Computer Security Guide, how to secure your computer.

[AKosygin]

A chain is as strong as its weakest link.

While I don't think all of us will follow everything that I am about to outline in terms of good "computer security practices", following as many of these as practical to you will help reduce chances of security breaches on this site and to your computer.

When a moderator's, administrator's, or even a regular register user's computer system has been breached, it presents the possibility of affecting this site as it becomes possible that the intruder might install a key logger program or steal cookie login information or the like. Hence "a chain is as strong as its weakest link".

As a fairly experienced system administrator, I have encountered common problems in people's computer setups that can lead to problems which allow "crackers" or black-hats to get in to your system and cause havoc. So please follow some of these computer guidelines to securing your system:

1.) Ensure that when you are connected to the internet, you are behind a firewall. If you have a NAT router (or a switch router, ie linksys internet router) you are safe. You can tell if your network IP address starts with 192.168.x.x or 10.x.x.x or 172.x.x.x. This prevents people from gaining direct connection to your computer freely. If you don't have one or are paranoid, you can always get ZoneAlarm, their free version. The Windows firewall WILL NOT CUT IT! It DOES NOT WORK PROPERLY!

2.) Please ensure you have updated Windows completely and all patches and updates are applied here: http://windowsupdate.microsoft.com

3.) Please ensure you have installed an Anti-Virus program. Like Norton or McAfee. (From experience Norton is the best, but it can be more expensive overall)

4.) Please ensure you do not have adware program that can exploit your system causing more holes, remove them with a program like Lava Soft's Ad-Aware.

5.) The most probematic mistake that I find with people with their comptuer setup is this: ADMINISTRATOR PASSWORDS AND ACCOUNTS! If you are running Windows 2000 or XP, DO NOT LOGIN AS THE ACCOUNT NAMED "ADMINISTRATOR"! Instead create another account with the same privileges! The reason is that the account named "Administrator" is the highest account and should not be used for every day use! Furthermore, the account password MUST be VERY difficult to guess! A lot of worms and viruses know the login name for the Windows Admin account, since it is the same in every system, so it tries to guess the password, and once it guesses it, it can install ANYTHING ON YOUR SYSTEM!
5a.) If you know how, you can minimize the vulnerability surface by renaming your administrator account to something else.
5b.) Set a very hard to guess password with letters, numbers, and symbols that is longer than 6 characters, write it down, and save it with your install disk.
5c.) If you computer automatically logs on the system, make it logon to a different account, or turn that off and logon each time manually.

6.) When using your computer, logon as a regular user (or power user, if you must) and use that. And when you need to install things or need higher access, Hold down the SHIFT key and right click on the icon, then select "Run As..." to enter an administrator's login from there. This will restrict that program to be given administrative power instead of any program that may be run through accidental clicking or worst, triggered when visiting a website or browsing e-mail.

7.) Ensure your passwords (no matter where) is at least 6 characters long, and consist of numbers and letters of upper and lower case.
7a.) Make sure all your passwords everywhere e-mail, webmail, hotmail, home computer, FTP, etc. are all that way.
7b.) Give yourself different passwords for different purposes. I.E.: I have passwords of different complexity, some are very easy and some are very difficult and long. If you must share a password with someone and it is not for something important, then have an easy one for that. Then for other important things like your e-mail for your ebay or paypal account, make it longer, more difficult to guess, and more complex.
7c.) Do not set the same password on everything. Because sometimes a software has a flaw, and its security may be breached. If that happens, your password may become revealed and then intruders can use that same password for all your things. That is why you have a seperate key for your car that is different from your house key.

8.) Be wary of those that ask you for your passwords. An administrator will NEVER EVER ask you for your password for any reason. Because the lead administrators have supreme access, and have no need to do so. If someone is asking for your password, (even if it is me) you can tell them to "go play hide and go f*** yourself". I would understand.

If you follow most of these, all is right with the world. (For "God is in his heaven" )

[Jinxie]

Here's a couple of other security tips:

1. Rename the Administrator account
2. Disable the Guest account
3. For your password use Upper-case, Lower-case, Numbers, and Special Characters (examples: ^*!)
4. Also for passwords, do not use a real or common word. There are password dictionaries out there that are massive. I downloaded a 300MB text file password dictionary when I was evaluating security risks for a customer.

[Macht]

Quote:

Originally posted by AKosygin The Windows firewall WILL NOT CUT IT! It DOES NOT WORK PROPERLY!

Great Info that everyone should read and follow

The quote is my favorite part of it, since when does Microsoft ever make something that works right.

Even funnier their Office program that's for Macintosh computers work better then the Office program on their own OS system. That's the part I find to have the hugest irony to it, Microsoft cheats Macintosh, Miscrosoft builds faulty OS, Macintosh OS uses Microsoft programs better then Microsoft OS.

Seems like such delicious irony there. Oh well, my own personal gripes about Microsoft

[Jinxie]

Quote:

Originally posted by Macht Great Info that everyone should read and follow The quote is my favorite part of it, since when does Microsoft ever make something that works right. Even funnier their Office program that's for Macintosh computers work better then the Office program on their own OS system. That's the part I find to have the hugest irony to it, Microsoft cheats Macintosh, Miscrosoft builds faulty OS, Macintosh OS uses Microsoft programs better then Microsoft OS. Seems like such delicious irony there. Oh well, my own personal gripes about Microsoft

Know what's even funnier?......Microsoft owns 52% of Macintosh's shares and Microsoft still can't make a product that runs good on there own OS.

[SeverusXerxes]

another suggestion, dont use IE Use Mozilla/Firefox.. sigh the only problem is u cant use these browsers when accessing a microsoft page as they wont let you access anything microsoft becuase mozilla/firefox is not netscape/i.e.

/cry microsoft, cry!

[MisterCookie]

...or screw Windows completely and use an OS with a proper permissions system.

GNU/Linux ftw

[Jarre]

I agree AKosygin, everyone needs to take responsibility for keeping the site secure by keeping themselves secure. I had a recent security advice bubble from F-secure tellign em about the new Haxdoor virus that is now spreading accross europe in zip files and exe files etc.

The ebst way to prevent virus's is to:-

1. Be more careful with opening attachments in emails, if you don't know the person or the subject bar is strange or it contains a zip, exe, jar etc. file delete, also do not view emails with your preview pane, if you click on one of these in the preview pane its the same as opening the email, anythign atatched will activate.

2. don't visit porn sites, yes I know you do!!! alot of these have embedded virsus's (many key loggers, java virus's and even the famous wmf one.)

3. Get a virus checker (Grisofts AVG is free to download and update) and also free spyware cleaners i.e. Adaware and Spybot.

One thing AKosygin I don't agree with...

Originally Posted by AKosygin

A chain is as strong as its weakest link. 3.) Please ensure you have installed an Anti-Virus program. Like Norton or McAfee. (From experience Norton is the best, but it can be more expensive overall)

Norton has many problems, hates everything, slows everything down and they are quite bad at the moment at getting updates quickly. personally I wouldn't touch them with a barge pole, but that is personel prefference.

My set up....

F-secure (firewall, virus scanning) (£25 a year subscription)
Spybot search and destroy, Adaware 6, crapcleaner.

Here is the top 10 Virus killers

Double Post Edited:

Originally Posted by Macht

Even funnier their Office program that's for Macintosh computers work better then the Office program on their own OS system. That's the part I find to have the hugest irony to it, Microsoft cheats Macintosh, Miscrosoft builds faulty OS, Macintosh OS uses Microsoft programs better then Microsoft OS.

I have to agree s i use a PC at home and a Mac in the office, the speed of powerpoint is double at the office than home and my office computer is slower than my home one on paper (G4 1.25mhz mac with 768mhz PC2100 in office, Athlon64 3000+ at home with 2Gb Pc3200 memory) and the power point presentations i am talking about include full rendered images and lots of animation.

The same is with Archicad 9 I use as an architect at the office, it runs slower at home even though my computer is faster at home and has a better graphics card!!

If onyl FF came to teh Mac, I bet it would run smoother

[Murphie]

Am I the only one who noticed this thread is from 2004 (and hence may not be entirely up to date), and was bumped yesterday for no reason whatsoever?

I am? Well, carry on then.

[kuu]

No...a good amount of people did.

Is there a rule about trying to revive dead threads?

But anyway, those security don't quite work, and rather not very convient for consumer level people.

You can blame windows and program makers for that. The shear fact that not being in admin, is totally annoying in windows is a grossy understated issue.

Even Microsoft's own suites suffer from "everyone should be in admin level" syndrome.

[Murphie]

Originally Posted by kuu

Is there a rule about trying to revive dead threads?

Sort of, yeah. I mean, if someone is bumping to say something relevant, then it's not so bad (see the post right above my last one), but if they are bumping to say something completely unnecessary? That's bad.

[Macht]

Originally Posted by Murphie

if they are bumping to say something completely unnecessary? That's bad.

That's when I get to siff through my bag of destructive toys (aka goodies) and start slaughtering threads.

[Gentoo]

Well... This thread is (1) stickied, so it's always at the top and highly visible, and (2) it's about computer security which is a process and should invite regular comments.

Although evangalizing GNU/Linux as a security measure is dubious.

Sorry, MisterCookie, I'm not attacking GNU/Linux, but unless the user knows how to secure their platform, any OS can be insecure.

My only disagreement with the original article is about password length.

Quote:

Ensure your passwords (no matter where) is at least 6 characters long, and consist of numbers and letters of upper and lower case.

All Windows NT based systems (Windows 2000, Windows XP), I believe, still compute and store the LAN Manager hash (LM Hash) in the SAM database by default for compatibility with older Windows systems.
(I might be going off obsolete knowledge, but I *think* this is still valid)

The LM Hash is notably weak when passwords used are less than 7 characters. For windows systems you're better off using a password that is exactly 7 characters. You're best solution is a password that is 14 or more characters.

(if you want to know why, read: http://www.thebitmill.com/articles/nt_password.html)

[Jarre]

Originally Posted by Murphie

Am I the only one who noticed this thread is from 2004 (and hence may not be entirely up to date), and was bumped yesterday for no reason whatsoever? I am? Well, carry on then.

Well was first on my list of new posts this mornign so didn't really pay mucha ttention to teh date as the last post beofre mine was recent.

Though security issues should always be on top as it effects us all. Now calm down Macht, teh bags not ready for opening yet

[Omniblast]

This thread should be updated, also, please include an analysis of the defunct "Windows Defender" as well as cover security via spyware protection.

Oh and phishing... gotta get defenses up for phishing scams.

[Telera]

Well, I tried updating my Windows once. You wanna know what that did to my machine? Even with 700+ RAM it went from booting and ready in maybe a mintue, to more than five before it would settle down. Shutdown even got lagged up, and it screwed up my Vid Card drivers. So when I got rid of SWG, I wiped the update, too. Couldn't care less about them. Maybe when they make one that doesn't eat up system resources, I'll do it again.

My solutions:

-I have a Linksys Router, my IP starts w/ the 192.xx.xx.xx

-AVG, Ad-Aware, Spybot Search& Destroy

-I don't 'surf'. Ever. I have book marks to a few forums I've been on for years, FFXISomepage, the FFXIAtlus, and FFXIAH. Other than that it's a few other trusted sites. Megatokyo, etc. There's nothing out there I didn't surf to death while at the college. Those had uberfirewalls and I wasn't concerned.

- I could and probably should make a password to my actual PC account -not the admin one- the PC automatically set me up as a 'power user' but not admin. How nice of it.

-Email: Anything with an attachment that isn't a .doc from my boyfriend (which would be his chapters of our book, etc) or something from someone that I know where they live and can hurt them, I just don't open it.

And the end all of it: I unplug the damned ethernet cord from the machine when I'm not physically on it. This thing is not connected 24/7. It's on only as long as I am on and that's it. It's not even connected when I play Morrowind or KotOR. Only if I need the internet for something do I leave it connected.

Just doing this, I've only ever had maybe one trojan, and Surf Side Kick got installed back when I used crappy IE. I switched to Mozilla after that, ripped SSK out, registry keys and all, and went back on my merry way.

I think the real key is to just stop going to random-ass sites. Geocities all that free stuff, no no. Places that sound shady, no way. Porn? Well, hell no. As has been said, pr0n is eaten up with spyware and viruses.