securing your pc

Discussion in 'other security issues & news' started by peakaboo, Dec 8, 2002.

Thread Status:
Not open for further replies.
  1. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I was @ http://www.wilders.org/securing_your_pc.htm



    just peaking around trying to find out more info on SSM (System Safety Monitor program) and noticed at the bottom security suggestions, and a few stood out for me:

    ? disable HTML in your e-mail software;
    ? rename shscrap.dll to shscrapold;
    ? install HTAstop; for more info look at our free tools page.
    ? install DSOstop; for more info look at our free tools page

    Some questions on above:

    1) How does one know if HTML mail is enabled, and if it is how does one disable for example netscape messenger, or hotmail.com

    2) what does shscrap.dll do and why rename it, what is impact of renaming this .dll

    3) HTA Stop and DSO stop worth installing or not?

    TIA




    url repaired==bigc
     
    Last edited by a moderator: Apr 11, 2004
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Hi peakaboo,

    Some good questions there, I'm glad you reposted them over here, as I was about to do that myself. ;) So, to answer your questions...

    1. Many email clients allow you to use either plain text, rich-text (MS products anyway) or HTML to read and compose your email messages. Most of the time there are options in the "Preferences..." menu item to help you choose which of these your client will use. You may need to go looking through the options to find where you configure this.

    Here is a site with an overview of using HTML in email. Searching at Google for "HTML email" with or without other keywords will find a lot on this subject.

    http://www.ibiztips.com/email19FEB01.htm

    You could also look through the built-in help in Netscape for specific information on your product. Also, here's the company's general help site:

    http://channels.netscape.com/ns/help/default.jsp


    2. "shscrap.dll" is a fine example of Microsoft providing ease of use capabilities, with no thought for security. You can think of these files (i.e. files ending in the extension .shs) as containers for other kinds of files. A .shs file could be anything, including an executable program, but it can look like any other type of file to fool you into opening it (aka. running it).

    Renaming shscrap.dll disables the file type ".shs" to which I can find no downside. Almost no one uses .shs files for anything. It's a "feature in search of a use". And you don't need it. Here are a couple reference sites for shs:

    http://www.cknow.com/cknewsletter/0407.htm#scrapfiles

    http://www.pc-help.org/security/scrap.htm


    3. And as to whether "HTAStop and DSOstop are worth installing?", my response is Why not? Using these two tools to ensure your system is protected can not hurt you at all. Yes, you may be patched and/or configured so that these are no longer an issue, but, again, using these won't hurt.

    There is interesting, if a little old, information here on one real-world threat that made use of the HTA exploit:

    http://vil.nai.com/vil/content/v_98855.htm

    The recommendations at the Wilders.org Security page can make a significant difference in how vulnerable your system is, regardless of whatever other tools or security applications you may be running. To my knowledge, these recommendations have never caused anyone any harm and as you see from the descriptions, they are easily reversed if you wish.

    Hope this helps to explains these,
    LowWaterMark
     
  3. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    LowWaterMark,

    I appreciate your response.

    Helps a lot.

    Thank You
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    My pleasure peakaboo - truly. :)

    Having questions to answer can be just as important to forum participants as getting answer to questions. It is all good, and helps to make any forum all the more valuable.

    Best Wishes,
    LowWaterMark
     
  5. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I could not find an option for incoming email - there may not be one as far as I can tell, so you may want to consider a program like mailwasher

    http://www.mailwasher.net/

    the latest beta version 2.0.19 beta covers hotmail and a whole lot more

    the Latest Stable Version is: 1.33

    I have not tried either, waiting for the beta to become the stable

    Those using NS messenger you can find the option to change from composing email using HTML editor to plain text under:

    edit, preferences, mail & newsgroups, formatting

    under message formatting select plain text editor

    also you may want to consider going to SSL or TLS always under mail servers if it works for you.
     
  6. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    thought I would put this here too:

    the privacy issue (includes cookie handling & other browser privacy issues) and also the pc performance issue.

    For me the answer is:

    cookie wall
    adshield
    proxomitron

    Best freeware programs on the net IMO.

    If you get a chance, take a peak at the following links:

    http://privacy.net/

    click on full analysis and see how much info can be pulled.

    more tests - you should be able to pass them all:

    http://www.pcflank.com/browser_test1.htm

    http://www.pcflank.com/scanner1s.htm

    http://www.jasons-toolbox.com/BrowserSecurity/

    http://browsercheck.qualys.com/

    http://www.dslreports.com/scan

    Good Luck

    after running some of the tests above, if you find privacy is an issue, then I believe it follows that performance may be vulnerable so feel free to check this link out and look for my post on proxo (free proggie):

    http:// http:// https://www.wilderssecurity.com/showthread.php?t=4927;start=0

    Just saw a post by LowWaterMark re: AdSubtract

    looks like a nice little proggie and based on features on their website looks like it can do it all in a single proggie (although not free)

    link here: https://www.wilderssecurity.com/showthread.php?t=5371



    url's repaired==bigc
     
    Last edited by a moderator: Apr 11, 2004
  7. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    The following may not make you any more secure, but it may make you feel better if your firewall log is filling up with TCP, UDP, & ICMP scan warnings and you don't know who to alert concerning your plight:

    http://security2.norton.com/ssc/vr_main.asp?j=0&langid=us&venid=sym&plfid=20&pkj=GQFPPWFYJOKMFIDPMSV

    using Norton's check servers, you can back trace anonymously and when the trace is done, you can click under the network heading for the IP address that is f*ing w/u and a pop up window will do a who is using

    Whois database, last updated 2002-11-25 19:05
    # Enter ? for additional hints on searching ARIN's Whois database.

    details on who to contact for abuse are provided if available.

    Warning if you are stealth, they don't know you are out there once you start using email (obviously a dummy email would be used say from yahoo or hotmail) and complaining, you may lose your stealth advantage especially if you are on a static line.

    What you may finally want to do is to say: I'm going to get tagged everyday, and at this point I have no DOS issues so turn off the log and live with the fact that there are idiots out there with nothing better to do then try to exploit others.

    As long as you are running stealth who cares ;)
     
  8. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    That is very good advice peakaboo!!

    While we need to make sure our systems are safe and secured, which we can accomplish through the "informed and proper use" of various security tools, as discussed daily thoughout this forum, we also need to know what things to stop worrying about. If only so that we can "get on with our business," and use our PCs and the Internet for their intended purpose. (Of course, the intended purpose varies from person to person. Myself, being in the computing security field, much of what I do with security online is my intended purpose ;) ).

    People can spend a huge amount of their online time obsessing over security. It can get so bad that they end up doing nothing else except tweaking security software and reading about security online. While there is nothing wrong with learning about security and expanding our capabilities, if this is all we end up doing, when in fact there were other things we really wanted to be accomplishing online, then it's too much.
     
  9. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I was visiting uiuc.edu just browsing, and ran across an interesting test from lockdown (link below) look for the MAC test:

    NetBIOS MAC test:

    This test will probe your computer for your MAC address. The Media Access Control (MAC) address above comes from your network card or dialup adapter. If you have a network card in your computer, this number is a unique 48-bit serial number that cannot be turned off or changed. Having your MAC serial number exposed is like having a monster cookie that is leaving your finger print everywhere you go and logging everything you do on the net. When you are TRULY stealthed your MAC address will not show up on this test http://stealthtests.lockdowncorp.com/


    Dos Ping Test is good ck also.

    The IE Vulnerability Test - well let's just say I was reluctant to try but finally did.

    Use this test to detect a browser vulnerability. If your browser fails this test, hackers can infect your computer automatically when you visit an infected web page.

    Not sure how I did, but siffice it to say that the file BrowserX.hta never made it to my hard drive. Guess that means I passed. I murdered a Java Applet, and some Java scripts along the way but hey that's how it goes... LOL

    Those who are a little squeamish about their IE browser security may want to skip the IE Vulnerability Test... sometimes IIB (ignorance is bliss) rules.

    ck em out, good luck.
    ____________________

    BTW, LWM - you make a good point above:

    "While we need to make sure our systems are safe and secured, which we can accomplish through the "informed and proper use" of various security tools, as discussed daily thoughout this forum, we also need to know what things to stop worrying about."


    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  10. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    IE Internet Zone settings - ran across this at another site: http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=851

    if u need some of the stuff which is disabled in the IZ and u trust the site, stick the site in the trusted zone.

    anyone know of a good ap which can add sites on the fly to trusted sites?





    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  11. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I found two options which should allow you to quickly add sites to trusted zone with a click of the mouse:

    Microsoft Internet Explorer 5 Power Tweaks Web Accessories ( Note: This download is only for Internet Explorer 5.x. )

    http://www.microsoft.com/windows/ie/previous/webaccess/pwrtwks.asp

    Thanks Jackb for posting this link.

    ************** or **************

    this post from:

    passer by @ spywareinfo:
    http://www.spywareinfoforum.com/yabbse/showthread.php?t=871


    Re:Security feature for m$ie
    « Reply #7 on: August 20, 2002, 06:23:30 PM »

    -------------------------------------------------------------------------
    "Trust Setter" from Jason Levine puts the same two options on IE's tool bar, works perfectly and doesn't require power tweaks or anything else , just unzip and double click "install.vbs"
    http://www.jasons-toolbox.com/ScriptRepository/


    ps..being vbs script blockers like "Script Sentry" will popup.

    pps..as well you can add a site to trusted or restricted by right clicking on a link, usefull if you want to visit a "nasty" site you see on one of these pages.

    ************ note from Peak ************

    It takes about 8 mouse clicks & 1 keystroke to add a site to trusted zone without the aid of the above mentioned aps normally:

    double click status bar @ Internet icon
    click trusted sites
    click sites
    type h, and select the url from the drop down box
    select add
    ok out

    ----------------------

    long way is select tools
    internet options
    security tab
    then start from step 2 above



    url's repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  12. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I ran across some info written by Fred Langa which appears for the most part dated (old stuff) but, also ran across something which may be helpful for securing pc, specifically the networking setup, and removing the parts of your networking setup that make it easy for someone to connect to your PC via the Internet?s protocol: TCP/IP.

    Any comments regarding the usefulness of this data are welcome.

    Also comment on the need to unbind "Client for Microsoft Networks" from TCP/IP. Good step or not (any downside or negative aspect of unbinding CfMN from TCP/IP).

    How to Make Windows Safer on the Internet from the Four Myths of Online Security article:
    http://www.techweb.com/winmag/columns/explorer/2000/04.htm


    excerpt below:

    The information I?ll present here isn?t dangerous, but it?s always a good idea to make a backup of critical data on your system before you start making any system changes; and to write down what your settings were so you can restore things if you need to.

    Let?s start by examining your networking setup: Right-click Network Neighborhood and select Properties. (Or click the Network icon in Control Panel, which is the same thing.)

    What we?ll now do is remove the parts of your networking setup that make it easy for someone to connect to your PC via the Internet?s protocol: TCP/IP:

    If you don?t have a dial-up connection, skip to the next paragraph. Otherwise, double click Dial-Up Adapter, then Bindings. UNcheck anything in the bindings box except TCP/IP; then click OK. Next, in the main network dialog, double-click the item labeled "TCP/IP -> Dial-Up Adapter." (You may have to scroll down in the window to see it. Also, if a Dial Up Adapter is the only adapter in your system, it may simply say "TCP/IP.") You may get a warning from Windows about the danger of changing these settings; ignore the warning -- the real danger is in not changing these settings. After you dismiss the warning dialog box, click on the Bindings tab. In the Bindings box, if "Client for Microsoft networks" and/or "File and printer sharing for Microsoft networks" are present and checked, UNcheck them, and click OK. If they were the only things TCP/IP was bound to, you?ll get a warning that states: "TCP/IP is no longer bound to any drivers" and asks whether you want to select one. Answer "No." You do not want clients or sharing services bound to TCP/IP.

    *** continue reading article if desired by accessing the above link ***






    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  13. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    I'm running a poll regarding on-line vulnerability tests here:

    http://www.wilderssecurity.com/showthread.php?t=6238

    If you have not taken the 3 on-line tests (at the link above), please do so and then take the poll.

    This was my 1st time setting up a poll guess the key is to keep it simple and cut down on the words, and poll option answers ( I have 8 possible answers).

    Also my target audience was those who were having trouble passing the tests, unfortunately in the poll, I had them lower in the poll (poll answers 3, 4, 6 & 7), they should have been at the top of the poll option answers.

    Anyway, again if you have trouble passing any of the tests, please post here in this thread.

    The exploits are real, and should be addressed if your pc is vulnerable.
     
  14. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    LowWaterMark

    This is so true :'( I don´t do anything else anymore but read these postings here, except I check out emails. Am I a nutcase all alone or is there someone else along? Tell me, please, if I need real help for life ? o_O ;) But since tomorrow I will start studying.....so I might not have strenght enough being online all nights. Okok but it is not that I was too scared to surf and blah blah but I love to learn and share.
    This is not a poll question :rolleyes: but how about Peakaboo and LowWaterMark then ?

    ~Ari~

    Peakaboo, keep up your good work !
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Krusty,

    I think learning about security and playing with new applications and settings can be really compelling and actually addictive. I think that's why a lot of us end up spending so much time on it - it's fun and educational - what could be better? :D

    Think about how you got here to Wilders... Perhaps you were doing searches regarding security, maybe that led you here directly or to some other site, and at that site were links to here... You start reading and testing stuff and before you know it, you're hooked.

    Places like this are a "security junkies" paradise!! ;)

    Peakaboo - regarding your question on the value of the information at that techweb / winmag article... I think any time you disable unneeded and unused services on your system, you have probably improved your security. If you don't need or use it, why leave it running as a possible hole for someone else to access your system!

    You can never do too many security tweaks!

    - opps, there I go, feeding my security addiction again!! :D

    Backing away from the keyboard,
    LowWaterMark
     
  16. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    Peakaboo

    Have you tried Taskinfo 2002 yet? It´s a great informative app, freeware. It shows even your CPU, how much it works, how much iddles.
    Omg, I notice it is not free anymore :(. I have had my copy for long time.. .. http://www.softpile.com/Utilities/System_Tools/Review_10064_index.html
    ~Ari~


    but here it costs only 12$ :
    http://www.pcworld.com/downloads/file_description/0,fid,7628,00.asp

    the same trustworthy Igor Arsenin product, better watch the prices before rushing to burn $



    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  17. *Ari*

    *Ari* Registered Member

    Joined:
    Feb 15, 2002
    Posts:
    431
    Location:
    Finland
    As my big mouth makes me correcting myself I brought one similar app here named "Process Viewer for Windows"

    " PrcView is a process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads and module usage. For each DLL it shows full path and version information. PrcView comes with a command line version that allows you to write scripts to check if a process is running, kill it, etc. "
    http://www.teamcti.com/pview/prcview.htm

    And THIS is freeware

    ^Ari^
     
  18. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Krusty,

    > Peakaboo, keep up your good work !

    I appreciate your encouragement.

    With the number of page views on my poll and no problems passing the 3 tests cited, I thought I would open the door here on this thread again to insure no one was having a problem.

    I must admit I am surprised, I really thought they were tough tests. It appears that if at least half the number of people who viewed my poll took all 3 tests, and cited no problems. Sounds like everyone is in good shape.

    This is good.

    >Have you tried Taskinfo 2002 yet?

    Krusty, I sure haven't but it sounds interesting. The last program I loaded was Spybot - Really great program. I am waiting for next iteration of system safety monitor to try out, and also waiting on a good backup freeware anti-trojan program - sounds like Ants is going to be awhile from what I have been reading.

    BTW, I'm also trying to back away from the PC. Got my system running as optimal as possible, until some new exploit comes along.


    LowWaterMark,

    > regarding your question on the value of the information
    > at that techweb / winmag article... I think any time you
    > disable unneeded and unused services on your system,
    > you have probably improved your security. If you don't
    > need or use it, why leave it running as a possible hole for
    > someone else to access your system!

    > You can never do too many security tweaks!


    I appreciate your insight on this. Good advice.

    I'm all tweaked out.

    Thanks again guys for your insight.
     
  19. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Anyone know of a good place to learn about the use of ClassIDs in conjunction with security?

    Spybot uses ClassIDs somehow.

    I'm sure other similar programs may also use ClassIDs to id bad stuff and maybe to overlook some good stuff.

    Just curious.

    TIA

    _____________________

    Good Link below for you Proxo users filter & ClassID list: http://asp.flaaten.dk/proxo/topic.asp?TOPIC_ID=415



    last update to ClassID list 7/5/03

    :cool:

    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  20. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    New link for classid list & filter from Sidki 11/22/03 update:



    you have to register @ Yahoo proxomitron forums to view forums or to download files from there. http://groups.yahoo.com/group/prox-list/files/Filters/Security/

    update adds some BHOs to the list... nice work sidki :)

    note also the first of the two links quoted above no longer works...


    enjoy the update... thanks sidki :cool:


    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  21. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Proxomitron Rocks!

    I just ressurected my use of Proxomitron (with latest edition 4.5) because my old proggies for ad blocking no longer work with Opera 7.11. I am extremely pleased with it. I thought my new Opera was fast, but now it has Warp-Drive! :cool:

    The Yahoo Prox-list group has a new member. :D

    Thanks!

    Larry :)
     
  22. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Last edited by a moderator: Apr 24, 2004
  23. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Thanks for the links!

    I was made aware of this before but only in general. Can Proxo block ads in Opera itself?? Do they provide patches? I have the paid for version.

    One thing that puzzles me is why they would have this feature (which is a profound weakness) in the first place?? Could Proxo block it in any way if configured properly? Afterall, Opera has to go through it to get there. o_O

    Any help will be deeply appreciated. :)
     
  24. peakaboo

    peakaboo Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    377
    Since you paid for Opera 7.11 you get free upgrades to any version update for Opera 7.x

    if or rather when Opera comes out with major upgrade say to Opera 8, you would be entitled to a discount $15 in getting version 8 and alll the upgrades in the 8 series...

    (c forum discussion "Opera upgrade policy" links at bottom of this post)

    suggest you dwnload Opera 7.23 and install it in same directory as your 7.11, no code entry required; or if you prefer install to a different directory, if you choose this method you will have to enter your code...

    dld 7.23 here: http://my.opera.com/



    regarding use of proxo to defend against the vulns corrected by the upgrade... why would you take this approach when all you have to do is install the latest version.

    BTW Opera 7.2+ is way better than Opera 7.11. So if you like 7.11 you should be enthralled with 7.23

    re: ad kill within Opera you should not be getting ads with the paid for version the ad banner goes away

    pricing policy in few words: posted by ICE

    more on upgrade policy

    good luck...



    url repaired==bigc
     
    Last edited by a moderator: Apr 24, 2004
  25. Prince_Serendip

    Prince_Serendip Registered Member

    Joined:
    Apr 8, 2002
    Posts:
    819
    Location:
    Canada
    :) Thanks for your help peakaboo!

    I am now upgraded to Opera 7.23. This is my first upgrade/overwrite of Opera. Never done it before, hence my strange questions/ideas. It was really very easy. I did backup the important files as they suggested first.

    Using Opera 7.up on a DSL connection is just as fast as the broadband connection we have at work. (DSL is 60% cheaper than broadband in my area.) I consider the speed to be a big bonus. I hate waiting around. :D


    Larry :)
     
Loading...
Thread Status:
Not open for further replies.