security guide help

hi

thanks for the link ill have to read over it but from first glance it defenatley look like its worth adding

nice find

im updating now

 

A note should be added that BugOff will break Outlook Express (send and receive will nolonger work) if it is used for email.

Cheers

 

hi

although its not a bad idea though im not sure if its nessery becaues it tells when you open bug off that it could brake outlook

what i could do though is to put a note the people using bug off should read the onscreen info for possable side effects

 

I think it would be more useful to just repeat the warning since it is so short. That way you save them the effort of having to look somewhere else.

Also, I consider the neutralization of Outlook Express to be more of a feature than a liability!



- HandsOff

 

Well since iceni60 has re-opened this... how about including Process Guard or System Safety Monitor? PG is easier to use, but both can help keep a system clean by blocking/prompting on driver and service installation, techniques used by more sophisticated malware. SSM includes registry monitoring also, but RegDefend looks to be a more powerful countermeasure (though registry protection is a more advanced subject). PG/RegDefend are payware, SSM is free (though the author plans to make it shareware at some point in the future).

For imaging software, consider including Drive Snapshot (payware). Like Acronis, it can take a full backup running in the background - unlike Acronis it consists of a single 130KB file which could be included on a boot floppy for restoring images.

Aside from that, this looks to be a very comprehensive guide, well worth making a sticky thread of - or a special webpage.

 

I wonder how background imaging works. I have seen problems occur if a file is used during the execution of a backup. The problem arises when the program compares the files in the image with the files on the system. If the files don't compare, then the program I use reports that fact, and you can "re-catalog" the misfits if you are satisfied with the originals. My guess, and it's just a guess, is that the image made in the background relies on looser standards of determining if a file has changed.

It might just be a different approach. I am used to my program "Retrospect Express 5.6", but I am curious about others. Maybe P. knows, do you still need your windows disk to restore after, say, reformatting. It's not a huge deal to me since I have an OEM windows installation, but it fries my bacon to have to call up Microsoft on the phone and ask their permission to restore! What if I'm shipwrecked on a desert island? cant re-install XP?

P.S. if you didn't hear microsoft apparently announced that you may or may not have to call by phone in order to reinstall windows xp after February 28th, or some other date. I hope this isn't going to be a new trend. Can we look forward to re-installing and having to call up the makers of every single program on hour computers? Microsoft is testing the water, and over here the water a little hot!


- HandsOff

 

From Drive Snapshot's backup page (the author is German so the English is not perfect, but adequate for this description):

"By using WindowsNT Driver technology, Snapshot chains itself between the file system and the disk driver and will see any request to the disk.
When any WRITE request to data, that are not yet saved, is detected, the data are read first from the disk and saved, before the WRITE request is allowed to proceed.

So the data are completely safe against change; and this allows the user to work, while Snapshot is running, no changes will not be reflected into the image produced. Whatever he does, the image will contain the disk data at start time.
He may work as usual, clean up the disk, install/uninstall Software, or even catch a virus of his choice.

SnapShot even makes some effort to minimize its influence on other programs.
Snapshot uses about 7MB of memory during Backup, 0 bytes when not activ.
Snapshot runs at low priority, giving the foreground application as many CPU cycles as needed.
As SnapShot uses a huge amount of disk IO (~15 MB/sec for P700), Snapshot would bring down a typical Windows program start to a crawl. So Snapshot watches for any user disk activity and will pause for a short while, so the user application runs at nearly full speed.
SnapShot still makes sure, that no unsaved data are overwritten. In this case, SnapShot will buffer these data up to a few Megabytes in memory, and then simply delay the application, until these data have been saved to the SnapShot destination.
This won't happen often, as applications tend to modify the same data over and over again, like a database's index files. These data will be saved the first time, a change is detected, later requests will proceed at normal speed."

 

hi

thanks for your suggestions

HandsOff point taken

Paranoid i already included Process Guard it may be that its just not listed here as all versions here are now out dated

but i will look at System Safety Monitor, RegDefend & Drive Snapshot

 

This is great!!! You have done soo much work on this thread, Bethrezen!!

Thank you, I know I will be constantly referring to it!! At the moment I am sort of overwhelmed - if I think of any suggestions, especially for newbies to understand it all - I will post it!

Good work, Bethrezen, you will be making alot of people more aware of all the security programs out there, what they are for, how to use them, not just telling them what they need, this is a wonderfully helpful thread!!

Thanks again!

Marja

 

Just thought I'd mention that I really do use bugsoff, and have not personally suffered do to anything not working, so maybe I take it too lightly but I think the protection it offers certainly justifies at least attempting to use it.

Paranoid -
Thanks for the look inside of drive snapshot. If the program actually works then it is pretty impressive. Still, to play the devil's advocate, can one really have a program cause another program to stop and wait, and still claim to run in the background? Besides, how does the backup program know it has recorded the file or not? its really the same question. file is in que to be writen and the back-up program determines if the file is backed up. there are supposed to be updates to the files metadata but that is dependend on other programs conforming to standards. I guess I'm the paranoid one because I pretty much never expect anything to work, until I have seen it work a few dozen times.

Retrospect compares the changed files with the originals after the snapshot has been written. i don't know all of the criteria it uses but the phrase "file does not compare at offset...." is what I usually see, or "file does not compare, reached end of file..." anyway these cryptic phrases have there effect. I am full of confidence that my spaceship knows which way to go!


-HandsOff

 

As mentioned in my previous post, Snapshot hooks into the NTFS file writing routines - when any program uses these, Snapshot checks which file is being written to and, if it has not already backed it up, it takes a copy before allowing the write to proceed. The only problems will occur with programs that do not use the standard file access APIs (MS SQL Server is one example I believe along with some disk defragmentation software).

Since Snapshot intercepts all subsequent file writes, its backup is effectively of your system at the time when you started it.

Snapshot does include an image verify option (though it does not compare files with their state after backup) and you can view (and check) individual files within an image. The trial is free and the program is one file only (a full install is offered, but optional) so testing it should be a painless option.

 

Hi Marja

thanks for your kind words your feed back is appreciated its nice to know that my efforts are going to good use

I know how you feel I have had this comment from others and I agree that so much info of information at once can be some what intimidating even to advanced users this is why I strive to make things as easy to understand as I possibly can by trying not to be to technical and adding colours and the like to try and brake things up a lil to make it all easer to digest

although artistic flare isn't exactly my strong point I believe that I have seceded in ironing out most of the rough spots so that everything flows

this said I'm always up for a lil constructive criticism as long as the person gives as a good explanation of what he or she finds wrong and how it could be improved

for instance if someone was to says a particular part was rubbish I don't mind as long as they tell me why its rubbish and how it could be improved

or if someone was to tell me that a particular part was inaccurate again I don't mind as long as they tell me why its inaccurate and point me to correct information so that I can correct any errors

anyway I know I have posted this else where but ill post it again in case anyone is looking

http://spyblocker-software.com/IPB/index.php?showtopic=1762

that is the location of the full guide all versions on the wilders board are now outdated so you should see this link

 

While your system certainly gets faster, you still get 90% of usual system performance; compare this with copying a few gigabytes with Windows explorer, burning a DVD, or similar.
You probably won't really notice it's running - so it may claim it's running in the background.

actually Drive Snapshot hooks into the disk writing routines (at the volume layer = user visible drives)

Hardly any program breaks this, as it wouldn't be compatible with Windows RAID (where C: may be mirrored/striped/... across multiple physical disks)


tom

 

Thanks for the clarification Tom. Might you be planning on opening a support forum here?

 

Thanks for the link, Bethrezen, I bookmarked it!!

Drive Snapshot looks interesting!! A support forum would be very helpful!!

 

...one more thing...the backups I do are usually what people disparagingly call incremental backups...like that was a bad thing! The thing that I like about this method besides the obvious advantage that you only have to copy the changed files is that you actually have access to more than one copy of files that were changed. even though there may be only one backup file, and if you were restore the image you would be only restoring one file of a particular filename, the other versions are not gone. If you did ten backups and a file changed five times, those other four copies still exist and are retrievable (though a regular restore would only produce the current version). Anyway, thats probably old hat for you guys, but for a guy that still cant get over that he can watch a tv show on one channel and be recording one on a different channel at the same time, its a pretty big deal!

- HandsOff

 

Hey! I still get excited about that too! So, I agree with you, isn't some backup better than NO backup?

 

The incremental backup is the superior backup. We like to think of it as managed backups. Combined with the ability to store backup scripts it gets even better. I have different scripts to backup my mp3's, my documents, my windows partition. This particular program allows you to schedule unattended backups, but i prefer to run them myself. If that were not enough, there is the option to "recycle backup sets" which has the effect of running the script for the first time. It eliminates all the duplicates and starts over. Also, it monitors the drives smart drive feature and tries to warn you if your hard drive looks like it is starting to go. Yeah, much maligned incremental backup, the unsung hero of the backup world.

- HandsOff

 

The downside of incremental backups is that if you have multiple incrementals, all have to be restored successfully in the correct order. So if incremental backup 3 was corrupted, you could only restore as far as incremental backup 2 - backups 4,5,6,etc would be of no use. This was more of a concern when tapes were used as the backup medium since they were more prone to failure than CD's/DVD's/hard disks, but this is still worth bearing in mind when deciding your backup strategy.

A good halfway house would be to do a full backup every weekend and incrementals for each weekday - but the specifics will depend on how important your data is (business critical data will require extra backups stored off-site to cover against fire/theft, etc), how much it changes and what backup media you are using (full backups will tend to require a hard disk while incrementals could fit onto a CD/DVD).

 

That may be a liability of this program. This approach requires GB's to burn. Theres nothing to stop me from making duplicates but they are going to be equal in size to the files that are backed up (in general)

If you think about it each successive back up will be larger than the one before. Dantz suggests several different approaches depending on your situation. They suggested doing just as you said run incremental backups for a week or a month or whatever then recycle the backup.

20 and 40 GB usb pocket drives are getting cheap enough that I should consider getting one and dedicate it serve as an emergy backup to the working backup of the system partition.


- HandsOff

 

Most imaging programs will use compression to reduce the image size, but the images can still be half to two-thirds the size of the original data. An external drive is a good choice for storing backups, but make sure that it can be accessed with a minimal install (either via a bootdisk or Windows CD) to allow you to do a restore in the event of your main hard disk failing totally.

 

hi all

first is like to again say a big thanks to everyone that has assisted me in this you support is greatly appreciated this wouldn't have been possible with out your help

second id like to say thanks for the latest round of suggestions I just finished adding them

keep em coming

 

Hi Bethrezen,

How big has your guide become? Do you forsee a completion or is it going to be continuously updated over time. Just curious.

I wonder if we will ever see a general malware analysis tool that instead of disinfecting a computer will analyse the problem and makes suggestions: Download this, run that, search for the other...but one which learns. when you solve the problem it's database grows. Sort of like a hijack this helper only machine not human.

This probably sounds over the top, but years ago as a student, we were asked to write a guessing game program. the player thinks of an animal and the computer guesses what the animal is after asking a series of yes or no questions. When it gets to the guess the player answers yes or no to if the guess was correct. If yes then the computers data was suffiecient. If no, the computer asks the player to type in a question that would have been no for the wrong guess, but yes for the actual animal. Its fun, but it is also powerful in a way. one could read particularly good hijack this posts and translate them into questions. ..."did you try ___in the safe mode?"...no...

Its getting so complete that there is to many procedures to expect one person to know.

anyways just an off the wall thought. But before you laugh too hard, i'll just say after a few hundred games the computer always wins. And it usual doesn't have to ask more than a dozen questions.



- HandsOff

 

hi

well have a look your self and you will see http://spyblocker-software.com/IPB/index.php?showtopic=1762

well I would say that its pretty much complete as it is and I think if people follow the instructions they should be able to fix 99% of any trouble they may be having

all I'm really doing at the moment is tweaking re-writing things playing with lay out and presentation and just trying to make general improvements the actual contents hasn't changed an awful lot since I first put it up in in January that said I have incorporated all the different suggestions iv had since then so there is some new stuff in there

well like any good guide it will need to be amended from time to time as is appropriate adding or removing information and procedures tools etc as things change but I think the bulk of it should be solid and wont need any further updating

it be honest the cleaning section of the guide hasn't really changed at all since I put it up in January maybe some of the wording and lay out and the like is different but the actual contents hasn't changed because as far as I know I've covered just about every conceivable eventuality when it comes to cleaning

see my goal here was to pull together all the different information and procedures and recommendations pertaining to cleaning in to one place make it easy to follow because there where just so many different approaches and recommendations scattered over so many different security sights that you would need to have them all book marked and would have to go through each one at a time to make sure you had tried everything this to me was a nightmare because you ended up following the same procedures multiple times as each help file overlapped so this is when I decided to create my guide

taking all the different information that I had available compiling it all in to one huge word document then ordering in in a logical fashion editing out all the duplicate precedes and recommendations till I ended up with what you see to day one short concise and detailed file that covered every procedure and recommendation I could find when it came to cleaning and fixing malware infections

the real updating has been in the second part of the guide how to secure your computer because there are just so many things you can do to harden your system against attack this section has grown quite a lot but I think I'm getting to the point now where I think iv covered just about every area of security so I don't see me adding much more to it unless iv missed something that should be covered

so I think any further additions will most likely just be tweaks new links to other relevant info or apps tweaks in lay out this sort of things

this is why I try to list them in an easy to follow step by step manual so you don't need to know them all

well in one sense this is what I have tried to achieve with this guide and not to sound big headed but I think I have seceded quite nicely

that said it would be good to have an automated system like this that would take you step by step through all the different precedes required to fix your problem maybe then help files like this wouldn't be necessary and you wouldn't need to go searching for different help files that deal with different problems

until such time as something like that comes along however ill continue what I'm doing and that is maintaining the most comprehensive and complete help file I can

now while I cant take credit for much of the actual contents of my guide as I didn't actually come up with a lot of what is in there what I will take credit for is all the man hours it has taken to put all of this together to check info to check apps to check procedures and recommendations to make sure that everything is relevant and correct to make sure that I'm not giving bad advice that and everything else that goes along with a mammoth project like this

 

Bethrezen,

I've checked your security guide and there is a great deal of good information there. Consequently it contains enough to overwhelm or intimidate many new users so organising it into separate sections could make it far easier to navigate (having a downloadable copy in .rtf or .html format so that people could read it offline may help also - especially since some of the steps can only be done while disconnected from the Internet). Main topics like "Cleaning your System", "Protecting your System" could even go into separate threads.

Given its length I would suggest including a table of contents (with targetted links to each section if possible) and greater use of headings to highlight individual sections. The section layout seems somewhat confusing since a similar heading style is used for sections and subsections - marking out main headings from subheadings could help clarify things (e.g. with a larger font, centre justification, etc). Consider adding numbers to each section to make referring to them easier (e.g. "please refer to section B.2 - Browser Security" rather than "please refer to the browser security section").

I'd suggest separating the commentary (e.g. Microsoft's failings and previous security flaws) into its own chapter - most readers are likely to want solutions first and background information afterwards. Topics like file encryption and system backup I would also suggest moving into a separate section since they will not prevent or clean up spyware directly. System backup could come under "system maintenance" (a good place to discuss registry cleaners, install monitors and other tuning utilities) while encryption could go into a "general privacy" section (which could then cover web filtering, cookie control and anonymising proxies).

One utility worth including is GKWeb's WWDC since this combines the effects of several others (Shoot the Messenger, Unplug'n'Pray, DCOMbobulator) - listing this instead can help shorten your guide. RegDefend on the other hand, while undoubtedly a powerful utility, does require knowledge of the Windows Registry so should be marked as being more suitable for advanced users.

Finally, there are small English issues (e.g. use of "iv" or "id" rather than "I've" or "I'd", insufficient use of commas, capitalization and spelling glitches). While not serious, they do make the guide seem less professional than it should, so asking someone to proof-read once you have reached a final draft could help put a great finishing gloss onto it.

Congratulations on the progress made so far.