8 replies to this topic

[chiefmasterjedi]

Hi all,
I have recently started my own forum and i have just added a simple security guide, as i am still a newbie myself (meaning i'm no expert) i would appreciate any feedback about my guide.
Here is the Link
Please bear in mind that i'm not going to be running a dedicated security forum, its just a topic that concerns everyone.
Also be as honest and brutal as possible, i'm a big boy i can handle it

Thanks in advance,
Chief.

[-neil-]

Hi Chiefmasterjedi.

Brutal, eh? Lemme roll up my sleeves...

I think the computer security thread on your forum looks fine. Helping to get John Q. Public to think correctly about computer security is a good thing. Every small effort to reduce the number of potential zombies attacking my computer is well appreciated, thanks.

I'm only Member # 32,418, but I think that if you find a thread on SpyWareInfo.com that makes good reading, you might put a link to it on your thread. Posting links to some of your favorite SpyWareInfo threads will also point people to this website, which isn't a bad thing.

You wrote:

> there are also some free online scans so there
> is no need to install a anti virus program

Capital "T," and, "... an anti virus program..." (Was that brutal?)

I would avoid suggesting that on-line scanners are a significant portion of a security system. In my limited experience, online virus scanners have been nothing more than a curiosity.

Viruses can destroy data and ruin hard drives, so an online virus scanner, which cleans up after the damage is done, does not provide much protection. Instead of distracting people by talking about on-line scanners, I think it would be better to lay down the law and suggest getting real-time antivirus protection, a program with frequent updates.

Opinions? I'm full of it:
Grisoft AVG - Very nice user interface, but Win98 version never passes icsalabs certification. See - http://www.icsalabs....es/tr0404.shtml

Free, but only for a year: eTrust Antivirus - http://www.my-etrust.com/microsoft/ User interface is a dog, but probably higher quality virus detection than Grisoft; passes icsalabs certification. When mine expires, I guess I'll go back to Grisoft.

***********

> Firewalls are becoming more popular everyday
> and as more people are switching to broadband,
> the need for a firewall is growing too.

There's a misconception that dial-up doesn't really require a firewall, and we should be careful not to perpetuate the myth. Here are a few lines from my firewall's log:

11:58:26 -4:00 GMT,219.97.155.6:3076,69.162.20.x:1434,UDP
11:59:18 -4:00 GMT,69.162.20.126:137,69.162.20.x:53,UDP
11:59:22 -4:00 GMT,69.162.20.126:137,69.162.20.x:53,UDP
12:02:04 -4:00 GMT,69.162.20.253:4927,69.162.20.x:2745,TCP (flags:S)

Regardless of the details, this shows attacks to my computer -- a zombie searching for open ports -- about one probe per minute. Sometimes more frequently, always non-stop. If you're going on line for 10 or 15 minutes from a telephone connection, that's plenty of time to have your computer detected, invaded, and turned into a Zombie.

Even telephone connections require a firewall. Since there are a few that are free, there's no reason to go naked. A firewall will assure that your computer will not auto-reply to a port probe!

I use ZoneAlarm, and it crashes occasionally. If it must crash, it would be nice if it were more obvious about it. Sometimes when it crashes, a dialog window opens asking me if I want to restart ZoneAlarm. But it opens behind other windows, and I frequently don't notice. Shheeesh. Suddenly, I realize I've been without protection for who-knows-how-long.

Wow. I just scrolled down to your next post on your forum. What a great list of free security software! My favorite kind! I'm certainly looking forward to trying a different firewall -- maybe something more stable for my old system. I like the look of Outpost. New version costs money; but the old version if free. Old version sounds good for my Win98 and PIII, and some people have called it their favorite. Nice of Agnitum to offer it for free!!!

****************

> chances are that if you don't have some sort of
> spyware scanner/blocker then you have spyware
> installed somewhere on your computer.

Amen. I'm seeing about 100 pcs. of spyware on friends' computers when I first introduce them to Ad-Aware.

> Spyware scanners are only good at detecting
> and removing spyware after it has been installed
> on your computer (with the exception of Spybot
> S&D which prevents it too).

SpyBot 1.2 had that "Immunize" fuction, but it was certainly a very incomplete solution. I have not yet heard the Consumer's Report rating of SpyBot 1.3. Who knows if it qualifies as a fairly dependable blocker.

Granted there is no such thing as a completely dependable blocker. But compared to SpyBot 1.2, I think my SpyBlocker has been 1000 times more active in blocking stuff. (http://www.spyblocke...cker/index.shtm) SpyBlocker cost $20 for a few updates / $40 for lifetime updates. I've been completely satisfied with the purchase, and they also have good support / emails / chat room / forums.

Thanks for the advice that spyware blockers are trouble-free when running simultaneously. And thanks for the list of free blockers! Maybe I'll give a try to another one or two. I wonder if I have enough resources on my Win98 to have anything else running in the background...

Your third post is real good, too. You wrote:

> Never open emails from someone you don't
> know, most viruses are sent via emails.

Maybe the advice should be, "... never open email attachments from someone you don't know..." It seems a little extreme to not open any emails from strangers. That would ruin all the excitement.

However, people should learn to identify spam and virus emails. Not much reason to open them.

Then, the question is how to process them. Instead of just hitting Delete, spam can be sent to SpamCop. SpamCop also offers an aggragating service. The worst sources of spam are targeted first, taken off line, which tends to include police activity more often than port-scanners, if I understand correctly.

Virus-emails are different from spam, and SpamCop doesn't want them. However, you can still forward them to the "abuse" department of the offending ISP -- after removing the virus attachment. Be careful with that mouse! If you're aiming for "Delete Attachment," you don't want to right-click "Open Attachment" by mistake! Forwarding virus emails to the originating ISP gives you good practice showing full headers, identifying the original IP address, and using checkdomain.com to determine the originating ISP and research their "abuse" email address.

Check out MyNetWatchman.com (mNW). It runs in the background and monitors your firewall's log, and automatically sends any newly appended information -- about port probes -- to a central processing center. Works real smooth on a broadband connection. Everyone's logs are reduced to aggragate statistics, and offending port-probers are reported to the appropriate offending ISPs. (If a computer is responsible for a few isolated pings, mNW will overlook them.) Usually, the offending computers are some poor schleps whose computers have slowed to a crawl -- like zombies "for some reason," and are spending all their CPU cycles probing other IP addresses. When alerted by mNW, the ISP contacts the zombies and advises them how to clean up their computers, etc. Usually, the police are not necessary...

Well, I have to go post my HiJackThis log. I have some spyware that Ad-Aware seems to get rid of, but it comes back every time I reboot. Well, my SpyBlocker is only batting 99.999%. Nobody's perfect.

Be reading you.
-Neil-

Edited by nei1_j, 08 June 2004 - 01:02 AM.

[chiefmasterjedi]

Hi Neil,
That is the best feedback i have ever received on any subject, thank you, I will implement the necessary changes as soon as i have time.
In regards to Spybot S&D 1.3, it has had a hole host of changes since version 1.2, 1 of the main changes is the addition of the "Tea Timer", this monitors parts of your registry for changes and alerts you as they happen.

My few words on online virus scanners was really just to let people know they exist. A friend of mine had some serious computer problems a few weeks ago and i tried to help her online, i soon found out that she had NO anti-virus installed! and she couldn't get any programs to install, so i sent her to an online virus scanner and it found several problems.
I will revise the part of my guide that refers to online scanners, as i also believe that an anti virus program needs to be installed on a computer, the really helpful thing about the online scans is to double check for problems without having to install another anti virus App (as you know this is a no-no and will cause conflicts and slow performance).

I use to run Zone alarm and yes, the crashes are annoying. Mine use to crash with no warning, sometimes my Firewall would be down for ages before i noticed it had gone. I now use Sygate firewall, i tried the free version and liked it so much that i got the Pro version. My number one priority with any program is simplicity and Sygate is very simple to set up and runs silently in the background without all the "you are being hacked" alerts that other firewalls annoy you with every five minutes.


Once again, thank you very much for your time and feed back, it's very much appreciated.

Regards,
Chief.


Edit>>>> In regards to unknown emails, if i don't know who they are from i delete them. No one should be sending me emails that i don't recognize, i know this is severe, but I see it the same as banner adds and pop-ups, if you click on them you could be asking for trouble.
Plus all my suspect mail (the ones not in my contacts list) go straight to my known spam or suspect emails folders, the ones which are obvious spam I report and the ones i'm not sure about, I delete.

Edited by chiefmasterjedi, 08 June 2004 - 06:34 AM.

[Freebird]

Just my two cents. But a simple guide to the various browsers available, reviewing their respective pro's and con's, would also be useful. So many simply use what is in front of their noses without thought as to whether the browser itself is contributing to the problem of infection. And also, most people are unaware that browsers can be run in tandem - I have 3, which I use for different purposes.

Also, but this is just a 'presentation' thought. If you place the headings: Anti-virus program, Spyware Blockers, etc, above the relevant paragraphs, it really makes it easier to focus on each of the relevant sections. The same with the '10 steps" If you place the relevant heading - ie Updates, Passwords... etc, it makes for an easier, more user-friendly page to read.

Just my thoughts - I wish you success.

Edited by Freebird, 08 June 2004 - 10:43 AM.

[chiefmasterjedi]

Hi Freebird,
Thanks for your feedback.
The browser guide is a great idea, I currently use Internet Explorer 6 for most of my browsing and I've got Mozilla Firefox which i installed just to check how my webpages looked to Mozilla users. I know the advantages of using Firefox over IE6 but i just can't warrant the slow download times in Firefox, even with all the browser helpers. pop-up stopper and spyware blockers that i have installed for IE6, it still out performs Firefox.
I'm going to install a few more of the popular browsers and do some research, then (as you suggested) add a browser guide too.

Thanks for the feedback guys,

Chief.

[Nibz]

Although you did not link to it, I checked out the "What is spyware?" thread. A (probably debateable) correction there should be that "Malware is a collective term...." Spyware is a subcategory of Malware, along with Adware, Trojans, hijackers, etc. Spyware is correctly defined in the first few lines of the following (run-on, might I add) sentence. Once you get to changing homepages, you cross the boundary of spyware being "spy" ware. Adware, hijackers, etc. may not actually report information back to a server or change something without consent, which is why they're not really spyware.

The other thread is a decent resource, considering you are trying to cover a broad area of information. I would like to debate that overall security is 50% security programs, 50% user knowledge... but thats just personal opinion.

[-neil-]

There is much to learn. Good feedback feedback. Feedback feedback. Feedback feedback. Feedback feedback.

Feedback feedback.

Feedback,
Feedback.



PS. You see? Spyware is a terrible thing.

[dave38]

Another very useful little program is Mailwasher.(www.mailwasher.com) It downloads the headers only, and you can blacklist/delete without ever having to download a suspect file. The bounce option is not as useful, as all it does is confirm a "live" address, leading to even more spam!

A very useful site for the "average" (l)user who has no idea about this stuff. Well done!

[wawadave]

i beleave online anti virus scans are very use at times such as after the klez hit which disabled onboard virus scanners. and several others since that have done simaler. a few trojins aim for disableing av scanners and fire walls. i beleave online scans are more than a curiosity.