Re: Software Firewalls Question

From: sponge (mtubi@python.net)
Date: 03/22/02 

From: mtubi@python.net (sponge)
Date: Fri, 22 Mar 2002 09:45:10 GMT

 They are useful, especially at stopping some kinds of spyware and
trojans. What's more useful than their ability to stop incoming
threats is their ability to detect outgoing data, though some
"firewalls" do not have this feature. However, they are not the
panacea some people think they are. Including some so-called "experts"
who think routers and hardware firewalls are the answer to everything,
despite the fact those products have no ability to monitor outgoing
data. The truth is, the chances of somebody breaking into your system
from the outside are low at best; the chances of you having or getting
some malicious code on your system -- well -- odds are it will happen
to you at some point or another...and there's always a good chance
you have some spyware or a trojan on there already.
 Fact is, any security needs to be overlapping and, to some degree,
redundant. Since there are so many vectors from which threats can
come, that's all the more reason to have everything covered. There is
no such thing as perfect security.
 Here's a quick rundown of some standard security precautions I
recommend. There might be others I haven't. Consider also getting a
hardware firewall if you have the money.

Here's a revised version of something I posted last month in
alt.privacy.spyware. Bear one thing in mind: it looks like a lot, but
it's really pretty easy. You should be able to do all this in half and
hour to an hour the first time. After the first few times, you'll be
able to do this in 10-15 minutes and you'll probably be doing it for
your friends and family. In fact, it would be a good idea if you do,
or at least pass this along. Here goes:

 Get Zone Alarm (www.zonelabs.com) or Tiny Personal Firewall
(www.tinysoftware.com). Better yet, get both. They're both free and
work well together. I recommend using the list of spyware filters
which I regularly post in alt.privacy.spyware to block any spyware you
may have or become infected with in the future from being able to
phone home.

Get Ad-Aware (www.lavasoft.de) -- Especially important because so many
new machines are coming loaded with spyware.

Install Proxomitron (http://proxomitron.org -- great for protecting
you against malicious script. This proxy protects
your from a lot of bad stuff out there. Make sure the option called
"Kill Nosey JavaScripts" is enabled as well as "Kill Popup Windows."
They should be by default but it doesn't hurt to check. To use Prox
with Netscape, click Edit/Preferences, then click the + sign next to
Advanced. Click on Proxies. Click the button for Manual. Then click
the button called View... In the menu that comes up, the top line
should becalled http://. Enter "localhost" (without quotes of course)
in the line next to http, and in the box that says port, enter "8080".
You're done. For Internet Explorer, first go to "Tools", "Internet
Options", then "Connections". Select the entry for the ISP you use
under "Dial-Up Settings" (usually not LAN unless there's no ISP entry)
Click "Settings" Then check Use Proxy Server". Click "Advanced" enter
"localhost" for host and "8080" for port.

Get DNSKong (www.pyrenean.com -- good for blocking ad sites, spyware
"homes" etc.) This will protect you from the nastiest tracking out
there and is probably the most valuable part of any security plan. You
also could add Microsoft and Conxion to the blocklist and
block XP's attempts to phone home. (An IP filtering firewall is also
recommended as a backup, and I don't know if XP phones home
exclusively be referencing domain names [e.g.
registerxp.microsoft.com] or communicates directly by IP.) First, run
the program so it installs. I posted a configuration file in
alt.privacy.spyware the other day. Read the post and then Cut and
paste it into Notepad, then save it in C:\PROGRA~1\PYRENEAN\DNSKONG
under the name, named.txt. Make sure to save it as a text file.
Now, go into Start/Settings/Control Panel/Networks. Look for an entry
called TCP/IP. Click it to highlight in and then click on Properties.
Click on the tab at the top left called DNS Configuration. Click
Enable DNS if it's not already selected. In the box called Host, enter
"localhost" (w/o quotes of course!) In the box called DNS Server
search order, type 127.0.0.1 (use right arrow to skip around). then
click Add. Click Ok when done. Don't leave the Network's section yet.
Also, if syour web browser seems to "hang" after installing DNSKong
(only should happen to Netscape) then download and install eDexter,
available at the same site you got DNSKong. It doesn't need any
configuration. I posted a very comprehensive blocklist list in
alt.privacy.spyware on Feb. 2, but will post it again upon request.

Did you disable NetBIOS, Client for Microsoft Networks, and remove any
extraneous protocols like NetBEUI and IPX? This is extremely important
to keep you from being hacked, and the free software firewalls won't
protect you against most NetBIOS attacks. From your Networks menu,
look for the File and Print Sharing button. Click it if it's not
already greyed out and uncheck everything. Click Ok when done. Next,
look on the top half of the menu for something called Client for
Microsoft Networks. Click it to highlight in and click Remove. If you
have something called Internet Connection Sharing do the same. If you
have anything called IPX, SPX, or NetBEUI do the same. (If you use
AOL, don't remove anything with AOL in it. Also, dont remove anythinf
called adapter, or called TCP/IP. These two or three should be the
only things left when you're done). You should be left with one or two
items with Adapter in their names. Click one to highlight it, click
Properties, then click the tab at the top of the menu called Bindings.
Make sure only TCP/IP is selected. Uncheck anything else (except also
for anything called AOL but only if you actually use AOL.) Click Ok.
Repeat this step for the remaining items on the list. Some may not
have anything checked under Bindings. That's okay. However, look for a
tab at the top of the menu called NetBIOS. Click it. If the box, "I
want to enable NetBIOS over TCP/IP" is checked, uncheck it. Click Ok
when done and repeat this for anything remaining in your list. Click
ok when done with everything on that list. Your computer may ask you
if you want to restart. Say No for now. Also, you may or may not get a
message saying something to the effect "Your network is not complete.
Do you want to continue? Ignore this and click Yes,

Did you disable Install-On-Demand in IE? Comet Cursor and other
spyware (and, no doubt, trojans) can infect via this route. Also check
out BHOCop if you regularly use IE. Go to Tools/Internet
Options/Advanced.

You also need to disable scripting in IE and you should disable Java
in your browser. (Completely disable Java, Javascipt and ActiveX in
your email program - this is far more likely to be used against you
than being useful for email.) in IE, go to Tools/Internet
Options/Security and click the Custom buttom. Look for anything having
to do with scripting (or Running ActiveX Controls) and disable them.
You may want to also disallow ActiveX from downloading at all. You
have two kinds of ActiveX you can disable here.
If you use Netscape, follow the procedure for IE above, but also
disable Java from Netscape's Edit/Preferences menu.
The bottom-most item, Advanced, contains the controls to disable Java
(and also disable Javascript for mail/news.) Also, where it says
cookies (you may have to click on the + sign next to Advanced to
reveal this item, depending on the version of Netscape) select Accept
only cookies that get sent back to the originating server (or Reject
third-party cookies, whatever they call it.)

You'll need an anti-trojan scanner. McAfee's isn't great at stopping
trojans and Norton's is abysmal. Try The Cleaner (www.moosoft.com),
Kaspersky's (www.Kaspersky.com or www.avp.ch, I think) or Tauscan
(www.agnitum.com). This is the only thing you might have to pay for
but you do get free trial versions.

Consider getting some cookie-management software like Cookie Crusher.
This is not a high priority because you will learn below how to
prevent cookies from being saved, and DNSKong will prevent most
cookie-collecting services from being able to get them anyway.
(http://www.thelimitsoft.com/cookie.html )

Delete a file in your C:\WINDOWS directory called wmp*.db. The *
changes and depends on the version number, but if you have Windows
Media Player 7 and above, you probably have this file. It appears to
keep a record of everything Windows Media Player opens. Find the file,
delete it. Create one with the same name (or copy some text file with
nothing important in it to C:\WINDOWS and rename it the same name.)
Then mark it read-only. You may also want to go into REGEDIT (from the
Start/Run menu, type Regedit and hit Enter. Find the key called
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings and
change the client ID number. Randomly change odd numbers to odd
numbers and letters to letters a-f. (Thanks goes out to Velma Mae
Johnson in alt.privacy.spyware for that tip.) Finally, find and rename
setup_wm.exe; this file occasionally tries to connect to the Internet
even if you deny WMP Internet access priviledges.

 If you use IE, consider using IEclean. It costs $40, but most
IE users who have it say it's worth it.You can get BHOcop for free
which does some of the thing IEClean does. You also can accomplish
some of the same things for free by deleting and overwriting all your
cookies. Do this EVEN IF you use cookie-management software. It's easy
as long as you follow these instructions. Do this:
1. Restart your computer in DOS mode. (WinME, try typing COMMAND at
the Start/Run menu.)
2. Type CD \WINDOWS
3. deltree /y cookies
4. deltree /y history
5. del tempor~1 (note: use "del" command (delete) not deltree for this
one only)
6. md cookies
7. md history
8. cd cookies
9. copy con index.dat
10. (Type some gibberish, hit CTRL-Z and then Enter. It will say 1
files copied)
11. attrib +r index.dat
12 cd ..\history
(repeat steps 7 through 9)
13 cd ..\TEMPOR~1
(repeat steps 7 through 9)

This creates a phony file called index.dat in your \windows\cookies,
\windows\history, and windows\Temporary Internet Files directory and
write protects it so it can't be changed - or store any future
information.

If you use Netscape, you do not have to restart in DOS, just use
Windows Explorer if you want, though it's a good idea to follow the IE
instructions for safety even if you don't regularly use IE. Simply go
into your C:\PROGRA~1\NETSCAPE\USERS\DEFAULT directory. Look for a
file called cookies.txt and netscape.hst. Delete them. Make a dummy
file (in DOS, type copy con cookies.txt then type some gibberish, hit
CTRL-Z, then Enter.) In Windows, open notepad, type some gibberish,
and save it in the directory mentioned above to a file called
cookies.txt. Make it Read-only (in DOS: attrib +r cookies.txt,
Windows: Right click the file, then select Properties, then select
Read-Only from the bottom of the list.) Repeat this step for the file
called Netscape.hst.

On Thu, 21 Mar 2002 22:21:22 +0000 (UTC), "Jim"
<RetroNet@Gothicbtinternet.com> wrote:

>I have just been told by a Technical Expert that Software Firewalls are a
>waste of time and will not protect me online. Is this correct
>Thanks
>
>--
>Jim
>Outgoing Mail Scanned By NAV 2002
>Please remove Gothic if replying by email
>RetroNet@Gothicbtinternet.com
>Necroflash@hotmail.com
>
>
>

Loading