InBoxRevenge KS Forum

Of course, pretty much everyone has heard that it's important to have a secure PC.

This forum came into existence in part due to concern over a massive Distributed Denial of Service attack against the anti-spam company Blue Security, whose Blue Frog product was reducing spam levels dramatically. A DDoS involves sending so much bogus traffic to a site that it cannot carry out its normal functions for legitimate users. The attack on Blue Security involved thousands of computers which had been hijacked by criminals, and it did collateral damage to a large number of other well-protected sites.

The episode pointed out the fact that spamming is not merely an annoyance, but a symptom of a much more significant threat to all persons and agencies that rely on the internet. Criminals can wield that type of power only because there are large numbers of internet users who have not taken personal responsibility for securing their machines adequately. Their computers become "zombies," or "bots" on a "botnet," under the control of a "botherder" who rents them out for use by other criminals. Hijacking computers is a very lucrative business.


IS YOUR PC A BOT?
Well, we can't answer that from here, but if you are on a high speed internet connection (such as cable or DSL), and you don't run properly configured firewalls and updated anti-virus software, it is highly likely your PC is compromised.

What does this mean?
It means someone else can take complete control of your PC, and use it for illegal purposes. These typically include sending spam, spreading malware (bad programs, like viruses, worms, and trojans), and launching DDoS attacks.

What should I do?
First find out what kind of security software you have now. You need an antivirus, and antispyware, and a firewall. You may have one product that does more than one thing. You may have already purchased a product, there may have been a subscription included for the first year with your new computer, or your Internet Service Provider (ISP) may provide one free to keep you from being a hazard to the rest of the planet. Make sure your subscriptions are up to date. Then, for the pieces you don't have:
Step 1 - Download and install ONE of the below free antivirus softwares:
Avira AntiVir
http://www.free-av.com/
Avast
http://avast.com/eng/download-avast-home.html
AVG
http://free.grisoft.com
Comodo Internet Security (includes firewall but you can choose to install only one)
http://www.personalfirewall.comodo.com/
ADD: I have been told that Comodo now is bundled with the Ask Toolbar, a search toolbar with a bad reputation. Unclick the option to install it, and then go to Add/Remove programs and make sure it's not there after installing Comodo.

Keep them updated. (Usually that means an update every day!)

Step 2 - Download and install ONE of the below free firewalls (never run more than one firewall at a time):
Comodo Personal Firewall
http://www.personalfirewall.comodo.com/
See above comments about Comodo; you can install the firewall only, but you have to download the combination product and unclick what you don't want, including the Ask Toolbar
Webroot Desktop Firewall Free
http://www.webroot.com/En_US/consumer-p ... ewall.html
Online Armor Personal Firewall
http://www.tallemu.com/downloads.html
Sygate Personal Firewall Free
http://www.majorgeeks.com/download3356.htm
Sunbelt Personal Firewall
http://www.sunbeltsoftware.com/Home-Hom ... -Firewall/
ZoneAlarm Free Firewall
http://www.zonealarm.com/security/en/zo ... rewall.htm
Last free version of Kerio Free Firewall
http://www.321download.com/LastFreeware ... 20Firewall
Jetico Personal Firewall v.1
http://www.jetico.com/jpfirewall.htm
OutpostPro Firewall
http://www.trialpay.com/checkout/?c=licot4&tid=9ahBJOa

Step 3 - Download and install one of more of the free sypware detection and removal software (it is useful to have more than one to get multiple opinions, but only run one at a time):
Ad-Aware:
http://www.lavasoft.com/software/adaware/
Spybot Search and Destroy:
http://www.safer-networking.org/en/mirrors/index.html
Windows Defender
http://www.microsoft.com/windows/produc ... fault.mspx

Step 4 - Install Firefox to replace Internet Explorer and install Thunderbird to replace Outlook. Then make them your default browser and email client. (They will ask if you want to when you first run them.) More malware is written for IE and Outlook, since they hold such a large market share. Also, only Internet Explorer runs ActiveX, an application that malware programs exploit frequently.
http://www.mozilla.com/firefox/
http://www.mozilla.com/thunderbird/

Alternative browsers:
* The Opera browser is also popular. Its advantage -- it's not widely used, so criminals don't spend a lot of time looking for ways to exploit flaws -- is also a limitation, as it has fewer add-ons available and may be incompatible with more sites than Firefox. But people who use it tend to become big fans:
http://www.opera.com/
* For an integrated browser/email application, Mozilla offers Seamonkey, which is similar to Firefox+Thunderbird. Seamonkey 2.0 is still in development. It can do some things Firefox can't, especially with sites that normally only work with Internet Explorer, but it can't do other things Firefox can. You will probably end up using Firefox for some sites as well:
http://www.seamonkey-project.org/releas ... nkey2.0a2/ )
* Safari - This comes with Macintosh computers and also benefits from the "everybody uses Microsoft products so why waste time writing malware for anything else" mentality, but it's not giving Firefox much competition.
* Google Chrome - This is very new. The fact that it doesn't have a no-javascripts option has been a show-stopper for most people.

Step 5 - Get the Noscript add on for Firefox and/or Seamonkey. This allows you to turn javascripts on and off easily, and makes no-javascripts the default when visiting a new/untrusted site:
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/seamonkey/addon/722
Obviously, don't allow javascripts for any site that might be under the control of spammers or other criminals.

Step 6 - Block IE & Outlook from accessing the internet using your firewall. If they ask to access the internet, you know there's something wrong.

Now, once the antivirus is installed, you NEED to do a FULL (thorough) system scan, including archived files. It is best if you do a boot-time scan.

Now do a full system scan using either or both of the spyware removal tools.

For the firewall. This is a little more difficult to setup, but what you need to know is that it has program access control. This means that it will prevent programs from accessing the internet that shouldn't. It is up to you to decide if the program is allowed access or not. This is the hard part, because certain things need internet access for you to browse the internet, use chat programs, get your email, etc., and other things should not be allowed. Zonealarm will give suggestions about some things, not about others. If Zonealarm says it's ok, then you are usually ok to click "Remember this selection" and then click "Allow". If Zonealarm has no suggestion, then I recommend you research some, or click deny.

If you have trouble with any of this, there are many people who will assist you.

If you want it done for you, and are in the Wilmington, NC area, we will do it for free. PM us your Name, Address, phone number or email, and a good time to contact you, and we will schedule a free in-home service to remove any existing virii and spyware, and will setup Zonealarm and Avast free editions for you.

KyferEz
(updated January 2009, AlphaCentauri)

I would also add HijackThis to the list of tools one can use to scan for nasties. The people at CastleCops will be glad to help you identify and remove spyware in the HijackThis forum.

Nice, but you missed out the most vital part:

Step 4 - Install firefox & Thunderbird from www.mozilla.com and make them your default browser and mail client

Step 5 - block IE & outlook on your firewall. If they ask to go out, you know there's something wrong.

As Cringley once pointed most of these are outlook viruses, not computer viruses and the primary adware/malware infection vector is IE

It should be pointed out that you will lose nothing when you upgrade, if my mother can do it so can you

Doh

And afterwards you make a trip to http://www.grc.com/default.htm , follow the advice there, and run the ShieldsUp! test.

Oh yes, make sure you switch off universal plug and play, in the "services" control panel (if you haven't installed SP2 yet) and turn auto updates on.

Using IE select "Windows Update" from the "Tools" menu, and follow the on-screen prompts.

If it tells you have a pirate version report back for instructions

I'd say configure it to download available updates and warn you, but not auto-install them.

You'd not like coming black to a BSDed computer (and that's not the BSD OS)

What does everyone think about me creating a wiki about this?

KyferEz

There is a danger of re-inventing the wheel, but if a lot of newb's are asking the question, then decent answers are always in short supply. proably best done with screen shots in large freindly type

Yes, but I don't have time to do all that myself. With a wiki, everyone could pitch in and help edit how-tos.

See Castlecops: Malware Prevention and Removal or Aumha.org: Parasite Fight for examples of current guides. I'd agree with Doh here - referring new users to existing resources is more efficient.

That's pretty good KyferEz

Now let me mouth off with more info from lots of experience.

First and foremost if you have ADSL or cable; buy or get a router. Does not matter which one as log as it has NAT [Network Address Translation] and you turn on the firewall part in it. If you don't know how to set one up initially ask your ISP or your local techy. It provides the first line of defense to protect your puter.

If you know how, use a spare box to install FreeSCO and make your own router. Google it to find out more. It has some pretty good features like adding a tarpit, print server, proxy and much more. Best of all it runs off a floppy, whopping 64k of RAM max., no HD needed and a speedy old 386 box ,, LMHO

Avast and AVG are good for start. For real protection you wan to get Kaspersky 2006 anti-virus. It finds stuff you never dreamed of. Buy it if you have to, it's well worth it. All other anti-virus apps suck in comparison. With this puppy installed you can dump Ad-aware and rest of anti-spyware apps too. Go to their site for details. Be careful though, it catches even KS_Leech as downloader. Just accept it as “trusted”.

You're right KyferEz ,, Best / easiest firewall available is Zone-Alarm. Read the help file and learn this proggy really well.

Step 4 and 5 are really good advice. I'd like to add Opera browser to this list. Simple to use and has option of hitting F12 for quick settings. It's default is to start with tabs / pages u were at before, nice feature.

If you want to learn what every file on your puter does than get HijackThis, otherwise use other solutions.

Now to get back to Winblows;
Do your updates and service patches once every few days! Can't stress this enough. This is the only time you should be using IE, ever!
If you can't or don't like using Microcrap [Microsoft] site then go to http://windowsupdate.62nds.com/ and learn more. NO, I'm not promoting piracy. Lots of times I tried to register legitimate copies and they failed or couldn't access MS site. Especially ones shipped directly from MS.

After your system is clean and patched Lock Down your Services according to http://majorgeeks.com/page.php?id=12 . Keep it in mind if you have a LAN or sharing with other computers at home or small biz.

For more advanced users:
Tighten your security policies
Rename your administrator account and choose passwords that include a-z, 0-9 and special characters. Keep your password to yourself and no-one else.
Make another account with adminsitrator rights and use it if you haven't done so.
Make an extra but limited account for other ppl
Disable Guest account
Disable sharing, even default shares if you don’t share files on Microcrap network.

Not necessary but good to do:
Stay away from MSN, .NET, ICQ, Yahoo chat etc.,
Use Skype, or even better SST Secure Shuttle Transport for chat.
Stay away from online banking! We get a stack of reports and inch to 5 inches high every week of problems.

If it's not encrypted it's probably open to intruders. Most software available comes with back doors, especially anything by Microcrap and related companies!
Before buying or installing any software search it for problems via Internet, vulnerabilities, issues, bugs, spyware, malware etc.
Example:.
MSN problems
MSN vulnerabilities
MSN issues
MSN bugs
,, and so on.

Could go on for days with this but Wiki sounds better. Usually it takes about 1 to 3 days to do a proper job on a puter to secure it, and since Microcrap comes preconfigured pretty well wide open.

If anyone needs help with this in the Kitchener/Waterloo, Ontario, Canada area I'm sure we can work something out.

thud,

Some good info there. My post was primarily trying to focus on things the typical illerate or somwhat literate Windows users could do to prevent their machine from being a BOT without spending any money.

I've heard of Kaspersky, but haven't used it any - primarily because if I remember correctly, they don't offer a free version. I don't like to pay for any software unless they offer a "free upgrades for life" purchase option... However, from what you said, I don't think I would suggest Kaspersky to computer illerate users - it could be too intrusive / strict for them to handle. I know some computer illerates who cannot even handle the basic ZoneAlarm alerts.

Most DSL modems sold (at least in the south-east) have a NAT router built into them. For cable modems, you definately should buy one. Might as well get a combo wireless base station/NAT router for the future Laptop or kitchen PC.

Never used Opera...

Staying away from online banking though... That's not really necessary, and in this day and age, not an option for people like me. In fact, it is much safer to use online banking, as long as you don't give away your information by accident to a phishing attempt.
A few tips to keep online banking safe:
1) NEVER access your bank from a public Wifi hot spot, or even a pay per access Wifi hot spot.
2) Make it practice to Never, EVER click on any link in an email that is supposedly from a bank
3) ALWAYS TYPE in the bank URL to get to your bank's page (making sure not to misspell it).

These 3 basic practices will keep most safe from identity theaft due to phishing attempts.

That said, my original post was primarily directed to preventing your PC from being a BOT, not protecting your identity.

KyferEz

KyferEz,
nobody is trying to cut your grass, any good info is helpful ,, for novice or expert
i don't like paying for appz either, kaspersky has simple mode and u get lifetime updates

as being in security i can tell ya never to use Wifi, way too easy to get broken into, i've piggybacked 2 wifi routers ,, first with regular 801.x protection and second fully encrypted with even laBrea running, some kid whizzed though like better sitting in front on my place. lucky enough he went to test locked linux box with nothing on it. so i tried and got in no probs with usual tools. no offence but in my books > never will be using wifi unless they make it safe

in any case > never enough security per box if it's hooked to net

Oh, and...by a mac

I used to say that until I found out that three friends of mine all experienced hijacks of their preinstalled unpatched Apache server.

Macs are just as ripe for a bot takeover, it's just a factor of numbers.

In my experience investigating spammer abuse of personal computers, literally no OS is 100% free from attack. Yes Windows is the lowest hanging fruit, but that's really only if you're a "dumb" user. I've been running Windows since its first inception and I have only once been infected due to lax security (a Windows 95 test box, the infection occured in 2001.)

Also: Macs are expensive. Average consumers can't afford to pay an additional $1000 no matter how great the underlying technology.

I'm not anti-mac. I just don't buy that argument anymore.

SiL