Page 1 of 3 123 LastLast
Results 1 to 15 of 34
  1. #1
    iNET Interactive
    Join Date
    Jan 2011
    Location
    Seattle, WA
    Posts
    704
    Thanks
    11
    Thanked 68 Times in 53 Posts

    Revisiting the WS Security Baseline: Part 1




    TOP STORY


    Revisiting the WS Security Baseline: Part 1


    By Susan Bradley

    Regular Windows Secrets readers know that we cover PC and Internet security almost every week. But many Windows users never get the message.

    Keeping your digital life has gotten far more complex. Here are some tips for computing in the year 2014.

    The full text of this column is posted at http://windowssecrets.com/top-story/...seline-part-1/ (opens in a new window/tab).

    Columnists typically cannot reply to comments here, but do incorporate the best tips into future columns.
    Last edited by Kathleen Atkins; 2014-07-02 at 18:39.

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    New Lounger
    Join Date
    Jun 2010
    Location
    UK
    Posts
    23
    Thanks
    0
    Thanked 4 Times in 3 Posts
    As usual, a very good article I just wanted to mention another free tool to protect from ransomware (including CryptoLocker, CryptoDefense and others). SurfRight offering "HitmanPro.Alert"includes "CryptoGuard" which simply stops unauthorized encryption of your files. It's important to distinguish between HitmanPro.Alert and HitmanPro. The former is free, the latter isn't.

    Personally, I think it's a more elegant solution than CryptoPrevent (which I recommended in response to your original post about CryptoLocker). It should be noted that HitmanPro.Alert does not remove the infection - it will just stop files being encrypted (which of course is the main consideration here). On finding an issue, it will prompt you to purchase HitmanPro to do the removal - but it's not necessary, as Malwarebytes AntiMalware Free will remove the infection.

  4. #3
    Lounger
    Join Date
    Dec 2009
    Location
    New Jersey USA
    Posts
    25
    Thanks
    0
    Thanked 3 Times in 2 Posts
    Tools like EMET appear to be possible bloat ware, possibly severely degrading your computer experience more than helping. The Pros and Cons of these tools must be considered, tested, and reported in articles such as this from WS. To simply recommend software is not enough. Tell us the 'Secrets' Windows Secrets Newsletter.

  5. #4
    New Lounger
    Join Date
    Jun 2012
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re Backups for security

    I would welcome a more detailed article revisiting the whole question of backups in the light of current threats.

    I started (in the days of DOS) using "xcopy /s/e/m" daily with a monthly run after resetting all attribs - and knew what was going on!
    Then I moved to dragging data folders onto a CD icon once a week.
    I moved a few years ago to a NAS which was meant to be backing up on the fly (fit and forget) - and was never really sure what it was doing.
    I tried using SyncToy with the NAS but it would regularly choke on "files in use" or "path too long"
    Post Cryptolock and other ransomware I have moved to a weekly USB harddrive backup (that can then be disconnected and moved to another place) - but again I am not really confident what the software (WD Smartware) is really doing. So I take system images using the Win7 Backup/Restore built-in application every month.

    It's not ideal and could be better. I am prepared to pay for software - if I can understand what it is doing and feel confident that it is doing it. Too much software nowadays is both clever-proof and/or idiot-proof; I'm somewhere in between!

    I think I want:
    1) Regular system images - to go off-site, but they take time so cannot be done too frequently.
    2) Frequent "data" backups - to a medium that can then be disconnected (ideally with ability to check individual files)
    3) Off-site media to be encrypted - which is why I am using WD external harddrives
    Then if the worst happens, I restore from a system image and then copy over each subsequent data back-up in order.
    I have a gut feel that the Win 7 backup Control Panel applet provides all I need. So why do so many people advocate applications like Acronis?

    I have twice "lost" a hard disk, fortunately back in the xcopy days. Restoration (from multiple floppy disks) took a few hours, but was complete and certain. And putting a floppy disk in the drive each night to take the daily incremental backup (to go home) was quick, easy and dependable. Which is the way it should be.
    Last edited by dsf; 2014-07-03 at 11:58. Reason: typos

  6. #5
    Star Lounger
    Join Date
    Mar 2010
    Location
    Great LAND of TEXAS
    Posts
    75
    Thanks
    0
    Thanked 4 Times in 3 Posts
    I wish to THANK "Rui Ribeiro Windows Secrets Lounge Administrator" for solving my issues with getting into this part of the forum.

    Also wanted to inform Susan Bradley that there are many features available on the web for keeping you as safe as possible. #1.WinPatrol PLUS by Bill Pytlovany of BillPStudios that is a very small program and will monitor your complete system and notify you if any thing is added or changed without your authority. #2. Password Maker (addon for Mozilla FireFox) v1.7.8 and is very secure and easy to use with many features to-boot. #4. If you are using the x86 (32bit) software for your O/S then this will not work for you. That said, "if you are running 64bit O/S Windows Seven, Eight, or Eight point one then you may do as I have done since getting my very first 64 bit O/S as Win7 without SP1, it had not been dispatched at that time, after about two (2) months SP1 was available and installed by me. I run Microsoft's Windows FireWall; Security Client; EMET; Key Scrambler; SuperAntiSpyware: MBAM Pro; Spybot Search & Destroy; WinPatrol PLUS; Avast! Anti Virus and a few other all up to date, latest versions, all at the same time. Have even done scans with them all at the same time with out any hang ups, DO NOT DO THIS WITH 32BIT (x86) O/S as it will lock-up your system."

    Also wanted to note: I had the Avast! AntiVirus software Pro test with FireWall and had their firewall setup along with Microsoft's FireWall and they did not conflict just worked together and that was only for a MONTH or so and then went back to the FREE version. Being retired and with little funds to pay for all of the different payed versions except for a very few as noted in my above informaion.

    I think that will be enough for now . .
    Last edited by NTLS; 2014-07-03 at 12:26. Reason: just punctuated better . . BAG! Added comment . .
    Thank you for reading,
    TIA, CU L8R,
    NTxLS Win7 Pro 64bit SP1; FireFox v30.x, Password Maker v1.7.8; WinPatrolPlus: SuperAntiSpyware; MBAM Pro; all with the latest updates . .

  7. #6
    Star Lounger
    Join Date
    Mar 2010
    Location
    Great LAND of TEXAS
    Posts
    75
    Thanks
    0
    Thanked 4 Times in 3 Posts
    One last point if I may? This is not reference to what this section is about, just my opinion and hopefully will not cause any 'spot fires.'

    What I post is my opinion ONLY, not suggesting any one else do the same. As we all know 'opinions are like discharge points of nourishments' and do not smell sweet. That said, we are all masters of our own systems and any post is done to let another know what we experience with our own system. We many times disagree with another and that is when the 'flames' start, so do not think I am suggesting any thing for another to do or experience. You do what you feel most comfortable with and maintain your own system as you wish Even Ms Bradley gives what she uses and some alternatives if you do not like what she has suggested or told us about her own operations. That is all any of us can do is to let another know how you work or what you use. We are not all the same and never will, we just need to work together and keep ourselves as safe as possible.
    Last edited by NTLS; 2014-07-03 at 13:17.
    Thank you for reading,
    TIA, CU L8R,
    NTxLS Win7 Pro 64bit SP1; FireFox v30.x, Password Maker v1.7.8; WinPatrolPlus: SuperAntiSpyware; MBAM Pro; all with the latest updates . .

  8. #7
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,311
    Thanks
    139
    Thanked 114 Times in 98 Posts
    Quote Originally Posted by JohnReam View Post
    Tools like EMET appear to be possible bloat ware, possibly severely degrading your computer experience more than helping. The Pros and Cons of these tools must be considered, tested, and reported in articles such as this from WS. To simply recommend software is not enough. Tell us the 'Secrets' Windows Secrets Newsletter.
    EMET does not impact performance of Windows. It can block unsafe actions, which may interfere with poorly designed programs, and users may get confused and enter the wrong settings. Barring these events however, EMET does not impact system performance the way some Antivirus Suites which try to be all things to all people have a reputation for doing.
    Last edited by bobprimak; 2014-07-03 at 16:08.
    -- Bob Primak --

  9. #8
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,311
    Thanks
    139
    Thanked 114 Times in 98 Posts
    Quote Originally Posted by NTLS View Post
    One last point if I may? This is not reference to what this section is about, just my opinion and hopefully will not cause any 'spot fires.'

    What I post is my opinion ONLY, not suggesting any one else do the same. As we all know 'opinions are like discharge points of nourishments' and do not smell sweet. That said, we are all masters of our own systems and any post is done to let another know what we experience with our own system. We many times disagree with another and that is when the 'flames' start, so do not think I am suggesting any thing for another to do or experience. You do what you feel most comfortable with and maintain your own system as you wish Even Ms Bradley gives what she uses and some alternatives if you do not like what she has suggested or told us about her own operations. That is all any of us can do is to let another know how you work or what you use. We are not all the same and never will, we just need to work together and keep ourselves as safe as possible.
    I find that when I post long strings of advice, and when I pose as an expert with opinions and suggestions which are superior to other members of the Lounge Community, that this is when I get strong and negative replies to my posts. I like to be more tentative, less absolute in my language these days. I often qualify my advice by saying "this works on my system", Your Mileage May Vary, and "just my opinion". Sometimes I even begin what I think may be an unpopular post with "Just my Two Cents Worth" or something like that.

    Having said all of this, I find your security recommendations well worth considering, especially Win Patrol. I personally find Avast oversized, and it has slowed my Windows 7 system, but I still use it for safety. Sometimes, when doing relatively safe things, I drop some of Avast's more system-slowing shields for awhile just to get some work done, especially when I'm offline to begin with.

    I also use Linux (in the dreaded dual-booting configuration) for all sensitive banking and eCommerce logins. In Linux, Firefox plus AppArmor set to Enforce has much the same level of protections as Windows 8 with IE 11 plus EMET restrictions. Quite adequate for most folks.

    Browsers can be made further secured by adding Extensions or settings which limit or prevent scripts from executing, and blocking Tracking Cookies. For most major browsers, Abine has a version of their DoNotTrackMe Extension. For Firefox (Windows and Linux) I use Ghostery and DNTM. I use Chromium in Linux and Chrome in Windows 7, both with DNTM. In Windows, I further use special add-ons to block the Google Analytics, whereas as Open Source, Chromium for Linux doesn't have the "Google Botnet" installed.

    Backup drives can fail, so I make at least one copy for off-site storage and to use as a "backup for my backup". The two drives never get connected to the computer at the same time, and no backup drive ever connects with a computer which is online.

    I also like Susan's recommendation that for casual web surfing, entertainment, media streeaming, etc., a second device is a good idea. I will consider an Android Tablet for this purpose, combined with Chromecast or some Chinese knockoff, to stream content to my (modestly sized) HDTV. I am still waiting for the new Android Kit-Kat on Intel BayTrail tablets to hit our shores from China. With the price savings vs. Samsung or Apple, I could buy two or three of these devices if I so choose. Android needs Antivirus too! Avast for Android is highly rated by many reviewers.

    I have yet to use it, but Hitman Pro Alert looks like a good addition to my arsenal of Windows protections.

    One more set of tools for security -- bootable media with Windows Defender Offline and at least one other bootable antivirus program, to be run if the main hard drive gets locked or encrypted. In these situations, not even Windows Safe Mode would be available. Sometimes Linux Boot Repair and repartitioning tools can get rid of a bootkit by recreating the MBR without destroying the installed OS(es). These run with a live CD in a Linux environment, completely immune from further Windows infections. And if I can restore the MBR, I still have accesss to my Linux installation -- which is also immune to Windows malware. A totally trashed hard drive can always be replaced, and both my Linux and my Windows, as well as all Data, are backed up regularly and can be restored when needed -- even to a new drive. So maybe a few logs or recent versions of working documents get lost -- better to know everything is now uninfected.

    I would not be too quick to do a rollback or reinstall in the case of malware. It is best to solve the problem and in the process understand better how the breach occurred in the first place. and then set about using better preventive practices moving forward.

    Not that Linux cannot be compromised -- it CAN be infected. But that's a security story all its own...
    Last edited by bobprimak; 2014-07-03 at 16:12.
    -- Bob Primak --

  10. #9
    Star Lounger
    Join Date
    Mar 2010
    Location
    Great LAND of TEXAS
    Posts
    75
    Thanks
    0
    Thanked 4 Times in 3 Posts
    "Bob Primak,"

    Thank you for this informative post, both of them, as I do have EMET on my system and it has not caused any slowness that I can see anyway. You are also very correct about doing any backup OFF LINE . . many thingys I do are off line as well. If you ever have a H/D issue and need to see if you can recover it, Gibson Research Corporation (grc.com) has a little program called SpinRite that has the ability to restore from what has been miss-identified as a bad spot when only the calibration of the head positioning needs to be corrected and his software will do the recalibration. Plus Microsoft's ChkDsk will only attempt to recover a bad spot only one time his software will do up to 2K (for some that is 2,000 times) attempts to recover the software or so called bad spot. I have had some issues with drives that were recovered by SpinRite v6.0. Have found the price is worth the money when you can restore a supposedly dead drive, not just one but several.

    You are just busier than I am on a system, not being a programmer just a very determined user learning how to do some of the technical operations through some of these forums over the years has been very fruitful for me.

    One last point almost forgot to post, when logging in any where I NEVER check the "Keep Me Logged in for " how ever many days, weeks or months the site has selectable. Always do a single login for each one and LOG OUT when done.
    Last edited by NTLS; 2014-07-03 at 16:45. Reason: Almost missed ater thought . .
    Thank you for reading,
    TIA, CU L8R,
    NTxLS Win7 Pro 64bit SP1; FireFox v30.x, Password Maker v1.7.8; WinPatrolPlus: SuperAntiSpyware; MBAM Pro; all with the latest updates . .

  11. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Edmonton, AB, Canada
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You mentioned looking for a consumer product to monitor software install. I have been using Winpatrol for quite a number of years and suggest it to a lot of people, especially those who are "at risk". The free version is very good while the paid version (one time fee) has some extra goodies. It has caught some baddies where my AV product didn't and has save me from number PUP's.

  12. #11
    New Lounger
    Join Date
    Jul 2010
    Location
    New York, NY
    Posts
    16
    Thanks
    1
    Thanked 3 Times in 2 Posts
    There's one surfire way to keep your security questions safe from educated guesses: lie.
    I've never had a pet, which makes the name of my beloved first puppy quite a challenge to a would-be hacker.
    And not even my parents know the city of my birth.

  13. #12
    Lounger
    Join Date
    Dec 2012
    Posts
    33
    Thanks
    0
    Thanked 2 Times in 2 Posts
    You guys read your mail! (At least I hope my letter asking for an update of the WS Security Baseline was the inspiration for this column.) Excellent stuff. I am looking forward to discussion of hardware (particularly wireless routers) in Part II. My D-Link DIR-825 is getting overloaded by the proliferation of devices wanting wireless access in our home. I have to reboot it occasionally when it gets confused, so I'm thinking I need a newer, industrial-strength wireless access point around the house and will appreciate brand-name recommendations.

    Encryption is also another Big Issue. Since I don't travel internationally with electronic devices, I'm not particularly worried about NSA or DHS getting through the backdoors built into Bitlocker and TPM. I simply need to protect my "data at rest" from loss or theft domestically and encrypt cloud backups.

    Thanks for addressing these issues.

  14. #13
    Star Lounger
    Join Date
    Jan 2010
    Location
    Monterey, California, USA
    Posts
    72
    Thanks
    20
    Thanked 0 Times in 0 Posts
    Ms. Bradley:

    Thanks for a very interesting article. I recall from many weeks ago that you had been researching virtual private networks, but unless I missed a Windows Secrets newsletter (possible, because I did have some problems with my ISP), I haven't seen any VPN recommendations. In any case, given your very useful posts in WindowsSecrets newsletters, I don't think you could have had time to finish your VPN research and write it up.

    I am now about to do some traveling (with my Windows7 Sp1 laptop), and I probably will install Witopia. But I really need some guidance. Previously, on Windows 2000 and XP laptops, I was using HotSpotVPN-2 (https://hotspotvpn.com/), but after many hours (days, actually) of effort I never could successfully install it. I had a lot of correspondence with the owner-manager describing in detail the steps I had taken and asking "was this step correct," but his replies were not nearly detailed enough for me to get HotSpotVPN-2 to work. So I gave up, and have uninstalled it since it didn't work.

    So I hope that you, or someone else reading this post, will have VPN suggestions.

    R.N. (Roger) Folsom

  15. #14
    New Lounger
    Join Date
    Sep 2011
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Do I need Silverlight?

    You mentioned getting rid of Silverlight if possible ("Keep... apps up to date"). I do have it installed, although I don't remember why. I do stream media to my TV (not often), but I'm not sure if I really need it. I tried to look up a description, but the ones I found are not very clear about exactly what it is needed for, and whether there may be alternatives. Can anyone tell me any specific programs/apps that require Silverlight to work properly?

  16. #15
    Super Moderator jwitalka's Avatar
    Join Date
    Dec 2009
    Location
    Minnesota
    Posts
    4,774
    Thanks
    67
    Thanked 549 Times in 497 Posts
    Netflix is one app the uses Silverlght although they have plans to move off.

    Jerry

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •