Securing a new computer?

Discussion in 'other security issues & news' started by kurchatovium, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    How should one secure a new computer.

    Should one first install non security based programs?

    then install restore software like Acronis True Image or Norton Ghost and make a back up image of the computer thus far?

    What order would you install the antivrus/antispyware/firewall software or are security suites better?

    Are there any other utilities or software that should be added?

    I am new here. I hope this thread is in the right place. :D
     
  2. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Hi & welcome to Wilders.

    I expect you will get some differing opinions in answer to your question.

    When I reinstall the operating system on my machine (the equivalent of
    starting with a new machine) briefly, here's what I do:

    1. Make sure the firewall is turned on of it's XP or Vista, or install
    a third party firewall, before anything else, including connecting
    to the Internet.

    2. Disable unneeded vulnerable Windows services (if you know how).

    3. Go to MS Windows update, and install all high priority patches.

    4. Install an anti-virus, and make sure it's updated and running.

    5. Install imaging software and image the system, and store the image
    on a different drive (external is best). If your system is new
    from the store, you may want to make this your first step, but
    beware that if you restore that image, it won't have the MS security
    updates.

    6. Install the rest of my security software.

    7. Make another image.

    8. Install the rest of my software.

    9. Make another image.

    Hope this helps.
     
  3. Cerxes

    Cerxes Registered Member

    Joined:
    Sep 6, 2005
    Posts:
    581
    Location:
    Northern Europe
    Only want to add this page regarding services, which could be a useful reference when tweaking.

    /C.
     
  4. Dogbiscuit

    Dogbiscuit Guest

    I would do the following before considering the security software:

    1. Keep system and all other software fully patched at all times. Updated software can prevent all kinds of problems in the first place that firewalls and anti-virus software are, in part, designed to protect against.
    2. Use a router or a well-known firewall - even the Windows XP firewall is very good, if it fits your needs. (You should do this before connecting to the internet.)
    3. Use a Limited User Account - this is safer than using anti-virus software in an admin account, even considering privilege escalation vulnerabilities (keep patched).
    4. Consider using an alternative browser. Alternative browsers are still targeted far less often than IE for 'drive-by' downloads when the browser is not kept up-to-date.
    5. Use image backup software. (Do this before anything else if you want a clean, fresh from the factory image of your system, as FadeAway mentioned in his post.)

    Any software you add (AV, AS, HIPS, etc.) to address an attack vector then depends upon your habits, your expertise, concerns for privacy, etc.
     
    Last edited by a moderator: Nov 24, 2007
  5. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Wow thanks for all the replies. All good advice I think.

    Does anyone here use any of the Anonymizer software like Tor? Is that something that is necessary for security these days?

    I likely will stick with the essentials a good firewall, good antivirus, good antispyware and some image back up software. I have always thought the ultimate security software is the lump of gray matter there behind ones eyes. ;) :D
     
  6. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    I have personally never felt the need for such services. I just
    consider that anything I do on the Internet belongs to the whole
    world forever, and act accordingly. There are mountains of information
    on the subject, both at Wilders and from search engines like Google,
    to help you decide. If you are worried about financial and commercial
    traffic, look for the encrypted connection icon at the bottom of your
    browser when you connect to your bank or a retail online store to
    finalize a transaction.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Not only 3rd-party browsers are targeted far less often, they also get patched faster and in the case of Firefox you also get NoScript, the only tool against XSS.
     
  8. clambermatic

    clambermatic Registered Member

    Joined:
    Oct 10, 2007
    Posts:
    216
    "lucasXXXX" ... i fully agree with your opinion. :thumb:
     
  9. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Yes I am thinking of using a 3rd party browser as well. I know most use Firefox, but has anyone tried Opera?
     
  10. Dogbiscuit

    Dogbiscuit Guest

    Yes. For non-browser-specific-based solutions, don't Haute Security and LinkScanner Pro also have anti-XSS protection?
     
  11. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Opera ime is the best.
     
  12. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    I think that both LSP and HS provide some anti-XSS protection, but NoScript covers almost all variants.
    NoScript is very powerful, it also protects against 0-day exploits related to plug-ins (Quick Time, Adobe, Java)
     
  13. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    I have never heard fo NoScript before. What exactly does it do? Is it specifically to prevent JavaScript type malware?
     
  14. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Drive-by downloads (the most prominent source of infections) are usually conduced via obfuscated scripts exploiting vulnerabilities in the HTML parsing engines or 3rd-party plug-ins (Windows Media Player, Quick Time, Adobe Reader). NoScript prevents all this
     
  15. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Thanks lucas1985 I will check it out.
     
  16. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I prefer Opera too.
    It's a personal preference more than anything else.Firefox is very good in it's own right also.
     
  17. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Welcome,
    1) I don't think the order to install non-security programs are that critical. However, if you do install them after the security based programs, you will have to expect a lot of warning message popups being generated when you install a non-security program because it was not previously on your system.
    2) Restore type programs do not necessarily have to be installed after all of your other programs
    3) The firewall should be installed before you attempt to connect outside of your computer. Whether the Antivirus, Antispyware, and Firewall is installed before/after the others is not that critical.
    4) There are many types of security software that can be used besides the types that you mention. Besides alternative browser programs and backup programs, there is virtualization programs such as Returnil. Many other Operating system monitoring programs can be installed to inspect any attempt to change any system setting.
     
  18. herbalist

    herbalist Guest

    If you'll be using an app like Acronis, make a backup of your original system to start. That way, you'll always have a starting point you can easily revert to should something you install not work well. Beyond that, I'd install the basic security apps first. I use an Acronis rescue CD instead of the installed program and make several backups as I go when setting up a new system.
    Rick
     
  19. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Thanks I purchased a copy of Acronis True Image 11 for my new laptop, That should help in case all else fails.
     
  20. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
  21. herbalist

    herbalist Guest

    gkweb,
    Good articles. Nice work.

    kurchatovium,
    A couple of additional suggestions in addition to gkwebs writeups and the rest of the suggestions posted. If you have a separate PC working, download service pack 2 and burn a copy of it. This way, you can get the biggest update installed without going online.

    Having separate partitions for your system and data files makes it easier to set up a realistic backup schedule. On mine, I set up a 3rd partition for system and data backups. I suggest making multiple backups as you build your system, starting with a copy of the OS after the initial install and setup. After you get the updates installed, services disabled, and the rest of the tweaking done, make another. I'd make the firewall the first item installed. If you're installing IE7, make a backup before you do, in case you change your mind. I made about 10 separate backups as I built my last system. That way, if I decided I didn't want a particular app or it caused problems, I didn't have to re-install nearly as much to get back to where I started. Once your system is built, I'd suggest a backup before every new install, which makes it easy to revert back to whatever point you want. The data partition is best done on a schedule. How often depends on how much it changes in a given time period.

    Regarding alternate browsers, another one you might like is Sea Monkey. It's similar to firefox but also has a mail handler, webpage composer, and other components. The alternate browsers are more secure "out of the box" compared to Internet Explorer. Internet Explorer can be greatly improved with proper configuring. The alternate browsers may be more resistant to the exploits that have plagued IE6 but they can be attacked. The more popular they get, the more they'll be attacked. Like the operating system, they need to be kept up to date. This applies to all software that handles content from the web. Don't forget to get the latest copies of Java, flash, etc, if you're installing them.

    Regarding anonymizing apps and TOR, you have to decide if you truly need to be anonymous. The idea of being completely anonymous is tempting but is seldom actually necessary. You do sacrifice speed with TOR and most proxy services. I have TOR and proxy software installed but only use them when I really need to. In this present world of paranoia with the powers that be monitoring or tracking everybody they can, it wouldn't suprise me at all if they've found a way to track people thru TOR.

    Rick
     
  22. kurchatovium

    kurchatovium Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    89
    Thanks for the suggestions and your time. Most of my OS have Window XP SP2, the laptop I will soon take on the net is Vista. I do however keep copies of most of the security updates I download. I have dialup, no time to redownoad. :D

    I doubt I will use Tor, like you said one can get overly paranoid about these things. :D

    I will look into Sea Monkey. I would like to have a few browsers installed and operating as a back up. I hope they dont conflict. I dont think Firefox or Opera does.
     
  23. poet

    poet Registered Member

    Joined:
    Dec 2, 2007
    Posts:
    1
    Great posts everyone... indeed a very useful forum;

    SO, has anyone tried any virtual PC apps like the one previously suggested (Returnil)?
     
  24. alien51

    alien51 Registered Member

    Joined:
    Jun 6, 2005
    Posts:
    9
    I'd only add a comment to the excellent suggestions you've already got. Anonymity and security: they are totally different things although there is a fine line that can connect the two.

    Anonymity relates to your identity while you act online. Anonymous software are usually geared to hiding your IP (which tracks back to your true identity through your internet provider account). But the fact that you're anonymous doesn't protect you from the typical attacks which are intended to gain control of your machine. If you download malicious software, purposely or inadvertently, you're still going to get infected regardless of being anonymous.

    Tor is very effective in hiding your IP (actually changing it to someone else's). But there are other ways to give away your identity through headers and even what you post. Anonymity involves much more than simply hiding your IP.

    Depending on the case, posting your opinions online may represent a threat to your job, to your reputation, or even to your life. In that respect, anonymity can be seen as "security". Another situation where it is associated with "security" relates to identity theft; you can find yourself in a serious hole if unscrupulous groups act posing as yourself. That's the line which ties anonymity and security. Understand that security in this case is not in the classical sense that is customarily discussed when talking about safe computing.
     
Loading...
Thread Status:
Not open for further replies.