-:Online Security for DuMMieS:-
(err..for the not so dumb as well)
Though none of the procedures listed may be hazardous, yet if your system experiences downtimes practising any of them, its SOLELY your responsibility.
Online security has ever been one of the most discussed and debated topic of the InternET AGE. Crackers and security vendors are engaged in a never-ending game of leapfrog, with the former constantly devising clever viruses and the latter feverishly trying to concoct antidotes. As a result, through the years hundreds of thousands of malignant programs have infected networks around the world. Most have had minimal impact, but a handful have caused hundreds of millions -- even billions -- of dollars in damage.
Before we deal with the real thing, its always better to get familiar with the terminology-:
1) Virus
2) Trojan
3) Worms
4) Other types of Malware
5) Phishing
6) Targeted attacks
Symptoms: Generally, Virus are spread as e-mail attachments. when the user opens these attachments, these virus replicate themselves into various other files. They may also attempt to steal passwords and try to connect to the internet and download more prototypes of the originally written code.
Symptoms: Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks -possibly joining many other similarly infected computers as part of a distributed denial-of-service attack.
Symptoms: Worms may automatically spread via emails, IRC,File sharing over unsafe P2P networks etc.
Description: Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others often called "stealware" by the media overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.
Adware refers to programs that install irritant pop-up feautures onto the
system, thus disturbing the user and also consuming system resources.
Backdoors are various codes and methods emplyoed to bypass normal verification checks.
Rootkits are techniques used by unauthorized personnel to conceal root
privileges(or admin access) to the original system administrators.
Droppers are purely mutated trojans that help in spreading the infection over a wider network
Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as proxies to send out spam messages. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.
Some malware programs install a key logger, which copies down the user's
keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.
Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.
information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is
typically carried out using email or an instant message. Links to false
websites imitating the original website are provided, where the user is s'posed to enter personal details such as card number or passwords.( eg that of a bank,shopping website)
Not only this, but you may become a specific target of a cracker who may wish to prevent you from receiving services, or may be interested in invading your machine. examples of such attacks are Denial of Service attack, SYN flooding, Smurf attacks. For more details, plz visit the links.
The answer to this is not definitive. Crackers always find better methods to
damage the system. But what one can do is take preventive measures.
crucial to ur system, the OS (or operating system). Since a large share of
people run Windows,they need to be extra careful owing to the buggy conflicts and cracker emphasis on Windows.
1) Make sure your system is up-to-date with all the security patches,
hotfixes, etc that are released by Microsoft from time to time, especially on
patch tuesdays (2nd tuesday every month)
2) Take serious consideration while sharing files over a network.
But these days, the feeling of outlawing MS
blehhas been on a rise, the greater share of geeks use either Mozilla Firefox or Opera. Firefox, due to its opensource nature, has been the favourite. There are hundreds of extension that stop ads, block popups, prevent script execution.(AdBlock & NoScript in particular) Futher, if you are not satisfied, you may want to get greasemonkeyhttps://addons.mozilla.org/firefox/748/ and create your own javascripts that stop in-page ads from displaying on particular sites you visit often( a huge repository can be found here)
windows user. Various brands are available, including Norton,McAfee,
Kaspersky,BitDefender,NOD32,F-Secure,PCCIllin,avast,AVG,Clamwin,Panda etc.
One question which arises is, which antivirus should i choose?
If you are looking for a freeware, then the best choice you have is Avast! home edition . Not only is this free, but it makes a great tool, specially with its speedy searches and regular updates. Others available are AVG,Kaspersky Active Shield ClamWin( also available for Linux).
For the paid sector, the best antivirus are KasperskyPro, BitDefender, PcciLLIn and NOD32. If you wanna go by the name, you may stick to good ole' Mcafee and Norton.Comparision Charts
Another One
After getting an antivirus program, the next most important thing is to
configure it properly. The automatic update feature must be set on so that the antivirus database is updated easily.
Some adavanced registry editors come with Online Security Registry security and Process Control.Example, avast! comes with Internet Script blocker that prevents execution of malicious codes.
Although it is better to have an antivirus program with a resident shield, some of us may opt for online tests by various sites.
Firewall
Next most important step, is to get a firewall. what a firewall does is,that it
maintains a separation between your computer and the network, and any data transmitted between them must pass through the firewall filter. WinXp comes with a built in firewall, but thats the bare minimum, hence its better to opt for some other firewall like ZoneAlarm,sygate,kerio,outpost etc.
The big deal is, that some of the real good ones are free-like
ZoneAlarm,Outpost(evaluation only)
Whatever firewall you download, the most important thing is to configure it properly. For eg, you may want to allow some programs such as torrent clients or WinXP autoupdate to connect to the servers without interuption by the firewall. Hence these must be added to the firewall's exception list. But be careful, as adding programs like LimeWire and eMule is necessary for their proper functioning, but that allows entry of malicious code to your computer, which is why you must have a resident shield.
Due to the continuos rise in spyware and adware, it is best to have a
spyware/adware detection and removal tool handy.
Many search toolbars, like that of yahoo come with an antispy option, but
many-a times these toolbars are unable to detect and remove all the adware and spyware. What you need is a specialist, like adAware,spydoctor or Spybot S&D. [see Links]
Most can be downloaded for freeand can be updated from
time to time for the latest definitons.Although not the best, but Windows Malicious software removal tool and Windows Defender are also worth a try, and come free through windows update.
This section lists a few other freewares, that may prove crucial during various situations.
1) hijackThis -: this program creates a log of all the processes currently
running on the system, and is helpful in identifying the malignant processes.
2)Icesword-: this one is a great rootkit checker
3)Install Spy-: This is a useful tool that helps keep a track of the changes
made to the rgistry.
1) Always create a backup of the usercreated documents/files. The backup should prefarably be on a removable disk.
2) Always use your intellect/judgement while surfing. For eg. avoid visiting crack sites/pr0n sites/warez sites as these are often infested with a bunch of malicious codes/scripts. Even if they dont damage, they will infest your comp with a host of spywares/adwares.
3)Never accept files/links from unknown/unverified sources,it maybe during IM conversation, chatrooms or P2P.
4)Never, except under unavoidable circumstances, should the antivirus resident shield be turned off.
5)Avoid filesharing and downlaoding through P2P networks like Gnutella(
Limewire,Bearshare,shareaza etc.) Especially,files wih much smaller sizes of the order of a few 100 kb's are generally trojans and viruses. Torrents are much safer anyways.
6)Not only Windows, but you must keep the all the programs you use patched up,because crackers generally identify vulnerabilities in common programs, like Flash Player,Internet messengers etc.
7)If you ever use any removable media, its best to scan them before using.
8)It is good to create a backup of the current registry.
9)An important step is to create a system restore disk via your antivirus
software, so that evee if the virus hinders proper booting, you may still have an option.
9)While logging on to sites that involve transfer of funds,money, plz make sure that the webpage is SSL(SecureSocketLayer) secured. It can either be checked by looking at the browser taskpane where a small lock is displayed or by checking the URL in the address bar. For a secure website, the name begins with https:// instead of the normal http://
10)Make sure you have an e-mail client that supports antivirus checks and has a spam filter. Incase you have a client like Outlook or thunderbird, make sure the client is fully updated with all the patches and hotfixes.In case of a webbased client, use only reputed e-mial clients like Yahoo,Gmail,Hotmail etc. and not any other less popular mail that doesnt support proper antivirus checks/spam filtering--> some of this type are sify,indiatimes
11)In case you dont suffer for Amnesia, its always safer to NOT store the passwords with your browser.
12)The temporary files,cache and cookies must be cleared regularly(the former especially)
13)Never post your e-mail address in open/public forums where it may be misused for spamming you with trojans,worms etc.
14)Pay heed to the Warnings your AniVirus and Firewalls flash. Not all of them may be real threats, but then, one threat is enough to wreak havoc on your system.hyeah:
15)Do a complete system scan(if not the complete system, then the root
directory at least(C:\WINDOWS for winxp)_every 2 weeks.
16]Reset All Important account passwords at regular Intervals.
-:Course of Action:-
This section lists the steps that you may follow in various adverse conditions
1]If you are affected by a virus/trojan/worm
In case you feel the computer's affected with a virus, stay calm. Make sure you really do have a virus by checking with more than one antivirus packages. If an antivirus package is able to quaratine the file, well and good, else try with a better antivirus package.
If you are unable to boot properly because of a virus, then try using a system rescue disk. Dont jump to conclusions fast enough. Reformatting the hard disk may not be the best solution.
What is recommended is that you should reboot in safe mode and run a complete scan with AdAware ,windows defender or spybot s&d.
Another step maybe to clear the InternetExplorer Cache and tempFiles.
If problems still persists, try getting a log from hijack this and identify the problematic process, then delete it manually.
US-CERT Virus Resources
Help Net Security
Microsoft Security Home Page
Downloads
http://www.majorgeeks.com/downloads29.html
Free Security software downloads
(err..for the not so dumb as well)
-: Preface( MUST READ):-
Before you continue with this article, its important that the following details must be made clear. The article is a part of the TechEnclave Celebration contest. It is meant to give general guidelines on Online security. Some Portions of the text(especially the former part) have been taken from various sources that are mentioned in the LINKS section at the end. That content holds sole credit to its original authors.
Though none of the procedures listed may be hazardous, yet if your system experiences downtimes practising any of them, its SOLELY your responsibility.
-:-:-:-:-:-:-:-:-:-:-:-
Online security has ever been one of the most discussed and debated topic of the InternET AGE. Crackers and security vendors are engaged in a never-ending game of leapfrog, with the former constantly devising clever viruses and the latter feverishly trying to concoct antidotes. As a result, through the years hundreds of thousands of malignant programs have infected networks around the world. Most have had minimal impact, but a handful have caused hundreds of millions -- even billions -- of dollars in damage.
Before we deal with the real thing, its always better to get familiar with the terminology-:
1) Virus
2) Trojan
3) Worms
4) Other types of Malware
5) Phishing
6) Targeted attacks
Virus
Description: A layman's buzzword about the darkside of the internet, these are also the most destructive codes ever written with the powerful ability to replicate themselves once they are triggered. With the likes of Melissa,Code REd,ILoveYou they have disrupted services worldwide.
Symptoms: Generally, Virus are spread as e-mail attachments. when the user opens these attachments, these virus replicate themselves into various other files. They may also attempt to steal passwords and try to connect to the internet and download more prototypes of the originally written code.
Trojan
Description: A Trojan is a malicious program that is disguised as or embedded within legitimate software. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed.There are two common types of Trojan horses. One, is otherwise useful software that has been corrupted by a cracker inserting malicious code that executes while the program is used. Examples include various implementations of weather alerting programs, computer clock setting software, and peer to peer file sharing utilities. The other type is a standalone program that masquerades as something else, like a game or image file,(also called loader) in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.
Symptoms: Trojan horse programs cannot operate autonomously, in contrast to some other types of malware, like viruses or worms. When the recipient double-clicks on the attachment, the Trojan horse might superficially do what the user expects it to do (open a text file, for example), so as to keep the victim unaware of its real, concealed, objectives. Meanwhile, it might discreetly modify or delete files, change the configuration of the computer, or even use the computer as a base from which to attack local or other networks -possibly joining many other similarly infected computers as part of a distributed denial-of-service attack.
Worms
Description: Computer worm is a self-replicating computer program. It uses a network to send copies of itself to other systems and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms always harm the network (if only by consuming bandwidth), whereas viruses always infect or corrupt files on a targeted computer.
Symptoms: Worms may automatically spread via emails, IRC,File sharing over unsafe P2P networks etc.
Other types of Malware
Malware means Malicious software. Other than Virus,trojans,Worms other types of malware are spyware, adware, backdoors, rootkits ,droppers loggers,bots and dialers.
Description: Spyware programs are commercially produced for the purpose of gathering information about computer users, showing them pop-up ads, or altering web-browser behavior for the financial benefit of the spyware creator. For instance, some spyware programs redirect search engine results to paid advertisements. Others often called "stealware" by the media overwrite affiliate marketing codes so that revenue goes to the spyware creator rather than the intended recipient.
Adware refers to programs that install irritant pop-up feautures onto the
system, thus disturbing the user and also consuming system resources.
Backdoors are various codes and methods emplyoed to bypass normal verification checks.
Rootkits are techniques used by unauthorized personnel to conceal root
privileges(or admin access) to the original system administrators.
Droppers are purely mutated trojans that help in spreading the infection over a wider network
Spammer viruses, such as the Sobig and Mydoom virus families, are commissioned by e-mail spam gangs. The infected computers are used as proxies to send out spam messages. Spammers have also used infected PCs to target anti-spam organizations with distributed denial-of-service attacks.
Some malware programs install a key logger, which copies down the user's
keystrokes when entering a password, credit card number, or other information that may be useful to the creator. This is then transmitted to the malware creator automatically, enabling credit card fraud and other theft. Similarly, malware may copy the CD key or password for online games, allowing the creator to steal accounts or virtual items.
Another way of stealing money from the infected PC owner is to take control of the modem and dial an expensive toll call. Dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.
Phishing
Description: Phishing refers to attempting to fraudulently acquire sensitive
information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an electronic communication. Phishing is
typically carried out using email or an instant message. Links to false
websites imitating the original website are provided, where the user is s'posed to enter personal details such as card number or passwords.( eg that of a bank,shopping website)
Targeted attacks
Not only this, but you may become a specific target of a cracker who may wish to prevent you from receiving services, or may be interested in invading your machine. examples of such attacks are Denial of Service attack, SYN flooding, Smurf attacks. For more details, plz visit the links.
-: What accounts for this vulnerability:-
There are various reasons that can be cited, some of them being exploits of the bugs in code, homogeneity of the system,unauthenciated access over the internet,unauthenciated transfer in cases like P2P
-: Protection:-
The answer to this is not definitive. Crackers always find better methods to
damage the system. But what one can do is take preventive measures.
-: How to proceed:-
The first and foremost thing to be checked is the thing nearest and most
crucial to ur system, the OS (or operating system). Since a large share of
people run Windows,they need to be extra careful owing to the buggy conflicts and cracker emphasis on Windows.
1) Make sure your system is up-to-date with all the security patches,
hotfixes, etc that are released by Microsoft from time to time, especially on
patch tuesdays (2nd tuesday every month)
2) Take serious consideration while sharing files over a network.
-: Internet Browser:-
Since internet browsers are the common vehicles to adwares and spywares, even virus for that matter, it is better to equip them as well as we can. Altering IE can be difficult, and thus MS has stepped up security measures with the New IE7 coming with a phishing filter.
But these days, the feeling of outlawing MS
blehhas been on a rise, the greater share of geeks use either Mozilla Firefox or Opera. Firefox, due to its opensource nature, has been the favourite. There are hundreds of extension that stop ads, block popups, prevent script execution.(AdBlock & NoScript in particular) Futher, if you are not satisfied, you may want to get greasemonkeyhttps://addons.mozilla.org/firefox/748/ and create your own javascripts that stop in-page ads from displaying on particular sites you visit often( a huge repository can be found here)-: Antivirus:-
Antivirus is probably one of the most crucial utility that is a must for every
windows user. Various brands are available, including Norton,McAfee,
Kaspersky,BitDefender,NOD32,F-Secure,PCCIllin,avast,AVG,Clamwin,Panda etc.
One question which arises is, which antivirus should i choose?
If you are looking for a freeware, then the best choice you have is Avast! home edition . Not only is this free, but it makes a great tool, specially with its speedy searches and regular updates. Others available are AVG,Kaspersky Active Shield ClamWin( also available for Linux).
For the paid sector, the best antivirus are KasperskyPro, BitDefender, PcciLLIn and NOD32. If you wanna go by the name, you may stick to good ole' Mcafee and Norton.Comparision Charts
Another One
After getting an antivirus program, the next most important thing is to
configure it properly. The automatic update feature must be set on so that the antivirus database is updated easily.
Some adavanced registry editors come with Online Security Registry security and Process Control.Example, avast! comes with Internet Script blocker that prevents execution of malicious codes.
Although it is better to have an antivirus program with a resident shield, some of us may opt for online tests by various sites.
Firewall
Next most important step, is to get a firewall. what a firewall does is,that it
maintains a separation between your computer and the network, and any data transmitted between them must pass through the firewall filter. WinXp comes with a built in firewall, but thats the bare minimum, hence its better to opt for some other firewall like ZoneAlarm,sygate,kerio,outpost etc.
The big deal is, that some of the real good ones are free-like
ZoneAlarm,Outpost(evaluation only)
Whatever firewall you download, the most important thing is to configure it properly. For eg, you may want to allow some programs such as torrent clients or WinXP autoupdate to connect to the servers without interuption by the firewall. Hence these must be added to the firewall's exception list. But be careful, as adding programs like LimeWire and eMule is necessary for their proper functioning, but that allows entry of malicious code to your computer, which is why you must have a resident shield.
-: AntiSpyware/AntiAdware:-
Due to the continuos rise in spyware and adware, it is best to have a
spyware/adware detection and removal tool handy.
Many search toolbars, like that of yahoo come with an antispy option, but
many-a times these toolbars are unable to detect and remove all the adware and spyware. What you need is a specialist, like adAware,spydoctor or Spybot S&D. [see Links]
Most can be downloaded for freeand can be updated from
time to time for the latest definitons.Although not the best, but Windows Malicious software removal tool and Windows Defender are also worth a try, and come free through windows update.
Other tools
This section lists a few other freewares, that may prove crucial during various situations.
1) hijackThis -: this program creates a log of all the processes currently
running on the system, and is helpful in identifying the malignant processes.
2)Icesword-: this one is a great rootkit checker
3)Install Spy-: This is a useful tool that helps keep a track of the changes
made to the rgistry.
Do's & DONT's
1) Always create a backup of the usercreated documents/files. The backup should prefarably be on a removable disk.
2) Always use your intellect/judgement while surfing. For eg. avoid visiting crack sites/pr0n sites/warez sites as these are often infested with a bunch of malicious codes/scripts. Even if they dont damage, they will infest your comp with a host of spywares/adwares.
3)Never accept files/links from unknown/unverified sources,it maybe during IM conversation, chatrooms or P2P.
4)Never, except under unavoidable circumstances, should the antivirus resident shield be turned off.
5)Avoid filesharing and downlaoding through P2P networks like Gnutella(
Limewire,Bearshare,shareaza etc.) Especially,files wih much smaller sizes of the order of a few 100 kb's are generally trojans and viruses. Torrents are much safer anyways.
6)Not only Windows, but you must keep the all the programs you use patched up,because crackers generally identify vulnerabilities in common programs, like Flash Player,Internet messengers etc.
7)If you ever use any removable media, its best to scan them before using.
8)It is good to create a backup of the current registry.
9)An important step is to create a system restore disk via your antivirus
software, so that evee if the virus hinders proper booting, you may still have an option.
9)While logging on to sites that involve transfer of funds,money, plz make sure that the webpage is SSL(SecureSocketLayer) secured. It can either be checked by looking at the browser taskpane where a small lock is displayed or by checking the URL in the address bar. For a secure website, the name begins with https:// instead of the normal http://
10)Make sure you have an e-mail client that supports antivirus checks and has a spam filter. Incase you have a client like Outlook or thunderbird, make sure the client is fully updated with all the patches and hotfixes.In case of a webbased client, use only reputed e-mial clients like Yahoo,Gmail,Hotmail etc. and not any other less popular mail that doesnt support proper antivirus checks/spam filtering--> some of this type are sify,indiatimes
11)In case you dont suffer for Amnesia, its always safer to NOT store the passwords with your browser.
12)The temporary files,cache and cookies must be cleared regularly(the former especially)
13)Never post your e-mail address in open/public forums where it may be misused for spamming you with trojans,worms etc.
14)Pay heed to the Warnings your AniVirus and Firewalls flash. Not all of them may be real threats, but then, one threat is enough to wreak havoc on your system.
hyeah:15)Do a complete system scan(if not the complete system, then the root
directory at least(C:\WINDOWS for winxp)_every 2 weeks.
16]Reset All Important account passwords at regular Intervals.
-:Course of Action:-
This section lists the steps that you may follow in various adverse conditions
1]If you are affected by a virus/trojan/worm
In case you feel the computer's affected with a virus, stay calm. Make sure you really do have a virus by checking with more than one antivirus packages. If an antivirus package is able to quaratine the file, well and good, else try with a better antivirus package.
If you are unable to boot properly because of a virus, then try using a system rescue disk. Dont jump to conclusions fast enough. Reformatting the hard disk may not be the best solution.
2]Affected by Spyware/Adware
If you keep getting annoyances or you feel the computer is responding slowly, not getting complete bandwidth,tries to open Internet windows on its own, then you may have become a target of a spyware/adware or both.
What is recommended is that you should reboot in safe mode and run a complete scan with AdAware ,windows defender or spybot s&d.
Another step maybe to clear the InternetExplorer Cache and tempFiles.
If problems still persists, try getting a log from hijack this and identify the problematic process, then delete it manually.
-:Conclusion:-
The only conclusion that can be drawn is that you must exercise judgement and precaution while browsing. Although none of you may (nor do i) follow the safest paths listed above, but then, we dont fear reformatting our harddrives, do we? :rofl:
-:LINKS:-
Malware - Wikipedia, the free encyclopediaSources and Further Reading
US-CERT Virus Resources
Help Net Security
Microsoft Security Home Page
Downloads
http://www.majorgeeks.com/downloads29.html
Free Security software downloads
-:-:-:-:-:-:-:-:-:-:-:-
