Re: Choosing antivirus and antispyware programs
Blue Screen, Excel, Patch Watch, Visio, Windows Update
Whew! You’ve given me a lot to work on. Seems like a whole course in
computer security. I’ve printed off your post as a reference and will start
checking out the links later today.
Thank you!
Jo-Anne
“Kayman” <kaymanDeleteThis@operamail.com> wrote in message
news:OhLgu2R9IHA.1192@TK2MSFTNGP05.phx.gbl…
> On Sat, 2 Aug 2008 15:48:52 -0500, Jo-Anne wrote:
>
>> You’ve given me a lot to think about, Kayman! I also have some questions
>> and
>> notes below, inserted in brackets under each of your numbered points.
> Okay Jo-Anne, here we go. You’ve got to do some serious reading but please
> *don’t* be overwhelmed by this as, after a while, it all will make sense;
> Implement the suggestions on-by-one; All changes can be reversed easily
> and
> safely. The implementation of the suggestions will not harm your OS in any
> way!
>
>>> For Win XP the most dependable defenses are:
>>> 1. Do not work as Administrator; For day-to-day work routinely use a
>>> Limited User Account (LUA).
>> [I'll look into this for the new computer, which is an XP Pro. My old one
>> is
>> an XP Home, and I never have done anything about this kind of
>> protection.]
> Least privilege
> http://www.securityfocus.com/infocus/1848
> It is important that administrators follow the rule of least privilege.
> This means that users should operate their computer with only the minimum
> set of privileges that they need to do their job. Typically this means
> operating as a normal user,and only when absolutely necessary use the Run
> As or MakeMeAdmin commands to elevate privileges.
> Applying the Principle of Least Privilege to User Accounts on WindowsXP
> http://technet.microsoft.com/en-us/l…/bb456992.aspx
>
> The Importance of the Limited User Account (LUA).
> http://blog.washingtonpost.com/secur…e_limited.html
>
> How the right user account can help your computer security.
> http://www.microsoft.com/protect/com…eraccount.mspx
> Aaron Margosis’ “Non-Admin” WebLog
> http://blogs.msdn.com/aaron_margosis/pages/TOC.aspx
> The easiest way to run as non-admin.
> http://blogs.msdn.com/aaron_margosis…17/158806.aspx
> http://blogs.msdn.com/aaron_margosis/
>
>>> 2. Secure (Harden) your operating system.
>> [Not sure what you mean. Could you give an example?]
> Educational reading:
> 10 Immutable Laws of Security
> http://www.microsoft.com/technet/arc….mspx?mfr=true
>
> http://www.5starsupport.com/tutorial…ng-windows.htm
> http://www.malwarehelp.org/Malware-P…Security1.html
> http://labmice.techtarget.com/articl…ychecklist.htm
> Note:
> Both Plug & Play and DCOM can easily disabled manually in Services (Local)
> panel and the Windows Messenger can be dealt with as mentioned in #3.
> Therefore there is *no* need to download the below mentioned tools from
> Steve Gibson, of Gibson Research Corporation as mentioned in
> ‘5starsupport’:
> a) To disable Windows Plug and Play
> b) To disable Windows DCOM
> c) To disable Windows Messenger
>
> Create New Extension (add .Cab File to registered file types)
> Go to Control Panel, in Folder Options | File Types tab, click the New
> button, in File Extension type: .CAB File, click OK and you’re done.
>
> Data Execution Prevention is ‘checked’ Turn on DEP…except those I
> select.
> Right-click My Computer icon | Properties, in System Properties panel
> click
> the Advanced tab and under Performance click Settings then click the Data
> Execution Prevention tab. The radio button for ‘Turn on DEP for essential
> Windows programs and services only’ should be deactivated and the radio
> button for ‘Turn on DEP for all programs and services except those I
> select:’ should be activated.
> http://support.microsoft.com/kb/912923
>
> Enable ‘Do not store LAN Manager hash value on next password exchange’
> Click Start, go to Settings, Control Panel, Administrative Tools, and
> click
> Local Security Policy. Double-click Security Options Folder, scroll down
> to
> ‘Network security: Do not store LAN Manager hash value on next password
> exchange’, right-click this item and click Properties.
> Activate the radio button next to Enabled. Click Apply and OK to save your
> settings.
>
> Uninstall/disable Windows Messenger Windows Messenger in XP
> http://www.kellys-korner-xp.com/xp_messenger.htm
>
> Stop Windows Messenger from Auto-Starting.
> Simply delete the following Registry Key:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\MSMSGS
>
> Security Policy Recommendations.
> www.nsa.gov/snac/support/sixty_minutes.pdf
> Security Attribute (page 27/28).
> a) Network access: Do not allow anonymous enumeration of SAM accounts
> HKLM\System\CurrentControlSet\Control\Lsa\Restrict AnonymousSAM = 1
> Recommendet Setting: Enabled
> b) Network access: Do not allow anonymous enumeration of SAM accounts and
> shares
> HKLM\System\CurrentControlSet\Control\Lsa\Restrict Anonymous = 1
> Recommended Setting: Enabled
> c) Network access: Let Everyone permissions apply to anonymous users
> HKLM\System\CurrentControlSet\Control\Lsa\Everyone IncludesAnonymous = 0
> Recommended Setting: Disabled
>
> Turn - Off Autoplay.
> http://www.dougknox.com/xp/tips/cd_autoplay_pro.htm
> To Disable CD autoplay, completely, in Windows XP Pro
> a) Click Start, Run and enter GPEDIT.MSC
> b) Go to Computer Configuration, Administrative Templates, System.
> c) Locate the entry for Turn autoplay off and modify it as you desire.
> Alternative:
> http://www.microsoft.com/windowsxp/d…powertoys.mspx
> Scroll down to Tweak UI, download TweakUI.exe
> Once you’ve installed TweakUI you’ll find a lot of options in it. To
> turn-off Autoplay, in TweakUI expand My Computer, and then AutoPlay.
>
> Click on Drives and uncheck the drive letter that you no longer want to
> AutoPlay. Click on Apply and that’s it. No more “what would you like me to
> do” dialogs.
>
>>> 3. Don’t expose services to public networks.
>> [Same question.]
> Disable any unnecessary and potentially dangerous Services
> Configure and adjust Services to suit your computing needs
> Windows XP Service Pack 3 Service Configurations
> http://www.blackviper.com/WinXP/servicecfg.htm
> (This can be a tedious exercise but will bear fruits later on; Initiate a
> good record of your activities).
>
>>> 4. Keep your operating (OS) system (and all software on it)
>>> updated/patched….
> Windows update.
> http://www.update.microsoft.com/wind….aspx?ln=en-us
> Secunia Personal Software Inspector
> http://secunia.com/software_inspector
> https://psi.secunia.com/
> –and–
> M/S Security Baseline Analyzer 2.0
> http://www.microsoft.com/downloads/d…displaylang=en
> can assist also.
> Educational reading:
> http://www.microsoft.com/technet/com…mt/sm0504.mspx
>
>>> …(Got SP3 yet?).
> Why Service Packs are Better Than Patches.
> http://www.microsoft.com/technet/arc….mspx?mfr=true
>
>> [SP3 is installed on my old computer, as are all the Windows XP updates
>> after it; I've been asking for advice on installing it on the new
>> one--including whether to install an antivirus program before or after (I
>> use Norton on the old computer but am checking other AV programs for the
>> new
>> one).
> A number of experts agree that the *retail* AV version of McAfee, Norton
> and Trend Micro has become cumbersome and bloated for the average user.
>
> The major criticisms are related to stability and footprint, the most
> common problem being slow-downs because of the massive system resources
> these applications hog. There are products on the market with equal or
> better test results than the said products, consuming less resources at a
> lower price (*even free ones*).
>
> Download and run the Norton Removal Tool(*highly* recommended):
> http://service1.symantec.com/SUPPORT...05033108162039
> The Norton Removal Tool uninstalls all Norton 2008/2007/2
>
>> I've downloaded several webpages at Robear's and Shenan's suggestions
>> and will go through that material before I start working with the new
>> computer.]
> You’re well advised to apply their recommendations to the letter!
>
>>> 5. Reconsider the usage of IE and OE.
>> [I've been thinking of downloading Firefox and Thunderbird. I'll try them
>> on
>> the new computer.]
> Alternative Browsers:
> OperaT
> http://www.opera.com/download/
> FirefoxT
> http://www.mozilla.com/en-US/
> The SeaMonkey® Suite (Internet Browser)
> http://www.seamonkey-project.org/
> –But–
> Microsoft says Internet Explorer more secure than Firefox 
> http://www.heise-security.co.uk/news/99955
>
> Reconsider using OE
> Good alternatives are:
> Opera’s built-in e-mail client
> http://www.opera.com/products/desktop/m2/
> Firefox’s built-in email client - ThunderbirdT
> http://www.mozilla.com/en-US/thunderbird/
> SeaMonkey’s Mail and Newsgroups
> http://www.seamonkey-project.org/
> Pegasus MailT
> http://www.pmail.com/downloads.htm
> Windows Live MailT (Version 2008)
> http://get.live.com/wlmail/overview
>
>>> 5a.Secure (Harden) Internet Explorer.
>> [Not sure what to do here. Norton has an anti-phishing toolbar on IE7 on
>> my
>> old computer; don't know what else to do.]
> IE7 safe/secure settings
> Internet Explorer7 Desktop Security Guide
> http://www.microsoft.com/downloads/d…displaylang=en
>
> The Internet Explorer 7 Security Status Bar
> http://www.microsoft.com/windows/pro…/security.mspx
>
> Extended Validation SSL Certificates
> http://www.microsoft.com/windows/pro…v/default.mspx
>
> *Tight security settings will break down some websites. You need to add
> these websites into the Trusted Zone for smooth access.*
>
> You could consider disabling all Security Settings in IE and use IE only
> for the ‘Patch Tuesday’ updates; To do so you must add the following URL’s
> to the Trusted sites:
> http://update.microsoft.com
> http://download.windowsupdate.com
> https://*.update.microsoft.com
> http://*.update.microsoft.com
> http://*.microsoft.com
>
>>> 6. Review your installed 3rd party software applications/utilities;
>>> Remove
>>> clutter, *including* 3rd party software personal (so-called) firewall
>>> application (PFW) - the one which claims: “It can stop/control malicious
>>> outbound traffic”.
>> [I've been clearing out stuff on the old computer and have disabled
>> Norton's
>> outgoing and incoming email scanning. Anything else I should do? I don't
>> have any other spyware/firewall programs on the old computer.]
> Dispose of all your ‘Anti-Whatever’ applications. Keep you pc lean,
> install
> only applications you are really need - try to be a ‘minimalist’.
> Belarc Advisor can assist:
> http://www.belarc.com/free_download.html
>
> Remove Norton using Norton’s own Removal tool!
> Good quality AV alternative:
> Avira AntiVir® Personal - FREE Antivirus
> http://www.free-av.com/
>
> Windows Defender can be useful:
> http://www.microsoft.com/athome/secu…e/default.mspx
> Interesting reading:
> http://www.pcworld.com/article/id,136195/article.html
> “…Windows Defender did excel in behavior-based protection, which detects
> changes to key areas of the system without having to know anything about
> the actual threat.”
>
> This A-S ware may also be beneficial…
> SuperAntispyware - Free
> http://www.superantispyware.com/supe…freevspro.html
> …but you may find to be superfluous if you implement the suggestions
> mentioned in this post
>
>>> 7. If on dial-up Internet connection, activate the build-in firewall and
>>> configure Windows not to use TCP/IP as transport protocol for NetBIOS,
>>> SMB
>>> and RPC, thus leaving TCP/UDP ports 135,137-139 and 445 (the most
>>> exploited Windows networking weak point) closed.
> The only reasonable way to deal with malware is to prevent it from being
> run in the first place. That’s what AV software or Windows’ System
> Restriction Policies are doing. And what 3rd party Personal Firewalls fail
> to do.
> If on dial-up internet connection:
> Activate and utilize the Win XP SP2 built-in Firewall; Uncheck *all*
> Programs and Services under the Exception tab and review exceptions
> frequently (the less exceptions the better).
> Read through:
> Deconstructing Common Security Myths.
> http://www.microsoft.com/technet/tec…s/default.aspx
> Scroll down to:
> “Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.”
> Understanding Windows Firewall.
> http://www.microsoft.com/windowsxp/u…2_wfintro.mspx
> Using Windows Firewall.
> http://www.microsoft.com/windowsxp/u…nfirewall.mspx
>
> Use Windows Firewall in conjunction with:
> Seconfig XP 1.0
> http://seconfig.sytes.net/
>
>>> 7a.If on high-speed Internet connection use a router.
>> [I use a Netgear router on my old computer (DSL connection) but need to
>> get
>> a new wireless one for the notebook. Any suggestions, given what you say
>> below?]
>>> For the average homeuser it is suggested blocking both TCP and UDP ports
>>> 135 ~ 139 and 445 on the router
> Consult the Netgear router userguide for blocking both TCP and UDP ports.
> –and/or–
> http://www.dslreports.com/forum/equip,9
>
>>> and implement countermeasures against DNSChanger.
> How to Configure Windows Firewall on a Single Computer
> http://www.microsoft.com/technet/sec…/cfgfwall.mspx
>
>>> And (just in case) Wired Equivalent Privacy (WEP) has been superseded by
>>> Wi-Fi Protected Access (WPA).
> The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services
> Information Element (WPS IE) update for Windows XP with Service Pack 2 is
> available.
> http://support.microsoft.com/kb/893357
>
> Educational reading:
> http://www.microsoft.com/whdc/device…/802x/WPA.mspx
> http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
>
>>> 8. Routinely practice Safe-Hex.
> http://www.claymania.com/safe-hex.html
> Hundreds Click on ‘Click Here to Get Infected’ Ad
> http://www.eweek.com/article2/0,1895,2132447,00.asp
>
>>> Also, ensure you do:
>>> a. Regularly back-up data/files.
>> [I back up regularly to two external hard drives with Acronis True Image
>> 11
>> Home on the old computer and use flash drives occasionally for little
>> backups. Not sure whether I should install Acronis on the new one or try
>> something else. Suggestions?]
> I understand that Acronis is a very good program: If it’s working for you
> stick with it; I use it - no problems.
>
>>> b. Familiarize yourself with crash recovery tools and re-installing your
>>> operating system (OS).
>> [I'm hoping that the Acronis full backups (all my backups are full ones)
>> will work. I've done some checking, and so far so good; but I'll never
>> know
>> for sure til I have a problem, I guess. I did create an Acronis bootable
>> CD
>> and booted from it, so I know it works. In theory, it should enable me to
>> restore everything, including the OS, in the event of a crash.]
> Beginners Guides: Crash Recovery - Dealing with the Blue Screen Of Death
> http://www.pcstats.com/articleview.cfm?articleID=1647
>
> NTFS4DOS Personal is free.
> http://www.free-av.com/
> http://www.free-av.com/antivirclassi…_ntfs4dos.html
> http://service.avira.com/freet/index…in=free-av.com
>
> How to create a bootable floppy disk for an NTFS or FAT partition in WinXP
> http://support.microsoft.com/kb/305595
>
> Bart’s Preinstalled Environment (BartPE) bootable live windows CD/DVD
> http://www.nu2.nu/pebuilder/
>
> How to obtain Windows XP Setup boot disks
> http://support.microsoft.com/kb/310994
>
> Windows XP Professional Utility: Setup Disks for Floppy Boot Install
> http://www.microsoft.com/downloads/d…displaylang=en
>
> Re-install OS (reformat HDD). *See Footnote.
> Back all your important Data files, Documents, Photo, Music, etc. to CD or
> DVD media.
> Download all the necessary drivers for XP (motherboard, Video Card, Audio,
> Network card, Etc.)
> Verify that you have the Application CD(s) and key code stickers or any
> application you wish to use with WinXP.
> Belarc Advisor can assist:
> http://www.belarc.com/free_download.html
>
> Perform a clean install of Windows XP
> http://support.microsoft.com/kb/316941/en-us
>
> Clean Install Windows XP
> http://michaelstevenstech.com/cleanxpinstall.html
>
> How to Reinstall Windows XP
> http://www.pcworld.com/article/id,129977/article.html
> http://www.pcworld.com/video/id,369-…d,0/video.html
>
>>> c. Utilize a good-quality real-time anti-virus application and some
>>> vital
>>> system monitoring utilities/applications.
>> [I have Norton Internet Security on the old computer but no antivirus
>> program yet on the new one. Not sure about other system monitoring
>> utilities. Any recommendations in either area?]
> I mentioned AntiVir already; Other good (free) AV apps. is:
> Free antivirus - avast! 4 Home Edition
> It includes ANTI-SPYWARE protection, certified by the West Coast Labs
> Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
> GMER technology.
> http://www.avast.com/eng/avast_4_home.html
> (Choose Custom Installation and under Resident
> Protection, uncheck: Internet Mail and Outlook/Exchange.)
>
> Why You Don’t Need Your Anti-Virus Program to Scan Your E-Mail
> http://thundercloud.net/infoave/tuto…ning/index.htm
> Viral Irony: The Most Common Cause of Corruption.
>
> Some system monitoring utilities/applications:
> Process Explorer
> http://technet.microsoft.com/en-au/s…/bb896653.aspx
> AutoRuns for Windows
> http://technet.microsoft.com/en-au/s…/bb963902.aspx
> Note: “Additional Resources” and “Utilities” in the left-hand collumn.
> What’s Running
> http://www.whatsrunning.net/whatsrunning/main.aspx
> RunScanner
> http://www.runscanner.net/
> TCPView for Windows
> http://technet.microsoft.com/en-au/s…/bb897437.aspx
> CurrPorts - View Opened TCP/IP ports/connections
> http://www.nirsoft.net/utils/cports.html
> WALLWATCHER - Collect, View, and Analyze Router Logs
> http://sonic.net/wallwatcher/
> Wireshark
> http://www.wireshark.org/
> Port Reporter (PortRptr.exe)
> http://www.microsoft.com/downloads/d…displaylang=en
>
>>> d. Keep abreast of the latest developments.
>> [I'm on several MS newsgroups, which help tremendously.]
> Agree, keep on lurking but be selective and cautious when receiving
> advice!
> BTW, my suggestions are based/supported on/by links written by well
> respected and highly regarded authors; Their recommendations work for me
> very well!
>
>>> And finally:
>>> Most computer magazines and/or (computer) specialized websites are
>>> *biased* i.e. heavily weighted towards the (advertisement) dollar
>>> almighty!
>>> Therefore:
>>> a. Be cautious selecting software applications touted in publications
>>> relying on advertisement revenue.
>>> b. Do take their *test-results* of various software with a
>>> *considerable*
>>> amount of salt!
>>> c. Which also applies to their *investigative* in-depth test reports
>>> related to any software applications.
>>> d. Investigate claims made by software manufacturer *prior* downloading
>>> their software; Subscribing to noncommercial-type publications,
>>> specialized newsgroups and/or fora (to some extend) are a great way to
>>> find out the ‘nitty-gritties’ and to consider various options.
>> [Any noncommercial-type publications in particular? I'm already
>> subscribed
>> to newsgroups and to the Acronis forum.]
> TechNet Magazine
> Subscribe to TechNet Magazine
> http://technet.microsoft.com/en-us/m…/cc296584.aspx
> http://blogs.technet.com/tnmag/
> MSDN Subscriptions (is educational and can be useful)
> http://msdn.microsoft.com/en-us/subs…s/default.aspx
> Jesper’s Blog
> http://msinfluentials.com/blogs/jesper/default.aspx
> Steve Riley on Security
> http://blogs.technet.com/steriley/
> Note: Jesper M. Johansson (sometimes hangs out in
> microsoft.public.windows.vista.security
> –and–
> Steve Riley (occasionally hangs out in
> microsoft.public.security.homeusers)
> Schneier on Security (”Security is a process not a product”)
> http://www.schneier.com/
> Benjamin Edelman
> http://www.benedelman.org/
> Inspirational reading:
> http://home20.inet.tele.dk/b_nice/index.htm
> …to mention a few
>
> *Footnote:
> There are however a number of valid reasons where this may not be possible
> or achievable. Not everybody is technically versed to do so or has an
> acquaintance who may be able to assist. There are many users residing in
> less developed environments where professional help just does not exist or
> is very hard to come by. Therefore, a user may find the procedures as per:
> http://michaelstevenstech.com/cleanxpinstall.html
> http://www.elephantboycomputers.com/…alling_Windows
> too overwhelming and shy away from the perceived complexeties of
> re-installing the OS.
> The procedures as per:
> http://www.claymania.com/removal-trojan-adware.html
> (especially [Procedure #2] David H. Lipman’s MULTI_AV Tool) has had helped
> solving malware issues for uncountable users for many years; And is (IMO)
> the next best thing to flatten and rebuild an operating system. It can
> keep
> you going until experienced and/or professional is available for thorough
> examination and/or reformatting of HDD.
> The recommendations as per:
> http://www.elephantboycomputers.com/page2.html
> are more elaborate, and extremely useful as well.
>>> Interested? Wanna know details? Go ahead and ask
>> [I have, I have!]
> Happy reading and good luck!
Continue here: Re: Choosing antivirus and antispyware programs
Leave a Comment