Oh wow.

USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET!

This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area.

IF you don't recognize a ware?

Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).

APK

SECURING THE TELNET SERVICE & USER GROUPS:

And, a Mr. Markuss Jansson on his point on TELNET service (tlntsrv.exe iirc).

http://www.markusjansson.net/exp.html

Turn Telnet NTLM logings off

-> Run: telnet.exe
--> Type (and press enter): unset ntlm

He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).

APK

P.S.=> I list MORE security techniques for securing telnet, here (did this years ago circa 1997-2002, & it's cited in 2001 here @ Neowin, by searching TELNET on that page) to supplement this technique:

=================================
APK "A to Z" Internet Speedup & Security Text!
=================================

http://www.neowin.net/news/main/01/1...-security-text

=================================

Which goes into that point on TELNET & many others (including more speed tuneups, services cutoffs for speed + security in DETAIL & far more also to supplement this post here)... apk

"Checks & Balances" (accuracy check of this article by "pros" (still, test for yourselves, because a simple certification doesn't a security-pro make)), Part 1

I also "took the liberty" of contacting a "security-pro" (in Don Parker of "SecurityFocus.com" fame)!

This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:

**********

Hello apk,

I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.

--Don

**********

That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all - because mere certifications do NOT an 'expert make', as in the fellow I note above, because iirc, that is ALL he has going for him afaik & to myself @ least? THIS IS NOT ENOUGH, certs are not the same as full degrees, & not by a LONG shot in this field) in the arena of computer security!

So, test for yourselves, via CIS Tool - to be sure... because ANY music person can tell you this: THERE IS A DIFFERENCE BETWEEN TABLETURE, & BEING ABLE TO READ MUSIC (which is the diff. between mere certs. & degrees in Comp. Sci./MIS)

--------------

Also - Do please check this page out, for even more security points:

http://csrc.nist.gov/itsec/download_WinXP_Home.html

Especially the downloadable guide for security there to supplement this one's points, it is named -> SP800-69.pdf

----

The PDF file guide above from NIST (in association w/ the U.S. Gov't. on securing PC's no less), like my guide here also?

That also lists a "6.32 Removing Malware" section as well!

So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide here!

(In fact, many of them were MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)

Anyhow/anyways - The .pdf guide from NIST either tend to reinforce my own, OR, go beyond in some cases!

E.G.->

• Securing wireless networks

• Securing MS-Office apps better

• Script file extensions associations with notepad.exe for instance (for safety vs. scripted attacks)

• More on email & webbrowser security

• The SIGVERIFY utility (file signature checker)

• Disabling unneeded accounts

That's for some things I did not cover well imo, here (OR RATHER, well enough earlier), & to supplement my guide (both have good ideas & they both work).

APK

As for infections (if any) i prefer to use HJT and read my own log

"Checks & Balances" (part deux) - RESULTS POSSIBLE ON CIS TOOL (XP)



That's an example of where your score (for users on Windows XP SP #2 no less fully hotfix patched as of this date) can be @ scoring-wise, on the CIS Tool benchmark test gauge of Windows Security, after following its suggestions for security-hardening your systems.

A 90.112 score... & that was AlexStarFire's score from the 3dguru.com forums, once he applied it to his home system ("stand-alone", non-HOME or WORK-LAN system, online on the public internet), which is way, Way, WAY up from its initial default score of 46.xxx/100...



* Here is an example of a user named Thronka, who employed it to security-harden the endpoints on his LAN/WAN setup @ work, who is also enjoying it successfully as well, albeit this time, in a BUSINESS environs (as I have it as well, for both HOME standalone machine online today, & also on the job):

http://www.xtremepccentral.com/forum...ad.php?t=28430

APK

P.S.=> I hope you guys also employ it thus as well - it starts with reaching just 1 person, & then, by example? Others start to apply it also, & then things start to change "for the better", because by securing yourself, & maybe even setting up your pals & families machines' this way? You lessen the possibility of "spreading the diseases" out there online today... apk

Quote:

Originally Posted by Cat-tranz

As for infections (if any) i prefer to use HJT and read my own log

I'm not sure what "HJT" is, but you make a GOOD POINT, about log reading... I am assuming, perhaps incorrectly, that you mean Windows' Event Logs here.



Speaking of which/on that note (logging)? I supplement the std. Windows' EventLogs with a tool Microsoft produces called "Port Reporter" & it's pretty cool.

You can read about it & if you like what you see, download it here:

Download details: Port Reporter (PortRptr.exe)

* Enjoy!

APK

P.S.=> Supplementary logging is "Good Stuff"!

... & if ANY of you have ever read a "best seller" called "The Cuckoo's Egg" by Cliff Stoll (true story of a guy in academia who ended up busting an international hacker ring that was from East Germany in the employ of the Russian KGB no less, who were using trans-atlantic connections into various places in the U.S.A. + then busting into military installations, like Ft. Stewart (near Richmond Hill Ga., & I know this because my bro was stationed here, he is a Capt. in the military)?

It's mainly HOW he was "clued into them", because they were wiping the std. UNIX logs, but a secondary logging system was designed by the kids in comp. sci. degree track/dept. & it began to "not jive" with the std. one... & that in turn led to him tracking they & eventually getting them caught.

Thus, my point on logging... apk

Hi APK

HJT - Hijack This its a popular program and many Forums has its own HJT readers mostly MRU or ASAP qualified, more to read > Here

Cindy

Hello Cindy!

WoW... sure, I know what "Hijack This" is, I just didn't get your acronym! Yet another I'll have to try to commit to memory, lol, in a field CHOCK FULL of acronyms (acronyms = pkzipped english, lol!).



It is a decent tool, & a GOOD supplement to those which I note above.

APK

P.S.=> The ONLY problem I have found with depending on the "std. solutions" per my post above, & now, yours? Well, not a SINGLE ONE of them (antivirus, antispyware, OR antirootkit programs all) catch, "EVERYTHING"... it's best to use a few of them (however, only keeping 1 resident (meaning running as a service or trayicon app (or, combo of both)) to get "2nd Dr.'s Opinions" on scans... thing is though, their technology? Often is QUITE weak!

Examples being folks that put their faith into the std. "antivirus + firewall" combination - once you detonate a bogus mail, or hit a site with bad javascript on it (or, in its adbanners, big news the past year now in fact that last point)?? Your std. mix of protection is NO GOOD... mainly, because apps you use now are what is being attacked (Ms-Office & IE + FireFox being PRIME examples).

I see this in paying customers, every week... especially when they ask me "How come I am being infected, if I have an antivirus + firewall" & I have to tell them about the browser they use (generally IE of some form, & how it is vulnerable by design regarding ActiveX &/or javascript + IFrames etc.) & they often do NOT keep those programs (antivirus) updated either.

Nope, "layered security" is what the "pros" in this field recommend, & I still 2nd them... I have not been infected in many years, because of the use of layered security, & I have a pal named Jack (PI by trade) who was "sucking in" around 200-300 a week of spywares/viruses!

He applied this guide, with my help (he was my "prototype user" in fact) & since that application? He has only turned up 1 since (that was 7 months or more ago now too)... & he knows HOW & WHERE he got it (YouTube, & keeping javascript on iirc) too.

It works! Yes, a bit of work, but it DOES work & well... apk

A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?

http://mtc.sri.com/



* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!

APK