What do you need for a secure computer?
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: What do you need for a secure computer?

  1. #1
    Hoopy Frood
    Join Date
    Jun 2004

    What do you need for a secure computer?

    Hello, all. I had a somewhat noobiesh question. Right now I am running the following on my computer to keep it secure from virii, trojans, spyware, and the like:
    - AVG 7 Free Edition Antivirus
    - Kerio Personal Firewall Free Edition
    - Adaware SE
    - Spybot 1.3 w/ immunization, TeaTimer, and IE protection turned on.
    - Spyware Blaster
    - Firefox as my browser
    - No e-mail client as I use Gmail
    - Windows XP Home w/ all patches including SP2

    Now, with my current setup I get next to no spyware at all, and I haven't got a virus by accident in forever, but I'm still not satisfied. I was wondering if you could all give tips on what I could do to make my system more secure. (Preferably stuff that is free as I'm in college and on a budget.) Basically, what I'm shooting for is to have a very, very secure Windows computer and am looking to learn how to achieve this. Thanks in advance.


    P.S. Tips on how to configure certain programs are also appreciated! Post anything you'd think would help!

    P.P.S. No Windows bashing either. If you can't think of anything to say except "Wind0ze 1z t3h l4m3rz, lolz, uz3 L1nux/BSD", then please don't respond.
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    You have two different questions albeit similar. Your topic is 'What do you need for a secure computer?'... There's no definate answer for this other than to say an educated user... That's the best security... Give an idiot the most secure computer in the world and they'll find a way to infect it with spyware or a virus (BTW virii isn't a word.. this was discussed before :P).

    The other is how can you improve your setup.... I'll give you a few answers... some of which may or may not be agreed with.

    1. Disable non-essential services. Disable Messenger service.. if you don't have wireless disable the Wireless Zero service. For more information on services check out http://www.blackviper.com/WinXP/servicecfg.htm

    2. Create a standard user account and restrict the hell out of it. Use it for your day to day computer activities... Use the administrator/power user account only for installing/configuring software

    3. Be Aware of patches for software other than your OS... MS Office (if you use it) is a big one... regularly check http://office.microsoft.com for updates.

    4. Do you live in residence? If you do then I guarentee someone is watching what you do.. in some way, shape, or form... If you want this to be a big learning experience you could setup an SSH Tunnel to another computer (assuming you have a second machine at your parents home or anything like this)... You could then encrypt everything until it leaves the college.. ensuring that no one is snooping on what you do.

    5. You could setup and deploy an IDS.. It'll let you know if people are trying to access your computer.. but you can add your own signatures in most cases and set it up to watch for network viruses... You could begin to watch trends... and this knowledge will show you the most common patterns that viruses take... you could then protect against these. Hell with a little bit of VBS knowledge and a cell phone you could create a script that would notify you when certain actions occur with your computer even when you're away

    6. Avoid P2P apps... I can't stress this enough... everyone goes away to college and starts whoring bandwidth and downloading like crazy... This is the cause of half of our problems with students.. they download everything and don't pay attention.

    7. Make sure that in Explorer, under Tools --> Folder Options --> View that you
    - Uncheck Hide Protected Operating System Files
    - Uncheck Hide Extensions for known file types
    - Select the Show Hidden Files and Folders radio button

    8. Verify attachments. Even if you trust the person. We had an employee infected with mugly because he trusted the person the attachment come from... If you aren't expecting something... don't open it.. verify the authenticity with the person.

    9. If you are worried about network attacks as well as viruses and malware.. install a home router (if you can afford it)...or find an old PC and download FreeSco or some other router on a disk..( this way you don't require a hard drive)... While hiding behind a NAT device isn't the greatest means of security (it's security through obscurity in many ways) ... but it's still keeping your machine directly off the network... This will also help protect against most Network Aware malware and viruses

    10. I wanted to round this list off with an even 10 items... so last but not least ensure you keep your current defense arsenal up to date.... AVG by default (last time I checked) only updates every 14 days... I changed mine to a daily update... Also check for updates to other programs regularly.

    Anyways... that's my list... love it or leave it... it's your choice...
    Good luck with your quest.

    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Hoopy Frood
    Join Date
    Jun 2004
    Thanks for the quick reply! I'm not familiar with how to restrict a user account. Do I just go into Control Panel -> User Accounts and set the account to a Limited User or would I need to make more changes than that? Could you also recommend a good, free IDS that you know or use?

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  4. #4
    Join Date
    Apr 2004
    Thanks for the quick reply! I'm not familiar with how to restrict a user account.
    In all honesty... if this is the case then why are you here? This is one of the core problems with most home users yet probably the most under-minded topics around. Another thing I can never understand is why people would install multiple antiviral *cough hahaha... "solutions" when they beleave that none of them will pick up on the same stuff... and that is only a matter if any of them actually pick up on ANYTHING at all.

    |The|Specialist has a tripwire(-ish) like system of auditing in place.
    |The|Specialist says, the only real antiviral software is hijackthis & regprot, signatures and scanning is bullshit.
    |The|Specialist has a sniffer in place.
    |The|Specialist laughs at these jokers...
    |The|Specialist can drop and execute executable malware with the aid of ANY browser that accepts javascript.

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Most important is To know how you can use your computer to keep it more safe.
    Not just install a lot of programs without simple "min=max" knowledge about using of them.
    I mean that "Install and forget"=good, but what happens when it crash?
    // too far away outside of limit

  6. #6
    Hoopy Frood
    Join Date
    Jun 2004
    Originally posted here by TheSpecialist
    |The|Specialist has a tripwire(-ish) like system of auditing in place.
    Can I get its name? I'd rather not use Tripwire itself because I heard it was subject to vulnerabilities and all the Googling I do comes back negative, but perhaps this is just me.
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  7. #7
    Junior Member
    Join Date
    Dec 2001
    I have also had this question too. At my home system I have running:

    Win XP Pro w/ SP2 messenger sevices turned off & XP firewall turned on
    Avast HE(Updated Daily)
    Zonealarm Personal Firewall
    Ad-Aware (Updated)
    Mozilla Firefox
    No use of p2p w/ the exception of bittorrent

    My mom uses this computer specifically for checking email and playing applet games, Is this a good start to what I need for a secure home pc. Mind you restricting access is something that my mom doesnt need.
    \"Cant sleep..... clown\'ll eat me..... cant sleep...... clown\'ll eat me.\"

  8. #8
    Hoopy Frood
    Join Date
    Jun 2004
    Thanks! I'm gonna check out the A2 program, but if anyone knows any free programs that function like Tripwire (and work well) could you please post them?

    - Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  9. #9
    Join Date
    Apr 2003
    As for user accounts, use the default admin account first to create user accounts for those who will have access to the system. Make these standard user accounts. Create a sepatate admin account for yourself to help manage things, do your patching, updating AV, spyware and other tasks. Then create a really nasty password (write it down and lock it in a safe place) for the default admin account and never use it again except in emergencies. If you can, rename the default Admin account (Yes, this is security by obscurity, but it is just one more layer in a defense in depth). You can do all this from the Control Panel and the system helps you with all the details.

    As for browsers, any of the browsers will have vulnerabilities that can be exploited. All the browsers are vulnerable to certain Java exploits, as well as Downloader.Trojan. All you have to do is hit a site that has these exploits (and many of the applet game sites have them, BTW). I'm doing a lot of cleanup of late on student workstations where DL.Trojan or Java exploits have been quarrantined and the browser of record being FireFox.

    Have more than one method of checking for viruses. Your main one (AVG in this case) will do yeoman's work in keeping your system clean. But a periodic scan by another tool that you can install and run in Safe Mode with Networking would be a good double-check.

    Some of the things mentioned above may seem a bit extreme, but they are effective.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    United Kingdom: Bridlington
    The Specialist mentioned RegistryProt from DiamondCS. As a lot of malware attempts to amend the Registry, this is a useful tool to warn you when you are being attacked.

    You might also like to consider this:


    With all the script virii being emailed around these days, and virus authors
    getting more clever by the minute, it's important to do everything you can
    to ensure you aren't their next victim.

    AnalogX Script Defender intercepts all requests to execute a variety of
    different script types that are commonly used to infect your computer - Visual
    Basic Scripting (.VBS), Java Script (.JS) and Windows Scripting (.WSH) are
    the most common and can all be intercepted by SDefender. Best of all, you
    can add other scripting extensions later on when virus authors figure out how
    to exploit something else.

    Operation is *VERY* simple; just run the program, make sure you have the
    extensions listed that you want to intercept (normally the default should be
    fine), then choose 'Install Intercepts' - that's it! If you would like to
    test it to make sure everything is operating properly, I've enclosed a Visual
    Basic script that will open up a message dialog - if you've followed the above
    procedure then SDefender should pop open and ask you if you would like to
    execute the script file. If you choose to execute it, then the script should
    run normally, or you can choose to abort the execution.

    If the enclosed script (test.vbs) does not run on your system normally, this
    means you do not have Visual Basic Scripting installed on it (normally it gets
    installed with IE5). This will not impact SDefenders ability to block any
    other scripts on your system (it ONLY intercepts execution calls, nothing else),
    but you will have to install the Intercepts again once you install VBScript
    in order to have it work correctly. If you would like to install VBScript
    (part of the Windows Scripting Host), then just go into the Control Panel
    Add/Remove Programs, Windows Setup Tab, select 'Accessories' then click the
    'Details' button; scroll down to 'Windows Scripting Host' and put a check
    by it - that's it! Remember that you must do the 'Install Intercepts' again
    after it's installed to get SDefender to intercept the scripts.

    If you do decide to uninstall SDefender for some reason, make *SURE* to load
    it up and choose 'Remove Intercepts' before running the uninstaller - this is
    the only way for it to restore your system to the state it was before you
    installed it.

    Extra-special thanks to the guys over at WebAttack.com who suggested this
    program, designing the logo, and even supplied the test.vbs file - how's that
    for cool!

    For more info, and some cool music, and more free programs than any sane
    person would want, make sure to check out the website at:


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts