Am I SECURE Enough ?

Discussion in 'other security issues & news' started by squash, Aug 20, 2004.

Thread Status:
Not open for further replies.
  1. squash

    squash Guest

    OS: Windows XP Home Edition (No security patches or service packs except for Blaster and Sasser)
    Firewall: Kerio Personal Firewall 4
    AV: AVG Anti-Virus 6 Free Edition
    AS: Ad-Aware SE 1.03
    Web Browser: Mozilla Firefox 0.9.3

    Other: Abtrusion Protector, DiamondCS RegProt and Autostart Viewer
    Turned off unncessary services with services.msc, Am careful before downloading anything (don't download from inreputable sites), Uninstalled some services and left TCP/IP only... Turned off Windows Scripting Host and check Task manager to see if there are any more processes then the normal

    Am I dial-up so IP Adress changes randomly each dial-up
    Is a Home computer...

    Am I SECURE Enough ?
     
  2. squash

    squash Guest

    I am aiming for simplicity then a whole bunch of security applications that I may not need or use. I've never had a problem with this current security setup even if I've only download 2 security patches... It works for me... but I'm asking to see if it adequete enough for the future.
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Get to windows update and get those updates and patches, they are important in keeping your computer secure and safe.

    bigc
     
  4. squash

    squash Guest

    Unfortunately, I use dial-up Internet... and there are some 50 or 60 critical updates... If Microsoft offered a free SP2 CD it would might be a major helping hand...

    I don't think that crackers are going to target this computer out of the millions that use the internet though and further more, some of the patches are for computers that use Internet Explorer, and I don't use Internet Explorer... so it would be a burden to download and apply some patches that I don't need
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    I absolutely reiterate bigc's comment.. unless you "really really" know what you are doing, do the Windows Updates of critical patches/packs [maybe not SP2 yet].

    Your AV may be a good one, but for "backup only" IMO, you do need to get a recognised better one, as to which, I will only say search for "best av" and you are bound to be flooded by threads, this issue is rehashed over and over as a lot of new people invariably ask that question. ;)

    The fact you are on dial up [like I am] will only help in prevention of "hacking" [not that that is high on the agenda], your main concern is still 'drive-by' ActiveX, etc.

    Honestly, I also recommend SpywareBlaster or some other form of an RTM of browsing help as in Spybot's TeaTimer or AdWatch [only in AdAware PLUS/PRO paid].

    But the best bet is the free SpywareBlaster and SpywareGuard.... SWB blocks against ActiveX baddies and bad cookies, and SG blocks again browser hijacking.

    Just my opinion.

    You have a firewall, good
    Also, get a good HOSTS file, do search for that. Stops you being directed to bad sites.

    There would be more I would do, but those are a minimum as you wanted.

    Certainly would not do any harm to even download a good anti-trojan program as an OnDemand only, just to do manual scan every now and then... or at very least, do an online scan of your system each month, whatever.

    Cheers, TAS
     
  6. squash

    squash Guest

    G'Day,

    Thanks for you replies... I might considering getting SpywareBlaster... but the HOSTS files is a problem... I tried it once and it would take 1 minutes before any internet connection would come through... I had tried ewido and a2 but I don't think they are reputable enough for me to use and they are pretty useless IMO because they are not realtime. And I think I really really know what I am doing when I download a program.

    As for viruses, when I used Opera - i still managed to get a virus, in which Norton (a OEM verson, I used at the time) alerted me. So it is POSSIBLE to get a javascript virus even if a person uses a browser other from Internet Explorer or a Internet Explorer shell.

    Would it be advisable to REPLACE Ad-Aware wtih SpywareBlaster ?, as currently I don't find any spyware with Firefox apart from tracking cookies - in which I can clear regularly. And plus Ad-aware has not found a think since I have used Gecko based browsers and I know what is a spyware program and is not a spyware program. Firefox does not readily support ActiveX by default, so I am pretty alright with spyware.

    So to simply this down I want to

    Ad-Aware REPLACED by Spyware Blaster
    and with Abtrusion Protector as backup - which takes a snapshot of programs and prevents any programs from being installed without user intervention.

    ?
     
  7. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Nope, keep AdAware.

    SpywareBlaster is NOT a scanner... you install it, update, then "enable protection' which means it sets "killbits" for ActiveX in the Registry.

    This prevents installation of said bad ActiveX in the first place behind your back. It's more of a "set and forget" kind of thing, apart from updating.
    Updating is done thru the program and is 'manual' but if you donate and register it, there is an automatic update feature in it.

    Spybot Search and Destroy, that's very similar to AdAware, they compliment each other. It's a scanner but it also protects your registry as it can take a snaphot, etc.

    It also will do a Registry back up upon installing, so just to alert you to that fact when you install it. You will need to go thru it a bit, with settings, etc.

    As to an AT... I personally use TDS3. Now that is not free, but, you can download, get the latest updates manually, and it still functions as normal with scanning, etc.

    The 2 differences being:
    1: No Real Time Protection [but it's worth getting for that IMO]
    2: Cannot do updates thru the program, you have to go to site and grab the latest 'radius.td3' file which is the database, you can rename the current one to say 'radius.tds.bak' and then drop the new one into the folder [or simply overwrite it with the new one] and restart TDS so it's current with its updates.

    Cheers, TAS

    edit to add: re your HOSTS file trouble... how many entries were in the lists. there could be a delay if you have several 10's thousands some report. Mine is a basic one of around 8000 sites. I am on dial up... have no delay at all. I have seen some people using as many as 200k +... man... lol.
     
  8. squash

    squash Guest

    This SpywareBlaster thing sounds like some good quality software from Javacool (I use MRU-Blaster, and it's excellent with a nice no-frills interface). I've tried Spybot but it is kind of wierd IMO, with a bad interface, freezes, the works.

    For the ActiveX problems, I've disabled Windows Script Host in XP, so they'll take care of ActiveX, VBScripts etc. that may be executed with Abtrusion Protector as back-up.

    Hackers, Intrusions > Kerio
    Viruses, Trojans > AVG
    Spyware > Firefox set to deny 3rd party cookies, planning to get spyware, ad-aware

    System > Regular System Restore backups, abtrusion protector and regprot to protect install directory, registry from any changes and boot protection...

    So except for the lack of a high-quality antivirus (I use AVG) and not applying almost all the patches... I'll say I'm doing just fine. I try to use Open Source products so'll that'll help too...
     
  9. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi squash,

    Just a few things.
    Get a good reliable imaging backup program that can make bootable CDs or DVDs and use it. You spent a long time tweaking, configuring, and tuning your security. It would be such a waste to lose all that time when a new type of worm (perhaps able to penetrate the firewall) takes it all away. Even the most security concious people can slip up. All it takes is one click.

    I assume you properly configured each component of your security? Like tightening up the rules in KPF. Password protect KPF (if that is possible).
    Configure Firefox (uncheck auto install plugins, uncheck java, etc.)
    (sidenote, while on FF, get Adblock extension. Why waste dial up time dl ads?)

    SWB is good. So is SG.
    I would keep Adaware SE too.
    I would spend the time and get the critical updates also.
    You could also consider HTAStop2003, DSOstop2, WWDC, GRC.com: Xpdite, etc. especially if you are going to leave your windows vulnerable by not patching.
    For registry protection RegProt was problematic. Tea Timer was better. If you want better (more configurable), check out the thread on Registry Monitor Comparison.

    HTH
     
  10. squash

    squash Guest

    Yes, I already use Firefox with Adblock already, and I've configured it to disabled Java, but keep Javascripted enabled because many sites use this type of technology.

    As for backup software, This computer doesn't have a CD-RW (CD Burner) or the equvalent, so I'll have to rely on System Restore and use my knowledge not to something stupid.

    I've already used the various GRC.COM, HTAStop2003, DSOstop2 and a program called SafeXP... too...
     
  11. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Yes, you are right, it's what runs well on your system that counts the most Squash. No matter how good a product is, if it keeps screwing up on your particular configuration then it's no good to you.

    If you got your PC set up how you like it, with basic protection, then that is all that matters. :)

    You seem to know what's what, so apart from maybe getting a more protected database/detection AV, then you are fine.

    Although plenty of people are quite happy with AVG by itself, but there certainly is room for improvement in it as compared to Kaspersky, McAfee, F-Prot, etc. etc.

    Anyhow, happy surfing. :)

    Cheers, TAS
     
  12. squash

    squash Guest

    THANKS alot to all people who replied.
    I knew that I had enough protection... and I just wanted some assurance from people who have had experience in the field of security... Of which I read from various security websites I have gained some very valuable experience.

    The Internet can be a safe place, but it can be a dangerous place. Every thing has its pros and cons, and so is this type of technology.

    Anyway, concerning AVG not being a high-detection rate anti-virus, I would HAVE tried and possibly used Avast! except for the reason the form asks me to provide my home address to them in the registration for the free home registration... thing... oh well...

    I've never tried Avast!, but AVG works for me... it may not have the best interface, but at least it's not buggy and freezes at times like Spybot... :)
     
  13. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    squash,
    I don't understand this part. You can't trust this security company to protect your home address info and yet if they did not require it, you would trust them with protecting your computer?
     
  14. squash

    squash Guest

    Yes.
    I don't see why a company like Avast! would need someone's home address... unlike AVG Registration which only requires a name and e-mail address...
     
  15. squash

    squash Guest

    Anyway, I tried SpywareBlaster and I am very impressed with it, nice simple yet effective user interface with a very nice range of useful options such as saving the HOST File and protection for the web browser I use (Firefox).

    Very nice software, Javacool
     
  16. squash

    squash Guest

    I don't see how people don't apply patches and get hacked...
    There are many people who can't be bothered or don't know what a security patch is... and I don't think they have ever been hacked by crackers exploiting their computer through that way... for the exception for the other threats like viruses, trojans etc.

    What IF... a cracker tries to crack a person by a security hole, I mean with Kerio Personal Firewall with IDS (Intrusion Detection) should do as the name suggests... I think that viruses, trojans, keyloggers and spyware are the biggest threats....

    Who have you seen has been hacked who has a Firewall and Antivirus at least, and not apply a security patch and get hacked because of not applying a security patch ?!...

    The only instance that computers I used were cracked were due to:

    1. When I was newer to computers, I opened some supposedly 'fun' program and did not have an antivirus > Trojan

    2. The WMI (A service in Windows XP) didn't work, and i couldn't enable the built in XP firewall to temporary use it and download Kerio... and by the time i could even download Kerio... some cracker used an ftp.exe (that Windows XP has) and the cracker uploaded some trojan with that ftp.exe > I deleted ftp.exe by disabling Windows File Protection... and cleaned the trojan with AVG - but I had to reinstall because I thought I would be better off... and there might be hidden traces of the anti-trojan ... aw well

    Now I am heaps heaps better... I havn't got a trojan, virus, spyware, dialer or keylogger in months... :)
     
  17. Justhelping

    Justhelping Guest

    Yes, I have lots of times. Most are using Internet explorer though.

    Good to hear, but it's much better to close a security hole with a patch compared to covering it up with a firewall.
     
  18. squash

    squash Guest

    Yes, that is mostly when a person uses Internet Explorer... but what I meant was AV+Firewall+Browser other then IE with a person who knows what they are really doing...

    With a firewall with IDS (Intrusion Detection System) or something, if it works for me... then yes :) ... I don't see how some patch would make any difference, since if I use a firewall that stealths the hackers wouldn't know I'm online anyway... and all the other security vulnerabilities I would need to care about is mainly in the browser... but I use Mozilla Firefox, so I don't need to really care THAT much... except I wish that mozilla firefox had a security patches section instead of making people upgrade each time...
     
  19. honorable1nut

    honorable1nut Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    19
    AVG is a very good AV, especially for free. No particular need for another as it will cause problems and confusion.

    In regards to updates. GET THEM!! Especially the critical ones. As already stated, better to fix the problem, then just cover it up.

    Also, you can order SP2, on cd, for free. Get it!! Then disable security center, firewall, and auto updates, provided you have enough sense to manually check for updates.

    Spywareblaster, Adaware, and Spybot are all almost necessities now a days.
     
  20. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Squash,

    I'm going to sound a discordant note here - but if you are running a (properly configured) firewall and avoid using any Microsoft applications then there is little need to apply most Windows patches. Many are for specific applications (e.g. Internet Explorer, Outlook Express) so if you never use these applications (and block them with your firewall to make sure they don't get invoked by other software) then no updates for them should be necessary.

    IE does require a little extra care though - it is mandatory for Windows Update so I would suggest disabling Windows Update and checking the Microsoft Security Bulletins page for critical updates instead (this also avoids having your system information recorded by Windows Update should you wish to keep it private). Also be aware that other applications may use IE code (e.g. Stardock Central) so I would advise limiting their access as much as possible (i.e. allow access to necessary domains only).

    As for Windows itself, a properly configured (I have to stress this here) firewall should block any Windows remote-access exploit since the firewall should receive and filter incoming network packets before they reach Windows' own network subsystem (avoiding the need to patch any remote-access exploits). At this point, you should only need to pay attention to those applications permitted network access (your browser and email client at the minimum - these may need patching if vulnerabilities are discovered). If you share your computer with others however, you will need to address local exploits (e.g. ones that allow a normal user to gain Administrator access) via the appropriate Windows patches.

    Spyware and browser hijacking is pretty much a non-issue with Firefox. While all those recommending anti-spyware software doubtless mean well (and the suggestions make sense with IE), I would suggest that you would be better served with a general web filter (some firewalls like Kerio Pro and Outpost include these - but a specialised one like Proxomitron can offer far more flexibility) configured to strip out all active content (ActiveX, Java, Javascript, etc) except for sites you trust. This should protect you against all past, current and future web exploits. Make sure that any active content in email is also covered (and consider blocking any web access by your email software to stop it from trying to access spam web bugs or phishing exploits).

    Furthermore you have a second line of defense in your use of Abtrusion Protector and RegProt. Further security applications may give you greater control and understanding of your system, but should not be regarded as a necessity at this stage.
     
  21. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I should also stress the importance of "download hygiene" - if you download files from questionable or anonymous sources (P2P networks, Internet Relay Chat, Usenet or "warez" websites) then you should consider running specialised anti-trojan software.
     
  22. squash

    squash Guest

    Thanks Paranoid2000 for your educational read,

    I tried a web content filters - not proxomitron because I don't trust it - seeing that the author sadly passed away ? thats what i heard on proxomiton.info anyway and there would be no better updates and the GUI looks like a tor shop... but I had tried WebWasher which is similar and I think (at time of writing) the classic version is free for non-commercial, home use but it made some problems with websites I've encountered including forums which use the same vBulletin as this one, which does NOT correctly render properly in Firefox until I have turned it off... I have found a suitable replacement which is the AdBlock extension for firefox and it seems to block almost all the major ads from advertising without the glitches of creative websites incorrectly and the background resource....

    And I do NOT download from any questionable websites such as P2P, Warez, Underground websites or IRC... They mostly contain illegal software or futhermore the program might contain a trojan, virus or may even be hacked and reverse engineered to have hidden code from it... I use FREE alternatives instead such as the GIMP instead of Adobe Photoshop and OpenOffice.org instead of Microsoft Word for my needs without having to resort to these type of misbehaviour... With open source, free alternatives even that I won't be bothered to view the source code, I can be assured that the repuability of the software is from more then just one author with the source code as assurance that the code doesn't contain any viruses. However, it should be with caution that I don't go to sites that claim to be open source but in fact contains bad code and tricks a person... Some of the websites that host opensource software isn't what you call a domain name but sub-domain or hosted on sourceforge... but I make sure that the software is known by visitng a opensource directory to see if the software is listed...
     
  23. squash

    squash Guest

    And I try to only limit the websites from which I download and check to see if the authors website or companys website has a postal address (AT LEAST)... instead of just a bunch of e-mail addresses.

    If it has a postal address, location address, telephone numbers and e-mail address then I would think that the company what be reptuable enough. But it would be also be wise to check the website design to see if it modern... if it looks like it is made in frontpage... a person can check the source code of the website - and see if there is a frontpage heading code... then I wouldn't really trust it at all...
     
  24. squash

    squash Guest

    Just to keep an update:

    OS: Windows XP Home Edition

    Web Browser: Mozilla Firefox 0.9.3 (with AdBlock Extension) - Default and Primary Web browser also configured to deny referrers and deny Third party cookies

    FW: Kerio Personal Firewall 4 - Limited Free Edition
    AV: Grisoft AVG 6 Free Edition with boot protection
    AS: Lavasoft Ad-aware SE 1.03 and Javacool Spyware Blaster 3.2

    Intrusion: Abtrusion Protector (Protects install directory, registry and boot protection) and Kerio Firewall's IDS

    Registry: Abtusion Protector registry protect setting and also DiamondCS RegProt

    Backup: Windows XP System Restore

    Windows XP Updates: 2 - The Blaster and Sasser ones

    Other: I've got Eraser which has Gutman 35 pass deletion capability and DiamondCS AutoStart Viewer and I check the XP task manager for the number of processes and I'll know if there is even 1 additional process...

    I also hardly ever use any Microsoft products except for Windows Media Player and sometimes MSN Messenger, I've replaced with others instead like open source and freeware ones and I rarely use - if ever Internet Explorer...

    Cleared registry with registry cleaners, and only installed programs that I need.

    Tweaked services.msc, deleted some services left only TCP/IP... Also used various GRC.COM utilities like DCOMBulator etc. and others such as HTASTOP and SafeXP...

    I am very very very careful not to do something bad like open trojans, viruses etc. I DO NOT never ever ever download from IRC, P2P, Underground sites or other anonymous places...

    When I download a program... but I now try to limit to the current set of programs on that computer... I would:

    1. Look at the site design, to see if it looks reputable and not frontpage made - even viewed source code

    2. Read the features and see what it does

    3. Look the authors of companys postal, location address, telephone number and e-mails and if possible the names and a picture of the author.

    4. Search on Google to see if any people have used the program is popular and if there nay conflicts

    5. Check if it is widely used

    6. If I decide to download, I'll scan with AVG, Ad-aware

    I've also disabled Windows file protection then deleted the ftp.exe program or something that is in windows xp... due to from my experience... a hacker downloaded a trojan with that program... after that i turned back the WFP...

    This is a home computer... and I'm the only user
    The computer is password protected including the administator account by going into safe mode... if others use the computer i try and make sure i'm there to see what they are doing... I don't trust them to use the computer on their own :p

    I HOPE am I secure ENOUGH...!!! :)
     
  25. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You still need the windows updates to be secure with windows, sp2 prefered it has all the critical updates included.
     
Loading...
Thread Status:
Not open for further replies.