-
August 3rd, 2003, 03:56 PM
#1
defensive strategies
Hi folks, I have only been a subscriber for a short time, but I thought I ought to try to make some kind of contribution. I have been studying malware and security for a number of years now, mainly on a “needs to know basis”. A reactive as opposed to proactive approach, I suppose.
I would like to open this thread for all us newbies, with the hope that all will contribute. I have come across a number of excellent recommendations for security software/tools on this site, and have tried various ones myself, over the years. I think that we could usefully exchange knowledge and experience in this area? The problem with he solutions one reads is that they tend to relate to a particular problem, rather than good security measures in general?
I will try to keep this short, as I feel that too much information at once tends to swamp people (it also makez mi brane ‘urt)
So:
Let’s make a start with what “malware” tries to do:
1. Amend the Windows Registry……………..I guess that at least 95% of it tries to do that?
2. Propagate via e-mail…………….got to be 80% plus?
3. Access address books…………….maybe 70%?
There are a number of other attributes, and I may have two or three follow-up posts “on the stocks”, to deal with these (If I don’t get banned or something)……………What I am hoping to create here is a thread for us to exchange info. And experiences ………………I would hope that it lasts for a week or two.
FIRSTLY:
A. You MUST have a modern antivirus software program running. It must scan ALL programs and scan heuristically (try to anticipate malware activity). You MUST keep it up to date…a lot of the new ones will do this automatically.
B. You MUST have a personal firewall, if you are accessing the Internet. Keep this up to date, as in A. above.
These are what I call “level one” defences.
OKAY…this is for single machines only………..network stuff must come later.
SECONDLY:
Let us address the three malware activities I have introduced so far……………..
The Windows Registry………I recommend using Registry Protector from diamondcs.au I believe the program is regprot.exe, and I for one, would not be without it. You are warned if a Registry amendment is about to be made, and given the opportunity to accept or reject. It can be a pain if you load a new application, but, if it needs more than 6 registry entries it is probably no good anyway….
If you have not loaded new software and this kicks in…you may have a problem…just say “no” and see if what you wanted to happen works. If it doesn’t…just try again and say “yes” at the prompt….and on your own head be it!!!!
Propagate via e-mail……….OKAY…you have an infected box….do you want to pass it on?
Try “Mail Control” by Yavin Kaplan (http:www.internals.com)
This app. Prevents unauthorised sending of e-mail on your behalf (currently SMTP only).
It also permits you to set rules to allow/deny sending, but use this wisely, as you may negate its functionality.
VBS Script Executor…………………http://www.astonsoft.com
A new player in the security market from Estonia (a fellow EC country)…look to have some nice stuff and much more on the boil..so to speak
Seems to monitor WSH/VM for malicious VBS and JAVA scripts.
It also monitors for attempts to modify autostart AND ATTEMPTS TO OPEN ADDRESS BOOKS (nice touch!)
HERE ARE A FEW MORE:
SpywareGuard from javacool
http://www.wildersecurity.com/spywareguard.html
features live update
helpfile explains how it works
has forum at http://www.wildersecurity.com
Scrip Trap from Robin Keir
http://www:keir.net
I like this one!…it intercepts potentially harmful programs.
It will link to your antivirus program
There is a helpfile that explains how it works…
WinPatrol from BillPStudios
http://www.winpatrol.com
This gives realtime protection
Good cookie control
Good control tools for startup and active tasks
AND I LOVE the social engineering…the little dog will make kids aware of threats
(for those who are interested, I define “kid” as less than 11 years old)
AnalogX Script Defender
OKAY…I am not sure which side of the fence AnalogX live on, but this stuff seems to work….It allows experienced users to change the code. Try http://www.analogx.com
I will leave you now…should I proceed with this?………………….it is not a tutorial….just the start of a thread?
Be safe, stay safe
johnno
-
August 3rd, 2003, 04:20 PM
#2
Hey, great info for sure. Another thing that people might want to do is get some anti-trojan type software as well. Ad-aware by lavasoft is one of the leading programs that does this. I've been using it for a while, and never been let down. Also, spy bot is another good one. Both of these do registry scanning, and if updates are performed, can be a great tool for defense.
One tip that I could offer is to make copies of the registry on a weekly basis, just in case you're totally screwed, it could save your ass. I do this on all the servers that I take care of, and has helped more than once! It's easy to script. All leading backup programs can backup the system state, including native tools such as ntbackup.
Justa thought.
Great post.
----------------------------------------------------------------
\"First you get the sugar, then you get the power, then you get the women\"
----------------------------------------------------------------
-
August 3rd, 2003, 06:45 PM
#3
*Copied to Tutorials*
Some nice info
-
August 3rd, 2003, 08:24 PM
#4
I've found p2p worms to be more common then anything else so I would also suggest renameing (Or atleast highly monitoring and auditing) FTP shares such as:
C:\program files\bearshare\shared\
C:\program files\eDonkey2000\incoming\
C:\program files\kazaa\my shared folder\
C:\Program Files\Morpeus\My SharedFolder\
C:\program files\kazaa lite\my shared folder\
C:\My Downloads\
C:\Program Files\Grokster\My Grokster\
C:\Program Files\KMD\My Shared Folder\
C:\Program Files\ICQ\Shared Files\
C:\Program Files\limewire\shared\
C:\Program Files\winmx\shared\
C:\My shared folder\
...ummm or you could just completely get rid of all p2p shares and other file shareing stuff. As a matter of fact you might as well get rid of all file shareing clients too cause theres no need in mindlessly downloading crap.
-
August 4th, 2003, 04:07 AM
#5
Thanks for the information this will come in handy one day
-
December 24th, 2003, 01:04 AM
#6
Again, I know it's flashing !!!
Just realised the home page layout changes when you enter a thread !! So, for most of you , there will be the urge to teach me a lesson ?? However, please remeber that you were a Noob once, and I am doing my research on security and countermeasures.
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|