Hi folks, I have only been a subscriber for a short time, but I thought I ought to try to make some kind of contribution. I have been studying malware and security for a number of years now, mainly on a “needs to know basis”. A reactive as opposed to proactive approach, I suppose.

I would like to open this thread for all us newbies, with the hope that all will contribute. I have come across a number of excellent recommendations for security software/tools on this site, and have tried various ones myself, over the years. I think that we could usefully exchange knowledge and experience in this area? The problem with he solutions one reads is that they tend to relate to a particular problem, rather than good security measures in general?

I will try to keep this short, as I feel that too much information at once tends to swamp people (it also makez mi brane ‘urt)

So:

Let’s make a start with what “malware” tries to do:

1. Amend the Windows Registry……………..I guess that at least 95% of it tries to do that?
2. Propagate via e-mail…………….got to be 80% plus?
3. Access address books…………….maybe 70%?

There are a number of other attributes, and I may have two or three follow-up posts “on the stocks”, to deal with these (If I don’t get banned or something)……………What I am hoping to create here is a thread for us to exchange info. And experiences ………………I would hope that it lasts for a week or two.

FIRSTLY:

A. You MUST have a modern antivirus software program running. It must scan ALL programs and scan heuristically (try to anticipate malware activity). You MUST keep it up to date…a lot of the new ones will do this automatically.

B. You MUST have a personal firewall, if you are accessing the Internet. Keep this up to date, as in A. above.

These are what I call “level one” defences.

OKAY…this is for single machines only………..network stuff must come later.


SECONDLY:

Let us address the three malware activities I have introduced so far……………..

The Windows Registry………I recommend using Registry Protector from diamondcs.au I believe the program is regprot.exe, and I for one, would not be without it. You are warned if a Registry amendment is about to be made, and given the opportunity to accept or reject. It can be a pain if you load a new application, but, if it needs more than 6 registry entries it is probably no good anyway….

If you have not loaded new software and this kicks in…you may have a problem…just say “no” and see if what you wanted to happen works. If it doesn’t…just try again and say “yes” at the prompt….and on your own head be it!!!!

Propagate via e-mail……….OKAY…you have an infected box….do you want to pass it on?

Try “Mail Control” by Yavin Kaplan (http:www.internals.com)
This app. Prevents unauthorised sending of e-mail on your behalf (currently SMTP only).
It also permits you to set rules to allow/deny sending, but use this wisely, as you may negate its functionality.

VBS Script Executor…………………http://www.astonsoft.com

A new player in the security market from Estonia (a fellow EC country)…look to have some nice stuff and much more on the boil..so to speak

Seems to monitor WSH/VM for malicious VBS and JAVA scripts.

It also monitors for attempts to modify autostart AND ATTEMPTS TO OPEN ADDRESS BOOKS (nice touch!)

HERE ARE A FEW MORE:

SpywareGuard from javacool
http://www.wildersecurity.com/spywareguard.html

features live update
helpfile explains how it works
has forum at http://www.wildersecurity.com


Scrip Trap from Robin Keir
http://www:keir.net

I like this one!…it intercepts potentially harmful programs.
It will link to your antivirus program
There is a helpfile that explains how it works…


WinPatrol from BillPStudios
http://www.winpatrol.com

This gives realtime protection
Good cookie control
Good control tools for startup and active tasks
AND I LOVE the social engineering…the little dog will make kids aware of threats
(for those who are interested, I define “kid” as less than 11 years old)

AnalogX Script Defender

OKAY…I am not sure which side of the fence AnalogX live on, but this stuff seems to work….It allows experienced users to change the code. Try http://www.analogx.com


I will leave you now…should I proceed with this?………………….it is not a tutorial….just the start of a thread?

Be safe, stay safe

johnno