When I bought my first computer in early 2005, I took little extra care in setting up my anti virus - Symantec Internet Security installed by the Software Wallah along with OS and other programs for a total of Rs 300 Though, I was in no way paranoid about the Online Security, I wanted to take no chances. However, as I became aware of the WWW, I grew a little complacent, confident in my familiarity with the virtual alleys and netizens' wares. At no point of time I was without a firewall or anti-virus, but yet after 2006 I was no longer taking a good look at my online security. On several occasions, I had encounters with malware and viruses but I was able to deal with them easily.
But last week something shook me out of my slumber. I made a silly mistake and the result was a very bad infection of VirtuMonde. Because of my mistake and probably because it was some new strain of VirtuMonde, my AV did not detect it properly and the Adware was able to entrench itself deep inside my system. After fighting it for over three hours I was able to get rid of it but the incident forced me take a fresh look at my online security. This article is a summary of what I found and what I implemented for my online security in last three days.
Now, I know that veterans here must be already aware of the issues and topics that I will be addressing in this article. In fact, most of them I believe are more knowledgeable and more experienced than me and as such do not really need this article, but I write this guide in hope that newbies will benefit from it.
This is not the first guide on online security here TE. I have gone through some other wonderful guides here and they are pretty good. But yet, when I was battling VirtuMonde, I found that the guides here were not very helpful. My aim with this guide is build upon what others have written here and present the information in a manner that is useful for newbies at least. So all aboard...
[BREAK=Wild Wild West]
I will be quick here as I think most of the Internet users are aware of the security threats that exist on the net. Still for the sake of putting it in word let me define some of them (of course very briefly)
Viruses and worms: Nasty bits of code which affects functioning of a computer in an adverse manner. Viruses have different purposes ranging from producing funny pop-ups to nagging users to deleting system files. They are often self-replicating and if left untreated, some viruses can also harm hard disks, other storage devices and RAM.
Trojans: A more serious threat than viruses, Trojans are usually the programs that use resources of an infected computer to benefit its masters (at times by turning the infected computer into a zombie that can be used to launch various attacks on other computers/networks or sending spam). Unlike viruses, all trojans use network to communicate with their masters, collect data like surfing habits of the users or steal information from the infected computers.
Adware and Spyware: Though not as dangerous as Trojans, Adware are toughest to remove. Typically they monitor internet usage pattern on the infected computer and serve advertisements based on the data that they have collected. Adware also typically hijacks browsers and force them to connect to some particular websites. Spyware are also similar as far as their mode of operation is concerned though unlike adware they may remain passive while doing their work.
Malicious scripts: Instead of standalone programs like trojans or adware, malicious scripts are embedded objects in a web page that are self-executable. They are
typically used to open chinks in the computer to allow trojans to make an entry or drop adware.
Hacking/Cracking: This time the adversary does not come in the shape of some program but a wily (sometimes foolish too) netizen(s) trying to crack defenses of your computer to gain control over it. Typically, these chaps do not target mere mortals like us but try to break into corporates systems as it is where the money lies. Prominent individuals may also be targeted depending on the needs and aims of the cracker/hacker.
With so many different types of security threats, the ideal approach is to employ different types of security solutions. Last week, while undergoing my travails I realized that the best that an average internet user can do to secure his PC is employ a three pronged approach to deal with online security troubles: This three pronged approach consists of Hardware solutions, software solutions and human application. Now let us deal with them one by one.
Hardware solutions: While I recognize that some of the members here have more than one computer at their disposal and they can set one of their boxes to act as a firewall, for large majority this option is nor available neither feasible, even though it is the best solution as far as hackers/crackers are concerned.
In this scenario, the next best thing for home users is to use the firewall inbuilt within the router. Any router serving ADSL connection with NAT has a firewall.
Enabling and configuring it is more than enough to make your computer completely stealth on internet. While, I know it for sure that Beetel 220VX (Airtel users) has a firewall I am not too sure about Sify, Tata Indicom, BSNL or others, though I believe they must have it too. As far as MTNL is concerned, I have a MTNL connection and I use the firewall that DSL-502T provides.
By default, firewall is disabled in DSL 502-T. Though it's easy to enable firewall in the router, just like port forwarding newbies may find it a little daunting. So let me walk-through the process:
1- Open Internet Explorer (I don't know why DSL 502-T configuration with MTNL connection does not work with Mozilla. Not at least on my computer)
2- Open 192.168.1.1
3- Enter login/password. Default are admin/admin
4- On home page, click WAN in left panel
5- In WAN options, go to firewall and enable it.
7- Save and Reboot (the option is in Tools > System)
Once your Router has been Re-booted, again follow step no 1, 2, 3.
8- Click on Advanced on top panel
9- Click on Firewall in left panel
10- Block Ping, TELNET, FTP, DNS. Of course, only if you don't need them and What you need and what you don't, I can't tell you but as far as I am concerned these four services are blocked on my comp and so far I have felt no need to enable them. If need arises, they can be unblocked.
11- Follow step 6 and 7.
Let the router reboot. connect to internet and go to https://www.grc.com/x/ne.dll?bh0bkyd2
Proceed > test All Service Ports. the result should be a Complete Stealth, like this:
Achieving a "total stealth" will likely take care of hackers and crackers. None of your first 1056 ports are open and you are invisible. Though it does not make you invincible as there are lots of very smart and very dangerous people who can penetrate all kinds of shields in matter of minutes
But important thing is that with the help of your router's firewall you can easily stealth your computer's ports. Router's firewall is a more robust and better solution than your average software firewall. But of course software firewall is useful too as we will see...
a) Firewall: Though we have already achieved a complete stealth of service ports and have taken care of pings, TELNET, and FTP with hardware firewall, software
firewalls are important because of their ability to stop leaks. Software firewalls can control which program or service can connect to internet and in what manner. This is useful tool specially in the case when you have already been infected with a trojan or adware as it limits the potential for damage. On a side note, I have also used the firewall to take care of VGA and Adobe's update program
Some of the top rated firewalls as far leaktests are concerned are Comodo (it's free), Outpost and Online Armor. I suggest Comodo. But firewalls can be a little intimidating in the beginning so newbies can also start with ZoneAlarm's free firewall.
b) Anti-Virus: I regard Anti-Virus as the last defence in a PC. So it has to be very, very robust. Nowadays, a good anti-virus takes care of all types of threats including trojans, adware and malicious scripts. Ideally, one should have a good AV with strong real-time protection and couple it with a passive on-demand scanner or online scanner. A very good combo could be Nod32 (paid) and Kaspersky online scanner (free). However, keep in mind that an AV does not guarantee unbreakable security. at times your AV, however good it is, may fail. In such a scenario, viruses and malware could be real pain in a**, depending on how layered is your security and how wise you are :bleh:
C) Updates: Keep your OS (specially Windows) updated. Also, AV and Firewall (must), Internet Browser, Java Run Time, MS Office, Adobe Reader, Torrent & P2P programs, and WMP should be kept as updated as possible.
d) Plugging OS Holes: Windows takes too many things for granted. For example, Bill Gate's minions believe that everybody who is buying a PC is going to run Telnet and will definitely use remote desktop on his home PC to manage it from his office. However, the reality is that most of the Windows users don't need all the services that are active by default in XP or Vista. For security reasons, an average computer user should consider shutting every such service that has "Remote" attached to it. Use services.msc to start or disable windows services (But be careful as things could go wrong too )
e) Honorary mentions: There are some nifty little tools that in my opinion are almost priceless (they are free too). First among them is Mozilla Firefox. I Know it's a great browser and all but here it finds mention not because I love open-source (free) stuff but because with Firefox you can use NoScript. It's tiny add-on for Firefox that will effectively free you from the dangers of malicious scripts embedded in web pages. Believe me, with NoScript active, I have ventured into bleakest and darkest alleys of Internet without second thought and never had been hit by a rogue script. NoScript also blocks advertisements and other executable that can launch some stubborn pop-ups.
HijackThis needs no introduction. It's an extremely useful and popular tool that can be used to detect and remove spyware/adware or anything that hijacks a browser. Though, I must add that here the HijackThis finds mention for its exemplary diagnostic abilities rather than than its ability to remove scum. A very useful tool if you can't beat malwares as with HijackThis you can at least find out who or where they are and then seek help from others on the net.
UnDLL is something that I recently found. It's a very very powerful tool. When I was battling VirtuMonde, NOD32, though largely neutralized the adware, failed to remove it. Attempts to remove VirtuMode by using specialized tools like VirtuBeGone etc also failed as the adware has replicated itself into a few DLL files which were working in conjunction to replicate and take place of deleted DLLs. UnDLL on the other hand succeeded in removing them along with their registry entries and associate files when Windows was in safe mode. Though, I would have found some other way to remove VirtuMonde if I would not have got UnDLL, I was really impressed by this little program. Later, I used it to remove some stubborn Windows Office DLLs that were refusing to vacate the program folder even when I have uninstalled the Office hyeah:
And finally, there is CurrPorts. This tool allows you to see your open ports and the applications connected to the internet. It also allows you to shut a port if you wish to do so. Of course, a good firewall will also allow you the same functionality.
Now that leaves just one thing. You...
You computer's online security is as good as your computing habits. We all have heard about exploits of great hackers or the damages caused by viruses such as I Love You. But the fact that these exploits were made possible because of ingenious social engineering is something which we often overlook. Almost all those who create trojans, viruses, adware, spyware etc rely on Web users' follies to make their schemes work.
Experts agree that weakest link in online security are users themselves as they rush to open that file called "Beautiful Damsel" that has landed in their inbox. If you are hell bent on clicking everything and anything on Internet, even a nine-layered security will not keep your computer safe.
So my advice is, please don't be click happy. Think twice before opening any attachment and be careful when you are roaming in Pronland because things which are beautiful are often dangerous too. Also, security from phising, another threat that I did not mention above because there is no software that can protect you from it, solely depends on you. There are "phising advisors" inbuilt inside security suits but they are more of a marketing gimmick. In the end, whether you fall into phising trap or not depends on you. One way to mitigate phising risk is to check security certificate of the website that you are surfing. Every website dealing with e-commerce or online financial services should use a SSL connection and should have a valid security certificate. If it lacks any of two or both, stay away from it.
However, being careful does not mean being paranoid either because that would make your online ventures a boring affair. Enjoy yourself on WWW but take care. Be wise, use discretion and use some protection. After all, it's better to be safe than sorry. Right?
Some useful links
Virus check: eicar | THE ANTI-VIRUS OR ANTI-MALWARE TEST FILE
Firewall Leaktester: Firewall Leak Tester
PS: The guide is written with keeping in mind Home users using Desktops. Laptops need a few more security measures as network encryption is a serious concern there.
Also, I am in no way a security experts so there could be a lot of things that I might have missed. I might have made errors too. So, please feel free to add to this guide.
And very importantly, I am not responsible if the programs, methods and ways discussed in this guide adversely affect you or your computer. This guide is definitely based on my personal experience but I can't guarantee that the programs and methods discussed here will work for you in the same manner as they worked for me.