Website Feedback
Closed Threads
IRC Chat
irc.quakenet.org #teamliquid
IRC Web ClientTeamSpeak 3 (101 users) | |
|
 R1CH Administrator January 09 2010 17:34. | Profile Blog # |
Here's a short guide to securing your Windows PC.
System Updates
Make sure you have the latest Windows and other Microsoft updates installed. Security researchers uncover new vulnerabilities in Windows components almost weekly, so make sure automatic updates is on, or visit Windows Update regularly. Also make sure you have the latest Service Pack installed - XP SP3, Vista SP2 and SP1 for Win7. Viruses and worms can take advantage of vulnerabilities in Windows components to infect your system if you aren't up to date. If you use a pirated version of Windows, you can still turn on automatic updates.
XP, Vista and Windows 7 all come with Windows Update, but you can opt-in to use Microsoft Update which is essentially Windows Update with additional updates for other MS software (Office, Visual Studio, etc). I recommend you enable this by going to Windows Update and following the links to Microsoft Update.
Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place. As of 2013, BitDefender has become a pretty decent anti-virus software, also available in a free version.
Firewall
Windows firewall is all you need. Most of you will be behind a NAT router which prevents incoming connections to your PC anyway without port forwarding, but as IPv6 uptake in the near future takes off, NAT will slowly die and your PC will have a public IP address. Windows firewall simply stops programs from accepting connections from the Internet unless you allow them, so if there are vulnerabilities in any networked programs, worms and viruses can't exploit them.
Some of you may think you need a more advanced 3rd party firewall that blocks programs from initiating connections, but if you need this then you've already failed. If a program you don't trust is already executing code on your PC then you lost the battle to begin with. Also 3rd party firewalls themselves can expose your system to risk, there is a long history of firewall software that contains exploitable vulnerabilities, as well as bad coding which can cripple your PC performance or cause random crashes or application errors.
DEP (Data Execution Prevention)
DEP (or NX as it's sometimes called) prevents computer code from executing from areas of memory that are marked as containing only data. This has been around on modern CPUs for a while but by default Windows will only apply DEP to Windows programs and services. Since web browsers, plugins, IM clients, etc are all common vectors for viruses and malware, it is a very good idea to have DEP apply to all programs as it mitigates a large number of attacks. That WMF exploit that infected people just by visiting a website? Blocked by DEP. That Warcraft 3 custom map exploit? Blocked by DEP. Those are just two examples I've personally tested. It's a great preventive measure that everyone should have enabled.
To enable DEP (procedure might be slightly different for Vista / Windows 7), right click My Computer, Properties, Advanced, Performance, Settings, Data Execution Prevention, and tick "Turn on DEP for all programs and services". Contrary to some reports, enabling DEP will not slow down your PC.
There may be old programs that rely on executing code from data memory that have not been updated for DEP compatibility. If you encounter a DEP violation, you will see a popup saying "To help protect your computer, Windows has closed this program". From that dialog you can add an exception, but only do this if you are sure the program is at fault (eg, by repeatedly being able to cause the DEP error yourself). If you are browsing the web and suddenly get a DEP violation, chances are something just tried to exploit your browser or a plugin so you would definitely not want to add an exception!
3rd party addons to programs can also cause DEP violations, eg if after enabling DEP you find your browser immediately exits with a DEP error, try disabling any plugins / addons or make sure they are all up to date. Windows Explorer also loads addons (shell extensions), so if you find Explorer is exiting with DEP violations and you feel comfortable with advanced tools, you can use AutoRuns to list your shell extensions and disable any problematic ones.
Despite the two paragraphs of compatibility warnings, 99.9% of you will have zero issues after enabling DEP, so don't be afraid  .
Enhanced Mitigation Experience Toolkit
Despite the long and scary looking name, EMET is a great piece of software. It's a free toolkit from Microsoft that allows you to apply advanced security techniques to any piece of software on your system. You can download it at http://www.microsoft.com/en-us/download/details.aspx?id=29851. After you install it, run it and set the following System Options: DEP: Application Opt-Out, SEHOP: Application Opt-Out and ASLR: Application Opt-In. This will allow applications that support it to make use of advanced methods to hinder malware.
The part where EMET shines is it also allows you to force otherwise unsupported applications into using these advanced technologies. In the Configure Apps page, you can add an application and choose which protections to apply (leave them all on by default for most apps). I strongly recommend you add all your web browsers and other commonly targeted software such as IM clients, PDF readers, etc. This will greatly reduce the risk of "zero day" (unpatched) exploits from affecting you. Note, if you use FireFox, also add "Plugin-Container.exe" to the list as this program houses Adobe Flash and other external plugins. You do not need to have EMET running for the protections to apply, they are loaded automatically once they are set.
Software Updates
Every piece of software on your PC that interacts with the Internet or files could be a possible vector for virus / worm exploitation. It's very important you keep all your programs up to date as exploits are discovered for common products surprisingly often. I recommend using the Secunia Personal scanner which will scan your entire PC for any programs that might allow your system to be compromised. You'll be surprised what it finds. The latest version can even auto-install updates for you if you're lazy.
Adobe software in particular seems to have a very poor history - Adobe Flash, Adobe Reader, Adobe Air have all had exploits that could allow your system to be compromised by visiting a webpage. Worse still, many of these products don't auto update so you have to rely on 3rd party assistance (Secunia PSI) or do it manually.
Browsers and Plugins
Since web exploits are the number one vector for malware, it's important to use a secure web browser. I strongly recommend Google Chrome as it has powerful sandboxing and isolation technologies to help prevent web-based malware from infecting your system. Firefox is OK, but it isn't as good as it used to be and Internet Explorer should really be a last resort. Chrome also has an excellent background automatic update system which is very important, an out of date browser is likely vulnerable to exploits.
Browsers are often extended with plugins, which while providing features like PDF viewing and streaming, also expose you to additional risk as a security vulnerability in a plugin can allow malware to exploit it and infect your PC. Many plugins do not auto update which makes managing your plugins quite important. Don't need to read PDF files in your browser? Disable Adobe PDF plugin so PDF files can't auto-load. Finished watching some stream that required a browser addon? Disable that addon. Installed a plugin from some strange Asian game that you're done playing? Now go and disable it. If you use Firefox or Chrome, you can do a very basic plugin check here: http://www.mozilla.com/en-US/plugincheck/.
To disable plugins in IE (you should do this even if IE isn't your main browser), goto Options -> Manage Addons
To disable plugins in Firefox, goto Addons -> Plugins.
To disable plugins in Chrome, go to chrome:plugins in the address bar.
To disable plugins in Opera, go to opera:plugins in the address bar.
JavaJava is often installed for some other purpose such as running a program, but it also installs a browser plugin. These days, very few sites use the Java plugin so it's a good idea to disable it for extra security. As of 2013, Java has suffered from multiple major security issues that can result in drive-by malware installation, so if you do not use it (if you don't know, you most likely don't use it), I strongly suggest uninstalling Java or at the very least, removing the Java plugin from all of your browsers. JavaScript is entirely unrelated to the Java plugin and will continue to work fine. Flash PlayerFlash player installs multiple versions - one for IE, one for Chrome / Firefox / Opera. Make sure both of them are up to date by visiting this page and comparing your version to the latest released version. If out of date, download and install the latest one. Flash should automatically update, but it only checks on startup of your PC which if you leave your PC running 24/7, may not be often enough. Last edit: 2013-01-26 15:25:20 |
| |
|
| Disregard China. January 09 2010 17:42. Posts 8060 | Profile Blog # |
| Awesome points, I was just helping my relatives with configuring their new crappy netbook, again though never fond of Windows Firewall. I'll just tell him to use it since hes not gonna use torrents or anything, expect for simple web browsing(Well it is a netbook to begin with). As for the plugins, I think its too much of a hassle and I dont think anyone is that paranoid. |
| | "Architects know nothing about everything" |
|
|
| madnessman Singapore. January 09 2010 17:46. Posts 1564 | Profile Blog # |
Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective. |
|
|
| R1CH Administrator January 09 2010 17:47. | Profile Blog # |
| Be aware that new PCs (netbooks too) often come preloaded with exploitable software, likely Adobe products. Disabling plugins you don't need / use isn't really paranoid, it helps to minimize the possible attack vector. I'm not trying to suggest you disable plugins every time you are done with them, just ones you don't use often. For example, I installed Octoshape or whatever it is to watch the WCG and some other random plugin to watch Blizzcon. Since those only happen once a year, I disable them after I'm done so the other 364 days of the year I'm not exposing myself should an exploit be developed for one of them. |
| |
|
| Disregard China. January 09 2010 17:49. Posts 8060 | Profile Blog # |
On January 09 2010 17:46 madnessman wrote:
Show nested quote +Anti-Virus
I'm not a big fan of anti-virus software since it tends to lag behind the viruses in detection, but it helps a little bit. Microsoft's own Security Essentials is actually pretty decent and is free, which is about the price most people are willing to pay. Again, make sure you let it auto-update, an out of date anti-virus is useless. Modern viruses are becoming extremely difficult to detect and remove, so it's important to follow all the steps in this guide to try to avoid becoming infected in the first place.
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE! If you do get your computer infected, I highly recommend using Malwarebyte's. It's free and it's really effective.
Yea, been using Malwarebyte's for awhile.
edit: Totally forgot about Octoshape actually, used it once when WCG demanded it.Last edit: 2010-01-09 17:51:35 |
| | "Architects know nothing about everything" |
|
|
| R1CH Administrator January 09 2010 17:52. | Profile Blog # |
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything.
Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus. |
| |
|
| madnessman Singapore. January 09 2010 17:58. Posts 1564 | Profile Blog # |
On January 09 2010 17:52 R1CH wrote:
Show nested quote +On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything. Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about? |
|
|
| agarfin United States. January 09 2010 17:58. Posts 106 | Profile # |
| How do you feel about Kaspersky? |
|
|
| Disregard China. January 09 2010 17:59. Posts 8060 | Profile Blog # |
| I agree with virus scanners being to sensitive, unfortunately most of us or me stumble when something deep like a harmful rootkit hits your PC. All-be-it it comes to just being careful about everything. |
| | "Architects know nothing about everything" |
|
|
| Disregard China. January 09 2010 18:00. Posts 8060 | Profile Blog # |
On January 09 2010 17:58 madnessman wrote:
Show nested quote +On January 09 2010 17:52 R1CH wrote:
On January 09 2010 17:46 madnessman wrote:
Seriously? I really don't see a reason why you shouldn't use a free anti-virus software like Avira. It's small, doesn't hog system resources, and has a decently high detection rate. AND ITS FREE!
"Decently high" is not good enough these days. Unless it contains an advanced heuristic engine, basic signature definitions are not going to catch the type of malware that is floating around these days. Just two days ago I removed an infection on a friends PC and uploaded the file for analysis, only 4 out of 41 anti virus products detected anything. Another issue I have with AV software is the alarming rate of false positives, where legitimate software is mistakenly identified as a virus. As an example of how stupid this is, I modified the Windows XP Notepad to include a few extra imports and strings, there is ZERO change to any of the executable code and the file is completely safe to run. 15 virus scanners think it's a virus.
True. I was flipping through some PC mag's antivirus software review last week and the best anti virus (I can't remember its name) had a 99.5 detection rate and ~70% heuristic detection rate. It really pisses me off that I can't remember what its name is. It isn't one of the big ones (norton, kaspersky, etc) and it isn't free. Do you know which one I'm talking about?
NOD32 had almost 100% detection rate on the boards, but that was awhile ago. |
| | "Architects know nothing about everything" |
|
|
 JohnColtrane Australia. January 11 2010 10:10. Posts 4813 | Profile Blog # |
| thank you very much for this |
| |
|
| timmeh Austria. January 11 2010 10:24. Posts 177 | Profile # |
-deleted-
p.s. sorry :DLast edit: 2010-01-11 10:25:21 |
| |
|
| seRapH United States. January 11 2010 10:54. Posts 8243 | Profile Blog # |
| thanks, this will be seriously useful |
| | [Song Jieun best in show] miss A, Orange Caramel, Younha, (GNA’s spot if she decides to eat), IU ♀| |♂Epik High, Verbal Jint, Phantom, Jaybum, Wheesung |
|
|
| GrayArea United States. January 11 2010 11:03. Posts 871 | Profile Blog # |
| Nice guide, thanks for posting. I've always felt that virus scanners didn't really help in protecting my computer. |
| |
|
| Licmyobelisk Philippines. January 11 2010 11:07. Posts 3671 | Profile Blog # |
| love you R1CH you're my Idol ^_^ |
| | I don't think I've ever wished my opponent good luck prior to a game. When I play, I play to win. I hope every opponent I ever have is cursed with fucking terrible luck. I hope they're stuck playing underneath a stepladder with a black cat in attendance a |
|
|
| triangle United States. January 11 2010 11:10. Posts 2633 | Profile Blog # |
| Thanks for the DEP reccomendation -- didn't know about that! |
| | Also known as waterfall / w4terfall |
|
|
| hoborg United States. January 11 2010 11:17. Posts 430 | Profile Blog # |
Thanks for the guide.
To add another suggestion, I recommend the noscript addon for Firefox (http://noscript.net/). It blocks all javascript and flash by default, and lets you whitelist domains you trust as you visit them by clicking a button. That sounds really goddamn annoying, and it sort of is, at first, but after a day or two of browsing you'll have most of your trusted sites whitelisted. It's a good layer of protection when you visit sketchy sites, and it also blocks some shitty flash ads. |
| | blbl | CJ and ACE fighting! |
|
|
| meeple Canada. January 11 2010 11:25. Posts 10207 | Profile Blog # |
| Interesting... I didn't even know about DEP... always thought I was fairly secure... |
|
|
 micronesia United States. January 11 2010 11:32. Posts 19302 | Profile Blog # |
| Thank you for the tips. It's rare to find practical information on this topic but it's very important for all of us. |
| | Haste. Exalted. Flying. Deathtouch. Lifelink. Protection from Red. | |
|
|
| GreEny K Germany. January 11 2010 11:43. Posts 7263 | Profile # |
| Wow, very good to know, I checked a lot of shit on my computer and now I feel much safer. Also, if anyone is using AVG antivirus get rid of it... Complete garbage. |
|
|
| 1 2 3 4 5 6 7 8 Next All | |
|
|
|
| |
|
Sidebar Settings...
|
Store
