|
This White Paper is STRICTLY for Advanced Users Only.
Firewalls - Eraser (Arnold Schwarzenegger)
SYGATE Free Edition I had checked Sygate recently, and it is really working well.
Sygate: http://www.sygate.com/
Mirror: http://www.securitywonks.net/projects/details.php?file=14
Kerio: A nice utility..
Kerio: http://www.kerio.com
In my analysis, I found Sygate to be the most effective tool, while Kerio ranks next, when we Analyse the Firewall Only Products
| Quote: |
| DEFENSIVE SECURITY MEASURE: Whichever Firewall you use, it is always advisable to "Block All known Trojan Ports using your Firewall". |
LEAKTEST is one tool which helps to test the effectiveness of your firewall.
Leaktest: http://www.grc.com/lt/leaktest.htm
Anti-Virus - The ASSASSIN (Sylvester Stallone)
After long trials, I am overriding my old choice (AVG), and recommending Bitdefender to users. Bitdefender is more stable & silent and not too heavy on resources. It can auto-update itself and do all activities silently without any disturbance. Moreover, all these features and strengths are in the free edition itself, while its commercial flavors have much more comprehensive features.
Bitdefender free edition is enough for a normal user. If you are more paranoid and want many more features in addition to these, then there is the pay version.
Bitdefender FREE Edition: http://www.bitdefender.com/bd/site/products.php?p_id=24
Mirror: http://www.securitywonks.net/projects/details.php?file=13
System Security Suites - Star Wars
These come into the scenario when a user expects more a comprehensive and integrated interface to handle all his requirements together. These take few selections as input and work more proactively, protecting the user's computer and all his confidential and private content & communications.
Some of the Important Feature Requirements will be:
1) Advanced Internet Filtering
2) Comprehensive Anti-Virus Protection
3) Stealth Browsing option
4) Instant Messaging Protection
5) Active Content Control
6) Comprehensive E-Mail Protection
7) Full Automated Updation etc
Even though Zone Alarm Security Suite, BitDefender Professional Plus & Symantec Internet Security Suite are some of the better products that are competing with each other, I feel, BitDefender Professional Plus can be more advantageous in this scenario:
Bitdefender Professional Plus: http://www.bitdefender.com/bd/site/products.php?p_id=25
Anti-Trojan Scanners - The Terminator (Arnold Schwarzenegger)
Tauscan & TDS-3 were two unbeatable options in this field of Anti-Trojan Scanners.
Tauscan: http://www.agnitum.com/products/tauscan/
Mirror: http://www.securitywonks.net/projects/details.php?file=19
TDS-3: http://tds.diamondcs.com.au/
Mirror: http://www.securitywonks.net/projects/details.php?file=17
Anti-keyloggers - Specialist (Sylvester Stallone)
Advanced Anti-keylogger is one which can be called a Specialist in the field of Anti-keylogger Softwares
I had tried this long back, and have to check the latest version soon.
Anti-Keylogger: http://www.anti-keyloggers.com/
Advanced Anti Keylogger: http://www.anti-keylogger.net/
Anti-Spyware - Batman
SpywareBlaster: This is one software which not only has a very simple interface but also has some real nice features. This is more a part of a preventive lineup and is a "MUST HAVE" Anti-Spyware Tool.
Spyware Blaster: http://www.javacoolsoftware.com/spywareblaster.html
Mirror: http://www.securitywonks.net/projects/details.php?file=3
AdAware: A nice Anti-Spyware utility, which can be used to Clear Spywares that infect your system.
Adaware: http://www.lavasoftusa.com/software/adaware/
Mirror: http://www.securitywonks.net/projects/details.php?file=24
Spybot: Another Nice Utility, that can be used to Clear Spyware/Adware from your System
Spybot: http://security.kolla.de/ & http://www.spybot.info
Mirror: http://www.securitywonks.net/projects/details.php?file=2
Bazooka Spyware & Adware Scanner: This can be another important Anti-Spyware Scanner in the Secuirty Archive.
Bazooka Spyware & Adware Scanner: http://www.kephyr.com/spywarescanner/
Mirror: http://www.securitywonks.net/projects/details.php?file=7
| Quote: |
| DEFENSIVE SECURITY MEASURE: Immunize your system using Spybot, and Lock your browser's startup page (from being modified by malwares), thus, it becomes one important measure in Preventing the Browser Hijacks. |
Anti-Spam Solutions- Spiderman
There are both Windows & Linux based Anti-spam solutions for both Home as well as corporate users. The selection of the particular Anti-Spam Software application has to be done based on the severity of spam problem, also based on how they define the Anti-Spam Policies in their company or organisation.
WEBMAIL INTERFACE (Useful to Both Linux & Windows Users ):
In the case of Linux, there were Industry Standard Open Source Applications which are basically Server-Wide Solutions, and which are being offered as plugins in some popular IMAP compatible Webmail Applications which allow to define Anti-Spam policies, on a Per E-Mail Account basis by the respective E-mail Account Holder.
POP3 based WINDOWS Anti-Spam Solutions:
In the case of Windows Users, apart from the Server-Wide Solutions, there are Per-System Solutions which fit both Homeuser as well as Small Office Network. These have nice spam filtering engines and, of course, most of these Windows based solutions are Commercial Anti-Spam Solutions.
---------------------------------------------------
ONLINE AV SCANNING ENGINES:
I had checked almost all different AV scanning engines, and finally found these two (highlighted ones) to be the Best of its kind,
PANDA: http://www.pandasoftware.com/activescan
BITDEFENDER: http://www.bitdefender.com/scan/license.php
RAV: http://www.ravantivirus.com/scan/
TREND MICRO: http://housecall.trendmicro.com/housecall/start_corp.asp
McAfee: http://us.mcafee.com/root/mfs/default.asp?cid=9059
Symantec: http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
ONLINE TROJAN SCANNERS:
Some Better Online Trojan Scanners were:
GFI: http://www.trojanscan.com/
Sygate: http://scan.sygate.com/pretrojanscan.html
ONLINE ADWARE/SPYWARE SCANNERS:
Some useful Online SPYWARE/ADWARE SCANNERS were:
Pest Scan: http://www.pestscan.com/
DoxDesk Parasite Check: http://www.doxdesk.com/parasite/
SpywareInfo: http://www.spywareinfo.com/xscan.php
Fixing IM Problems:
To fix you AIM Problems, download AIMFIX tool from the following URL:
http://www.jayloden.com/
Run AIMFIX tool to fix and it will fix most of the AIM problems
----------------------------------------------------
LIST OF TROJAN PORTS :
I am now giving few links to webpages which maintains updated listing of various Trojan ports.
By using this list, you can easily Monitor, Block, and Shutdown all those Ports with the help of Your Firewall to protect your system from these Malicious Trojan Horses.
http://www.blackcode.com/trojans/
http://www.doshelp.com/trojanports.htm
http://www.glocksoft.com/trojan_port.htm
--------------------------------------------------------
ToolBar & POPUP BLOCKER - Universal Soldier (Vandamme)
Usage of external Popup Blocker is Recommended.
When it comes to multi-tasking, my immediate & most preferred choice is nothing other than Google ToolBar. It has its own advantages like site & web search, popup blocker, page rank, etc. These will be really helpful and it has a safer plugin working in conjunction with your browser than many other competing search toobars in the field.
Google toolbar: http://toolbar.google.com/
You can test the popup blocking capabilities of the Google based popup blocker or any other popup blocker (of your choice) using the following Popup Killer test.
Popup Killer Test: http://www.kephyr.com/popupkillertest/index.html
Shoot the messenger - this Utility helps to Disable "Windows Built-in Spam Recieving Messenger Service".
Shoot The Messenger: http://www.grc.com/stm/shootthemessenger.htm
ToolbarCop is one tool which helps to remove Unwanted Toolbar Band, Toolbar Icons & BHO Entries.
ToolbarCop: http://www.securitywonks.net/projects/details.php?file=9
For more info on this tool and to read the How-To manual, visit the following URL:
http://www.mvps.org/sramesh2k/toolbarcop.htm
Privacy - James Bond's The Golden Eye (Pierce Brosnan)
Eraser is One of the BEST and Award Winning Open Source Application in this scenario.
| Quote: |
| DEFENSIVE SECURITY MEASURE: Scheduling the Eraser's inbuilt Scheduler function to periodically (i.e. daily or weekly or anytime according to user choice) Clear files & folders that are in TEMP, Temporary Internet Files, History, Cookies and different other folders, will not enhance privacy & system security, but also minimise the rate of infections and De-Energise the power of malware by deleting some or all of its supporting files. |
Eraser: http://www.heidi.ie/eraser/
Mirror: http://www.securitywonks.net/projects/details.php?file=1
Registry Monitoring Tool:
RegistryProt can be a good option, as RegistryProt is a 100% free, standalone, compact, low-level real time registry monitor and protector, that adds another dimension to Windows security and intrusion detection. By monitoring important locations and keys in the Windows system registry, RegistryProt will alert whenever a key is added or changed, and then give the option of accepting the key change, reverting back to the original key setting, or deleting the key.
Note: This is a "MUST HAVE" Utility in the Security Lineup.
RegistryProt: http://www.diamondcs.com.au/index.php?page=regprot
Mirror: http://www.securitywonks.net/projects/details.php?file=18
System Sherlock Lite : is another useful registry monitoring tool.
System Sherlock Lite: http://www.kephyr.com/systemsherlocklite/index.phtml
Mirror: http://www.securitywonks.net/projects/details.php?file=16
MISCELLANEOUS & VERY USEFUL tools - Superman
It is important to have latest versions of all the following tools in the archive. They come into aid to reduce the impact and to manually remove the malware (when malware is running wild ), with the help of expert's advice.
The following tools have to be used with EXTREME CAUTION and with Expert Advice. If not, there is every chance that your system may become unstable and your OS become unusable. This could ultimately result in reinstallation of the total setup and the loss of valuable software settings & preferences of installations that were already performed on your system.
So only, I repeatedly say, use these tools with expert guidance
HIJACKTHIS - My Favourite Process Analysing Tool
CWSSHREDDER - Cool Web Search Remover Tool taken over by InterMute.
Startuplist - To know info about different startup processes.
Hijack This, CWSHREDDER, STARTUPLIST: http://www.spywareinfo.com/~merijn/
http://www.richardthelionhearted.com/~merijn/
Mirrors: http://www.securitywonks.net/projects/details.php?file=5
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.securitywonks.net/projects/details.php?file=6
KillBox - To Delete the file directly from this tool interface without searching for that file, when we know the file location.
Mirror: http://www.securitywonks.net/projects/details.php?file=11
LspFix - This program attempts to correct Internet connection problems resulting from buggy or improperly-removed Layered Service Provider (LSP) software.
LSPFIX: http://www.cexx.org/lspfix.htm
Mirror: http://www.securitywonks.net/projects/details.php?file=8
APM (Advanced Process manipulation) - This Tool can be helpful to Unregister Dll's or anything related to core system files like Explorer.exe etc, when some malicious code (trojan) attaches and adds its code to the core system files.
APM: http://www.diamondcs.com.au/index.php?page=apm
Mirror: http://www.securitywonks.net/projects/details.php?file=15
File Checker - A tool which will be a great companion to your anti-virus and firewall programs.
File Checker: http://www.javacoolsoftware.com/filechecker.html
Mirror: http://www.securitywonks.net/projects/details.php?file=42
RescueMe - The easy ultra-portable freeware solution to Rescue your PC.
RescueMe: http://www.securitywonks.net/rescueme/
Mirror: http://www.securitywonks.net/projects/details.php?file=26
UBCD for Windows - Port of UBCD (ultimate Boot CD) in Windows.
UBCD for Windows: http://www.ubcd4win.com
Mirror: http://www.securitywonks.net/projects/details.php?file=32
HOSTS FILE:
In most situations, when the spyware is made smart, it will initially edit the HOSTS file, to redirect all Anti-Malware Sites to 127.0.0.1 (Local Loop). This manipulation will help the Malware to Prevent the Scanners from getting updated, and a normal user becomes More Paranoid, when he finds that he is not able to open those sites to call for Support, and Mainly to give the SOS Signal to the Support Staff;)
Here I am giving a HOSTS File (with White List of Security Sites) which is specially made enlisting IP Addresses with its corresponding Domain Name of different Anti-Malware Sites.
| Quote: |
| DEFENSIVE SECURITY MEASURE: Changing HOSTS File's Attributes to "READONLY" (after completion of Editing process or copying the downloaded updated file over the existing one) helps to Prevent Malware's Algorithms from automatically editing the HOSTS file to incorporate links to their Malicious Sites & Sources. |
Since Changing of the Attributes of the HOSTS file to "READ ONLY"is "Not a Set by Default Option in Windows", Most of the Malware gets Prevented from editing the HOSTS file, i.e.,
1)Malware programs cannot drop entries to different malware sites in the HOSTS file.
2)Since Malware programs cannot Block Access to Anti-Malware Sites, Your Scanners can periodically update themselves, thus, when you initiate a scan, they can give a better fight and can remove the malware in a more automated way.
Thus things can be rest assured and anytime you can easily reach your favourite Security helper site or your Anti-Malware Program's site to get help & updated software Definitions to clear all your malware problems, making your system more Resistant to Attacks.
Location of HOSTS file in different WINDOWS Operating Systems were:
Windows XP = C:WINDOWSSYSTEM32DRIVERSETC
Windows 2K = C:WINNTSYSTEM32DRIVERSETC
Win 98ME = C:WINDOWS
This following tool (Anti-Hijack Launch pad) will help do above titbit and will be helpful for much other situations in the process of spyware removal.
Anti-Hijack Launch pad: is one small utility which can Prevent Malicious Codes from blocking access to all Genuine Security Helper & Security Software Vendor Sites by automatically modifying the HOSTS file and tries to block malware from accessing infected & tricky websites.
This utility has a simple and have very user friendly application interface and with just a few keypresses, user can perform different varieties of tasks which aids in the process of Malware Tracing & Removal using this software.
Anti-Hijack Launch Pad: http://www.securitywonks.net/projects/details.php?file=10
Browser:
I don't want to involve and initiate vocal war between greatest IE & Mozilla (descenders) supporters, basically being Netscape & Firefox Fan, and while I presently use Internet Explorer.
IE: http://www.microsoft.com
Mozilla: http://www.mozilla.org
Mirror:
http://www.securitywonks.net/projects/details.php?file=41
Opera: http://www.opera.com
Firefox: http://www.mozilla.org/products/firefox/
Mirror:
http://www.securitywonks.net/projects/details.php?file=23
you can use any of these browsers or, some other browser of your choice, whatever you choose, it is always advisable to deploy ERASER, to take care of cleaning of tracks (periodically), by DELETING all files in TEMP, Temporary internet File, Cookies, History and from all other folders that stores info on User's Browsing Habits.
In case, you want an ANONYMOUS Web Browser that leaves No Trace of Internet Activity on your PC while you're Surfing, in REALTIME! , then you can think of the following utility:
NoTrax: http://www.heidi.ie/notrax/
Mirror:
http://www.securitywonks.net/projects/details.php?file=39
Configuring Your POP3 E-Mail Program:
If you are in the interest of using a POP3 E-Mail Program, then, you have many options.
ThunderBird is one software, which has very nice features and easy interface. Even though, most of the IE users use Microsoft OutLook or Outlook Express, ThunderBird can be a better choice when compared to its competitors.
Then, feature to Scan all Incoming & Outgoing Messages, using your AV scanner (with updated definitions) is a bare requirement.
ThunderBird: http://www.mozilla.org/projects/thunderbird/
Checking Mails using WEBMAIL (IMAP) Interface:
In Most cases, Server-Wide AV Protection is deployed (for IMAP), and due to that 99% of the viruses can be blocked when you select a nice AV software for the task.
Disable the Unwanted and Risky Default's (in Windows):
This is one of the most important issue which is not to be forgotten, and I am listing some points in this regard:
1)Uninstall All Unwanted Software
2)Uninstall all non useful and multiple softwares (duplicating the similar purpose)
this way, when you remove all unwanted softwares that duplicates the purpose, you can reduce all extra load on Physical RAM, and have better system performance. Also, it wil be easy to track malicious things in a more better way.
3)Then, Disable all unwanted default Features in Your Windows OS Installation. This helps in making life more difficult to the intruder while at the same time, making your system more Secure.
4)Disable Auto-Complete (incase of Usernames & Passwords) when you don't require or if the system is used by many users (with the same User Account).
5)It is always Advisable to use the Limited User Account to prevent most themselves and when the OS asks for Admin Rights, you can easily notice and check to confirm and remove the bad things. then, When some administrative task is to be done, you can give admin details and login to clear the problems.
6)In a Stand-Alone system, most of the times, we don't require "File & Printer Sharing", except in very few cases. So Disable that feature when you don't require.
I had just reminded, very few points, and there were much more More Default Settings in any Windows OS Installation waiting to be Disabled, to ultimately See Your System More Secure.
System Configuration Settings for Windows XP (Home & Professional Editions):
http://www.blackviper.com/WinXP/servicecfg.htm
System Configuration Settings for Windows 2000 (Professional & Server Services Configuration 411):
http://www.blackviper.com/WIN2K/servicecfg.htm
Software Updates:
It is a good practice to update your version of Windows, along with browsers and all security-related (as well as General) software programs to prevent and safe-guard your system from malware.
Performing periodic updates will not only enhance your system performance, but also improve its security. As quickly as malware changes, so too must your defenses be updated to keep pace.
-------------
I tried to make this document as Comprehensive as Possible, and I always appreciate all feedback to improve this document and add more useful content finally making this a useful note on Every Desktop to help improve their System Security
Thanks to all our Team Members (VSS, SWC, SFDC & all Others) for their Great Support & Coordination.
Cheers
-----------------------------------------------------------------------------------
Article Details:
Written By: D.Raghu Veer
Created On: 26-04-2004
Last Updated (either Article Content or it's related files) : 17-03-2005
Note:
This article is published and created for http://www.securitywonks.com, otherwise known as SecurityWonks, and is covered by all copyright laws. All articles on this website are copyright © 2004 by Varma Security Systems, All right reserved. Use of these articles is limited to viewing and printing for personal use only. If you would like to use this material or portions of this material for other purposes you must receive explicit permission from Varma Security Systems before reprinting or redistributing this article in any medium.Publishing of this article on this website ( http://www.spiderace.com ) is officially permitted and authorised by the Author and the company Varma Security Systems
|
