BearWare Comprehensive Security Plan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

BearWare Comprehensive Security Plan

[For the links, go to http://bearware.info/security.html ]

A security plan that first covers recovery, and data protection is key.
Have a current image of your operating system and files. Backup your data
off-site regularly. Use a Anti-Keylogger. Have a Identity Theft Plan. Have
a financial transaction plan such as PayPal or MyProtect (especially with
Credit/Debit cards.) Anything truly sensitive, keep it encrypted and/or
off of your computer that is connected to the net.

Then use AV/AS/Firewall to help reduce the need (and time between) to
recover from malware. Just about any of the top free ones are good enough.
Just remember, the bad guys are always one step ahead. No silver bullets.

Your computer being hosed beyond use is not the most important issue. An
image of your system easily remedies that. The issue is protecting
yourself from financial harm or sensitive data being discovered or data
loss.

PRIVACY

Remember: There is no privacy on the Internet and you can only protect
yourself by not doing or divulging some things at all. Identity Theft and
Financial protection plans are crucial.

IDENTITY THEFT

Some of the better identity protection companies are LifeLock, IDENTITY
GUARD, TrustedID, ID Watchdog, and Guard Dog ID. These are not free
however, but are important as identity theft is one of the most serious
and numerous threats today. Research the companies available and choose
one. Identity Theft Labs  Top Ten Reviews  TomUse.com

FINANCIAL TRANSACTION PLAN

Be sure all financial transactions are with trusted sites and an HTTPS
connection (secure web connection) such as https://website rather than
http://website. Also, secure web browser services are available. One such
new free service is very good: MyProtect. A history of MyProtect can be
found here.

KEYLOGGERS

Keyloggers are one of the more serious threats and a very good program to
DETECT AND PREVENT them is SpyShelter which uses special algorithms to
protect your data against Spy and monitoring software that are used to
steal or reveal your data to other parties such as extremely dangerous and
custom-made keyloggers. It actively scans when any spy program, keylogger
or Trojan attempts to store your private information. It is designed to be
compatible with other well-known security products such as anti-virus and
firewall software. System protection (HIPS), Anti keylogger,
AntiScreenCapture, and AntiClipboardCapture. Minimal resource usage. It
can be configured to launch an on screen keyboard when logging into your
system. A better on screen keyboard to use with SpyShelter or anytime you
type secure information is SafeKeys

IMAGING YOUR SYSTEM

Imaging your system is the single most important thing anyone who owns a
computer should do.

The single most important aspect of a computer recovery is to be able to
restore your computer easily. There is no silver bullet or suite of
software that can guarantee you will not become infected. There is no
guarantee or certain way to know that you will be able to clean all of the
malware if you become infected and even so, that process can actually take
longer than re-imaging your computer. Making an image of your system is
the fastest and best solution for hard drive failure or recovering from
malware infections. It is also something anyone can do easily regardless
of their level of technical knowledge.

The act of restoring an image, completely erases the contents of your hard
drive/partition and rewrites the entire contents of the image. If this
image is an image of your active partition (partition on a hard drive set
as the bootable partition and contains the operating system - usually c:/)
it will completely restore your system as it was at the time you made your
image. Making an image of your system can reduce complete system
restoration time to thirty minutes or less and it is very easy to do. You
will not need operating system or factory restoration disks, or computer
manufacturer restoration features to re-stage your computer - simply
restore the image. This is the best overall protection you can have. I
cannot stress the importance of this enough.

First you should obtain an external hard drive and create backup folders
on that drive. (You can use CD/DVDs to copy your images to, however,
multiple CD/DVDs will be needed and how many depends on how large your
drive is.) Before you make a restoration image, update your programs, run
deep scans with your antivirus and manual scanners, clean and defragment
your machine in order to get as clean an image as possible.

Download and install your backup imaging program. I recommend EaseUS Todo
Backup. EaseUS Todo Backup FreeEaseUS Todo Backup Free is one-click system
backup. Images an entire system state including the operating system and
installed applications on-the-fly without interrupting your work. You can
also choose to back up specified files, network shared files, files in
use, folders or file types in. Provide alternatives to perform full
backups each time by offering incremental backup and differential backup.
The feature of "recover to dissimilar hardware" can simplify system
migration with restoring system to a dissimilar hardware configuration for
hardware replacement under WinPE recovery environment. Full backup disks,
partitions or dynamic volumes to image. It ensures PC security and instant
data recovery in case of any data loss. Schedule a backup task, your
system and important data can be backed up now, daily, weekly, monthly.
Clone or transfer all the data on a hard disk to another. Clone disk is
especially useful to upgrade your hard drive to a new one without
reinstalling operating systems and applications. Size: 311MB. Win
2000/XP/Vista/2008/7.

There are quite a few tutorials on YouTube illustrating how to use EaseUS
Todo Backup. It is an easy process and I highly recommend to have a backup
image of your entire system which will make it painless to restore your
operating system to the last clean image you made in the event of a
catastrophe. Also remember to make new images periodically when your
system changes significantly.

Tip: Keep the last few images you make as you may discover a corrupt image
or make a dirty image (system not clean when you make the image).

Tip: If you are not sure your system is clean, it may be worth the effort
to re-stage your computer with your factory restoration CDs or on hard
drive restoration factory images, reload the Windows updates, reinstall
your programs, data files and settings and then make an image. This may
take a long time, but it is worth having an image of your computer in a
pristine state. Just image your system before you re-stage so you have
access to files etc. after your re-stage.

BACKING UP YOUR DATA

Ask yourself "If I restored the last image I made of my system, would I be
satisfied?" and if the answer is no, make a new image. It only takes about
30 minutes.

My preferred choice of protecting my data files in between images, is to
use SugarSync, CX and Google Docs. All of my data files are kept on either
of those sites. I use SugarSync to sync MyDocuments folder, CX offers 10GB
of storage and files in the CX folder are also sync'd real-time to my free
CX online storage account, and my Google Docs are accessed via my browser
and reside on my Google Docs free online storage. Therefore there is no
need for me to make incremental backups of my data files between images.
If you need additional storage, another way to free up your real-time
auto-sync Cloud Storage accounts is to use ADrive for your static or
rarely used files. ADrive Features 50GB free Cloud Storage. There is no
synchronization so it is similar to an external hard drive, safer
(off-site) but slower. It does have Universal Access, File Sharing (free
account shared links expire after two weeks), Folder/Directory Upload,
File Download, and an Easy Search Tool. It is not suitable for streaming
music or video IMO. Also, Google Music offers both a locker service and a
store, along with a limited ability to share songs for free with Google+
users. It allows you to upload and stream your music for free and store
20,000 songs. The key is that if you have an Android phone or device, you
now have an excellent free choice for streaming and sharing music and you
can free up some of your SugarSync or CX storage space. These options
should provide you plenty of backup space.

If you choose not to use such services or such isn't suitable for your
needs, use backup software between images like FreeFileSync routinely to
sync your data files to a different folder than your Image folder on your
external hard drive. This will help make reverting to your last image more
painless if you ever have to do so and those backed-up data files you
changed since the last image can be then restored back to your system
after you load your image. Just remember, FreeFileSync is not real-time
backup.

Your important data should always be backed-up off-site or online, though
some people decide to use methods such as 'fireproof containers" which
could still become lost, stolen or receive damage. Also, truly sensitive
data should never be kept on computers/storage that allows or has Internet
access.

ANTIVIRUS, ANTISPYWARE AND FIREWALL SUITE

AntiVirus Suite  avast! Firewall  Comodo Firewall Anti KeyLogger
SpyShelter Anti Malware HIPS  ThreatFire ALTERNATE ANTI-VIRUS Suite

If you have and keep a current system image off-computer, a real-time
off-computer data backup system, practice safe hex and want to travel as
light as possible, I find the below antivirus with the Windows firewall is
all I need. If something happens, I can restore my system image and my
data files will take care of themselves. I prefer this approach as it is
virtually management free and noiseless.

AntiVirus  Panda Cloud Antivirus Beta with Windows Firewall.

ALTERNATE FIREWALL

Windows firewall is good enough, but if you want more control though much
noisier, use Comodo Firewall (without the antivirus) instead of Windows
firewall.

KEEP YOUR SOFTWARE UP-TO-DATE

Vulnerable and out-dated programs and plug-ins expose your PC to attacks.
Attacks exploiting vulnerable programs and plug-ins are rarely blocked by
traditional anti-virus and are therefore increasingly "popular" among
criminals. The only solution to block these kind of attacks is to apply
security updates, commonly referred to as patches. Patches are offered
free-of-charge by most software vendors, however, finding all these
patches is a tedious and time consuming task. I recommend Secunia PSI as
it automates these necessary updates and alerts you when your programs and
plug-ins require updating to stay secure.

ROUTINE MALWARE MANUAL SCANS

Perform routine manual scans periodically with Emsisoft Anti Malware
Scanner, Comodo Cleaning Essentials and Malwarebytes.

To check for and clean rootkit infections run a scan with Gmer
Anti-Rootkit and let it walk you through removal if it finds any rootkits.

REMOVING INFECTIONS

If you think you are infected, perform a deep scan with your anti-virus
and then with the above manual scanners. If you are infected which is
causing management issues in normal mode, you can try to clean these
infections with the above scanners by booting your system into SAFE-MODE
(without networking) by re-booting and pressing F8 during boot and be sure
to use safe-mode without networking.

Tip: Sometimes malware will prevent these programs from running and a good
trick is to rename the executable file before running it.

In my opinion, if you find that your machine has become infected, cleaning
is a temporary fix and it is best to restore your system image as soon as
possible (if you have one.) Malware can be difficult to clean and very
time consuming. Also, you can never be sure you have completely cleaned
all of the infections.

RESCUE CD

SARDU (Shardana Antivirus Rescue Disk Utility) can build one multiboot
support CD, DVD or a USB device. The disk or USB device may include
comprehensive collections of "antivirus rescue cd", collections of
utilities, popular distributions of Linux Live, the best known Windows PE
, recovery disks and Install of Windows XP , Windows Vista and Windows
Seven. All you need for troubleshooting. SARDU does include a few
utilities, but is primarily a tool for managing the software (ISO image
files) that you download from other companies and developers, which can be
also done with this tool.

Video Example by Mr Izos

Video Example by Languy99 in three parts (older version of SARDU but shows
you how to use it.) VIDEO 1rst part VIDEO 2nd part VIDEO 3rd part There is
no anti-malware program(s) that is bullet proof...therefore more important
to have real time back up of your data and portable programs, and a very
current image of your system. Why...because *when* you become infected, it
takes more time to try to clean than re-image, and you can never be
certain you've cleaned it all. If you do not have such a plan, SARDU is
the best type of approach to cleaning. Trying to use programs to clean
your system while your system is booted is definitely a crap shoot.

If you have such a recovery plan, just about any decent anti-malware
program could be used. I mean it's not like any of them are bullet proof
so it's a crap shoot. You might have the best AV in the world and happen
across the one malware that defeats it...bang. You might use the worst and
never come across malware that defeats it. It's a crap shoot.

Tip: If you are so heavily infected requiring rescue CD's, it is much
faster and more reliable to use the backup Image you made with EaseUS Todo
Backup and restore your computer to the last image you made in 30 minutes
or less. You must however, boot with the EaseUS Todo Backup boot CD to
restore your image.

PASSWORD AND FORM MANAGEMENT

LastPass is the most secure solution for encrypted automated password
management, and form filler. There is also nothing easier to use to manage
your passwords with as many features although some folks prefer computer
based programs such as KeePass.

Steve Gibson, renowned security expert, reviews LastPass in depth in a
podcast. Here is a text transcription of that podcast.

DNS PROXY

Google Public DNS allows you to use Google's DNS servers coupled with
their malware databases which block websites known to contain malware.
This gives you an additional layer of security without adding additional
burden to your system resources. It is also faster and has more valid
results than your ISPs. Look up how to change your DNS settings for your
particular operating system.

WIFI ENCRYPTION

If you use wireless connections in your home network, it is imperative
that you encrypt the connection. Anyone within range of your wireless
transmission could connect to your network and use it or capture your
computing sessions.

WEP is no longer recommended. The FBI has demonstrated that WEP can be
cracked in just a few minutes using software tools that are readily
available over the Internet. Even a long random character password will
not protect you with WEP. You should be using WPA or preferably WPA2
encryption. Check with your wifi router manual to determine how to do
this.

To encrypt your wifi, reset the wireless router to factory: press and hold
reset 20 seconds. On the main computer connected by wire to the router,
use any browser and go to 192.168.1.1 to enter management page. The
router's login password is usually on one of the "Administration" pages.
The other settings are all found in the "Wireless" section of the router's
setup pages, located at 192.168.1.1.

DEFAULT USER NAME LOGINS: Linksys BEFW11S4 or WRT54G= admin Linksys
EtherFast Cable/DSL Ethernet routers= Administrator Linksys Comcast
routers= comcast All other Linksys routers= [none].

DEFAULT LOGIN PASSWORDS: Linksys BEFW11S4= [none] Linksys Comcast routers=
1234 All other Linksys routers= admin.

First, give your router a unique SSID. Don't use "linksys". Make sure
"SSID Broadcast" is set to "disabled".

MAC Authentication should be applied.

Next, leave the router at its default settings (except for the unique
SSID), and then use a configured as above pc to connect wirelessly to the
router. Test your wireless Internet connection and make sure it is working
correctly. You must have a properly working wireless connection before
setting up wireless security.

To implement wireless security, you need to do one step at a time, then
verify that you can still connect your wireless computer to the router.

Next, select to encrypt your wireless system using the highest level of
encryption that all of your wireless devices will support. Common
encryption methods are: WEP - poor WPA (sometimes called PSK, or WPA with
TKIP) - good WPA2 (sometimes called PSK2, or WPA with AES) - best.

WPA and WPA2 sometimes come in versions of "personal" and "enterprise".
Most home users should use "personal". Also, if you have a choice between
AES and TKIP, and your wireless equipment is capable of both, choose AES.
With any encryption method, you will need to supply a key (sometimes
called a "passphrase" ).

The wireless devices (computers, printers, etc.) that you have will need
to be set up with the SSID, encryption method, and key that matches what
you entered in the router. Retest your system and verify that your
wireless Internet connection is still working correctly.

And don't forget to give your router a new login password. Picking
Passwords (keys): You should never use a dictionary word as a password. If
you use a dictionary word as a password, even WPA2 can be cracked in a few
minutes. When you pick your login password and encryption key (or password
or passphrase) you should use a random combination of capital letters,
small letters, numbers, and characters but no spaces. A login password,
should be 12 characters or more. WPA and WPA2 passwords should be at least
24 characters. Note: Your key, password, or passphrase must not have any
spaces in it.

Most home users should have their routers set so that "remote management"
of the router is disabled. If you must have this option enabled, then your
login password must be increased to a minumum of 24 random characters.

One additional issue is that Windows XP requires a patch to run WPA2. Go
to Microsoft Knowledge base, article ID=917021 and it will direct you to
the patch. Sadly, the patch is not part of the automatic Windows XP
updates, so lots of people are missing the patch.

A wireless Router with a Full FireWall implementation is best. Then only
the operating system's stock FireWall is needed and the LAN nodes will
have more resources available. A Router FireWall is stronger and more
secure than a software firewall.

Routers  PcWinTech ON-LINE HELP

If you believe you are infected and want on-line help (if you can go
on-line), go to one of the free tech support forums listed in my Tech
Support Section (I prefer TechSupportGuy,) post your issue and let them
walk you through cleaning. However, RESTORING THE LAST CLEAN IMAGE of your
computer is the surest and fastest solution.

CONCLUSION

At the very minimum, keep a current clean image of your computer and use
AV/AS/Firewall software. Also, backup your data files and portable
programs off-site with such as SugarSync real-time backup. Restore the
image if you get into trouble. Your data files and portable programs will
take care of themselves via SugarSync.

Prey Project Prey lets you keep track of your phone or laptop at all
times, and will help you find it if it ever gets lost or stolen. It's
lightweight, open source software, and free for anyone to use. And it just
works.

With everything set up, you can log into the web site and see a list of
all the devices you're tracking. And that's all there is to it. Until, of
course, one of those devices gets stolen. At which point, log into the web
site again and mark the device as missing. Or, if the device is a
smartphone, send it an SMS message that contains the secret word you
specified when you installed the client app on it.

Prey Project introduction from Carlos Yaconi on Vimeo.

Once the device has been instructed to go into "missing" mode by the Prey
web site, the installed client springs into action, and does whatever
you've told it to do. If the device has the ability to work out its
location, either via the mobile phone network or GPS, it'll send you a map
of where it currently is. If there's a webcam on there, you can tell it to
take a photo of the current user and display that on the web site too. Or,
you can have it take regular screen shots instead. Needless to say, you
can also protect your data. You can remotely lock the device or delete the
files on it.

And it's worth remembering that such software isn't just useful for
tracking stolen hardware. If you'd like to know where your kids are, or
perhaps you want to keep an eye on an elderly relative who values their
freedom to roam, Prey will do it. As for the morals regarding how you use
it, and on whom, that's entirely up to you.

Right now, Prey lets you track three devices free. If you want to track
more devices for free, simply create another account with a different
email address.

--
Bear
http://bearware.info
Must Do: System image and automatic real-time off-site data backup
Recommended tools: EaseUS Todo Backup and SugarSync


Site Timeline