BearWare Security Plan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
This is an evolving effort of presentation and my best attempt thus far
 at presenting a better perspective and more comprehensive view on
 security. If you want the links, go to my security page on BearWare. I am
 not trying to present a dissertation on security...simply a guide for
 people who may gain some more insight.

Any constructive criticizm is welcome.

 A security plan that first covers recovery, and data protection is key.
 Have a current image of your operating system and files. Backup your data
 off-site regularly. Use an Anti-Keylogger. Have an Identity Theft Plan.
 Have a financial transaction plan such as PayPal and MyProtect
 (especially with Credit/Debit cards.) Anything truely sensitive, keep it
 encrypted and off of your computer that is connected to the net.

Then use AV/AS/Firewall to help reduce the need (and time between) to
 recover from malware and just about any of them are good enough or not
 depending on your surfing habits and perspective as the bad guys are
 always one step ahead.

Your computer being hosed beyond use is not the most important issue. An
 image of your system easily remedies that. The issue is protecting
 yourself from financial harm or sensitive data being discovered or lost.

 Remember: There is no privacy on the Internet and you can only protect
 yourself by not doing or divulging some things at all. Identity Theft and
 Finacnial protection plans are crucial.

 Some of the better identity protection companies are LifeLock, IDENTITY
 GUARD, TrustedID, ID Watchdog, and Guard Dog ID. These are not free
 however, but are important as identity theft is one of the most serious
 and numerous threats today. Research the companies available and choose
 one. Identity Theft Labs  Top Ten Reviews

 Be sure all financial transactions are with trusted sites and an HTTPS
 connection (secure web connection) such as https://website rather than
http://website. Also, secure web browser services are available. One such
 new free service is very good: MyProtect. A history of MyProtect can be
 found here.

 Keyloggers are one of the more serious threats and a very good program to
 DETECT AND PREVENT them is SpyShelter which uses special algorithms to
 protect your data against Spy and monitoring software that are used to
 steal or reveal your data to other parties such as extremely dangerous
 and custom-made keyloggers. It actively scans when any spy program,
 keylogger or trojan attempts to store your private information. It is
 designed to be compatible with other well-known security products such as
 anti-virus and firewall software. System protection (HIPS), Anti
 keylogger, AntiScreenCapture, AntiClipboardCapture. Minimal resource
 usage. It can be configured to launch an on screen keyboard when loging
 into your system. A better on screen keyboard to use with SpyShelter or
 anytime you type secure information is SafeKeys

 The single most important aspect of a computer recovery is to be able to
 re-image your computer easily. There is no silver bullet or suite of
 software that can guarantee you will not become infected. There is no
 guarantee or certain way to know that you will be able to clean all of
 the malware if you become infected and even so, that process can actually
 take longer than re-imaging your computer. Making an image of your system
 is the fastest and best solution for hard drive failure or recovering
 from malware infections. It is also something anyone can do easily
 regardless of their level of technical knowledge.

Making an image (ISO) of your system can reduce complete restoration time
 of your system to thirty minutes or less and it is very easy to do. This
 is the best overall protection you can have. I cannot stress the
 importance this enough.

First you should obtain an external hard drive and create backup folders
 on that drive. (You can use CD/DVDs to copy your images to, however,
 multiple CD/DVDs will be needed depending on how large your drive is.)
 Before you make a restoration ISO, update your programs, run deep scans
 with your antivirus and manual scanners, clean and defragment your
 machine in order to get as clean an image as possible.

Download and install your backup imaging program. I recommend Macrium
 Reflect. Create a boot CD and create your backup ISO and save it to your
 external hard drive. To restore your image, boot to your boot CD, connect
 your external hard drive, and follow the wizards.

Video1 showing how to create an ISO with Macrium Reflect, and Video2
 showing how to restore an ISO with Macrium Reflect which was made about
 one year ago though it is still current enough to provide you the
 necessary information.

HowToGeek reviews how to use Macrium Reflect.

It is an easy process and I highly recommend to have a backup image of
 your entire system which will make it painless to restage in the event of
 a castastrophy. Also remember to make new images periodically when your
 system changes significantly.

Tip: Keep the last few images you make as you may discover a corrupt
 image or make a dirty image (system not clean when you make the image).
 If you are not sure your system is clean, it may be worth the effort to
restage your computer, reload the Windows updates, reinstall your
 programs, data files and settings and then make an image.

Tip: With Macrium Reflect, you can Browse or Explore an image by mounting
 the image file in Windows Explorer. This makes the image appear as a
 drive in Windows Explorer that you can access just like any other drive,
 it is mounted with its own drive letter. The image is mounted as read
 only. This means that you cannot change the contents of the mounted drive
 but you can copy files from the mounted Image in Windows Explorer to your
 PC. You can also open files (such as WORD documents) by double clicking.
 To mount the image, right click on the Image file in Windows Explorer and
 select 'Explore Image.' Select the partition from your Image you wish to
 view. Your Image will be displayed in Windows Explorer with its own drive

Sometimes it may become necessary to restage your computer due to malware
 or other system problems. This can be an extremely time consuming
 process, first reinstalling your operating system software from system
 disks or restaging software from your manufacturer's image housed on your
 hard drive, then reinstalling your Windows updates, programs, data and
 settings. I will never buy a computer without actual System restoration
 software availabe on CD/DVDs as hard drives fail and this may be your
 only and last resort to recovery.

 Ask yourself "If I restored the last image I made of my system, would I
 be satisfied?" and if the answer is no, make a new image. It only takes
 about 30 minutes. In between images, use backup software like
 FreeFileSync routinely to sync your data files to your external hard
 drive. This will help make reverting to your last image more painless if
 you ever have to do so as those backed-up data files you changed since
 the last image can be copied back to your system after you load your

Your important data should also be backed-up offsite or online though
 some use 'fireproof containers" which could still be stolen or receive

There are a lot of anti-malware programs that are very good and it is
 difficult to choose an adequate 'suite' without over-burdoning your
 computer or creating multitudes of annoying notices. I prefer the best
 protection with the least amount of noise. The minimal Windows process I
 recommend (all free) is as follows (this will be updated as this dynamic
 environment changes.) If you wish to use more, by all means do. I do not
 find the need for additional anti-spyware programs or other security
 programs with the following process.

 COMODO Internet Security Premium v5, the latest major release of the
 product, was released on 14 September 2010. Version 5 has a new user
 interface theme and with the updates/improvements, it has positioned
 itself as the top free contender in this dynamic environment and likely
 the best all around security protection of any free or even many paid

COMODO Internet Security Premium features a new user interface theme,
 application sandboxing, reduced pop-up alerts and the ability to easily
 take system snapshots or create restore points, antivirus with heuristics
 engine built in, firewall with outbound and inbound protection, memory
 firewall protecting against buffer overflow, HIPS (Defense+), Online
 Cloud Scanner and behavior analysis, spyware scanner, improved malware
 cleaning, and game mode. CIS is my current choice for best free anti-
 virus, anti-spyware and firewall suite.

Sure there is a Pro version, but functionality is the same as the free
 version though additionally you get TrustConnect which offers protection
 from Internet threats regardless of where the computer is being used or
 how the computer is connected, and Hands-on Support (Apart from the usual
 24x7 product support, there are other services like remote virus removal,
 wifi security, remote installation and PC tune-ups for a sluggish
 machine.) While $40 a year isn't bad for those two additional services,
 unless you really want/need them, they aren't significant enough to
 warrent the cost.

Wikipedia has a good overview of CIS v5.

Languy99 has recently posted a video review of CIS v5 which is worth

Languy99 Part1 has recently posted a video comparison of AntiVir, AVAST,
 Comodo, and Panda which is worth watching.

Languy99 Part2 comparison of AntiVir, AVAST, Comodo, and Panda which is
 worth watching.

 I equally recommend Microsoft Security Essentials antivirus coupled with
 DriveSentryFree as an alternative to Comodo Internet Security. MSE
 includes Windows Defender and is an effective alternative along with
 DriveSentry, which is one of the better HIPs antimalware prevention tools
 available. It is virtually airtight against malware. Its only Achilles
 heel it asks you the first time most things run or trigger if you want to
 allow or deny, and then remembers your answer. One wrong answer from an
 and it lets the malware through. Users can just click "DENY" by default
 if they are unsure, and then google the flagged item to see if they want
 to go back and allow it. So as long as you do that, DriveSentry is about
 the best you can get for PC protection. The free Desktop version requires
 manual updating, no trickle feed automatic updates. It does not conflict
 with Microsoft Security Essentials. If you wish an alternative to
 Microsoft Security Essentials, AVAST, AntiVir, and  Rising AntiVirus are
 also good though I have not tested their compatibility with DriveSentry.
 Languy99 performed a recent review of the new version of DriveSentryFree

 Windows firewall is good enough, but if you want more control though much
 noisier, use Comodo Firewall (without the antivirus) or Online Armor's
 Firewall instead of Windows firewall.

 Perform routine manual scans periodically with Superantispyware Portable,
 Malwarebytes, Dr.Web CureIt and A-Squared (Install the full version of
 A2...after the installation, it will give you several options....choose
 the free scanner only option then on the next screen, deselect the
 privacy and online update options. When you run the program, it will ask
 if you want to update. A2 takes a long time to run.

To check for and clean rootkit infections run a scan with Sophos Anti-

 If you think you are infected, perform a deep scan with your anti-virus
 and then with the above manual scanners. If you are infected which is
 causing management issues in normal mode, you can try to clean these
 infections with the above scanners by booting your system into SAFE-MODE
 (without networking) by re-booting and pressing F8 during boot. Sometimes
 malware will prevent these programs from running and a good trick to use
 is rename the executable file.

 If none of that works for you, try the Avira AntiVir Rescue System which
 is a Linux-based application that allows accessing computers that cannot
 be booted anymore or other preventions. Thus it is possible to repair a
 damaged system, rescue data, or scan the system for virus infections.
 Just download, then double-click on the rescue system package to burn it
 to a CD/DVD. You can then use this CD/DVD to boot your computer and use
 it's tools. The Avira AntiVir Rescue System is updated several times a
 day so that the most recent security updates are always available. Then
 you should be able to continue cleaning with your anti-virus and the
 manual scanners, OR use the backup Image you made with Macrium Reflect
 and restore your computer to the last image you made. You must however,
 boot with the Macrium Reflect boot CD to restore your image.

 LastPass is the most secure solution for encrypted automated password
 management, and form filler. There is also nothing easier to use to
 manage your passwords with as many features.

 Comodo Internet Security includes an option for a more secure DNS proxy.
 If you choose not to select that option, ClearCloudDNS by Sunbelt allows
 you to use their DNS servers coupled with their malware databases which
 block websites known to contain malware. This gives you an additional
 layer of security without adding additional burden to your system

 If you use wireless connections in your home network, it is imperative
 that you encrypt the connection. Anyone within range of your wireless
 transmission could connect to your network and use it or capture your
 computing sessions.

WEP is no longer recommended. The FBI has demonstrated that WEP can be
 cracked in just a few minutes using software tools that are readily
 available over the Internet. Even a long random character password will
 not protect you with WEP. You should be using WPA or preferably WPA2
 encryption. Check with your wifi router manual to determine how to do

To encrypt your wifi, reset the wireless router to factory: press and
 hold reset 20 seconds. On the main computer connected by wire to the
 router, use any browser and go to to enter management page.
 The router's login password is usually on one of the "Administration"
 pages. The other settings are all found in the "Wireless" section of the
 router's setup pages, located at

Default login user names: Linksys BEFW11S4 or WRT54G= admin, Linksys
 EtherFast Cable/DSL Ethernet routers= Administrator, Linksys Comcast
 routers= comcast, All other Linksys routers= [none].

Default login passwords: Linksys BEFW11S4= [none], Linksys Comcast
 routers= 1234, All other Linksys routers= admin.

First, give your router a unique SSID. Don't use "linksys". Make sure
 "SSID Broadcast" is set to "enabled".

Next, leave the router at its default settings (except for the unique
 SSID), and then use a configured as above pc to connect wirelessly to the
 router. Test your wireless Internet connection and make sure it is
 working correctly. You must have a properly working wireless connection
 before setting up wireless security.

To implement wireless security, you need to do one step at a time, then
 verify that you can still connect your wireless computer to the router.

Next, select to encrypt your wireless system using the highest level of
 encryption that all of your wireless devices will support. Common
 encryption methods are: WEP - poor, WPA (sometimes called PSK, or WPA
 with TKIP) - good, WPA2 (sometimes called PSK2, or WPA with AES) - best.

WPA and WPA2 sometimes come in versions of "personal" and "enterprise".
 Most home users should use "personal". Also, if you have a choice between
 AES and TKIP, and your wireless equipment is capable of both, choose AES.
 With any encryption method, you will need to supply a key (sometimes
 called a "password" ).

The wireless devices (computers, printers, etc.) that you have will need
 to be set up with the SSID, encryption method, and key that matches what
 you entered in the router. Retest your system and verify that your
 wireless Internet connection is still working correctly.

And don't forget to give your router a new login password. Picking
 Passwords (keys): You should never use a dictionary word as a password.
 If you use a dictionary word as a password, even WPA2 can be cracked in a
 few minutes. When you pick your login password and encryption key (or
 password or passphrase) you should use a random combination of capital
 letters, small letters, numbers, and characters but no spaces. A login
 password, should be 12 characters or more. WPA and WPA2 passwords should
 be at least 24 characters. Note: Your key, password, or passphrase must
 not have any spaces in it.

Most home users should have their routers set so that "remote
 management" of the router is disabled. If you must have this option
 enabled, then your login password must be increased to a minumum of 24
 random characters.

One additional issue is that Windows XP requires a patch to run WPA2. Go
 to Microsoft Knowledge base, article ID=917021 and it will direct you to
 the patch. Sadly, the patch is not part of the automatic Windows XP
 updates, so lots of people are missing the patch.

Bear Bottoms
Security consultant

Re: BearWare false Security Plan

Quoted text here. Click to load it

Don't listen to the Bear Troll.  
He has no background in COMSEC, INFOSEC or IA.

Some of the information may be valid but much is old, incorrect or opinion.

Example:  Best Practices in wifi dictates you do NOT announce the SSID and
there is no such proas A-Squared any longer.

Please do visit 'sites of authority' and not a drug dealer as the Bear has
be caught at doing.


Site Timeline