SecureIt 1.12 (Jan 11 2005)

Discussion in 'other security issues & news' started by Notok, Jan 11, 2005.

Thread Status:
Not open for further replies.
  1. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    One of my new favorite hardening tools

    http://www.sniff-em.com/secureit.shtml

     
  2. kareldjag1

    kareldjag1 Guest

    Hi,

    Good tool for hardening Windows.
    I used recently for a friend.

    There's about 6 or 7 toolls like SecureIt.
    But the little problem is that some of them are available on "offensive" sites.

    There's different methods to hard Windows (TCP/IP, Registry ...).
    Interesting idea for special thread.

    One of this tool is Zigstack(new version recently released).
    I only give a link for a screeshot.
    I let moderators have a look on this site for guetting their permission or not.

    http://xaitax.de/bin/scr/zigstackv5.jpg

    Hard your system before installing an army of protections tools.
    So 100% agree with you NOTOK.

    Regards
     
  3. Ailric

    Ailric Guest

    I'm trying out SecureIT now. I'll be honest, I don't know half of the things SecureIT protects. I mostly go for the recommended settings and see what happens. I would like to see this app with a checklist of protected items rather than it's continuous menu. I would also like to have the option of restoring all the original settings with one click.
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    I like that kind of UI better myself, SafeXP being a good example. SecureIt has some options that the others do not, however, that make it very much worth it, such as it's IE & ActiveX hardening. One thing that it does have above the others is the abilty to use it silently with commandline parameters.

    Just one more goodie to throw in the toolbox :)
     
  5. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Hi,

    I hope I'm posting in the right thread.

    But for all that are using Secure It, I would like you to advise me if it would be safe to run along side all my other security apps.
    I'm very interested in SI but want to get an idea first that it will not
    somehow interfere with my other programs.

    Oki.

    Here's what I've got.

    ZA (free)
    Avast (free)
    Winpatrol
    Prevx
    SpywareBlaster
    SpywareGuard
    IE-Spyad
    CWshredder
    Ad-Aware
    Spybot-SD/ w. Teatimer
    ~~~~~~~~~~~~~~~~
    Also have Script Defender, but will uninstall as I think it isn't
    installed correctly.

    Also would like to add a-squared one of these days.


    What is your opinion ?

    All feedback is very much appreciated.
     
  6. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    SecureIt just disables/configures insecure parts of Windows, so it shouldn't conflict with any other security apps.
     
  7. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Yes, that makes sense. I just wanted to be sure.

    Thank's Notok !
     
  8. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    thanks Notok just loaded up Secure-It 1.0. and Harden-it . Surfing on simplicity I am quite happy with having the recommended settings available. Loads up easily and no conflicts with existing apps so far.
     
  9. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    I have another question please:


    What exactly is the " Universal Plug and Play Device Host" and what is it for ?


    I a long time ago noticed it on the GRC - Site, but dum dum me didn't take the time to throughly read about it.

    (ADD is haunting me at times.....:rolleyes: )

    Thank's.
     
  10. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    I have been using Secure-It without any problems, but chose not to apply the "Disable potential intrusion binaries" option since it requires disabling Windows File Protection. A better solution would be to use Process Guard (free or full) to block the execution of wscript.exe, cscript.exe, ftp.exe, and tftp.exe.

    Nick
     

    Attached Files:

    Last edited: Jan 20, 2005
  11. ~*Nat*~

    ~*Nat*~ Registered Member

    Joined:
    Jul 9, 2004
    Posts:
    8,129
    Location:
    Germany/Ohio-USA ~ between two worlds
    Ok. I just downloaded. So far so good.

    I noticed though that all my sites in the "Trusted Zone" are gone..and "Internet Zone" is in my opinion down to "open doors".
    Is this normal and intended or would I just have to reset my own "higher" settings again ?
     
  12. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    I only use IE for windows updates but I checked and my Internet Zone is set at "medium" I have no sites in the "trusted" any ways . In my restricted zone is "http://related.msn.com" only. Im using firefox though.
     
  13. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    good sites there spanner
    not sure what you guys are running on .... but with xp and ie 6 and latest updates the settings are reasonably tidy by default. I recommend also http://www.blackviper.com/index.html for hardening up the system (xp) . safe xp is also useful http://www.theorica.tk/ and definitely have a play with firefox just for the hell of it. ( I highly recommend that you download, install and give FireFox a try. I have been using this browser with no problems. Spyware? Adware? Pop-Ups? Changing of your home page? Security problems? No issues with FireFox. Some people have spent lots of $ on getting rid of those same problems.
    back to the topic of the thread .... you might email the developer Nat (Thierry Zoller) at ThierryZoller@Sniff-em.com with your issue and see what he says regarding this that you have found. I think he would appreciate any feedback.
     
    Last edited: Jan 20, 2005
  14. Update of the program:

    New in version 1.2 (14/01/2005) :
    · Bug Fix : EnableMulticastForwarding corrected.
    · Feature added : Restrict Anonymous Access
    · Feature added : Restrict Anonymous access to SAM
    · Feature added : Disable Everyone Includes Anonymous
    · Feature added : Show only new updates to this version.
    · Feature added : Revert to default Windows settings optiona added.

    http://www.sniff-em.com/harden-it.shtml
     
  15. funny

    funny Guest

    Heh you notice that too huh?

    It actually conflicts with software such as spywareblaster and IEspyad that put sites into your restricted zone.

    IE will now read from

    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    instead of

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains

    So the restricted sites put into IE by IEspyad or spywareblaster arent used now.


    If you manually add sites you will see they appear in the above area.

    If you have this problem, you can use IEspyad2. No work around for spywareblaster yet.
     
  16. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    what about Harden-It?
    Features :
    · Harden your server's TCP and IP stack
    · Protect your servers from Denial of Service and other network based attacks
    · Enable SYN flood protection when an attack is detected
    · Set the threshold values that are used to determine what constitutes an attack



    these first too are for servers.
    · Harden your server's TCP and IP stack
    · Protect your servers from Denial of Service and other network based attacks

    it says it protects against SYN flood too, that's for a server too, isn't it?. a client sends a server a SYN packet, then the server sends a SYN-ACK message back. i know Nmap has a SYN option, but i've never used it so i don't really know more then that.

    what about "Set the threshold values that are used to determine what constitutes an attack" is that for a server too? thanks.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Yikes, this thread kinda took off! :D

    This was made to make installing network devices easier. For instance if you got a new router, UPnP would pick it up and configure your system for it automatically. Unfortuantely this would allow a hacker to do the same thing. "So you wanna join the network? Here, let me help!" Routers and such are easy enough to install on their own, I wouldn't think this would make things all that much easier, and the risk is just too great.

    That and/or a script blocker. Scriptrap, Script Defender, WormGuard, RegRun's runguard, etc, are all good options. For users that don't want to run such things, or don't know about them, it may not be a bad option, although you're right that disabling WFP isn't the best way to go. Hopefully the developer can get it to re-enable it again after making the change.

    Good catch, I hadn't noticed that. Definitely worth mentioning to the developer. However if you already have a highly restricted Internet Zone, I don't know how much additional protection you would really get from such lists. If you already restrict your Internet Zone more than SecureIt does, there's no reason to leave it turned down. Of course using an alternate browser is always the best way to resolve these things :D

    Couldn't agree more on all points, worth a second mention IMO.

    I doubt it would hurt anything to run it, although I think the protection it offers is most relavant to servers as it would mainly cover attacks personally directed at you by hackers rather than automated attacks by things like worms. It may be a good idea if you use things like IRC, though.

    I'm glad everyone likes this thing. It may not be a total solution, but it's a good way to start when securing your system.
     
  18. Wouldn't it be better for newbies just to run DSOstop, HTAstop, WMPscriptfix, WWDC, Bugoff and perhaps Safexp? It seems like all these additional programs, like secure it and harden it Zigstack and others, are unnecessary and rather confusing for beginners and can cause changes that may cause problems for them. Also the apps I mentioned can be easily disabled with just one click, ok sometimes a couple clicks.
     
  19. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    ***Iceni60, Windows works like an "hidden" server.
    So just a paper about hardening Windows against networks attacks like Syn's ones: http://www.secinf.net/windows_security/Hardening_Windows_NT_Against_Attack.html

    Or this one: http://www.securityfocus.com/infocus/1729


    ***For hardening Windows, there's the old and manualy method.

    It's sometimes better for learning and knowledge.
    From a french paper (but in english):

    http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en


    ***There's also many others tools to hard Windows' security(like gkweb's one):

    *Zigstack (a screenshot in my previous post):

    http://www.securiteam.com/tools/5EP091FC0C.html

    *Xpliser (i don't give the direct link because it' an offensive site):

    What it changes:

    http://www.securiteam.com/tools/5EP081FCKI.html

    http://theinsider.deep-ice.com/readme.txt

    *Xpy: http://xpy.whyeye.org/

    *Xpanti-spy:
    http://xp-antispy.org/content/view/17/47

    Nice Week-End

    Regards
     
  20. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    From the Secure-it newsletter
    Today a security vulnerability was published concerning the

    Microsoft NetDDE Service, the vulnerability consists of a remotely exploitable Buffer Overflow. The systems affected are NT/2000/XP/2003 Server.



    Secure-it 1.22 protected you from this exploit PRIOR to the exploit itself being found. (If you set the recommnded Settings). Thierry Zoller recommends using the Secure-It EXPERT mode and to disable the NETDDE service until a patch is published.



    More information about the vulnerability:

    http://www.ngssoftware.com/advisories/netddefull.txt
     
Thread Status:
Not open for further replies.