Re: Zone Alarm and Firefox
- From: Kayman <kaymanDeleteThis@xxxxxxxxxxxxx>
- Date: Fri, 9 May 2008 16:30:37 +0700
On Wed, 07 May 2008 12:42:01 +0200, goarilla@work wrote:
Kayman wrote:
The most dependable defenses are:
1. Do not work as 'Administrator'; For day-to-day work routinely use a
Limited User Account (LUA).
i agree with this one
I am glad you do :)
2. Secure (Harden) your operating system.
a missing manual ?
not really (Google is your friend :)
how does one do that
and why does it seem like nobody really wants to elaborate on how ?
because nobody asked for :)
in a sense this post appeared/Portraited itself as a 'how to
harden your PC' tutorial
here ya go:
2. Secure (Harden) your operating system.
*10 Immutable Laws of Security
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true
*Proceed with 'Hardening' your Operating System (all 3 websites have good
guidances)
http://www.5starsupport.com/tutorial/hardening-windows.htm
http://www.malwarehelp.org/Malware-Prevention-Hardening-Windows-Security1.html
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
Note:
Both Plug & Play and DCOM can easily disabled manually in Services (Local)
panel and the Windows Messenger can be dealt with as mentioned in 2d.
Therefore there is *no* need to download the below mentioned tools:
a) To disable Windows Plug and Play,
b) To disable Windows DCOM,
c) To disable Windows Messenger,
And
*In Folder Options | File Types tab - *add* .CAB File.
*Right-click My Computer | Properties, System Properties - Advanced -
Performance/Settings - Data Execution Prevention is 'checked' Turn on
DEP...except those I select:
How to determine that hardware DEP is available and configured on your
computer.
http://support.microsoft.com/kb/912923
*Local Security Settings (Admin Tools - Local Security Policy) Network
security: Do not store LAN Manager hash value on next
password exchange
= ENABLED.
*Uninstall/disable Windows Messenger Windows Messenger in XP
http://www.kellys-korner-xp.com/xp_messenger.htm
Stop Windows Messenger from Auto-Starting.
Simply delete the following Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS
*Security Policy Recommendations.
www.nsa.gov/snac/support/sixty_minutes.pdf
Security Attribute (page 27/28).
a) Network access: Do not allow anonymous enumeration of SAM accounts
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM = 1
Recommendet Setting: Enabled
b) Network access: Do not allow anonymous enumeration of SAM accounts and
shares
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous = 1
Recommended Setting: Enabled
c) Network access: Let Everyone permissions apply to anonymous users
HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous = 0
Recommended Setting: Disabled
*Turn - Off Autoplay.
http://www.dougknox.com/xp/tips/cd_autoplay_pro.htm
To Disable CD autoplay, completely, in Windows XP Pro
a) Click Start, Run and enter GPEDIT.MSC
b) Go to Computer Configuration, Administrative Templates, System.
c) Locate the entry for Turn autoplay off and modify it as you desire.
Alternative:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Scroll down to Tweak UI, download TweakUI.exe
Once you've installed TweakUI you'll find a lot of options in it. To
turn-off Autoplay, in TweakUI expand My Computer, and then AutoPlay.
Click on Drives and uncheck the drive letter that you no longer want to
AutoPlay. Click on Apply and that's it. No more "what would you like me to
do" dialogs.
3. Keep your operating (OS) system (and all software on it)
updated/patched.
4. Reconsider the usage of IE and OE.
5. Review your installed 3rd party software applications/utilities;
Remove clutter.
i agree again
but i'm a minimalist :D some people just like bloat
and a whole desktop filled with icons is usually an indicator
of this
6. Don't expose services to public networks.
is this really a problem if you have a NAT'ing router ?
It certainly can be :)
a router shouldn't forward broadcasts and most of them
don't allow unsollicited inbound connections
Well, have a good look here and be guided accordingly (tweak the way it
suits *you*). This can be a tedious exercise but will bear fruits later on;
Initiate a good record of your activities).
Beginners Guides: Understanding and Tweaking WindowsXP Services
http://www.pcstats.com/
Page 1: Beginners Guides: Understanding and Tweaking WindowsXP Services
Page 2: Which services are running?
Page 3: Getting Information on Specific Services
Page 4: Properties of Services
Page 5: Why do does WinXP need Services?
Page 6: What services should be running?
Page 7: Services to disable for better security and performance
Page 8: Creating your own services
Page 9: Creating Services Continued
Windows XP Service Pack 2 Service Configurations
http://www.blackviper.com/WinXP/servicecfg.htm#
Windows XP SP2 default Services #1.
http://www.ss64.com/ntsyntax/services.html
Default settings for services #2.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true
Note: SP3 has 4 additional Services viz:
1.Extensible AuthenticationProtocol Service
2.Health Key and Certificate Management Service
3.Network Access Protection Agent
4.Wired AutoConfig
Leave the default settings (manual).
The only reasonable way to deal with malware is to prevent it from being7. Activate the build-in firewall and configure Windows not to use TCP/IP
as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP
ports 135,137-139 and 445 (the most exploited Windows networking weak
point) closed.
how does one do that?
are you talking about the Netbios over TCP/IP option
in the NIC config iirc (the place where lmhosts is also present) ?
or just disabling netbios all together, which is kinda bad advice
since for most people with a home network
netbios == their network
run in the first place. That's what AV software or Windows' System
Restriction Policies are doing. And what 3rd party Personal Firewalls
*fail* to do.
If on dial-up internet connection:
Activate and utilize the Win XP SP2 built-in Firewall; Uncheck *all*
Programs and Services under the Exception tab and review exceptions
frequently (the less exceptions the better).
Read through:
Deconstructing Common Security Myths.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."
Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."
How to Configure Windows Firewall on a Single Computer
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/cfgfwall.mspx
Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875357
Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx
Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx
Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=cb307a1d-2f97-4e63-a581-bf25685b4c43&displaylang=en
Deploying Windows Firewall Settings for Microsoft Windows XP with Service
Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en
Manually Configuring Windows Firewall in Windows XP Service Pack 2
http://technet.microsoft.com/en-au/library/bb877979.aspx
7a. If on high-speed internet connection use a router in conjunction with
#7 and #8.
7b.Use Windows Firewall in conjunction with:
Seconfig XP 1.0
http://seconfig.sytes.net/
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
a hate that word !
hex is not that easy and
it takes most people amble time to tell me what
8146 is in hex
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp
9. Regularly back-up data/files.
people who have no intention of learning how to automatize this
and/or don't know how will get confused when they have to deal with
multiple backups. as a result they'll tell you everything is backed up
while it hardly isn't and they'll start blaming 'you' of removing their
backups* and other evil stuff* if shit hits the fan.
10.Familiarize yourself with crash recovery tools and re-installing youri agree we have to install mcafee here
operating system (OS).
11.Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
12.Keep abreast of the latest developments - Sh!t happens...you know.
The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.
and a girl who just got a new pc managed to attract a worm in 2 days
or so mcafee claims
A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and *bloated* for the average user and
can play havoc with your computer.
Removal tools for recent Mcafee products:-
Request assistance from here:
http://forums.mcafeehelp.com/
or download and run:
http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
or
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033&partner=10005&type=TS
or
Download and run the McAfee Removal tool:
https://us.mcafee.com/root/MCPR2.exe
If you receive a security alert, click Yes.
Click Save to download the file to a location on your computer.
Navigate to the location where the file was saved.
Ensure all McAfee application windows are closed.
Double-click MCPR2.exe to run the removal tool.
Note: Windows Vista users must right-click and select Run as Administrator.
Restart your computer when prompted. Your McAfee products will not be fully
removed until you restart.
Good alternatives:
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/
Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm
and (optional)
On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html
i told her the obvious thing is to flatten the system again, but she
asked me if i could disable the pop-ups instead.
"The only way to clean a compromised system is to flatten and
rebuild. That’s right. If you have a system that has been completely
compromised, the only thing you can do is to flatten the system
(reformat the system disk) and rebuild it from scratch (re-install
Windows and your applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
<snip>
Good luck :)
.
- References:
- Zone Alarm and Firefox
- From: Victor Laszlo
- Re: Zone Alarm and Firefox
- From: Kayman
- Re: Zone Alarm and Firefox
- From: goarilla@work
- Zone Alarm and Firefox
- Prev by Date: NAT my iChat Netscreen
- Next by Date: ipsec through packet filter
- Previous by thread: Re: Zone Alarm and Firefox
- Next by thread: Fortinet AM-60
- Index(es):
Relevant Pages
|
