Basic Web Security 101

[LittleNeutrino Veteran]

I had this posted in my blog and it was suggested i post it in the guides section by +Trance.

In an attempt to prolong the inevitable I wrote up a piece on basic web security that we passed around here where I work. So I thought perhaps I would post it here.

In an ever changing world of Viruses, Trojans, Worms, and Root kits. It is always wise to just take a step back and evaluate how you are accessing the internet and our you interact with it. By changing just a few things in your routine you can prevent a few headaches in the future. Here are just a few steps you can take to help prevent a virus outbreak on your system, and even your friends systems.

These are in no particular order

* Be cautious with your E-Mail address. Just because a website asks for your E-Mail address does not mean you have to provide it. Make sure you read the privacy agreement before you provide your information. If no such agreement is provided then perhaps you should not give them your information at all.

* Use multiple Passwords. Do not use the same password to protect your E-Mail, Banking, Video poker (we will talk about this later), and polly pocket fan club. Use different passwords for different things. For instance polly pocket does not need to have a Highly secure password where as your bank password should contain Capital, Lowercase, and numbers AT LEAST.

* Avoid clicking on Ads on social network sites. Sure these ads are there to assist in giving the website money, However these are one of the leading causes for Virus infections on systems today.

* Avoid sketchy game sites, There are a lot of game sites out there such as video poker that are there simply to infect your system and gain access to banking information. Do yourself a favor and ignore them.

* Go to the search engine itself do not use a tool bar. Many tool bars simply slow down your system. And even a few (My search, Searchway, etc...) in fact carry viruses in them which are a problem from the start. If you want to search for something Just about every browser these days has a search box built right in.

* If in doubt ignore it. If you see a pop up box click out of it ignore it. If you see something on a web page that says click here to scan for viruses ignore it. These are just ploys to get you to install something that will harm your computer or cost you money. If something looks strange to you simply ignore it and keep about your business.

* Just think about it first. If you see something that you are not sure about think about it for a few minutes. If you see a Join now button. think do you really need this. If not then do not do it.

* Always keep your Anti-virus up to date, If you feel that you cannot afford an anti-virus, Think of it like car insurance, you only need it if you have an accident, there are many Free anti virus applications out there that you can download, Microsoft even offers Free anti virus that you can download directly from their website.

* Keep your system up to date. It only takes a few minutes once a month to download and install Windows updates. Keep up with them

* Scan your computer at least once a month, Personally i run mine once a week however once a month is just fine.

And one last Very important note.

Once infected Always infected, If you find that you have had a rather major infection on your system Find your resource discs and reformat your pc. Its just safer.

[+Warwagon MVC]

And one last Very important note.

Once infected Always infected, If you find that you have had a rather major infection on your system Find your resource discs and reformat your pc. Its just safer.

I love his last line. I totally Agree. Bravo!

[Elektrisk]

I apologize for bumping a 2 month old topic, but I feel there's something very important about this guide that needs to be addressed, so users reading it aren't misinformed. This line is incorrect:

Once infected Always infected, If you find that you have had a rather major infection on your system Find your resource discs and reformat your pc. Its just safer.

It's actually very incorrect. You should never instruct someone to reformat their computer unless you are absolutely certain that their infection cannot be cleared. Keeping a firewall and an antivirus, such as avast! or kaspersky, helps cure infections and keep them away. Just as well, the anti-malware program, Malwarebytes' AntiMalware, does a fantastic job at removing malicious programs, registry entries, and more. There're many places on the Internet with trained specialists that can analyze HijackThis logs. HijackThis creates a log file of registry entries, startup entries, and more. With this information, a trained specialist, as I mentioned, can help disinfect a user's system.

Advising someone to risk losing all of their data, when an infection can likely be fixed via some white hat help, is ridiculous.

[spartyjohnson]

I apologize for bumping a 2 month old topic, but I feel there's something very important about this guide that needs to be addressed, so users reading it aren't misinformed. This line is incorrect:

It's actually very incorrect. You should never instruct someone to reformat their computer unless you are absolutely certain that their infection cannot be cleared. Keeping a firewall and an antivirus, such as avast! or kaspersky, helps cure infections and keep them away. Just as well, the anti-malware program, Malwarebytes' AntiMalware, does a fantastic job at removing malicious programs, registry entries, and more. There're many places on the Internet with trained specialists that can analyze HijackThis logs. HijackThis creates a log file of registry entries, startup entries, and more. With this information, a trained specialist, as I mentioned, can help disinfect a user's system.

Advising someone to risk losing all of their data, when an infection can likely be fixed via some white hat help, is ridiculous.

I agree with the OP. Those pieces of software are good, but how are you so sure all bits of a virus or spyware are removed. How do you know for certain that the protection software is not missing some small program that could re-download a newer infection? How do you know for certain that the infection is not smart enough to disable your protection or mask itself from detection with that software?

I think that once you know you are infected the only way to ensure a 100% clean system is to re-format and re-install. Otherwise there is a chance that some rogue bits are lurking on your PC.

[Phenom II]

I apologize for bumping a 2 month old topic, but I feel there's something very important about this guide that needs to be addressed, so users reading it aren't misinformed. This line is incorrect:

It's actually very incorrect. You should never instruct someone to reformat their computer unless you are absolutely certain that their infection cannot be cleared. Keeping a firewall and an antivirus, such as avast! or kaspersky, helps cure infections and keep them away. Just as well, the anti-malware program, Malwarebytes' AntiMalware, does a fantastic job at removing malicious programs, registry entries, and more. There're many places on the Internet with trained specialists that can analyze HijackThis logs. HijackThis creates a log file of registry entries, startup entries, and more. With this information, a trained specialist, as I mentioned, can help disinfect a user's system.

Advising someone to risk losing all of their data, when an infection can likely be fixed via some white hat help, is ridiculous.

I agree, very rarely have I come across an infection I could not cure, I would say 5% of all the PC's I have repaired I have had to wipe, the rest, with the above mentioned tools have done the job very well

[Elektrisk]

Those pieces of software are good, but how are you so sure all bits of a virus or spyware are removed.

Specialists use logs like DDS by sUbs, ComboFix logs, and more tools to create detailed logs of a person's system. If the infection is present, they are going to find it.

How do you know for certain that the protection software is not missing some small program that could re-download a newer infection?

A good firewall, such as COMODO or Online Armor, will nag your head off before it allows a program to connect to the Internet, or access another program. I have used Online Armor myself, and it informs you of a myraid of things, including if a program is trying to edit the HOST file or edit the registry.

How do you know for certain that the infection is not smart enough to disable your protection or mask itself from detection with that software?

Programs like avast! and Online Armor have 'master' passwords set. They will not allow themselves to be shutdown without that password being entered. It's not as simple as ending a process; those programs are coded better than that. If the malware for example turns off the notifications of insufficient antivirus/firewall software, then Malwaresbytes will inform you of this. It'll inform you even if you did it yourself.

While malware can be undetected by antiviruses, it cannot escape the power of tools such as Deckard's System Scanner, ComboFix, HijackThis, and more.

I think that once you know you are infected the only way to ensure a 100% clean system is to re-format and re-install. Otherwise there is a chance that some rogue bits are lurking on your PC.

Imo, the only malware that would require a reformat would be a sneaky rootkit. Rootkits are much harder to remove than simple things such as trojans, keyloggers, and so on.

In the end, the best security is common sense.

[+Warwagon MVC]

I agree, very rarely have I come across an infection I could not cure, I would say 5% of all the PC's I have repaired I have had to wipe, the rest, with the above mentioned tools have done the job very well

When scanning a persons machine do you scan from outisde of windows or hook the hard drive up to another machine and do a scan to make sure their are no rootkits on the machine?

I once decided that instead of formatting a machine and try to clean it.

5 hours later I was finishing my last scan. Still had to install the latest service pack and updates.

[Phenom II]

Usually Safe mode, clear temp, disable msconfig, check the registry, reset IE8, uninstall any crapware, delete personal antivirus (Usually a common one) or other virus's from program files etc

boot normal mode, run HiJack this, run full malwarebytes scan maybe 2 times, run avast Boot scan for an outside of windows scan maybe 2 times also.

Usually that is enough, if there is still an issue, remove the drive, connect via USB and scan on another machine

The 5% that this doesnt work with get wiped

[+Warwagon MVC]

Usually Safe mode, clear temp, disable msconfig, check the registry, reset IE8, uninstall any crapware, delete personal antivirus (Usually a common one) or other virus's from program files etc

boot normal mode, run HiJack this, run full malwarebytes scan maybe 2 times, run avast Boot scan for an outside of windows scan maybe 2 times also.

Usually that is enough, if there is still an issue, remove the drive, connect via USB and scan on another machine

The 5% that this doesnt work with get wiped

What if everything looks normal but their is a rootkit hiding on the machine. Hard to ever tell if you ever truly got rid of a rookit by scanning inside windows given a rootkit's main goal is to to not be seen inside windows.

[Elektrisk]

What if everything looks normal but their is a rootkit hiding on the machine. Hard to ever tell if you ever truly got rid of a rookit by scanning inside windows given a rootkit's main goal is to to not be seen inside windows.

A rootkit might be the only malware I would say requires a format, but not always. GMER is one of the best rootkit detectors there is for Windows.

[farmeunit]

Sometimes it's just not worth the time to try cleaning an infection, depending on what your fees are. You can just as easily transfer the data off, reformat, and put the data back on.

[+Warwagon MVC]

A rootkit might be the only malware I would say requires a format, but not always. GMER is one of the best rootkit detectors there is for Windows.

True, some are much better than others. But nothing can detected 100% of them which must make a person wonder, if they removed them all

[Elektrisk]

Sometimes it's just not worth the time to try cleaning an infection, depending on what your fees are. You can just as easily transfer the data off, reformat, and put the data back on.

Keep in mind that it might be a USB device that is infected. My iPod was once infected with Sality, and would infect every computer I plugged it into with that malware. I couldn't understand why my laptop would become infected, even after reformatting, but then I realized it was my iPod.

[ad!k1337]

A rootkit might be the only malware I would say requires a format, but not always. GMER is one of the best rootkit detectors there is for Windows.

the best way to eliminate a rootkit is to use your antivirus rescue cd ... scanning w/ an antivirus in safe mode or using any rootkit detector would not guarantee removal.

reformat and reinstall of OS should be the last resort, there are a lot of tools available to eliminate any malware you just have to learn how to use them. Anyway I would still say prevention is better than cure ... so use a layered security setup (firewall - antivirus/antispyware - HIPS - sandbox - virtualization) and bear in mind that common sense is already common why not make use of it :laugh:

[c3ntury]

Keeping a firewall and an antivirus, such as avast! or kaspersky, helps cure infections and keep them away.

Common sense beats any anti-virus, any day of the week (including Sundays).

[Hum]

And one last Very important note.

Once infected Always infected, If you find that you have had a rather major infection on your system Find your resource discs and reformat your pc. Its just safer.

That has not been my experience.

Once I have removed a virus, trojan, malware, etc., it does not return. I have no further problems.

I think some computer people are a little paranoid. :laugh:

[Lauren-219]

Very good I liked the post but you forgot to add some things like never save passwords to a text document. Which is a good idea for when you get a trojan because that way they can download files etc without your knowledge. :)