Best Hardening Tool

Discussion in 'other anti-malware software' started by LoneWolf, May 7, 2007.

Thread Status:
Not open for further replies.
  1. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I know some will say it's not needed while other say it is.But what would be the best one for hardening? I now have seconfig xp. Would adding Xp Antispy,Harden It,WWDC,Safe Xp or some other one help in any way? I have XP Home and wondering if just Seconfig Xp shuts off enough unnessery services that I don't need. Just a stand alone home PC,no sharing,peer to peer or anything like that.Not looking to add much more since just losing PG Free,Snoopfree and A Squared.Just wondering.
     
  2. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Hi, travellingman, a hardening tool may still be needed depending upon individual's situation, but it reminds me of the similiar case of front-wheel drive vs all-wheel drive. The later one that I refer is whitelist protection, ie. anti-execution app. Your scoty and its sibling would have given you enough protection against unwanted services popping up. The AE may further strengthen and harden your configurations. IMO, a hardening tool may be a yesterday's toy, hardening too deeply may cause system to loose flexibilities. After all, we want full protection, not a stiff box needing WD-40. :p
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I use the following tools:

    Harden-it
    Samurai HIPS
    Seconfig XP
    xp-antispy

    For the most part, they dont overlap so each has its part in securing my computer.

    If youre just concerned about shutting off services, Seconfig XP may be enough.
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I didn't harden either, my security is mainly based on recovery and whitelists.
    I did it extreme, because I replace my system partition with a new one during each reboot, which keeps my system clean, malware-free and trouble-free.
    I don't want to waste my time on solving problems caused by myself, the bad guys or the good guys. I solve all my problems with a reboot, even frozen BSOD's.
    I don't even have to know what happened or how to fix it. Another year working like this and I will be the most stupid member at Wilders.
     
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    So then Seconfig Xp should be enough. Thanks WSFuser.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,055
    The best hardening software you can use resides between the ears. Good old common sense. Let your computer breath and work for you. Harden with common sense, and you will be fine.
     
  7. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Already have that one installed and running.I was just curious about some of the other one's thou. But thanks for your input.
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I only used wwdc and kill the messenger as a tool. I compared information at the other 4 links for what services I disabled. I also made a list of 'before and after' notes prior to disabling my services. I ended up having to enable a few because some programs (Windows Defender)wouldn't work properly. If you do it manually, it's probably best to disable one at a time. I didn't, I disabled about 20 services with proper notes and was really lucky the troubleshooting was easy.:D It's also good to do manually as you learn about some of the services on your machine. I hope this helps a little.

    http://www.tweakhound.com/xp/security/page_3.htm
    http://www.theeldergeek.com/services_guide.htm
    https://www.wilderssecurity.com/showpost.php?p=896115&postcount=44
    http://www.blackviper.com/
    http://www.firewallleaktester.com/wwdc.htm
     
  9. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,040
    Location:
    South Texas, USA
    I wonder what hardening tools are out or going to be out for Windows Vista.

    dja2k
     
  10. EASTER.2010

    EASTER.2010 Guest

    Erik, i have to admit, you have a very unorthodox philosophy or strategic solution to put it in layman's terms, but all in all the chief result is that it WORKS! 100% safe and effective with little or no overhead as in a series of security programs/scanners and all the time which would be required to fish thru those results or even for the programs to solve the issues.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well it works, because I'm testing it.
    Yesterday, I deleted these folders completely under "Program Files"
    - Microsoft Office = 234MB = 1690 Files + 50 Subfolders
    - Mozilla Firefox = 17,9 MB = 171 Files + 21 Subfolders (the rest is on my data partition [D:])
    - Mozilla Thunderbird = 22,8 MB = 153 Files + 24 Subfolders (the rest is on my data partition [D:])
    I did a simple reboot and everything was back and working properly + 100% malware-free in just 2 minuts.

    That's what I call real Immediate System Recovery and I can do this with any object on my system partition.
    Each day I'm getting closer to what I really want. :cool:
     
    Last edited: May 10, 2007
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    I have an even more radical approach that works. It's called F2 = Firewall + Firefox. 100% safe and effective and no overhead.

    If you're lazy, throw in an imaging software once a month or so ...

    Mrk
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's not secure enough, that is just a personal approach without guarantees. Take another person and it won't be Mrkvonic anymore, end of security. I do have Image Backup, too slow and too unhandy. :)
     
  14. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    It works for quite a few people I know - or have taught this concept.
    Very simple. Very straightforward.
    Mrk
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Yes very simple and very straightforward and after awhile you use Image Backup to restore a fresh image to remove all the infections. Good security, if you don't care about anything.
     
  16. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Erik,

    Do you boot to a frozen SS? What do you do in the case where you add a software to your primary SS?

    Reason I ask is: I have several SS going back several days. Each one is updated a day after the last. In other words: today, Thursday, I can go back "as far as" Sunday, tomorrow, Friday I can go back "as far as" Monday. So in case I get infected lets say today and don't realize it until Saturday. I can pick a SS that is 4 days old, boot and copy / update all newer "infected" SS.
    I also have an archived SS copied / updated every Sunday. This is just-in-case I totally drop the ball.
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I don't have a primary snapshot (= work snapshot) and secondary snapshot (= rollback snapshot) anymore.
    I have an off-line snapshot and an on-line snapshot and both are work snapshots.
    Both have common softwares, but also different softwares, which means I can't copy/update between both snapshots anymore or I would destroy one of them. Peter has a similar setup, but his snapshots have a total different usage than mine.

    My online-snapshot is frozen, because I need an automatic copy/update, which I can't forget. I can do it manually, but that's not so easy (I'm too lazy.)

    If I have a new software, I install it off-line and re-freeze my snapshot, but that doesn't happen often. I have all the softwares I need.

    BUT, I try alot of new softwares just to see it one time and then I reboot to get rid of it.

    I always boot in the SAME on-line snapshot and my freeze storage cleans it before Windows starts.
    I have only two snapshot with an archive for each, but my on-line archive is also used as freeze storage.

    As you know FDISR starts with two snapshots (work and rollback) to learn FDISR, but once you are experienced, you start improvising and that's why most experienced users use FDISR in a different way, sometimes very different. FDISR has no rules, only technical rules, that's why it's so versatile. :)

    My personal data, emails, etc. is on another harddrive/partition and that gives me total freedom in my system partition.
     
  18. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Seems to me that we're using two totally different procedures to accomplish basically the same end result: keep a clean machine.
    I think I'll stick w/ my method. Although I use much more HDD space. It gives me the versatility to try a new app (for up to 7 days) without giving it much thought.
     
  19. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I want 4 things with the same solution :
    1. A clean system partition without crap.
    2. A 100% malware-free system partition.
    3. A trouble-free system partition.
    4. A test machine.
    Each problem, IF it happens is solved with a reboot and a reboot doesn't require a deep knowledge.

    My off-line snapshot is for working quietly without any disturbance and is my refuge snapshot, if something terrible happens in my on-line snapshot.
     
  20. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Hi, Screamer: Allow me to drop in. Although I do not have FD-ISR anymore-since I use DeepFreeze. I do miss its versatility, I wish FD-ISR can stay w/ DF. Screamer, the method you use may have a disadvantage: You have 7 snapshots covering 7 days, and relacing them w/ newer one as day goes by. Let us assume you would have got infected on SS#3, and you did not realize until day 5, when you decided to run a scanner(your real time one would have spotted the malware the moment it attacked you on day#3). How do you know on which day you get infected when scanner discovered the problem, and subsequently revert it to there? Meantime you already have few not-so-cleaned days lapsed w/o knowing it, does this bother you at all ? Rebooting w/ frozen SS in FD-ISR's case may consume more disk space, but one fact is very clear= having a clean and safe system everyday, everytime. That is exactly what I have discovered w/ DF's frozen mode. Just few thoughts for your consideration. Have a nice one.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    Erik, no infections whatsoever.

    That's what I told you already. Get off the panic tree and enjoy the ride. No special magic is needed to enjoy fun Internet. No infections if you use F2. Only need to follow 4 golden rules:

    1. Default deny; deny first, ask a smart friend later.
    2. Do not open stupid attachments - ask friend.
    3. Do not download crap - ask friend.
    4. Update your software periodically.

    That's it. No reimaging to clean installations. Takes talent to get infected.

    Mrk
     
  22. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    In Win9x days we called it "tweaking" and most was done manually, such as taking care of NetBios, which programs like Seconfig XP can to more easily.

    Programs like the MS PowerToys, including TweakUI, permit Registry changes through a GUI rather than manually in the Registry. I still use SendTo and DosHERE, along with TweakUI and others.

    My caution with these is that you should know exactly what they do. Example:

    XPAntispy description
    http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/XPAntispy.shtml
    I would be 'suspicious' and wary about letting a program disable stuff without my approving it - which maybe you can, but I would be sure.

    Too many examples of people arbitrarily disabling things, only to find out later that one of their programs doesn't work properly.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  23. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Too many human mistakes possible and people DO make mistakes.
    I want my system back, even when I make a mistake. :)
     
  24. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    Hi Perman,

    Since my SS are rotating daily. The only possibility of infection is in SS #1 (the current / Primary SS) If I do not "catch it" until day three,(allowing Primary to update / copy to Daily SS, Second SS or Third SS) I know enough to copy / update any SS prior to the detection of infection.

    Then again, that's where real-time AV & AS apps are necessary.
     

    Attached Files:

  25. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's the main reason, why my freeze storage is based on an off-line installation and why my security setup has NO scanners anymore.
    I don't need scanners to clean my computer, because I use my freeze storage as a WHITELIST for my frozen on-line snapshot. No missing signatures and no false/positives anymore and I clean my computer 100% in 100 seconds during reboot.
     
    Last edited: May 10, 2007
Loading...
Thread Status:
Not open for further replies.