Personal PC Security

Printable View

March 13th, 2006, 08:44 PM
Anglachel17

Personal PC Security

AO: I was hoping to get an idea of the kind of measures must of you guys take for the security of your own comps: AV, firewalls, etc. what are your favoured combos
March 13th, 2006, 08:48 PM
morganlefay

I think the best security for home machines is a router

free av
free antispyware
free firewall
OS and browser critical updates
good browsing and email habits
limited accounts

MLF
March 13th, 2006, 09:56 PM
rapier57

I use StarOffice as a productivity suite on the laptop. Oddly enough, that is a security choice I made, as well as an economic one.

I use AVG (free) for anti-virus, Kerio Personal Firewall (not free but cheap and effective), a firewall on the wireless router, typical wireless router security configurations (no broadcast of SSID, WPA2-PSK, MAC-based access, limited IP's available via DHCP, two freebie spyware products (SpyBot and MS Windows Defender) update AV and spyware tools daily, update OS as soon as updates available, avoid clicking promiscuously while web browsing.

Don't accept just any old certificate offered by supposedly secure web sites. Check them out and make sure the certificate is from the organization or corporation claimed. As soon as you accept a certificate, you tell your system to trust that site and that certificate issuer. Potential first step in getting your identity stolen.

For the accounts and OS, no LANMAN password hashing at all (Windows and SAMBA), and use only NTLM-V2 where you have a choice. Then, use big, complex passwords or pass-phrases. It takes about 2 seconds to break a LANMAN password hash (either from a file or sniffed from the network), no matter how complex you think you made it. NTLM password hashes can be broken in a reasonable amount of time if it isn't long or complex enough. V2 is a better choice and should be set at the default if available.

User accounts should be limited accounts (local admin or root should only be used in a run-as or sudo mod when necessary). Lock down the BIOS if you have other people (family, friends, roommates) using the system. Physical access defeats all OS and account security, so disable booting from the floppy, USB or CD and put a supervisor password on the BIOS that only you will know.

However, I just finished the SANS 504 hacking class. I'm still shaking in my boots about how ineffective are some of the supposedly solid security practices we have promoted on this site. In some cases, we are deluded. But, the above is still good when you apply things in a defense in depth and use multiple tools and methods for protection.
March 13th, 2006, 10:13 PM
JonnyFrond

Check out Firefox as a Browser

And Spybot and Ad-aware seem to be the peoples choice as to dealing with malware.

CCleaner Is good for dealing with cookies and temp files in one fell swoop.

Anti virus seems a bit more of a personal choice, but there are loads of threads here about that look here

have that for starters

Joggly Flumps
:ubergun:
March 14th, 2006, 04:54 AM
ric-o

Network Perimeter:
* Hardware firewall

Windows XP box:
* Free AV (AVG by Grisoft)
* Registry protector (WinPatrol)
* Host Intrusion Prevention System (Prevx)
* Antispyware tools (Microsoft's AntiSpyware, Spybot S&D, SpywareBlaster)
* Run most of time as regular non-admin user
* Run IE in low-priv user mode (use DropMyRights tool by MS)
* Run Mozilla with JAVA and Javascript turned off
* Run Mozilla in low-priv user mode (use DropMyRights tool by MS)
* Periodic scans for rootkits (use Blacklight by F-Secure and RootkitRevealer by SysInternals)

DropMyRights tool located here:
http://msdn.microsoft.com/library/de...re11152004.asp

Yeah, a bit paranoid...and somwhat overkill in some areas...I know...but it works for me! (knocks on wood)
March 14th, 2006, 06:14 AM
Tedob1

i use a hardware firewall (watchguard X-15), i need it for the vpn client otherwise i agree with MLF, a router is excellant protection. symantec enterprise and spybot s&d on my windows boxen and nothing on linux except tripwire. firefox on both OS's
March 14th, 2006, 10:12 AM
brokencrow

It really helps to be behind a router or a 'hardware' firewall.

I seldom use Internet Explorer except to run online antivirus scans. Being very conscientious of viruses and spyware, I haven't suffered a virus in years, so I simply don't use antivirus software. It's too much overhead on these old laptops I prefer. I prefer online scans and specific removal tools for viruses such as Norton distributes. I've found the online scans to be more comprehensive than antivirus clients anyway. For spyware, I use Spybot and Ad-Aware if need be.

I also prefer webmail systems for my email so if a virus comes in that way, it stays up on the webserver instead of making its way down to my computer. I don't count on email for any kind of secure communication (I had email stolen before when my brother worked in Washington!).

I do a lot of mobile computing, so I sometimes use a vpn like ipig. That gives you an encrypted tunnel on unsecured wireless networks. I'm also fond of Hamachi, another vpn, which gives me secure peer-to-peer networking across the 'net.

Part of my philosophy about computer security is to make yourself as small a target as possible. Learn to use linux, particularly the live cds. On this computer, I run Windows 2000, Ubuntu (linux) and a series of linux live cds, so I can give a 'hacker' any number of looks from the same machine. Your data's the most important thing on a pc, so not only know where it is, but learn to secure it, whether it's physically or virtually (encryption).

Which leads to my last point: computers are junk. Out and out junk. Be prepared to walk away from whatever you're using.

Just my two bits...
March 14th, 2006, 10:50 AM
TheCreator

I go about my day to day on a limited user account.

I use IE because im an unhip loser who refuses to fit in with firefox users.

I don't have any antiviral software installed and I really don't understand why people have a multitude of these programs running at once. If one detects something the other did not then it should be pretty clear that these programs are a total failure all in all. Instead I mainly rely on an integrity based detection and ethereal.
March 14th, 2006, 11:05 AM
brokencrow

Quote:

I don't have any antiviral software installed and I really don't understand why people have a multitude of these programs running at once. If one detects something the other did not then it should be pretty clear that these programs are a total failure all in all.

AMEN!
March 14th, 2006, 02:43 PM
dalek

Pretty much what everyone has allready stated, but I would add "Practise Safe Hex".... ;)
March 17th, 2006, 07:39 AM
Digoy

A/V + Firewall=Norton Internet Security
Spyware= Spysweeper+ Spyware Blaster
NIS and SS are about $25 each on newegg and SPyware Blaster is free. Great security set up if you ask me. I would never risk my computer's integrity with a freeware-only solution.
March 17th, 2006, 07:58 AM
Spyder32

Digoy: Why would it be a risk? There are quiiite a few good freeware security applications out there, some of them I'd take over buying a product. Just because they are free doesn't mean that it presents a "risk" of sorts to your system, no?

By the way, I agree with you somewhat (just so you know). I have used purchased software for my system aswell as downloaded software. I'm just pointing out that it doesn't nessacarily put your computer "at risk".
March 17th, 2006, 08:51 AM
nihil

Spyder32 I believe that you are right. When you select a product you look at what it does not what it costs

In quite a few cases you find that the only difference between the pay for and free versions is that the pay for one supports networking and remote administration, and has full product support.

You also need to look at the business model of the supplier. It is very different selling bulk licences to outfits with hundreds if not thousands of seats, and trying to sell low cost software to thousands of individuals.

It is also much cheaper to support corporate customers as they will have resident IT staff who will filter out a lot of the simple problems.

:)
March 17th, 2006, 09:12 AM
Spyder32

Correct, I believe that full product support and perhaps the ability for instant patches/updates/etc being present are a few of the benefits of it, but regardless.. what should be looked at is what does the application do and how well does it perform? Because cost or no cost, if it doesn't suit my needs (being the end user) then I simply won't buy it or download it.. it's that simple.
March 17th, 2006, 06:53 PM
rcgreen

Strict browser settings will eliminate most of the
problems you will encounter. This is more important
than a firewall, since you will invariably allow your browser
to go through the firewall to access the net.

http://www.jfitz.com/tips/ie_security_config.html
:cool:
March 17th, 2006, 07:19 PM
morganlefay

Quote:

I would never risk my computer's integrity with a freeware-only solution.

I dont understand this statement....what is there to risk???

I have recently worked on a home pc brought to me with Norton Security Suite on it.....which became infected with something....because improper configuration and user ignorance.............stopped getting its updates...in sept. :rolleyes:

The machine was full of malware.....

So you are saying...if I use free solutions...I am at risk???

Maybe I know how to USE CONFIGURE and MONITOR the software...free or not :cool:

MLF
March 17th, 2006, 07:19 PM
mmkhan

well everyone has forgotten to apply security patches to there system ;)
March 17th, 2006, 07:37 PM
morganlefay

Quote:

well everyone has forgotten to apply security patches to there system

You know some people just dont know.....or care that much about it
As long as they get thier email...and can surf the net....who needs updates.

Only when the machine starts to slow down...or gets umteen pop ups ....do they then try and do something about it.

End user education is the key here.

My kids know more about computers, updates, surfing habits, email\spam, history, cookies and temp files....them most adults

Thats cause they have a very smart mommy :p

MLF
March 17th, 2006, 07:45 PM
brokencrow

Quote:

As long as they get thier email...and can surf the net....who needs updates.

Funny you mention that. My landlord's a real estate appraiser who used to argue he didn't need to do updates because he was on a dialup connection and was somehow immune. One day, it all came tumbling down.

Free stuff? Free stuff is great and makes me very secure. Let me count the ways:

Spybot
Ad-Aware
HijackThis
Ccleaner
IP Cop
Smoothwall
iPIG
Hamachi
Ubuntu
Panda's online scan
Mozilla, too

Can't hardly get away from the free stuff. There's dozens more, don't have the time...
March 17th, 2006, 09:18 PM
Zaldy

Re: Personal PC Security

Quote:

Originally posted here by Anglachel17
AO: I was hoping to get an idea of the kind of measures must of you guys take for the security of your own comps: AV, firewalls, etc. what are your favoured combos

Aloha

this is what I use:
brains

Mozilla Firefox 1.5

Antivir Personal Edition v7 (Beta, but works very well)

D-Link DI-524 wireless router
* NAT turned on
* SPI turned on
* 192-bit WPA (AES) encryption
* MAC address filtering

+ Windows firewall (because it doesn't use much resources anyway)

Hijackthis from time to time
March 17th, 2006, 09:36 PM
morganlefay

Quote:

this is what I use: Brains

:rofl:

....Its amazing how many people dont have any...or use them......

Although some may say I have become jaded in my old age :mad:

Attached is one of my favorites.....
March 18th, 2006, 05:01 AM
Synja

Well... I have a router... but I really only use it for port forwarding and logging. And of course occasionally blocking a port so I can test a service without the entire world being able to see it.

Other than that, the machines are individually locked down. My XP box has almost no services running and administers all the other machines through SSH. I have also configured extremely strict local policies. I have no firewall, and about once a month at this point use an online AV scanner.

My www/file/IRC server is a SuSE 9.2 machine, same basic security precautions, actually somewhat stricter in some ways due to the services running. This is where users/groups are used the most.

My soon to be mailserver/undecided is a netBSD machine... locked down insanely tight since there is technically no need for actual users.... And I don't really like BSD, so I don't really have any temptation to play with it.

And... I know there's another computer somewhere, I just can't think of it.

Oh yeah... there's a Mac. The security precautions on it are the hostname "*******" and the fact that it's a old ass power mac that can't even run Netscape well. I mean... if there's any machine that you don't really want to see inside, it'll be that one.
March 18th, 2006, 05:33 AM
Digoy

Hi Spyder

Quote:

Why would it be a risk? There are quiiite a few good freeware security applications out there, some of them I'd take over buying a product. Just because they are free doesn't mean that it presents a "risk" of sorts to your system, no?

I didn't mean that installing the freeware itself would be a risk, I do use it in addition to my regular software like I said. I meant that I've seen too many free solutions fail and not protect the user. Norton and Spy Sweeper are updated 1-2 times per week, for example, and most freeeware solutions are updated far less frequently and have much smaller libraries.
I use what works for me. I've never had a single problem using the software that I pay for and I know that I am fully protected. I didn't think some folks would get so hot about it, but whatever.
March 18th, 2006, 05:39 AM
Synja

Just remember... real security comes from the OS and its configuration, not from 3rd party software.

The fat that your AV catches a virus is a bad sign. Most people don't realize that in order for it to be found, it had tog et in. You need to prevent it from getting in.
March 18th, 2006, 06:07 AM
Spyder32

Quote:

I didn't mean that installing the freeware itself would be a risk, I do use it in addition to my regular software like I said. I meant that I've seen too many free solutions fail and not protect the user.

No doubt, they aren't the best at protecting the end-user.

Quote:

most freeeware solutions are updated far less frequently and have much smaller libraries.

Honestly though, you can't possibly expect them to be.. unless the coding for the application is damn near genius.

Quote:

I didn't think some folks would get so hot about it, but whatever.

Relax man, no one is getting hot over it mate.. merely offering a difference of opinion, that's all. :)

Synja: You are correct. In the end, real security comes from the user operating the machine, not the tools he owns. You're also correct in saying that if an A/V catches a virus then that's typically not a good sign. I, personally have stopped about 98% of the viruses coming my way via e-mail messages, downloads, etc just by using common sense and being smart.
March 18th, 2006, 08:32 AM
nihil

Quote:

Norton and Spy Sweeper are updated 1-2 times per week, for example, and most freeeware solutions are updated far less frequently and have much smaller libraries.

I have Avast! and AVG.....................both are updated at least daily. You must realise that AV etc is retrospective so if your machine is already infected, you probably won't detect that until you run a scan with the updated signatures/patterns.

The size of the virus library is BS, pure BS and nothing less. I really don't give a monkey's whether some virus from 1980 is detected...............it won't run in my environment anyway and hasn't been seen for twenty years :rolleyes:

The other point is that some AV companies detect generically whilst others will rename on every typo and punctuation error.

:)