Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Bear Bottoms
June 29, 2011, 4:06 pm
rate this thread
at presenting a better perspective and more comprehensive view on
security. If you want the links, go to my security page on BearWare. I am
not trying to present a dissertation on security...simply a guide for
people who may gain some more insight.
Any constructive criticizm is welcome.
BEARWARE SECURITY PLAN
A security plan that first covers recovery, and data protection is key.
Have a current image of your operating system and files. Backup your data
off-site regularly. Use an Anti-Keylogger. Have an Identity Theft Plan.
Have a financial transaction plan such as PayPal and MyProtect
(especially with Credit/Debit cards.) Anything truely sensitive, keep it
encrypted and off of your computer that is connected to the net.
Then use AV/AS/Firewall to help reduce the need (and time between) to
recover from malware and just about any of them are good enough or not
depending on your surfing habits and perspective as the bad guys are
always one step ahead.
Your computer being hosed beyond use is not the most important issue. An
image of your system easily remedies that. The issue is protecting
yourself from financial harm or sensitive data being discovered or lost.
Remember: There is no privacy on the Internet and you can only protect
yourself by not doing or divulging some things at all. Identity Theft and
Finacnial protection plans are crucial.
Some of the better identity protection companies are LifeLock, IDENTITY
GUARD, TrustedID, ID Watchdog, and Guard Dog ID. These are not free
however, but are important as identity theft is one of the most serious
and numerous threats today. Research the companies available and choose
one. Identity Theft Labs Top Ten Reviews TomUse.com
FINANCIAL TRANSACTION PLAN
Be sure all financial transactions are with trusted sites and an HTTPS
connection (secure web connection) such as https://website rather than
http://website. Also, secure web browser services are available. One such
new free service is very good: MyProtect. A history of MyProtect can be
Keyloggers are one of the more serious threats and a very good program to
DETECT AND PREVENT them is SpyShelter which uses special algorithms to
protect your data against Spy and monitoring software that are used to
steal or reveal your data to other parties such as extremely dangerous
and custom-made keyloggers. It actively scans when any spy program,
keylogger or trojan attempts to store your private information. It is
designed to be compatible with other well-known security products such as
anti-virus and firewall software. System protection (HIPS), Anti
keylogger, AntiScreenCapture, AntiClipboardCapture. Minimal resource
usage. It can be configured to launch an on screen keyboard when loging
into your system. A better on screen keyboard to use with SpyShelter or
anytime you type secure information is SafeKeys
IMAGING YOUR SYSTEM
The single most important aspect of a computer recovery is to be able to
re-image your computer easily. There is no silver bullet or suite of
software that can guarantee you will not become infected. There is no
guarantee or certain way to know that you will be able to clean all of
the malware if you become infected and even so, that process can actually
take longer than re-imaging your computer. Making an image of your system
is the fastest and best solution for hard drive failure or recovering
from malware infections. It is also something anyone can do easily
regardless of their level of technical knowledge.
Making an image (ISO) of your system can reduce complete restoration time
of your system to thirty minutes or less and it is very easy to do. This
is the best overall protection you can have. I cannot stress the
importance this enough.
First you should obtain an external hard drive and create backup folders
on that drive. (You can use CD/DVDs to copy your images to, however,
multiple CD/DVDs will be needed depending on how large your drive is.)
Before you make a restoration ISO, update your programs, run deep scans
with your antivirus and manual scanners, clean and defragment your
machine in order to get as clean an image as possible.
Download and install your backup imaging program. I recommend Macrium
Reflect. Create a boot CD and create your backup ISO and save it to your
external hard drive. To restore your image, boot to your boot CD, connect
your external hard drive, and follow the wizards.
Video1 showing how to create an ISO with Macrium Reflect, and Video2
showing how to restore an ISO with Macrium Reflect which was made about
one year ago though it is still current enough to provide you the
HowToGeek reviews how to use Macrium Reflect.
It is an easy process and I highly recommend to have a backup image of
your entire system which will make it painless to restage in the event of
a castastrophy. Also remember to make new images periodically when your
system changes significantly.
Tip: Keep the last few images you make as you may discover a corrupt
image or make a dirty image (system not clean when you make the image).
If you are not sure your system is clean, it may be worth the effort to
restage your computer, reload the Windows updates, reinstall your
programs, data files and settings and then make an image.
Tip: With Macrium Reflect, you can Browse or Explore an image by mounting
the image file in Windows Explorer. This makes the image appear as a
drive in Windows Explorer that you can access just like any other drive,
it is mounted with its own drive letter. The image is mounted as read
only. This means that you cannot change the contents of the mounted drive
but you can copy files from the mounted Image in Windows Explorer to your
PC. You can also open files (such as WORD documents) by double clicking.
To mount the image, right click on the Image file in Windows Explorer and
select 'Explore Image.' Select the partition from your Image you wish to
view. Your Image will be displayed in Windows Explorer with its own drive
Sometimes it may become necessary to restage your computer due to malware
or other system problems. This can be an extremely time consuming
process, first reinstalling your operating system software from system
disks or restaging software from your manufacturer's image housed on your
hard drive, then reinstalling your Windows updates, programs, data and
settings. I will never buy a computer without actual System restoration
software availabe on CD/DVDs as hard drives fail and this may be your
only and last resort to recovery.
BACKING UP YOUR DATA
Ask yourself "If I restored the last image I made of my system, would I
be satisfied?" and if the answer is no, make a new image. It only takes
about 30 minutes. In between images, use backup software like
FreeFileSync routinely to sync your data files to your external hard
drive. This will help make reverting to your last image more painless if
you ever have to do so as those backed-up data files you changed since
the last image can be copied back to your system after you load your
Your important data should also be backed-up offsite or online though
some use 'fireproof containers" which could still be stolen or receive
There are a lot of anti-malware programs that are very good and it is
difficult to choose an adequate 'suite' without over-burdoning your
computer or creating multitudes of annoying notices. I prefer the best
protection with the least amount of noise. The minimal Windows process I
recommend (all free) is as follows (this will be updated as this dynamic
environment changes.) If you wish to use more, by all means do. I do not
find the need for additional anti-spyware programs or other security
programs with the following process.
ANTIVIRUS, ANTISPYWARE AND FIREWALL SUITE
COMODO Internet Security Premium v5, the latest major release of the
product, was released on 14 September 2010. Version 5 has a new user
interface theme and with the updates/improvements, it has positioned
itself as the top free contender in this dynamic environment and likely
the best all around security protection of any free or even many paid
COMODO Internet Security Premium features a new user interface theme,
application sandboxing, reduced pop-up alerts and the ability to easily
take system snapshots or create restore points, antivirus with heuristics
engine built in, firewall with outbound and inbound protection, memory
firewall protecting against buffer overflow, HIPS (Defense+), Online
Cloud Scanner and behavior analysis, spyware scanner, improved malware
cleaning, and game mode. CIS is my current choice for best free anti-
virus, anti-spyware and firewall suite.
Sure there is a Pro version, but functionality is the same as the free
version though additionally you get TrustConnect which offers protection
from Internet threats regardless of where the computer is being used or
how the computer is connected, and Hands-on Support (Apart from the usual
24x7 product support, there are other services like remote virus removal,
wifi security, remote installation and PC tune-ups for a sluggish
machine.) While $40 a year isn't bad for those two additional services,
unless you really want/need them, they aren't significant enough to
warrent the cost.
Wikipedia has a good overview of CIS v5.
Languy99 has recently posted a video review of CIS v5 which is worth
Languy99 Part1 has recently posted a video comparison of AntiVir, AVAST,
Comodo, and Panda which is worth watching.
Languy99 Part2 comparison of AntiVir, AVAST, Comodo, and Panda which is
I equally recommend Microsoft Security Essentials antivirus coupled with
DriveSentryFree as an alternative to Comodo Internet Security. MSE
includes Windows Defender and is an effective alternative along with
DriveSentry, which is one of the better HIPs antimalware prevention tools
available. It is virtually airtight against malware. Its only Achilles
heel it asks you the first time most things run or trigger if you want to
allow or deny, and then remembers your answer. One wrong answer from an
and it lets the malware through. Users can just click "DENY" by default
if they are unsure, and then google the flagged item to see if they want
to go back and allow it. So as long as you do that, DriveSentry is about
the best you can get for PC protection. The free Desktop version requires
manual updating, no trickle feed automatic updates. It does not conflict
with Microsoft Security Essentials. If you wish an alternative to
Microsoft Security Essentials, AVAST, AntiVir, and Rising AntiVirus are
also good though I have not tested their compatibility with DriveSentry.
Languy99 performed a recent review of the new version of DriveSentryFree
Windows firewall is good enough, but if you want more control though much
noisier, use Comodo Firewall (without the antivirus) or Online Armor's
Firewall instead of Windows firewall.
ROUTINE MALWARE MANUAL SCANS
Perform routine manual scans periodically with Superantispyware Portable,
Malwarebytes, Dr.Web CureIt and A-Squared (Install the full version of
A2...after the installation, it will give you several options....choose
the free scanner only option then on the next screen, deselect the
privacy and online update options. When you run the program, it will ask
if you want to update. A2 takes a long time to run.
To check for and clean rootkit infections run a scan with Sophos Anti-
If you think you are infected, perform a deep scan with your anti-virus
and then with the above manual scanners. If you are infected which is
causing management issues in normal mode, you can try to clean these
infections with the above scanners by booting your system into SAFE-MODE
(without networking) by re-booting and pressing F8 during boot. Sometimes
malware will prevent these programs from running and a good trick to use
is rename the executable file.
If none of that works for you, try the Avira AntiVir Rescue System which
is a Linux-based application that allows accessing computers that cannot
be booted anymore or other preventions. Thus it is possible to repair a
damaged system, rescue data, or scan the system for virus infections.
Just download, then double-click on the rescue system package to burn it
to a CD/DVD. You can then use this CD/DVD to boot your computer and use
it's tools. The Avira AntiVir Rescue System is updated several times a
day so that the most recent security updates are always available. Then
you should be able to continue cleaning with your anti-virus and the
manual scanners, OR use the backup Image you made with Macrium Reflect
and restore your computer to the last image you made. You must however,
boot with the Macrium Reflect boot CD to restore your image.
PASSWORD AND FORM MANAGEMENT
LastPass is the most secure solution for encrypted automated password
management, and form filler. There is also nothing easier to use to
manage your passwords with as many features.
Comodo Internet Security includes an option for a more secure DNS proxy.
If you choose not to select that option, ClearCloudDNS by Sunbelt allows
you to use their DNS servers coupled with their malware databases which
block websites known to contain malware. This gives you an additional
layer of security without adding additional burden to your system
If you use wireless connections in your home network, it is imperative
that you encrypt the connection. Anyone within range of your wireless
transmission could connect to your network and use it or capture your
WEP is no longer recommended. The FBI has demonstrated that WEP can be
cracked in just a few minutes using software tools that are readily
available over the Internet. Even a long random character password will
not protect you with WEP. You should be using WPA or preferably WPA2
encryption. Check with your wifi router manual to determine how to do
To encrypt your wifi, reset the wireless router to factory: press and
hold reset 20 seconds. On the main computer connected by wire to the
router, use any browser and go to 192.168.1.1 to enter management page.
The router's login password is usually on one of the "Administration"
pages. The other settings are all found in the "Wireless" section of the
router's setup pages, located at 192.168.1.1.
Default login user names: Linksys BEFW11S4 or WRT54G= admin, Linksys
EtherFast Cable/DSL Ethernet routers= Administrator, Linksys Comcast
routers= comcast, All other Linksys routers= [none].
Default login passwords: Linksys BEFW11S4= [none], Linksys Comcast
routers= 1234, All other Linksys routers= admin.
First, give your router a unique SSID. Don't use "linksys". Make sure
"SSID Broadcast" is set to "enabled".
Next, leave the router at its default settings (except for the unique
SSID), and then use a configured as above pc to connect wirelessly to the
router. Test your wireless Internet connection and make sure it is
working correctly. You must have a properly working wireless connection
before setting up wireless security.
To implement wireless security, you need to do one step at a time, then
verify that you can still connect your wireless computer to the router.
Next, select to encrypt your wireless system using the highest level of
encryption that all of your wireless devices will support. Common
encryption methods are: WEP - poor, WPA (sometimes called PSK, or WPA
with TKIP) - good, WPA2 (sometimes called PSK2, or WPA with AES) - best.
WPA and WPA2 sometimes come in versions of "personal" and "enterprise".
Most home users should use "personal". Also, if you have a choice between
AES and TKIP, and your wireless equipment is capable of both, choose AES.
With any encryption method, you will need to supply a key (sometimes
called a "password" ).
The wireless devices (computers, printers, etc.) that you have will need
to be set up with the SSID, encryption method, and key that matches what
you entered in the router. Retest your system and verify that your
wireless Internet connection is still working correctly.
And don't forget to give your router a new login password. Picking
Passwords (keys): You should never use a dictionary word as a password.
If you use a dictionary word as a password, even WPA2 can be cracked in a
few minutes. When you pick your login password and encryption key (or
password or passphrase) you should use a random combination of capital
letters, small letters, numbers, and characters but no spaces. A login
password, should be 12 characters or more. WPA and WPA2 passwords should
be at least 24 characters. Note: Your key, password, or passphrase must
not have any spaces in it.
Most home users should have their routers set so that "remote
management" of the router is disabled. If you must have this option
enabled, then your login password must be increased to a minumum of 24
One additional issue is that Windows XP requires a patch to run WPA2. Go
to Microsoft Knowledge base, article ID=917021 and it will direct you to
the patch. Sadly, the patch is not part of the automatic Windows XP
updates, so lots of people are missing the patch.
Re: BearWare false Security Plan
Don't listen to the Bear Troll.
He has no background in COMSEC, INFOSEC or IA.
Some of the information may be valid but much is old, incorrect or opinion.
Example: Best Practices in wifi dictates you do NOT announce the SSID and
there is no such proas A-Squared any longer.
Please do visit 'sites of authority' and not a drug dealer as the Bear has
be caught at doing.