Results 1 to 7 of 7

Thread: Keeping your system healthy and secure

  1. #1
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber

    Keeping your system healthy and secure

    I figured it was worth writing a quick* & dirty guide on ways to help keep your system clean of spyware & malware, both proactively and reactively...
    (* okay, so not really "quick")


    Proactive System Protection
    This falls into 4 main categories: hardening, patching, firewalling and anti-malware.

    Hardening
    This is the basic principle of making your system "base" settings more secure by disabling services that are not required and removing permissions for existing services for users that do not require them.

    Examples of software which hardens parts of your system automatically are Spybot Search & Destroy's "Immunizing", and Spyware Blaster.
    Thse are tools which the user runs once (or periodically if they get updated) to make certain system changes, they are not a constantly-running process.


    Patching
    When software is written, it has "bugs".
    Some bugs are visible to the user as an application crashing, hanging or corrupting data - others can be so obscure that they are never uncovered.

    Software can also have vulnerabilities.
    A vulnerability can be viewed as a very specific type of bug, but personally I view it as an "oversight" on the part of the programmer.
    Vulnerabilities usually come around because of something the programmer neglected to do, rather than did wrong, a classic example is not checking the length of a chunk of data before putting it into a buffer - the "buffer overflow".

    Sometimes the potential risk of a vulnerability is as trivial as crashing the application, but occasionally a malicious user could insert their own code which is executed and start exposing files or setting up a connection through which the system listens for further instructions.

    When the vulnerabilities are discovered, the author then has to "patch" their code to prevent it being abused - sometimes it is a simple process, but if the module in question is used by hundreds of other components then it can take a long time to get the testing performed to make sure the patch has no side effects.

    Part of Windows Update is dedicated to providing the relevant patches for your system, which is why automatic updates being enabled is important.


    Firewalling
    This is the process of making sure that network traffic is only allowed through if it matches a predefined set of rules.
    Traditionally, firewalls are dedicated network devices (actually glorified routers), but "personal" firewalls have become more and more popular in recent years.
    They have an advantage over network (or "hardware") firewalls - they can look at the actual applications which are trying to establish outbound connections, or set themselves up as a server.

    A hardware firewall generally looks at the ports being used and decides whether to allow the machine as a whole to make the connection.
    This is why worms such as Nimda, Code Red and Blaster had such a massive impact - they use the allowed (standard) ports to communicate with web or SQL servers and take advantage of vulnerabilities in the software.
    (Vulnerabilities that in their cases already had patches available to fix, some for months.)


    Anti-Malware
    Anti-virus software has to be the most well-known flavour of anti-malware product - monitoring running processes and file access on a system for known "signatures" of viruses.

    Depending on who you speak to, trojans, zombies and keyloggers may be considered "viruses", but they don't necessarily have the classic aspects of what makes a virus.
    A virus might be used to deliver such a piece of malware, but equally it could be a maliciously designed website taking advantage of browser vulnerabilities.

    Anti-malware products, rather predictably, are designed to look for specific malware products and alert the user to their presence.

    "Spyware" is a term associated with malware, but is more of a set of products based around the invasion of privacy - uploading your browsing habits to a server, or making "targetted" popup adverts appear on your PC.
    People have tried to get spyware classed as a virus if it installs itself without the user's knowledge and consent - though often the EULA does mention that the product will be installed, and not everyone reads through the whole text.


    Reactive System Cleaning
    This is what happens when you have acquired some kind of nasty that you want to get rid of.

    Exactly what you do to eradicate the unwanted pest depends on the category it falls into - but ideally if your proactive measures are in place and all signatures up to date, this should not be required very often.


    Windows-specific Stuff
    All of the above is very general information applicable in most parts to any OS, not specifically Windows.
    However, Windows is the only OS I use and here follow some recommendations for tools to aid with system health checking Windows.

    For system hardening, Spybot Search & Destroy has an "immunization" section, and the tool Spyware Blaster is dedicated to making adjustments to IE and Mozilla/Firefox browsers to harden them.
    Disabling services that are not required is a good hardening process, but out of the scope of this article as each user may have different requirements - there is no "one size fits all".

    For patching, it is definitely wise to have automatic updates enabled, and periodically check the vendors website for updates or fixes to any software you use (a lot of software now has built-in update checking).

    A personal firewall is a good idea even if you have a router with built-in firewall - I'm not going to make a specific recommendation as my personal experience has only been with a handful, but I strongly recommend that one is used on every machine which has any connectivity with others (through dial-up or LAN).
    (The software sticky in this forum has a list of products recommended by people who frequent here.)

    Anti-malware products: as with personal firewalls you will find different people have different opinions of anti-virus products, so no suggestion from me other than "use one!".
    Spyware Guard - from the author of SpywareBlaster, this is a memory-resident tool which monitors your machine's memory for known spyware products

    For "reactive" system health checking, if you suspect or know you have some pest and want to figure out how to find and kill it, there are a few tools:

    Spybot Search & Destroy has been mentioned a couple of times - definitely worth keeping this up to date and running periodic checks on your system

    HijackThis is not too user-friendly, but a great tool to get an idea of what might be something you want to remove, it can generate a text log of its findings so you can ask others for advice if you think something is suspect

    Autoruns is a tool to give you a complete analysis of what is being launched on your PC every time you log in, complete with description, publisher (if present in the executable) and path

    Process Explorer will show you every process running on your system at that exact time, the parent/child relationship (processes that spawn other processes), even down to individual threads

    Yes, there are other tools available, I have only listed ones I use myself.

    PROACTIVE PROTECTION IS BETTER THAN REACTIVE CLEANING

    Computer security is multi-layered - there is no single solution:
    - harden
    - check for patches regularly
    - use a personal firewall
    - use anti-malware tools (at least anti-virus)


    All the above information is my personal opinion, there will undoubtedly be people who disagree with certain points (hey, this is the Internet after all ), but I hope some of you find it useful.
    Maybe even useful enough to sticky, who knows.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  2. #2
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    will jab mr.Moby-dick with the sticky stick, cos this fine read should be at the top.

    Excellent work old chap.

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Location
    ZA ✈ UK
    Posts
    622
    Thanks
    0
    Thanked
    0 times in 0 posts
    Well written. I'd just like to mention, though, that most DIY hardware firewalls (Smoothwall, etc.) would be set up to prevent any incoming connections, unless you specifically configure ports to allow traffic in. Having this setup has quite easily protected my network from all virsuses that take advantage of unsecured ports (Blaster, etc.).

  4. #4
    Vive le pants! directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5280k
      • Memory:
      • 32GiB ADATA DDR4
      • Storage:
      • Corsair Neutron XT 960GB
      • Graphics card(s):
      • MSI GTX 980 Gaming 4G Twin Frozr 5
      • PSU:
      • Corsair AX860i
      • Case:
      • NZXT H440
      • Operating System:
      • Ubuntu 17.10, Windows 10
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • FIOS
    don't think you're making it quite clear enough how much some of the windows defaults put you at risk - and even if you try and be careful when using IE, you're orders of magnitude safer with a replacement for it

  5. #5
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by eldren
    Well written. I'd just like to mention, though, that most DIY hardware firewalls (Smoothwall, etc.) would be set up to prevent any incoming connections, unless you specifically configure ports to allow traffic in. Having this setup has quite easily protected my network from all virsuses that take advantage of unsecured ports (Blaster, etc.).
    Absolutely, any firewall I would expect to have incoming ports blocked unless explicitly opened or forwarded, the point was that outbound ports generally aren't blocked on firewalls in home setups - it would just cause too many support calls when Joe Average can't even get his new online game to stay connected for more than 30 seconds, wants to chat using ICQ with his mates, or clicks a link with http://www.somesite.com:86/some_folder, for example, and wonders why it doesn't work.


    Quote Originally Posted by directhex
    don't think you're making it quite clear enough how much some of the windows defaults put you at risk - and even if you try and be careful when using IE, you're orders of magnitude safer with a replacement for it
    It wasn't my intention to go into that area or that much depth - I deliberately tried to keep it as general as possible.
    With a personal firewall & AV product you have the tools to prevent or protect you to a huge degree - anything beyone that, in terms of disabling services, changes to permissions, etc. is too situation-specific.
    Plus, I didn't want to sound like Steve Gibson

    Informing users to simply use alternative software when they have unpatched parts of the OS is not my intention either, and I was avoiding making recommendations of specific "full-blown" applications as that way lies danger.

    Windows can be hardened, and users can do more to avoid silly actions that affect their systems, but anyone that is going to that degree already knows all that is in this overview, or is using Linux so is happy with editing config files by hand, using Make files and checking MD5s I would guess

    I'd love to live in a world where everyone knows what PGP is and how to use it, where users aren't logged in as admins (and know why), and where ISPs block inbound TCP ports for their customers unless they requested them opened, for example, but I think that is a pipe-dream.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  6. #6
    F.A.S.T. Butuz's Avatar
    Join Date
    Jul 2003
    Location
    Wales
    Posts
    4,708
    Thanks
    51
    Thanked
    72 times in 59 posts
    • Butuz's system
      • Motherboard:
      • MSI Z77 MPOWER
      • CPU:
      • I7 3770K @ 4.6
      • Memory:
      • 16GB Corsair XMS 1866
      • Storage:
      • Sandisk SSDs
      • Graphics card(s):
      • 3xR9 290
      • PSU:
      • be quiet! Dark Power Pro 10
      • Case:
      • Inwin H Frame
      • Operating System:
      • Windows 7
    Excellent post Paul!!

    Butuz

  7. #7
    Member
    Join Date
    Jul 2004
    Location
    CYMRU
    Posts
    137
    Thanks
    0
    Thanked
    0 times in 0 posts
    Great Paul! Keep up your helpful topics!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •