|
~The Internet Survival Guide For Windows~
By Carnuss E-Mail:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
10 Ways to ENFORCE SECURITY & PRIVACY when using your Window$ b0x, for FREE! (I DON'T CARE IF YOU SHARE THIS GUIDE WITH PEOPLE, AS LONG AS YOU DON'T BE A NOOB AND CHANGE THE AUTHOR'S NAME OR EDIT THE CONTENT IN THE GUIDE!!!) ~~~~~~~~~~~~~CONTENTS~~~~~~~~~~~~~~~~~~~
1)Install A Firewall
2)Install An Anti-Virus
3)P2P Tips
4)Install Anti-Spyware
5)Install Rootkit Detection-&-Removal
6)Install Updates
7)Strong Passwords
8)Use Encryption
9)Clean (Internet) History
10)Proxies
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This guide supports FREEWARE! - FIREWALLS Firewalls are designed to monitor incoming and outgoing traffic on your computer.
This gives you control over which applications are allowed to access the internet.
When an application wishes to connect to the internet your firewall will prompt you.
Lets say for example you want to play an online game, when you open the file the firewall will prompt you, and because you know it is your game that wants to connect to the internet, it's ok, so you give that file permission.
But lets say you open a (self-extracting) winzip file and it attempts to connect the internet, this makes the file suspicious and it is probably a good idea to not give the file permission to access the internet incase it is a trojan/downloader or something.
When a hacker scans a computer for open ports, firewalls will stealth the ports saying that they are closed.
This gives the hacker less information to work with, i.e they won't know which internet services you are running.
Which you don't want them to know because one way a hacker can gain access to your computer is by exploiting these services.
Firewalls will also block malicious packets that are sent to your computer, which may slow your internet connection down, crash your computer, or give sensitive system information (like what operating system you are using).
You can download one of the following FREEware firewalls (After: you install your firewall, visit www.grc.com and use ShieldsUp to test the security of your firewall, note, you don't have to install anything).
www.sunbelt-software.com - "Kerio"
www.zonelabs.com - "Zone Alarm"
www.r-firewall.com - "R-Firewall"
www.primedius.com/PersonalFirewall.htm - "Primedius Firewall Lite"
www.omniquad.com - "Firewall"
www.sensiveguard.com - "Sensitive Guard"
(Windows security center comes with a built-in firewall, download a good one, and turn the windows firewall off or use it as a secondary firewall) - ANTI-VIRUS (AV) Lets assume that every file you download off the internet could potentially be infected with a virus/worm/trojan.
No one wants rogue programs that go around deleting files and slow your computer down, not to mention programs that will hand-over total control of your computer to some random person at the opposite side of the world.
Anti-Virus scanners get rid of these problems by scanning your harddisk(s) for infected files.
They only detect known viruses, so it is not 100% that they will detect new virus variants.
You can download FREEware anti-virus scanners at one of the follow websites (It doesn't harm to download two or three AVs):
www.free-av.com - "AntiVir" (Recommended)
www.clamwin.com - "Clam"
www.avast.com - "Avast"
www.grisoft.com - "Anti-Virus Guard"
www.vcatch.com - "VCatch"
Once installed you should enable automatic updates on your anti-virus so that your anti-virus database is kept up-to-date with the latest virus definitions.
You should always scan a file you downloaded from the internet or an attachment in an email for viruses before you open them. - PEER-2-PEER TIPS When you are searching for songs make sure you are searching under the audio (.mp3) category.
Its simple, search for a movie, in the movies (.mpg) option.
You need to be aware of file formats so that you don't download .exe/.bat/.vbs files.
You will sometimes want to download programs which are '.exe's just make sure you virus scan the program first (Scan once with your installed AV and once with www.kaspersky.com/scanforvirus).
(You could also use online virus scanners to be that extra bit secure, because some virus scanners are better at detecting and cleaning certain viruses than others.)
www.kazaa.com - "Kazaa" - P2P FREEware with builtin Anti-Virus! - ANTI-SPYWARE Spyware isn't as dangerous a virus (which can reformat your disks, or overwrite your bootsectors) or a hacker (which can gain total control over your computer and use it as a 'zombie' to launch attacks from) (and both can steal your credit card details).
(Which is why you NEED a Firewall and one or two Anti-Viruses!).
Spyware can come with software you buy in a shop, software you download off the internet.
Spyware unlike viruses doesn't come with infected software, it somes with the software (the people who make the software add the spyware).
Cookies can also be used as spyware (your web browser downloads cookies when it visits a website).
(You may wish to change your browser to a more secure one, i.e. "Firefox" - www.firefox.com - which is FREE)
Spyware can be used to track your internet activities, like which websites you visit, etc.
They can also generate pop-up advertisements.
Spyware isn't malicious but I would consider it an invasion of privacy, they track where you browse so that they can tailor their advertisements.
Do you want your browsing history to stay private, then you need anti-spyware!
Here is a list of vendors that offer FREE spyware protection (I recommend installing SpywareBlaster AND Ad-Aware):
www.javacoolsoftware.com - "SpywareBlaster" (SpywareBlaster prevents spyware and spyware cookies from ever being installed)
www.lavasoft.com - "Ad-Aware Personal" (AdAware scans your computer and removes spyware)
www.safer-networking.org - "Spybot Search & Destroy"
www.trendmicro.com - "Damage Cleanup Engine"
www.arovaxantispyware.com - "Arovax"
You can also visit www.spywareguide.com/onlinescan.php to scan for spyware without installing anything (I recommend installing anti-spyware protection) - ROOTKIT DETECTION-&-REMOVAL Rootkit detection-&-removal software is commonly overlooked among internet users.
Why!?... Because the risk of having a rootkit on your PC is low?
That may be true.
But you could have a rootkit installed on your computer right now without you knowing it. (Even if you have a firewall, anti-virus, and anti-spyware)
(Skiddy) Viruses may have tell-tale signs like slowing your computer down, messaging an error, deleting files, etc.
(Skiddy) Hackers may leave a mass of entries into your logs, trojan you (and do random shit like open your disk tray and turn your monitor off, etc.)
Spyware bombards you with advertisements.
Rootkits..... Well rootkits modify your software so that it can't be detected.
They usually modify/hook the Kernel, the main Windows file (So that they can edit Windows' commands to advantage itself)
Virtually making it invisible, it's as if it isn't even on your system.
Besides the small fact that who-ever installed it onto your computer can gain access to your computer anytime your on it.
(Most likely using your PC as a wingate/shell, so that if their hacking is traced, it is traced back to your IP!)
Advanced viruses/spyware can use them so that anti-viruses/anti-spyware can't detect them.
Better safe than sorry, eh.
FREE, FREE, FREE, Anti-rootkits:
blog.tech-security.com/?p=16 - "IceSword" (Highly Recommended)
www.sysinternals.com - "RootkitRevealer"
www.resplendence.com - "Rootkit Hook Analyzer"
www.greatis.com/unhackme/ - "UnHackMe" - UPDATES When a new vulnerability comes out for Windows or some other piece of software.
Hackers and virus/worm programmers are sitting close by monitoring www.securityfocus.com or some other vulnerability/exploit oriented website.
This is so that they can get the most out of vulnerabilities before the majority of people start patching/updating their software to fix the bug(s).
This is the reason why you should have auto-update turned on windows, your web-browser, firewall, anti-virus, anti-spyware, etc.
If the application(s) doesn't have an auto-update feature you need to make sure that the first thing you do when you go on your computer is to check for updates, make a habit of it, keep security tight.
(Viruses, etc, may turn your auto-updates off, so it doesn't hurt to regularly check for updates)
When was the last time you visited "windowsupdate.microsoft.com"? - STRONG PASSWORDS Passwords should be at least 8 characters long, 14 or more is ideal.
Your password should be easy remembered, and instead of one or two words together, use sentences as a password. (If you password has to be short use the beginning letter of each word in the sentence)
The more variety you have of each of the following will make your password STRONGER: lower case letters (abc), upper case letters (ABC), numbers (123), SHIFT+numbers (!"£), punctuation (,./), SHIFT+punctuation (<>?), spaces ( ), ASCII letters ( \/ () |\| ) = ( V O N )
I'll come up with a STRONG password and show you how I went through the process of making it:
+ First is a sentence WITH punctuation: Lamborghini, dream cars!
+ Second, make the password case sensitive: lAmBoRgHiNi, DrEaM cArS!
+ Third, take out the spaces: lAmBoRgHiNi,DrEaMcArS!
+ Fourth, add a space after a certain number of characters: lAmBoRgH iNi,DrEa McArS!
+ Fifth, change some letters to numbers and symbols: |_4mB()RgH 1Ni,Dr3@ Mc4r$!
TIP: When typing your password, enter the sentence (with punctuation) with no spaces and alternating cases. Then add your spaces systematically. Then change your letters accordingly, e.g in mine they are |_4()13@4$ (LAOIEAAS).
Here's a few character subsitutes for you:
A - 4 & ^ @ /-\
B - |3 I3
C - < (
D - |) [])
E - 3 £ (-`
H - |-| ]-[ }-{
I - 1 | ][ []
K - ]{ |{
L - |_ ][_ []_
M - /\/\ (\/) ]\/[
N - |\| (\)
P - []D ][° ][*
R - |2 I2
S - 5 $
U - |_|
V - \/
W - \/\/ (/\) [/\]
X - >< )(
MOST IMPORTANTLY: There is no point in coming up with a password if you won't remember it!
ADVICE: Change your password once a month (Mix the words round, change characters, replace spaces, it doesn't have to be a new sentence) and don't use the same password for everything. (Same thing again, mix the words round, etc)
VISIT: www.microsoft.com/athome/security/privacy/password_checker.mspx To test the strength of your password, make it BEST ;)
DON'T USE PASSWORD GENERATORS... THEY'RE SHIT! - ENCRYPTION Encryption makes data unreadable to anyone who doesn't have the decryption key or password, i.e. you.
When you send someone an email you can encrypt it so that the only person who can read the email is the person with the decryption key.
So if someone has access to your friend’s inbox, the still won't be able to read the email.
Or if the email is intercepted, the person has to TRY and crack the encryption.
You can encrypt any file, i.e. your porn files, or personal files/details, hacking tools.
You don't have to encrypt files you don't want people finding out about, you can encrypt files to keep the integrity of the information.
Some encryption software offers self-decrypting archives, which means you can encrypt files and burn them onto a CD and you can decrypt the file with a password on any computer without having the program to decrypt it.
Usually you'll want to encrypt more than one file on your harddisk.
A good encryption tool will feature a virtual disk encryption.
This allows you virtually mount another drive, which you can use to store software/data which you wish to remain private, and keeping the integrity of your information.
When you delete a file on your computer, it doesn't get erased, the file can still be retrieved with special software.
When you ‘shred’ a file it gets encrypted multiple times then gets deleted, leaving it pretty much erased.
You can also shred the empty space on your harddisks, which encrypts all your previous deleted data.
FREE encryption tools for windows (Check all of them to see which one suits your needs - They all vary):
www.truecrypt.org - "True Crypt" (Uses steganography! - Hide encrypted files within encrypted/audio/image files)
steghide.sourceforge.net - "Steghide" (Uses steganography and anti steganalysis techniques)
www.snapfiles.com/get/stools.html - "S-Tools" (Uses steganography and options of strong ecryption algorithms)
www.winencrypt.com - "WinEncrypt" (Create encrypted virtual drives)
www.pgp.com - "Pretty Good Privacy" (You can search google for old freeware versions of PGP)
locknote.steganos.com - "LockNote" (More for encrypting private information stored on your computer, like passwords, account information, bank information, etc)
www.jetico.com - "BCArchive" and/or "BCWipe" (BCArchive is for encrypting files, BCWipe is for 'shredding' files) - CLEAN (INTERNET) HISTORY Anyone who has access to your computer can find out the websites you have visited and which pages you have been on, and at what time.
They can also access your cache to see which files you most recently used.
Cookies (Cookies store user-specific information so that you don't need to enter the information again when you visit the websites) can be stolen so that the person can visit websites with your personal details.
If you use your browser to erase your browsing history, it can still sometimes leave the URLs you have typed for use of 'autocomplete'. (So when you start typing a website it guesses what you are trying to type to save you time)
This means that when someone is typing in a website URL a previously visited website URL could be viewed.
I didn't mention this is the password section because it that section was on coming up with easy to remember strong passwords, anyway I didn't mention that you shouldn't use the option of your browser or windows storing your password so that you don't need to type it in when you visit a website, because it is automatically entered.
...Stored passwords can be cracked. (We REALLY don't want that happening now, do we!?)
People can also go into your Windows Temp folder to get access to downloaded files.
Internet history cleaners can wipe all these liabilities.
Even though these tools are mainly used for 'cleaning' the things I have mentioned, it's common for these tools to also erase your recent documents, file/folder search history, open/save history, run history, etc.
FREEware for this type of software can be found at the following links:
www.internet-history-eraser.com - "Internet History Eraser"
www.freedownloadscenter.com/Network_and_Internet/Misc__Networking_Tools/Free_Internet_Eraser.html - "Free Internet Eraser 2.10"
www.freedownloadscenter.com/Authors/HistoryCleaner_com.html - "History Cleaner 1.0"
www.freedownloadscenter.com/Utilities/Misc__Utilities/Active__ERASER_Screenshot.html - "AbsoluteShield Internet Eraser Lite 2.38"
www.freedownloadscenter.com/Utilities/Misc__Utilities/Active__ERASER.html - "Active@ ERASER 4.01" (Internet History Cleaner & Shredder) - PROXIES Anytime you visit a website your Browser information, Operating System (OS), and Internet Protocol (IP) Address is sent, which can be logged.
Your IP address is your computer's unique address on the internet. (If you have broadband your IP stays the same, if you have dial-up your IP changes within a certain range every time you connect)
Most people nowadays have broadband, which leaves you at a greater risk.
The first thing a hacker will do is gain the victim's IP address, it's going to be very difficult to hack someone/you without it.
Proxies allow you to fake your IP address.
When you use a proxy anytime you connect to a website you automatically connect to the website THROUGH the proxy server (a proxy is just another computer somewhere else).
You will still be able to browse the internet as normal (except maybe a decrease in speed, but an increase in turn for anonymity).
But when you connect to a website instead of your IP address being sent, the proxy server's IP address is sent.
To use a proxy in Internet Explorer (IE), open IE, click Tools, go down to Internet Options, click the Connections tab at the top, click on LAN settings near the bottom, under the label/title 'Proxy server' check/tick 'Use a proxy server for your LAN'...
Where it says address enter in the proxy's IP address.
Where it says port enter in the proxy's port, usually 80, 8000, or 8080.
When you are searching for proxies (Make sure you search for HTTP proxies!) you will get a list of addresses with ports, e.g. 123.132.213.231:80 123.132.213.231 is the IP address, while the port is 80. (You can tell because they are seperated by ":")
Another thing is proxy websites, the difference being you don't have to change your browser settings, you visit websites through the proxy website (i.e the proxy websites IP will be sent/logged).
Except for not having to change your settings, the advantage of using a proxy website is that you can configure advanced options (e.g. turn cookies off, hide referrer, remove scripts, etc)
Free proxy server list websites:
nntime.com/realtime
www.proxy4free.com
samair.ru/proxy
www.proxyblind.org
Free proxy websites (visit websites through proxy websites):
www.proxyking.com
www.hidemyass.com I hope you liked my guide and I hope that it has made you more conscious about your security and privacy, and most of all how to go about setting up that security and how to keep your privacy private. E-Mail Address:
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it
|
