HOWTO - Protecting your Windows system

enoonmai

Cyborg Agent
Too many people these days are coming into the forums requesting help on massively infected systems. So, I thought I'd compile something for the newbies that may be useful to help prevent infections and other useless trash on your computer.

Step One: The Core

This is the single most important piece of your computer. Chances are that if there's something wrong with this, the weakest link in the chain, everything will come crashing straight on top of you. I am talking about the Single Point of Failure (SPoF) on your system - the Operating System.

This critical piece (actually, make that ultra-hyper-mega-critical) of software is what manages the entire show and you dont want any unnecessary software messing with it. Not all Operating Systems are created equal. Technically speaking, server OSes are some of the safest OSes around. But usually you cannot go around installing these OSes unless you're a total geek with around 10 computers around your home and you need software to centrally manage them. When it comes to a single desktop OS, currently Microsoft Windows XP rules the roost.

Your choice of Windows OS preference in the order of safest first is:
Windows XP Professional
Windows XP Home
Windows 2000 Professional
Windows NT 4.0
Windows 98 SE
Windows ME
Windows 98
Windows 95

I would recommend you either stick to the Windows XP OSes, Windows 2000 Professional or Windows 98 SE. Needless to say, Microsoft Windows XP is currently the most safe computing environment for a user. And that neatly brings us to our next topic.


Step Two: Patching it Up

No OS is secure if you are running it straight out of the box. A long list of vulnerabilities are detected by security experts and Microsoft routinely releases update software to address these vulnerabilities and close them. Updates may either be :
Service Packs
Critical Updates
Hotfixes
Cumulative Updates / Rollups
Hardware Updates
Optional Updates

Service Packs (SP) are comprehensive updates to the OS, fixing every single vulnerability in the OS since the release of the OS itself or the last SP release. SP's also include major OS changes, newer updates to system files and they contain every single update to the OS that has ever been released. Also, SPs are cumulative, so if you were to install SP1, it would contain every single update since the OS release and if you install SP2, it would contain every single update that has been released since SP1, and it would also include the updates of SP1 also. So, if you are patching an OS with an SP, you dont have to go around installing SP1, then SP2, SP3, etc. Installing the latest SP would mean you're getting all the updates. The latest SPs for the various OS are:

Windows XP - SP2:
The best way to get SP2 for Windows XP is either via Automatic Updates (I will get to this later), Windows Update, ordering the free Service Pack 2 from Microsoft, (click this link to place your order) or from the Digit September 2004 CD/DVD. However, if you want to download it yourself, a larger network install can be downloaded here.

Windows 2000 - SP4 Download

Windows NT 4.0 - SP6a Download

Microsoft only releases an SP for the OSes that can be used as full-fledged network clients, so there are no SPs for Windows ME, 98 SE, 98 and 95, only the standalone updates. However, an Unofficial SP exists for Microsoft Windows 98 SE.

Windows 98 SE Unofficial SP - Version 2.0 RC1 Download

Critical Updates are those very important updates that Microsoft releases in response to a threat against the Windows OS. There is no option and these should not be avoided. Installing these updates is a must if you dont want your system exploited or open to infection. Microsoft usually releases a slew of these updates every month.

Hotfixes are patches to existing Windows components that address a vulnerability in the code and are released as and when the vulnerabilities are discovered. Needless to say, you need these as well if you want to protect your OS.

Cumulative Updates and security Rollups are a bunch of related updates and hotfixes that enhance the security of the Windows component and also patch any existing unpatched vulnerability. Of course, you need these too.

Hardware Updates can sometimes be found on Windows Update when your hardware manufacturer, like your motherboard manufacturer, releases patches, fixes and updates that usually add functionality and improve performance of your hardware components. While these updates are optional, it is recommended that you install them because they often boost your hardware's performance and provide newer functionality that you can take advantage of.

Optional Updates are just that. They're optional and its your choice whether you wish to update/upgrade them. Usually, these fall in the category of extra tools for the Windows OS such as a newer Media Player, a Journal Viewer, Movie Editing Software, software to make applications programmed in the .NET environment to work, etc. You can safely ignore these updates if you are not planning to use them.

Microsoft releases a number of updates on the second Tuesday of every month, which many of us geeks fondly call "Patch Tuesday". Make sure you bookmark this day in your calendar each month and check for updates. Also, if a threat is severe enough, it may make the people at Microsoft release an update before the planned Patch Tuesday.

Also, most programs have updates for themselves. While some are improvements on features, its not uncommon for products to include security enhancements as well. Keep track of the products you're using and check for updates for your software products regularly. This is especially important when it comes to Microsoft Office products as their updates can have a significant impact on sysem security. You can always visit Office Update to check for the latest updates to your Office products.

Step Two Point Five: Honesty Pays

It is worthwhile to mention that when it comes to Windows OSes, it is better to pay for a legal, genuine copy of the OS to enable you to get the latest updates without a hassle. When it comes to Windows XP, it will not allow you to install a genuine copy of the SP or some critical fixes unless you have a legit version of the OS. Yes, cracked SPs exist and you can always install them, but you will be doing the world a lot of good, not to mention yourself, if you just get yourself a legit copy of at least Windows XP Home. You just spent over 20,000 on that new computer, the least you can do is spend another 4000 and live quite happily afterwards.

Step Three: Securing the OS

Here we will take a look at securing the OS itself without using any third party software. The most important tool here is the "Automatic Updates" option. You can usually find this option in the Control Panel, if you are running Windows ME, Windows 2000 (with the appropriate SP) or Windows XP.

When you open the Automatic Updates option, you will be faced with a couple of options including (exact wordings may differ)
Automatically Download and Install Updates
Download Updates but let me choose when to install them
Notify me of updates but do not automatically download or install them
Turn off Automatic Updates

It is recommended that you select Option 3 - "Notify me of updates but do not automatically download or install them" instead of Option 4, turning off the Auto Update feature. This way, when an important update is released, the Automatic Updates feture will inform you that updates are available for your OS and you can go to Windows Update and download and install them at your convenience. Also this way, you can tell when an update is being offered before the Patch Tuesday cycle and stay protected.

Windows XP comes with a built in Firewall to protect your computer, but its not a worthy solution when compared to a standalone firewall, so I will skip that in favor of a third party firewall solution.

Also, make sure you secure your user account with a password so that no one can fiddle with your system in your absence and then damage the OS.

Windows XP, when patched with Service Pack 2, comes with a Security Center option that can be accessed via the Control Panel. When you restart your computer after installing SP2, you will be prompted to choose an Automatic Updates method (1 out of the 4 choices) The Security Center also monitors the status of the built-in Windows Firewall, which is enabled by default and also the status of your antivirus program, whether it is on, turned off or if it requires an update. However, it only works with well known antivirus solutions. If any of these components are not working right or are turned off or disabled, the Security Center will pop up a warning in your system tray notification area, alerting you.

Step Four: Protection with Third Party Software

Antivirus Solutions

The biggest threat to a Windows system is a virus. How or why a virus attacks and how it spreads, I am not going to go into here. Usually a virus spreads through one of these mediums:
a) an infected floppy or CD
b) an infected file over the network
c) an infected file from the Internet
d) an infected file you received via e-mail or instant messenger.

An antivirus program is a third party solution that runs all the time in your system and monitors and protects your system from viruses and maybe, other threats, depending on the product and its version. It includes a scanning engine and a list of signatures of known viruses that it compares to files staying in your computer's memory and hard disk as well as the ones coming in and going out. If it detects a virus, it immediately stops the activity of the file and informs you about the virus' presence and prompts you to either clean the file or delete it. It should be noted that the major antivirus vendors, McAfee, Symantec, Trend Micro, Kaspersky, etc. release newer versions of their antivirus programs at least once each year in addition to releasing "updates" for the antivirus program every week.

You should have the latest version of the antivirus programs running at all times, and should also make sure its updated every week with the latest virus "signatures." Failure to do any of these two steps may mean an immediate infection. All antivirus programs come with an Automatic Update feature built in that will automatically contact its server and look for available updates and then download and install them automatically. It is recommended that you leave this feature turned on.

Here are a list of instructions that you should actively follow to prevent an infection:
a) Make sure you use the latest version of your antivirus and keep it updated weekly and make sure its auto-update feature is turned on.
b) Never use a CD or a floppy without scanning it for viruses.
c) Do not open files from the Internet without scanning them with the antivirus. Most download managers can integrate with the antivirus program to automatically scan the downloaded files. Turn this feature on.
d) Do not accept and download files from an Instant Messenger conversation if you do not know what it is. Also, all instant messengers can integrate with the antivirus. Turn this feature on.
e) Never open an attachment from an email, no matter what extension it is, without first scanning it with an antivirus. Again, all email clients can integrate with your antivirus solution to automatically scan for viruses in your emails.

Trial Software:
Norton Antivirus 2005
McAfee VirusScan
Trend Micro PC-Cillin 2005 (Currently the best, in my opinion)
Kaspersky Antivirus 5.0 Personal
NOD32 2.0 - v7.20
Norman Virus Control
CA eTrust Antivirus v7.1

Free Antivirus Software:
AVG Antivirus v7.308
avast! 4 Home Edition
AntiVir Personal Edition

Firewalls:

In this day, when broadband and LAN/Cable Internet access is rampant, there is always a chance that somemay may break into your computer, gain access and control your computer to do malicious acts without your permission. A firewall acts like a filter for the data that's going in and out of your computer. If it detects that a program is trying to access the Internet or your local network without your permission, it will stop such activity. Also, if a hacker or any other user tries to gain access to your computer without your permission, it will block all such activity too. The Windows Firewall that comes bundled along with Windows XP SP2 is woefully inadequate when it comes to protecting your computer.

The key to running a firewall efficiently is to configure it right. When it comes to configuring, the key steps to remember are these:
a) If you do not know the program, deny it access to the Internet and the local network.
b) Never allow the software to "remember" the access rights for a program, that is, do not wantonly check the "I know this program. Do not ask me again" for programs that you are not absolutely sure about.
c) Some Windows processes need access to the Internet or your local network to work the way its supposed to. Make sure you check the name of the program and its use before you allow or deny access.
d) Unless you run a server or play/host online or network multiplayer games, go ahead and deny inbound access to all programs except your mail clients, browsers, etc.
e) Do not allow programs to connect to the Internet unless they absolutely need to. So while Adobe Acrobat checks for an update with its servers when you start it up, thats OK. But when you are planning to play Quake 3 Arena offline and it tries to connect to the Internet, go ahead and deny it access this time around.

Good firewalls include;

ZoneAlarm (Free) (The best among them all, when you configure it right)
Kerio Personal Firewall (Free)
SyGate Personal Firewall Standard (Free )
Kaspersky Anti-Hacker v1.7 (Trial)
Norton Personal Firewall 2005 (Trial)
McAfee Personal Firewall Plus (Trial)
Trend Micro PC-Cillin Internet Security 2005 (Trial)


Anti-Spyware:

Chances are that you're probably using the default Internet Explorer browser that came along with your OS. The browser is literally the weakest link in the Microsoft OS and is a very popular target for people that write software to either attack your computer, or as in most cases, just increase their revenue. People write code called spyware/adware/malware that hijack your browser settings or install software that track your movements online or in some cases, totally prevent you from getting any work done and steal your Internet passwords. And if you're using Internet Explorer, you're their favorite snack.
To test the "integrity" of your browser and whether it is vulnerable to spyware and being hijacked and exploited, run the Browser Security Check here. Chances are, yes, you're very vulnerable. Fortunately, we have software just like antivirus programs - antispyware programs that prevent and clean attacks on your system. As with antivirus, the key to a good antispyware program is to leave its protection system running at all times and to update them regularly with the "signature libraries" of spyware.

Some of the well known products are:

SpyBot - Search and Destroy 1.3 (The best, in my opinion)
LavaSoft Ad-Aware SE Personal v1.05
Microsoft Windows AntiSpyware Beta

Another tools that prevents your browser being hijacked and your critical system settings being changed in BHODemon 2.0. You can download it here. Also, when you install antispyware like SpyBot, you will be prompted to install system protection software called "TeaTimer" and will be prompted to have it automatically startup along with your computer. Select this option and when an important change occurs, you have the option to either accept the change or deny it, effectively killing unwanted program installs and browser hijacks.

Misc. Tools:

Of course, you can always ditch the browser and go for a safer alternative. The best I would recommend is Mozilla Firefox, currently at version 1.0.1. Also the lightest browser around, it makes for the best replacement for Internet Explorer. It also automatically imports all your IE cache, settings, cookies and bookmarks, so you have to do nothing but install it and browse safe.

Get Mozilla Firefox 1.0.1 here!

Also, Microsoft has a Malicious Software Removal Tool that you can download and scan for and remove unwanted malicious software. A newer version of the tool will be released each month. Get it here.

In all my time, one tool that really caught my eye and bowled me over was BlackICE PC Protection. The program is actually a firewall for incoming data, but its being paranoid totally. The program totally blocks all incoming requests and literally hides your PC from the local network and from the Internet, making it totally invisible to the outside world. The program also bundles a nifty tool called "Application Protection." What it does is create a snapshot of all the installed programs and their "code" and if there is ANY change at all in the program, it refuses to let the program load without your permission. Of course, you can always authorize and add the program to a list, authorize it to run only once, or terminate it completely. This is the way a paranoid person like myself protects his system. There is no trial that I know of, but if you're interested you can take a look at the link I posted to find out more about the program.

I hope this helps. If anyone has anymore info to add on protecting their systems, please feel free to add it. I will post a HOWTO on fixing your problems with viruses, spyware and hackers tomorrow.

NOTE: A good site to get all your updates in one shot is The Software Patch or you can use third party tools like AutoPatcher to get the same job done.
 

klinux

Ambassador of Buzz
@enoon : gr8 work . u got anything on saving and recovering windows partitions and mbr . free would be helpful . read somewhere that removing the command.com and cmd files helped too . could u verify this info ?
 

digen

Youngling
One word:Extensive.

But I wont agree with you on one point.
Windows XP comes with a built in Firewall to protect your computer, but its not a worthy solution when compared to a standalone firewall, so I will skip that in favor of a third party firewall solution.

I've seen quite a number of posts in the forum with threads such as "which firewall do you use?" & people bashing windows firewall for the simple reason that it doesnt offer outbound monitoring.I say if a person has a fair knowledge about what goes at the OS level,what applications he wants to run or to simply put knows what goes in his system then why does he need a separate commercial firewall?
Most of them bashing the windows firewall use a commercial firewall which is not configured properly & it sit there hogging valauble resources.I'm not saying windows firewall is better or the best but the description of the windows firewall ought to be w.r.t the requirements of the user & his qualifications.
So you mentioning "not a worthy solution" naa doesnt do justice.Just my 2 cents.
 
G

Guest

Guest
Trend Micro PC-Cillin 2005 (Currently the best, in my opinion)
Definitely your computer is secure as there is no job for Trend Micro PC-Cillin 2005 :lol:, better uninstall that crap.
 
G

Guest

Guest
U have not posted the source URL, It seems U r xpert in copy & paste.
 

h4xbox

Journeyman
Anonymous said:
U have not posted the source URL, It seems U r xpert in copy & paste.

LOLZ !! How dare u talk abt ennoonmai

:twisted: :p :twisted: :p :twisted: :p :twisted:
:D :D :D :D :D

I certainly appreciate the guest who has questioned the gr8 :wink: enoonmai
 
OP
enoonmai

enoonmai

Cyborg Agent
@digen: You're right, most people simply get a third party firewall, forget to configure it properly and it just sits there, draining resources and not really protecting your system, in which case, the entire point of installing it is lost.

And you're right about Windows Firewall too. I should've made my point with respect to ICF and somehow was in the ICF bashing mode. Windows Firewall is nothing like ICF and a really good product when it comes to basic firewalls. But you see, there IS a logic to what I said.

Allow me to explain. We both know that it is not configured to monitor or block outbound traffic. But we also know that for a program to be properly called a true firewall, it should monitor how programs interact with the underlying OS and which programs attempt to access either the local network or the Internet and alert the user when such suspicious activities occur. This is very helpful in thwarting attacks wherein malware either open up ports on the computer to "forward" the infection via a rootkit or simply where the program contacts its servers to serve you useless ads and hijack your browser.

I know Microsoft has said and I quote ".."it is not the firewall's place to stop malicious code from sending outbound packets--Microsoft contends that companies should use perimeter technologies to examine outbound traffic." It has also said that if the malicious code gets past the firewall it is the role of antivirus software to handle it. "He says Windows Firewall is designed to stop malicious transmissions to the PC, rather than protecting the PC once it's been infected."

When you install a third party firewall solution, from either Zone Labs, Symantec, Kaspersky, McAfee or Trend Micro, these inevitably turn the Windows Firewall off and then configure their own systems to offer protection and when they are turned off, they automatically enable the Windows Firewall. Of course, Security Center cannot manage these third party solutions well enough and can only offer information on whether they are running properly or not. But the point that I am trying to make is that Windows Firewall's "functionality" where in it can be turned off by third party programs has the potential to be misused and bring the entire thing crashing down. However, ZoneAlarm Pro, which I think is the best, locks itself down so tight that only the end user can disable it, and that too, only after being prompted. Also, you are still protected and you can only disable complete firewall protection by uninstalling the software itself.

But yes, I made a mistake. I shouldn't have said it wasn't a worthy solution, period. Allow me to modify it.

For the majority of users that do not understand the workings of a firewall, or those who don't bother much about them and wouldn't dream of installing a third party solution, Windows Firewall is just plain great. Its extremely configurable and a lot better when compared to its predecessor, ICF. It blocks traffic well, is turned on by default and provides detailed enough logs.

For the rest of the people, who understand about computer security issues and know about the shortcomings of the Windows Firewall and how its not protecting you "as good as" third party solutions, get a stand alone firewall. If you know enough about ports and networks and configuring programs, etc, in short, if you're anything above a novice, get one of the firewall programs I mentioned.

Thanks to digen for pointing out my mistake, as to how Windows Firewall is enough for the casual user on a low to medium speed connection. Please accept my apologies.

Definitely your computer is secure as there is no job for Trend Micro PC-Cillin 2005, better uninstall that ****.

Its secure BECAUSE I have those software running, I wouldn't last one hour without them.

U have not posted the source URL, It seems U r xpert in copy & paste.

And it seems you're an expert at staying anonymous and poking people. :D I have not posted the source because it is my work. I sat for a long time to compose that, and I think I can take full credit for it.
 

icecoolz

Cyborg Agent
I had posted this before and I will post ti again :

*www.firewallleaktester.com/tests.htm

Check the link and the extensive tests which have been conducted and you will see how bad the windows firewall is. ZA is the best free alternative. The best is Look 'n' Stop. I would seriously reccomend it to those that havent tried it.

All the tests that have been conducted the executables in the site itself. Check it out for yourself. I did. And the tests are very accurate.
 

digen

Youngling
@enoonmai I'm glad you understood what I wanted to convey.But I admit at the same time that its not a complete firewall solution in a sense.But could suffice someone's requirement.

@icecoolz I've seen that link quite a number of times.Gives an idea of what rules & roast & what does not.But the point I wanted to make is windows firewall can have a different audience altogether.Moreover there are people who are not looking for outbound protection.I hope get what I'm trying to say.
 

icecoolz

Cyborg Agent
I defenitely understand what your trying to say. Most people dont even know what an inbound or an outbound attack is. And they do not want to know about it either. They just want a solution which is complete. Turn it on, configure it and forget it. In which case windows XP firewall isnt the best option. Apart from that whatever you posted in the link absolutely brilliant. No hard feelings mate.
 

digen

Youngling
Absolutely no offence or hard feelings mate.I understand & respect your & enoonmai's opinion here.
 

swatkat

Technomancer
good post by "i am no one"....enoonmai :)

and also thanks to digen for that info about LeakTest program....
 

theraven

Technomancer
hehehe finally swat posted his "Decoding" of enoonmai's nick ;)
causing a stir up in the conf since sometime ..
anyways everyones said everything .. most of them know my views too...
theres nuthin left for me to say ...
even tho however i would rather use zone alarm over windows firewall for reasons of my own ...

did anyone hear abt microsoft AntiSpyware detecting msn messenger as spyware ? ( or was it some other ms product ? )
anyways similarly my windows firewall had issues lettin msn connect to the net ... it was such a headache
and like most i was damn excited abt the firewall/antivirus reporting option of windows security centre
however when security is at risk, id rather not !
i must confess i havent tried any other firewall but ZA and i don't intend to
i upgrade my ZA as and when a new version is released
coming out of my fanboyism heres a link digen had pointed out to me quite some time back
he lost it .. and i found it in my favourites
have a look
*www.securityfocus.com/archive/1/385930
this should make some interesting discussion on firewalls

icecoolz ur link is definitely good as ive pointed out time and again
but things change. . and za is out of 5.5 beta ...
and i believe it would top that list any day !
however to each his own i always say ;)

Security is an issue every user has to deal with. and every newbie has a problem with ... and this guide is, simply put, very informative even at lay man's level ! and i do hope ppl start using any of these software and wisely as a result of our discussion here !
 

digen

Youngling
Oh yeah that link was a quite a shock to me when I stumbled upon it.Good thing raven you posted it here,i hope it helps others.
I would like to go a bit offtopic.
P.S:This is to take nothing away from enoonmai & the amount of hard work that has gone into this thread of his.
Download leak test[swat was talking about this earlier]from the link down below.You can also read how exactly it works.This should give a idea of the firewalls outbound strength,though considering this as the final verdict would be stupid & lame.I had blackice untill recently & unfortunately it failed the test.

*www.grc.com/lt/leaktest.htm
 
G

Guest

Guest
huh... it is your real work, then great job, sorry, I thought it might be from a very good site. no problem, thanks
 

theraven

Technomancer
indyan dude. .. honestly ...
i aint that stupid
it wasn msn plus... im quite sure of it !
i think corny had reported this !
even i know plus was detected as spyware
tho at the most i might have made a mistake with this one ... but no i didnt mean msn plus

and another isntance was msn announcement being detected as spam in hotmail
now that eveyrones gotta agree with cuz it was psoted here ;)
i think smooth did
man my memory needs a bit of joggling !
 

ujjwal

Padawan
Excellent work Prof. *207.58.143.178/forums/images/smilies/thumbup1.gif

Just wondering about one thing though ... what makes XP more stable/secure than win 2000? Is it due to SP2 and some additional patches/fixes, or is XP stabler at core than windows 2000?
 

goobimama

 Macboy
love the stuff. Do you mind if I email the stuff to my idiot friends who keep calling me to fix their PCs?
 
Top Bottom