hi all

i know iv asked this befor but i didnt really gat much of a responce so im goin to try again i been puting a help guide together to help people lock down there systems after thay have cleaned them after having been infected with some sort of malware (virus trojan spyware etc)

so here is what i got so far now oviously you will note that im still missing detailed instructions for securing media player Internet Explorer and Outlook Express but other than that im wondering if there is anything eles i have missed mabe you know of a few good sights that give good detailed infomation on verious aspects of computer security or mabe i have missed some patches that should be added 2 that i can think of that im goin to add now are bug off from merijn.org the maker of hijack this and Qwik-Fix from pivx.com

updates will be in blue

Helping To Keep Your System Clean After Cleansing

The first stage in this process is cleaning instructions on how to do this are given above. Once you have read through and carried out the instructions above and we've finally gotten your system clean you'll want to keep it that way right ?? of course you do !! however in order to achieve this we are going to have to lock down your system because when Microsoft ships there system they are trying to make it "easy" for you to surf the web, NOT SAFE !!!

Now in order to maintain good system security there are several things you should do

The First most important thing you should do is to make sure you have all the correct security software the minimum you should have to maintain a healthy system is a good Firewall, Anti-Virus, Anti-Trojan and Anti-Spyware here are a few recommended ones

Firewall: Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp), Outpost (http://www.agnitum.com/download/), Sygate (http://smb.sygate.com/products/spf_standard.htm)
Anti-Virus: AVG (http://www.grisoft.com/us/us_dwnl_free.php/), AntiVir (http://www.free-av.com/antivirus/allinonen.html), Avast (http://www.avast.com/eng/download/programs/avast_4_home_downloa.html)
Anti-Trojan: A² (Beta) (http://www.emsisoft.com/en/software/free/), Ewido Security Suite (http://www.ewido.net/)
Anti-Spyware: Ad-Aware (http://www.lavasoftusa.com/support/download/), Spybot-S&D (http://www.safer-networking.org/index.php?page=download)

In addition to the above you may also want to consider the following Spyware-Blaster (http://www.javacoolsoftware.com/spywareblaster.html), Spyware-Stopper (Shareware) (http://www.spyware-stopper.com/spystop/index.shtm) and SpyBlocker (Shareware) (http://www.spyblocker-software.com/spyblocker/sb.shtm)

Real-time protection against Malware
Spyware-Guard (http://www.javacoolsoftware.com/spywareguard.html), Prevx Home (https://www.prevx.com/homeoffice/homeoffice_homedownload.htm)

more to be added

The Second most important thing you should do is to always keep as current as possible with all the latest bug/security fixes not only for Windows but for all your programs this is especially important when it come programs like your Anti-Virus, Anti-Trojan and Anti-Spyware

The Third most important thing is to secure your system by locking down all of Windows BIGGEST security holes these includes Internet Explorer, Outlook Express, Windows Media Player and File And Printer Sharing among others

A good way to eliminate a lot of these problems is to simply get rid of Microsoft’s inferior technology all together and use one of the many safer Freeware/Open source alternatives because by doing so you will be saving your self from all the current and future security vulnerabilities created by these programs a good place to find many Freeware/Open source programs is The Source Forge (http://sourceforge.net/) or Openwares (http://www.openwares.org/)

The Forth most important thing you should do is to back up your data this way if your hard drive ever get corrupted you wont loose everything get an imaging program these are special programs that can make an exact duplicate of your hard drive and burn it to a CD or some other form of removable media so that way if the worst should happen all you need do is just restore your back up this avoids or at least reduces the often costly lost of data as long as you remember update your back up regularly

One such imaging program is Acronis True Image (http://www.acronis.com/products/trueimage/) weather you are a novice or an expert this program is for you its extremely user friendly and comes highly recommended I can vouch for it I've used it for years and I cant tell you how many time its saved me from having to do a lengthy system restore

It is advised however that you wipe your system and do system restore then patch and update everything before you make your first back up this way you will know that you are making a clean back up

It is also advised that before you update this back up that you first restore to it again this is so that you know that your updated back up is clean

By doing this you will always know that no matter how badly your computer gets messed up either by Virus, Trojan, Hijacking or some other form of malware you always have a quick easy way to fix the problem

Below is a few other recommended imaging programs

more to be added

The fifth most important thing you should do is watch what you download !! Many Freeware and P2P programs like Grokster, Imesh and Kazaa come with an enormous amounts of spyware that will eat resources, slow your system or clash with other software, possibly causing your Software, Browser or even Windows itself to crash below are a few pages that maintain a list of clean and infected clients

Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywarewarrior.com/uiuc/soft23a.htm)
Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywareinfoforum.com/articles/p2p/)
Spyware-Free Download Managers/Assistants (http://www.spywarewarrior.com/uiuc/soft23.htm)

The sixth most important things you can do is to is to be informed subscribe to security news letters to keep up to date with all the latest threats read and learn as much as you can because knowledge is power the more knowledge you have the safer you will be below is a few links to resources that will help you do just that

http://www.tom-cat.com/security.html
http://www.dslreports.com/faq/security
http://www.spywarewarrior.com/uiuc/main-nf.htm
http://www.claymania.com/safe-hex.html

Ok so recommendations over its time to get to work and start locking things down

First its recommended that you Disable file and printer sharing if you don't need it as it will enhance security and give attackers 1 less way into your system Complete instructions for Windows 98 and Windows NT can be found Here (http://www.grc.com/su-bondage.htm) Instructions for Windows XP and Windows 2000 can be found Here (http://www.petri.co.il/disable_netbios_in_w2kxp.htm)

Next we need to lock down 3 of windows other big security holes Internet Explorer, Outlook Express & Windows Media Player in order to make these safe from attack by Viruses Trojans drive by install and other such vulnerabilities we are going to have to reconfigure there security settings Instructions for this can be found

URL and/or Instructions

You can also further secure Internet Explorer down by installing the following

BugOff can be found Here (http://www.merijn.org/downloads.html)

-{ Quote: "This little app disables a few exploits that are commonly used by browser hijackers (including CWS), thus protecting you from infection. This does not remove an existing infection! Applicable to everyone that uses Internet Explorer." }-

another similar application is Qwik-Fix

Qwik-Fix can be found Here (http://www.pivx.com/qwikfixDownloadPage.asp)

-{ Quote: "Qwik-Fix Pro uses Active System Hardening to protect Windows desktops and servers against new threats by blocking the underlying vulnerabilities exploited by worms and viruses. Qwik-Fix Pro protects from hundreds of specific worms and viruses and safeguards PCs from falling victim to the next worm or virus before vendor security patches become available" }-

IE-SPYAD: Restricted Sites List For Internet Explorer Found Here (http://www.spywarewarrior.com/uiuc/resource.htm)

-{ Quote: "IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you." }-

ActiveX Spyware Block List One Can Be Found Here (http://www.spywareguide.com/blockfile.php)

-{ Quote: "Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don't want to lose out on functionality?

We have created a system that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present on your system, it will fail too!

Other, "friendly" components are not affected.
For a full technical explanation how this works, look at this Microsoft article (http://support.microsoft.com/support/kb/articles/q240/7/97.asp)" }-

After downloading and installing these Open Internet Options again either through control panel or by opening Internet Explorer and then clicking Tools\Internet Options

Next click on the Security tab and select Restricted Zone then press the Custom Level button and re-configure the settings so that everything is set to Disable or Prompt (setting it to "High" is not enough) once done hit ok to close the window then click apply to save the changes

Next we need to Enable active scripting for trusted sights like windows update because you may find that the above settings will brake sights like windows update that require active scripting this can be done as follows

Open Internet Options either through control panel or by opening Internet Explorer and then clicking Tools\Internet Options

Next click on the Security tab and select Trusted Zone then press the Sights button and either cut and paste or type the URL of the trusted sight and hit the add button then ok the change and exit internet options then just refresh the page when you are done

Ok next we need to configure Internet Explorers Cookie settings

Open Internet Options either through control panel or by opening Internet Explorer and then clicking Tools\Internet Options

Next click on the Privacy Tab and select the Advanced Button

Check the Override Automatic Cookie Handling box then Select Block under both First & Third-party Cookies and check the Always allow session cookies box

Click Ok and exit Internet options

If you find that there is a sight that requires the use of cookies such as logging in to your on line banking, email, forum boards Etc then all you need to do is go back in to your cookie settings press the edit button then type in the appropriate URL and press allow then ok the change clear your cashe reload the page and you should now be able to log in

Next we need to lock down Outlook Express Instructions for this can be found

URL and/or Instructions Here

and finaly Windows Media Player

URL and/or Instructions Here

After following these instructions you my also want to apply this patch by Java Cool

Windows Media Player Scripting Fix (http://www.javacoolsoftware.com/wmpscriptingfix.html)

-{ Quote: "Windows Media Player, by default, supports a dangerous feature that allows scripting to be embedded within media files. Windows Media Player will then execute the scripting when the media file is played. The Windows Media Player Scripting Fix is a small application that disables Windows Media Player scripting simply, and easily, with the press of a button - scripting can also be re-enabled at a later date with this same program.

So why is scripting in WMP dangerous? because Windows Media Player scripting functions can be used to execute programs, open web pages, and much more when you open any media file that has them embedded." }-

Ok now that we have locked down Internet Explorer, Outlook Express, Windows Media Player and File & Printer Sharing its time to cover a few OS Specific problems

First you should apply these 2 patches from the creators of BOCLEAN

HTA Stop 2003 (http://www.simtel.net/product.php?url_fb_product_page=67031)

-{ Quote: "It's now possible for a "rogue" website to actually embed Trojans, worms and/or viruses directly into a web page. In the past, pages that offer seemingly attractive downloads which contain such malware required you to click to start any download to your computer. Now it's become automatic, using features in the Windows operating system known as scripting. These scripts can load programs without you knowing, and then they run immediately. All you have to do is visit the site, without doing anything besides viewing the page. HTAstop acts as a brick wall against these scripts, disabling them so the download doesn't occur" }-

However Win 2000 And XP users should see this warning before applying this patch

-{ Quote: "For reasons that only Microsoft can explain, recent Windows updates have changed the functionality of some items in the Control Panel applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control Panel may not respond or will open Notepad with an error message instead. This is because Microsoft has decided to replace the original Control Panel programs with actual HTA SCRIPTING! Since HTA has been stopped, this too will also be stopped because the MSHTA.EXE program which HTAStop stops is not available.

The solution to this problem is to run HTAStop and PERMIT HTA long enough to do what you need to do, then turn it back off again so as to protect your security. Microsoft is using MSHTA for these Control Panel functions now, and HTAStop has blocked MSHTA.EXE from running." }-

DSO Stop2 (http://www.nsclean.com/dsostop.html)

-{ Quote: "The "DSO Exploit" (Data Source Object) was first reported by GreyMagic Software of Israel on February 27, 2002 and a "workaround" for Microsoft's defective code was provided by Axel Pettinger and Garland Hopkins on March 3, 2002 involving the editing of the Windows registry to alter values contained within Internet Explorer's Internet Zones configurations. Because many computer users are extremely nervous (and justifiably so) about manually editing the Windows registry, owing to years of warnings and advisories as to the dangers of editing the registry, Privacy Software has provided this FREE utility to safely do it for those who do not feel confident running and editing "Regedit." We have provided this software to the general public to solve a problem since no one else has stepped up to the plate to solve a serious problem as of the time of this release." }-

For toughs of you that are still using Win95/98/ME you should apply these 2 excellent patches from DiamondCS

Anti-Polymorphism Patch (http://www.diamondcs.com.au/index.php?page=patch1)

-{ Quote: "This patch prevents Windows Scripts (such as VBScript and JavaScript) from being able to read/write to themselves, making Windows Script polymorphism nearly impossible through conventional means. This can prevent polymorphic worms from executing." }-

Saved Passwords Lock Patch (http://www.diamondcs.com.au/index.php?page=patch2)

-{ Quote: "Safely Disables the WNetEnumCachedPasswords function in MPR.DLL, stopping Trojans and other malicious programs from obtaining your passwords. A demo program is included that shows you which password information is available on your system." }-

Next if you are still running Win 98 Se you should also apply this excellent UNOFFICIAL Windows98 Second Edition Service Pack (http://exuberant.ms11.net/98sesp.html)

Toughs of you that are using WinXP should grab a copy of XP Antispy

Note: However please be aware that if you are using Ewido Security Suite you do not need this as Ewido Security Suite already includes XP-Antispy

XP Antispy (http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26)

-{ Quote: "MS has integrated some tools and services into the system, that can automatically connect to the net without your permission and with out you knowing about it. Nobody knows what's possible being transferred to and from your computer via these services so if you want to stop this behaviour download XP Antispy this program will let you safely Disable and re-Enable XP's "Phoning Home" services" }-

Toughs of you that are running older systems like 98/ME/2000 should grab a copy of Safe XP insted this app is very similar to XP Antispy but unlike XP Antispy Safe XP is designed to also work on older systems like 98/ME/2000

Safe XP (http://theorica.click-now.net/safexp.htm)

-{ Quote: "Safe XP allows users to quickly tweak various security and privacy related settings in 98/ME/2000/XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as an option to remove items from the Start menu, network security settings and more. Safe XP improves your system performance and makes Windows run faster, more secure and reliable! And is suitable for beginners and experts alike!" }-

Ok now you have secured your system you we need to test your defences effectiveness below are a few sights that provide security validation services to allow you to do just that

http://cybercoyote.org/security/tests.htm

If you have any questions comments suggestions maybe iv missed something important that you think should be included or maybe I’ve given instructions incorrectly or in a confusing manor and you cant follow it what ever the case if you have any problems feel free to contact me and ill see what I can do

And finally I'd like to say a huge thank you to everyone who has helped me out writing this I cant remember specific people but you know who you are id also like to say a huge thanks to OPTIMIZER who has been of grate assistance to me during the writing of this guide

Thank you all your help is greatly appreciated

Great so far,execellent ;D

im not sure if its on your list, but i always install sun java. i have version 1.5 right now. it was beta, dont know if its been released or not ???

humm well this is disappointing especially since this is definitely a worth while project is there no one that's got any suggestions

and preferably some easy to understand instructions for configuring IE OE & WMP for maximum security

Maybe you can add some from here:

http://www.mvps.org/winhelp2002/hosts.htm

Good thing you are doing.
Regards,

Gerard

you are very welcome Bethrezen, in fact, this is a major pluspoint you know where...

Optimizer/Infinity/Optimity

lol - pelt

Hi Bethrezen, maybe some notes on the famous rogue list of Eric L Howes?

this way you could help spread the word on the "twilightzone" :) spyware apps.

http://www.spywarewarrior.com/rogue_anti-spyware.htm


maybe some encryption tips (how to enable windows encryption triple DES and not standard DES,...)

some additional security measures:
http://labmice.techtarget.com/windowsxp/security/default.htm

and this link is for securing OE and internet explorer

http://www.iatn.net/help/security/


bye

password protect each account. use a good password which isnt easy to hack, e.g. over 10 characters, with numbers and letters.

before running a scanner, update it then restart it.

keep OS up to date.e.g. windowsupdate

check for IRCBots
http://www.jasons-toolbox.com/programs.asp?Program=IRCBot%20Detector

test your anti-virus with EICAR test virus

if you are on a standalone computer turn off NetBIOS

use msconfig, or a startup manager to make sure no malware is starting when you turn on computer

file integrity checkers-
http://www.capimonitor.nl/Atguard%20&%20NIS/_loadurl.php?filename=niscrc.php
http://www.accuhash.com/

jpeg scanner
http://www.wilderssecurity.com/showthread.php?t=51945&highlight=jpeg+scanner

check for alternative data streams and remove them. second on page (ADS Spy)
http://www.spywareinfoforum.com/~merijn/

KazaaBegone 1.10
http://www.majorgeeks.com/download3446.html

view ports and programs using them
http://www.diamondcs.com.au/portexplorer/
http://www.snapfiles.com/get/cports.html
http://www.snapfiles.com/get/nettrafficmeter.html

File Encryption Software
http://axcrypt.sourceforge.net/

for ie settings i use the ones at the link below but with one difference- i have the first option (download signed ActiveX controls) set to prompt :)
http://www.dslreports.com/forum/remark,1333507~root=security,1~mode=flat

for more settings to help secure ie and xp, the link below is good
http://www.markusjansson.net/exp.html

this next one is for xp, but on the left hand side of the page, Home User Self-Defence, there are pages for other OSs.
http://www.uksecurityonline.com/husdg/windowsxp/wxpp2.php

install a second, perhaps free, anti-virus, making sure that it is only used for on-demand, so the real-time protection is off

check your firewall at a site like shields up

dont post your email address on the internet, because it could be havested by a bot. if you have to, use a throw away account like hotmail

Bazooka Adware and Spyware Scanner
http://www.kephyr.com/spywarescanner/index.html

https://www.hushmail.com/

http://spambayes.sourceforge.net/

online scanners
http://www.windowsecurity.com/trojanscan/
http://housecall.trendmicro.com/

Password Managers
http://www.roboform.com/
http://www.accountlogon.com/

http://www.wilders.org/securing_your_pc.htm
http://www.microsoft.com/athome/security/default.mspx
http://www.antivirus.com/pc-cillin/vinfo/safe_computing/
http://spywarewarrior.com/asw-test-guide.htm

http://www.firewallleaktester.com/software.htm

Windows Worms Doors Cleaner
http://www.firewallleaktester.com/wwdc.htm

hi all

thanks for ya relpys some good stuff ill repost with a few adations when iv had time to go through everything

Nice thread, lots of good info here. ;)
Keep up the good work !

hi all

as i cant edit my first post with the new addations ill jsyt have to repost the whole thing to make it easy to see what i have added ill highlight it in blue

Helping To Keep Your System Clean After Cleansing

The first stage in this process is cleaning instructions on how to do this are given above. Once you have read through and carried out the instructions above and we've finally gotten your system clean you'll want to keep it that way right ?? of course you do !! however in order to achieve this we are going to have to lock down your system because when Microsoft ships there system they are trying to make it "easy" for you to surf the web, NOT SAFE !!!

Now in order to maintain good system security there are several things you should do

The First most important thing you should do is to make sure you have all the correct security software the minimum you should have to maintain a healthy system is a good Firewall, Anti-Virus, Anti-Trojan and Anti-Spyware here are a few recommended ones

Firewall: Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp), Outpost (http://www.agnitum.com/download/), Sygate (http://smb.sygate.com/products/spf_standard.htm)
Anti-Virus: AVG (http://www.grisoft.com/us/us_dwnl_free.php/), AntiVir (http://www.free-av.com/antivirus/allinonen.html), Avast (http://www.avast.com/eng/download/programs/avast_4_home_downloa.html)
Anti-Trojan: A² (Beta) (http://www.emsisoft.com/en/software/free/), Ewido Security Suite (http://www.ewido.net/)
Anti-Spyware: Ad-Aware (http://www.lavasoftusa.com/support/download/), Spybot-S&D (http://www.safer-networking.org/index.php?page=download)

In addition to the above you may also want to consider the following , Spyware-Blaster (http://www.javacoolsoftware.com/spywareblaster.html), Spyware-Stopper (Shareware) (http://www.spyware-stopper.com/spystop/index.shtm) and SpyBlocker (Shareware) (http://www.spyblocker-software.com/spyblocker/sb.shtm)

Real-time protection against Malware
Spyware-Guard (http://www.javacoolsoftware.com/spywareguard.html), Prevx Home (https://www.prevx.com/homeoffice/prevxhome/prevxhome.htm)

Encryption software

Although encryption software isn't necessary for everyone it is recommended if you have any sensitive file that you want to keep away from prying eyes however be aware that encryption software is only as strong as the password you select below are a couple of trustworthy programs

http://axcrypt.sourceforge.net/]Axcrypt (

more to be added

The Second most important thing you should do is to always keep as current as possible with all the latest bug/security fixes not only for Windows but for all your programs this is especially important when it come programs like your Anti-Virus, Anti-Trojan and Anti-Spyware

The Third most important thing is to secure your system by locking down all of Windows BIGGEST security holes these includes Internet Explorer, Outlook Express, Windows Media Player and File And Printer Sharing among others

A good way to eliminate a lot of these problems is to simply get rid of Microsoft’s inferior technology all together and use one of the many safer Freeware/Open source alternatives because by doing so you will be saving your self from all the current and future security vulnerabilities created by these programs a good place to find many Freeware/Open source programs is The Source Forge (http://sourceforge.net/) or Openwares (http://www.openwares.org/)

The Forth most important thing you should do is to use password protect because this prevents unauthorized access to your system and stops people/malware tampering with your operating system and/or programs settings be aware however that password protection is only as strong as the password you select choose a good passwords which isn't easy to brake, it should be over 10 characters, with numbers, letters, Symbols, upper and lower case letters and it shouldn't be a word that appears in the dictionary

The Fifth most important thing you should do is to back up your data this way if your hard drive ever get corrupted you wont loose everything get an imaging program these are special programs that can make an exact duplicate of your hard drive and burn it to a CD or some other form of removable media so that way if the worst should happen all you need do is just restore your back up this avoids or at least reduces the often costly lost of data as long as you remember update your back up regularly

One such imaging program is Acronis True Image (http://www.acronis.com/products/trueimage/) weather you are a novice or an expert this program is for you its extremely user friendly and comes highly recommended I can vouch for it I've used it for years and I cant tell you how many time its saved me from having to do a lengthy system restore

It is advised however that you wipe your system and do system restore then patch and update everything before you make your first back up this way you will know that you are making a clean back up

It is also advised that before you update this back up that you first restore to it again this is so that you know that your updated back up is clean

By doing this you will always know that no matter how badly your computer gets messed up either by Virus, Trojan, Hijacking or some other form of malware you always have a quick easy way to fix the problem

Below is a few other recommended imaging programs

more to be added

The Sixth most important thing you should do is watch what you download !! Many Freeware and P2P programs like Grokster, Imesh and Kazaa come with an enormous amounts of spyware that will eat resources, slow your system or clash with other software, possibly causing your Software, Browser or even Windows itself to crash below are a few pages that maintain a list of clean and infected clients

Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywarewarrior.com/uiuc/soft23a.htm)
Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywareinfoforum.com/articles/p2p/)
Spyware-Free Download Managers/Assistants (http://www.spywarewarrior.com/uiuc/soft23.htm)

You may also want to check out the http://www.spywarewarrior.com/rogue_anti-spyware.htm]Rogue/Suspect Anti-Spyware Products & Web Sites list (

The Seventh most important things you can do is to is to be informed subscribe to security news letters to keep up to date with all the latest threats read and learn as much as you can because knowledge is power the more knowledge you have the safer you will be below is a few links to resources that will help you do just that

http://www.tom-cat.com/security.html
http://www.dslreports.com/faq/security
http://www.spywarewarrior.com/uiuc/main-nf.htm
http://www.claymania.com/safe-hex.html
http://www.uksecurityonline.com/husdg/

Ok so recommendations over its time to get to work and start locking things down

First its recommended that you Disable file and printer sharing if you don't need it as it will enhance security and give attackers 1 less way into your system Complete instructions for Windows 98 and Windows NT can be found Here (http://www.grc.com/su-bondage.htm) Instructions for Windows XP and Windows 2000 can be found Here (http://www.petri.co.il/disable_netbios_in_w2kxp.htm)

Next we need to lock down 3 of windows other big security holes Internet Explorer, Outlook Express & Windows Media Player in order to make these safe from attack by Viruses Trojans drive by install and other such vulnerabilities we are going to have to reconfigure there security settings Instructions for this can be found Below

[COLOR=Blue]we will start with Internet Explorer first now there seems to be a lots of differing opinions about what the best set up for IE should be and I am in the process of writing up a set of instructions that will allow IE to remain functional while increasing its security in the mean time till I’m finished here are a few links to information on the subject

[url]http://www.lavasoftsupport.com/inde...showtopic=14537[/url]
[url]http://www.dslreports.com/forum/rem...ity,1~mode=flat[/url]
[url]http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm[/url]

You can also further secure Internet Explorer down by installing the following

BugOff can be found Here (http://www.merijn.org/downloads.html)

-{ Quote: "This little app disables a few exploits that are commonly used by browser hijackers (including CWS), thus protecting you from infection. This does not remove an existing infection! Applicable to everyone that uses Internet Explorer." }-

another similar application is Qwik-Fix

Qwik-Fix can be found Here (http://www.pivx.com/qwikfixDownloadPage.asp)

-{ Quote: "Qwik-Fix Pro uses Active System Hardening to protect Windows desktops and servers against new threats by blocking the underlying vulnerabilities exploited by worms and viruses. Qwik-Fix Pro protects from hundreds of specific worms and viruses and safeguards PCs from falling victim to the next worm or virus before vendor security patches become available" }-

IE-SPYAD: Restricted Sites List For Internet Explorer Found Here (http://www.spywarewarrior.com/uiuc/resource.htm)

-{ Quote: "IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you." }-

ActiveX Spyware Block List One Can Be Found Here (http://www.spywareguide.com/blockfile.php)

-{ Quote: "Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don't want to lose out on functionality?

We have created a system that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present on your system, it will fail too!

Other, "friendly" components are not affected.
For a full technical explanation how this works, look at this Microsoft article (http://support.microsoft.com/support/kb/articles/q240/7/97.asp)" }-

In addition to theses you may also want to consider the use of a host file

What is a host file ? & What’s it do ?

-{ Quote: "[COLOR=Blue]The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements." }-

Read Here (http://www.mvps.org/winhelp2002/hosts.htm) to find out more

Next we need to lock down Outlook Express

NOTE: Outlook Express it part of Internet Explorer so the settings for one can affect the other.

Open Outlook Express Select Tools/Options

Select The Read Tab

Check Read all messages in plaintext

Select the Security Tab

Place a dot in Restricted Zone
Check Warn Me When Other Applications Try To Send Mail As Me
Check Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus

Select The Maintenance Tab

Check Purge deleted messages when leaving IMAP folders
Check Empty Messages From The Deleted Items Folder On Exit

and finaly Windows Media Player

URL and/or Instructions Here

After following these instructions you my also want to apply this patch by Java Cool

Windows Media Player Scripting Fix (http://www.javacoolsoftware.com/wmpscriptingfix.html)

-{ Quote: "Windows Media Player, by default, supports a dangerous feature that allows scripting to be embedded within media files. Windows Media Player will then execute the scripting when the media file is played. The Windows Media Player Scripting Fix is a small application that disables Windows Media Player scripting simply, and easily, with the press of a button - scripting can also be re-enabled at a later date with this same program.

So why is scripting in WMP dangerous? because Windows Media Player scripting functions can be used to execute programs, open web pages, and much more when you open any media file that has them embedded." }-

Ok now that we have locked down Internet Explorer, Outlook Express, Windows Media Player and File & Printer Sharing its time to cover a few OS Specific problems

First you should apply these 2 patches from the creators of BOCLEAN

HTA Stop 2003 (http://www.simtel.net/product.php?url_fb_product_page=67031)

-{ Quote: "It's now possible for a "rogue" website to actually embed Trojans, worms and/or viruses directly into a web page. In the past, pages that offer seemingly attractive downloads which contain such malware required you to click to start any download to your computer. Now it's become automatic, using features in the Windows operating system known as scripting. These scripts can load programs without you knowing, and then they run immediately. All you have to do is visit the site, without doing anything besides viewing the page. HTAstop acts as a brick wall against these scripts, disabling them so the download doesn't occur" }-

However Win 2000 And XP users should see this warning before applying this patch

-{ Quote: "For reasons that only Microsoft can explain, recent Windows updates have changed the functionality of some items in the Control Panel applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control Panel may not respond or will open Notepad with an error message instead. This is because Microsoft has decided to replace the original Control Panel programs with actual HTA SCRIPTING! Since HTA has been stopped, this too will also be stopped because the MSHTA.EXE program which HTAStop stops is not available.

The solution to this problem is to run HTAStop and PERMIT HTA long enough to do what you need to do, then turn it back off again so as to protect your security. Microsoft is using MSHTA for these Control Panel functions now, and HTAStop has blocked MSHTA.EXE from running." }-

DSO Stop2 (http://www.nsclean.com/dsostop.html)

-{ Quote: "The "DSO Exploit" (Data Source Object) was first reported by GreyMagic Software of Israel on February 27, 2002 and a "workaround" for Microsoft's defective code was provided by Axel Pettinger and Garland Hopkins on March 3, 2002 involving the editing of the Windows registry to alter values contained within Internet Explorer's Internet Zones configurations. Because many computer users are extremely nervous (and justifiably so) about manually editing the Windows registry, owing to years of warnings and advisories as to the dangers of editing the registry, Privacy Software has provided this FREE utility to safely do it for those who do not feel confident running and editing "Regedit." We have provided this software to the general public to solve a problem since no one else has stepped up to the plate to solve a serious problem as of the time of this release." }-

For toughs of you that are still using Win95/98/ME you should apply these 2 excellent patches from DiamondCS

Anti-Polymorphism Patch (http://www.diamondcs.com.au/index.php?page=patch1)

-{ Quote: "This patch prevents Windows Scripts (such as VBScript and JavaScript) from being able to read/write to themselves, making Windows Script polymorphism nearly impossible through conventional means. This can prevent polymorphic worms from executing." }-

Saved Passwords Lock Patch (http://www.diamondcs.com.au/index.php?page=patch2)

-{ Quote: "Safely Disables the WNetEnumCachedPasswords function in MPR.DLL, stopping Trojans and other malicious programs from obtaining your passwords. A demo program is included that shows you which password information is available on your system." }-

Next if you are still running Win 98 Se you should also apply this excellent UNOFFICIAL Windows98 Second Edition Service Pack (http://exuberant.ms11.net/98sesp.html)

Toughs of you that are using WinXP should grab a copy of XP Antispy

Note: However please be aware that if you are using Ewido Security Suite you do not need this as Ewido Security Suite already includes XP-Antispy

XP Antispy (http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26)

-{ Quote: "MS has integrated some tools and services into the system, that can automatically connect to the net without your permission and with out you knowing about it. Nobody knows what's possible being transferred to and from your computer via these services so if you want to stop this behaviour download XP Antispy this program will let you safely Disable and re-Enable XP's "Phoning Home" services" }-

Toughs of you that are running older systems like 98/ME/2000 should grab a copy of Safe XP insted this app is very similar to XP Antispy but unlike XP Antispy Safe XP is designed to also work on older systems like 98/ME/2000

Safe XP (http://theorica.click-now.net/safexp.htm)

-{ Quote: "Safe XP allows users to quickly tweak various security and privacy related settings in 98/ME/2000/XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as an option to remove items from the Start menu, network security settings and more. Safe XP improves your system performance and makes Windows run faster, more secure and reliable! And is suitable for beginners and experts alike!" }-

Ok now you have secured your system you we need to test your defences effectiveness below are a few sights that provide security validation services to allow you to do just that

http://cybercoyote.org/security/tests.shtml
http://www.firewallleaktester.com/
http://www.spywarewarrior.com/uiuc/info17.htm

If you have any questions comments suggestions maybe iv missed something important that you think should be included or maybe I’ve given instructions incorrectly or in a confusing manor and you cant follow it what ever the case if you have any problems feel free to contact me and ill see what I can do

And finally I'd like to say a huge thank you to everyone who has helped me out writing this I cant remember specific people but you know who you are id also like to say a huge thanks to OPTIMIZER who has been of grate assistance to me during the writing of this guide

Thank you all your help is greatly appreciated

hi all

well as ya will see if ya look above iv added a few additions keep the suggestions coming

although one request can you not suggest things like

online scanners
http://www.windowsecurity.com/trojanscan/
http://housecall.trendmicro.com/

because this part of the guide is only for securing your computer after cleaning if you want to find the first part of this guide that deals with cleaning it can be found Here (http://spyblocker-software.com/IPB/index.php?showtopic=629)

if you have any suggestions for things that should be added to that part of the guide then please post your comments here Here (http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644)

i have also added this link to the top of the other sticky topics i have put up at the spyblocker forum incase you have any Questions, Comments or Suggestions reguarding thoughs threads

hi all

no one have any more suggestions ??

is my guide really so comprehensive ?? that no one can think of any other areas of importance that I haven't covered

I can think of one a general set of guide lines to help with the correct configuration of firewalls

I however wont be doing this as that just a lil beyond my capabilities but if someone wants to write up a general set of guidelines or point me in the direction of such infomation id be happy to add it to my guide

neway that said if you cant think of any other areas of importance that I haven't covered what about additional programs preferably free and for older OSs like 98 as well

Firewall:
Anti-Virus:
Anti-Trojan:
Anti-Spyware:
Encryption:
Imaging:
Real-time Malware protection:

also are there any other type of apps that should be added to that list ??

if so what ??

also does anyone know of any other patches and fixes like HTA Stop DSO Stop that should be listed ? that arnt already ?

in fact now that I think about it I should check grc.com id bet there are quite a few there that are worth a mention

well anyway I hope this gives people a few ideas and gets them thinking

Blessed Be

This might be way to essoteric, i will post it separate to see if it gets any attention, but we all know that MS embeds metadata about (god knows what and) the customary (for them) unique user ID. that is asside from scripts and so on.

I just wonder if there is a tool available to read and possibly erase or edit data that is embedded in Word.

i doubt this is a concern of too many people, but i'd just like to know exactly what this data says.

-HandsOff

hi

ok you have kind of lost me with this one ?? could you please explain what you mean ??

are you talking about Alternate Data Stream in Windows 2000/XP and the tool made by Merijn to view such streams

hi all

just a quick update for tonight all i have time at the moment for new bits are in blue

Helping To Keep Your System Clean After Cleansing

The first stage in this process is cleaning instructions on how to do this are given above. Once you have read through and carried out these instructions and we've finally gotten your system clean you'll want to keep it that way right ?? of course you do !! however in order to achieve this we are going to have to lock down your system because when Microsoft ships there system they are trying to make it "easy" for you to surf the web, NOT SAFE !!!

Now in order to maintain good system security there are several things you should do

The First most important thing you should do is to make sure you have all the correct security software the minimum you should have to maintain a healthy system is a good Firewall, Anti-Virus, Anti-Trojan and Anti-Spyware here are a few recommended ones

Firewall: Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp), Outpost (http://www.agnitum.com/download/), Sygate (http://smb.sygate.com/products/spf_standard.htm)
Anti-Virus: AVG (http://www.grisoft.com/us/us_dwnl_free.php/), AntiVir (http://www.free-av.com/antivirus/allinonen.html), Avast (http://www.avast.com/eng/down_home.html)
Anti-Trojan: A² (Beta) (http://www.emsisoft.com/en/software/free/), Ewido Security Suite (http://www.ewido.net/)
Anti-Spyware: Ad-Aware (http://www.lavasoftusa.com/support/download/), Spybot-S&D (http://www.safer-networking.org/index.php?page=download)

In addition to the above you may also want to consider the following , Spyware-Blaster (http://www.javacoolsoftware.com/spywareblaster.html), Spyware-Stopper (Shareware) (http://www.spyware-stopper.com/spystop/index.shtm) and SpyBlocker (Shareware) (http://www.spyblocker-software.com/spyblocker/sb.shtm)

Real-time protection against Malware
Spyware-Guard (http://www.javacoolsoftware.com/spywareguard.html), Prevx Home (http://www1.prevx.com/prevxhome.asp)

Encryption software

Although encryption software isn't necessary for everyone it is recommended if you have any sensitive file that you want to keep away from prying eyes however be aware that encryption software is only as strong as the password you select below are a couple of trustworthy programs

Axcrypt (http://axcrypt.sourceforge.net/)

more to be added

The Second most important thing you should do is to always keep as current as possible with all the latest bug/security fixes not only for Windows but for all your programs this is especially important when it come programs like your Anti-Virus, Anti-Trojan and Anti-Spyware

The Third most important thing is to secure your system by locking down all of Windows BIGGEST security holes these includes Internet Explorer, Outlook Express, Windows Media Player and File And Printer Sharing among others

A good way to eliminate a lot of these problems is to simply get rid of Microsoft’s inferior technology all together and use one of the many safer Freeware/Open source alternatives because by doing so you will be saving your self from all the current and future security vulnerabilities created by these programs a good place to find many Freeware/Open source programs is The Source Forge (http://sourceforge.net/) or Openwares (http://www.openwares.org/)

The Forth most important thing you should do is to use password protect because this prevents unauthorized access to your system and stops people/malware tampering with your operating system and/or programs settings

The problem here however is quite often if you have a lot of passwords you’ll often get them mixed up or forget them altogether and this puts people off using password protection however it doesn't have to be like this there are programs known as password vaults these are programs that will store all your passwords in a protected archive allowing you to safely log in to any of your password protected accounts with a single click of the mouse

below are a couple of such programs

Robo Form (http://www.roboform.com/), Account Logon (http://www.accountlogon.com/)

Be aware however that password protection is only as strong as the password you select choose a good passwords which isn't easy to brake, it should be over 10 characters, with numbers, letters, Symbols, upper and lower case letters and it shouldn't be a word that appears in the dictionary

The Fifth most important thing you should do is to back up your data this way if your hard drive ever get corrupted you wont loose everything get an imaging program these are special programs that can make an exact duplicate of your hard drive and burn it to a CD or some other form of removable media so that way if the worst should happen all you need do is just restore your back up this avoids or at least reduces the often costly lost of data as long as you remember update your back up regularly

One such imaging program is true image weather you are a novice or an expert this program is for you its extremely user friendly and comes highly recommended I can vouch for it I've used it for years and I cant tell you how many time its saved me from having to do a lengthy system restore

It is advised however that you wipe your system and do system restore then patch and update everything before you make your first back up this way you will know that you are making a clean back up

It is also advised that before you update this back up that you first restore to it again this is so that you know that your updated back up is clean

By doing this you will always know that no matter how badly your computer gets messed up either by Virus, Trojan, Hijacking or some other form of malware you always have a quick easy way to fix the problem

Below is a few other recommended imaging programs

Acronis True Image (Payware) (http://www.acronis.com/products/trueimage/)

more to be added

The Sixth most important thing you should do is watch what you download !! Many Freeware and P2P programs like Grokster, Imesh and Kazaa come with an enormous amounts of spyware that will eat resources, slow your system or clash with other software, possibly causing your Software, Browser or even Windows itself to crash below are a few pages that maintain a list of clean and infected clients

Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywarewarrior.com/uiuc/soft23a.htm)
Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywareinfoforum.com/articles/p2p/)
Spyware-Free Download Managers/Assistants (http://www.spywarewarrior.com/uiuc/soft23.htm)

You may also want to check out the Rogue/Suspect Anti-Spyware Products & Web Sites list (http://www.spywarewarrior.com/rogue_anti-spyware.htm)

The Seventh most important things you can do is to is to be informed subscribe to security news letters to keep up to date with all the latest threats read and learn as much as you can because knowledge is power the more knowledge you have the safer you will be below is a few links to resources that will help you do just that

http://www.tom-cat.com/security.html
http://www.dslreports.com/faq/security
http://www.spywarewarrior.com/uiuc/main-nf.htm
http://www.claymania.com/safe-hex.html
http://www.uksecurityonline.com/husdg/

Ok so recommendations over its time to get to work and start locking things down

First its recommended that you Disable file and printer sharing if you don't need it as it will enhance security and give attackers 1 less way into your system Complete instructions for Windows 98 and Windows NT can be found Here (http://www.grc.com/su-bondage.htm) Instructions for Windows XP and Windows 2000 can be found Here (http://www.petri.co.il/disable_netbios_in_w2kxp.htm)

Next we need to lock down 3 of windows other big security holes Internet Explorer, Outlook Express & Windows Media Player in order to make these safe from attack by Viruses Trojans drive by install and other such vulnerabilities we are going to have to reconfigure there security settings Instructions for this can be found Below

we will start with Internet Explorer first now there seems to be a lots of differing opinions about what the best set up for IE should be and I am in the process of writing up a set of instructions that will allow IE to remain functional while increasing its security in the mean time till I’m finished here are a few links to information on the subject

http://www.lavasoftsupport.com/index.php?showtopic=14537
http://www.dslreports.com/forum/remark,133...ity,1~mode=flat (http://www.dslreports.com/forum/remark,1333507~root=security,1~mode=flat)
http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

You can also further secure Internet Explorer down by installing the following

BugOff can be found Here (http://www.merijn.org/downloads.html)

-{ Quote: "This little app disables a few exploits that are commonly used by browser hijackers (including CWS), thus protecting you from infection. This does not remove an existing infection! Applicable to everyone that uses Internet Explorer." }-

another similar application is Qwik-Fix

Qwik-Fix can be found Here (http://www.pivx.com/qwikfixDownloadPage.asp)

-{ Quote: "Qwik-Fix Pro uses Active System Hardening to protect Windows desktops and servers against new threats by blocking the underlying vulnerabilities exploited by worms and viruses. Qwik-Fix Pro protects from hundreds of specific worms and viruses and safeguards PCs from falling victim to the next worm or virus before vendor security patches become available" }-

IE-SPYAD: Restricted Sites List For Internet Explorer Found Here (http://www.spywarewarrior.com/uiuc/resource.htm)

-{ Quote: "IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you." }-

ActiveX Spyware Block List One Can Be Found Here (http://www.spywareguide.com/blockfile.php)

-{ Quote: "Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don't want to lose out on functionality?

We have created a system that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present on your system, it will fail too!

Other, "friendly" components are not affected.
For a full technical explanation how this works, look at this Microsoft article (http://support.microsoft.com/support/kb/articles/q240/7/97.asp)" }-

In addition to theses you may also want to consider the use of a host file

What is a host file ? & What’s it do ?

-{ Quote: "The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements." }-

Read Here (http://www.mvps.org/winhelp2002/hosts.htm) to find out more

Next we need to lock down Outlook Express

NOTE: Outlook Express it part of Internet Explorer so the settings for one can affect the other.

Open Outlook Express Select Tools/Options

Select The Read Tab

Check Read all messages in plaintext

Select the Security Tab

Place a dot in Restricted Zone
Check Warn Me When Other Applications Try To Send Mail As Me
Check Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus

Select The Maintenance Tab

Check Purge deleted messages when leaving IMAP folders
Check Empty Messages From The Deleted Items Folder On Exit

Next close the options window and Select View/Layout

Uncheck "Show preview pane"

Note: This last one is a HUGE security issue and It's really important that it be disabled because viewing an email in the preview pane is effectively the same as opening it which mean if its infected with a virus viewing it in the preview pane will execute the virus it contains

For further insight on securing Outlook Express see This (http://www.blackviper.com/Articles/OS/Email/filter1.htm)

Finaly Windows Media Player

Open Media Player Click Tools/Options

Select The Privacy Tab

Uncheck Everything

Select The Security Tab

Uncheck Run Script Command When Present
Check Do Not Run Script Commands And Rich Media Streams If Player Is Running Inside A Web Page

Select The Player Tab

Check Once A Month
Uncheck Download Codecs Automatically

After following these instructions you my also want to apply this patch by Java Cool

Windows Media Player Scripting Fix (http://www.javacoolsoftware.com/wmpscriptingfix.html)

-{ Quote: "Windows Media Player, by default, supports a dangerous feature that allows scripting to be embedded within media files. Windows Media Player will then execute the scripting when the media file is played. The Windows Media Player Scripting Fix is a small application that disables Windows Media Player scripting simply, and easily, with the press of a button - scripting can also be re-enabled at a later date with this same program.

So why is scripting in WMP dangerous? because Windows Media Player scripting functions can be used to execute programs, open web pages, and much more when you open any media file that has them embedded." }-

Ok now that we have locked down Internet Explorer, Outlook Express, Windows Media Player and File & Printer Sharing its time to cover a few OS Specific problems

First you should apply these 2 patches from the creators of BOCLEAN

HTA Stop 2003 (http://www.simtel.net/product.php?url_fb_product_page=67031)

-{ Quote: "It's now possible for a "rogue" website to actually embed Trojans, worms and/or viruses directly into a web page. In the past, pages that offer seemingly attractive downloads which contain such malware required you to click to start any download to your computer. Now it's become automatic, using features in the Windows operating system known as scripting. These scripts can load programs without you knowing, and then they run immediately. All you have to do is visit the site, without doing anything besides viewing the page. HTAstop acts as a brick wall against these scripts, disabling them so the download doesn't occur" }-

However Win 2000 And XP users should see this warning before applying this patch

-{ Quote: "For reasons that only Microsoft can explain, recent Windows updates have changed the functionality of some items in the Control Panel applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control Panel may not respond or will open Notepad with an error message instead. This is because Microsoft has decided to replace the original Control Panel programs with actual HTA SCRIPTING! Since HTA has been stopped, this too will also be stopped because the MSHTA.EXE program which HTAStop stops is not available.

The solution to this problem is to run HTAStop and PERMIT HTA long enough to do what you need to do, then turn it back off again so as to protect your security. Microsoft is using MSHTA for these Control Panel functions now, and HTAStop has blocked MSHTA.EXE from running." }-

DSO Stop2 (http://www.nsclean.com/dsostop.html)

-{ Quote: "The "DSO Exploit" (Data Source Object) was first reported by GreyMagic Software of Israel on February 27, 2002 and a "workaround" for Microsoft's defective code was provided by Axel Pettinger and Garland Hopkins on March 3, 2002 involving the editing of the Windows registry to alter values contained within Internet Explorer's Internet Zones configurations. Because many computer users are extremely nervous (and justifiably so) about manually editing the Windows registry, owing to years of warnings and advisories as to the dangers of editing the registry, Privacy Software has provided this FREE utility to safely do it for those who do not feel confident running and editing "Regedit." We have provided this software to the general public to solve a problem since no one else has stepped up to the plate to solve a serious problem as of the time of this release." }-

For toughs of you that are still using Win95/98/ME you should apply these 2 excellent patches from DiamondCS

Anti-Polymorphism Patch (http://www.diamondcs.com.au/index.php?page=patch1)

-{ Quote: "This patch prevents Windows Scripts (such as VBScript and JavaScript) from being able to read/write to themselves, making Windows Script polymorphism nearly impossible through conventional means. This can prevent polymorphic worms from executing." }-

Saved Passwords Lock Patch (http://www.diamondcs.com.au/index.php?page=patch2)

-{ Quote: "Safely Disables the WNetEnumCachedPasswords function in MPR.DLL, stopping Trojans and other malicious programs from obtaining your passwords. A demo program is included that shows you which password information is available on your system." }-

Next if you are still running Win 98 Se you should also apply this excellent UNOFFICIAL Windows98 Second Edition Service Pack (http://exuberant.ms11.net/98sesp.html)

Toughs of you that are using WinXP should grab a copy of XP Antispy

Note: However please be aware that if you are using Ewido Security Suite you do not need this as Ewido Security Suite already includes XP-Antispy

XP Antispy (http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26)

-{ Quote: "MS has integrated some tools and services into the system, that can automatically connect to the net without your permission and with out you knowing about it. Nobody knows what's possible being transferred to and from your computer via these services so if you want to stop this behaviour download XP Antispy this program will let you safely Disable and re-Enable XP's "Phoning Home" services" }-

Toughs of you that are running older systems like 98/ME/2000 should grab a copy of Safe XP insted this app is very similar to XP Antispy but unlike XP Antispy Safe XP is designed to also work on older systems like 98/ME/2000

Safe XP (http://theorica.click-now.net/safexp.htm)

-{ Quote: "Safe XP allows users to quickly tweak various security and privacy related settings in 98/ME/2000/XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as an option to remove items from the Start menu, network security settings and more. Safe XP improves your system performance and makes Windows run faster, more secure and reliable! And is suitable for beginners and experts alike!" }-

Ok now you have secured your system you we need to test your defences effectiveness below are a few sights that provide security validation services to allow you to do just that

http://cybercoyote.org/security/tests.shtml
http://www.firewallleaktester.com/
http://www.spywarewarrior.com/uiuc/info17.htm

If you have any Questions, Comments or Suggestions maybe iv missed something important that should be included, maybe I’ve given instructions incorrectly or in a confusing manor and you cant follow it what ever the case if you have any problems then please feel free to contact me Here (http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644) and ill see what I can do

And finally I'd like to say a huge thank you to everyone who has helped me write this I couldn't have done it with out you id also like to say a huge thanks OPTIMIZER who has been of grate assistance to me

Thank you all your help is greatly appreciated

Brethrezen-

Now I know it was too esoteric. It was simply on my one track mind at the time. However if you are curious I did get some very intresting info when I posted the question in (i think) the privacy issues forum. If you are interested, here is the link

http://www.wilderssecurity.com/showthread.php?t=55405

HandsOff

- Okay, even if you don't, here's a clue. Javacool has a program that addresses this issue...and most likey a much better description of the problem. I am going to check it out. Later!

hi all

ok im lookin to add a section detailing alternitives to Internet Explorer, Outlook Express, Windows Media Player but i need a few sergestions below is what i have so far but i need a few others

Browser: Firefox, Opera

Email Client: Thunderbird

Media Players: Winamp

you could take alook at this for OE, it looks like its free until they stop testing it.
http://www.mapilab.com/
EDIT looks like it's no longer a beta $49 now!

and this too for OE...
http://www.add-in-express.com/adx-toys/outlook_programming_com_add-in_on_vcl_and_net.php?ref1=submit&ref2=adxt2ol

Personally, I dont like winamp very much. to me it just has the feel of a program that takes a simple concept and makes it unnecessarily difficult. They seem a little too interested in knowing what people's listening habits are as well.

The probably obvious choice for the average user would be Windows Media Player Classic vers 6.4.x.x It has got to be the most straightforward and easiest of them all to use. It has several built in codecs (such as DVD) and very good codec packs for it abound. I happen to like the KLite Codec Packs which come in 3 versions Basic, Standard, and Full. The full includes Real Alt, and Quicktime Alt. and even several encoding versions for DivX/mpg4/mpg2...


both the player and the codecs are free.

Okay, here is another big thing for me. When I watch a dvd movie with really narrow screen dimensions 50%, 100%, 200%, and full screen just don't cut it!

what is needed is screen size increases and decreases in very small increments. That way you decide how much of the black bars you want to live with. Well, MPC gives you that.

thats my vote, Media Player Classic with KLite codec pack 2.34 Full version.

- HandsOff

Not a security expert, but I've used/use the following:

Browser: Slimbrowser (http://www.flashpeak.com/sbrowser/sbrowser.htm), Avant Browser (http://www.majorgeeks.com/download.php?det=2346)
These browsers use the IE engine, but are more secure if you set them up right.

Email Client: The Bat (http://www.ritlabs.com), Courier (http://www.rosecitysoftware.com/courier/), Pocomail & Barca (http://www.pocosystems.com), Becky (http://www.rimarts.co.jp/), Opera (http://www.opera.com), Bloomba (http://www.statalabs.com) (although the last one has been taken over by Yahoo, so not sure if you can still download/purchase it) :-\

Media Players: JetAudio (http://www.jetaudio.com/), Quicktime alternative (http://www.free-codecs.com/download/QuickTime_Alternative.htm), Real alternative (http://www.free-codecs.com/download/Real_Alternative.htm). (all free)
-{ Quote: " thats my vote, Media Player Classic with KLite codec pack 2.34 Full version." }-You have my vote too.

Looking forward to seeing the finished version of your security guide, although you'll have to update it constantly. ;D
Looks good already. ;)

hi all

thanks for the suggestions haven't got any time to do any updates just yet coz it's like 12 midnght and i'm off to bed but will post a few revisions soon as I got a lil time on my hands night

Blessed Be

hi all

sorry for the delay in updating been busy anyway here is my latest additions as always updates are in blue

Helping To Keep Your System Clean After Cleansing

The first stage in this process is cleaning instructions on how to do this are given above. Once you have read through and carried out these instructions and we've finally gotten your system clean you'll want to keep it that way right ?? of course you do !! however in order to achieve this we are going to have to lock down your system because when Microsoft ships there system they are trying to make it "easy" for you to surf the web, NOT SAFE !!!

Now in order to maintain good system security there are several things you should do

The First most important thing you should do is to make sure you have all the correct security software the minimum you should have to maintain a healthy system is a good Firewall, Anti-Virus, Anti-Trojan and Anti-Spyware here are a few recommended ones

Firewall: Zone Alarm (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp), Outpost (http://www.agnitum.com/download/), Sygate (http://smb.sygate.com/products/spf_standard.htm)
Anti-Virus: AVG (http://www.grisoft.com/us/us_dwnl_free.php/), AntiVir (http://www.free-av.com/antivirus/allinonen.html), Avast (http://www.avast.com/eng/down_home.html)
Anti-Trojan: A² (Beta) (http://www.emsisoft.com/en/software/free/), Ewido Security Suite (http://www.ewido.net/)
Anti-Spyware: Ad-Aware (http://www.lavasoftusa.com/support/download/), Spybot-S&D (http://www.safer-networking.org/index.php?page=download)

In addition to the above you may also want to consider the following , Spyware-Blaster (http://www.javacoolsoftware.com/spywareblaster.html), Spyware-Stopper (Shareware) (http://www.spyware-stopper.com/spystop/index.shtm) and SpyBlocker (Shareware) (http://www.spyblocker-software.com/spyblocker/sb.shtm)

Real-time protection against Malware
Spyware-Guard (http://www.javacoolsoftware.com/spywareguard.html), Prevx Home (http://www1.prevx.com/prevxhome.asp)

Encryption software: Axcrypt (http://axcrypt.sourceforge.net/), PGP (http://www.pgp.com/downloads/freeware/index.html)

Although encryption software isn't necessary for everyone it is recommended if you have any sensitive file that you want to keep away from prying eyes however be aware that encryption software is only as strong as the password you select below are a couple of trustworthy programs

The Second most important thing you should do is to always keep as current as possible with all the latest bug/security fixes not only for Windows but for all your programs this is especially important when it come programs like your Anti-Virus, Anti-Trojan and Anti-Spyware

The Third most important thing is to secure your system by locking down all of Windows BIGGEST security holes these includes Internet Explorer, Outlook Express, Windows Media Player and File And Printer Sharing among others

A good way to eliminate a lot of these problems is to simply get rid of Microsoft’s inferior technology all together and use one of the many safer Freeware/Open source alternatives, by doing so you will not only be saving your self from all the current security vulnerabilities created by these programs but all the future one as well

However choose wisely get some advice from professional security experts at boards like this one because there are programs that are known to be a little on the questionable side

One such group are shells programs that are based on the code/engine of another programs for instance Slimbrowser, Avant Browser, Maxthon or AOL Browser these are programs based on the Internet Explorer engine

Now although shells them selves aren't inherently dangerous where the problems come in is when the shell program is based on the code/engine of another program that is known to be buggy and insecure such as Internet Explorer what this means is that in all likely hood your shell program will inherit all the same vulnerabilities and exploits as the program it was based off

Which is why Id also strongly recommend against the use of such programs what I would stress here how ever is that no matter what you chose no program is perfect and its going to have bugs and vulnerabilities the best thing you can do is to seek expert help then make up your own mind based on your needs and the advice you are given then once you have made your choice again seek expert help on how best to configure it for maximum safety and security

below are few recommended replacements

Browser: Firefox (http://www.mozilla.org/products/firefox), Opera (http://www.opera.com/download)

Email Client: Thunderbird (http://www.mozilla.org/products/thunderbird)

Media Players: Winamp (http://www.winamp.com), JetAudio (http://www.jetaudio.com/), Quicktime alternative (http://www.free-codecs.com/download/QuickTime_Alternative.htm), Real alternative (http://www.free-codecs.com/download/Real_Alternative.htm),

If on the other hand you are just interested in looking at what Freeware/Open source alternatives are The Source Forge (http://sourceforge.net/) or Openwares (http://www.openwares.org/)

One other method of cleansing your system of a lot of Windows superfluous code and features is

XP/98lite (payware) (http://www.litepc.com/)

-{ Quote: "98/XPlite we give YOU the power to set up YOUR machine the way YOU want! The power to remove unwanted features, the power to remove upgrades that go bad, the power to strip potential security and privacy threats out by the roots.

Microsoft locked Windows away from you... We have the keys" }- I have personally used 98 Lite for a couple of years now and can definitely vouch for its effectiveness not only for securing, speeding up & stabilising my system but it also comes in handy when upgrades go wrong and Microsoft doesn't offer an uninstaller

If you are looking for further proof of why you should rid your system of Microsoft’s inferior technology and why you the end user should remove these features and programs I would see this classic example of Microsoft’s incompetence

-{ Quote: "October 13, 2004

Microsoft rolled out another 10 security fixes for XP today.

In particular, this one caught our eye and in many respects exemplifies the need for people to uninstall features they are not using.

http://www.microsoft.com/technet/security/...n/ms04-034.mspx

Microsoft Security Bulletin MS04-034
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges."

In other words, a seemingly benign bolt-on feature such as "zipfolders" that lets you manage files in zip archives has the capacity to open your entire system up to hackers!." }-

The Forth most important thing you should do is to use password protect because this prevents unauthorized access to your system and stops people/malware tampering with your operating system and/or programs settings

The problem here however is quite often if you have a lot of passwords you’ll often get them mixed up or forget them altogether and this puts people off using password protection however it doesn't have to be like this there are programs known as password vaults these are programs that will store all your passwords in a protected archive allowing you to safely log in to any of your password protected accounts with a single click of the mouse

below are a couple of such programs

Robo Form (http://www.roboform.com/), Account Logon (http://www.accountlogon.com/)

Be aware however that password protection is only as strong as the password you select choose a good passwords which isn't easy to brake, it should be over 10 characters, with numbers, letters, Symbols, upper and lower case letters and it shouldn't be a word that appears in the dictionary

The Fifth most important thing you should do is to back up your data this way if your hard drive ever get corrupted you wont loose everything get an imaging program these are special programs that can make an exact duplicate of your hard drive and burn it to a CD or some other form of removable media so that way if the worst should happen all you need do is just restore your back up this avoids or at least reduces the often costly lost of data as long as you remember update your back up regularly

One such imaging program is true image weather you are a novice or an expert this program is for you its extremely user friendly and comes highly recommended I can vouch for it I've used it for years and I cant tell you how many time its saved me from having to do a lengthy system restore

It is advised however that you wipe your system and do system restore then patch and update everything before you make your first back up this way you will know that you are making a clean back up

It is also advised that before you update this back up that you first restore to it again this is so that you know that your updated back up is clean

By doing this you will always know that no matter how badly your computer gets messed up either by Virus, Trojan, Hijacking or some other form of malware you always have a quick easy way to fix the problem

Below is a few other recommended imaging programs

Acronis True Image (Payware) (http://www.acronis.com/products/trueimage/)

The Sixth most important thing you should do is watch what you download !! Many Freeware and P2P programs like Grokster, Imesh and Kazaa come with an enormous amounts of spyware that will eat resources, slow your system or clash with other software, possibly causing your Software, Browser or even Windows itself to crash below are a few pages that maintain a list of clean and infected clients

Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywarewarrior.com/uiuc/soft23a.htm)
Spyware-Free/Spyware-Infested P2P/Filesharing Apps (http://www.spywareinfoforum.com/articles/p2p/)
Spyware-Free Download Managers/Assistants (http://www.spywarewarrior.com/uiuc/soft23.htm)

You may also want to check out the Rogue/Suspect Anti-Spyware Products & Web Sites list (http://www.spywarewarrior.com/rogue_anti-spyware.htm)

The Seventh most important things you can do is to is to be informed subscribe to security news letters to keep up to date with all the latest threats read and learn as much as you can because knowledge is power the more knowledge you have the safer you will be below is a few links to resources that will help you do just that

http://www.tom-cat.com/security.html
http://www.dslreports.com/faq/security
http://www.spywarewarrior.com/uiuc/main-nf.htm
http://www.claymania.com/safe-hex.html
http://www.uksecurityonline.com/husdg/

Ok so recommendations over its time to get to work and start locking things down

First its recommended that you Disable file and printer sharing if you don't need it as it will enhance security and give attackers 1 less way into your system Complete instructions for Windows 98 and Windows NT can be found Here (http://www.grc.com/su-bondage.htm) Instructions for Windows XP and Windows 2000 can be found Here (http://www.petri.co.il/disable_netbios_in_w2kxp.htm)

Next we need to lock down 3 of windows other big security holes Internet Explorer, Outlook Express & Windows Media Player in order to make these safe from attack by Viruses Trojans drive by install and other such vulnerabilities we are going to have to reconfigure there security settings Instructions for this can be found Below

we will start with Internet Explorer first now there seems to be a lots of differing opinions about what the best set up for IE should be and I am in the process of writing up a set of instructions that will allow IE to remain functional while increasing its security in the mean time till I’m finished here are a few links to information on the subject

http://www.lavasoftsupport.com/index.php?showtopic=14537
http://www.dslreports.com/forum/remark,133...ity,1~mode=flat (http://www.dslreports.com/forum/remark,1333507%7Eroot=security,1%7Emode=flat)
http://www.spywarewarrior.com/uiuc/btw/ie/ie-opts.htm

You can also further secure Internet Explorer down by installing the following

BugOff can be found Here (http://www.merijn.org/downloads.html)

-{ Quote: "This little app disables a few exploits that are commonly used by browser hijackers (including CWS), thus protecting you from infection. This does not remove an existing infection! Applicable to everyone that uses Internet Explorer." }- another similar application is Qwik-Fix

Qwik-Fix can be found Here (http://www.pivx.com/qwikfixDownloadPage.asp)

-{ Quote: "Qwik-Fix Pro uses Active System Hardening to protect Windows desktops and servers against new threats by blocking the underlying vulnerabilities exploited by worms and viruses. Qwik-Fix Pro protects from hundreds of specific worms and viruses and safeguards PCs from falling victim to the next worm or virus before vendor security patches become available" }- IE-SPYAD: Restricted Sites List For Internet Explorer Found Here (http://www.spywarewarrior.com/uiuc/resource.htm)

-{ Quote: "IE-SPYAD is a Registry file (IE-ADS.REG) that adds a long list of sites and domains associated with known advertisers, marketers, and crapware pushers to the restricted sites zone of Internet Explorer. Once this list of sites and domains is "merged" into your Registry, most marketers, advertisers, and crapware pushers on the Net will not be able to use cookies, ActiveX controls, Java applets, or scripting to compromise your privacy or your PC while you surf the Net. Nor will they be able to use your browser to push unwanted pop-ups, cookies, or auto-installing programs on you." }- ActiveX Spyware Block List One Can Be Found Here (http://www.spywareguide.com/blockfile.php)

-{ Quote: "Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don't want to lose out on functionality?

We have created a system that blocks all known "bad" ActiveX controls from running inside Internet Explorer by setting the "Kill bit".

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present on your system, it will fail too!

Other, "friendly" components are not affected.
For a full technical explanation how this works, look at this Microsoft article (http://support.microsoft.com/support/kb/articles/q240/7/97.asp)" }- In addition to theses you may also want to consider the use of a host file

What is a host file ? & What’s it do ?

-{ Quote: "The Hosts file contains the mappings of IP addresses to host names. This file is loaded into memory at startup, then Windows checks the Hosts file before it queries any DNS servers, which enables it to override addresses in the DNS. This prevents access to the listed sites by redirecting any connection attempts back to the local machine. Another feature of the HOSTS file is it's ability to block other applications from connecting to the Internet, as long the the entry exists.

You can use a HOSTS file to block ads, banners, cookies, web bugs, and even most hijackers. This is accomplished by blocking the Server that supplies these little gems. Example - the following entry 127.0.0.1 ad.doubleclick.net blocks all files supplied by the DoubleClick Server to the web page you are viewing. This also prevents the server from tracking your movements." }- Read Here (http://www.mvps.org/winhelp2002/hosts.htm) or Here (http://accs-net.com/hosts/) to find out more to find out more

Next we need to lock down Outlook Express

NOTE: Outlook Express it part of Internet Explorer so the settings for one can affect the other.

Open Outlook Express Select Tools/Options

Select The Read Tab

Check Read all messages in plaintext

Select the Security Tab


Place a dot in Restricted Zone
Check Warn Me When Other Applications Try To Send Mail As Me
Check Do Not Allow Attachments To Be Saved Or Opened That Could Potentially Be A Virus

Select The Maintenance Tab

Check Purge deleted messages when leaving IMAP folders
Check Empty Messages From The Deleted Items Folder On Exit

Next close the options window and Select View/Layout

Uncheck "Show preview pane"

Note: This last one is a HUGE security issue and It's really important that it be disabled because viewing an email in the preview pane is effectively the same as opening it which mean if its infected with a virus viewing it in the preview pane will execute the virus it contains

For further insight on securing Outlook Express see This (http://www.blackviper.com/Articles/OS/Email/filter1.htm)

Finaly Windows Media Player

Open Media Player Click Tools/Options

Select The Privacy Tab

Uncheck Everything

Select The Security Tab

Uncheck Run Script Command When Present
Check Do Not Run Script Commands And Rich Media Streams If Player Is Running Inside A Web Page

Select The Player Tab

Check Once A Month
Uncheck Download Codecs Automatically

After following these instructions you my also want to apply this patch by Java Cool

Windows Media Player Scripting Fix (http://www.javacoolsoftware.com/wmpscriptingfix.html)

-{ Quote: "Windows Media Player, by default, supports a dangerous feature that allows scripting to be embedded within media files. Windows Media Player will then execute the scripting when the media file is played. The Windows Media Player Scripting Fix is a small application that disables Windows Media Player scripting simply, and easily, with the press of a button - scripting can also be re-enabled at a later date with this same program.

So why is scripting in WMP dangerous? because Windows Media Player scripting functions can be used to execute programs, open web pages, and much more when you open any media file that has them embedded." }- Ok now that we have locked down Internet Explorer, Outlook Express, Windows Media Player and File & Printer Sharing its time to cover a few OS Specific problems

First you should apply these 2 patches from the creators of BOCLEAN

HTA Stop 2003 (http://www.simtel.net/product.php?url_fb_product_page=67031)

-{ Quote: "It's now possible for a "rogue" website to actually embed Trojans, worms and/or viruses directly into a web page. In the past, pages that offer seemingly attractive downloads which contain such malware required you to click to start any download to your computer. Now it's become automatic, using features in the Windows operating system known as scripting. These scripts can load programs without you knowing, and then they run immediately. All you have to do is visit the site, without doing anything besides viewing the page. HTAstop acts as a brick wall against these scripts, disabling them so the download doesn't occur" }- However Win 2000 And XP users should see this warning before applying this patch

-{ Quote: "For reasons that only Microsoft can explain, recent Windows updates have changed the functionality of some items in the Control Panel applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control Panel may not respond or will open Notepad with an error message instead. This is because Microsoft has decided to replace the original Control Panel programs with actual HTA SCRIPTING! Since HTA has been stopped, this too will also be stopped because the MSHTA.EXE program which HTAStop stops is not available.

The solution to this problem is to run HTAStop and PERMIT HTA long enough to do what you need to do, then turn it back off again so as to protect your security. Microsoft is using MSHTA for these Control Panel functions now, and HTAStop has blocked MSHTA.EXE from running." }- DSO Stop2 (http://www.nsclean.com/dsostop.html)

-{ Quote: "The "DSO Exploit" (Data Source Object) was first reported by GreyMagic Software of Israel on February 27, 2002 and a "workaround" for Microsoft's defective code was provided by Axel Pettinger and Garland Hopkins on March 3, 2002 involving the editing of the Windows registry to alter values contained within Internet Explorer's Internet Zones configurations. Because many computer users are extremely nervous (and justifiably so) about manually editing the Windows registry, owing to years of warnings and advisories as to the dangers of editing the registry, Privacy Software has provided this FREE utility to safely do it for those who do not feel confident running and editing "Regedit." We have provided this software to the general public to solve a problem since no one else has stepped up to the plate to solve a serious problem as of the time of this release." }- For toughs of you that are still using Win95/98/ME you should apply these 2 excellent patches from DiamondCS

Anti-Polymorphism Patch (http://www.diamondcs.com.au/index.php?page=patch1)

-{ Quote: "This patch prevents Windows Scripts (such as VBScript and JavaScript) from being able to read/write to themselves, making Windows Script polymorphism nearly impossible through conventional means. This can prevent polymorphic worms from executing." }- Saved Passwords Lock Patch (http://www.diamondcs.com.au/index.php?page=patch2)

-{ Quote: "Safely Disables the WNetEnumCachedPasswords function in MPR.DLL, stopping Trojans and other malicious programs from obtaining your passwords. A demo program is included that shows you which password information is available on your system." }- Next if you are still running Win 98 Se you should also apply this excellent UNOFFICIAL Windows98 Second Edition Service Pack (http://exuberant.ms11.net/98sesp.html)

Toughs of you that are using WinXP should grab a copy of XP Antispy

Note: However please be aware that if you are using Ewido Security Suite you do not need this as Ewido Security Suite already includes XP-Antispy

XP Antispy (http://www.xp-antispy.org/index.php?option=com_remository&Itemid=26)

-{ Quote: "MS has integrated some tools and services into the system, that can automatically connect to the net without your permission and with out you knowing about it. Nobody knows what's possible being transferred to and from your computer via these services so if you want to stop this behaviour download XP Antispy this program will let you safely Disable and re-Enable XP's "Phoning Home" services" }- Toughs of you that are running older systems like 98/ME/2000 should grab a copy of Safe XP insted this app is very similar to XP Antispy but unlike XP Antispy Safe XP is designed to also work on older systems like 98/ME/2000

Safe XP (http://theorica.click-now.net/safexp.htm)

-{ Quote: "Safe XP allows users to quickly tweak various security and privacy related settings in 98/ME/2000/XP. The options include Media Player settings, Services settings (error reporting, time synch, remote registry etc.), as well as an option to remove items from the Start menu, network security settings and more. Safe XP improves your system performance and makes Windows run faster, more secure and reliable! And is suitable for beginners and experts alike!" }- Ok now you have secured your system you we need to test your defences effectiveness below are a few sights that provide security validation services to allow you to do just that

http://cybercoyote.org/security/tests.shtml
http://www.firewallleaktester.com/
http://www.spywarewarrior.com/uiuc/info17.htm

If you have any Questions, Comments or Suggestions maybe iv missed something important that should be included, maybe I’ve given instructions incorrectly or in a confusing manor and you cant follow it what ever the case if you have any problems then please feel free to contact me Here (http://spyblocker-software.com/IPB/index.php?act=ST&f=8&t=1644) and ill see what I can do

And finally I'd like to say a huge thank you to everyone who has helped me write this I couldn't have done it with out you id also like to say a huge thanks Andy Reynaerts who has been of grate assistance to me

Thank you all your help is greatly appreciated

i think you have finished the guide, but i came across this link and thought you might like it. i haven't ever used Outlook so i can't comment on how good this link is.
http://www.tames.net/security/oesettings.htm

hi

thanks for the link ill have to read over it but from first glance it defenatley look like its worth adding

nice find

im updating now

A note should be added that BugOff will break Outlook Express (send and receive will nolonger work) if it is used for email.

Cheers ;D

hi

although its not a bad idea though im not sure if its nessery becaues it tells when you open bug off that it could brake outlook

-{ Quote: "side effect when disabled out look express will fail to display message" }-

what i could do though is to put a note the people using bug off should read the onscreen info for possable side effects

I think it would be more useful to just repeat the warning since it is so short. That way you save them the effort of having to look somewhere else.

Also, I consider the neutralization of Outlook Express to be more of a feature than a liability!



- HandsOff

Well since iceni60 has re-opened this... how about including Process Guard (http://www.diamondcs.com.au/processguard/) or System Safety Monitor (http://maxcomputing.narod.ru/ssme.html?lang=en)? PG is easier to use, but both can help keep a system clean by blocking/prompting on driver and service installation, techniques used by more sophisticated malware. SSM includes registry monitoring also, but RegDefend (http://www.ghostsecurity.com/index.php?page=regdefend) looks to be a more powerful countermeasure (though registry protection is a more advanced subject). PG/RegDefend are payware, SSM is free (though the author plans to make it shareware at some point in the future).

For imaging software, consider including Drive Snapshot (http://www.drivesnapshot.de/en/) (payware). Like Acronis, it can take a full backup running in the background - unlike Acronis it consists of a single 130KB file which could be included on a boot floppy for restoring images.

Aside from that, this looks to be a very comprehensive guide, well worth making a sticky thread of - or a special webpage.

I wonder how background imaging works. I have seen problems occur if a file is used during the execution of a backup. The problem arises when the program compares the files in the image with the files on the system. If the files don't compare, then the program I use reports that fact, and you can "re-catalog" the misfits if you are satisfied with the originals. My guess, and it's just a guess, is that the image made in the background relies on looser standards of determining if a file has changed.

It might just be a different approach. I am used to my program "Retrospect Express 5.6", but I am curious about others. Maybe P. knows, do you still need your windows disk to restore after, say, reformatting. It's not a huge deal to me since I have an OEM windows installation, but it fries my bacon to have to call up Microsoft on the phone and ask their permission to restore! What if I'm shipwrecked on a desert island? cant re-install XP?

P.S. if you didn't hear microsoft apparently announced that you may or may not have to call by phone in order to reinstall windows xp after February 28th, or some other date. I hope this isn't going to be a new trend. Can we look forward to re-installing and having to call up the makers of every single program on hour computers? Microsoft is testing the water, and over here the water a little hot!


- HandsOff

-{ Quote: "I wonder how background imaging works. I have seen problems occur if a file is used during the execution of a backup. The problem arises when the program compares the files in the image with the files on the system. If the files don't compare, then the program I use reports that fact, and you can "re-catalog" the misfits if you are satisfied with the originals. My guess, and it's just a guess, is that the image made in the background relies on looser standards of determining if a file has changed." }-From Drive Snapshot's backup page (http://www.drivesnapshot.de/en/backup.htm) (the author is German so the English is not perfect, but adequate for this description):

"By using WindowsNT Driver technology, Snapshot chains itself between the file system and the disk driver and will see any request to the disk.
When any WRITE request to data, that are not yet saved, is detected, the data are read first from the disk and saved, before the WRITE request is allowed to proceed.

So the data are completely safe against change; and this allows the user to work, while Snapshot is running, no changes will not be reflected into the image produced. Whatever he does, the image will contain the disk data at start time.
He may work as usual, clean up the disk, install/uninstall Software, or even catch a virus of his choice.

SnapShot even makes some effort to minimize its influence on other programs.
Snapshot uses about 7MB of memory during Backup, 0 bytes when not activ.
Snapshot runs at low priority, giving the foreground application as many CPU cycles as needed.
As SnapShot uses a huge amount of disk IO (~15 MB/sec for P700), Snapshot would bring down a typical Windows program start to a crawl. So Snapshot watches for any user disk activity and will pause for a short while, so the user application runs at nearly full speed.
SnapShot still makes sure, that no unsaved data are overwritten. In this case, SnapShot will buffer these data up to a few Megabytes in memory, and then simply delay the application, until these data have been saved to the SnapShot destination.
This won't happen often, as applications tend to modify the same data over and over again, like a database's index files. These data will be saved the first time, a change is detected, later requests will proceed at normal speed."

hi

thanks for your suggestions

HandsOff point taken

Paranoid i already included Process Guard it may be that its just not listed here as all versions here are now out dated

but i will look at System Safety Monitor, RegDefend & Drive Snapshot

This is great!!! You have done soo much work on this thread, Bethrezen!!

Thank you, I know I will be constantly referring to it!! At the moment I am sort of overwhelmed - if I think of any suggestions, especially for newbies to understand it all - I will post it!

Good work, Bethrezen, you will be making alot of people more aware of all the security programs out there, what they are for, how to use them, not just telling them what they need, this is a wonderfully helpful thread!!

Thanks again!

Marja8)

Just thought I'd mention that I really do use bugsoff, and have not personally suffered do to anything not working, so maybe I take it too lightly but I think the protection it offers certainly justifies at least attempting to use it.

Paranoid -
Thanks for the look inside of drive snapshot. If the program actually works then it is pretty impressive. Still, to play the devil's advocate, can one really have a program cause another program to stop and wait, and still claim to run in the background? Besides, how does the backup program know it has recorded the file or not? its really the same question. file is in que to be writen and the back-up program determines if the file is backed up. there are supposed to be updates to the files metadata but that is dependend on other programs conforming to standards. I guess I'm the paranoid one because I pretty much never expect anything to work, until I have seen it work a few dozen times.

Retrospect compares the changed files with the originals after the snapshot has been written. i don't know all of the criteria it uses but the phrase "file does not compare at offset...." is what I usually see, or "file does not compare, reached end of file..." anyway these cryptic phrases have there effect. I am full of confidence that my spaceship knows which way to go!


-HandsOff

-{ Quote: "Still, to play the devil's advocate, can one really have a program cause another program to stop and wait, and still claim to run in the background?" }-As mentioned in my previous post, Snapshot hooks into the NTFS file writing routines - when any program uses these, Snapshot checks which file is being written to and, if it has not already backed it up, it takes a copy before allowing the write to proceed. The only problems will occur with programs that do not use the standard file access APIs (MS SQL Server is one example I believe along with some disk defragmentation software).-{ Quote: "Besides, how does the backup program know it has recorded the file or not? its really the same question. file is in que to be writen and the back-up program determines if the file is backed up. there are supposed to be updates to the files metadata but that is dependend on other programs conforming to standards. I guess I'm the paranoid one because I pretty much never expect anything to work, until I have seen it work a few dozen times." }-Since Snapshot intercepts all subsequent file writes, its backup is effectively of your system at the time when you started it.-{ Quote: "Retrospect compares the changed files with the originals after the snapshot has been written. i don't know all of the criteria it uses but the phrase "file does not compare at offset...." is what I usually see, or "file does not compare, reached end of file..." anyway these cryptic phrases have there effect. I am full of confidence that my spaceship knows which way to go!" }-Snapshot does include an image verify option (though it does not compare files with their state after backup) and you can view (and check) individual files within an image. The trial is free and the program is one file only (a full install is offered, but optional) so testing it should be a painless option.

Hi Marja

thanks for your kind words your feed back is appreciated its nice to know that my efforts are going to good use :)

-{ Quote: "I am sort of overwhelmed" }-

I know how you feel I have had this comment from others and I agree that so much info of information at once can be some what intimidating even to advanced users this is why I strive to make things as easy to understand as I possibly can by trying not to be to technical and adding colours and the like to try and brake things up a lil to make it all easer to digest

although artistic flare isn't exactly my strong point I believe that I have seceded in ironing out most of the rough spots so that everything flows

this said I'm always up for a lil constructive criticism as long as the person gives as a good explanation of what he or she finds wrong and how it could be improved

for instance if someone was to says a particular part was rubbish I don't mind as long as they tell me why its rubbish and how it could be improved

or if someone was to tell me that a particular part was inaccurate again I don't mind as long as they tell me why its inaccurate and point me to correct information so that I can correct any errors

anyway I know I have posted this else where but ill post it again in case anyone is looking

http://spyblocker-software.com/IPB/index.php?showtopic=1762

that is the location of the full guide all versions on the wilders board are now outdated so you should see this link

-{ Quote: "Thanks for the look inside of drive snapshot. If the program actually works then it is pretty impressive. Still, to play the devil's advocate, can one really have a program cause another program to stop and wait, and still claim to run in the background?
-HandsOff" }-

While your system certainly gets faster, you still get 90% of usual system performance; compare this with copying a few gigabytes with Windows explorer, burning a DVD, or similar.
You probably won't really notice it's running - so it may claim it's running in the background.


-{ Quote: "As mentioned in my previous post, Snapshot hooks into the NTFS file writing routines - when any program uses these, Snapshot checks which file is being written to and, if it has not already backed it up, it takes a copy before allowing the write to proceed. The only problems will occur with programs that do not use the standard file access APIs (MS SQL Server is one example I believe along with some disk defragmentation software).." }-
actually Drive Snapshot hooks into the disk writing routines (at the volume layer = user visible drives)

Hardly any program breaks this, as it wouldn't be compatible with Windows RAID (where C: may be mirrored/striped/... across multiple physical disks)


tom

-{ Quote: "actually Drive Snapshot hooks into the disk writing routines (at the volume layer = user visible drives)" }-Thanks for the clarification Tom. Might you be planning on opening a support forum here? ;)

Thanks for the link, Bethrezen, I bookmarked it!!

Drive Snapshot looks interesting!! A support forum would be very helpful!!;)

...one more thing...the backups I do are usually what people disparagingly call incremental backups...like that was a bad thing! The thing that I like about this method besides the obvious advantage that you only have to copy the changed files is that you actually have access to more than one copy of files that were changed. even though there may be only one backup file, and if you were restore the image you would be only restoring one file of a particular filename, the other versions are not gone. If you did ten backups and a file changed five times, those other four copies still exist and are retrievable (though a regular restore would only produce the current version). Anyway, thats probably old hat for you guys, but for a guy that still cant get over that he can watch a tv show on one channel and be recording one on a different channel at the same time, its a pretty big deal!

- HandsOff

Hey! I still get excited about that too! So, I agree with you, isn't some backup better than NO backup?

The incremental backup is the superior backup. We like to think of it as managed backups. Combined with the ability to store backup scripts it gets even better. I have different scripts to backup my mp3's, my documents, my windows partition. This particular program allows you to schedule unattended backups, but i prefer to run them myself. If that were not enough, there is the option to "recycle backup sets" which has the effect of running the script for the first time. It eliminates all the duplicates and starts over. Also, it monitors the drives smart drive feature and tries to warn you if your hard drive looks like it is starting to go. Yeah, much maligned incremental backup, the unsung hero of the backup world.

- HandsOff

The downside of incremental backups is that if you have multiple incrementals, all have to be restored successfully in the correct order. So if incremental backup 3 was corrupted, you could only restore as far as incremental backup 2 - backups 4,5,6,etc would be of no use. This was more of a concern when tapes were used as the backup medium since they were more prone to failure than CD's/DVD's/hard disks, but this is still worth bearing in mind when deciding your backup strategy.

A good halfway house would be to do a full backup every weekend and incrementals for each weekday - but the specifics will depend on how important your data is (business critical data will require extra backups stored off-site to cover against fire/theft, etc), how much it changes and what backup media you are using (full backups will tend to require a hard disk while incrementals could fit onto a CD/DVD).

That may be a liability of this program. This approach requires GB's to burn. Theres nothing to stop me from making duplicates but they are going to be equal in size to the files that are backed up (in general)

If you think about it each successive back up will be larger than the one before. Dantz suggests several different approaches depending on your situation. They suggested doing just as you said run incremental backups for a week or a month or whatever then recycle the backup.

20 and 40 GB usb pocket drives are getting cheap enough that I should consider getting one and dedicate it serve as an emergy backup to the working backup of the system partition.


- HandsOff

Most imaging programs will use compression to reduce the image size, but the images can still be half to two-thirds the size of the original data. An external drive is a good choice for storing backups, but make sure that it can be accessed with a minimal install (either via a bootdisk or Windows CD) to allow you to do a restore in the event of your main hard disk failing totally.

hi all

first is like to again say a big thanks to everyone that has assisted me in this you support is greatly appreciated this wouldn't have been possible with out your help

second id like to say thanks for the latest round of suggestions I just finished adding them

keep em coming

Hi Bethrezen,

How big has your guide become? Do you forsee a completion or is it going to be continuously updated over time. Just curious.

I wonder if we will ever see a general malware analysis tool that instead of disinfecting a computer will analyse the problem and makes suggestions: Download this, run that, search for the other...but one which learns. when you solve the problem it's database grows. Sort of like a hijack this helper only machine not human.

This probably sounds over the top, but years ago as a student, we were asked to write a guessing game program. the player thinks of an animal and the computer guesses what the animal is after asking a series of yes or no questions. When it gets to the guess the player answers yes or no to if the guess was correct. If yes then the computers data was suffiecient. If no, the computer asks the player to type in a question that would have been no for the wrong guess, but yes for the actual animal. Its fun, but it is also powerful in a way. one could read particularly good hijack this posts and translate them into questions. ..."did you try ___in the safe mode?"...no...

Its getting so complete that there is to many procedures to expect one person to know.

anyways just an off the wall thought. But before you laugh too hard, i'll just say after a few hundred games the computer always wins. And it usual doesn't have to ask more than a dozen questions.



- HandsOff

hi

-{ Quote: " How big has your guide become?" }-

well have a look your self and you will see http://spyblocker-software.com/IPB/index.php?showtopic=1762

-{ Quote: "Do you foresee a completion" }-

well I would say that its pretty much complete as it is and I think if people follow the instructions they should be able to fix 99% of any trouble they may be having

all I'm really doing at the moment is tweaking re-writing things playing with lay out and presentation and just trying to make general improvements the actual contents hasn't changed an awful lot since I first put it up in in January that said I have incorporated all the different suggestions iv had since then so there is some new stuff in there

-{ Quote: "is it going to be continuously updated over time. Just curious." }-

well like any good guide it will need to be amended from time to time as is appropriate adding or removing information and procedures tools etc as things change but I think the bulk of it should be solid and wont need any further updating

it be honest the cleaning section of the guide hasn't really changed at all since I put it up in January maybe some of the wording and lay out and the like is different but the actual contents hasn't changed because as far as I know I've covered just about every conceivable eventuality when it comes to cleaning

see my goal here was to pull together all the different information and procedures and recommendations pertaining to cleaning in to one place make it easy to follow because there where just so many different approaches and recommendations scattered over so many different security sights that you would need to have them all book marked and would have to go through each one at a time to make sure you had tried everything this to me was a nightmare because you ended up following the same procedures multiple times as each help file overlapped so this is when I decided to create my guide

taking all the different information that I had available compiling it all in to one huge word document then ordering in in a logical fashion editing out all the duplicate precedes and recommendations till I ended up with what you see to day one short concise and detailed file that covered every procedure and recommendation I could find when it came to cleaning and fixing malware infections

the real updating has been in the second part of the guide how to secure your computer because there are just so many things you can do to harden your system against attack this section has grown quite a lot but I think I'm getting to the point now where I think iv covered just about every area of security so I don't see me adding much more to it unless iv missed something that should be covered

so I think any further additions will most likely just be tweaks new links to other relevant info or apps tweaks in lay out this sort of things

-{ Quote: "there is to many procedures to expect one person to know" }-

this is why I try to list them in an easy to follow step by step manual so you don't need to know them all

-{ Quote: "I wonder if we will ever see a general malware analysis tool that instead of disinfecting a computer will analyse the problem and makes suggestions: Download this, run that, search for the other...but one which learns. when you solve the problem it's database grows. Sort of like a hijack this helper only machine not human." }-

well in one sense this is what I have tried to achieve with this guide and not to sound big headed but I think I have seceded quite nicely

that said it would be good to have an automated system like this that would take you step by step through all the different precedes required to fix your problem maybe then help files like this wouldn't be necessary and you wouldn't need to go searching for different help files that deal with different problems

until such time as something like that comes along however ill continue what I'm doing and that is maintaining the most comprehensive and complete help file I can

now while I cant take credit for much of the actual contents of my guide as I didn't actually come up with a lot of what is in there what I will take credit for is all the man hours it has taken to put all of this together to check info to check apps to check procedures and recommendations to make sure that everything is relevant and correct to make sure that I'm not giving bad advice that and everything else that goes along with a mammoth project like this

Bethrezen,

I've checked your security guide and there is a great deal of good information there. Consequently it contains enough to overwhelm or intimidate many new users so organising it into separate sections could make it far easier to navigate (having a downloadable copy in .rtf or .html format so that people could read it offline may help also - especially since some of the steps can only be done while disconnected from the Internet). Main topics like "Cleaning your System", "Protecting your System" could even go into separate threads.

Given its length I would suggest including a table of contents (with targetted links to each section if possible) and greater use of headings to highlight individual sections. The section layout seems somewhat confusing since a similar heading style is used for sections and subsections - marking out main headings from subheadings could help clarify things (e.g. with a larger font, centre justification, etc). Consider adding numbers to each section to make referring to them easier (e.g. "please refer to section B.2 - Browser Security" rather than "please refer to the browser security section").

I'd suggest separating the commentary (e.g. Microsoft's failings and previous security flaws) into its own chapter - most readers are likely to want solutions first and background information afterwards. Topics like file encryption and system backup I would also suggest moving into a separate section since they will not prevent or clean up spyware directly. System backup could come under "system maintenance" (a good place to discuss registry cleaners, install monitors and other tuning utilities) while encryption could go into a "general privacy" section (which could then cover web filtering, cookie control and anonymising proxies).

One utility worth including is GKWeb's WWDC (http://www.firewallleaktester.com/wwdc.htm) since this combines the effects of several others (Shoot the Messenger, Unplug'n'Pray, DCOMbobulator) - listing this instead can help shorten your guide. RegDefend on the other hand, while undoubtedly a powerful utility, does require knowledge of the Windows Registry so should be marked as being more suitable for advanced users.

Finally, there are small English issues (e.g. use of "iv" or "id" rather than "I've" or "I'd", insufficient use of commas, capitalization and spelling glitches). While not serious, they do make the guide seem less professional than it should, so asking someone to proof-read once you have reached a final draft could help put a great finishing gloss onto it.

Congratulations on the progress made so far. :)

hi Paranoid

thanks for your feed back

I know what ya are saying about the lay out being a lil hap hazard and I am trying to sort things out as best as I can

as to the spelling and grammar I could do with some help on this as this is difficult for me to sort out by my self being dyslexic

I have a question

you make several suggestions with regard to the lay out and I was wondering if you would be willing to help my with this

if i send you a full copy of the guide that includes all the bb code for the links and colours and stuff could you then re-arranging it as you have suggested then email it back to me at < snip by puff-m-d > ??

-{ Quote: "(having a downloadable copy in .rtf or .html format so that people could read it offline may help also - especially since some of the steps can only be done while disconnected from the Internet)" }-

this sounds like an excellent idea but do you know how I would go about this because this is something I'm not familiar with I have no idea how to write this up as a .rtf or .html file

Edit: To remove e-mail address... puff-m-d

Will discuss via PM. :)

thanks

hi Spanner

i do you a spellchecker it could be that it just isnt catching everything