|21 Aug 2010||#1|
| || |
Truly Secure Computing: A Knowledge Share
It's impossible to be 100% protected from viruses and hackers right?
Nah, that's nonsense!
Here is my knowledge share on how to stay almost 100% safe on the web.
Encrypt Your Entire OS and/or HDD: TrueCrypt
This is the highest level of offline file protection possible.
A. Encrypt your entire drive, not just a file or folder.
B. Use the strongest encryption possible.
C. Use Pre-Boot Authentication: You have to enter a password so True Crypt will decrypt your drive/os.
i. Note that Disk Encryption was not designed to protect your drive when your computer is running, as it has to be decrypted before it is loaded into memory. ButÖ
ii. If someone steals your computer or a hacker snags your data, or even if they discover your windows password, they will need your encryption keys to get at your data, or to launch the OS.
iii. If youíve protected it with very strong encryption, a thief is left with useless gibberish without your encryption keys.D. Your encryption software should come with a recovery disk. Don't waste any time: Create the disk immediately!
E. Your encryption software should allow you to authenticate from a USB, CD-Rom, or some other removable device (meaning the boot-loader is on a removable device). In this way, if you want, no one can access your computer without the USB or CD or SD card.
Web Sense & Web Defense:A. Use Fake Challenge Responses And Remember The Answers
Going beyond "Common Sense" On The Web
i. The easiest way to break into someone's email or website account is by knowing someone's challenge answers.
1. If you forget your password on a site, you are usually asked a challenge question, such as ďWhat City Were You Born In?Ē
a. Please donít answer that question with the truth; Remember that your X, your worst enemy, and even best friend all know the answer, too. And they might be curious about you.
B. Use The Firefox Web Browser & The No-Script and Ad-Block Plus Add-onsb. Answer web challenge questions with fake answers. Example: City I was born in? YomaKabujo99. Thatís a fake city and who could possibly guess that?
i. I know, everyone likes their favorite browser and ďChrome is just so fast,Ē but honestly: The only way to be nearly always protected from web threats is to use Firefox with No-Script and Ad-Block plus.
Some Info On Ad-Block Plus: Annoyed by adverts? Troubled by tracking? Bothered by banners? Install Adblock Plus now to regain control of the internet and change the way that you view the web. You can also choose from over forty filter subscriptions to automatically configure the add-on for purposes ranging from removing online advertising to blocking all known malware domains.
C. Donít click on links if you donít know the site is secure.
i. Donít click on anything if you donít really know the site is secure
a. Donít click on anything you donít know is secure
Don't Use Your Password. Use Mine?
Strong Passwords Need To Be Long. But They're Easy To Remember
A. Donít use a password like: BobTheBear9.Thatís not strong.
B. Do use a password like: &^$(383JHdiodjhe(*%^()%^34HR%#(-3HFD^693. Don't worry, you'll remember it, please read on.
The best cracking programs in the world will literally take centuries or millennia to crack a password that long and complex. BobTheBear9 will be cracked easily.
1. All the password's letters are in lower case
2. You've use a word from the dictionary in your password
When you use a long, nonsensical password, it can virtually take forever to crack it. Most hackers will just give up and move on to a more vulnerable target.3. You have personal details about yourself in the password (your kids names with a 1 or 0, your pets name, birthday)
But who wants to remember a 28 character password?
C. Try A Password Manager:
A password manager stores all your passwords and associated websites or applications in a password protected, strongly encrypted drive.
A password manager will remember all your passwords for you.
Robo Form - One of the best, nearly fully automated. It can even log you into a site just by typing the URL.Since you no longer have to type in your password, and because it appears masked [●●●●●●●●●●●●●●●●●●●●●●] on the screen where you log in, you've effectively defeated a key logger, which is either logging your keystrokes or taking screen-shots.
KeePass - Not fully automated, but uses better encryption.
Faster DNS resolution times
A faster web experience through smart DNS caching
They filter lots of malicious traffic for you.
I. Anti Virus: G-Data
Use an AV that has been tested and proven to catch lots of Malware, both known and especially unknown types.
A. Do get independent data about your AV Solution: AV-Comparatives.org is an independent testing body, not owned by AV companies, that regularly conducts scientific tests on the major Anti Virus vendors.
B. Donít trust the advice of a source with commercial interest: You can trust your favorite magazines advice if you want to, but sometimes commercial interest outweigh what's "good for the people."
i. Set your Anti Virus to update automatically
C. Passwords protect your Anti Virus: This is an option in almost all of them, and it comes in handy when some Malware is trying to disable or turn off its services.ii. Always let it update exactly when it asks to.
D. Check your AV settings: A good one should do most of the following:
i. Test the entire content of a file (some Avís donít)
ii. Unpack every compressed file and scan its contents after it is uncompressed (some Avís donít)
iii. Unpack a packed executable (like a UPX), so that it can decrypt a suspicious file and see what itís actually doing.
iv. Scan for Alternate Data Streams:
E. Perform a boot time scan at least once every couple of weeks. If the AV has the ability to scan before the OS is loaded, Malware has a very, very difficult time hiding.v. Provide a list of all files that couldnít be analyzed.
F. Use Alternate Scanners: Every so often, double check and make sure you are not infected by using a different Anti Malware application to scan your system. Hitman, Malwarebytes, and Hijack Hunter are three great apps.
II. Use a Great Firewall: Outpost Firewall
Use A Good Firewall: One that allows you to, IP by IP and port By port, Deny/Allow Traffic
A. Test out firewalls to find out which one performs best
B. Choose a firewall that lets you view ALL incoming and outgoing traffic
At the very least, it should let you view the IP addresses, Ports, Protocols, and Allowed/Blocked status of each network conversation.
The firewall should be able to monitor Loopback traffic as well, with the same detail.
The firewall settings should be protected by a password.
Knowing The Unknown: AKA, Putting In WorkDiscovering Unknown Threats: It is possible that, despite all efforts, you might still one day be infected with a piece of Malware or fall victim to a hack. If this happens, review the steps above and see where you might be able to improve your security posture.
A. Monitor Network Traffic: For those who understand protocols, and for those who want to:
1. Close all web browsers and applications that are likely to access the web, whether for updates or whatever.
2. Wait about 5 or ten minutes and then Load your packet capturing tool and start capturing
3. Go to a movie or a friends house, but let it run for at least an hour or two.
4. Come back, stop the capture, and look for anything strange.B. Monitor your systems Activity
1. Load Process Explorer or Process Hacker and Monitor the CPU usage and In/Out Reads and Writes to and from your hard disk.Image Is Everything: At Least That's What They Told Us
Check out this excellent Thread by WishMaster
Always have a quick easy way to restore your system to a known clean state if ever necessary.
For the hardcore techs, there are many other things to do: Creating SHA or MD5 hashes of all files on your system and log in a text file. Write a script to to iterate through that file and compare changes. The script could be scheduled as a task.
If you code a bit, there is some great code online for password protecting USB's (no hard switch needed), but the code basically writes random data until the drive is filled up, you're prompted for the password and then the random data is deleted. This is done so that a virus cannot infect your drive when the password is active.
Well, if you bothered to read all that, you know how I keep safe on the web. I would love to hear about everyone elseís set up.
|My System Specs|
|22 Aug 2010||#4|
| || |
I use full disk encryption with Truecrypt, but it has nothing to do with viruses at all.
I use it because it encrypts/decrypts faster than most HDD/SSDs can read/write so why not? (anything above AES is a waste of time) There's no performance decrease and if someone however unlikely steals my hard drive they have no chance of getting anything from it, I just set Windows to autologin as pre boot authentication makes it pointless and time consuming.
Everyone nowadays has discovered adblock and noscript, if anything they should come built in with Firefox lol it's true that a good AV can protect you from viruses, but not all of them especially day zero, that's why you use Sandboxing.
There's no such thing as a 100% secure system, I thought I was secure using Deep Freeze 99% of my computing time, there's even a virus that can get round that! (But it doesn't matter if you have your AV running still)
But in this day and age most people (above a certain age) aren't complete idiots with computers, if you forget a password to a website and it promts you to enter a secret answer (such as what city were you born in) you should have no worries at all if it's the truth or not unless it's some seriously dodgy website lol
What I don't understand is where all these people are getting viruses from? Obviously you should be careful online, dodgy sites are normally blatantly dodgy, and with torrents etc just read the comments.
You only need a few things to be really secure, if you're only browsing/messing around- use Deep Freeze.
If you're downloading stuff, sandbox the apps.
If for whatever reason either of those 2 fail (which they won't) you should have a good AV to back it up anyway.
If you want to be anonymous, use Tor. lol
Only reason I say this is because that's all you need- AV (Avast), Firewall (Comodo), Sandboxie, Deep Freeze. There's so many people who use 2xAV's AND Antispyware, Antimalware, Anti rootkit, etc etc with a Firewall with a built in AV lol
|My System Specs|
|23 Aug 2010||#5|
| || |
Hey Dark Energy,
Thanks for sharing your setup. Sandboxie is a really nice application, one I didn't think to post.
Everyone nowadays has discovered adblock and noscript, if anything they should come built in with Firefox
if you forget a password to a website and it promts you to enter a secret answer (such as what city were you born in) you should have no worries at all if it's the truth or not unless it's some seriously dodgy website lol
The truth is, if your challenge answers are factual, it is just too easy for people to get that information. That is what footprinting in hacking is all about. Using fake challenge answers is not something that everyday users employ.
Tor is very nice, too, but it is also subject to malicious use. Sandboxing is great, but what will a sandbox do for a keylogger? Sure, it's running in an isolated environment, but that doesn't mean that the program can't run normally. If the program was programmed to capture key strokes, it can still do that while running in a sandbox
Depp Freeze is an awesome program, I have to agree.
|My System Specs|
|24 Aug 2010||#6|
| || |
Sorry I must admit I thought you meant don't put the city you were born in in case the website somehow finds that info out and I was thinking "what does it matter?" lol I suppose the Adblock/Noscript with Firefox isn't known by everyone, but since I started using those 2 a lot of people use it now compared to then. They are 2 very basic extensions that Firefox already has built in to some extent, but they are just not customizeable on the fly
|My System Specs|
|24 Aug 2010||#7|
| || |
hey dark energy,
Sorry I must admit I thought you meant don't put the city you were born in in case the website somehow finds that info out and I was thinking "what does it matter?"
They are 2 very basic extensions that Firefox already has built in to some extent, but they are just not customizeable on the fly
Not sure what you mean by
not customizeable on the fly
Add-Block Plus, of course, allows you to add subscriptions to filter list, that will block not just advertisements, but also malicious adverts, containing malicious code, or those that redirect to malicious sites. It's pretty invaluable, but it's not at all built into Firefox yet.
Another good one is the MyWot plugin, which will actually stop you and tell you that the site is malicious. Check it out sometime.
|My System Specs|
|24 Aug 2010||#8|
| || |
I know Noscript and Adblock are different, I meant to an extent as Firefox already has basic options for them, they should build similar things into the program so it's officialy supported and works out the box. I've tried Wot but I found it quite annoying tbh lol I try to keep my addons to a minumim but lots of people recommend Wot- I'm fine with Adblock, Noscript and TorButton
|My System Specs|
|24 Aug 2010||#9|
| || |
they should build similar things into the program so it's officialy supported and works out the box.
1) Their developers are already busy with numerous projects
2) They don't own the rights to the technologies
3) They created Firefox with the ability to be modular/pluggable, so that new functionality could be added on an on-demand basis, and added and removed as user's see fit.
But it would be nice
|My System Specs|
|Similar help and support threads for2: Truly Secure Computing: A Knowledge Share|
|I need some knowledge with setting up a workgroup! Thanks||Network & Sharing|
|Do you have any knowledge on what IT's(information technology) do||Chillout Room|
|Need Warband specs knowledge.||Gaming|
|Need Knowledge about Driver Verifier||Drivers|
|Looking for software similar to Secure Share. Can anyone help||Software|
|Partitioning: Knowledge and Insights||Hardware & Devices|
|Lay your knowledge on me.||General Discussion|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 11:44 PM.