Personal PC Security
Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Personal PC Security

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    11

    Personal PC Security

    AO: I was hoping to get an idea of the kind of measures must of you guys take for the security of your own comps: AV, firewalls, etc. what are your favoured combos
    http://www.yazakpro.com/avatar/meatwad.gif [shadow][gloworange]\"The Bun is in your mind.\"[/gloworange][/shadow]

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I think the best security for home machines is a router

    free av
    free antispyware
    free firewall
    OS and browser critical updates
    good browsing and email habits
    limited accounts


    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Banned
    Join Date
    Apr 2003
    Posts
    1,146
    I use StarOffice as a productivity suite on the laptop. Oddly enough, that is a security choice I made, as well as an economic one.

    I use AVG (free) for anti-virus, Kerio Personal Firewall (not free but cheap and effective), a firewall on the wireless router, typical wireless router security configurations (no broadcast of SSID, WPA2-PSK, MAC-based access, limited IP's available via DHCP, two freebie spyware products (SpyBot and MS Windows Defender) update AV and spyware tools daily, update OS as soon as updates available, avoid clicking promiscuously while web browsing.

    Don't accept just any old certificate offered by supposedly secure web sites. Check them out and make sure the certificate is from the organization or corporation claimed. As soon as you accept a certificate, you tell your system to trust that site and that certificate issuer. Potential first step in getting your identity stolen.

    For the accounts and OS, no LANMAN password hashing at all (Windows and SAMBA), and use only NTLM-V2 where you have a choice. Then, use big, complex passwords or pass-phrases. It takes about 2 seconds to break a LANMAN password hash (either from a file or sniffed from the network), no matter how complex you think you made it. NTLM password hashes can be broken in a reasonable amount of time if it isn't long or complex enough. V2 is a better choice and should be set at the default if available.

    User accounts should be limited accounts (local admin or root should only be used in a run-as or sudo mod when necessary). Lock down the BIOS if you have other people (family, friends, roommates) using the system. Physical access defeats all OS and account security, so disable booting from the floppy, USB or CD and put a supervisor password on the BIOS that only you will know.

    However, I just finished the SANS 504 hacking class. I'm still shaking in my boots about how ineffective are some of the supposedly solid security practices we have promoted on this site. In some cases, we are deluded. But, the above is still good when you apply things in a defense in depth and use multiple tools and methods for protection.

  4. #4
    Senior Member JonnyFrond's Avatar
    Join Date
    Jan 2006
    Posts
    238
    Check out Firefox as a Browser

    And Spybot and Ad-aware seem to be the peoples choice as to dealing with malware.

    CCleaner Is good for dealing with cookies and temp files in one fell swoop.

    Anti virus seems a bit more of a personal choice, but there are loads of threads here about that look here

    have that for starters

    Joggly Flumps
    Sarcasm is a way of life

  5. #5
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Posts
    487
    Network Perimeter:
    * Hardware firewall

    Windows XP box:
    * Free AV (AVG by Grisoft)
    * Registry protector (WinPatrol)
    * Host Intrusion Prevention System (Prevx)
    * Antispyware tools (Microsoft's AntiSpyware, Spybot S&D, SpywareBlaster)
    * Run most of time as regular non-admin user
    * Run IE in low-priv user mode (use DropMyRights tool by MS)
    * Run Mozilla with JAVA and Javascript turned off
    * Run Mozilla in low-priv user mode (use DropMyRights tool by MS)
    * Periodic scans for rootkits (use Blacklight by F-Secure and RootkitRevealer by SysInternals)

    DropMyRights tool located here:
    http://msdn.microsoft.com/library/de...re11152004.asp

    Yeah, a bit paranoid...and somwhat overkill in some areas...I know...but it works for me! (knocks on wood)

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    i use a hardware firewall (watchguard X-15), i need it for the vpn client otherwise i agree with MLF, a router is excellant protection. symantec enterprise and spybot s&d on my windows boxen and nothing on linux except tripwire. firefox on both OS's
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    It really helps to be behind a router or a 'hardware' firewall.

    I seldom use Internet Explorer except to run online antivirus scans. Being very conscientious of viruses and spyware, I haven't suffered a virus in years, so I simply don't use antivirus software. It's too much overhead on these old laptops I prefer. I prefer online scans and specific removal tools for viruses such as Norton distributes. I've found the online scans to be more comprehensive than antivirus clients anyway. For spyware, I use Spybot and Ad-Aware if need be.

    I also prefer webmail systems for my email so if a virus comes in that way, it stays up on the webserver instead of making its way down to my computer. I don't count on email for any kind of secure communication (I had email stolen before when my brother worked in Washington!).

    I do a lot of mobile computing, so I sometimes use a vpn like ipig. That gives you an encrypted tunnel on unsecured wireless networks. I'm also fond of Hamachi, another vpn, which gives me secure peer-to-peer networking across the 'net.

    Part of my philosophy about computer security is to make yourself as small a target as possible. Learn to use linux, particularly the live cds. On this computer, I run Windows 2000, Ubuntu (linux) and a series of linux live cds, so I can give a 'hacker' any number of looks from the same machine. Your data's the most important thing on a pc, so not only know where it is, but learn to secure it, whether it's physically or virtually (encryption).

    Which leads to my last point: computers are junk. Out and out junk. Be prepared to walk away from whatever you're using.

    Just my two bits...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  8. #8
    Banned
    Join Date
    Dec 2003
    Posts
    26
    I go about my day to day on a limited user account.

    I use IE because im an unhip loser who refuses to fit in with firefox users.

    I don't have any antiviral software installed and I really don't understand why people have a multitude of these programs running at once. If one detects something the other did not then it should be pretty clear that these programs are a total failure all in all. Instead I mainly rely on an integrity based detection and ethereal.

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I don't have any antiviral software installed and I really don't understand why people have a multitude of these programs running at once. If one detects something the other did not then it should be pretty clear that these programs are a total failure all in all.
    AMEN!
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Pretty much what everyone has allready stated, but I would add "Practise Safe Hex"....
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •