installs going on.
Trutacz Practice Discord - https://discord.gg/PWF7Pv
Grobyc
Profile Blog Joined June 2008
Canada18410 Posts
March 02 2010 17:14 GMT
#64
thanks for this R1CH, didn't see it until now :D
If you watch Godzilla backwards it's about a benevolent lizard who helps rebuild a city and then moonwalks into the ocean.
Necosarius
Profile Blog Joined September 2009
Sweden4042 Posts
Last Edited: 2010-03-02 17:46:04
March 02 2010 17:23 GMT
#65
On March 02 2010 19:44 CharlieMurphy wrote:
Show nested quote +
If you use a pirated version of Windows, you can still turn on automatic updates.

r1ch,
enlighten me on how to get passed the windows genuine thing? I can't update without installing that pos first.


I would like to know this as well. Thanks r1ch!

Edit: and thanks to those who recommended noscript, it's awesome!
WhuazGoodJaggah
Profile Blog Joined January 2009
Lesotho777 Posts
Last Edited: 2010-03-02 17:59:59
March 02 2010 17:48 GMT
#66
On January 11 2010 13:55 R1CH wrote:
Show nested quote +
On January 11 2010 13:22 7Strife wrote:
"I'm an idiot"


Congratulations, you probably have a rootkit.


yeah he is an idiot because he doesn't blindly follow the shit you preach?

I have a friend who very rarely uses his computer and fucking autoupdate is always fucking hiom over because he can't use his cumpter when he wants to because 23123 updates have to be done first. Very efficient, right.

And always updating your software to the latest version per se is just as stupid as not updating at all. Are you a software engineer? Don't you know that you can open doors with updates just as easy as closing them?

An open source app can be all nice and fine and checked for malicious code then made closed source do an auto update and bam you have shit on your computer.

Such general security guidlines suck, as nothing will every replace using your own brain.


Btw, do you like it that almost all websites require "secure" ~8charater with number pws?
small dicks have great firepower
Sadir
Profile Blog Joined December 2005
Vatican City State1176 Posts
March 05 2010 22:40 GMT
#67
thx r1ch
SoLaR[i.C]
Profile Blog Joined August 2003
United States2969 Posts
March 05 2010 22:49 GMT
#68
Norton 360 2010 is totally rad. I have it and haven't had even the slightest infraction as far as security goes.
Frolossus
Profile Joined February 2010
United States4779 Posts
March 05 2010 22:58 GMT
#69
for the DEP section in windows 7 there is no apply to all programs button thing.
LuCky.
Profile Joined March 2010
Zimbabwe91 Posts
March 05 2010 23:20 GMT
#70
OK Rich which web browser would you recommend?

-FF 3.6
-Opera 10.5
-Chrome 5.0

"Forgive your enemies, but never forget their names." - JFK
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
March 05 2010 23:25 GMT
#71
On March 02 2010 23:38 Durak wrote:
I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.

Most free Korean games (or any games from Asia for that matter) use pseudo-rootkits as a crude form of anti-cheating. This usually includes packed/crypted executables that weren't designed for DEP. So yes, it's safe to run, but if it's GameGuard (a common antihack), this may cause crashing in other programs you have running at the same time, especially Firefox.
AdministratorTwitter: @R1CH_TL
Raelcun
Profile Blog Joined March 2008
United States3747 Posts
March 05 2010 23:41 GMT
#72
So would you recommend running noscript R1CH or is that overkill? My brother in law is like the biggest noscript fanboy I've ever seen but it seems a bit much.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
March 05 2010 23:42 GMT
#73
On March 03 2010 02:48 WhuazGoodJaggah wrote:
I have a friend who very rarely uses his computer and fucking autoupdate is always fucking hiom over because he can't use his cumpter when he wants to because 23123 updates have to be done first. Very efficient, right.

And always updating your software to the latest version per se is just as stupid as not updating at all. Are you a software engineer? Don't you know that you can open doors with updates just as easy as closing them?

Updates install in the background, it even tells you that you can continue using your computer while they install. Unless it's really old PC, updates can be installed with minimal interruption.

If you seriously think Microsoft and any other large vendor introduces new security holes with security updates then I don't know what to say. The Microsoft QA and testing department alone is bigger than entire companies. You're at far greater risk from known, exploitable vulnerabilities than hypothetical future security holes.
AdministratorTwitter: @R1CH_TL
offchance
Profile Joined March 2010
United States15 Posts
Last Edited: 2010-03-06 01:21:37
March 06 2010 00:44 GMT
#74
one of my XPs did validate security essentials, another one didnt. Im not sure if theres a way around that

R1CH, what do you think of avast? i found it useful when it blocked some sites from opening popups/running malicious scripts

also, how do i get rid of another version of XP, it still gives me a choice when i reboot. Is there a good way to import installed software or i have to redo it on a newer version?

also some link, esp updates, still open in IE, even though i have something else for defaiult browser. How do i fix that. Is installed IE in itself a threat even if im not using it?
manit0u, amnesia, the6357, storkhwaiting, charliemurphy, thopol, impervious, ctstalker, nevern, caller, solar[i.c],
d(O.o)a
Profile Blog Joined June 2008
Canada5066 Posts
March 06 2010 15:30 GMT
#75
Where can I find something to download or at least scan for missing .DLL files in my windows registry?
Hi.
lynx.oblige
Profile Joined August 2009
Sierra Leone2268 Posts
March 06 2010 15:43 GMT
#76
Great thread, thanks R1CH.
Everyone needs a nemesis.
Durak
Profile Blog Joined January 2008
Canada3684 Posts
March 06 2010 16:00 GMT
#77
On March 06 2010 08:25 R1CH wrote:
Show nested quote +
On March 02 2010 23:38 Durak wrote:
I have a question for R1CH. I tried to install Gunbound from http://www.teamliquid.net/forum/viewmessage.php?topic_id=112506 and I got a DEP error (screenshot bottom of page 4). How can I tell if Gunbound is safe to run? It's a fairly old game so that might be what's causing it.

Most free Korean games (or any games from Asia for that matter) use pseudo-rootkits as a crude form of anti-cheating. This usually includes packed/crypted executables that weren't designed for DEP. So yes, it's safe to run, but if it's GameGuard (a common antihack), this may cause crashing in other programs you have running at the same time, especially Firefox.


Thanks R1CH. I appreciate your answer because it doesn't just tell me what to do but explains it.
KingKRule
Profile Blog Joined February 2010
United States84 Posts
March 06 2010 16:01 GMT
#78
I didn't understand half of it but thanks R1CH!
Absolute power corrupts absolutely.
Biochemist
Profile Blog Joined February 2009
United States1008 Posts
Last Edited: 2010-03-06 16:29:06
March 06 2010 16:28 GMT
#79
How often do people intentionally package things like keyloggers/malicious rootkits/etc in pirated copies of major programs like windows/office?
QuickStriker
Profile Blog Joined January 2009
United States3694 Posts
March 06 2010 17:09 GMT
#80
Hi R1CH, I was wondering if I can get some advice and help from you. I mentioned this also on one of the blog that mention you and thought it might be more productive to say it here:


So basically starting yesterday, my laptop (windows 7 ultimate and very old since 2006) have randomly restarting and rebooting itself. Just RANDOMLY. There even isn't a pattern, whenever it feels like it. I touch the back part of laptop and it is hot but I wonder if it is really because of overheating since I don't have a blue screen and just restart. I feel like this laptop either has a virus or something OR it's time to slowly say goodbye to my 4 years old laptop and get a new laptop. In that case, can you recommend me a nice laptop to buy (I don't know how to build one but I suppose if I receive help...) that's inexpensive, like you did with the desktop specs?? :D

And also briefly mention what my problem could be with my current old laptop...

Also adding that I did follow your guide and have Microsoft Security Essential which works like a charm and free! And tell me if I should add any more info to this to clarify better if you are to help me. Thanks!!
www.twitch.tv/KoreanUsher
Freezard
Profile Blog Joined April 2007
Sweden1010 Posts
March 06 2010 17:29 GMT
#81
All you really need is Spybot Search & Destroy with Teatimer, it will alert you of any registry changes so you could deny attacks from there. Well, plus Windows updates of course. I don't use Windows firewall, never.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
March 16 2010 19:43 GMT
#82
Exploit code for another Adobe Reader bug was recently posted, so you can expect a fresh wave of PDF exploits in the wild pretty soon. This exploit allows remote code execution if successful, so if you haven't already, update / uninstall your Adobe Reader. I recommend disabling the browser plugin too so PDF files can't auto-open (eg from malicious banner ads), and/or switch to Foxit Reader which has a less worrying security history.
AdministratorTwitter: @R1CH_TL
rei
Profile Blog Joined October 2002
United States3594 Posts
May 02 2010 21:53 GMT
#83
Thanks R1CH!! Why are you so awesome?
GET OUT OF MY BASE CHILL
Captain Mayhem
Profile Blog Joined August 2009
Sweden774 Posts
May 02 2010 22:09 GMT
#84
On May 03 2010 06:53 rei wrote:
Thanks R1CH!! Why are you so awesome?

Asking R1CH why he's awesome is like asking water why it's wet, or the sky why it's blue.
They just are, and always were. <3
Gravity is just a theory anyway.
Judicator
Profile Blog Joined August 2004
United States7270 Posts
May 02 2010 22:14 GMT
#85
On March 07 2010 01:28 Biochemist wrote:
How often do people intentionally package things like keyloggers/malicious rootkits/etc in pirated copies of major programs like windows/office?


More often than people downloading the programs like to think.
Get it by your hands...
Ursad0n
Profile Blog Joined April 2010
United States523 Posts
May 05 2010 18:57 GMT
#86
Okay i have read all the posts in this thread and i did everything the first post said. I am still curious as to what precautions are still necessary. I know that you don't download programs that are known to have viruses, however things like limewire, and torrent sites are visited often by most of us, does this protect against ALL of those things and the viruses associated with them? Also, do you advise (YES i am being serious and will do so if required) getting Linux for the "Sketchy" programs? Such as limewire and other things.
Also, how do you feel about programs like RoboForm? (And no i didn't buy it i have PCWorld so i got a free version) Is it safe? is it Super unsafe?

Also
On March 06 2010 08:20 LuCky. wrote:
OK Rich which web browser would you recommend?

-FF 3.6
-Opera 10.5
-Chrome 5.0


What DO u prefer?

And one last thing. Is there an adblocker for Opera?

I eagerly await your reply. :D TY for the help though.
You make it sound like there's a correlation between what should happen and what actually happens. I mean, life is chaotic and it's often unfair. I know it is for me.
SichuanPanda
Profile Blog Joined March 2010
Canada1542 Posts
Last Edited: 2010-05-05 19:07:11
May 05 2010 19:04 GMT
#87
Huge tip here: NEVER use NORTON Anti-Virus. Norton scans everything your computer is doing bit-by-bit and as a result it will SLOW DOWN your computer, you may not get any viruses but the computer will run so slow it will seem like it has one. AVG Pro is the way to go for me, its cheap, it doesn't slow down you computer, and it can be setup to run a scan when you shut down your computer (hit shutdown and go to bed, comp turns off when its done the scan). This way you will be sure you never get any viruses without having a resource hog of an application like Norton.

Edit Browser Choices:
NEVER FF - Always buggy, lots of exploits
IE 8/9 - Very secure browsers, in fact perhaps secure to the point of becoming slow.
Chrome - By far the fastest and most efficient browser. However has trouble loading most ASP and .NET based websites. At the same time it offers a true hidden browsing options, which neither of the other two use.
Opera - Have not used since version 7, can't really say here.
i-bonjwa
AmIGoingToGetBanned
Profile Joined May 2010
United States19 Posts
May 06 2010 22:40 GMT
#88
R1CH would you recommend Avast 5.0 (newest version) or MSE? I've heard great things about both, but I'm kind of confused.
Boblion
Profile Blog Joined May 2007
France8043 Posts
Last Edited: 2010-05-06 22:43:46
May 06 2010 22:43 GMT
#89
On May 07 2010 07:40 AmIGoingToGetBanned wrote:
R1CH would you recommend Avast 5.0 (newest version) or MSE? I've heard great things about both, but I'm kind of confused.

Tdot ?

On topic: i'm happy with avast
fuck all those elitists brb watching streams of elite players.
RationalCrusader
Profile Joined May 2010
Canada33 Posts
May 07 2010 04:18 GMT
#90
Antivir seems to do the best when it comes to freeware antiviral programs. Results

If you're looking for an easy app to check for software updates then try File Hippo's Update Checker. I've tried secunia, which is quite good, but it's a little annoying to get an update.
MaZza[KIS]
Profile Joined December 2005
Australia2110 Posts
May 07 2010 04:37 GMT
#91
On March 17 2010 04:43 R1CH wrote:
Exploit code for another Adobe Reader bug was recently posted, so you can expect a fresh wave of PDF exploits in the wild pretty soon. This exploit allows remote code execution if successful, so if you haven't already, update / uninstall your Adobe Reader. I recommend disabling the browser plugin too so PDF files can't auto-open (eg from malicious banner ads), and/or switch to Foxit Reader which has a less worrying security history.


R1CH could I please ask you to link to an article or otherwise where I can find more information about this bug.

I'm an avid TL browser (browsing right now from work) and thought I could distribute this information to some of the techies in my office. They'll need more then just my claim of "R1CH from TL said it, it must be true!". In fact, if they find out I'm browsing gaming forums they might think I'm a geek. The cat isn't out of the bag yet...

I've found this article (quickly google'ing): http://www.computerworld.com/s/article/9174612/Adobe_Foxit_examine_new_no_bug_needed_PDF_hack

Is this along the lines of what you are describing? Everything else seems to refer to an exploit/un-patched bug.
I really wanted a bigger opponent, like Nate Marquardt, or King Neptune, or Zeus, or Zeus and Fedor, or Fedor on Zeus's shoulders, and they can both punch but only Zeus can kick.
semantics
Profile Blog Joined November 2009
10040 Posts
Last Edited: 2010-05-07 05:47:50
May 07 2010 05:44 GMT
#92
Flash and adobe reader are popular places to hackers to target as adobe is usually slow to respond to anything and allow of poeple have it cross platform etc.
http://blog.kowalczyk.info/software/sumatrapdf/index.html
i personally use this pdf reader as it's tiny and gets the job done as far as it being any more secure ionno i don't care enough to find out i don't use pdf's often.

http://gladiator-antivirus.com/forum/index.php?s=c4832b99b6f4f6752c400aa68ea724f4&showtopic=104127

here is more info on why pdf will be the death of you.

although march 17 was quite awhile ago lol there have been several news stores on pdf in that time
cibris
Profile Joined April 2010
18 Posts
Last Edited: 2010-05-09 14:25:37
May 09 2010 13:54 GMT
#93
Might be strange to ask but is there a windows operating system you'd actually recommend? Would you use a different one depending on what tasks you used your PC for?
zatic
Profile Blog Joined September 2007
Zurich15325 Posts
May 09 2010 14:02 GMT
#94
On May 06 2010 04:04 SichuanPanda wrote:
Huge tip here: NEVER use NORTON Anti-Virus. Norton scans everything your computer is doing bit-by-bit and as a result it will SLOW DOWN your computer, you may not get any viruses but the computer will run so slow it will seem like it has one. AVG Pro is the way to go for me, its cheap, it doesn't slow down you computer, and it can be setup to run a scan when you shut down your computer (hit shutdown and go to bed, comp turns off when its done the scan). This way you will be sure you never get any viruses without having a resource hog of an application like Norton.

Edit Browser Choices:
NEVER FF - Always buggy, lots of exploits
IE 8/9 - Very secure browsers, in fact perhaps secure to the point of becoming slow.
Chrome - By far the fastest and most efficient browser. However has trouble loading most ASP and .NET based websites. At the same time it offers a true hidden browsing options, which neither of the other two use.
Opera - Have not used since version 7, can't really say here.

This is a wall of personal opinion and doesn't help anyone to secure their PCs. Don't listen to this guy and stick to the OP please people.
ModeratorI know Teamliquid is known as a massive building
deo1
Profile Joined April 2010
United States199 Posts
Last Edited: 2010-05-09 15:13:37
May 09 2010 15:08 GMT
#95
Wow, I didn't even know about dep. It seems like an obvious measure to be taken in modern Harvard architecture systems. In fact it seems so obvious that, at least on the surface, I'm not convinced that there isn't some sort of performance hit (i.e. why isn't it enabled by default??). I see it has hardware support though, so it must be reliable and useful. Thanks for pointing that out.

edit: looks like Windows simply performs a check on a bit in the processor that labels each page as executable or not, so should be no performance problem at all.
Poooooor Protoss.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
May 09 2010 15:33 GMT
#96
On May 07 2010 07:40 AmIGoingToGetBanned wrote:
R1CH would you recommend Avast 5.0 (newest version) or MSE? I've heard great things about both, but I'm kind of confused.

I haven't tried the newest Avast, but I do recall having some issue of some sort with the older versions. Really though anti-virus is becoming less effective anyway, you need to protect yourself so that you aren't exposing your PC to risk of infection to begin with.

On May 09 2010 22:54 cibris wrote:
Might be strange to ask but is there a windows operating system you'd actually recommend? Would you use a different one depending on what tasks you used your PC for?


I would probably move to Windows 7 soon, XP is getting close to end-of-life and there's no point going for Vista when you can get Windows 7. Unless I'm doing development for a specific operating system I can't really see myself switching OSes just for a task. I do all my Linux development using remote servers anyway, so it doesn't really matter what OS I have on my own PC.

On May 10 2010 00:08 deo1 wrote:
Wow, I didn't even know about dep. It seems like an obvious measure to be taken in modern Harvard architecture systems. In fact it seems so obvious that, at least on the surface, I'm not convinced that there isn't some sort of performance hit (i.e. why isn't it enabled by default??).

It isn't enabled by default in the name of compatibility with badly coded programs .
AdministratorTwitter: @R1CH_TL
disformation
Profile Joined July 2009
Germany8352 Posts
Last Edited: 2010-05-09 16:22:19
May 09 2010 16:13 GMT
#97
Awesome stuff.
I wasn't aware of the Data Execution Prevention option and that Secunia tool is sooo helpful.

edit: with all that stuff, is it recommended to still use a tool like spybot - search&destroy?
AmIGoingToGetBanned
Profile Joined May 2010
United States19 Posts
May 10 2010 04:18 GMT
#98
On May 10 2010 01:13 disformation wrote:
Awesome stuff.
I wasn't aware of the Data Execution Prevention option and that Secunia tool is sooo helpful.

edit: with all that stuff, is it recommended to still use a tool like spybot - search&destroy?


if experience serves me correctly, Spybot SAD is actually one of the worst anti-spywares you can have for free today, man, it's just not like it used to be anymore. i suggest malwarebytes, whatever u do though, DONT GET AD-AWARE!
jodogohoo
Profile Blog Joined March 2008
Canada2533 Posts
May 16 2010 07:00 GMT
#99
sweet jesus, thanks a lot man
Mohdoo
Profile Joined August 2007
United States15513 Posts
May 16 2010 07:04 GMT
#100
On May 10 2010 13:18 AmIGoingToGetBanned wrote:
Show nested quote +
On May 10 2010 01:13 disformation wrote:
Awesome stuff.
I wasn't aware of the Data Execution Prevention option and that Secunia tool is sooo helpful.

edit: with all that stuff, is it recommended to still use a tool like spybot - search&destroy?


if experience serves me correctly, Spybot SAD is actually one of the worst anti-spywares you can have for free today, man, it's just not like it used to be anymore. i suggest malwarebytes, whatever u do though, DONT GET AD-AWARE!


I have done computer repair work for the past 5 years, and I have used Spybot SD the whole time. It has had its ups and downs, but I'd never say its bad. Any time you are removing spyware, you should never only be using one program anyway. I typically use Spybot and Malwarebytes together along with cleanup, ccleaner and hijackthis.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
February 26 2011 21:31 GMT
#101
Bump! Updated with info about EMET.
AdministratorTwitter: @R1CH_TL
Z3kk
Profile Blog Joined December 2009
4099 Posts
March 24 2011 06:35 GMT
#102
Bump! I wanted to thank you, because my 28-character password account (though I doubt the length truly matters if they want it badly enough) was broken into, and it also stored other passwords from long, long ago, and I immediately recalled the thread and found it very useful indeed.

Because I'm too lazy to search, what's your job, again? I'm assuming you majored in comp sci at X university and your career involves something...programming/IT based? Grasping at straws here...though I do know that it (embarrassingly broadly--referring to my guess) has to do with computers... Thanks again.
Failure is not falling down over and over again. Failure is refusing to get back up.
semantics
Profile Blog Joined November 2009
10040 Posts
March 24 2011 08:02 GMT
#103
Is there any types of programs that tend to disagree with DEP SEHOP and ASLR. that and among the Nullpage HeapSpary or EAF. Or is it rare for a program to have issue with these features, and if there is an issue what would it manifest as, the program crashing? Just wondering if i could just turn that all on, but then i wonder if it's all nice and dandy then why doesn't Microsoft just have it already all turned on by default.
kOre
Profile Blog Joined April 2009
Canada3642 Posts
March 24 2011 08:06 GMT
#104
Thanks for the bump ^^ Updated my newly formatted computer with the necessary updates. Being TL's wizard is his part-time job I think?
http://www.starcraftmecca.net - Founder
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
November 26 2011 02:45 GMT
#105
Bump!

Secunia PSI now has a new version that can automatically install updates for you. Also fixed the EMET link since there is a new version available. The rest of the guide is still valid.
AdministratorTwitter: @R1CH_TL
Frozenhelfire
Profile Joined May 2010
United States420 Posts
Last Edited: 2011-12-10 04:09:46
December 09 2011 23:55 GMT
#106
Hey Rich, do you have any additional suggestions if you don't have access to your router/don't know if it is NAT/don't know if you use one? I live in a dorm and we plug in to the wall. I tried putting a router between wall connection and my computer and it wouldn't work. Is the NAT router important or did I read too much into it? Thanks in advance.
polar bears are fluffy
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
March 20 2012 06:11 GMT
#107
Updated Browser section, also fixed a few other parts that were out of date.
AdministratorTwitter: @R1CH_TL
lisward
Profile Blog Joined March 2011
Singapore959 Posts
March 20 2012 07:06 GMT
#108
Hi dude what do you think about fully cloud based antiviruses like Panda Cloud? You don't need to update them at all, will that be a better solution?
Opinions are like phasers -- everybody ought to have one
qwertzi
Profile Joined March 2011
111 Posts
March 20 2012 19:35 GMT
#109
hey r1ch,

i was wondering, what do you think of spybot as another or additional safety measure?!
NeonFox
Profile Joined January 2011
2373 Posts
March 29 2012 17:42 GMT
#110
Never heard of EMET before this day, thanks for talking about it.
Shagg
Profile Joined September 2010
Finland825 Posts
March 29 2012 19:51 GMT
#111
Thanks r1ch, truly helpful and easy to understand
"You're a pro or you're a noob. That's life"
ilbh
Profile Blog Joined May 2007
Brazil1606 Posts
Last Edited: 2012-03-30 03:09:08
March 30 2012 03:06 GMT
#112
hey R1ch, I'm really interested to know what do you think about Kaspersky?

I have been using it and it seems awesome. as far as I know he can detect what any running program is trying to execute and prevent it to be executed.

it also has Heuristic detection and some other things like e-mail anti virus, IM and Web anti virus and obviously many configuration options and more things, like preventing boot-infection, etc. etc. etc. lol

Have you tried it?

thanks for the guide! it's awesome, really good advices!
Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest.
Synapze
Profile Joined September 2010
Canada563 Posts
Last Edited: 2012-03-30 04:12:35
March 30 2012 03:19 GMT
#113
Anti virus is unnecessary these days. Google chrome is safer than any software you can get, and the rest is diligence on your part. If you're going to download torrents or anything from other users and sites, do your research. Read comments and look up the history of the provider if there is not comments.
Yuri Victoria LMJ ~♥
supsun
Profile Joined February 2012
United Kingdom343 Posts
March 30 2012 22:58 GMT
#114
Anyone know if it would infect my iPhone?
Neo7
Profile Blog Joined November 2007
United States922 Posts
April 15 2012 17:00 GMT
#115
ASUS had a strange setup with my laptop recovery media in that it split it into two disks. The first one was just the OS while the 2nd contained all the bloatware. I found that when I forced restarted the laptop when it requested the 2nd CD, I wound up with a clean Windows 7 installation (no drivers, no bloatware). Nice for it to work out in that favor since I can only get programs I want as well as install the latest drivers from their site.
It takes an idiot to do cool things.
AnotherRandom
Profile Joined May 2012
Canada81 Posts
May 28 2012 05:25 GMT
#116
Not tying to necropost something, but here's an explanation of the issue I'm currently having.

D3 was recently released and like many other people, my account has been compromised. Much of the information going around points to something like a keylogger. How can I find out what caused my account to be compromised and what is the best option for me?

I'm running a 64-bit Vista Home Premium HP laptop. I use Google Chrome and the only anti-malware software I use is MSE/Windows Firewall.

I can reinstall my OS no problem, did that 2 months ago. I'm just want to get more information about what happened and what I can do before I go through the 3-hour hassle of getting my PC back to a setting that I feel is secure.

How can I avoid this from happening in the future?
Teamliquid is one of the dumbest gaming communities on the internet.
EdenPLusDucky
Profile Blog Joined July 2011
571 Posts
May 28 2012 05:33 GMT
#117
If only your bnet account was compromised, and nothing else, it probably isn't a keylogger. There was a problem with hackers using your player session in D3 if you logged in or something like that, blizzard should have fixed it though.
Zariel
Profile Blog Joined December 2010
Australia1285 Posts
May 28 2012 05:51 GMT
#118
Nice writeup.

Browsing infection are getting more and more common these days, I see customers everyday that have these fraudulent anti-virus programs loaded that literally lock down your whole PC and some variants even flag all your data as hidden.

I do agree that the MSE is a good and simple anti-virus program for everyone to use. Companies like Symantec, Kaspersky etc.. are just a white-collar cash-cow programs that overload you with these 'security features' which I really don't see them work. I find it funny how it pretty much says "Oh I found this virus, but I can't remove it".

Essentially, my arsenal of tools to combat virus/spyware related issues are:

1) Malwarebytes
2) Combofix
3) MSE
4) A secondary PC with anti virus program
5) Windows Vista Pre-Installation DVD (fuck this is a beautiful disc)
sup
niteReloaded
Profile Blog Joined February 2007
Croatia5281 Posts
May 28 2012 10:31 GMT
#119
R1CH,

Do you have an opinion of Comodo Internet Security?
I started using it the other day, and I have a hunch it's a beastly security option.
(Free, low on resource usage, frequent updates, AV, firewall, some option called Defense+)

Anyway, one of the things they offer to do for you as you install it, is to change your DNS settings to their safe servers. What do you think about that? Clever, or maybe not as important as I think?

Also, you talk a lot about Adobe products, don't you think it's better to just use alternative PDF readers for example than to constantly check for updates for Adobe manually?

--
Thanks for the guide, it's expanded my views.
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
May 28 2012 11:30 GMT
#120
I dislike Comodo, it installs a lot of kernel mode hooks that can break a lot of legit programs and cause Internet instability. Maybe it's improved since I last looked at it, but I don't see the point of anything beyond basic anti-virus for the home user.
AdministratorTwitter: @R1CH_TL
GinDo
Profile Blog Joined September 2010
3327 Posts
May 31 2012 16:37 GMT
#121
He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?
ⱩŦ ƑⱠẬ$Ħ / ƩǤ ɈƩẬƉØƝǤ [ɌȻ] / ȊṂ.ṂṼⱣ / ẬȻƩɌ.ȊƝƝØṼẬŦȊØƝ / ẬȻƩɌ.ϟȻẬɌⱠƩŦŦ ϟⱠẬɎƩɌϟ ȻⱠẬƝ
jpak
Profile Blog Joined October 2009
United States5045 Posts
May 31 2012 16:52 GMT
#122
On June 01 2012 01:37 GinDo wrote:
He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?


Quick scan should be good enough to get most viruses. I only worry about a full scan when a quick scan detects something. Then I rin a full scan on malwarebytes.

Works for me.
CJ Entusman #50! #1 클템 fan TL!
GinDo
Profile Blog Joined September 2010
3327 Posts
May 31 2012 17:11 GMT
#123
On June 01 2012 01:52 jpak wrote:
Show nested quote +
On June 01 2012 01:37 GinDo wrote:
He R1ch, Is their any other AV that you recommend? MSE is great because it is light, but the Full Scan takes for ever. Mine has been running for 6 hours and it doesn't even look 10% done. Is this normal?


Quick scan should be good enough to get most viruses. I only worry about a full scan when a quick scan detects something. Then I rin a full scan on malwarebytes.

Works for me.


Thanks for the tip. You wouldn't happen to know why it is so slow compared to other AV's?
ⱩŦ ƑⱠẬ$Ħ / ƩǤ ɈƩẬƉØƝǤ [ɌȻ] / ȊṂ.ṂṼⱣ / ẬȻƩɌ.ȊƝƝØṼẬŦȊØƝ / ẬȻƩɌ.ϟȻẬɌⱠƩŦŦ ϟⱠẬɎƩɌϟ ȻⱠẬƝ
EdenPLusDucky
Profile Blog Joined July 2011
571 Posts
May 31 2012 17:58 GMT
#124
It isn't. You probably have a damaged file that it can't stop scanning.
GinDo
Profile Blog Joined September 2010
3327 Posts
May 31 2012 18:13 GMT
#125
On June 01 2012 02:58 EdenPLusDucky wrote:
It isn't. You probably have a damaged file that it can't stop scanning.


No it's not stuck. I think I would have noticed
ⱩŦ ƑⱠẬ$Ħ / ƩǤ ɈƩẬƉØƝǤ [ɌȻ] / ȊṂ.ṂṼⱣ / ẬȻƩɌ.ȊƝƝØṼẬŦȊØƝ / ẬȻƩɌ.ϟȻẬɌⱠƩŦŦ ϟⱠẬɎƩɌϟ ȻⱠẬƝ
EdenPLusDucky
Profile Blog Joined July 2011
571 Posts
May 31 2012 18:23 GMT
#126
then you have a really large hard drive or a really bad processor
GinDo
Profile Blog Joined September 2010
3327 Posts
May 31 2012 19:47 GMT
#127
On June 01 2012 03:23 EdenPLusDucky wrote:
then you have a really large hard drive or a really bad processor


500gb Hardrive

About 250gb used.

Intel i5 430M

ⱩŦ ƑⱠẬ$Ħ / ƩǤ ɈƩẬƉØƝǤ [ɌȻ] / ȊṂ.ṂṼⱣ / ẬȻƩɌ.ȊƝƝØṼẬŦȊØƝ / ẬȻƩɌ.ϟȻẬɌⱠƩŦŦ ϟⱠẬɎƩɌϟ ȻⱠẬƝ
Shagg
Profile Joined September 2010
Finland825 Posts
June 06 2012 16:08 GMT
#128
Hey R1CH new version of EMET 3.0 is up link to it https://www.microsoft.com/en-us/download/details.aspx?id=29851
"You're a pro or you're a noob. That's life"
semantics
Profile Blog Joined November 2009
10040 Posts
Last Edited: 2012-12-01 17:13:46
December 01 2012 17:11 GMT
#129
On June 07 2012 01:08 Shagg wrote:
Hey R1CH new version of EMET 3.0 is up link to it https://www.microsoft.com/en-us/download/details.aspx?id=29851

Here is EMET 3.5 tech preview
http://www.microsoft.com/en-us/download/details.aspx?id=30424

Also here is a really well done guide oh how to use EMET and check if it's working, although probably still more involved then most people would be willing. Probably just skip to Recommended applications to add
http://www.rationallyparanoid.com/articles/microsoft-emet-3.html

Also for those running windows 8, checking if it works is actually semi important as there are compatibility issues.
cari-kira
Profile Joined March 2011
Germany655 Posts
Last Edited: 2012-12-01 18:51:42
December 01 2012 18:33 GMT
#130
while i dont share your view of antivirus (i think its mandatory, because its preventing 99% of the infections you could get. ever had a friend to visit who brought his usb-stick with him to copy over a file for university? how wold your measures prevent the virus it contains in his autorun.inf from executing?), the other points are spot on (you could of course argue about the firewall, because there are trojans that collect data and send it to prepared servers, and the windows firewall does not block outgoing connections. ever torrented a game to try it? how do you know that the cracked executeable does not connect to the internet, sending your serials/logins to a nice database for later use?)

having coded some "client-server applications" myself, some detected, some not, i know many anti-virus programs report executables as malicious when they inject the winsock in a special way, but hey, i'd rather manual whitelist some programs than getting a virus that perhaps screws all my data and my operating system, steals my accounts and passwords or/and does illegal things i could be held responsible for in the worst case.

of course AV does not protect from a freshly written virus that spreads just some days, and of course they have false positives, but if this prevents your system from being compromised by the 99% of old trojans/virae that are still around, its totally worth it.
not everyone has the knowledge to use his computer all the time in a way that prevents all sorts of infections, and noone should claim to be able to. reality is a bitch sometimes.
so i would suggest everyone to use AV _always_.
there really is no disadvantage, only a big advantage.

its funny that some really experienced pc users dont like AV, you are not the only one. i had the same problem with desktop firewalls, saying NAT + windows firewall would be sufficient. but its not in some situations.
i think the dislike of AV and desktop firewalls comes from people with great knowledge being bugged by some people getting paranoid, because they have AV and a desktop firewall (sometimes even 2 desktop firewalls because they feel its safer^^) without being able to understand what they are doing ("hey, i blocked this suspicious program using port 139, but i think it was too late, because my internet was gone shortly after, so i reinstalled windows."), and so these experienced people want to take a stance against this paranoia.
but: this does not justify to advise against AV/desktop firewall in general in my eyes as an easy way out. it just means you have to explain the people how to use it.

ps: i am responsible for some customer networks with 50+ client pcs for many years now, administrating both client and servers with the users being administrators on most of their PCs (because most customers want it this way.
and if they want it this way, they get it, period. no arguing with a customer, if you want to earn money.)
without antivirus these computers would be down or infected most of the times. i often get calls from people "my antivirus popped up that theres a file containing a virus on my pc, what should i do?" usually an email, an usb stick or a website.
never had any infections the last 10 years thanks to antivirus.
Live and let live
Belial88
Profile Blog Joined November 2010
United States5217 Posts
Last Edited: 2012-12-01 19:20:40
December 01 2012 19:20 GMT
#131
Last time I was in here I got:
Malwarebytes
WSE
Peerblock
Use windows firewall

for my security. Peerblock hasn't been updated in forever though, is it still useful? I think they still update the lists though, but the website looks pretty dead.

Is WSE still the best and lightest AV? I recall it was WSE vs Avast for best free, lightweight, AV 2 years ago.
How to build a $500 i7-3770K Ultimate Computer:http://www.teamliquid.net/blogs/viewblog.php?topic_id=392709 ******** 100% Safe Razorless Delid Method! http://www.overclock.net/t/1376206/how-to-delid-your-ivy-bridge-cpu-with-out-a-razor-blade/0_100
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
December 01 2012 19:22 GMT
#132
On December 02 2012 03:33 cari-kira wrote:
while i dont share your view of antivirus (i think its mandatory, because its preventing 99% of the infections you could get. ever had a friend to visit who brought his usb-stick with him to copy over a file for university? how wold your measures prevent the virus it contains in his autorun.inf from executing?),

Pretty sure autorun has never run without user interaction since XP?
AdministratorTwitter: @R1CH_TL
phar
Profile Joined August 2011
United States1080 Posts
December 02 2012 03:16 GMT
#133
On December 02 2012 03:33 cari-kira wrote:ps: i am responsible for some customer networks with 50+ client pcs for many years now, administrating both client and servers with the users being administrators on most of their PCs (because most customers want it this way.
and if they want it this way, they get it, period. no arguing with a customer, if you want to earn money.)
without antivirus these computers would be down or infected most of the times. i often get calls from people "my antivirus popped up that theres a file containing a virus on my pc, what should i do?" usually an email, an usb stick or a website.
never had any infections the last 10 years thanks to antivirus.

The requirements when managing dozens of computers used by other people are going to be completely different than the requirements of a single person using their own computer.

AV can be very good at reducing the number of infections you'll see in a population of dozens of idiots clicking on random shit whenever possible.
Who after all is today speaking about the destruction of the Armenians?
ghindo
Profile Joined March 2012
United States58 Posts
December 03 2012 00:51 GMT
#134
Thanks for the guide R1CH, never heard of DEP before.
MysteryMeat1
Profile Blog Joined June 2011
United States3291 Posts
Last Edited: 2012-12-30 05:05:01
December 30 2012 03:02 GMT
#135
deleted
"Cause ya know, Style before victory." -The greatest mafia player alive
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
January 26 2013 02:29 GMT
#136
Updated the OP with some new advice regarding plugins (especially Java / Flash) and another AV recommendation.
AdministratorTwitter: @R1CH_TL
semantics
Profile Blog Joined November 2009
10040 Posts
Last Edited: 2013-01-26 03:55:12
January 26 2013 03:54 GMT
#137
Opera's plugins can be reached by typing
opera:plugins
into your address bar.

And for IE it's just smart to by default use ActiveX Filtering for websites, which can be access under safety in the commands bar. Mostly you become surprised how many sites actually support HTML5 video and you don't even need flash.
phar
Profile Joined August 2011
United States1080 Posts
Last Edited: 2013-01-26 05:11:39
January 26 2013 05:11 GMT
#138
You have to
[code]
block
opera:plugins
because
:p
renders as :p on the forum.

Also for chrome the // is unnecessary, you can just do
chrome:plugins
just like opera.
Who after all is today speaking about the destruction of the Armenians?
Mithriel
Profile Joined November 2010
Netherlands2969 Posts
January 30 2013 17:08 GMT
#139
Is EMET needed for windows 8 too? Ive went to the Windows website but under requirements it does not mention Windows 8.
There is no shame in defeat so long as the spirit is unconquered. | Cheering for Maru, Innovation and MMA!
FromShouri
Profile Blog Joined April 2012
United States862 Posts
January 30 2013 18:20 GMT
#140
On January 31 2013 02:08 Mithriel wrote:
Is EMET needed for windows 8 too? Ive went to the Windows website but under requirements it does not mention Windows 8.

Usually just means they havent made a version for 8 yet but you can use the 7 version till then if you get the right executable(32 vs 64)
Limited Edition, lets do some simple addition, $50 for a T-Shirt is just some ignorant bitch shit.
semantics
Profile Blog Joined November 2009
10040 Posts
January 30 2013 22:27 GMT
#141
On January 31 2013 02:08 Mithriel wrote:
Is EMET needed for windows 8 too? Ive went to the Windows website but under requirements it does not mention Windows 8.

There is a EMET 3.5 Tech preview but even that doesn't work work 100% on windows 8 although it expands on some of the features that windows 8 has that 7 doesn't like full ASLRimplementation, i'm sure they are working on it but it's already been documented elsewhere that EMET doesn't always attach to processes in windows 8 and that probably has something to do with their additions and changes.
Nefariously
Profile Joined December 2010
277 Posts
May 30 2013 17:58 GMT
#142
Thoughts on Malwarebyte's Anti Malware?
now ask me if i care
Shagg
Profile Joined September 2010
Finland825 Posts
June 20 2013 09:19 GMT
#143
Hey R1CH new Emet version 4.0 is out http://www.microsoft.com/en-us/download/details.aspx?id=39273
"You're a pro or you're a noob. That's life"
Garnet
Profile Blog Joined February 2006
Vietnam9014 Posts
March 01 2014 06:43 GMT
#144
is using LastPass a good idea? what if someday it got hacked?
ahswtini
Profile Blog Joined June 2008
Northern Ireland22208 Posts
March 04 2014 10:33 GMT
#145
Damn how have I only just found this? Bookmarking for when I get home
"As I've said, balance isn't about strategies or counters, it's about probability and statistics." - paralleluniverse
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
March 04 2014 13:58 GMT
#146
On March 01 2014 15:43 Garnet wrote:
is using LastPass a good idea? what if someday it got hacked?

See https://lastpass.com/how-it-works/ - even if they get hacked, all the hackers will get access to is encrypted data. Your passwords are only decrypted on your PC.
AdministratorTwitter: @R1CH_TL
ahswtini
Profile Blog Joined June 2008
Northern Ireland22208 Posts
April 29 2014 10:16 GMT
#147
How resource intensive is EMET? I'm trying to reduce the number of programs that I run simultaneously improve my laptop's performance.
"As I've said, balance isn't about strategies or counters, it's about probability and statistics." - paralleluniverse
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
April 29 2014 16:38 GMT
#148
It may use some RAM for the tray app, but the mitigations are not intensive at all.
AdministratorTwitter: @R1CH_TL
ahswtini
Profile Blog Joined June 2008
Northern Ireland22208 Posts
April 30 2014 12:46 GMT
#149
So if I'm running it on a laptop with a i5-2.50ghz, 8gb ram that's running Dota at the same time, it really shouldn't make a difference?
"As I've said, balance isn't about strategies or counters, it's about probability and statistics." - paralleluniverse
R1CH
Profile Blog Joined May 2007
Netherlands10340 Posts
Last Edited: 2014-04-30 12:59:10
April 30 2014 12:58 GMT
#150
Won't be noticeable. It's not at all like anti-virus software that intercepts and scans everything, it just inserts mitigations when a program starts and that's pretty much it.
AdministratorTwitter: @R1CH_TL
MagnuMizer
Profile Blog Joined February 2012
Denmark384 Posts
April 30 2014 15:15 GMT
#151
So i realize this is thread is concerning prevention... But I was in between anti viruses for like a day and managed to get myself a vey horrible virus or adware that opens up new windows/tabs in my default browser, advertising sites like adf.ly... and i've tried everything in this guide plus various AV and things like malwarebytes superantisypware etc but they all found nothing and the problem persists...
I don't know if this is the right thread but i'm unsure what other types of trojans and keyloggers that could be on my pc infecting my shit.. can someone help me? Ive tried everything except formatting which will be my last resort..

so far i found a program called rkill.exe on malwarebytes forum that stops the process temporarily... if some wizard in here could help me out i could provide the log that the program writes after it stops the process... maybe it could be of use to find out the source of the adware..
Steelo_Rivers
Profile Blog Joined January 2011
United States1968 Posts
May 03 2014 04:42 GMT
#152
Rename the mbam.exe file to something like mbam1.exe and profit.

I quit using anti-virus a good minute ago. It is VERY easy to know when you have a virus. I'm sure I'm going to be called "stupid" or my claims are "ridiculous", but it's true. Haven't used anti-virus for about 6 years now and the few viruses that I did pick up were from me attempting to pirate something that I had no business dealing with.
ok
Disregard
Profile Blog Joined March 2007
China10252 Posts
May 08 2014 04:25 GMT
#153
Everyone should read this, especially for people that dwell within a realm where security suites and AT software will protect you from everything.

http://krebsonsecurity.com/2014/05/antivirus-is-dead-long-live-antivirus/

"Crypting services are the primary reason that if you or someone within your organization is unfortunate enough to have opened a malware-laced attachment in an email in the first 12-24 hours after the bad guys blast it out in a spam run, there is an excellent chance that whatever antivirus tool you or your company relies upon will not detect this specimen as malicious."

"If I had to take a drug in order to be free, I'm screwed. Freedom exists in the mind, otherwise it doesn't exist."
Normal
Please log in or register to reply.
Live Events Refresh
Next event in 6h 25m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
trigger 347
Harstem 280
Hui .269
ProTech105
MindelVK 48
Vindicta 45
StarCraft: Brood War
Calm 10930
Sea 3717
Hyuk 3689
Snow 540
Light 400
Stork 264
Soulkey 218
Last 160
Zeus 137
PianO 123
[ Show more ]
Sea.KH 57
TY 56
ToSsGirL 55
Rush 49
sorry 41
hero 34
Nal_rA 24
Noble 18
Yoon 16
scan(afreeca) 16
Terrorterran 13
IntoTheRainbow 10
HiyA 8
zelot 7
ivOry 4
Dota 2
Gorgc5675
qojqva3089
syndereN394
XcaliburYe383
Fuzer 263
League of Legends
Dendi311
Counter-Strike
byalli263
olofmeister239
Foxcn200
fl0m0
Heroes of the Storm
Khaldor120
Other Games
singsing2921
B2W.Neo1476
C9.Mang0697
crisheroes440
FrodaN415
DeMusliM315
Beastyqt313
Lowko285
Mew2King151
Mlord148
ArmadaUGS128
XaKoH 101
elazer93
KnowMe38
Organizations
StarCraft 2
WardiTV567
Other Games
BasetradeTV19
StarCraft: Brood War
Kim Chul Min (afreeca) 8
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
sctven
[ Show 15 non-featured ]
StarCraft 2
• poizon28 19
• intothetv
• AfreecaTV YouTube
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• C_a_k_e 3411
League of Legends
• Nemesis5961
• Jankos2461
• TFBlade948
Upcoming Events
OSC
6h 25m
ArT vs ReBellioN
HonMonO vs Ziomek
Shameless vs LunaSea
MilkiCow vs GgMaChine
Moja vs HiGhDrA
Jumy vs TBD
Demi vs NightPhoenix
Solar vs Cham
Replay Cast
9h 25m
OSC
9h 25m
WardiTV Invitational
20h 25m
OSC
22h 25m
Korean StarCraft League
1d 12h
SOOP
1d 18h
sOs vs Percival
CranKy Ducklings
1d 19h
WardiTV Invitational
1d 20h
Cheesadelphia
2 days
[ Show More ]
CSO Cup
2 days
GSL Code S
2 days
Rogue vs herO
Classic vs GuMiho
Sparkling Tuna Cup
2 days
Replay Cast
3 days
Wardi Open
3 days
Replay Cast
4 days
Replay Cast
4 days
RSL Revival
4 days
Cure vs Percival
ByuN vs Spirit
RSL Revival
5 days
herO vs sOs
Zoun vs Clem
Replay Cast
6 days
The PondCast
6 days
RSL Revival
6 days
Serral vs SHIN
Solar vs Cham
Liquipedia Results

Completed

CSL Season 17: Qualifier 2
BGE Stara Zagora 2025
Heroes 10 EU

Ongoing

JPL Season 2
BSL 2v2 Season 3
BSL Season 20
KCM Race Survival 2025 Season 2
NPSL S3
Rose Open S1
CSL 17: 2025 SUMMER
2025 GSL S2
BLAST.tv Austin Major 2025
ESL Impact League Season 7
IEM Dallas 2025
PGL Astana 2025
Asian Champions League '25
BLAST Rivals Spring 2025
MESA Nomadic Masters
CCT Season 2 Global Finals
IEM Melbourne 2025
YaLLa Compass Qatar 2025
PGL Bucharest 2025
BLAST Open Spring 2025

Upcoming

Copa Latinoamericana 4
CSLPRO Last Chance 2025
CSLPRO Chat StarLAN 3
K-Championship
SEL Season 2 Championship
Esports World Cup 2025
HSC XXVII
Championship of Russia 2025
Murky Cup #2
Esports World Cup 2025
BLAST Bounty Fall 2025
BLAST Bounty Fall Qual
IEM Cologne 2025
FISSURE Playground #1
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2025 TLnet. All Rights Reserved.