computer security

[Ynir]

My home network sits behind a Netgear firewall router. It operates 24/7 when Comcast is up, which is most of the time. I use two computers for WoW only. The only other installed programs are Firefox, Ventrilo, and Irfanview.

I don't use a software firewall because those I tried created problems. My online activities are low-risk, but some concerns remain:

I browse many websites, and it is hard to tell which links might install malware.

I don't like being hijacked by companies such as doubleclick or tribalfusion when I click a link.

I want to block advertisements, and prevent sinister scripts from executing when browsing a site.

The WoW launcher has its own snoopers, and I don't want to interfere with that.

I asked my friend how to tighten up without causing myself a lot of work. His comments are in italics.

First, because you use Comcast internet, you can get a free McAfee suite from Comcast. I don't like McAfee because it is a resource hog. Also, some computers really hate McAfee; others don't care.
http://security.comcast.net/index.aspx

I won't use software firewalls for a number of reasons. The hardware firewall seems to work fine.

Sunbelt's VIPRE is pretty good.
http://www.sunbeltsoftware.com/Home-Home-Office/VIPRE/

A lot of people like Comodo's free software. I use it on some of my computers.
http://www.comodo.com/

There are many malware detectors, take your pick. I wanted to make sure that it wouldn't fuss over whatever Blizzard installed with WoW (a rootkit, perhaps).

VIPRE is easy to install and configure. You can buy a single license for all the machines on a home network. It found a trojan on my machine at work but my WoW machines at home are clean, which reinforces my faith in the hardware firewall.

The three most important things you can do (and they don't slow down your computer) are:
1. Change your DNS server to OpenDNS. Doing this redirects any "evil" sites to a warning page.
https://www.opendns.com/smb/start

This was easy, just replace your DNS servers in the TCP/IP config menu.

2. Replace your hosts file. Any "evil" sites and any ad sites get silently ignored. Sometimes the hosts file blocks sites you want. You just edit the file and comment out the redirection. I didn't realize how many ads the hosts file blocked until I switched computers.
http://www.mvps.org/winhelp2002/hosts.htm

A batch file in the ZIP replaces the host file in XP and earlier. VISTA causes access issues unless you are admin. Complete install instructions are on the site and in the readme file.

3. Use NoScript. It blocks all scripts and flash until you tell it otherwise. Until you approve all of your favorite sites in NoScript, it is somewhat of a pain.
http://noscript.net/

Noscript is a Firefox plugin (you shouldn't use IE, as everyone knows) that is configurable, site by site. Huffingtonpost isn't useful without the images, obviously, and you can't use Wowhead at all without the search scripts. Noscript always shows configuration options at each site, and a click or two will bring up what you want and hide the rest.

Loading site content is very fast with these fixes in place, and the incredibly annoying animated ads are gone. Great payback for an hour's work.

[Taelas]

Using Internet Explorer is just as safe as using Firefox. Firefox is not a magic browser that is automatically more safe.

Sorry, but that particular issue is a pet peeve. People claim Firefox is oh, so much better than Internet Explorer, and it is simply not true. IE7 and onwards are excellent browsers.

[bonemage]

Using Internet Explorer is just as safe as using Firefox. Firefox is not a magic browser that is automatically more safe.

Sorry, but that particular issue is a pet peeve. People claim Firefox is oh, so much better than Internet Explorer, and it is simply not true. IE7 and onwards are excellent browsers.

Your opinion, and I disagree, on both security and usability.

[Taelas]

It is not a matter of opinion. It's a matter of fact -- at least with regards to security.

I challenge you to prove how Firefox is more secure than IE7.

[Lissa]

Your opinion, and I disagree, on both security and usability.

Then you need to sit down and read some security briefs on Firefox, IE, and Safari. All of them have holes that can be exploited. And of late, more holes, and the worst possible exploits, have been found in Safari. More interesting, Firefox has been found to have more exploits than IE, it's just that Firefox moves faster because the open source community typically will find the holes and give code to possibly fix the issue allowing a quicker patch time with Firefox.

[Lissa]

If you're going to go with an AV program, I would highly recommend Kaspersky. Kaspersky has an AV only version and a security suite version. Kaspersky is also the top rated security suite for a personal computer right now beating out all challengers with the ability to deal with 0 day attacks more readily than any other anti-malware suite out there (and you can turn off and on various aspects of the suite, so if you don't want to use the firewall, you can turn that off).

[bonemage]

Then you need to sit down and read some security briefs on Firefox, IE, and Safari. All of them have holes that can be exploited. And of late, more holes, and the worst possible exploits, have been found in Safari. More interesting, Firefox has been found to have more exploits than IE, it's just that Firefox moves faster because the open source community typically will find the holes and give code to possibly fix the issue allowing a quicker patch time with Firefox.

That all browsers have holes isn't news. The number of holes isn't as important as the depth of the holes. IE has deeper hooks into the OS, so that when the browser is compromised, more of the OS is too.

Just as I can't "prove" that Firefox is more secure by some article, no one can "prove" that IE is more secure either. It is opinion. Stating it as fact, does not make it so. There are too many nuances to ever establish a clear winner. Which is why I called it an opinion. I can understand the irritation that the two of you evidently have with Firefox fanbois. "I use Firefox, I'm invulnerable." Obnoxious, and incorrect. If you quote stats from some research company, don't waste both of our time. Statistics are easy manipulated. I've seen "studies" that put IE as more secure than Firefox due to fewer open bugs in the bug tracking software. If you can't see the flaws in that reasoning, you probably shouldn't be in this discussion. I've read articles that compare the browsers for a number of years, and have plenty of my own experience supporting computers and working in the software industry. Many "researchers" have their own agenda (I've seen this on both sides), and most have flawed methodologies and only focus on one or two particular areas.

Keeping your software up to date is important, no matter what software you choose to use. Nothing is perfectly safe, but one huge disadvantage that IE has compared to the other browsers is market share. If you're looking to exploit a browser, and if you've got a browser that makes up 70+ percent of the users, that's the biggest target with the highest potential payoff. So while we can talk about number and severity of holes, IE gets targeted more due to market share. This makes it more likely to be exploited, even if it isn't less secure. So while the browser might not be more insecure from a software standpoint, your computer is because you're part of the masses, and have a larger bullseye and payoff for exploiting you. It is not purely technical reasons that I believe I'm more likely to be compromised using IE than Firefox.

It is rather easy for me to not use IE, as I can't stand the feature set. A lot of this could stem from the fact that I've use Firefox through 3 name changes. Since version 0.3 or 0.4, I think. I try them all, but always end up back with Firefox.

[Concillian]

Using Internet Explorer is just as safe as using Firefox. Firefox is not a magic browser that is automatically more safe.

How easy is it to run a no-script type add on for IE7?

(This is a serious question, I was on Win2k forever and never had the opportunity to even try IE7, because Microsoft wouldn't let me.)

[LavCat]

My home network sits behind a Netgear firewall router. It operates 24/7 when Comcast is up, which is most of the time. I use two computers for WoW only. The only other installed programs are Firefox, Ventrilo, and Irfanview.

I don't use a software firewall because those I tried created problems. My online activities are low-risk, but some concerns remain:

So many things to comment on! To make it brief for now, just a couple things: I had never heard of OpenDNS. It sounds good, but I wonder what pays for it? I get suspicious when I see a service offered with no visible source of revenue.

I also use a Netgear router (the one that you so very kindly provided the funds for after the lightning hit, thank you very much again). I have the router's keyword blocking set up to block URL's to sites such doubleclick or tribalfusion. Not only are the URL's blocked but the associated ads are replaced by a little Netgear logo.

[LavCat]

How easy is it to run a no-script type add on for IE7?

(This is a serious question, I was on Win2k forever and never had the opportunity to even try IE7, because Microsoft wouldn't let me.)

I disable active scripting in IE7 security options. Why do you need an add on?

[Kevin]

I disable active scripting in IE7 security options. Why do you need an add on?

Because not all active scripting is bad and the options in some add-ons allow me to set things up easier than in IE7 (not that you can't turn on some scripts and turn others off in IE I just prefer the way some of the plug-ins do it).

Of course we are running into issues on campus here where some 3rd party applications don't work with IE7 no matter what we do to the IE7 config but they work just fine with Firefox. This is a bit different from stuff that worked in IE because the default config allowed stuff to work that wasn't compliant with this or that standard but wouldn't work in Firefox. Of course we could almost always get it to work with firefox by relaxing a standard.

I'm not picking favorites. I just prefer the feel of Firefox to IE and have for a long time. I've never really like IE at any stage of the game though.

[Lissa]

How easy is it to run a no-script type add on for IE7?

(This is a serious question, I was on Win2k forever and never had the opportunity to even try IE7, because Microsoft wouldn't let me.)

There's a couple places, one has already been mentioned. Another is under the Tools menu (hit alt to have that tool bar show). It's called manage add ons and you can enable and disable any add on to IE, including ActiveX.

[Lissa]

That all browsers have holes isn't news. The number of holes isn't as important as the depth of the holes. IE has deeper hooks into the OS, so that when the browser is compromised, more of the OS is too.

Just as I can't "prove" that Firefox is more secure by some article, no one can "prove" that IE is more secure either. It is opinion. Stating it as fact, does not make it so. There are too many nuances to ever establish a clear winner. Which is why I called it an opinion. I can understand the irritation that the two of you evidently have with Firefox fanbois. "I use Firefox, I'm invulnerable." Obnoxious, and incorrect. If you quote stats from some research company, don't waste both of our time. Statistics are easy manipulated. I've seen "studies" that put IE as more secure than Firefox due to fewer open bugs in the bug tracking software. If you can't see the flaws in that reasoning, you probably shouldn't be in this discussion. I've read articles that compare the browsers for a number of years, and have plenty of my own experience supporting computers and working in the software industry. Many "researchers" have their own agenda (I've seen this on both sides), and most have flawed methodologies and only focus on one or two particular areas.

Keeping your software up to date is important, no matter what software you choose to use. Nothing is perfectly safe, but one huge disadvantage that IE has compared to the other browsers is market share. If you're looking to exploit a browser, and if you've got a browser that makes up 70+ percent of the users, that's the biggest target with the highest potential payoff. So while we can talk about number and severity of holes, IE gets targeted more due to market share. This makes it more likely to be exploited, even if it isn't less secure. So while the browser might not be more insecure from a software standpoint, your computer is because you're part of the masses, and have a larger bullseye and payoff for exploiting you. It is not purely technical reasons that I believe I'm more likely to be compromised using IE than Firefox.

It is rather easy for me to not use IE, as I can't stand the feature set. A lot of this could stem from the fact that I've use Firefox through 3 name changes. Since version 0.3 or 0.4, I think. I try them all, but always end up back with Firefox.

Again, I think you need to go back and do some research. I have seen just as many exploits in Firefox that can get deeply into the O/S just as much as IE. IE has been the only browser I have seen where the sheer number of critical exploits have lessened with each iteration (Firefox is staying about the same and Safari is getting worse and worse by the interation).

[NiteFox]

A lot of people like Comodo's free software. I use it on some of my computers.
http://www.comodo.com/

I'd like to add that that's probably not true nowadays. Comodo firewall used to be the best free software firewall on the market, but just like ZoneAlarm, AVG, and scads of other free security software out there they let their success go to their heads.

The latest revision of Comodo Personal Firewall (V3, I think) was a shambolic mess that refused point blank to remember firewall settings, hogged resources like a fat kid at a cake table, and was singlehandedly responsible for my last system format/reinstall.

Basically, on an automatic update of itself, the firewall decided that a certain file was a danger to my system and decided to forever deny it access to my OS. The problem was that this file was a core Windows file that rendered the machine unusable. Couldn't connect to the 'net, couldn't open Explorer windows, couldn't access the Start menu. I located the file being blocked in Comodo and attempted to unblock it, but it refused to. Couldn't run any Control Panel applet, couldn't uninstall Comodo, couldn't even bring up the Task Manager or kill processes.

And to make things worse, I couldn't even boot into Safe Mode to fix this. Comp was essentially bricked until I could wipe and reinstall. Thankfully, this is why I never keep anything important on the main Windows partition. Still had to reinstall WoW though.

Comodo might have improved back to the standard it once was held at, but pretty much anything that kills a computer in such a blunder is instantly blacklisted to me. Would never use another Comodo product again. A--.

[LavCat]

...
The three most important things you can do (and they don't slow down your computer) are:
1. Change your DNS server to OpenDNS. Doing this redirects any "evil" sites to a warning page.
https://www.opendns.com/smb/start

This was easy, just replace your DNS servers in the TCP/IP config menu.

I had no Internet service when I got up today. My ISP is Comcast. It looked like a DNS problem to me, so I decided to try the OpenDNS servers instead of Comcast's. Not only am I back on the Internet, but pages load remarkably faster.

I still am a little paranoid about OpenDNS because I don't see any source of funding. It must cost something to operate those servers. What better way to track Internet use than to know all URL's someone has visited?

[swirly]

I still am a little paranoid about OpenDNS because I don't see any source of funding.

Here is one source of revenue if it helps.

OpenDNS earns a portion of its revenue by resolving a domain name to an OpenDNS server when the name is not otherwise defined in DNS. This has the effect that if a user types a nonexistent name in a URL in a web browser, the user sees an OpenDNS search page. Advertisers pay OpenDNS to have advertisements for their sites on this page.

[LavCat]

Here is one source of revenue if it helps.

Yes, that does help, thanks.

[Ynir]

An advanced approach to keylogger detection:http://www.mmo-champion.com/index.php?topic=53190.0

I haven't done any of this, just posting for the record.
_________________________________________________________

Magekíd's guide: How to CLEAN your PC from keyloggers.

Hi all, this guide will help you on how to clean your pc from keyloggers.
Please take a look.

Screenshots have now been added!!!
Please also take a look at the Unofficial Helper's Forum (with IRC!)
> http://forum.anayra.info/ < (Thanks to Anayra for running this!)

First of all, a note: Hijackthis is a tool, used for finding infections in your computer. Please note: THIS IS NOT A SCANNER. It shows both malicous rules, but also LEGIT rules. Do not fix rules in Hijackthis yourself!
You can find a list of forums that are qualified to look at your Hijackthis log here: http://asap.maddoktor2.com
In addition, here's a list of forums where you can post your hijackthis logfile. – If you know any others, please let me know in a comment/reply!
Dutch/Belgium:
www.hijackthis.nl/forum
www.minatica.be/forum.php
http://www.antispywareoffensief.nl/forum/

English:
http://www.spywareinfoforum.com/
http://forums.techguy.org/
http://www.techsupportforum.com/


Before posting a Hijackthis log, please do the following steps upfront. I know this is alot of work, but that way most malware is already deleted and your logfile can be looked at faster.
Please remember: Follow ALL steps, including step 7

Note: Vista Users must run installations and the downloaded programs as Administrator. You can do this by right-clicking the program and select Run as Administrator (The screenshot shows it for Hijackthis, You must use this for every program we use here)
http://img408.imageshack.us/img408/6665/guide1bb5.jpg <-- Screenshot

1. Download ATF Cleaner here: http://www.atribune.org/ccount/click.php?id=1 - and save it somewhere (Desktop for example)

- Start ATF Cleaner and check everything except "Prefetch" at the tab "Main". Then press "Empty Selected"
http://img510.imageshack.us/img510/5641/guide2xo7.jpg <-- screenshot

- If you use Firefox as your browser, go to the Firefox tab and check everything except "Firefox Saved passwords". Then press "Empty Selected"
http://img220.imageshack.us/img220/9761/guide2qu7.jpg <-- Screenshot

- If you use Opera as your browser, go to the Opera tab and check everything except "Saved Passwords". Then press Empty Selected.

2. Download Ad-aware 2008 Free here: http://www.download.com/Ad-Aware-2008/3000...cdlPid=10903602 - and install it. If you get an license note during the installation, press Use Free After the installation, start Ad-Aware and press Update.
http://img67.imageshack.us/img67/3198/guide3po0.jpg <-- screenshot
When Ad-Aware is finished updating, press Scan and do a Full system scan
When the scanning is completed, You'll see two tabs with infected objects. The first tab contains Critical Objects and the second tab Privacy Objects Check everything at both tabs and press Remove At the top of both tabs you see a number which says the amount of infections found. Please wait until both numbers say "0" and then press Complete.
http://img90.imageshack.us/img90/2029/guide4pg7.jpg <-- screenshot
Close Ad-Aware

3. Download Spybot Search & Destroy here: http://www.safer-networking.org/en/mirrors/index.html - and install it. During the installation, uncheck "Use Internet Explorer protection (SDHelper)" and "Use system settings Protection (TeaTimer)"

When the installation is completed, start Spybot S&D and press OK at the notice you get about Ad-Aware. It may also notify you about deleting temporary files. Just select yes Follow the Wizard, and when the wizard is done press Update in Spybot. Search for updates, check all available updates and install the updates. After that press the Immunize tab and Immunize your system. When the Immunization is done, press the Search & Destroy tab and start scanning your computer.
http://img520.imageshack.us/img520/7301/guide5br0.jpg <-- screenshot

When Spybot S&D is done scanning. Check all found objects and press Fix Selected Problems.
If Spybot S&D cannot delete all found objects, it will ask if it can scan at the next reboot to fix the problems. Press Yes.
http://img70.imageshack.us/img70/439/guide6uc1.gif <-- screenshot
Now close Spybot S&D.

4. Download MBAM (MalwareBytes' Anti-Malware) here: http://www.besttechie.net/tools/mbam-setup.exe - and install it. Make sure that at the end of the installation, Update MalwareBytes' Anti-Malware and Start MalwareBytes' Anti-Malware is checked.
http://img218.imageshack.us/img218/9350/guide7bi9.jpg <-- screenshot
When MBAM is started. Go to the Scanner tab and do a Full scan
http://img512.imageshack.us/img512/9767/guide8iv5.jpg <-- screenshot
Once MBAM is done scanning, press Show Results and make sure all found objects are selected. After that press Remove Selected
http://img255.imageshack.us/img255/5509/guide9sm1.jpg <-- screenshot
When MBAM is done deleting objects a logfile will open. You can close this logfile.
The Logfile will automatically be saved at the Logs tab in MBAM.

If MBAM found objects that can't be deleted, it will ask to reboot your computer. Allow this and restart your computer.

4. If you didn't restart your computer after running MBAM, restart it now anyway.

5. Do a full system scan with your virusscanner and remove all found infections.
If you do not have a virusscanner, you can scan online with one of these scanners. (Use Internet Explorer to scan)

BitDefender: http://www.bitdefender.com/scan8/ie.html
Panda: http://www.pandasoftware.com/activescan/co...n_principal.htm
Kaspersky: http://www.kaspersky.nl/scanner

Remove all infections found.

6. Restart your computer.

7. Download Hijackthis here: http://download.bleepingcomputer.com/hijac.../HJTInstall.exe - and install it. After the installation Hijackthis will open. Press Do a systemscan and save a logfile.
http://img165.imageshack.us/img165/4533/guide10pz1.jpg <-- screenshot
A notepad file will open. In the Notepad file, press CTRL + A to select everything, CTRL + C to Copy everything. Then press CTRL + V in a new topic at the forum you want to post the log.

Also paste the MBAM log on the forum you place the Hijackthis logfile.


Many thanks for reading, if you have questions or problems, please ask Smiley

Also: Please note: Doing this all, is NOT A GUARANTEE your computer is not infected. There is no scanner that has a 100% detection rate.

- Magekid

And yes, it has been done with success, as you can see here: (http://forums.wow-europe.com/thread.html...2401&sid=1 ) (which has been green + blue tagged). It is also in the list of useful guides (by blue panda's ^^) here: (http://forums.wow-europe.com/thread.html...0766&sid=1)
And for those who don't trust it, WoW EU forums --> Ingame customer support --> Sticky: [Guides] Our collection of How To Guides Smiley)

[charlesedwin]

Hello
Thanks for this Suggestion.Now i am share this comments in many forum because this good for learning..
Thanks..

[LavCat]

Hello
Thanks for this Suggestion.Now i am share this comments in many forum because this good for learning..
Thanks..

There must be a good way to get rid of this kind of stuff. The only other forum on which I participate is head-fi.org and I have not seen any spam there ever. The site is ad supported, so I assume they have revenue to pay for the software and hardware needed to keep things running well. (By enlarge the ads are from companies that participate in the forums.) But whatever they do works.

I guess this is on the topic of computer security.

It's also frustrating to see spam represent most of our new content! In the course of a day or week I come up with all sorts of WoW related questions that I could ask about, but I don't want to be the only poster. Has everyone stopped playing WoW, or does everyone else have it all figured out but me?