INTRODUCTION:
(Afterwards, the actual steps to perform beyond CIS Tool suggestions (which will need you to use tools like secpol.msc, gpedit.msc, services.msc, regedit.exe, explorer.exe + more, yet, all native tools to your OS) will be listed for your reference, each in their own post reply, to avoid "clutter"):
Windows CAN be secured very well, but, you have to go thru some "GYRATIONS/EFFORT" to do it, but, it IS doable (but not to any 100% levels, because again - new holes/vulnerabilities appear in the OS & its libs + apps, but this gets you closer, if not as close as a body needs to be!).
THIS IS GEARED TO "stand-alone" systems online on the internet (However - it can be adapted for LAN/WAN office or home networked environs, BUT, pay attention to step #2's 'warnings' about pulling Client For Microsoft Networks, &/or File & printer sharing - most networks require/need this)
--------------------------------------------------------------------------------------------------------------
BACKGROUND & INFORMATION + TOOLS YOU CAN USE TO HELP YOU SECURE YOUR SYSTEM:
--------------------------------------------------------------------------------------------------------------
Here I am running Windows Server 2003 SP #2, fully current patched by MS update pages, here (I check it every 2nd Tuesday of the month of course, on "Patch Tuesday's"):
http://www.microsoft.com/downloads/Browse....rder=descending
It is a personally 'security-hardened' model I have been working on for many years, using principals I learned & used since the NT 3.5x days onward to this version of the OS: As is now?
I score an 85.760 on the CIS Tool 1.x currently as of 10/10/2007!
http://forums.techpowerup.com//attachment....mp;d=1192208359
This is up from my past score here of 76.xxx on it (default score I had prior to this security hardening via CIS TOOL & its advisements & past the 84.735 I initially hardened it up to, & later 85.185 as well), & here is how to do it!
Currently, I can go NO higher than this score of 85.760 (of 100 total) on CIS Tool 1.x for Windows, pictured here (photo proof/pictures DO say, a 1,000 words (like this post, lol)) & even IF I could get past the few areas I know are wrong (the test errs, as it does on some areas in LINUX as well), I cannot get past 88% or so, period!
============================================================================
HERE ARE LINUX SCORES FROM CIS TOOL (SuSE Enterprise Linux under VMWare):
============================================================================
HARDENED LINUX:
http://forums.techpowerup.com//attachment....mp;d=1192894351
DEFAULT LINUX:
http://forums.techpowerup.com//attachment....mp;d=1192894012
(It appears that LINUX has FAR LESS TESTED, when compared to the SIZE of the Windows tets, & Linux CAN reach 90++ scores (but there is an error in CIS TOOL preventing myself from going to a higher than 85.760 score & I have submitted the data to CIS TOOL's authors on that account WITH PROOFS, and even if I could get the few areas I am scored down on still, it would not add to past 88% or so... bug, bigtime, do the math from my score & see))
============================================================================
That is a DECENT ENOUGH score (especially considering the default score of VISTA even, is FAR BELOW THAT! Nice part is? The techniques noted here can LARGELY APPLY TO VISTA AS WELL, but afaik there is no CIS Tool version for VISTA (yet)! Still, read on...)
(For CIS Tool - There are Linux, Solaris, BSD variants, & other OS models ports (some only in .pdf security guide form though, not programmatically automated yet, like MacOS X) of this are available too by the way - not really "ports" strictly speaking, they require JAVA to run)
-------------------------------------------------------------------------------------------------------------------
DOWNLOAD URL FOR CIS TOOL (for multiple platforms), from "The Center for Internet Security" here:
-------------------------------------------------------------------------------------------------------------------
http://www.cisecurity.org/bench.html
IMPORTANT: This tool IS invaluable in guiding you to a more secure OS, on any OS platform really!
It actually makes it "FUN", in a techie/geeky/nerdy (whatever) kind of way, in that you really find out WHAT it is you know, vs. the CIS Tool results, as far as securing a Windows NT-based system. E.G./I.E,-> I've been @ this field in a professional capacity since 1994, & it taught me a "trick-or-two", let's put it THAT way.
CIS Tool = Great stuff, that makes much of this easier (what I add ontop of it is in the next steps)!
APK
P.S.=> Now that the "introductory material" (tools to use, how/why, results possible, etc. et al) has been put down? Now, here we go to the actual "meat" of the subject in my next post(s).
Also - IF you have more to add to this, OR critique of my points? Please - have @ it & let 'em rip (as we ALL can gain by for security & peace-of-mind online hopefully)
HOWEVER, please - hold off on the "English Grammar" critiques + "writing style" stuff (I did my best + refine it as I go & add more)
I would try to have made it shorter too, but it's complex material @ times, & definitely a lot of it (CIS Tool helps though)!
(So please, as to critiques - I only ask that you keep it computer security technically oriented, adding points I may have missed or supplementing those I suggest with alternates to things I Have).
Thanks! apk
Full Version: HOW TO SECURE Windows 2000/XP/Server 2003, & VISTA
SECURING SERVICES (ala MacOS X style, for its daemons, via privelege levels)
IMPORTANT - IF you're not sure what to do here? DON'T, & just skip it until later
(As this is probably the most "touchy" of the lot (I can field questions on this, pm or email me if need be))
===============================================================================
APK 12 STEPS TO SECURE YOUR WINDOWS NT-BASED SYSTEM (2000/XP/SERVER 2003/VISTA):
===============================================================================
1.) HARDENING & SECURING SERVICES HOW-TO (longest one of the lot but, one well worth pursuing... read on):
Many services I do not need are either cut off OR secured in their logon entity to lower privilege entities (from default, near "ALL POWERFUL" SYSTEM, to lesser ones like NETWORK SERVICE or LOCAL SERVICE).
I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...
(The reason I mention this, is, this "technique" IS a superiority of MORE MODERN Windows NT-based OS over their ancestors (especially NT 3.x-4.0) & on par w/ how this makes your Win32 NT-based OS' like 2000 (with more work), XP, Server 2003 (VISTA too if needed), very much like how MacOS X treats its daemon processes via privelege levels, which uses the same general principals)
It works, & although many service packs for Windows OS' have changed their services (not all but many nowadays) to less than SYSTEM, my list covers those they may not have in recent service packs AND 3rd party services are listed too that you may be running possibly!
This is for SERVICES YOU ACTUALLY NEED TO RUN (many, you really don't - this has always astounded me, & MS can put out "home versions" more this way imo, for gamers especially (auto-service "lean tuned turbocharged" for performance/speed/less resources consumption)).
ON THAT NOTE (for performance AND security)? CUTTING OFF SERVICES YOU DO NOT NEED TO RUN IS POSSIBLY THE BEST METHOD OF SECURING THEM, AND GAINING SPEED - AGAIN, SIMPLY SINCE YOU ARE NOT WASTING I/O, MEMORY, or OTHER RESOURCES ON THEM, PERIOD, in doing this!
Please, if you don't do this already? Hey - do consider it, when possible! It works like NO TOMORROW...
Many guides online exist for this, & I authored one of the first "back in the day" for NTCompatible.com as "Article #1" back in 1997/1998 - 2002 (early model is in URL below, much detail on registry hacks too for speed & security in it, cited in 2002 @ NeoWin):
http://www.neowin.net/news/main/01/11/29/a...--security-text
The latest ones are even BETTER/MORE CURRENT, as there are ones that DO EXIST FOR VISTA ONLINE ALSO!
Anyhow - on the note of 3rd party services, & many native ones (for 2000/XP/Server 2003, but not fully on VISTA as I do not run it @ home or on the job)?
I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits.
===============================================================================
LOCAL SERVICE startable list (vs. LocalSystem Logon Default):
Acronis Scheduler 2 Service
Alerter (needs Workstation Service Running)
COM+ System Application
GHOST
Indexing Service
NVIDIA Display Driver Service
Office Source Engine
O&O Clever Cache
Remote Registry
Sandra Service
Sandra Data Service
SmartCard
Tcp/IP NetBIOS Helper
Telnet
UserProfile Hive Cleanup Service
Volume Shadowing Service
Windows UserMode Drivers
Windows Image Acquisition
WinHTTP Proxy AutoDiscovery Service
----------
NETWORK SERVICE startable list (vs. LocalSystem Logon Default):
ASP.NET State Service
Application Layer Gateway
Clipbook (needs Network DDE & Network DDE DSDM)
Microsoft Shadow Copy Provider
Executive Software Undelete
DNS Client
DHCP Client
Error Reporting
FileZilla Server
Machine Debug Manager
Merger
NetMeeting Remote Desktop Sharing Service
Network DDE
Network DDE DSDM
PDEngine (Raxco PerfectDisk)
Performance Logs & Alerts
RPC
Remote Desktop Help Session Manager Service
Remote Packet Capture Protocol v.0 (experimental MS service)
Resultant Set of Policies Provider
SAV Roam
Symantec LiveUpdate
Visual Studio 2005 Remote Debug
===============================================================================
PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.
WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!
*****************************************************************************
If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?
Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!
If that fails (shouldn't, but IF it does)? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:
ListSvc (shows services & drivers states of stopped or started)
Enable (starts up a service &/or driver)
Disable (stops a server &/or driver)
Which can turn them back on if/when needed
(ON Virtual Disk Service being removed, specifically (because it used to be in this list)): This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)
===============================================================================
SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:
STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!
Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):
The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
http://forums.techpowerup.com/showthread.php?t=16097
"Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"
(It's easy, & it works, & is necessary for the actual steps to do this, below)
Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs!
------------------------------------------------------------
STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003
http://support.microsoft.com/kb/816297
Create and Define a New Security Template
(To define a new security template, follow these steps)
1. In the console tree, expand Security Templates
2. Right-click %SystemRoot%\Security\Templates, and then click New Template
3. In the Template name box, type a name for the new template.
(If you want, you can type a description in the Description box, and then click OK)
The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.
1. To define a System Services policy, follow these steps:
a. Expand System Services
b. In the right pane, double-click the service that you want to configure
c. Specify the options that you want, and then click OK.
DONE!
APK
P.S.=> Again, this is probably the MOST lengthy & hardest of the lot, so DO NOT LET IT DISCOURAGE YOU, the rest of this article is far simpler/shorter to do, & yields benefits that are as good as THIS long step, especially in combination with it (for security) & are much shorter/simpler to do... & if you need help, ask here, or "PM" me, or just email me here -> apk4776239@hotmail.com for help!
IMPORTANT - IF you're not sure what to do here? DON'T, & just skip it until later
(As this is probably the most "touchy" of the lot (I can field questions on this, pm or email me if need be))
===============================================================================
APK 12 STEPS TO SECURE YOUR WINDOWS NT-BASED SYSTEM (2000/XP/SERVER 2003/VISTA):
===============================================================================
1.) HARDENING & SECURING SERVICES HOW-TO (longest one of the lot but, one well worth pursuing... read on):
Many services I do not need are either cut off OR secured in their logon entity to lower privilege entities (from default, near "ALL POWERFUL" SYSTEM, to lesser ones like NETWORK SERVICE or LOCAL SERVICE).
I went at ALL of the services in Windows Server 2003 (some will not be in XP for instance, & Windows 2000 has no NETWORK SERVICE or LOCAL SERVICE as far as I know, but not sure, you can always make a limited privelege user too for this on 2000 if needed)...
(The reason I mention this, is, this "technique" IS a superiority of MORE MODERN Windows NT-based OS over their ancestors (especially NT 3.x-4.0) & on par w/ how this makes your Win32 NT-based OS' like 2000 (with more work), XP, Server 2003 (VISTA too if needed), very much like how MacOS X treats its daemon processes via privelege levels, which uses the same general principals)
It works, & although many service packs for Windows OS' have changed their services (not all but many nowadays) to less than SYSTEM, my list covers those they may not have in recent service packs AND 3rd party services are listed too that you may be running possibly!
This is for SERVICES YOU ACTUALLY NEED TO RUN (many, you really don't - this has always astounded me, & MS can put out "home versions" more this way imo, for gamers especially (auto-service "lean tuned turbocharged" for performance/speed/less resources consumption)).
ON THAT NOTE (for performance AND security)? CUTTING OFF SERVICES YOU DO NOT NEED TO RUN IS POSSIBLY THE BEST METHOD OF SECURING THEM, AND GAINING SPEED - AGAIN, SIMPLY SINCE YOU ARE NOT WASTING I/O, MEMORY, or OTHER RESOURCES ON THEM, PERIOD, in doing this!
Please, if you don't do this already? Hey - do consider it, when possible! It works like NO TOMORROW...
Many guides online exist for this, & I authored one of the first "back in the day" for NTCompatible.com as "Article #1" back in 1997/1998 - 2002 (early model is in URL below, much detail on registry hacks too for speed & security in it, cited in 2002 @ NeoWin):
http://www.neowin.net/news/main/01/11/29/a...--security-text
The latest ones are even BETTER/MORE CURRENT, as there are ones that DO EXIST FOR VISTA ONLINE ALSO!
Anyhow - on the note of 3rd party services, & many native ones (for 2000/XP/Server 2003, but not fully on VISTA as I do not run it @ home or on the job)?
I did testing to see which services could be run/logged in as LOCAL SERVICE, or NETWORK SERVICE, rather than the default of LOCAL SYSTEM (which means Operating System entity level privileges - which CAN be "misused" by various spyware/malware/virus exploits.
===============================================================================
LOCAL SERVICE startable list (vs. LocalSystem Logon Default):
Acronis Scheduler 2 Service
Alerter (needs Workstation Service Running)
COM+ System Application
GHOST
Indexing Service
NVIDIA Display Driver Service
Office Source Engine
O&O Clever Cache
Remote Registry
Sandra Service
Sandra Data Service
SmartCard
Tcp/IP NetBIOS Helper
Telnet
UserProfile Hive Cleanup Service
Volume Shadowing Service
Windows UserMode Drivers
Windows Image Acquisition
WinHTTP Proxy AutoDiscovery Service
----------
NETWORK SERVICE startable list (vs. LocalSystem Logon Default):
ASP.NET State Service
Application Layer Gateway
Clipbook (needs Network DDE & Network DDE DSDM)
Microsoft Shadow Copy Provider
Executive Software Undelete
DNS Client
DHCP Client
Error Reporting
FileZilla Server
Machine Debug Manager
Merger
NetMeeting Remote Desktop Sharing Service
Network DDE
Network DDE DSDM
PDEngine (Raxco PerfectDisk)
Performance Logs & Alerts
RPC
Remote Desktop Help Session Manager Service
Remote Packet Capture Protocol v.0 (experimental MS service)
Resultant Set of Policies Provider
SAV Roam
Symantec LiveUpdate
Visual Studio 2005 Remote Debug
===============================================================================
PLEASE NOTE: Each service uses a BLANK password when reassigning their logon entity (when you change it from the default of LOCAL SYSTEM Account), because they use SID's as far as I know, not standard passwords.
WHEN YOU TEST THIS, AFTER RESETTING THE LOGON USER ENTITY EACH SERVICE USES: Just run your system awhile, & if say, Norton Antivirus refuses to update, or run right? You KNOW you set it wrong... say, if one you test that I do NOT list won't run as LOCAL SERVICE? Try NETWORK SERVICE instead... if that fails? YOU ARE STUCK USING LOCAL SYSTEM!
*****************************************************************************
If you cannot operate properly while changing the security logon entity context of a service (should NOT happen w/ 3rd party services, & this article shows you which ones can be altered safely)?
Boot to "Safe Mode", & reset that service's logon entity back to LOCAL SYSTEM again & accept it cannot do this security technique is all... it DOES happen!
If that fails (shouldn't, but IF it does)? There are commands in the "Recovery Console" (installed from your Windows installation CD as a bootup option while in Windows using this commandline -> D:\i386\winnt32.exe /cmdcons, where D is your CD-Rom driveletter (substitute in your dvd/cd driveletter for D of course)) of:
ListSvc (shows services & drivers states of stopped or started)
Enable (starts up a service &/or driver)
Disable (stops a server &/or driver)
Which can turn them back on if/when needed
(ON Virtual Disk Service being removed, specifically (because it used to be in this list)): This was done solely because, although it will run as LOCAL SERVICE, diskmgmt.msc will not be able to work! Even though the Logical Disk Manager service does not list VirtualDisk as a dependency, this occurs, so VirtualDisk service was pulled from BOTH the LOCAL SERVICE and NETWORK SERVICE lists here... apk)
===============================================================================
SECURING SERVICES @ THE ACL LEVEL VIA A SECURITY POLICY HOW-TO:
STEP #1: CONFIGURE A CUSTOM Microsoft Management Console for this!
Configuring yourself a "CUSTOM MMC.EXE (Microsoft Mgt. Console)" setup for security policy templates, here is how (these are NOT default Computer Mgt. tools, so you have to do this yourself, or run them by themselves, but this makes working w/ them convenient):
The next part's per BelArcGuy of BELARC ADVISOR's advice (pun intended):
http://forums.techpowerup.com/showthread.php?t=16097
"Security Configuration and Analysis" is an MMC snap-in. To access the MMC, type in mmc to the Windows Run.. command to pop up the console. Then use it's File|Add/Remove Snap-in... command and click the Add button on the resulting dialog. Choose both "Security Configuration and Analysis" and "Security Templates", close that dialog, and OK. You'll end up with a management console that has both of those snap-ins enabled. The whole MMC mechanism is a bit weird, but does work"
(It's easy, & it works, & is necessary for the actual steps to do this, below)
Next, is the actual "meat" of what we need to do, per Microsoft, to set ACLs!
------------------------------------------------------------
STEP #2: HOW TO: Define Security Templates By Using the Security Templates Snap-In in Windows Server 2003
http://support.microsoft.com/kb/816297
Create and Define a New Security Template
(To define a new security template, follow these steps)
1. In the console tree, expand Security Templates
2. Right-click %SystemRoot%\Security\Templates, and then click New Template
3. In the Template name box, type a name for the new template.
(If you want, you can type a description in the Description box, and then click OK)
The new security template appears in the list of security templates. Note that the security settings for this template are not yet defined. When you expand the new security template in the console tree, expand each component of the template, and then double-click each security setting that is contained in that component, a status of Not Defined appears in the Computer Setting column.
1. To define a System Services policy, follow these steps:
a. Expand System Services
b. In the right pane, double-click the service that you want to configure
c. Specify the options that you want, and then click OK.
DONE!
APK
P.S.=> Again, this is probably the MOST lengthy & hardest of the lot, so DO NOT LET IT DISCOURAGE YOU, the rest of this article is far simpler/shorter to do, & yields benefits that are as good as THIS long step, especially in combination with it (for security) & are much shorter/simpler to do... & if you need help, ask here, or "PM" me, or just email me here -> apk4776239@hotmail.com for help!
IF you have a HOME LAN/network? You skip this/leave this alone!
(... & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well).
2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!
E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection! You can either UNCHECK THEIR CHECKBOXES (if say, you do decide to bind this machine to a network of somekind one day, OR have to occasionally (with family/friends' PC's or LAN parties for example))... OR, wholesale uninstall them.
NOTE - sometimes, even TROJANS/SPYWARES/MALWARES HIDE HERE ALSO - the std. set is:
(That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use - sometimes, they're OK! So... look up others you MAY see here & decide if you need them or not, or if programs you do use that are LEGITIMATE need the others I do not list that are not std. w/ Microsoft OS', as those are above)
So, other than Tcp/IP typically, it gets removed here if I have no LAN (via either uninstall OR uncheck).
(I also disable NetBIOS over Tcp/IP in the WINS section of Tcp/IP Properties ADVANCED button section also - see, if you don't have a HOME or WORK LAN you can & go faster + be potentially more secure also. Again, for my single machine setup currently here, I certainly don't need anything more than Tcp/IP running, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN).
Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc)
Also regarding the HOSTS file (which I also mention in this article as it yields HUGE security and speed benefits, more than this does by far imo)?
IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of:
127.0.0.1 localhost
In the HOSTS file, more on it below (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!).
APK
(... & do not disable the SERVER service (it creates the hidden default C$ administrative share for example) in services.msc & keep 127.0.0.1 (the default lone entry it has) in your %windir%\system32\drivers\etc HOSTS file as well).
2.) Disable Microsoft "File & Print Sharing" as well as "Client for Microsoft Networks" in your LOCAL AREA CONNECTION (if you do not need them that is for say, running your home LAN)!
E.G.-> Here? I pull ANY Networking clients (Client for MS Networks/File & Printer Sharing)) &/or Protocols (QoS = just 1 example) in the Local Area Connection! You can either UNCHECK THEIR CHECKBOXES (if say, you do decide to bind this machine to a network of somekind one day, OR have to occasionally (with family/friends' PC's or LAN parties for example))... OR, wholesale uninstall them.
NOTE - sometimes, even TROJANS/SPYWARES/MALWARES HIDE HERE ALSO - the std. set is:
- Client For Microsoft Networks (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}
- File and Printer Sharing (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}
- QoS (removable via uninstall OR uncheck of checkbox if you have no LAN connectivity needs}
- Tcp/IP Internet Protocol (need it to get online AND for Active Directory Networks too)
(That is, unless its for an antivirus & their Layered Service Provider hacks, such as Trend Micro use here, or more "hidden ones" like NOD32 or NAV use - sometimes, they're OK! So... look up others you MAY see here & decide if you need them or not, or if programs you do use that are LEGITIMATE need the others I do not list that are not std. w/ Microsoft OS', as those are above)
So, other than Tcp/IP typically, it gets removed here if I have no LAN (via either uninstall OR uncheck).
(I also disable NetBIOS over Tcp/IP in the WINS section of Tcp/IP Properties ADVANCED button section also - see, if you don't have a HOME or WORK LAN you can & go faster + be potentially more secure also. Again, for my single machine setup currently here, I certainly don't need anything more than Tcp/IP running, as I am currently @ home on a stand-alone machine that is not dependent on Microsoft's File Sharing etc. on a LAN/WAN).
Stopping the SERVER service helps here as well (no shares possible, not even the default C$ administrative share, iirc)
Also regarding the HOSTS file (which I also mention in this article as it yields HUGE security and speed benefits, more than this does by far imo)?
IF you have a LAN/WAN you use (or not), you will have to have the mandatory entry of:
127.0.0.1 localhost
In the HOSTS file, more on it below (needed for networking with a LAN/WAN - you could technically, dispense with it otherwise, but, as you can see above? It has practical uses... even SpyBot utilizes it & that is one HELL of a program, for this purpose:SECURITY!).
APK
3.) Use IP security policies (modded AnalogX one, very good for starters, you can edit & add/remove from it as needed) - Download url link is here for that:
http://www.analogx.com/contents/articles/ipsec.htm
(Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)
NOTE: This can be 'troublesome' though, for folks that run filesharing clients though.
An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.
(HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it & when done? TURN THEM ON, AGAIN! These work WITH software & hardware router firewalls, IP port filtering, and security IP policies, simultaneosly/concurrently, for "layered security", no hassles!).
APK
http://www.analogx.com/contents/articles/ipsec.htm
(Search "AnalogX Public Server IPSec Configuration v1.00 (29k zip file)" on that page & follow the directions on the page!)
NOTE: This can be 'troublesome' though, for folks that run filesharing clients though.
An alternative to this is using IP Ports Filtrations, in combination with a GOOD software firewall &/or NAT 'firewalling' (or true stateful inspection type) router. All of these work in combination w/ one another perfectly.
(HOWEVER - Should you choose to use it, and do filesharing programs? No problem really, because you can turn them on/off @ will using secpol.msc & the IP stack in Windows 2000/XP/Server 2003/VISTA is of "plug-N-play" design largely, & will allow it & when done? TURN THEM ON, AGAIN! These work WITH software & hardware router firewalls, IP port filtering, and security IP policies, simultaneosly/concurrently, for "layered security", no hassles!).
APK
Port Filtering (HOW TO & WHY)
4.) Another thing I do for securing a Windows NT-based OS: IP Port Filtrations (like ip security policies (per AnalogX above), it is often called the "poor man's firewall" & works perfectly with both IPSecurity policies, hardware AND software firewalls, all in combination/simultaneously running)!
DIRECTIONS ON HOW TO IMPLEMENT THEM (very easy):
Start Menu ->
Connect To Item (on the right hand side) ->
Local Area Connection (whatever you called it, this is the default, iirc) open it via double click OR, right-click popup menu PROPERTIES item ->
Properties button on left-hand side bottom, press/click it ->
NEXT SCREEN (Local Area Connection PROPERTIES) ->
"This connection uses the followng items" (go down the list, to Tcp/IP & select it & /click the PROPERTIES button there) ->
Press/Click the Advanced Button @ the bottom Right-Hand Side (shows Advanced Tcp/IP Settings screen) ->
OPTIONS tab, use it & Tcp IP Filtering is in the list, highlite/select it ->
Beneath the Optional Settings, press/click the PROPERTIES button on the lower right-hand side ->
Check the "Enable Tcp/IP Filtering (on all adapters)" selection ->
In the far right, IP PROTOCOLS section, add ports 6 (tcp) & 17 (udp) ->
In the far left "tcp ports" list - check off the radio button above the list titled "PERMIT ONLY", & then add ports you want to have open (all others will be filtered out, & for example, I leave port 80,8080, & 443 here open, only on my standalone, non-networked home machine!
(For a HOME or WORK LAN, you may need to open up ports 135/137/139/445 for a Windows based network for file & print sharing PLUS enable NetBIOS over Tcp/IP in your network connection properties & ENABLE Client for Microsoft Networks & File and Print sharing too)
NOTE - you may need more if you run mail servers, & what-have-you (this varies by application))
I leave the UDP section "PERMIT ALL" because of ephemeral/short-lived ports usage that Windows does (I have never successfully filtered this properly but it doesn't matter as much imo, because udp does not do 'callback' as tcp does, & that is why tcp can be DDOS'd/DOS'd imo - it only sends out info., but never demands verification of delivery (faster, but less reliable)) ->
DONE!
You may need a reboot & it will signal if it needs it or not (probably will, even in VISTA):
I say this, because although IP Security Policies work with the "Plug-N-Play" design of modern Windows NT-based OS' (ipsec.sys) & do NOT require a reboot to activate/deactivate them in Windows 2000/XP/Server 2003/VISTA? This is working @ a diff. level & diff. driver iirc (tcpip.sys) & level of the telecommunications stacks in this OS family & WILL require a reboot to take effect (for a more detailed read of this, see here):
----
http://www.microsoft.com/technet/community...guy/cg0605.mspx
(In THAT url above? Trust me - Enjoy the read, it is VERY informative: That article shows you how TcpIP.sys, ipnat.sys, ipsec.sys, & ipfiltdrv.sys interact, PLUS how you can use them to your advantage in security!)
----
Also, these URL's will be helpful as well, bigtime (for understanding (e.g. - knowing which IP ports you need to leave open & why (or, why not)):
IANA PROTOCOL NUMBERS LIST:
http://www.isi.edu/in-notes/iana/assignmen...rotocol-numbers
IANA PORTS LIST (well-known, registered, & dynamic/private ports):
http://www.isi.edu/in-notes/iana/assignments/port-numbers
APK
4.) Another thing I do for securing a Windows NT-based OS: IP Port Filtrations (like ip security policies (per AnalogX above), it is often called the "poor man's firewall" & works perfectly with both IPSecurity policies, hardware AND software firewalls, all in combination/simultaneously running)!
DIRECTIONS ON HOW TO IMPLEMENT THEM (very easy):
Start Menu ->
Connect To Item (on the right hand side) ->
Local Area Connection (whatever you called it, this is the default, iirc) open it via double click OR, right-click popup menu PROPERTIES item ->
Properties button on left-hand side bottom, press/click it ->
NEXT SCREEN (Local Area Connection PROPERTIES) ->
"This connection uses the followng items" (go down the list, to Tcp/IP & select it & /click the PROPERTIES button there) ->
Press/Click the Advanced Button @ the bottom Right-Hand Side (shows Advanced Tcp/IP Settings screen) ->
OPTIONS tab, use it & Tcp IP Filtering is in the list, highlite/select it ->
Beneath the Optional Settings, press/click the PROPERTIES button on the lower right-hand side ->
Check the "Enable Tcp/IP Filtering (on all adapters)" selection ->
In the far right, IP PROTOCOLS section, add ports 6 (tcp) & 17 (udp) ->
In the far left "tcp ports" list - check off the radio button above the list titled "PERMIT ONLY", & then add ports you want to have open (all others will be filtered out, & for example, I leave port 80,8080, & 443 here open, only on my standalone, non-networked home machine!
(For a HOME or WORK LAN, you may need to open up ports 135/137/139/445 for a Windows based network for file & print sharing PLUS enable NetBIOS over Tcp/IP in your network connection properties & ENABLE Client for Microsoft Networks & File and Print sharing too)
NOTE - you may need more if you run mail servers, & what-have-you (this varies by application))
I leave the UDP section "PERMIT ALL" because of ephemeral/short-lived ports usage that Windows does (I have never successfully filtered this properly but it doesn't matter as much imo, because udp does not do 'callback' as tcp does, & that is why tcp can be DDOS'd/DOS'd imo - it only sends out info., but never demands verification of delivery (faster, but less reliable)) ->
DONE!
You may need a reboot & it will signal if it needs it or not (probably will, even in VISTA):
I say this, because although IP Security Policies work with the "Plug-N-Play" design of modern Windows NT-based OS' (ipsec.sys) & do NOT require a reboot to activate/deactivate them in Windows 2000/XP/Server 2003/VISTA? This is working @ a diff. level & diff. driver iirc (tcpip.sys) & level of the telecommunications stacks in this OS family & WILL require a reboot to take effect (for a more detailed read of this, see here):
----
http://www.microsoft.com/technet/community...guy/cg0605.mspx
(In THAT url above? Trust me - Enjoy the read, it is VERY informative: That article shows you how TcpIP.sys, ipnat.sys, ipsec.sys, & ipfiltdrv.sys interact, PLUS how you can use them to your advantage in security!)
----
Also, these URL's will be helpful as well, bigtime (for understanding (e.g. - knowing which IP ports you need to leave open & why (or, why not)):
IANA PROTOCOL NUMBERS LIST:
http://www.isi.edu/in-notes/iana/assignmen...rotocol-numbers
IANA PORTS LIST (well-known, registered, & dynamic/private ports):
http://www.isi.edu/in-notes/iana/assignments/port-numbers
APK
CUSTOM HOSTS FILE USAGE (for speed, AND SECURITY)
5.) The use of a CUSTOM ADBANNER BLOCKING HOSTS FILE (my personal one houses, as of this date, 90,000 known adbanner servers, OR sites known to bear malicious code & exploits (per GOOGLE mostly, from stopbadware.org))
Custom HOSTS files work in combination with Opera adbanner blocks & the usage of .PAC filering files + cascading style sheets for this purpose.
(As well as speeding up access to sites I often access - doing this, acting as my own "DNS Server" more or less, is orders of magnitude faster than calling out to my ISP/BSP DNS servers, waiting out a roundtrip return URL-> IP Address resolution. It may take some maintenance for this @ times, especially if sites change HOSTING PROVIDERS, but this is a rarity & most sites TELL YOU when they do this as well, so you can make fast edits, as needed (and, on Windows NT-based OS since 2000/XP/Server 2003 & VISTA? A reboot is NOT required upon edits & commits of changes in the new largely near fully PnP IP stacks!))
For a copy of mine, write me, here -> apk4776239@hotmail.com
And, I will send it to you in .zip or .rar format (with sped up sites # UNIX comment symbol disabled, enable the ones you use AFTER you 'ping' them first from my list, & add ones YOU PERSONALLY USE to it as needed after determining their IP address via a PING of them)
OR, JUST DOWNLOAD IT HERE:
http://forums.techpowerup.com/attachment.p...mp;d=1172567412
----
An example of WHY you'd want to use one of these for security's sake? Read here:
Why use an ADBANNER BLOCKING HOSTS file? Here is why: - techPowerUp! Forums
----
ADDITIONALLY, because on Windows Server 2003 (however, no others I have seen @ least so far), sometimes, the HOSTS file precedence vs. say, local DNS servers on a LAN, gets overridden by them? You MAY have to implement this:
How to change name resolution order on Windows 95 and Windows NT
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider]
"LocalPriority"=dword:00000005
"HostsPriority"=dword:00000006
"DnsPriority"=dword:00000007
"NetbtPriority"=dword:00000008
(LOWER NUMBERS HERE = GREATER PRIORITY)
As you can see, I give my LOCAL DNS Cache the greatest priority (because it has my HOSTS file loaded into it @ system startup (IP stack startup, actually)), & THEN, my custom adbanner blocking/speedup fav sites (which this post is showing folks how to do, & yes, it works) is next, & then my ISP/BSP's DNS servers, & lastly NetBios/WINS stuff (which I just plain do NOT use, because I have no LanManager style network running here, ONLY Tcp/IP)
----
IMPORTANT NOTE: IF your system seems to "lag" while the HOSTS file is in use (this typically does not occur with 1mb or less sized HOSTS files in my experience), especially IF it is a relatively LARGER SIZED one (in the case I saw where this happened, it was a 12mb sized one I use, & it was applied on a Windows XP Home Edition system w/ 256mb of RAM on an AMD Athlon64 3200mhz system), YOU MAY HAVE TO DISABLE YOUR DNS Client Service!
* This is achieved via going to the START button, RUN command, type in SERVICES.MSC & once it comes to the screen, find the DNS Client Service in the list of services & right-click on it (or, doubleclick) & use the PROPERTIES screen, & use the STOP button (to stop the service) & then set its startup type to DISABLED, & this 'lagging' goes away (reboot is recommended, especially on Windows 2000 systems, for the HOSTS file to reload... otherwise, changes may take up to 5 minutes to take, so reboots make that quicker & assured on ANY Ms Windows-NT based OS (2000/XP/Server 2003 & VISTA).
----
DIRECTIONS FOR USE (also in my downloadable CUSTOM HOSTS file above, with MORE on how to really use them to get even more speed than blocking adbanners mind you is in its internal documentation):
You replace your:
%windir%\system32\drivers\etc
Original version of HOSTS with this one (overwrite it, but, first copy your original OR rename it to keep it around IF ever needed), & have @ it (HBO internet, no commercials + thus MORE SPEED (and, you WILL notice it) by not calling out to ad servers, loading their data, & running it... & certainly NO possibility of being infected by adbanners that bear RBN (Russian Business Network) malware javascripted/FLASH bearing adbanners that infect you as has been seen lately/very currently in fact - between this, and stalling out Java/JavaScript + ActiveX/ActiveScripting globally in your browsers as noted in the last step & why? You are "proof" against MOST attacks today (& consider disabling IFrames too, an oft used attack today as well!)).
Now, like I do? It IS possible to alter the default location of the HOSTS file, & to take away I/O from your main disk to load it by using another one... like a 2nd HDD you may have IF you have one for example!
(E.G.-> I move mine to my CENATEK RocketDrive SSD (solid state RamDisk), for F A S T access since seek times on it are 1000's of times faster than on std. mechanical disks, & doesn't matter WHAT kind - & here I also place my pagefile.sys on its own partition (first) & then webpage caches, %temp% environmental variable ops, logging (even eventlogs, which like HOSTS file, can be moved in the registry to another disk, & applications often have the ability to move their logs in their configuration screens as well)) via this registry key, should you elect to do the same:
In regedit.exe's right-hand-side pane, follow this path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& in the left-hand-side pane of regedit.exe, you change the DataBasePath path value there to the disk & folder you wish to place your HOSTS file in (which makes for faster OS & IP stack initialization since it is on another drive, in my case an SSD so it is THAT MUCH QUICKER since seeks on them are so fast, to load the HOSTS data into your RAM (local DNS cache)).
APK
P.S.=> To keep "ontop of the latest spam mailers, & also known malicious sites" online? See these sites (1 I mentioned here already, this is the rest of the list I use, & others too):
Dancho Danchev (security expert) BLOG page:
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
SRI:
SRI Malware Threat Center
StopBadWare.org:
StopBadware.org - Welcome to StopBadware.org
Spamhaus (good for the mail end of things):
Lookup an IP Address in the Spamhaus DNSBLs
PHISTANK ("phunny name", pun intended) - Another really GOOD bad mailer & sites listing:
PhishTank | Join the fight against phishing
Between they, & SpyBot "Search & Destroy"? I'd say you have most of, if not ALL of what a "body needs" for these purposes... if you know of others? Please - list them, & thanks! apk
5.) The use of a CUSTOM ADBANNER BLOCKING HOSTS FILE (my personal one houses, as of this date, 90,000 known adbanner servers, OR sites known to bear malicious code & exploits (per GOOGLE mostly, from stopbadware.org))
Custom HOSTS files work in combination with Opera adbanner blocks & the usage of .PAC filering files + cascading style sheets for this purpose.
(As well as speeding up access to sites I often access - doing this, acting as my own "DNS Server" more or less, is orders of magnitude faster than calling out to my ISP/BSP DNS servers, waiting out a roundtrip return URL-> IP Address resolution. It may take some maintenance for this @ times, especially if sites change HOSTING PROVIDERS, but this is a rarity & most sites TELL YOU when they do this as well, so you can make fast edits, as needed (and, on Windows NT-based OS since 2000/XP/Server 2003 & VISTA? A reboot is NOT required upon edits & commits of changes in the new largely near fully PnP IP stacks!))
For a copy of mine, write me, here -> apk4776239@hotmail.com
And, I will send it to you in .zip or .rar format (with sped up sites # UNIX comment symbol disabled, enable the ones you use AFTER you 'ping' them first from my list, & add ones YOU PERSONALLY USE to it as needed after determining their IP address via a PING of them)
OR, JUST DOWNLOAD IT HERE:
http://forums.techpowerup.com/attachment.p...mp;d=1172567412
----
An example of WHY you'd want to use one of these for security's sake? Read here:
Why use an ADBANNER BLOCKING HOSTS file? Here is why: - techPowerUp! Forums
----
ADDITIONALLY, because on Windows Server 2003 (however, no others I have seen @ least so far), sometimes, the HOSTS file precedence vs. say, local DNS servers on a LAN, gets overridden by them? You MAY have to implement this:
How to change name resolution order on Windows 95 and Windows NT
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider]
"LocalPriority"=dword:00000005
"HostsPriority"=dword:00000006
"DnsPriority"=dword:00000007
"NetbtPriority"=dword:00000008
(LOWER NUMBERS HERE = GREATER PRIORITY)
As you can see, I give my LOCAL DNS Cache the greatest priority (because it has my HOSTS file loaded into it @ system startup (IP stack startup, actually)), & THEN, my custom adbanner blocking/speedup fav sites (which this post is showing folks how to do, & yes, it works) is next, & then my ISP/BSP's DNS servers, & lastly NetBios/WINS stuff (which I just plain do NOT use, because I have no LanManager style network running here, ONLY Tcp/IP)
----
IMPORTANT NOTE: IF your system seems to "lag" while the HOSTS file is in use (this typically does not occur with 1mb or less sized HOSTS files in my experience), especially IF it is a relatively LARGER SIZED one (in the case I saw where this happened, it was a 12mb sized one I use, & it was applied on a Windows XP Home Edition system w/ 256mb of RAM on an AMD Athlon64 3200mhz system), YOU MAY HAVE TO DISABLE YOUR DNS Client Service!
* This is achieved via going to the START button, RUN command, type in SERVICES.MSC & once it comes to the screen, find the DNS Client Service in the list of services & right-click on it (or, doubleclick) & use the PROPERTIES screen, & use the STOP button (to stop the service) & then set its startup type to DISABLED, & this 'lagging' goes away (reboot is recommended, especially on Windows 2000 systems, for the HOSTS file to reload... otherwise, changes may take up to 5 minutes to take, so reboots make that quicker & assured on ANY Ms Windows-NT based OS (2000/XP/Server 2003 & VISTA).
----
DIRECTIONS FOR USE (also in my downloadable CUSTOM HOSTS file above, with MORE on how to really use them to get even more speed than blocking adbanners mind you is in its internal documentation):
You replace your:
%windir%\system32\drivers\etc
Original version of HOSTS with this one (overwrite it, but, first copy your original OR rename it to keep it around IF ever needed), & have @ it (HBO internet, no commercials + thus MORE SPEED (and, you WILL notice it) by not calling out to ad servers, loading their data, & running it... & certainly NO possibility of being infected by adbanners that bear RBN (Russian Business Network) malware javascripted/FLASH bearing adbanners that infect you as has been seen lately/very currently in fact - between this, and stalling out Java/JavaScript + ActiveX/ActiveScripting globally in your browsers as noted in the last step & why? You are "proof" against MOST attacks today (& consider disabling IFrames too, an oft used attack today as well!)).
Now, like I do? It IS possible to alter the default location of the HOSTS file, & to take away I/O from your main disk to load it by using another one... like a 2nd HDD you may have IF you have one for example!
(E.G.-> I move mine to my CENATEK RocketDrive SSD (solid state RamDisk), for F A S T access since seek times on it are 1000's of times faster than on std. mechanical disks, & doesn't matter WHAT kind - & here I also place my pagefile.sys on its own partition (first) & then webpage caches, %temp% environmental variable ops, logging (even eventlogs, which like HOSTS file, can be moved in the registry to another disk, & applications often have the ability to move their logs in their configuration screens as well)) via this registry key, should you elect to do the same:
In regedit.exe's right-hand-side pane, follow this path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& in the left-hand-side pane of regedit.exe, you change the DataBasePath path value there to the disk & folder you wish to place your HOSTS file in (which makes for faster OS & IP stack initialization since it is on another drive, in my case an SSD so it is THAT MUCH QUICKER since seeks on them are so fast, to load the HOSTS data into your RAM (local DNS cache)).
APK
P.S.=> To keep "ontop of the latest spam mailers, & also known malicious sites" online? See these sites (1 I mentioned here already, this is the rest of the list I use, & others too):
Dancho Danchev (security expert) BLOG page:
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
SRI:
SRI Malware Threat Center
StopBadWare.org:
StopBadware.org - Welcome to StopBadware.org
Spamhaus (good for the mail end of things):
Lookup an IP Address in the Spamhaus DNSBLs
PHISTANK ("phunny name", pun intended) - Another really GOOD bad mailer & sites listing:
PhishTank | Join the fight against phishing
Between they, & SpyBot "Search & Destroy"? I'd say you have most of, if not ALL of what a "body needs" for these purposes... if you know of others? Please - list them, & thanks! apk
6.) USE Tons of security & speed oriented registry hacks (reconfiging the OS basically - stuff like you might do in etc / conf in UNIX/LINUX I suppose)
Download them from here @ SOFTPEDIA (where they are rated 4/5, but, the HOSTS file here is way outdated, use the one I suggest in steps below this present one instead)):
http://www.softpedia.com/get/Tweak/System-...up-Guides.shtml
OR
Read many of them here online:
=================================
APK "A to Z" Internet Speedup & Security Text!
=================================
http://www.neowin.net/news/main/01/11/29/a...--security-text
=================================
OR, just email me here for them -> apk4776239@hotmail.com
(The email option's the best, because I also have these PREBUILT, in .reg files, mind you, available by email, BUT, the ones I can mail ARE FULLY INTERNALLY DOCUMENTED!)
They are FULLY documented internally, with link url's to the Microsoft pages they came from, inside the .reg files, so YOU can look at what the hack does inside them, verify this @ MS, & know what the valid parameters are as well!
(This? It took me FOREVER a year or so ago to do this, but worth it!)
The urls, or downloadable .mht files, outline it all (as do my prebuilt .reg files, probably the BEST choice of the lot imo), as to what you can ".reg file hack" for better SPEED, and SECURITY online, in a modern Windows 2000/XP/Server 2003 OS & has references from Microsoft in it for each setting plus their definitions & parameters possible!
APK
Download them from here @ SOFTPEDIA (where they are rated 4/5, but, the HOSTS file here is way outdated, use the one I suggest in steps below this present one instead)):
http://www.softpedia.com/get/Tweak/System-...up-Guides.shtml
OR
Read many of them here online:
=================================
APK "A to Z" Internet Speedup & Security Text!
=================================
http://www.neowin.net/news/main/01/11/29/a...--security-text
=================================
OR, just email me here for them -> apk4776239@hotmail.com
(The email option's the best, because I also have these PREBUILT, in .reg files, mind you, available by email, BUT, the ones I can mail ARE FULLY INTERNALLY DOCUMENTED!)
They are FULLY documented internally, with link url's to the Microsoft pages they came from, inside the .reg files, so YOU can look at what the hack does inside them, verify this @ MS, & know what the valid parameters are as well!
(This? It took me FOREVER a year or so ago to do this, but worth it!)
The urls, or downloadable .mht files, outline it all (as do my prebuilt .reg files, probably the BEST choice of the lot imo), as to what you can ".reg file hack" for better SPEED, and SECURITY online, in a modern Windows 2000/XP/Server 2003 OS & has references from Microsoft in it for each setting plus their definitions & parameters possible!
APK
7.) USE General LOCAL security policies (in gpedit.msc/secpol.msc - afaik though, these are NOT in XP "Home" edition, sorry)), these are VALUABLE tools (and will be needed & suggestions for it will be told to you by the CIS Tool noted above - great stuff!) and regedit.exe!
(Newly added - regedit.exe use is for registry ACL permissions, via its EDIT menu, PERMISSIONS submenu item (to add/remove users that have rights to regisry hives/values, & to establish their rights levels therein))
ALSO NEWLY ADDED - Explorer.exe "right-click" on drive letters/folders/files (for file access ACL permissions hardening) using its popup menu selection of "PROPERTIES", & in the next screen, the SECURITY tab (to add/remove users that have rights to said items, & to establish their rights levels therein), also - this is another requirement of CIS Tool 1.x & its suggestions for better security.
HOWEVER: Here, you may not be able to see the SECURITY TAB mentioned above. This is why (AND, HOW TO FIX THAT & straight from the horses mouth @ MS):
http://support.microsoft.com/kb/304040
==========
Turning on and turning off Simple File Sharing
Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.
If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.
To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
1. Double-click My Computer on the desktop.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then select the Use Simple File Sharing
(Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)
==========
* That turns the ability to see the NTFS ACL SECURITY TAB, back on in Explorer.exe, for YOUR usage here, in the capacity of security-hardening your machine!
APK
(Newly added - regedit.exe use is for registry ACL permissions, via its EDIT menu, PERMISSIONS submenu item (to add/remove users that have rights to regisry hives/values, & to establish their rights levels therein))
ALSO NEWLY ADDED - Explorer.exe "right-click" on drive letters/folders/files (for file access ACL permissions hardening) using its popup menu selection of "PROPERTIES", & in the next screen, the SECURITY tab (to add/remove users that have rights to said items, & to establish their rights levels therein), also - this is another requirement of CIS Tool 1.x & its suggestions for better security.
HOWEVER: Here, you may not be able to see the SECURITY TAB mentioned above. This is why (AND, HOW TO FIX THAT & straight from the horses mouth @ MS):
http://support.microsoft.com/kb/304040
==========
Turning on and turning off Simple File Sharing
Simple File Sharing is always turned on in Windows XP Home Edition-based computers. By default, the Simple File Sharing UI is turned on in Windows XP Professional-based computers that are joined to a workgroup. Windows XP Professional-based computers that are joined to a domain use only the classic file sharing and security interface. When you use the Simple File Sharing UI (that is located in the folder's properties), both share and file permissions are configured.
If you turn off Simple File Sharing, you have more control over the permissions to individual users. However, you must have advanced knowledge of NTFS and share permissions to help keep your folders and files more secure. If you turn off Simple File Sharing, the Shared Documents feature is not turned off.
To turn Simple File Sharing on or off in Windows XP Professional, follow these steps:
1. Double-click My Computer on the desktop.
2. On the Tools menu, click Folder Options.
3. Click the View tab, and then select the Use Simple File Sharing
(Recommended) check box to turn on Simple File Sharing. (Clear this check box to turn off this feature.)
==========
* That turns the ability to see the NTFS ACL SECURITY TAB, back on in Explorer.exe, for YOUR usage here, in the capacity of security-hardening your machine!
APK
8.) KEEP UP ON PATCHES FROM MICROSOFT, for your OS & Microsoft Office Apps, & IE, etc., HERE (ordered by release date) and run AntiVirus/AntiSpyware/AntiRootkit tools (& yes, keep them updated/current)!
http://www.microsoft.com/downloads/Browse....rder=descending
Again, keep up on antivirus/antispyware/antirootkit AND Java runtimes updates!
(Done either automatically via their services, or manually)
Download them manually & install them yourself (OR just let "Windows Automatic Updates" run)
ALSO - do the use of the "std. security stuff", like:
AntiVirus Programs (NOD32 latest 2.7x - "best" one there is, all-around (best speed/efficiency, less "moving parts" in drivers (kernelmode-RPL0-Ring 0 portion) & services/gui usermode-RPL2-Ring3 sections + great consistent showings in detect rates, especially heuristics), & that is not only MY opinion after testing it vs. my former fav. NAV Corporate 10.2 (it is lighter in RAM & resource uses than NAV Corporate even, finds more virus' than others, & uses less "moving parts" (in the way of services componentry, than most do, & certainly less than NAV))
Proof? See here -> http://www.eset.com/products/compare.php
(That's a single source, there are others, such as av-comparatives.org, which also test & compare AntiVirus products out there as well on many levels (mostly detection rates). The URL above goes into more than that, such as program speed/efficiency/throughput, & the fact NOD32 is written almost TOTALLY in pure Assembler language (when, if coupled with a solid fast algorithm/engine, is untouchable even by C/C++ or Delphi even for that)).
+
SpyBot (Ad-Aware is another option) as my resident antispyware tool running in the background!
This tool in SPYBOT also installs & runs PERFECTLY in safemode (combined with ComboFix &/or SmitfraudFix, you can "burn out" just about ANY spyware/malware infestation in 30-60 minutes, depending on level of infection, speed of your disks/CPU/RAM, & amount of files on your disks - A good antivirus (See NOD32 above, best there is on speed/efficiency, resource consumption, & accuracy) alongside it plus vendor specialized "removal tools" is all a body needs (mostly) when infected.
AntiRootkit tools are another one to be conscious of nowadays, now that such machinations are available for Windows (they originated, afaik, in the UNIX world though).
The "best ones" (AntiRootkit scanners) & their download URL links are:
AVG AntiRootkit
BitDefender AntiRootkit
GMER
Rootkit Revealer
PrevX AntiRootkit
Rootkit Hook Analyzer
Sophos AntiRootkit
F-Secure Blacklight
Gromozon Rootkit Removal Tool
KLister
McAfee Rootkit Detective
PatchFinder
RogueRemover
VICE
System Virginity Verifier for Windows 2000/XP/2003
That is a list for you all to choose from, look them up on GOOGLE to download them from their homepages, as they all do a decent enough job though, & are 100% FREE - SO, DO use them!
APK
http://www.microsoft.com/downloads/Browse....rder=descending
Again, keep up on antivirus/antispyware/antirootkit AND Java runtimes updates!
(Done either automatically via their services, or manually)
Download them manually & install them yourself (OR just let "Windows Automatic Updates" run)
ALSO - do the use of the "std. security stuff", like:
AntiVirus Programs (NOD32 latest 2.7x - "best" one there is, all-around (best speed/efficiency, less "moving parts" in drivers (kernelmode-RPL0-Ring 0 portion) & services/gui usermode-RPL2-Ring3 sections + great consistent showings in detect rates, especially heuristics), & that is not only MY opinion after testing it vs. my former fav. NAV Corporate 10.2 (it is lighter in RAM & resource uses than NAV Corporate even, finds more virus' than others, & uses less "moving parts" (in the way of services componentry, than most do, & certainly less than NAV))
Proof? See here -> http://www.eset.com/products/compare.php
(That's a single source, there are others, such as av-comparatives.org, which also test & compare AntiVirus products out there as well on many levels (mostly detection rates). The URL above goes into more than that, such as program speed/efficiency/throughput, & the fact NOD32 is written almost TOTALLY in pure Assembler language (when, if coupled with a solid fast algorithm/engine, is untouchable even by C/C++ or Delphi even for that)).
+
SpyBot (Ad-Aware is another option) as my resident antispyware tool running in the background!
This tool in SPYBOT also installs & runs PERFECTLY in safemode (combined with ComboFix &/or SmitfraudFix, you can "burn out" just about ANY spyware/malware infestation in 30-60 minutes, depending on level of infection, speed of your disks/CPU/RAM, & amount of files on your disks - A good antivirus (See NOD32 above, best there is on speed/efficiency, resource consumption, & accuracy) alongside it plus vendor specialized "removal tools" is all a body needs (mostly) when infected.
AntiRootkit tools are another one to be conscious of nowadays, now that such machinations are available for Windows (they originated, afaik, in the UNIX world though).
The "best ones" (AntiRootkit scanners) & their download URL links are:
AVG AntiRootkit
BitDefender AntiRootkit
GMER
Rootkit Revealer
PrevX AntiRootkit
Rootkit Hook Analyzer
Sophos AntiRootkit
F-Secure Blacklight
Gromozon Rootkit Removal Tool
KLister
McAfee Rootkit Detective
PatchFinder
RogueRemover
VICE
System Virginity Verifier for Windows 2000/XP/2003
That is a list for you all to choose from, look them up on GOOGLE to download them from their homepages, as they all do a decent enough job though, & are 100% FREE - SO, DO use them!
APK
9.) It is also possible, for webbrowsers &/or email clients, to create a "VISTA LIKE IE 7 Protected Mode"-like type scenario, isolating them into their own spaces in memory, here are 2 methods, how (not needed on VISTA though, afaik):
IE6/7 & FF + OPERA AS WELL (as noted by A/C slashdot poster in reply to my methods, both his & my own work well, & are listed here @ /. (slashdot)) on modern NT-based OS "how-to":
http://it.slashdot.org/comments.pl?sid=236...mp;cid=19310513
MY METHOD for RUNNING IE in a "runas limited user class" sandbox effect:
"It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.
Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.
Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.
Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits"
---------
ANOTHER, VERY QUITE POSSIBLY SUPERIOR METHOD:
http://theinvisiblethings.blogspot.com/200...-every-day.html
See section: Do-It-Yourself: Implementing Privilege Separation. Using the psexec tool as described results in a "clean" process tree where iexplore.exe will show up directly under the root avoiding beeing a child process.
Note - The "invisible thing"? She's "Yuriko DeathStrike" as far as I am concerned... Joanna Rutkowska, my fellow "Polish Person" & she's a regular "wonder" in the security/hacking/cracking world!
This is my runopera.bat which runs opera as user internet:
psexec.exe -d -u internet -p p4ssw0rd "cmd" "/d /D /c start /b Opera.exe"
PLUS, Windows Server 2003 has a hardened IE6/7 by default (which can be duplicated on other Win32 OS versions, because it mainly just does what I have been doing for a long time & noted by myself earlier, in stuff like turning off ActiveX & scripting + JAVA online on the public internet, of all types by default, & I do this in ALL of my browsers (IE, FF, & Opera) & only make exceptions for CERTAIN sites)
---------
ANOTHER ALTERNATIVE THAT A USER SUGGESTED ADDON TO AUTOMATE THIS STUFF ON ISOLATION OF IE:
(Per "OILY 17" (TPU forums user) suggestion, to aid in automating this (a tool)):
http://forums.techpowerup.com/showthread.p...0284#post500284
"For running IE,Firefox etc as a throw away account has anyone tried this app out yet.Recently came across it, but have not tried it out yet.
Anyone any views?
http://www.sandboxie.com/
As the name suggests runs IE etc in a sand box effect."
Thanks oily (apk) - RECENT UPDATE: I've tried "sandboxie" & understand the layered filtering driver it employs for writes (ignores reads from main HDD) & it IS a great idea, + it works!
---------
ALSO - Microsoft puts out a tool for users for 2000/XP/Server 2003 called "DropMyRights" which also works, albeit on a diff. principal than SANDBOXIE DOES (via running like VISTA UAC does, dropping user priveleges to various areas of your system). It is downloadable here:
DROPMYRIGHTS DOWNLOAD URL:
http://msdn2.microsoft.com/en-us/library/ms972827.aspx
DropMyRights commandline (for shortcuts/icons on desktop properties menu via rightclick usage on them etc.) usage is in a nutshell, structured like this, using IE as an example:
"C:\Documents and Settings\Administrator\My Documents\MSDN\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe" -extoff
---------
AND, keep in mind: even XP webbrowers have a "safemode option" (like the default one of Windows Server 2003) that doesn't allow bad plugins/addons (or any) to run. Common commandlines for your shortcuts for that are:
INTERNET EXPLORER:
"C:\Program Files\Internet Explorer\iexplore.exe"-extoff
NETSCAPE NAVIGATOR/FIREFOX:
"C:\Program Files\Netscape\Navigator 9\navigator.exe"-safe-mode
APK
IE6/7 & FF + OPERA AS WELL (as noted by A/C slashdot poster in reply to my methods, both his & my own work well, & are listed here @ /. (slashdot)) on modern NT-based OS "how-to":
http://it.slashdot.org/comments.pl?sid=236...mp;cid=19310513
MY METHOD for RUNNING IE in a "runas limited user class" sandbox effect:
"It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.
Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.
Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.
Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits"
---------
ANOTHER, VERY QUITE POSSIBLY SUPERIOR METHOD:
http://theinvisiblethings.blogspot.com/200...-every-day.html
See section: Do-It-Yourself: Implementing Privilege Separation. Using the psexec tool as described results in a "clean" process tree where iexplore.exe will show up directly under the root avoiding beeing a child process.
Note - The "invisible thing"? She's "Yuriko DeathStrike" as far as I am concerned... Joanna Rutkowska, my fellow "Polish Person" & she's a regular "wonder" in the security/hacking/cracking world!
This is my runopera.bat which runs opera as user internet:
psexec.exe -d -u internet -p p4ssw0rd "cmd" "/d /D /c start /b Opera.exe"
PLUS, Windows Server 2003 has a hardened IE6/7 by default (which can be duplicated on other Win32 OS versions, because it mainly just does what I have been doing for a long time & noted by myself earlier, in stuff like turning off ActiveX & scripting + JAVA online on the public internet, of all types by default, & I do this in ALL of my browsers (IE, FF, & Opera) & only make exceptions for CERTAIN sites)
---------
ANOTHER ALTERNATIVE THAT A USER SUGGESTED ADDON TO AUTOMATE THIS STUFF ON ISOLATION OF IE:
(Per "OILY 17" (TPU forums user) suggestion, to aid in automating this (a tool)):
http://forums.techpowerup.com/showthread.p...0284#post500284
"For running IE,Firefox etc as a throw away account has anyone tried this app out yet.Recently came across it, but have not tried it out yet.
Anyone any views?
http://www.sandboxie.com/
As the name suggests runs IE etc in a sand box effect."
Thanks oily (apk) - RECENT UPDATE: I've tried "sandboxie" & understand the layered filtering driver it employs for writes (ignores reads from main HDD) & it IS a great idea, + it works!
---------
ALSO - Microsoft puts out a tool for users for 2000/XP/Server 2003 called "DropMyRights" which also works, albeit on a diff. principal than SANDBOXIE DOES (via running like VISTA UAC does, dropping user priveleges to various areas of your system). It is downloadable here:
DROPMYRIGHTS DOWNLOAD URL:
http://msdn2.microsoft.com/en-us/library/ms972827.aspx
DropMyRights commandline (for shortcuts/icons on desktop properties menu via rightclick usage on them etc.) usage is in a nutshell, structured like this, using IE as an example:
"C:\Documents and Settings\Administrator\My Documents\MSDN\DropMyRights\DropMyRights.exe" "C:\Program Files\Internet Explorer\iexplore.exe" -extoff
---------
AND, keep in mind: even XP webbrowers have a "safemode option" (like the default one of Windows Server 2003) that doesn't allow bad plugins/addons (or any) to run. Common commandlines for your shortcuts for that are:
INTERNET EXPLORER:
"C:\Program Files\Internet Explorer\iexplore.exe"-extoff
NETSCAPE NAVIGATOR/FIREFOX:
"C:\Program Files\Netscape\Navigator 9\navigator.exe"-safe-mode
APK
10.) Plus good email client practices like using .txt mail only, no RTF or HTML mail, not opening or allowing attachments unless I know the person & even THEN, scan it with an antivirus (still gets email scanned though by your resident antivirus email scan component (use AntiVirus programs with these, OR, manually scan ANY attachments before opening them (if you get Microsoft Office .doc, .xls, .ppt etc. files uncompressed? HOLD DOWN THE SHIFT KEY AS YOU OPEN THEM - this stops macros from running & macros are the avenue utilized using VBA script to infect you))
APK
APK
11.) I also use a LinkSys/CISCO BEFSX41 "NAT" true firewalling CISCO technology-based router (with cookie & scripting filtering built-in @ the hardware level), these are excellent investments for security.
BY THE WAY, IF YOU OWN A ROUTER? TURN OFF THE UPNP FEATURES IN IT!
Why?
Take a read:
Most Home Routers Vulnerable to Flash UPnP Attack:
http://it.slashdot.org/it/08/01/14/1319256.shtml
* Just to be safe...
APK
BY THE WAY, IF YOU OWN A ROUTER? TURN OFF THE UPNP FEATURES IN IT!
Why?
Take a read:
Most Home Routers Vulnerable to Flash UPnP Attack:
http://it.slashdot.org/it/08/01/14/1319256.shtml
* Just to be safe...
APK
12.) Windows Server 2003's SCW was run over it FIRST (this only exists on Windows Server 2003, not on 2000/XP or VISTA (you have to install this, it does NOT install by default) first to help security it (SCW = security configuration wizard, & it's pretty damn good believe-it-or-not, (@ least, as as starting point))...
Directions for its installation are as follows:
Start the Add or Remove Programs Control Panel applet.
Click Add/Remove Windows Components.
On the Windows Components Wizard screen, select the "Security Configuration Wizard" check box, as the figure shows. Click Next.
The Windows Components Wizard builds a list of files to be copied and finishes installing SCW. Click Finish.
DONE! Now, run it...
It is very simple to use, and will help even TRIM services you do not need running (which saves Memory, other resources, & I/O to cpu/ram/disk etc. AS WELL AS PROVIDING SECURITY should any services you disable turn up vulnerabilities (this has happened before)).
ALSO, per TPU forums user (username "xvi") @ techpowerup.com forums (software section): Use Microsoft Baseline Security Advisor, a free download from Microsoft as well to check your system for security holes, patch updates, etc. (be wary of the fact it does require various services running though, iirc, Terminal Server Services Client - I do NOT keep that running here anymore, & this program failed on me because of that (would not initialize @ all))
APK
AN IMPORTANT SET OF POINTS TO SECURE YOUR WEBBROWSER, EMAIL PROGRAMS, & MORE:
STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD (well, with SOME exceptions on sites that demand you use it, OR those that cannot function properly without it, some examples below)!
Why? Well, read on:
Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...
(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks (even thru adbanners!)). Some examples:
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
&
http://apcmag.com/5382/microsoft_apologise...re_to_customers
If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?
Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...
(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).
Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!
I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.
Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.
Either way? It works, & I STRONGLY recommend this.
----
DISABLE INDISCIMINATE USE OF ADOBE FLASH:
From Mike567 (giving credit, where credit's due):
http://forums.windowsforum.org/index.php?s...33716&st=20
&, he's right... I "overlooked/omitted" that much!
Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):
Adobe Flash Zero-Day Attack Underway:
http://it.slashdot.org/article.pl?sid=08/0...47&from=rss
----
I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)
=====
SECUNIA DATA ON BROWSER SECURITY (dated 07/04/2008 - "4th July U.S.A."):
=====
Opera 9.51 (new release) security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
----
FireFox 3.x security advisories @ SECUNIA (100% unpatched):
http://secunia.com/product/19089/
----
IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (34% unpatched):
http://secunia.com/product/12366/
----
Those %'s are the latest for FireFox 3.x, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.51... ALL, "latest/greatest" models.
So, as you can see?
Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?
It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:
http://www.howtocreate.co.uk/browserSpeed.html
AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:
http://nontroppo.org/timer/kestrel_tests/
NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.
Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!
QUESTION - So, "where do you want to go today?"...
ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).
----
ALSO - HOW TO SET THE "KILL BIT" ON ACTIVEX CONTROLS:
(I.E.-> This is how to stop an ActiveX control from running in Internet Explorer)
http://support.microsoft.com/kb/240797
In case you have "problematic" or security vulnerable ActiveX controls, per this RealPlayer example thereof:
http://service.real.com/realplayer/securit...1007_player/en/
APK
STOP JAVASCRIPT USAGE IN YOUR BROWSERS (along with ActiveX & JAVA) On the PUBLIC internet, PERIOD (well, with SOME exceptions on sites that demand you use it, OR those that cannot function properly without it, some examples below)!
Why? Well, read on:
Fact is, that today? Well... Javascript's dangerous & can be used AGAINST you, as well as help you... it truly is, or can be, a 'double-edged sword'...
(For example - if you follow security related news, you will see that JavaScript is the key avenue being used against you in today's attacks (even thru adbanners!)). Some examples:
http://www.wired.com/techbiz/media/news/2007/11/doubleclick
&
http://apcmag.com/5382/microsoft_apologise...re_to_customers
If you MUST use Javascript (for instance, on a particular site like banking or shopping oriented ones)?
Try "NoScript" (the .xpi addon for FireFox/Mozilla/NetScape 9 etc.) & let it let YOU decide sites to use it on, & then DISABLE JAVA/JAVASCRIPT globally...
(& if you use IE, trying to do the same can be a nightmare (as IE will "nag you to death" if you turn off javascript on sites that use it)).
Opera has similar functionality, ALBEIT, built into it by default as a NATIVE tool!
I.E.-> The ability to GLOBALLY block scripting tools like Javascript, BUT... to also allow it for sites you MUST use it on as exceptions to the GLOBAL rule set in Tools, Preferences menus it has on its menubar.
Opera has the NATIVE BUILT IN ABILITY to allow you to use it on sites you visit IF you must, via rightclicks on the page & "EDIT SITE PREFERENCES" popup menu submenu item that appears.
Either way? It works, & I STRONGLY recommend this.
----
DISABLE INDISCIMINATE USE OF ADOBE FLASH:
From Mike567 (giving credit, where credit's due):
http://forums.windowsforum.org/index.php?s...33716&st=20
QUOTE (Mike567 @ Jun 12 2008, 11:28) 
You need to disable the plugins, where flash is located.
&, he's right... I "overlooked/omitted" that much!
Why is this important?? Well, take a peek here (very recent, 05/28/2008, as of the date of this posting):
Adobe Flash Zero-Day Attack Underway:
http://it.slashdot.org/article.pl?sid=08/0...47&from=rss
----
I also recommend Opera for these reasons (less security holes period, & the 1 it had yesterday? Patched yesterday too... fast!)
=====
SECUNIA DATA ON BROWSER SECURITY (dated 07/04/2008 - "4th July U.S.A."):
=====
Opera 9.51 (new release) security advisories @ SECUNIA (0% unpatched):
http://secunia.com/product/10615/?task=advisories
----
FireFox 3.x security advisories @ SECUNIA (100% unpatched):
http://secunia.com/product/19089/
----
IE 7 (latest cumulative update from MS) security advisories @ SECUNIA (34% unpatched):
http://secunia.com/product/12366/
----
Those %'s are the latest for FireFox 3.x, IE7 after last "patch Tuesday" from MS with the "CUMULATIVE IE UPDATES" they have (see the security downloads URL I post in the 12 steps above to secure yourself), & Opera 9.51... ALL, "latest/greatest" models.
So, as you can see?
Well, NOT ONLY IS OPERA MORE SECURE/BEARING LESS SECURITY VULNERABILITIES?
It's faster too, on just about ANYTHING a browser does, & is probably the MOST standards compliant browser under the sun (not counting HTML dev tools). This is borne out in these tests:
http://www.howtocreate.co.uk/browserSpeed.html
AND, yes others (most recently in Javascript parsing speeds, oddly enough, lol... given the topic of my post here that is), right here:
http://nontroppo.org/timer/kestrel_tests/
NEW NEWS/NEWSFLASH: FF3 is "king of the heap" here now, in javascript parsing speeds, but of what gain is this? Security risks abound in running javascript on "every site under the sun"... limiting it to sites you absolutely NEED it for is the way, IF you wish to stay safer online that is.
Opera's just more std.'s compliant - for example, having passed all the ACID (2/3 before anyone on the latter & one of the first for the former no less), plus it's faster + MULTIPLATFORM, & more secure than the others out there - thus, it's an "all-around" overall best solution!
QUESTION - So, "where do you want to go today?"...
ANSWER = Opera (if you're into speed, security, & std.'s compliance + using a webbrowser that runs on most any platform out there for computing is where).
----
ALSO - HOW TO SET THE "KILL BIT" ON ACTIVEX CONTROLS:
(I.E.-> This is how to stop an ActiveX control from running in Internet Explorer)
http://support.microsoft.com/kb/240797
In case you have "problematic" or security vulnerable ActiveX controls, per this RealPlayer example thereof:
http://service.real.com/realplayer/securit...1007_player/en/
APK
Now, after posting this at TweakTown, TPU, Tweaks.com, PCTools, LearntoHack, Neowin and probably a few other sites, why would you need to do it again?
To spread the word about something that works, & to help others...
Why not?
(Editing in - you can now see Chris, it has been made a "sticky thread/pinned guide" here, & also across roughly 15 other forums to date online, in this guide's 5th month of existence (if you were to search the title of this thread on GOOGLE or ALTAVISTA? You can verify that statement of mine, easily))...
* So, it's GOT to be working pretty well!
In fact - A security forums colleague of mine (well, I don't really KNOW him, but he cited this guide, where it is posted on a widely known security forums -> www.security-forums.com ) even cited it on his HOME forums, here:
http://techiesbox.com/ftopic2466&sid=6...26e3add84ab35b3
(I am glad too, that this is doing well, & helping others... why? Well, this past year alone, I had to clean out literally around 1,000 systems this year, ranging from home/end users, up to corporate networks & servers that were infested by virus/trojans/spywares (malware-in-general) & even rootkits (only kind I know how to really truly kill is the bootsector type, via FixMBR in the Recovery Console for Windows 2000/XP/Server 2003/VISTA though))...
I don't wish that on ANYONE! I've been there myself (on ALL/EACH threat noted in my last paragraph), but it's been ages since, because of what this guide shows folks how to so... I thought I'd share it is all.
... & when folks use this, & follow some SIMPLE RULES it shows them how to follow?
They can do as I have (on Windows Server 2003 SP#2, which "ThreatFIre" found to be the most secure Windows NT-based OS in their research & findings) - stay clean, for years IF NOT DECADES into the distance.
(On my 6th yr. here now, & by doing basically what's in this guide? I have NOT been infected (or hacked) in that timeframe... going to see IF I can make it a decade! My main tester, a degreed Private Investigator, has gone a year so far w/ no infections (when he used to get 200 a week or so, it was unbelievable))
APK
P.S.=PLUS, especially since the CIS Tool actually *almost* makes it fun... a competition against yourself, & your know-how on securing an OS... believe me, it taught me a "trick or two" (& made me realize that for all I know after 15 yrs. as a pro in this field, that I do NOT know everything in this arena - but, I am, like most afficianados/enthusiasts in this field, learning more, everyday (thus, no wasted days for me))... apk
Why not?
(Editing in - you can now see Chris, it has been made a "sticky thread/pinned guide" here, & also across roughly 15 other forums to date online, in this guide's 5th month of existence (if you were to search the title of this thread on GOOGLE or ALTAVISTA? You can verify that statement of mine, easily))...
* So, it's GOT to be working pretty well!
In fact - A security forums colleague of mine (well, I don't really KNOW him, but he cited this guide, where it is posted on a widely known security forums -> www.security-forums.com ) even cited it on his HOME forums, here:
http://techiesbox.com/ftopic2466&sid=6...26e3add84ab35b3
(I am glad too, that this is doing well, & helping others... why? Well, this past year alone, I had to clean out literally around 1,000 systems this year, ranging from home/end users, up to corporate networks & servers that were infested by virus/trojans/spywares (malware-in-general) & even rootkits (only kind I know how to really truly kill is the bootsector type, via FixMBR in the Recovery Console for Windows 2000/XP/Server 2003/VISTA though))...
I don't wish that on ANYONE! I've been there myself (on ALL/EACH threat noted in my last paragraph), but it's been ages since, because of what this guide shows folks how to so... I thought I'd share it is all.
... & when folks use this, & follow some SIMPLE RULES it shows them how to follow?
They can do as I have (on Windows Server 2003 SP#2, which "ThreatFIre" found to be the most secure Windows NT-based OS in their research & findings) - stay clean, for years IF NOT DECADES into the distance.
(On my 6th yr. here now, & by doing basically what's in this guide? I have NOT been infected (or hacked) in that timeframe... going to see IF I can make it a decade! My main tester, a degreed Private Investigator, has gone a year so far w/ no infections (when he used to get 200 a week or so, it was unbelievable))
APK
P.S.=PLUS, especially since the CIS Tool actually *almost* makes it fun... a competition against yourself, & your know-how on securing an OS... believe me, it taught me a "trick or two" (& made me realize that for all I know after 15 yrs. as a pro in this field, that I do NOT know everything in this arena - but, I am, like most afficianados/enthusiasts in this field, learning more, everyday (thus, no wasted days for me))... apk
DO NOT USE THIS WITH A HOME or BUSINESS LAN THAT HAS ActiveDirectory going (because, for example - it will mess up things like FULL Outlook binding to EXCHANGE SERVER for instance, because of INTERNAL DNS SERVER dependencies AD has (ActiveDirectory is HEAVILY dependent on DNS resolutions is why)
That said & aside?
I found something VERY cool, as regards online security, that I stumbled onto during my meanderings online today!
ScrubItDNS:
http://www.scrubit.com
* GREAT IDEA, & it WORKS, painlessly... AND F A S T, too!
OpenDNS is another one, but I find that for stopping "Pr0n" @ least? ScrubIT DNS is literally, the best!
APK
P.S.=> Take a read of what it does, how EASY it is to implement (lol, they even give a GUI to do the job for you, because digging into your network connection MIGHT be a "bit much" for some folks, to make it easy for anyone really... 2 clicks!) & YOU DECIDE...
I have tried it, & it DOES work, by filtering off sites thru it that are 'dangerous' OR 'offensive' (like ones you might find that are involved with the above exploit, or others like GOOGLE + SPYBOT Search & Destroy help you with) - PLUS, Pr0n sites (some of you, lol, may NOT like that "feature" though).
Still, bottom-line - For layered security? This is a GOOD idea, this "scrubit" DNS server... imo, so far @ least... apk
That said & aside?
I found something VERY cool, as regards online security, that I stumbled onto during my meanderings online today!
ScrubItDNS:
http://www.scrubit.com
* GREAT IDEA, & it WORKS, painlessly... AND F A S T, too!
OpenDNS is another one, but I find that for stopping "Pr0n" @ least? ScrubIT DNS is literally, the best!
APK
P.S.=> Take a read of what it does, how EASY it is to implement (lol, they even give a GUI to do the job for you, because digging into your network connection MIGHT be a "bit much" for some folks, to make it easy for anyone really... 2 clicks!) & YOU DECIDE...
I have tried it, & it DOES work, by filtering off sites thru it that are 'dangerous' OR 'offensive' (like ones you might find that are involved with the above exploit, or others like GOOGLE + SPYBOT Search & Destroy help you with) - PLUS, Pr0n sites (some of you, lol, may NOT like that "feature" though).
Still, bottom-line - For layered security? This is a GOOD idea, this "scrubit" DNS server... imo, so far @ least... apk
http://img297.imageshack.us/img297/2240/52041100vo6.png
That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.
A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...
* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):
http://www.xtremepccentral.com/forums/showthread.php?t=28430
APK
P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.
A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...
* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):
http://www.xtremepccentral.com/forums/showthread.php?t=28430
APK
P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
Edited my post (2 above this one) to include OpenDNS servers (faster, & more secure DNS servers), but also noted caution in using them in Active Directory environs... it had messed up Outlook connecting to Exchange Servers on me before, so I had to note it there above, instead!
APK
APK
HOW TO REMOVE MALWARE (Virus/Trojans/Spyware & some rootkits) - just like NIST recommends in their guides also (a malware removal procedure):
HOW TO REMOVE MALWARE - INTRODUCTION (using 110% free tools, OR ones you have in your OS already natively, to remove malware infestations of ANY kind HOW TO):
NOW, after ALL of the above? IF you do find yourself "infested" though, one day??
(Which is going to RARE (if @ all) - Usually, after the above set of steps you can use to secure yourselves, the ONLY way you usually can be reinfected, is to click & run a bogus email attachment, OR, by turning on Javascript & IFrames for instance! (or, allowing shockwave or a bum ActiveX control to run) OR, via a vulnerability in your applications OR Operating System that needs patching (I note this in the init. post of this thread in fact in this latter point now)).
YES - It happens! Far more rarely than it had before (using a buddy of mine Jack as an example in fact - I chose him as a tester because he was nearly constantly infested is why & this all worked for he, until he violated javascript usage rules I mentioned above).
E.G.-> I have had users violate that/those "rule(s)" from above & that was how they were reinfected - BUT, one tester of mine DEFINITELY gets infected FAR LESS than he used to, by applying the above... this is certain!
I.E.-> I have had this setup running Windows Server 2003 (SP#2, fully hotfix patched & hardened per the above as of this date) since early 2003, running "110% bulletproof & bugfree" because of following the rules & suggestions noted above!
ANYHOW - Malware infested? TRY THIS SET OF TOOLS & TECHNIQUES:
How to clean yourself up?
This "toolkit" & process has helped me get thru over a 1,000 spyware/virus clean up calls, & hopefully? It will yourself, as well, so... here goes:
==========
1.) Reboot your system to F8 @ startup "Windows Advanced Options" bootup menu that stops you during the boot sequence.
----
2.) There, choose "safemode with networking" (via the "Windows Advanced Options" menu you get presented with while tapping the F8 key repeatedly @ system startup).
----
3.) Once in safemode with networking Windows, download/install & RUN these tools (they are not much to look at, BUT, they do work on MOST threats today & get regularly updated):
a. Run IE, use its TOOLS menu, Manage Addons Submenu, & turn off ANY BHO etc. objects that you do NOT absolutely NEED, or know what they are (many malwares in the form of bogus toolbars or BHO (browser helper objects) often hide here).
ALSO, GREAT NEW POINT EDITED IN NOW (01/13/2008) per Delightus14 @ Neowin forums: ALSO CLEAN OUT YOUR WEBBROWER CACHES & %temp/tmp% temp. ops locations so no maladies exist there also awaiting re-awakening by accident
You do this via Internet Explorer (using IE as an example, it is the same idea in Opera/FireFox/Netscape/Mozilla etc. too) via its Tools menu, Internet Options submenu, & on IE options screen, use the "Browsing History" group in IE7, & delete things as necessary from IE's browser caches etc. & for OS + app level %temp% & %tmp% environmental values' areas? Type SET @ a DOS prompt to see where you located those, & burn their contents via DEL commands, OR via explorer.exe/MyComputer filemanagement.
b. Run msconfig.exe, & stall out ANY apps you do NOT absolutely NEED to run (many malware start here in fact). If you do NOT know the name of the program & what it does? Look it up on GOOGLE... same with BHO's above in IE.
c. DOWNLOAD & INSTALL SpyBot 1.51x
d. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) ComboFix (don't run it yet - there is no installer, it IS its own install + run package)
COMBOFIX MAY HAVE SOME "MINOR SIDE EFFECTS" though, & here are 3 I have noted, & HOW to fix them:
1.) IE homepage: No big deal to "fix this". You go to Start Button -> CONTROL PANEL (use CLASSIC VIEW, it's easier imo) -> Internet Options -> General Tab & HOMEPAGE (here is where you change that).
2.) System Time (rightclick on timeclock in lower righthand side of your screen, & from its POPUP menu, use the Date/Time tool)
3.) Desktop wallpaper (easy to fix: Rightclick on Desktop, use properties menu, & the desktop tab, change your background wallpaper there)
e. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) SmitFraudFix (which also has its own LSP (layered service provider fix I have heard tell), BUT, againL Don't run it yet - as AGAIN -> there is no installer, it IS its own install + run package)
An alternate here, is LSPFix.exe...
----
4.) Clean out your rig, running SpyBot, first (most of the threats today are SPYWARE related, or TROJANS, more than std. typical traditional viruses by the way).
----
5.) Then, run ComboFix (this will reset your webbrowser homepage & background desktop wallpaper, you will have to reset these, & possibly your date/time clock in Windows too).
(OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)
----
6.) Then, run SmitFraudFix (or, as an alternate, LSPFix)
(OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)
----
7.) Reboot to "normal Windows" (no F8 stuff this round) - it MAY hesitate/be slower this bootup though, because SpyBot/ComboFix/SmitFraud do a 2nd look type check on bootup many times... so, be prepared for this part.
----
8.) Then, once in normal Windows again, scan with your AntiVirus solution (now fully updated hopefully & if not, do update it first & then scan).
Good suggested FREE one, is AVG AntiVirus (I suggest this one, because it is free + complete w/ mail protection too that's decent enough, & just in case your antivirus solution is expired... if it is not expired, update the one you use. Keeping another around for a "2nd Dr.'s Opinion" is NOT a bad idea, BUT: ONLY RUN 1 OF THEM, "resident" (meaning runnings its background application & file scanning engine, usually implemented as a service + trayicon app). IMO, NOD32 is the best performer all-around in terms of antivirus programs. av-comparatives & vb100 tend to 2nd me here as well.
* @ that point? You probably will have 'caught the culprits', OR, @ least have the name + location of any threats they could NOT eliminate... & here is where it gets REALLY "fun"...
==========
NOW, when you CAN'T remove a virus using "script kiddie automated tools" like those noted above (not putting them down calling them that because they ARE somebody's hard work & freely given time as well... but, they ARE that, because they're only automating what YOU can do, yourself, with other tools like msconfig/IE manage addons, & more tools like Process Explorer + regedit & explorer.exe (OR even Recovery Console) can allow YOU to do, yourself, albeit slower... the nice part about the automated killers like the tools I mention above, is that they operate FAR FASTER than human beings do).
ANYHOW - IF you can get its name, & location on disk say, via a report from AVG or other programs you use for this?
Boot your system from the OS install CD, & go to RECOVERY CONSOLE!
There, switch to the folder that houses it using CD (almost like DOS one, but uses .. ONLY, to switch to ancestor folder roots really (instead of \ etc. et al))!
Then, once you are in its folder, fry it then (nothing will be loading & thus, locking it, there) using the DEL command -> DEL filename.
****
It's THAT, or using Process Explorer in UserMode/Ring 3/RPL3 operation...
You would do a suspending the calling process via right click popup menu options for this it offers! Once the calling process is suspended (& many times, also the called or DLL injected library as well), you can delete ANY potential offending injected DLL/lib virus-trojan-spyware-malware being called by said parent process, on disk.
(This ia assuming this is a lib loaded virus/spyware/trojan/malware etc., not a standalone .exe type)
That's done via watching loaded DLL's that ANY app may have loaded presently (For that, you would have to use ProExp's CTRL+D keystroke shortcut, with the lower pane view present/visible, & set like that) IF there is one and this thing doesn't launch by itself from one of the registry RUN areas or startup groups that is...
Using Process Explorer can help!
(Again, especially if this is being run by "DLL Injection" (like an OLEServer being injected into a process via CLSIDs, shell extensions, or being run by rundll32.exe OR svchost.exe, process hosting executables that can spawn either .exe OR .dll/lib based ones)).
****
The easier/simpler route?
My first suggestion:
Use Recovery Console, once you have its name & location on disk... DEL command will take care of it, lickety-split, no-$heet.
TO INSTALL RECOVERY CONSOLE AS A BOOTUP MENU OPTION:
1.Insert the Windows XP CD into the CD-ROM drive.
2.Click Start, and then click Run.
3.In the Open box, type d:\i386\winnt32.exe /cmdcons where d is the drive letter for the CD-ROM drive.
4.A Windows Setup Dialog Box appears. The Windows Setup Dialog Box describes the Recovery Console option. To confirm the installation, click Yes.
5.Restart the computer. The next time that you start your computer, "Microsoft Windows Recovery Console" appears on the startup menu.
(Alternately, you may bootup from your XP/Server 2003/VISTA install media, & run it there (via bootoptions menus choices then))
Then once you are booted & logged into it, use:
FixMBR
&
DEL (filename)
Once in the folder/directory (via CD dos command) where those rogue files are, burn them, in RC... using DEL.
NOTE/IMPORTANT:
You MAY have to use SECPOL.msc & give yourself rights to folders other than %windir% & its subordinates though, if the rogue files aren't underneath Windows itself... because RC's default ACL to those things is just %windir% & its subordinate folders only.
Start in Left-hand side pane of secpol.msc -> Security Settings -> Local Policies -> Security Options (now right-hand side pane of secpol.msc) -> Recovery Console: Allow Floppy Copy and Access to all drives and folders
APK
P.S.=> Rootkits & how to blow THOSE out? Guess what your "best pal" is, yet again?? Ah, you guessed it - RECOVERY CONSOLE & FixMBR command!
HOWEVER - FixMBR ONLY works on (only) BOOTSECTOR ORIGINATED TYPES though...
There are other kinds (driven by drivers &/or kernel mode API 'hooking' & more)... Soon, & I am NOT the only person theorizing this (because I saw BIOS flash code @ rootkit.com over more than a year back no less & IMMEDIATELY said "oh boy, here comes bios flashing malware")??
Soon you'll have BIOS flashing attacks via malwares (virus/trojans/spywares) & rootkits too (as rootkits typically ride "under the OS" or make themselves invisible to it, via interception of even kernel mode API calls, doing something called "hooking')...
How so??
Well, an example (a legit program I built this year for the fine Sci-Fi series from the BBC in the UK, called "Dr. Who" (longest running Sci-Fi show there is, huge fan here since the 1970's in fact)):
----------------------------------------------------------------------
APK Doctor Who ScreenSaver 2008++ version 1.0:
----------------------------------------------------------------------
http://www.drwhodaily.com/community/index.php?showtopic=386
----------------------------------------------------------------------
I store its .avi it plays back, INSIDE of the .scr executable, as a 'resource' I point to & playback from RAM, not disk, via a child thread (it's multithreaded design)...
That said - now, consider this:
Since ASUS & GIGABYTE have tools that 'flash' your BIOS, that now operate inside Windows itself?
Well, what is stopping a "blended/combined package" threat malware from using not only "std. attack methods" but, also using rootkit techniques too!
(Once more - means a "malware type" that literally "rides beneath the OS" literally, from out of the BIOS, or from a bootsector spawning (only kind I know how to kill in fact, via Recovery Console FixMBR) or, via kernelmode API intercept hooking (ability to 'fake out' what API's do or report back to you in laymen's terms))
What is stopping malware makers from doing the SAME thing I do in that program above to 'disguise' their evil machinations? Well... Not much!
Especially considering you can not only store .avi files, but pretty much anything, including a BIOS IMG file & a "Plug-N-Play" driver to make this happen!
(PnP drivers = A driver that can start from usermode/Ring3/RPL3 where you run programs from, vs. Ring 0/RPL0/kernelmode where most drivers traditionally run from)...
Food for thought... you get one of these types (afaik not here YET)? OR, rootkits of other kinds (not bootsector killable, but instead memory resident)?? Backup your data, & "repave" is the typical recommendation... I have no idea how I would kill one, & afaik? Nobody else does either, aside from starting fresh, OR trying to "overwrite" your current setup w/ a backup (assuming it is clean too, & that might NOT be a good assumption)... apk
HOW TO REMOVE MALWARE - INTRODUCTION (using 110% free tools, OR ones you have in your OS already natively, to remove malware infestations of ANY kind HOW TO):
NOW, after ALL of the above? IF you do find yourself "infested" though, one day??
(Which is going to RARE (if @ all) - Usually, after the above set of steps you can use to secure yourselves, the ONLY way you usually can be reinfected, is to click & run a bogus email attachment, OR, by turning on Javascript & IFrames for instance! (or, allowing shockwave or a bum ActiveX control to run) OR, via a vulnerability in your applications OR Operating System that needs patching (I note this in the init. post of this thread in fact in this latter point now)).
YES - It happens! Far more rarely than it had before (using a buddy of mine Jack as an example in fact - I chose him as a tester because he was nearly constantly infested is why & this all worked for he, until he violated javascript usage rules I mentioned above).
E.G.-> I have had users violate that/those "rule(s)" from above & that was how they were reinfected - BUT, one tester of mine DEFINITELY gets infected FAR LESS than he used to, by applying the above... this is certain!
I.E.-> I have had this setup running Windows Server 2003 (SP#2, fully hotfix patched & hardened per the above as of this date) since early 2003, running "110% bulletproof & bugfree" because of following the rules & suggestions noted above!
ANYHOW - Malware infested? TRY THIS SET OF TOOLS & TECHNIQUES:
How to clean yourself up?
This "toolkit" & process has helped me get thru over a 1,000 spyware/virus clean up calls, & hopefully? It will yourself, as well, so... here goes:
==========
1.) Reboot your system to F8 @ startup "Windows Advanced Options" bootup menu that stops you during the boot sequence.
----
2.) There, choose "safemode with networking" (via the "Windows Advanced Options" menu you get presented with while tapping the F8 key repeatedly @ system startup).
----
3.) Once in safemode with networking Windows, download/install & RUN these tools (they are not much to look at, BUT, they do work on MOST threats today & get regularly updated):
a. Run IE, use its TOOLS menu, Manage Addons Submenu, & turn off ANY BHO etc. objects that you do NOT absolutely NEED, or know what they are (many malwares in the form of bogus toolbars or BHO (browser helper objects) often hide here).
ALSO, GREAT NEW POINT EDITED IN NOW (01/13/2008) per Delightus14 @ Neowin forums: ALSO CLEAN OUT YOUR WEBBROWER CACHES & %temp/tmp% temp. ops locations so no maladies exist there also awaiting re-awakening by accident
You do this via Internet Explorer (using IE as an example, it is the same idea in Opera/FireFox/Netscape/Mozilla etc. too) via its Tools menu, Internet Options submenu, & on IE options screen, use the "Browsing History" group in IE7, & delete things as necessary from IE's browser caches etc. & for OS + app level %temp% & %tmp% environmental values' areas? Type SET @ a DOS prompt to see where you located those, & burn their contents via DEL commands, OR via explorer.exe/MyComputer filemanagement.
b. Run msconfig.exe, & stall out ANY apps you do NOT absolutely NEED to run (many malware start here in fact). If you do NOT know the name of the program & what it does? Look it up on GOOGLE... same with BHO's above in IE.
c. DOWNLOAD & INSTALL SpyBot 1.51x
d. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) ComboFix (don't run it yet - there is no installer, it IS its own install + run package)
COMBOFIX MAY HAVE SOME "MINOR SIDE EFFECTS" though, & here are 3 I have noted, & HOW to fix them:
1.) IE homepage: No big deal to "fix this". You go to Start Button -> CONTROL PANEL (use CLASSIC VIEW, it's easier imo) -> Internet Options -> General Tab & HOMEPAGE (here is where you change that).
2.) System Time (rightclick on timeclock in lower righthand side of your screen, & from its POPUP menu, use the Date/Time tool)
3.) Desktop wallpaper (easy to fix: Rightclick on Desktop, use properties menu, & the desktop tab, change your background wallpaper there)
e. DOWNLOAD (OPTIONAL - use ONLY if Spybot for example, cannot remove a malware) SmitFraudFix (which also has its own LSP (layered service provider fix I have heard tell), BUT, againL Don't run it yet - as AGAIN -> there is no installer, it IS its own install + run package)
An alternate here, is LSPFix.exe...
----
4.) Clean out your rig, running SpyBot, first (most of the threats today are SPYWARE related, or TROJANS, more than std. typical traditional viruses by the way).
----
5.) Then, run ComboFix (this will reset your webbrowser homepage & background desktop wallpaper, you will have to reset these, & possibly your date/time clock in Windows too).
(OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)
----
6.) Then, run SmitFraudFix (or, as an alternate, LSPFix)
(OPTIONAL - use ONLY if Spybot for example, cannot remove a malware)
----
7.) Reboot to "normal Windows" (no F8 stuff this round) - it MAY hesitate/be slower this bootup though, because SpyBot/ComboFix/SmitFraud do a 2nd look type check on bootup many times... so, be prepared for this part.
----
8.) Then, once in normal Windows again, scan with your AntiVirus solution (now fully updated hopefully & if not, do update it first & then scan).
Good suggested FREE one, is AVG AntiVirus (I suggest this one, because it is free + complete w/ mail protection too that's decent enough, & just in case your antivirus solution is expired... if it is not expired, update the one you use. Keeping another around for a "2nd Dr.'s Opinion" is NOT a bad idea, BUT: ONLY RUN 1 OF THEM, "resident" (meaning runnings its background application & file scanning engine, usually implemented as a service + trayicon app). IMO, NOD32 is the best performer all-around in terms of antivirus programs. av-comparatives & vb100 tend to 2nd me here as well.
* @ that point? You probably will have 'caught the culprits', OR, @ least have the name + location of any threats they could NOT eliminate... & here is where it gets REALLY "fun"...
==========
NOW, when you CAN'T remove a virus using "script kiddie automated tools" like those noted above (not putting them down calling them that because they ARE somebody's hard work & freely given time as well... but, they ARE that, because they're only automating what YOU can do, yourself, with other tools like msconfig/IE manage addons, & more tools like Process Explorer + regedit & explorer.exe (OR even Recovery Console) can allow YOU to do, yourself, albeit slower... the nice part about the automated killers like the tools I mention above, is that they operate FAR FASTER than human beings do).
ANYHOW - IF you can get its name, & location on disk say, via a report from AVG or other programs you use for this?
Boot your system from the OS install CD, & go to RECOVERY CONSOLE!
There, switch to the folder that houses it using CD (almost like DOS one, but uses .. ONLY, to switch to ancestor folder roots really (instead of \ etc. et al))!
Then, once you are in its folder, fry it then (nothing will be loading & thus, locking it, there) using the DEL command -> DEL filename.
****
It's THAT, or using Process Explorer in UserMode/Ring 3/RPL3 operation...
You would do a suspending the calling process via right click popup menu options for this it offers! Once the calling process is suspended (& many times, also the called or DLL injected library as well), you can delete ANY potential offending injected DLL/lib virus-trojan-spyware-malware being called by said parent process, on disk.
(This ia assuming this is a lib loaded virus/spyware/trojan/malware etc., not a standalone .exe type)
That's done via watching loaded DLL's that ANY app may have loaded presently (For that, you would have to use ProExp's CTRL+D keystroke shortcut, with the lower pane view present/visible, & set like that) IF there is one and this thing doesn't launch by itself from one of the registry RUN areas or startup groups that is...
Using Process Explorer can help!
(Again, especially if this is being run by "DLL Injection" (like an OLEServer being injected into a process via CLSIDs, shell extensions, or being run by rundll32.exe OR svchost.exe, process hosting executables that can spawn either .exe OR .dll/lib based ones)).
****
The easier/simpler route?
My first suggestion:
Use Recovery Console, once you have its name & location on disk... DEL command will take care of it, lickety-split, no-$heet.
TO INSTALL RECOVERY CONSOLE AS A BOOTUP MENU OPTION:
1.Insert the Windows XP CD into the CD-ROM drive.
2.Click Start, and then click Run.
3.In the Open box, type d:\i386\winnt32.exe /cmdcons where d is the drive letter for the CD-ROM drive.
4.A Windows Setup Dialog Box appears. The Windows Setup Dialog Box describes the Recovery Console option. To confirm the installation, click Yes.
5.Restart the computer. The next time that you start your computer, "Microsoft Windows Recovery Console" appears on the startup menu.
(Alternately, you may bootup from your XP/Server 2003/VISTA install media, & run it there (via bootoptions menus choices then))
Then once you are booted & logged into it, use:
FixMBR
&
DEL (filename)
Once in the folder/directory (via CD dos command) where those rogue files are, burn them, in RC... using DEL.
NOTE/IMPORTANT:
You MAY have to use SECPOL.msc & give yourself rights to folders other than %windir% & its subordinates though, if the rogue files aren't underneath Windows itself... because RC's default ACL to those things is just %windir% & its subordinate folders only.
Start in Left-hand side pane of secpol.msc -> Security Settings -> Local Policies -> Security Options (now right-hand side pane of secpol.msc) -> Recovery Console: Allow Floppy Copy and Access to all drives and folders
APK
P.S.=> Rootkits & how to blow THOSE out? Guess what your "best pal" is, yet again?? Ah, you guessed it - RECOVERY CONSOLE & FixMBR command!
HOWEVER - FixMBR ONLY works on (only) BOOTSECTOR ORIGINATED TYPES though...
There are other kinds (driven by drivers &/or kernel mode API 'hooking' & more)... Soon, & I am NOT the only person theorizing this (because I saw BIOS flash code @ rootkit.com over more than a year back no less & IMMEDIATELY said "oh boy, here comes bios flashing malware")??
Soon you'll have BIOS flashing attacks via malwares (virus/trojans/spywares) & rootkits too (as rootkits typically ride "under the OS" or make themselves invisible to it, via interception of even kernel mode API calls, doing something called "hooking')...
How so??
Well, an example (a legit program I built this year for the fine Sci-Fi series from the BBC in the UK, called "Dr. Who" (longest running Sci-Fi show there is, huge fan here since the 1970's in fact)):
----------------------------------------------------------------------
APK Doctor Who ScreenSaver 2008++ version 1.0:
----------------------------------------------------------------------
http://www.drwhodaily.com/community/index.php?showtopic=386
----------------------------------------------------------------------
I store its .avi it plays back, INSIDE of the .scr executable, as a 'resource' I point to & playback from RAM, not disk, via a child thread (it's multithreaded design)...
That said - now, consider this:
Since ASUS & GIGABYTE have tools that 'flash' your BIOS, that now operate inside Windows itself?
Well, what is stopping a "blended/combined package" threat malware from using not only "std. attack methods" but, also using rootkit techniques too!
(Once more - means a "malware type" that literally "rides beneath the OS" literally, from out of the BIOS, or from a bootsector spawning (only kind I know how to kill in fact, via Recovery Console FixMBR) or, via kernelmode API intercept hooking (ability to 'fake out' what API's do or report back to you in laymen's terms))
What is stopping malware makers from doing the SAME thing I do in that program above to 'disguise' their evil machinations? Well... Not much!
Especially considering you can not only store .avi files, but pretty much anything, including a BIOS IMG file & a "Plug-N-Play" driver to make this happen!
(PnP drivers = A driver that can start from usermode/Ring3/RPL3 where you run programs from, vs. Ring 0/RPL0/kernelmode where most drivers traditionally run from)...
Food for thought... you get one of these types (afaik not here YET)? OR, rootkits of other kinds (not bootsector killable, but instead memory resident)?? Backup your data, & "repave" is the typical recommendation... I have no idea how I would kill one, & afaik? Nobody else does either, aside from starting fresh, OR trying to "overwrite" your current setup w/ a backup (assuming it is clean too, & that might NOT be a good assumption)... apk
Nice to see 3,200 views in less than 3 months time (Dec. 5th 2007 - Feb 23rd 2008)...
I popped back in, just to check that out, today.
That's what? 80 days into 3,200 = 40 views a day in that timeframe...
Which is MORE than cool by me: That means around up to 20 folks a day got their system faster online, as well as more securely: Simply by applying the points in this thread, + using the CIS Tool as your guide, to make it somewhat fun almost also... enjoy!
* The true people who gain here are the ones that put this stuff above into practice... more than I do possibly, because others will surpass my score on Windows Server 2003 eventually, & so will they on the XP tests screenshots noted above as well... the MAIN POINT's not the score though - it's to secure your system, as best you can, especially online today.
APK
I popped back in, just to check that out, today.
That's what? 80 days into 3,200 = 40 views a day in that timeframe...
Which is MORE than cool by me: That means around up to 20 folks a day got their system faster online, as well as more securely: Simply by applying the points in this thread, + using the CIS Tool as your guide, to make it somewhat fun almost also... enjoy!
* The true people who gain here are the ones that put this stuff above into practice... more than I do possibly, because others will surpass my score on Windows Server 2003 eventually, & so will they on the XP tests screenshots noted above as well... the MAIN POINT's not the score though - it's to secure your system, as best you can, especially online today.
APK
As regards the "Russian Business Network" (RBN) who has been @ the heart of MANY online attacks (or, things like Zlob trojan & IDTheft related attacks, etc. et al)? Use this information to protect yourselves, from them.
(RELIABLE/REPUTABLE SOURCE USED = http://www.spamhaus.org/rokso/evidence.las...okso_id=ROK7465
----
FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1"
(That is simply because iirc, the zero's based one leads to a NULL port type of request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple of reasons (which it took me some time to come up w/ & testing as to which is "better" to use)).
SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses + loads FAR faster, & is smaller on disk is why - AND, in RAM once loaded: THUS, I am logically concluding that 0.0.0.0 is better to use period for HOSTS file blocks - same function, & @ LESSER cost, nearly all the way around (less diskspace, faster loadspeed, less memory occupancy, & etc. et al). A MORE EFFICIENT STRUCTURE!
----
USING NOTEPAD.EXE
ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):
# === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
0.0.0.0 rxpharmacy-support.com
0.0.0.0 ns3.cnmsn.com
0.0.0.0 thecanadianmeds.com
0.0.0.0 officialmedicines.com
0.0.0.0 psxshop.com
0.0.0.0 10000xing.cn
0.0.0.0 222360.com
0.0.0.0 adslooks.info
0.0.0.0 bnably.com
0.0.0.0 eqcorn.com
0.0.0.0 familypostcards2008.com
0.0.0.0 freshcards2008.com
0.0.0.0 happy2008toyou.com
0.0.0.0 happysantacards.com
0.0.0.0 hellosanta2008.com
0.0.0.0 hohoho2008.com
0.0.0.0 kqfloat.com
0.0.0.0 ltbrew.com
0.0.0.0 mymetavids.com
0.0.0.0 obebos.cn
0.0.0.0 parentscards.com
0.0.0.0 postcards-2008.com
0.0.0.0 ptowl.com
0.0.0.0 qavoter.com
0.0.0.0 santapcards.com
0.0.0.0 santawishes2008.com
0.0.0.0 siski.cn
0.0.0.0 snbane.com
0.0.0.0 snlilac.com
0.0.0.0 tibeam.com
0.0.0.0 tushove.com
0.0.0.0 wxtaste.com
0.0.0.0 yxbegan.com
0.0.0.0 iframedollars.biz
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 RUSOUVENIRS.COM
0.0.0.0 RBNNETWORK.COM
0.0.0.0 NS1.INFOBOX.ORG
0.0.0.0 NS2.INFOBOX.ORG
0.0.0.0 NS1.RUSOUVENIRS.COM
0.0.0.0 NS2.RUSOUVENIRS.COM
0.0.0.0 NS1.RUSOUVENIRS.NET
0.0.0.0 NS2.RUSOUVENIRS.NET
0.0.0.0 SBTTEL.COM
0.0.0.0 AKIMON.COM
0.0.0.0 AKIMON.NET
0.0.0.0 EEXHOST.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 VALUEDOT.NET
0.0.0.0 ns0.valuedot.net
0.0.0.0 ns1.valuedot.net
0.0.0.0 1000WATT.BIZ
0.0.0.0 2SOVKA.NET
0.0.0.0 AIDEN-GROUP.COM
0.0.0.0 AKIMON.COM
0.0.0.0 ALEKC.NET
0.0.0.0 ANDREY-STUDIO.INFO
0.0.0.0 AUTOKUBAN.INFO
0.0.0.0 AVIATRAVELAGENCY.COM
0.0.0.0 AVTOMOBILEY.NET
0.0.0.0 BAGATITSA.COM
0.0.0.0 BAIKERGROUP.COM
0.0.0.0 BALTICDOORS.COM
0.0.0.0 BALTMONOLIT.COM
0.0.0.0 BRIGADA-EL.COM
0.0.0.0 CARPRIVOZ.COM
0.0.0.0 CHILLERU.COM
0.0.0.0 CVETOVODSTVO.COM
0.0.0.0 E-GOLD-CHANGER.COM
0.0.0.0 ELECTRONOV.NET
0.0.0.0 FASHIONER.BIZ
0.0.0.0 FFFFFF.ORG
0.0.0.0 FIFACUP06.INFO
0.0.0.0 FISHTORG.COM
0.0.0.0 FKGARANT.COM
0.0.0.0 FOTORETUSH.COM
0.0.0.0 FREGATSOFT.COM
0.0.0.0 FROLROMANOFF.COM
0.0.0.0 FULLVER.INFO
0.0.0.0 GAKKEL.COM
0.0.0.0 GARANTSERVICE.ORG
0.0.0.0 GDEDENGI.INFO
0.0.0.0 GLAZKI.NET
0.0.0.0 GOLD-DRAGON.INFO
0.0.0.0 GORODM.COM
0.0.0.0 GRAYZI.NET
0.0.0.0 GRIFFINFLY.COM
0.0.0.0 HEAT-ENERGO.COM
0.0.0.0 HITEMA.NET
0.0.0.0 HYIPREVIEW.INFO
0.0.0.0 HYIPSMAP.COM
0.0.0.0 ILOXX.ORG
0.0.0.0 IMYA.INFO
0.0.0.0 INFODOSKA.COM
0.0.0.0 INTERNETWORLDBOOK.COM
0.0.0.0 KLIMATA.NET
0.0.0.0 KOMOV.NET
0.0.0.0 KOSMETICHKA.NET
0.0.0.0 LIDTRADE.COM
0.0.0.0 LIFE-RU.ORG
0.0.0.0 LPSPB.COM
0.0.0.0 M-OST.NET
0.0.0.0 M-UNLOCK.COM
0.0.0.0 MAMRU.COM
0.0.0.0 MAPSERV.COM
0.0.0.0 MASTERDOKS.COM
0.0.0.0 MIRMED.COM
0.0.0.0 MOOSEMUSE.COM
0.0.0.0 MOREPRODUCT.NET
0.0.0.0 MUSEMOOSE.COM
0.0.0.0 NESTRONICS.COM
0.0.0.0 NESTRONICS.NET
0.0.0.0 NOFUN.INFO
0.0.0.0 OIL-GAS-MINERALS.COM
0.0.0.0 OKOSHKA.NET
0.0.0.0 OPTIMUS.BIZ
0.0.0.0 OTKRITKI.NET
0.0.0.0 OTKRITOK.NET
0.0.0.0 PARALLELSIXTY.COM
0.0.0.0 PASSOMONTANO.COM
0.0.0.0 PETROBALT.NET
0.0.0.0 PHARMACY-MD.COM
0.0.0.0 PISKUNOV.NET
0.0.0.0 POIGRAI.INFO
0.0.0.0 PROETCONTRA.ORG
0.0.0.0 PSOLAO.ORG
0.0.0.0 ROSEL.INFO
0.0.0.0 SBTTEL.COM
0.0.0.0 SECONDAPPROACH.COM
0.0.0.0 SMARTSOFTLINE.COM
0.0.0.0 SMESHNOY.COM
0.0.0.0 SQUAREDREAM.COM
0.0.0.0 STROIINFORM.COM
0.0.0.0 STROYBRIGADA.COM
0.0.0.0 TANK-HOBBY.COM
0.0.0.0 TECHNONORDIC.COM
0.0.0.0 TELEUNITED.NET
0.0.0.0 TEPLOCOM.COM
0.0.0.0 THERMOCAUTERY.COM
0.0.0.0 TIARU.COM
0.0.0.0 TRADEFINANS.COM
0.0.0.0 TRADEFINANS.NET
0.0.0.0 TRAININGS-TRIUMPH.ORG
0.0.0.0 TSAR-SUVENIR.COM
0.0.0.0 UEFACUP08.INFO
0.0.0.0 UMNIKSOFT.COM
0.0.0.0 UNDERCOOLED.NET
0.0.0.0 VALIDBIT.COM
0.0.0.0 VERESC.ORG
0.0.0.0 VOROLAIN.COM
0.0.0.0 WHITENIGHTSHOSTELS.COM
0.0.0.0 WORLDFONDS.NET
0.0.0.0 XRUST.NET
0.0.0.0 YAHOCHU.COM
0.0.0.0 Z-GROUP.INFO
0.0.0.0 ZDRAV.INFO
0.0.0.0 ZHESTOV.NET
0.0.0.0 ZOOSPB.COM
0.0.0.0 goldenpiginvest.com
0.0.0.0 goldenpiginvest.net
0.0.0.0 pharmacy-viagra.net
# === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
Also - You can (AND SHOULD) verify your HOSTS file location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe & going here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc
In the DataBasePath entry, in the right-hand side pane of regedit.exe....
(That is, UNLESS you KNOW that YOU move it, as I do!)
I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!
That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).
----
FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):
I.P. address block for Russian Business Network:
81.95.144.0/20 #SBL43489
(81.95.144.0 - 81.95.159.255)
And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:
85.255.112.0/20 #SBL36702
(85.255.112.0 - 85.255.127.255)
69.50.160.0/19
(69.50.160.0 - 69.50.191.255)
194.146.204.0/22 #SBL51152
(194.146.204.0 - 194.146.207.255)
Lastly/Optionally - You should block all IPs starting with these if you do not care about Russia and China:
193.
194.
195.
213.
217.
62.64.
62.76.
(AND, A few major Internet providers that provide services to RBN including)
Tiscali.uk
SBT Telecom
Aki Mon Telecom
Nevacon LTD
Frame Cash
76service
Noc4Hosts
APK
(RELIABLE/REPUTABLE SOURCE USED = http://www.spamhaus.org/rokso/evidence.las...okso_id=ROK7465
----
FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1"
(That is simply because iirc, the zero's based one leads to a NULL port type of request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple of reasons (which it took me some time to come up w/ & testing as to which is "better" to use)).
SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses + loads FAR faster, & is smaller on disk is why - AND, in RAM once loaded: THUS, I am logically concluding that 0.0.0.0 is better to use period for HOSTS file blocks - same function, & @ LESSER cost, nearly all the way around (less diskspace, faster loadspeed, less memory occupancy, & etc. et al). A MORE EFFICIENT STRUCTURE!
----
USING NOTEPAD.EXE
ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):
# === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
0.0.0.0 rxpharmacy-support.com
0.0.0.0 ns3.cnmsn.com
0.0.0.0 thecanadianmeds.com
0.0.0.0 officialmedicines.com
0.0.0.0 psxshop.com
0.0.0.0 10000xing.cn
0.0.0.0 222360.com
0.0.0.0 adslooks.info
0.0.0.0 bnably.com
0.0.0.0 eqcorn.com
0.0.0.0 familypostcards2008.com
0.0.0.0 freshcards2008.com
0.0.0.0 happy2008toyou.com
0.0.0.0 happysantacards.com
0.0.0.0 hellosanta2008.com
0.0.0.0 hohoho2008.com
0.0.0.0 kqfloat.com
0.0.0.0 ltbrew.com
0.0.0.0 mymetavids.com
0.0.0.0 obebos.cn
0.0.0.0 parentscards.com
0.0.0.0 postcards-2008.com
0.0.0.0 ptowl.com
0.0.0.0 qavoter.com
0.0.0.0 santapcards.com
0.0.0.0 santawishes2008.com
0.0.0.0 siski.cn
0.0.0.0 snbane.com
0.0.0.0 snlilac.com
0.0.0.0 tibeam.com
0.0.0.0 tushove.com
0.0.0.0 wxtaste.com
0.0.0.0 yxbegan.com
0.0.0.0 iframedollars.biz
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 RUSOUVENIRS.COM
0.0.0.0 RBNNETWORK.COM
0.0.0.0 NS1.INFOBOX.ORG
0.0.0.0 NS2.INFOBOX.ORG
0.0.0.0 NS1.RUSOUVENIRS.COM
0.0.0.0 NS2.RUSOUVENIRS.COM
0.0.0.0 NS1.RUSOUVENIRS.NET
0.0.0.0 NS2.RUSOUVENIRS.NET
0.0.0.0 SBTTEL.COM
0.0.0.0 AKIMON.COM
0.0.0.0 AKIMON.NET
0.0.0.0 EEXHOST.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 NS1.4USER.NET
0.0.0.0 NS1.AKIMON.COM
0.0.0.0 NS1.EEXHOST.COM
0.0.0.0 NAME1.AKIMON.COM
0.0.0.0 NS1.RBNNETWORK.COM
0.0.0.0 NS2.4USER.NET
0.0.0.0 NS2.AKIMON.COM
0.0.0.0 NAME2.AKIMON.COM
0.0.0.0 NS2.RBNNETWORK.COM
0.0.0.0 NS2.EEXHOST.COM
0.0.0.0 VALUEDOT.NET
0.0.0.0 ns0.valuedot.net
0.0.0.0 ns1.valuedot.net
0.0.0.0 1000WATT.BIZ
0.0.0.0 2SOVKA.NET
0.0.0.0 AIDEN-GROUP.COM
0.0.0.0 AKIMON.COM
0.0.0.0 ALEKC.NET
0.0.0.0 ANDREY-STUDIO.INFO
0.0.0.0 AUTOKUBAN.INFO
0.0.0.0 AVIATRAVELAGENCY.COM
0.0.0.0 AVTOMOBILEY.NET
0.0.0.0 BAGATITSA.COM
0.0.0.0 BAIKERGROUP.COM
0.0.0.0 BALTICDOORS.COM
0.0.0.0 BALTMONOLIT.COM
0.0.0.0 BRIGADA-EL.COM
0.0.0.0 CARPRIVOZ.COM
0.0.0.0 CHILLERU.COM
0.0.0.0 CVETOVODSTVO.COM
0.0.0.0 E-GOLD-CHANGER.COM
0.0.0.0 ELECTRONOV.NET
0.0.0.0 FASHIONER.BIZ
0.0.0.0 FFFFFF.ORG
0.0.0.0 FIFACUP06.INFO
0.0.0.0 FISHTORG.COM
0.0.0.0 FKGARANT.COM
0.0.0.0 FOTORETUSH.COM
0.0.0.0 FREGATSOFT.COM
0.0.0.0 FROLROMANOFF.COM
0.0.0.0 FULLVER.INFO
0.0.0.0 GAKKEL.COM
0.0.0.0 GARANTSERVICE.ORG
0.0.0.0 GDEDENGI.INFO
0.0.0.0 GLAZKI.NET
0.0.0.0 GOLD-DRAGON.INFO
0.0.0.0 GORODM.COM
0.0.0.0 GRAYZI.NET
0.0.0.0 GRIFFINFLY.COM
0.0.0.0 HEAT-ENERGO.COM
0.0.0.0 HITEMA.NET
0.0.0.0 HYIPREVIEW.INFO
0.0.0.0 HYIPSMAP.COM
0.0.0.0 ILOXX.ORG
0.0.0.0 IMYA.INFO
0.0.0.0 INFODOSKA.COM
0.0.0.0 INTERNETWORLDBOOK.COM
0.0.0.0 KLIMATA.NET
0.0.0.0 KOMOV.NET
0.0.0.0 KOSMETICHKA.NET
0.0.0.0 LIDTRADE.COM
0.0.0.0 LIFE-RU.ORG
0.0.0.0 LPSPB.COM
0.0.0.0 M-OST.NET
0.0.0.0 M-UNLOCK.COM
0.0.0.0 MAMRU.COM
0.0.0.0 MAPSERV.COM
0.0.0.0 MASTERDOKS.COM
0.0.0.0 MIRMED.COM
0.0.0.0 MOOSEMUSE.COM
0.0.0.0 MOREPRODUCT.NET
0.0.0.0 MUSEMOOSE.COM
0.0.0.0 NESTRONICS.COM
0.0.0.0 NESTRONICS.NET
0.0.0.0 NOFUN.INFO
0.0.0.0 OIL-GAS-MINERALS.COM
0.0.0.0 OKOSHKA.NET
0.0.0.0 OPTIMUS.BIZ
0.0.0.0 OTKRITKI.NET
0.0.0.0 OTKRITOK.NET
0.0.0.0 PARALLELSIXTY.COM
0.0.0.0 PASSOMONTANO.COM
0.0.0.0 PETROBALT.NET
0.0.0.0 PHARMACY-MD.COM
0.0.0.0 PISKUNOV.NET
0.0.0.0 POIGRAI.INFO
0.0.0.0 PROETCONTRA.ORG
0.0.0.0 PSOLAO.ORG
0.0.0.0 ROSEL.INFO
0.0.0.0 SBTTEL.COM
0.0.0.0 SECONDAPPROACH.COM
0.0.0.0 SMARTSOFTLINE.COM
0.0.0.0 SMESHNOY.COM
0.0.0.0 SQUAREDREAM.COM
0.0.0.0 STROIINFORM.COM
0.0.0.0 STROYBRIGADA.COM
0.0.0.0 TANK-HOBBY.COM
0.0.0.0 TECHNONORDIC.COM
0.0.0.0 TELEUNITED.NET
0.0.0.0 TEPLOCOM.COM
0.0.0.0 THERMOCAUTERY.COM
0.0.0.0 TIARU.COM
0.0.0.0 TRADEFINANS.COM
0.0.0.0 TRADEFINANS.NET
0.0.0.0 TRAININGS-TRIUMPH.ORG
0.0.0.0 TSAR-SUVENIR.COM
0.0.0.0 UEFACUP08.INFO
0.0.0.0 UMNIKSOFT.COM
0.0.0.0 UNDERCOOLED.NET
0.0.0.0 VALIDBIT.COM
0.0.0.0 VERESC.ORG
0.0.0.0 VOROLAIN.COM
0.0.0.0 WHITENIGHTSHOSTELS.COM
0.0.0.0 WORLDFONDS.NET
0.0.0.0 XRUST.NET
0.0.0.0 YAHOCHU.COM
0.0.0.0 Z-GROUP.INFO
0.0.0.0 ZDRAV.INFO
0.0.0.0 ZHESTOV.NET
0.0.0.0 ZOOSPB.COM
0.0.0.0 goldenpiginvest.com
0.0.0.0 goldenpiginvest.net
0.0.0.0 pharmacy-viagra.net
# === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
Also - You can (AND SHOULD) verify your HOSTS file location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe & going here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
& checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc
In the DataBasePath entry, in the right-hand side pane of regedit.exe....
(That is, UNLESS you KNOW that YOU move it, as I do!)
I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!
That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).
----
FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):
I.P. address block for Russian Business Network:
81.95.144.0/20 #SBL43489
(81.95.144.0 - 81.95.159.255)
And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:
85.255.112.0/20 #SBL36702
(85.255.112.0 - 85.255.127.255)
69.50.160.0/19
(69.50.160.0 - 69.50.191.255)
194.146.204.0/22 #SBL51152
(194.146.204.0 - 194.146.207.255)
Lastly/Optionally - You should block all IPs starting with these if you do not care about Russia and China:
193.
194.
195.
213.
217.
62.64.
62.76.
(AND, A few major Internet providers that provide services to RBN including)
Tiscali.uk
SBT Telecom
Aki Mon Telecom
Nevacon LTD
Frame Cash
76service
Noc4Hosts
APK
So you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above?
Well, I strongly suspect "they're @ it again" & here is why:
Cyber-attack launched from 10,000 web pages:
http://itnews.com.au/News/71994,cyberattac...-web-pages.aspx
"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
(AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)...
APK
Well, I strongly suspect "they're @ it again" & here is why:
Cyber-attack launched from 10,000 web pages:
http://itnews.com.au/News/71994,cyberattac...-web-pages.aspx
"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
(AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)...
APK
"New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:
SECOND MASS HACK EXPOSED:
http://www.itnews.com.au/News/72214,second...ck-exposed.aspx
AND, the source I used for this list:
http://ddanchev.blogspot.com/2008/03/more-...ame-attack.html
And, the salient portion that notes that my suspicion was correct:
"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"
So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:
START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
0.0.0.0 do-t-h-e.com
0.0.0.0 rx-pharmacy.cn
0.0.0.0 m5b.info
0.0.0.0 hotpornotube08.com
0.0.0.0 hot-pornotube-2008.com
0.0.0.0 hot-pornotube08.com
0.0.0.0 adult-tubecodec2008.com
0.0.0.0 adulttubecodec2008.com
0.0.0.0 hot-tubecodec20.com
0.0.0.0 media-tubecodec2008.com
0.0.0.0 porn-tubecodec20.com
0.0.0.0 scanner.spyshredderscanner.com
0.0.0.0 xpantivirus2008.com
0.0.0.0 xpantivirus.com
0.0.0.0 bestsexworld.info
0.0.0.0 requestedlinks.com
END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:
do-t-h-e.com (69.50.167.166)
rx-pharmacy.cn (82.103.140.65)
m5b.info (124.217.253.6)
hotpornotube08.com (206.51.229.67)
hot-pornotube-2008.com (206.51.229.67)
hot-pornotube08.com (206.51.229.67)
adult-tubecodec2008.com (195.93.218.43)
adulttubecodec2008.com (195.93.218.43)
hot-tubecodec20.com (195.93.218.43)
media-tubecodec2008.com (195.93.218.43)
porn-tubecodec20.com (195.93.218.43)
scanner.spyshredderscanner.com (77.91.229.106)
xpantivirus2008.com (69.50.173.10)
xpantivirus.com (72.36.198.2)
bestsexworld.info (72.232.224.154)
requestedlinks.com (216.255.185.82)
Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):
89.149.243.201
89.149.243.202
72.232.39.252
195.225.178.21
* Enjoy, stay safe, & keep surfing!
APK
SECOND MASS HACK EXPOSED:
http://www.itnews.com.au/News/72214,second...ck-exposed.aspx
AND, the source I used for this list:
http://ddanchev.blogspot.com/2008/03/more-...ame-attack.html
And, the salient portion that notes that my suspicion was correct:
"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"
So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:
START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
0.0.0.0 do-t-h-e.com
0.0.0.0 rx-pharmacy.cn
0.0.0.0 m5b.info
0.0.0.0 hotpornotube08.com
0.0.0.0 hot-pornotube-2008.com
0.0.0.0 hot-pornotube08.com
0.0.0.0 adult-tubecodec2008.com
0.0.0.0 adulttubecodec2008.com
0.0.0.0 hot-tubecodec20.com
0.0.0.0 media-tubecodec2008.com
0.0.0.0 porn-tubecodec20.com
0.0.0.0 scanner.spyshredderscanner.com
0.0.0.0 xpantivirus2008.com
0.0.0.0 xpantivirus.com
0.0.0.0 bestsexworld.info
0.0.0.0 requestedlinks.com
END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:
do-t-h-e.com (69.50.167.166)
rx-pharmacy.cn (82.103.140.65)
m5b.info (124.217.253.6)
hotpornotube08.com (206.51.229.67)
hot-pornotube-2008.com (206.51.229.67)
hot-pornotube08.com (206.51.229.67)
adult-tubecodec2008.com (195.93.218.43)
adulttubecodec2008.com (195.93.218.43)
hot-tubecodec20.com (195.93.218.43)
media-tubecodec2008.com (195.93.218.43)
porn-tubecodec20.com (195.93.218.43)
scanner.spyshredderscanner.com (77.91.229.106)
xpantivirus2008.com (69.50.173.10)
xpantivirus.com (72.36.198.2)
bestsexworld.info (72.232.224.154)
requestedlinks.com (216.255.185.82)
Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):
89.149.243.201
89.149.243.202
72.232.39.252
195.225.178.21
* Enjoy, stay safe, & keep surfing!
APK
The "RBN"'s still @ it (per earlier in this guide/last page)
&
Gaining more servers to attack folks with online!
(Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):
http://ddanchev.blogspot.com/
He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).
APK
&
Gaining more servers to attack folks with online!
(Per my earlier posts on how to add to a HOSTS file & their IP addresses above - this gent is whom I got this info. from & he's a fairly noted security researcher + ontop of them & their activities online it seems, use him for a resource, excellent so far (proved me right in my guess above too, albeit far later than I guessed it was they, lol (pretty obvious if you follow security trends & news though to be honest)):
http://ddanchev.blogspot.com/
He has more servers there (updated list is why) vs. my own above... if you're into your online security? Refer to it & add his lists to your HOSTS file too (or, email me for mine to save time if you wish, many have).
APK
For users of Adobe Acrobat Reader (of any version or patch level today - safety hint):
Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears truly "ill will")?
Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY?
(I say this, & simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)
Plus, like I had stated earlier in this guide?
I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??
Try this FOR ADOBE ACROBAT READER ALSO:
TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER!
Simply to be safe vs. attacks in it that are javascript-based in nature!
----
Use Adobe Acrobat's EDIT menu
PREFERENCES submenu
Javascript section (in left-hand side column of options)
& uncheck "Enable Acrobat Javascript" in the right-hand side option for that.
----
What boggles MY mind, moreso in webbrowsers &/or email programs though (as far as javascript is concerned)? Browser makers are working on speeding up its processing, first, rather than securing its weak/exploitable DOM (document object model) behind it.
Speeding up javascript in webbrowser programs, for example?
WELL - That's only speeding up how FAST you can be infected by misuse of javascript then, really, & this is all (not good!).
(AND, anyone reading here now can simply take a read over @ SECUNIA.COM &/or SECURITYFOCUS.COM & see that a GOOD 95% of today's attacks are hitting users via the indiscriminate use of javascript (misuse of it) on every website they go to).
----
Imo @ least, but, one based on the data in this guide (plus that from security websites I noted above)?
Javascript should be turned off by DEFAULT in a webbrowser!
Why??
Well, because most times, if a site needs it???
The site errs out & signals the user javascript is required. Turn it on @ that point, IF you absolutely NEED it to be running (& only then, for useful tasks you wish to perform online, such as data access like you see on shopping &/or banking websites)
I mean, hey: Even adbanners have been abused this way & proofs of that abound in this guide no less.
In fact, when I noted this over @ slashdot?
I was "modded down" for it, & just for telling the truth to javascript (& other scripting languages) developers... just for telling the truth! Boggles the mind. Secure that DOM behind javascript first, for security, AND ONLY THEN, work on speeding it up afterwards. That's not how it's being done though, unfortunately.
----
10 Forces Guiding the Future of Scripting:
http://developers.slashdot.org/comments.pl...mp;cid=25362703
----
Another bonus (for speed this time though, not security), also exists in turning off javascript processing in webbrowsers: Speed.
I.E.-> You're not using CPU cycles processing scripts that you probably don't actively directly use, yourself (such as ARE needed on e-commerce/shopping + banking websites, where you DO need it mostly to do actual useful tasks), & you're also not "hauling in" data from other servers (slowing you down even moreso, if not compromising your system (such as have been seen the past 4++ yrs. now or so, in bad adbanners that house javascript misuse)) that you don't really need, or want, around on your webpages you view...
APK
P.S.=> That assures you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)...
So, evidence as to WHY one should do this to Adobe Acrobat Reader (until it's patched vs. this type of thing):
Critical Vulnerability In Adobe Reader:
http://it.slashdot.org/article.pl?sid=08/11/05/2042211
(Dated 11/06/2008, 8 months after I noted this here no less - if/when Adobe secures THIS particular exploit in their program? Turning off javascript processing (enabled by DEFAULT in that program no less, mind you) can help protect vs. other exploits like this one, in the future, that misuse javascript)...
----
Turning off javascript in this program, & also webbrowsers + email programs simply assures you that you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)... apk
Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears truly "ill will")?
Well, update to the latest/greatest version... HOWEVER, if you don't trust that, as I do not, FULLY?
(I say this, & simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)
Plus, like I had stated earlier in this guide?
I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??
Try this FOR ADOBE ACROBAT READER ALSO:
TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER!
Simply to be safe vs. attacks in it that are javascript-based in nature!
----
Use Adobe Acrobat's EDIT menu
PREFERENCES submenu
Javascript section (in left-hand side column of options)
& uncheck "Enable Acrobat Javascript" in the right-hand side option for that.
----
What boggles MY mind, moreso in webbrowsers &/or email programs though (as far as javascript is concerned)? Browser makers are working on speeding up its processing, first, rather than securing its weak/exploitable DOM (document object model) behind it.
Speeding up javascript in webbrowser programs, for example?
WELL - That's only speeding up how FAST you can be infected by misuse of javascript then, really, & this is all (not good!).
(AND, anyone reading here now can simply take a read over @ SECUNIA.COM &/or SECURITYFOCUS.COM & see that a GOOD 95% of today's attacks are hitting users via the indiscriminate use of javascript (misuse of it) on every website they go to).
----
Imo @ least, but, one based on the data in this guide (plus that from security websites I noted above)?
Javascript should be turned off by DEFAULT in a webbrowser!
Why??
Well, because most times, if a site needs it???
The site errs out & signals the user javascript is required. Turn it on @ that point, IF you absolutely NEED it to be running (& only then, for useful tasks you wish to perform online, such as data access like you see on shopping &/or banking websites)
I mean, hey: Even adbanners have been abused this way & proofs of that abound in this guide no less.
In fact, when I noted this over @ slashdot?
I was "modded down" for it, & just for telling the truth to javascript (& other scripting languages) developers... just for telling the truth! Boggles the mind. Secure that DOM behind javascript first, for security, AND ONLY THEN, work on speeding it up afterwards. That's not how it's being done though, unfortunately.
----
10 Forces Guiding the Future of Scripting:
http://developers.slashdot.org/comments.pl...mp;cid=25362703
----
Another bonus (for speed this time though, not security), also exists in turning off javascript processing in webbrowsers: Speed.
I.E.-> You're not using CPU cycles processing scripts that you probably don't actively directly use, yourself (such as ARE needed on e-commerce/shopping + banking websites, where you DO need it mostly to do actual useful tasks), & you're also not "hauling in" data from other servers (slowing you down even moreso, if not compromising your system (such as have been seen the past 4++ yrs. now or so, in bad adbanners that house javascript misuse)) that you don't really need, or want, around on your webpages you view...
APK
P.S.=> That assures you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)...
So, evidence as to WHY one should do this to Adobe Acrobat Reader (until it's patched vs. this type of thing):
Critical Vulnerability In Adobe Reader:
http://it.slashdot.org/article.pl?sid=08/11/05/2042211
(Dated 11/06/2008, 8 months after I noted this here no less - if/when Adobe secures THIS particular exploit in their program? Turning off javascript processing (enabled by DEFAULT in that program no less, mind you) can help protect vs. other exploits like this one, in the future, that misuse javascript)...
----
Turning off javascript in this program, & also webbrowsers + email programs simply assures you that you are "bullet-proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them for exploiting you online today!
NOW - the only hassle here is that SOMETIMES, there is so much javascript in them, ADOBE MAY "nag" a lot about it, & should have a feature to turn that off (imo @ least)... apk
USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET!
This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area.
IF you don't recognize a ware?
Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).
APK
This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area.
IF you don't recognize a ware?
Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).
APK
SECURING THE TELNET SERVICE & USER GROUPS:
And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).
http://www.markusjansson.net/exp.html
Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm
He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).
APK
P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:
=================================
APK "A to Z" Internet Speedup & Security Text!
=================================
http://www.neowin.net/news/main/01/11/29/a...--security-text
=================================
Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk
And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).
http://www.markusjansson.net/exp.html
Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm
He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).
APK
P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:
=================================
APK "A to Z" Internet Speedup & Security Text!
=================================
http://www.neowin.net/news/main/01/11/29/a...--security-text
=================================
Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk
"Checks & Balances" (accuracy check of this article by "pros" (still, test for yourselves, because a simple certification doesn't a security-pro make)), Part 1
I also "took the liberty" of contacting a "security-pro" (in Don Parker of "SecurityFocus.com" fame)!
This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:
**********
Hello apk,
I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.
--Don
**********
That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all - because mere certifications do NOT an 'expert make', as in the fellow I note above, because iirc, that is ALL he has going for him afaik & to myself @ least? THIS IS NOT ENOUGH, certs are not the same as full degrees, & not by a LONG shot in this field) in the arena of computer security!
So, test for yourselves, via CIS Tool - to be sure...
--------------
Also - Do please check this page out, for even more security points:
http://csrc.nist.gov/itsec/download_WinXP_Home.html
Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf
----
The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?
That also lists a "6.32 Removing Malware" section as well!
So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!
(In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)
Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!
E.G.->
That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).
APK
I also "took the liberty" of contacting a "security-pro" (in Don Parker of "SecurityFocus.com" fame)!
This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:
**********
Hello apk,
I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.
--Don
**********
That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all - because mere certifications do NOT an 'expert make', as in the fellow I note above, because iirc, that is ALL he has going for him afaik & to myself @ least? THIS IS NOT ENOUGH, certs are not the same as full degrees, & not by a LONG shot in this field) in the arena of computer security!
So, test for yourselves, via CIS Tool - to be sure...
--------------
Also - Do please check this page out, for even more security points:
http://csrc.nist.gov/itsec/download_WinXP_Home.html
Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf
----
The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?
That also lists a "6.32 Removing Malware" section as well!
So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!
(In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)
Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!
E.G.->
- Securing wireless networks
- Securing MS-Office apps better
- Script file extensions associations with notepad.exe for instance (for safety vs. scripted attacks)
- More on email & webbrowser security
- The SIGVERIFY utility (file signature checker)
- Disabling unneeded accounts
That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).
APK
http://img297.imageshack.us/img297/2240/52041100vo6.png
That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.
A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...
* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):
http://www.xtremepccentral.com/forums/showthread.php?t=28430
& again, here is my 85.706/100 score on CIS Tool on Windows Server 2003 SP #2 fully hotfix patched also for reference:
http://forums.techpowerup.com//attachment....mp;d=1192208359
APK
P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.
A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...
* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):
http://www.xtremepccentral.com/forums/showthread.php?t=28430
& again, here is my 85.706/100 score on CIS Tool on Windows Server 2003 SP #2 fully hotfix patched also for reference:
http://forums.techpowerup.com//attachment....mp;d=1192208359
APK
P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk
Whoops, spoke TOO soon (as to concluding this post) - some more info. & tools on securing yourself coming next, albeit NOT so much for the Operating System itself, but this time, for applications too (as well as patch levels of them AND the OS also)...
APK
P.S.=> Mods/Admins? Feel free to burn THIS reply post of mine here, as I cannot (don't have your rights level here, of course, is why)... apk
APK
P.S.=> Mods/Admins? Feel free to burn THIS reply post of mine here, as I cannot (don't have your rights level here, of course, is why)... apk
More security tools/info. (04/28/2008), for APPLICATION LEVEL SECURITY:
(I.E.-> For checking for apps you have that may be security vulnerable OR have been patched vs. said vulnerabilities, etc.):
----
SECUNIA PSI (checks for outdated OR apps that are known to be insecure):
https://psi.secunia.com/
NEW VERSION (released very recently too).
A good program, by a trusted & WELL-KNOWN security-oriented website online (I tried version 1 earlier on last year, it needed work. This one is solid though, so far @ least, imo!)
(It works, & sometimes catches things FILEHIPPO UPDATE CHECKER below, won't - good "2nd Doctor's opinion" etc.)
----
FileHippo's Update Checker (checks for outdated OR apps that are known to be insecure, supplement's PSI above):
http://filehippo.com/updatechecker/
Decent program as well, & good to use as a supplement to the SECUNIA PSI Tool as well (from a well-known file downloads site also in filehippo).
(It works, & sometimes catches things SECUNIA PSI above, won't - good "2nd Doctor's opinion" etc.)
----
Windows Vulnerability Scanner:
http://www.pspl.com/download/winvulscan.htm
Nice program for checking Microsoft Operating Systems &/or Ms-Office versions vs. missing security patches, & it works, very well!
----
APK Registry Cleaning Engine 2002++ SR-7:
http://www1.techpowerup.com//downloads/389...ooglehappy.html
* Yes, "shameless plug" on MY part on the last one, but, it does have "security benefits"...
(& more than potentially useful forensics ones, because it shows you what files a user calls upon via its lists (it does check recently used filelists, but, will also list those files the user attempted to delete (this assumes he may have been attempting to hide them)))... it is 100% proven SAFE on all 32-bit versions of Windows (see its description & feedback by users on the download page) 9x-VISTA as well)).
APK
(I.E.-> For checking for apps you have that may be security vulnerable OR have been patched vs. said vulnerabilities, etc.):
----
SECUNIA PSI (checks for outdated OR apps that are known to be insecure):
https://psi.secunia.com/
NEW VERSION (released very recently too).
A good program, by a trusted & WELL-KNOWN security-oriented website online (I tried version 1 earlier on last year, it needed work. This one is solid though, so far @ least, imo!)
(It works, & sometimes catches things FILEHIPPO UPDATE CHECKER below, won't - good "2nd Doctor's opinion" etc.)
----
FileHippo's Update Checker (checks for outdated OR apps that are known to be insecure, supplement's PSI above):
http://filehippo.com/updatechecker/
Decent program as well, & good to use as a supplement to the SECUNIA PSI Tool as well (from a well-known file downloads site also in filehippo).
(It works, & sometimes catches things SECUNIA PSI above, won't - good "2nd Doctor's opinion" etc.)
----
Windows Vulnerability Scanner:
http://www.pspl.com/download/winvulscan.htm
Nice program for checking Microsoft Operating Systems &/or Ms-Office versions vs. missing security patches, & it works, very well!
----
APK Registry Cleaning Engine 2002++ SR-7:
http://www1.techpowerup.com//downloads/389...ooglehappy.html
* Yes, "shameless plug" on MY part on the last one, but, it does have "security benefits"...
(& more than potentially useful forensics ones, because it shows you what files a user calls upon via its lists (it does check recently used filelists, but, will also list those files the user attempted to delete (this assumes he may have been attempting to hide them)))... it is 100% proven SAFE on all 32-bit versions of Windows (see its description & feedback by users on the download page) 9x-VISTA as well)).
APK
A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?
http://mtc.sri.com/
* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!
APK
http://mtc.sri.com/
* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!
APK
Conclusion
To all interested/reading:
I think this is it guys, I know of NO MORE to secure a Windows System... & again - IF any of you have ponits to add, please do so, but, I only ask that you keep it @ a technical computer security level (per my 1st initial post here's "P.S." section @ its termination).
* ENJOY A FASTER & SAFER Windows based system of modern variety (2000/XP/Server 2003 & even VISTA) online today (especially TODAY!)...
APK
P.S.=> In other words, please - no "grammar & spelling" English "writing style" critiques, as they do NOT help to secure a system further... I did try to keep it as SHORT as possible, & to have folks use the CIS Tool to help make it easier + more fun.
(HOWEVER, @ times, the material is complex & I could not "shorten/condense it" anymore w/ out losing critical details & such! Please bear with that much, & gain by this thread by getting those 90++ scores on CIS Tool, surfing safely & F A S T E R online as a bonus once you apply the points I layered ontop of CIS Tool's guidance points (based on "industry best practices" & such))...
Thanks! apk
To all interested/reading:
I think this is it guys, I know of NO MORE to secure a Windows System... & again - IF any of you have ponits to add, please do so, but, I only ask that you keep it @ a technical computer security level (per my 1st initial post here's "P.S." section @ its termination).
* ENJOY A FASTER & SAFER Windows based system of modern variety (2000/XP/Server 2003 & even VISTA) online today (especially TODAY!)...
APK
P.S.=> In other words, please - no "grammar & spelling" English "writing style" critiques, as they do NOT help to secure a system further... I did try to keep it as SHORT as possible, & to have folks use the CIS Tool to help make it easier + more fun.
(HOWEVER, @ times, the material is complex & I could not "shorten/condense it" anymore w/ out losing critical details & such! Please bear with that much, & gain by this thread by getting those 90++ scores on CIS Tool, surfing safely & F A S T E R online as a bonus once you apply the points I layered ontop of CIS Tool's guidance points (based on "industry best practices" & such))...
Thanks! apk
I know a good tool for work with Microsoft Outlook-recovery ost, repair your data, when *.ost file, that is stored on you PC, is corrupted or you cannot restore connection to a Microsoft Exchange Server,since all emails, contacts and tasks are stored on Microsoft Exchange Server, all user accounts of your organization may be lost at once, when the server gets out of order due to a virus or hacker attack,This tool for mail recovery Outlook ost can repair *.ost files and convert them into *.pst files. Please note, that if your account is lost, Microsoft Exchange Server will recreate it. This process means, that all of your personal data will be deleted.
For those of you interested in using custom HOSTS files (for BOTH added security & added speed online)?
"APK Hosts File Grinder 4.0++"
http://www.thenewtech.com/forums/attachmen...mp;d=1214726022
(Sorry, this board does NOT allow "dynamic image tags" so, if you wish to see a screenshot of it, where I documented its development? See here -> http://www.thenewtech.com/forums/chit-chat....html#post16080 )
----
The application above has been built by myself, for folks just like YOU, & of course, myself!
----
It allows you the end-user, the ability to:
----
It has allowed me to:
A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area), & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even), reduce its size that way (1/2 the intial size almost from all that date), first...
B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!
C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).
-----
* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:
apk4776239@hotmail.com
APK
P.S.=> General statistics on its, while in operation:
700k-5900k memory occupancy prior to load of HOSTS file data...
( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)
Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)
PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)
(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))
+
A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)
Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk
"APK Hosts File Grinder 4.0++"
http://www.thenewtech.com/forums/attachmen...mp;d=1214726022
(Sorry, this board does NOT allow "dynamic image tags" so, if you wish to see a screenshot of it, where I documented its development? See here -> http://www.thenewtech.com/forums/chit-chat....html#post16080 )
----
The application above has been built by myself, for folks just like YOU, & of course, myself!
----
It allows you the end-user, the ability to:
- 1.) DO very EASY Integrating the HOSTS files of others, such as MVPS.ORG & others noted @ wikipedia, here -> http://en.wikipedia.org/wiki/Hosts_file (even if in other internal line-by-line formats) "scrubbed into" the MOST EFFICIENT format there is (allowing less memory &/or disk space occupancy for loading, of 0<singlespace>URL<cr+lf> ), first, & then...
- 2.) Speed up access to your fav sites, via 1st pinging them (so their IP Address IS up-to-date/current), & adding them to the normalized non-repeat line items list on the right above
- 3.) Add/remove sites from a hosts file, but by first checking for their pre-existence inside the HOSTS file on ADDS, & rejecting if there already (& adding if NOT present)
- 4.) Lastly, it will FULLY NORMALIZE (accurately 110%) a HOSTS file (normalize = removal of duplicates)...leaving you with one in the MOST efficient format line-wise there is (noted above, which consumes less memory & faster loadtime from disk)
----
It has allowed me to:
A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area), & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even), reduce its size that way (1/2 the intial size almost from all that date), first...
B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!
C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).
-----
* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:
apk4776239@hotmail.com
APK
P.S.=> General statistics on its, while in operation:
700k-5900k memory occupancy prior to load of HOSTS file data...
( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)
Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)
PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)
(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))
+
A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)
Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk