Tuesday, May 20, 2008

Keeping Yourself Safe On The Web

Image Hosted by ImageShack.us

Keep normal computer functionality while combating malware


Keep Windows Updated! - Internet Explorer

  • Always keep current with the latest Microsoft security updates by applying Service Packs and all critical updates issued on the second Tuesday of each month. Also known as Patch Tuesday.
    • These can patch many of the security holes through which attackers can infect your computer.
  • Do not turn off Automatic Updates!
  • Go to Start > Control Panel > Automatic Updates to ensure they are on.

Tighten Internet Explorer's Security Setting
  • Since Internet Explorer is the leading browser it will always be the lead in attacks from the bad guys.
    • Make your Internet Explorer more secure
      1. From within Internet Explorer click the Tools menu and then on Internet Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialize and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

Tighten Internet Explorer's Security Setting continued
- Default Internet Explorer settings should be set to high.
  1. Start up IE then go to Tools > Internet Options > Security
  2. Set the Security level for the Internet Zone to High. (If no slider is visible, click Default Level.)
  3. Click the Trusted Sites icon.
  4. Set the Security level for the this Zone to Medium. (If no slider is visible, click Default Level.)
  5. Click OK.

Use a Personal Firewall
- Using more than one at a time can cause system crashes and/or program conflicts.
  • It is critical that you use a firewall to protect your computer and your personal information from hackers.
  • Use a third party firewall

Use anti virus software
- Only use one antivirus to avoid system conflicts.
  • Always make sure your antivirus is up to date!
  • Set the updates to automatic. Or get in the habit of manually checking for updates weekly.
  • Below are some reliable free and paid antivirus.

Online Virus Scans - Occasionally run an online scan.
These all remove what they find for free
.

Anti-malware Programs
- Use more than one.
Some listed below also have paid versions that offer real time protection.
Only one antispyware with
real time protection is required but the use of multiple on-demand scanners is suggested.
Be sure to check for updates before each scan
  • Antispyware test:
    • Spycar - A suite of tools designed to simulate spyware-like behavior.

Realtime Malware Blockers
- Programs that are designed to preventing malware from being installed.
Both of these can be used along with one real time spyware protection.

Dialup Users -
Avoid Dialer rip offs.

WinPatrol
- Real time Infiltration Detection.
System Restore and Backups
- Do a complete virus scan before performing any backups.
  • Backup refers to making copies of data so that these additional copies may be used to restore the original after a data loss event.

Backup software
- Backups can be a invaluable resource.
  • ERUNT & NTREGOPT A useful freeware utility for users of Windows 2000/XP.
  • It's made up of two parts, ERUNT & NTREGOPT.
    • ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively disables System Restore. With ERUNT, you're able to restore the damaged Registry.
    • NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
  • Karen's Port Replicator is a fantastic freeware backup program that's easy to use, and it allows scheduled backups.
  • Acronis True Image is a very attractive and reasonably priced hard drive imaging program, that can save you in the event your hard drive fails unexpectedly. Acronis supports Microsoft Windows Vista and offers a 15 day trial version.

Alternate Web Browsers
- More secure, and customizable.
  • Alternative browsers like Mozilla Firefox are somewhat more secure because they are have fewer security holes. This is because fewer malware writers target the non Microsoft browsers.
  • Opera is a full-featured Internet power tool with many useful tools and features.
  • Avant Browser is a fast, stable, user-friendly, versatile web browser with many features.
You must remember that no browser will offer complete protection. If you access questionable sites, download illegal, pirated or keygens/cracked software or visit porn type websites then no browser will be secure enough!


Software Updates
- An extremely useful tool which is strongly recommend to use at least once a month.
  • Secuna Software Inspector
    • Detects insecure versions of applications installed
    • Verifies that all Microsoft patches are applied
    • Assists you in updating your system and applications
    • Runs through your browser. No installation or download is required.
  • The Secunia Software Inspector covers
    • Internet browsers
    • Internet browser plugins
    • Instant messaging clients
    • Email clients
    • Media players
    • Operating systems

Sun Java JRE (Java Runtime Environment)
- It is very important not only to keep Sun Java up to date but also to remove older versions which have security holes and can be exploited by malware.
  • Uninstall any old versions of Sun Java in Add/Remove Programs.
  • Download the latest version from Java.com
  • The Microsoft Java Virtual Machine, or MS Java VM, should be removed due to it no longer being supported by Microsoft. It has become obsolete which leaves it open to exploit by malware.

CCleaner - Erase your tracks.
Download CCleaner

It is suggested to download the CCleaner - Slim - No Toolbar which is the version without the Yahoo! Toolbar.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings
  • Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under Internet Explorer, uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.
  • Click on the Options icon at the left side of the window, then click on Advanced.
    Uncheck
    Only delete files in Windows Temp folders older than 48 hours.
  • Click on the Cleaner icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is recommended that you use the Registry feature with care.
  • Always back up the Registry before removing anything with the Registry cleaner.
  • Exit CCleaner.

Watch What You Download!
- Screen savers, codecs, audio/video files, chat and e-mail attachments are just a few threats.

Malware can be hidden in illicit software or other files and programs you might download from the Internet.

Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, include pop-up advertisements, steal your personal information or just plain crash your browser and even the Operating System itself.
  • P2P programs come with an enormous amount of bundled malware. There are also multiple sites that offer rouge antimalware products.
  • Javacools EULAlyzer can analyze End User License Agreements in seconds. Discover if the software you're about to install displays pop-up ads, transmits personally identifiable information, uses unique identifiers to track you, and much much more.

Malware Free All-In-1 Codec Packs
- The K-Lite Codec Pack should be all you ever need.

If there is a video or audio file that says it needs anything besides what the below codec packs include, it likely contains malware.

RougeRemover Free
- Be confident your programs are safe.
  1. Download Malwarebytes' RogueRemover Free
  2. Double click the icon to install RogueRemover and then start the program.
  3. Press Check for Updates.
  4. This will show you if there is a newer version of the database. Click Download.
  5. Go back to the main screen and click Scan.
  6. If and when an infection is found, remove ALL objects found.
  • Rouge Remover will check your PC for hundreds of rouge applications in seconds.

Website Analysis
- Always know the sites you download from or visiting are safe.
  • Dr. Web Link Scan - Scan a link or file before you download it by copy and then paste the download or url link into the white box then click Scan
  • LinkScanner - If you'd rather be safe than sorry, enter the URL of the site or web page you want to visit in the box next to URL to scan: then click Scan
  • LinkScanner Lite - Integrates with major search engines to check search results for a variety of online threats before you click.
  • McAfee Site Advisor - A nice addition to your Internet Explorer or Firefox web browser. It will not stop an attack but uses a simple three color system to indicate the safety level of a website.
    • According to the Site Advisor website 95% of websites have been tested.
To install Site Advisor, just download the Plug-in for Internet Explorer or the Plug-in for FireFox
  • Phishing is prevalent and on the rise. Make sure the site you go to is real. Your ISP or Web Browser may offer a toolbar to warn you of fake sites or you can choose one of the following
  • Spoofstick Toolbar
  • Netcraft Toolbar

Cookie Management
- Generally harmless, cookies are pieces of information generated by a Web server and stored on the user's computer.
  • Cookie Viewer - This Power Tool automatically scans your computer, looking for "cookies". It can then display the data stored in each one and can delete them.
  • Cookie Cruncher - Protects your hard drive from unwanted cookies.
  • Cookie Culler - Extended Cookie Manager. Protect/unprotect selected cookies. (Firefox only)
  • Add N Edit Cookies - Gives you the ability to easily alter, edit or delete cookies. (Firefox only)

Scan your security event log - Check for high security events happening on your machine.
GFI Event Log Scanner
  • Use EventLogScan to check that your system is truly secure!

Test your work
- Check if your PC is secure.
CA Pest Patrol
PC Flank test site
  • Free Optimization Scan
  • Free Privacy Scan
F-Secure Health Check
  • Checks whether you have an Anti-Virus, Firewall and Anti-Spyware software installed on your computer.
  • Checks whether you have known vulnerabilities in your applications.
  • Checks whether you have applications that are no longer supported by the vendor.
  • Helps you fix the vulnerabilities found.
Symantec Security Check
  • Check tests your computer's exposure to a wide range of online threats.
  • Is your computer safe from online threats?
  • Is your computer free of viruses?

Resources
- Videos & quizzes
Computer-Juice.com

2 comments:

serverguy said...

Wow, thats a good list. Nicely laid out too.

the_webcam_guy said...

Interesting. I'll download most of these.