Someone wrote this but who was it again ???


D

dude

Suggestions on what you can do to secure/clean your PC.
I'm going to try
and be general, I will assume a "Windows" operating
system is what is
being secured here.


UPDATES and PATCHES
-------------------

This one is the most obvious. There is no perfect
product and any company
worth their salt will try to meet/exceed the needs of
their customers and
fix any problems they find along the way. I am not going
to say Microsoft
is the best company in the world about this but they do
have an option
available for you to use to keep your machine updated and
patched from
the problems and vulnerabilities (as well as product
improvements in some
cases) - and it's free to you.

Windows Update
http://windowsupdate.microsoft.com/

Go there and scan your machine for updates. Always get
the critical ones as
you see them. Write down the KB###### or Q###### you see
when selecting the
updates and if you have trouble over the next few days,
go into your control
panel (Add/Remove Programs), match up the latest numbers
you downloaded
recently (since you started noticing an issue) and
uninstall them. If there
was more than one (usually is), install them back one by
one - with a few
hours of use in between, to see if the problem returns.
Yes - the process
is not perfect (updating) and can cause trouble like I
mentioned - but as
you can see, the solution isn't that bad - and is MUCH
better than the
alternatives. (SASSER/BLASTER were SO preventable with
just this step!)

Windows is not the only product you likely have on your
PC. The
manufacturers of the other products usually have updates
as well. New
versions of almost everything come out all the time -
some are free, some
are pay - some you can only download if you are
registered - but it is best
to check. Just go to their web pages and look under
their support and
download sections.

You also have hardware on your machine that requires
drivers to interface
with the operating system. You have a video card that
allows you to see on
your screen, a sound card that allows you to hear your
PCs sound output and
so on. Visit those manufacturer web sites for the latest
downloadable
drivers for your hardware/operating system. Always (IMO)
get the
manufacturers hardware driver over any Microsoft offers.
On the Windows
Update site I mentioned earlier, I suggest NOT getting
their hardware
drivers - no matter how tempting.

Have I mentioned that Microsoft has some stuff to help
secure your computer
available to the end-user for free? This seems as good
of a time as any.
They have a CD you can order (it's free) that contain all
of the Windows
patches through October 2003 and some trial products as
well that they
released in February 2004. Yeah - it's a little behind
now, but it's better
than nothing (and used in coordination with the
information in this post,
well worth the purchase price..)

Order the Windows Security Update CD
http://www.microsoft.com/security/protect/cd/order.asp

They also have a bunch of suggestions, some similar to
these, on how to
better protect your Windows system:

Protect your PC
http://www.microsoft.com/security/protect/


FIREWALL
--------

Let's say you are up-to-date on the OS (operating system)
and you have
Windows XP.. You should at least turn on the built in
firewall. That will
do a lot to "hide" you from the random bad things flying
around the
Internet. Things like Sasser/Blaster enjoy just sitting
out there in
Cyberspace looking for an unprotected Windows Operating
System and jumping
on it, doing great damage in the process and then using
that Unprotected OS
to continue its dirty work of infecting others. If you
have the Windows XP
ICF turned on - default configuration - then they cannot
see you! Think of
it as Internet Stealth Mode at this point. It has other
advantages, like
actually locking the doors you didn't even (likely) know
you had. Doing
this is simple, the instructions you need to use your
built in Windows XP
firewall can be found here:

http://support.microsoft.com/?kbid=320855

If you read through that and look through the pages that
are linked from it
at the bottom of that page - I think you should have a
firm grasp on the
basics of the Windows XP Firewall as it is today.

But let's say you DON'T have Windows XP - you have some
other OS like
Windows 95, 98, 98SE, ME, NT, 2000. Well, you don't have
the nifty built in
firewall. My suggestion - upgrade. My next suggestion -
look through your
options. There are lots of free and pay firewalls out
there for home users.
Yes - you will have to decide on your own which to get.
Yes, you will have
to learn (oh no!) to use these firewalls and configure
them so they don't
interfere with what you want to do while continuing to
provide the security
you desire. It's just like anything else you want to
protect - you have to
do something to protect it. Here are some suggested
applications. A lot of
people tout "ZoneAlarm" as being the best alternative to
just using the
Windows XP ICF, but truthfully - any of these
alternatives are much better
than the Windows XP ICF at what they do - because that is
ALL they do.

ZoneAlarm (Free and up)
http://www.zonelabs.com/store/content/company/products/zna
lm/freeDownload.jsp

Kerio Personal Firewall (KPF) (Free and up)
http://www.kerio.com/kpf_download.html

Outpost Firewall from Agnitum (Free and up)
http://www.agnitum.com/download/

MY FAVORITE RIGHT HERE BELOW ( PRO )
Sygate Personal Firewall (Free and up)
http://smb.sygate.com/buy/download_buy.htm

Symantec's Norton Personal Firewall (~$25 and up)
http://www.symantec.com/sabu/nis/npf/

BlackICE PC Protection ($39.95 and up)
http://blackice.iss.net/

Tiny Personal Firewall (~$49.00 and up)
http://www.tinysoftware.com/

That list is not complete, but they are good firewall
options, every one of
them. Visit the web pages, read up, ask around if you
like - make a
decision and go with some firewall, any firewall. Also,
maintain it.
Sometimes new holes are discovered in even the best of
these products and
patches are released from the company to remedy this
problem. However, if
you don't get the patches (check the manufacturer web
page on occasion),
then you may never know you have the problem and/or are
being used through
this weakness. Also, don't stack these things. Running
more than one
firewall will not make you safer - it would likely (in
fact) negate some
protection you gleamed from one or the other firewalls
you ran together.


ANTIVIRUS SOFTWARE
------------------

That's not all. That's one facet of a secure PC, but
firewalls don't do
everything. I saw one idiot posting on a newsgroup
that "they had
never had a virus and they never run any anti-virus
software. Yep - I used
to believe that way too - viruses were something everyone
else seemed to
get, were they just stupid? And for the average joe-user
who is careful,
uses their one-three family computers carefully, never
opening unknown
attachments, always visiting the same family safe web
sites, never
installing anything that did not come with their
computer - maybe, just
maybe they will never witness a virus. I, however, am a
Network Systems
Administrator. I see that AntiVirus software is an
absolute necessity. You
can be as careful as you want - will the next person be
as careful? Will
someone send you unknowingly the email that erases all
the pictures of your
child/childhood? Possibly - why take the chance? ALWAYS
RUN ANTIVIRUS
SOFTWARE and KEEP IT UP TO DATE! Antivirus software
comes in so many
flavors, it's like walking into a Jelly Belly store -
which one tastes like
what?! Well, here are a few choices for you. Some of
these are free (isn't
that nice?) and some are not. Is one better than the
other - MAYBE. I
personally love Symantec AV.

Symantec (Norton) AntiVirus (~$11 and up)
http://www.symantec.com/

Kaspersky Anti-Virus (~$49.95 and up)
http://www.kaspersky.com/products.html

Panda Antivirus Titanium (~$39.95 and up)
http://www.pandasoftware.com/
(Free Online Scanner:
http://www.pandasoftware.com/activescan/)

AVG 6.0 Anti-Virus System (Free and up)
http://www.grisoft.com/

McAfee VirusScan (~$11 and up)
http://www.mcafee.com/

AntiVir (Free and up)
http://www.free-av.com/

avast! 4 (Free and up)
http://www.avast.com/

Trend Micro (~$49.95 and up)
http://www.trendmicro.com/
(Free Online Scanner:

http://housecall.trendmicro.com/housecall/start_corp.asp)

Did I mention you have to not only install this software,
but also keep it
updated? You do. Some of them (most) have automatic
services to help you
do this - I mean, it's not your job to keep up with the
half-dozen or more
new threats that come out daily, is it? Be sure to keep
whichever one you
choose up to date!


SPYWARE/ADWARE/POPUPS
---------------------

So you must be thinking that the above two things got
your back now - you
are covered, safe and secure in your little fox hole.
Wrong! There are
more bad guys out there. There are annoyances out there
you can get without
trying. Your normal web surfing, maybe a wrong click on
a web page, maybe
just a momentary lack of judgment by installing some
software packages
without doing the research.. And all of a sudden your
screen starts filling
up with advertisements or your Internet seems much slower
or your home page
won't stay what you set it and goes someplace unfamiliar
to you. This is
spyware. There are a whole SLEW of software packages out
there to get rid
of this crud and help prevent reinfection. Some of the
products already
mentioned might even have branched out into this arena.
However, there are
a few applications that seem to be the best at what they
do, which is
eradicating and immunizing your system from this crap.
Strangely, the best
products I have found in this category ARE generally
free. That is a trend
I like. I make donations to some of them, they deserve
it!

Spybot Search and Destroy (Free!)
http://www.safer-networking.net/

Lavasoft AdAware (Free and up)
http://www.lavasoft.de

CWSShredder (Free!)
http://www.spywareinfo.com/~merijn/downloads.html

Hijack This! (Free)
http://mjc1.com/mirror/hjt/

SpywareBlaster (Free!)
http://www.javacoolsoftware.com/

ToolbarCop (Free!)
http://www.mvps.org/sramesh2k/toolbarcop.htm

Bazooka Adware and Spyware Scanner (Free!)
http://kephyr.sureshot.xaviermedia.net/spywarescanner/

Browser Security Tests
http://www.jasons-toolbox.com/BrowserSecurity/

The Cleaner (49.95 and up)
http://www.moosoft.com/

That will clean up your machine of the spyware, given
that you download and
install several of them, update them regularly and scan
with them when you
update. Some (like SpywareBlaster and SpyBot Search and
Destroy) have
immunization features that will help you prevent your PC
from being
infected. Use these features!

Unfortunately, although that will lessen your popups on
the Internet/while
you are online, it won't eliminate them. I have looked
at a lot of options,
seen a lot of them used in production with people who
seem to attract popups
like a plague, and I only have one suggestion that end up
serving double
duty (search engine and popup stopper in one):

The Google Toolbar (Free!)
http://toolbar.google.com/

Yeah - it adds a bar to your Internet Explorer - but its
a useful one. You
can search from there anytime with one of the best search
engines on the
planet (IMO.) And the fact it stops most popups - wow -
BONUS! If you
don't like that suggestion, then I am just going to say
you go to
www.google.com and search for other options.

One more suggestion, although I will suggest this in a
way later, is to
disable your Windows Messenger service. This service is
not used frequently
(if at all) by the normal home user and in cooperation
with a good firewall,
is generally unnecessary. Microsoft has instructions on
how to do this for
Windows XP here:
http://www.microsoft.com/windowsxp/pro/using/howto/communi
cate/stopspam.asp


SPAM EMAIL/JUNK MAIL
--------------------

This one can get annoying, just like the rest. You get
50 emails in one
sitting and 2 of them you wanted. NICE! (Not.) What can
you do? Well,
although there are services out there to help you, some
email
servers/services that actually do lower your spam with
features built into
their servers - I still like the methods that let you be
the end-decision
maker on what is spam and what isn't. If these things
worked perfectly, we
wouldn't need people and then there would be no spam
anyway - vicious
circle, eh? Anyway - I have two products to suggest to
you, look at them
and see if either of them suite your needs. Again, if
they don't, Google is
free and available for your perusal.

SpamBayes (Free!)
http://spambayes.sourceforge.net/

Spamihilator (Free!)
http://www.spamihilator.com/

As I said, those are not your only options, but are
reliable ones I have
seen function for hundreds+ people.


DISABLE UNUSED SERVICE/STARTUP APPS
-----------------------------------

I might get arguments on putting this one here, but it's
my spill. There are
lots of services on your PC that are probably turned on
by default you don't
use. Why have them on? Check out these web pages to see
what all of the
services you might find on your computer are and set them
according to your
personal needs. Yeah - this is another one you have to
work for, but your
computer may speed up and/or be more secure because you
took the time. And
if you document what you do as you do it, next time, it
goes MUCH faster!

Task List Programs

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Black Viper's Service List and Opinions (XP)
http://www.blackviper.com/WinXP/servicecfg.htm

Processes in Windows NT/2000/XP
http://www.reger24.de/prozesse/

There are also applications that AREN'T services that
startup when you start
up the computer/logon. One of the better description on
how to handle these
I have found here:

Startups
http://www.pacs-portal.co.uk/startup_content.php


That's it. A small booklet on how to keep your computer
secure, clean of
scum and more user friendly. I am SURE I missed
something, almost as I am
sure you won't read all of it (anyone for that matter.)
However, I also
know that someone who followed all of the advice above
would also have less
problems with their PC, less problems with viruses, less
problems with spam,
less problems with spyware and better performance than
someone who didn't.

Hope it helps.
 
Ad

Advertisements

S

Shenan Stanley

dude said:
Suggestions on what you can do to secure/clean your PC.
I'm going to try
and be general, I will assume a "Windows" operating
system is what is
being secured here.
<snip>

Why?
Heh
 
S

Shenan Stanley

dude said:
Suggestions on what you can do to secure/clean your PC.
I'm going to try
and be general, I will assume a "Windows" operating
system is what is
being secured here.
<snip>

Shenan said:


It was me, I'll admit to it.

Yeah - it's long. It should probably be a web page and I should post it
like that, but I found that a lot of people are more willing to read it if
it is all laid out like that than they are to click on a web page (at least
some of the "newer" individuals that was truly meant for.)

I've tried to control my posting of that particular "spill", not that my
other ones are much shorter... But it really doesn't have specific tips,
it's even more generalized than most of the ones I post.

I try to check the links in it every so often, make sure they are good.
Pricing too. But I figure if I am off a little on that, no one will fault
me. hah
 
D

dude

Hi ... Okay if its really you can you redirect me to that
post that you wrote to someone and what group was it
under ???
 
S

Shenan Stanley

dude said:
Hi ... Okay if its really you can you redirect me to that
post that you wrote to someone and what group was it
under ???


Originally?

Sure - I wrote it in response to a post by a "Queen Sparkle" in
microsoft.public.security who posted:
(on May 7, 2004 @ 4:13AM)
Mail me at <address removed>
and make my computer secure I am getting bad mails and I
paid good money to not have and they better listen now
because I have had enough and will not put up with it

The response was written by me and posted at 6:01AM and has since been
modified (slightly - for generalities sake as well as some additions in
spyware section) and posted another 12 times I think (by me anyway) in
several different newsgroups.

If you want a more complete listing of my responses with this post:

microsoft.public.windowsxp.security_admin on 5/7/2004 @8:34PM
microsoft.public.windowsxp.help_and_support on 5/8/2004 @ 2:20PM
microsoft.public.windowsxp.security_admin on 5/8/2004 @ 7:11PM
microsoft.public.windowsxp.help_and_support on 5/9/2004 @ 12:54AM
microsoft.public.windowsupdate on 5/9/2004 @ 2:16AM
microsoft.public.windowsxp.basics on 5/9/2004 @ 4:40AM
microsoft.public.windowsxp.general on 5/9/2004 @ 5:30AM
microsoft.public.windowsxp.newusers on 5/9/2004 @ 5:33AM
microsoft.public.windowsxp.newusers on 5/9/2004 @ 8:50AM
microsoft.public.windowsxp.perform_maintain on 5/9/2004 @ 3:39PM
microsoft.public.windowsxp.perform_maintain on 5/9/2004 @ 3:41PM
microsoft.public.windowsxp.general on 5/9/2004 @ 4:11PM

That help? (You can see it changes a little over time..)
 
D

dude

You are right. You are going to get an argument about XP
services.

When I first got XP, in Aug. 02, I read the same thing
about unneeded services. I went to Black Viper's site (A
nice site by the way. He's done a good job.) and read a
lot about what services could be removed. So I did. Big
mistake!

Right now, even after a repair install, I continue to
have problems with several of my services. I can't
install anything that uses Windows Installer and Windows
Update is partially broken. Plus a few more. None of
these are fatal but they are annoying.
And, hard as heck to fix because it's not always clear
what dependency is broken.

The only advice that I would ever give about services is
to put unneeded ones to manual rather than automatic. I
have seen no evidence that on modern machines that
disabling/removing services has any significant impact on
performance. It sounds like it should but I no longer
believe it worthwhile even it improves performance by 10%
(which I don't believe it does).

Nice job on your 'small booklet' for keeping your PC
running well. Now go out and disseminate it to the masses
(less the part on services) and hope they read it.
 
Ad

Advertisements

S

Sadie

Hi,Dude,

Windows Automatic Update depends on BITS-Background
Intelligent Transfer Service.
Black Viper advises caution-in other words,take careful
note of what you are disabling,incase you need to reverse
the procedure if anything "breaks".It is entirely
reversible.Enable each service one by one (til you "fix"
what's failing to start,that you need),and take note of
what is written in Properties under "dependancies" as
this gives a good indication as to whether you're likely
to mess-up a related service.Properties is accessible by
right-clicking on each service as it is listed.Then click
the "dependencies" tab.

Hope that helps.Honestly,I don't think you have caused
any permanent damage.

Sadie
 
D

dude

I will say that her post is a excellence post one of the
best one i ever saw , only thing is i would do with the
services is set them to manually not disable and i am
sure she will agree later when others try out her idea to
disable these services and have the same problems as i am
having ... But all in all GREAT JOB SS
 
S

snooker

finally i been looking all over for this post Shenan ...
very nice job !!! Do you mind if i use it ???
 
S

Shenan Stanley

dude said:
I will say that her post is a excellence post one of the
best one i ever saw , only thing is i would do with the
services is set them to manually not disable and i am
sure she will agree later when others try out her idea to
disable these services and have the same problems as i am
having ... But all in all GREAT JOB SS

him...
=P
 
S

Shenan Stanley

dude said:
I will say that her post is a excellence post one of the
best one I ever saw , only thing is I would do with the
services is set them to manually not disable and I am
sure she will agree later when others try out her idea to
disable these services and have the same problems as I am
having ... But all in all GREAT JOB SS

And I will say I do not disagree with Dude. I should likely add more
cautionary statements around the services and start items disable/manual
settings. Black Viper has done an excellent job at the list he made and
with warnings, but for the uninitiated (and even for the initiated but
enthusiastic) computer user, you can seriously damage your PC, at least for
a moment. After all, who ever really takes the "do this one setting at a
time and wait some time before you try another to make sure everything is
still functioning properly" lines to heart until it is far too late. =)
 
Ad

Advertisements

S

Shenan Stanley

snooker said:
finally i been looking all over for this post Shenan ...
very nice job !!! Do you mind if i use it ???


Snooker,

Feel free. All I ask is if you find anything you think should be added or
that needs to be fixed, you get in touch with me so I too can benefit.
Also, if, like dude, you have any issues with what is there - please tell
me. There is always room for improvement, particularly when it comes to
computer security lately. =)
 
S

Sadie

Dude,I'm sorry and I hope you can excuse the brain fart
of staggering proportions that I experieneced last night!!

Enable cryptographic service for Windows Update!

Sadie
 
D

Drew Cooper [MSFT]

Correct. It needs to be enabled (for pre-XP SP2) to verify signatures and
install catalogs. If WU can't verify a signature, it won't install the
files. Wouldn't want someone spoofing WU and installing malware, after all.
 
Ad

Advertisements

D

dude

Yes, I have done that several times. I have several
C:\Windows\System32\Catroot folders all done in an
attempt to determine if the crytopgraphic services are
working. I believe that they are.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top