Ok, to tell you the truth i am pretty bad with all this security stuff.
I just want my single pc running WinXp to super secure.

Right now i got ZoneAlarm and AVG anti - virus installed.
What else do i need to install to completly secure my pc?

Also is there any way i can check if soomeone is connected to my pc at a given time?
Posted on 2004-04-23 00:16:38 by clippy
Please do excuse me if I say anything which seems obvious to you/etc as I'm not really sure what all you have tried but here are some things you should do to improve security under WindowsXP

1: Run under a firewall, so ZoneAlarm works there (it buggers out a lot for me though--halts ALL networking after it has been running too long, but that's certainly better than letting ALL networking through after it's been running too long;))
2: Disable ALL unnecessary servers. WindowsXP has a LOT of these enabled by default. Start-->Control Panel-->Performance and Maintenance-->Administrative Tools-->Services. Look under each one and READ the comments most importantly. If unsure if you need a particular service, please do a google search on it to determine. Many of them are, however, self-explanatory that you do not need them and can immidiately disable them:) (Messenger, for example)
3: Use any other web browser EXCEPT for Internet Explorer, mainly because Internet Explorer is what most people use and, hence, will have the MOST people trying to find exploits/exploit it.
4: Do NOT use ActiveX or JavaScript (Disable them in your browser) unless you are absolutely without a doubt certain the website is safe and it requires them.
5: Boycott Internet-Explorer-only websites, unless it is absolutely necessary (and you cannot get what you need) from ANY OTHER website. For one, if they are Internet-Explorer-only it is a sure clue they are amateur web developers, and I mean the most amateur---which also means their servers are probably not that secure and probably run IIS....and which also means they probably generate all of their HTML code using something like FrontPage. In short, they are a HUGE vulnerability just waiting to be exploited and happen....plus to then exploit you when you use the required Internet Explorer to visit them.
6: Do NOT under any circumstances run any executables which you do not fully, 100% (or close enough to it) trust. If you don't trust it, don't run it.
7: Virus scan your system from time to time...recommended to have at least two different antivirus products because competing products catch things each other doesn't.
8: Also run multiple adware-ridding programs....again, each usually catches something the other doesn't.
9: If absolutely unsure, remember that you can open up absolutely ANYTHING in a hex editor or pure text editor and it will cause no harm to your system. You may then be able to look around in it...if you see things like blatant foul language/etc, it's probably not anything you'd want to run;)
10: Run your computer behind a LAN firewall. Block all incoming connections from the LAN firewall (hardware firewall)
11: Update ALL software and keep it all up to date
12: NEVER use Microsoft Outlook---far too many exploits for it
13: Don't download ANYTHING you receive via email---use it for text-only and, in fact, is better if you can use a text-only email reader client, but that is not always possible. (If you can use pine, for example, that's PERFECT)

To find out if someone is on your computer, look at the ZoneAlarm logs;) You should notice outgoing connections from some of your TCP and UDP connections to places they shouldn't be going. Can also do netstat -an in a console and look at the output to see if anyone is trying to break in.

I hope this was helpful? I apologize if it was too remedial:o
Posted on 2004-04-23 01:31:54 by ShortCoder
Get a secure firewall infront of you windows box. This could be a BSD or Linux machine that drops all traffic you're not explicitly letting through, or it could be a hardware firewall (a standard cable or DSL router with NAT and no default pass-through would serve fine for this purpose)
Posted on 2004-04-23 02:43:55 by f0dder
ZoneAlarm is awful. Like f0dder mentioned, get a hardware or external firewall.
Posted on 2004-04-23 17:46:25 by iblis
In what sence do you want to protect your pc?

1) if from access from other through a remote connection, then yes an external firewall.
2) if from viruses that access your files and corrupt them then there is an other example that i use here in
the icafe i work in. DeepFreeze your windows files. Keep a unfrozen zone to allow file saves and scan it every now and then with trendmicro housecall. (free on-line scanner).
DeepFreeze @ hxxp://www.deepfreezeusa.com
TrendMicro HouseCall hxxp://housecall.trendmicro.com

3) if your consirn it ppl that damage your pc's file struct and files then i recommend deepfreeze. Check it out.
Posted on 2004-04-23 18:12:18 by Black iCE
Use any other web browser EXCEPT for Internet Explorer

i use firefox :)

ZoneAlarm is awful

Whats so bad about it?

blackIce,
How does DeepFreeze work. Their website doesnt seem to have much info.
Is it that you deep freeze a few files and they become immutable or something? then how do u install new programs and stuff.
I really cant understand DeepFreeze.
Posted on 2004-04-24 00:40:22 by clippy
Ok, this is my summary about deepfreeze. (lots of guessing with logic)

When you power up your pc and start loading windows it loads a virtual image of the file structure of your disk - sort of like VCD, but does not store it in an image. Rather it logs the changes that has occured withing it's own tmp file {very small, about 512 kb}.

So what i have done here in the icafe is loaded it to prevent me ghosting 4 to 5 pc a day!!! What we have is the standard edition, the professional edition allows you to allocate a dir or such so that permanent changes can occur within your files in that directory.

So what i have done on our staff pc is partition the drive into 3 partitions, namley Windows XP file system, My Documents {Using tweak to redirect the default path from c: to d:} and a share for the other pc's in e:. {other pc's also tweaked so that their My Documents are redirected to the share on the staff pc}.

During DeepFreeze installation you can specify wich drives your want deepfreeze to be active on. When you want to update files upon an frozen parition you deactivate deepfreeze with your password and then restart your pc. Then a normal windows load is preformed and all drives allocated by deepfreeze are in an unfrozen state. Pretty neat!! Esp if ppl keep on modifying the contents of the disk and download e-mails with viruses in them - just hit reset and all that is gone!!!!!!!!

So your boot partition {STD EDITION}, can say have deepfreeze on it and then you install all your apps there and freeze it. Leave the second partition uninstalled/not configured by deepfreeze and you can make saves to that disk {just like our staff pc}.

So if a virus hits your pc, then at least your original configuration in the frozen partition remains unchanged. I preform a nightly scan upon the shares for viruses from downloads.

ALSO very nice if you need to test some BETA's and find out that your system's file structure in windows has become unstable due to installation cahnges.... and the uninstaller fail!! Hence testing before making perminant.

OOPS, how it works VxD... image file struct and then some serious redirection with windows disk writes. Anyway it will prevent ppl doing any perminant damage to your pc, some1 getting into the system can do what they want - i have formatted a HDD in Deepfreeze b4 and hit reset... works like a charm!

OH btw, just try the trial version - for at least one reboot and then u'll fully understand

Kindly,
Black iCE
Posted on 2004-04-24 02:04:14 by Black iCE
well, this seems to be ok for cyber cafes and stuff where a lot of people are downloading a lot of useless data which they wont use again.

But in the case of a single user like me, that would mean having to restart my pc every time i want to install a new program or even when i download a new file, so that i can turn deepfreeze off.

So your boot partition {STD EDITION}, can say have deepfreeze on it and then you install all your apps there and freeze it. Leave the second partition uninstalled/not configured by deepfreeze and you can make saves to that disk {just like our staff pc}.

If someone break into my comp , i will be more worried about saving my work than t he installation of windows which is still recoverable if something gets screwed up, but my work if lost is just lost.
So that would mean havin'g to deepfreeze all my files which would mean that i work on something , save it and hey its not there on restart ;)

So basically how would it be useful on a single user pc used for development work?
Posted on 2004-04-25 08:52:34 by clippy
Question Clippy? Do you make regualr backups of your work. I am at the internet cafe, and i write all my files to RW-CD or use a USB flash drive. Anyway, the most secure connection that i know of is encrypted (if sensitive), compressed (just add that one with encryption... ace uses xor... i think secure enough) and in your pocket.

But on the lighter side of things... why so consirned??? Hide the disk - i've never gain acess to a pc through a remote connection. (unlist it in windows). Better yet, try and see if you can VM your machine with a linux to act as the firewall then. (i am trying to think low budget).

Partition... other tricks. But just know if some1 whants to get in they eventually will. Just unplug your cabel from your pc. try break that. but then your consirn is with while your on the net. i really doupt that some1 will try to get in and just stuff up your pc. look it takes some skill... if you look at the lists above you'll gotta ask yourself can you break into other's pcs. i can't. So why would some *big shot ha**er* try and get your asm code etc. etc.

Also, watch out the sites you vist. Online-banking, anything todo with cash would be where your most likely culprits will be.

So, you take the above lists and then combine them - modify them - to suit your needs. Also use common sence... if some1 is scanning me right now well let then scan, i have nothin of value to them.

Sorry, one more note. If "they" do gain acess to your pc, "the'll" most probally leave somthing to make the next break esaier etc.etc. Windows Partition most probally. Reboot - bye,bye changes... (thank you deepfreeze)

Cheers
Black iCE
Posted on 2004-04-26 23:55:51 by Black iCE
set up another computer with smothwall on it
and let the moorons out there beat there
heads on that fire wall

forget about doing it with just swiss cheez box
you'll be like a dog chsing it's tail trying to close
all the holes and new holes in windblows

at the veary least STOP useing internet exploiter
Posted on 2004-04-28 14:58:23 by rob.rice

In what sence do you want to protect your pc?

1) if from access from other through a remote connection, then yes an external firewall.
2) if from viruses that access your files and corrupt them then there is an other example that i use here in
? ? ? ?the icafe i work in. DeepFreeze your windows files. Keep a unfrozen zone to allow file saves and scan it every now and then with trendmicro housecall. (free on-line scanner).
DeepFreeze @ hxxp://www.deepfreezeusa.com
TrendMicro HouseCall hxxp://housecall.trendmicro.com

3) if your consirn it ppl that damage your pc's file struct and files then i recommend deepfreeze. Check it out.


jajajaja, Deep Freeze is no more safe, a con-patriot from Argentina find out a way to bypass deep freeze with a debugger, the only problem is that you have to use a debugger to disable deep freeze. At least that was that way, until i make my little program called "DeepUnfreezer" juaz, it works on any winxp,nt,2000,2003, is fully made in asm, and is very handy. If someone interested in get it i can negotiate, not money but interesting source code, best offert get the deepunfreezer..., or u can assemble your own, is very easy...
Posted on 2005-08-09 19:05:21 by mauricioprado
100% foolproof way to secure your pc from remote attacks from the inet...

get a pair of scissors
locate the cable connecting your pc to the internet
*snip*
sorted
locate keyboard cable
*snip*
locate mouse cable
*snip*

and if you have a wireless connection, mouse, or keyboard replace scissors with hammer and *snip* with *thump*

:D
Posted on 2005-08-09 20:38:51 by evlncrn8
Funny nobody mentioned before ... I use win32 asm to secure my windows box :)
During the time I wrote some tools for my own security:
- Syscheck: walks through the windows and system32 directory, md5'ing all exe/dll files and giving detailled list on missing files / changed files / new files
? I run it from time to time to see what windows update is doing ...
- SecDel: tool to securely delete files (overwriting with random data for 10 times). Parameter are given through cmd line, so the link on my desktop
to secdel.exe can be dragged-dropped on.
- PackIt: can pack whole directories (with subfolders) to a single output file, crypted if needed, but no compression.
? SecDel used on the packed files afterwards, additional Actions: FileUpload / FileDownload of the "pack"...
- network sniffer that checks on private data (from the registry)... gives notifications i.e. if my name or Windows Id is sent through network adapter...
? so I can see if crappy programs try to move stuff out, uncrypted ...
- ProcessChecker: this dll loads itself to every process it can via remote process execution, windows hooking...
? locates the started module in the process environment to extract infos from memory like pe stuff, the sections ...
? Crypted executables mostly decrypt themselves when starting up, so my program gives me data about the uncrypted code...
? the details are sent to a second system that runs my personal dos-like "network console", which prints out all stuff the analyzing programs on my
? system want me to see.

Besides I also use others' tools, sometimes even tools like AntiVir or Sygate Firewall.
AntiVir is a whole lot of crap, slowing any machine down even more than a virus would do, but it keeps your harddrive clean from those nothing-special-but-still-there viruses that spread all over the internet today. For example if browsing I switch it on in order to avoid virus infection through java.
Those "personal firewalls" do bring some buffer-overflows which mean new holes but can do pretty nice things that I am not capable of when writing own security asm codes.
(like os masquerading, intrusion detection, portscan detection (giving random results), preventing windows service exploitations...)

Well, actually I started working myself into linux, because this is what makes you really able to secure your system.
Linux is not the world neither pc's last resort, but as you get deeper and deeper into windows, you can see how crappy software is shipped today.
That is what makes me think we are in high need of good, quality win32 codes. So what are you waiting for ...

Dominik
Posted on 2005-08-10 01:49:53 by Dom
Most of the useful stuff has already been said, if you use cable, use a router that has both a hardware firewall and NAT and nothing gets in that way. The next problem is what you load in with your browser or email client. The real trick is to set the machine up garranteed squeeky clean and make a disk image with Ghost or Acronis True Image so if the box gets trashed, you can fix it in 5 minutes.

Exercise real caution trusting AV software, even the best stuff cannot catch all of the new stuff coming in so you must exercise the normal discipline of not allowing anything to run automatically and don't allow your browser to do anyting that you don't authorise. NEVER open or run a file that you don't know for sure is safe and if you get targeted with a lot of email, test it at the email server first and if it does not part its hair the right way, delete it before it ever gets to your box.

Between the disk image and a lot of caution, you are hard to attack that way.
Posted on 2005-08-10 04:26:39 by hutch--
If you have an old computer lying around, one thing you could do is to install two network adapters to it and then install M0n0wall. M0n0wall is pretty nice firewall based on FreeBSD and it's hardware requirements are very small. You can get M0n0wall from http://m0n0.ch/wall/ ... I'm using the latest beta version without problems.
Posted on 2005-08-12 12:13:53 by SamiP
Remember that a dedicated PC firewall/router will draw more current than a "hardware firewall" - could show up on your electricity bill.

For antivirus, Kaspersky is the best I've seen yet. Still open to other suggestions, but it's a nice product. XP SP2 firewall in addition to the hardware firewall is nice too, since you can trap outbound connections. And while you're at it, do your daily work from a non-administrator account.
Posted on 2005-08-14 08:24:42 by f0dder