[UPDATE] BearWare Comprehensive Security Plan

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
There has been some ignorance on display in this group so I have updated
my security recommendations.

A security plan that first covers recovery, and data protection is key.
Have a current image of your operating system and files. Backup your
data off-site regularly. Use a Anti-Keylogger. Have a Identity Theft
Plan. Have a financial transaction plan such as PayPal or MyProtect
(especially with Credit/Debit cards.) Anything truely sensitive, keep it
encrypted and/or off of your computer that is connected to the net.

Then use AV/AS/Firewall to help reduce the need (and time between) to
recover from malware. Just about any of the top free ones are good
enough. Just remember, the bad guys are always one step ahead. No silver

Your computer being hosed beyond use is not the most important issue. An
image of your system easily remedies that. The issue is protecting
yourself from financial harm or sensitive data being discovered or data


Remember: There is no privacy on the Internet and you can only protect
yourself by not doing or divulging some things at all. Identity Theft
and Financial protection plans are crucial.


Some of the better identity protection companies are LifeLock, IDENTITY
GUARD, TrustedID, ID Watchdog, and Guard Dog ID. These are not free
however, but are important as identity theft is one of the most serious
and numerous threats today. Research the companies available and choose
one. Identity Theft Labs  Top Ten Reviews  TomUse.com
http://www.identitytheftlabs.com /
http://identity-theft-protection-services-review.toptenreviews.com /
http://tomuse.com/identity-theft-protection-service-review-compare /


Be sure all financial transactions are with trusted sites and an HTTPS
connection (secure web connection) such as https://website rather than
http://website. Also, secure web browser services are available. One
such new free service is very good: MyProtect. A history of MyProtect
can be found here.
http://www.quaresso.com/index.php?/myprotect /


Keyloggers are one of the more serious threats and a very good program
to DETECT AND PREVENT them is SpyShelter which uses special algorithms
to protect your data against Spy and monitoring software that are used
to steal or reveal your data to other parties such as extremely
dangerous and custom-made keyloggers. It actively scans when any spy
program, keylogger or trojan attempts to store your private information.
It is designed to be compatible with other well-known security products
such as anti-virus and firewall software. System protection (HIPS), Anti
keylogger, AntiScreenCapture, and AntiClipboardCapture. Minimal resource
usage. It can be configured to launch an on screen keyboard when logging
into your system. A better on screen keyboard to use with SpyShelter or
anytime you type secure information is SafeKeys


Imaging your system is the single most important thing anyone who owns a
computer should do.

The single most important aspect of a computer recovery is to be able to
restore your computer easily. There is no silver bullet or suite of
software that can guarantee you will not become infected. There is no
guarantee or certain way to know that you will be able to clean all of
the malware if you become infected and even so, that process can
actually take longer than re-imaging your computer. Making an image of
your system is the fastest and best solution for hard drive failure or
recovering from malware infections. It is also something anyone can do
easily regardless of their level of technical knowledge.

The act of restoring an image, completely erases the contents of your
hardrive/partition and rewrites the entire contents of the image. If
this image is an image of your active partition (partition on a hard
drive set as the bootable partition and contains the operating system -
usually c:/) it will completely restore your system as it was at the
time you made your image. Making an image of your system can reduce
complete system restoration time to thirty minutes or less and it is
very easy to do. You will not need operating system or factory
restoration disks, or computer manufacturer restoration features to
restage your computer - simply restore the image. This is the best
overall protection you can have. I cannot stress the importance of this

First you should obtain an external hard drive and create backup folders
on that drive. (You can use CD/DVDs to copy your images to, however,
multiple CD/DVDs will be needed and how many depends on how large your
drive is.) Before you make a restoration image, update your programs,
run deep scans with your antivirus and manual scanners, clean and
defragment your machine in order to get as clean an image as possible.
http://www.ccleaner.com /

Download and install your backup imaging program. I recommend Macrium
Reflect. Macrium Reflect on first run prompts you to create a boot CD.
Insert a blank CD and make one. Next, create your backup image and save
it to your external hard drive. To restore your image, place the Macrium
Reflect boot CD in your CD drive and restart. Then connect your external
hard drive, and follow the wizards. It is that simple.

Video1 showing how to create an image with Macrium Reflect, and Video2
showing how to restore an image with Macrium Reflect which was made
about one year ago though it is still current enough to provide you the
necessary information.

HowToGeek reviews how to use Macrium Reflect.
http://www.howtogeek.com/howto/7363/macrium-reflect-is-a-free-and-easy-to -

Tutorials by Macrium Reflect.

It is an easy process and I highly recommend to have a backup image of
your entire system which will make it painless to restore your operating
system to the last clean image you made in the event of a castastrophy.
Also remember to make new images periodically when your system changes

Tip: Keep the last few images you make as you may discover a corrupt
image or make a dirty image (system not clean when you make the image).

Tip: If you are not sure your system is clean, it may be worth the
effort to restage your computer with your factory restoration CDs or on
hard drive restoration factory images, reload the Windows updates,
reinstall your programs, data files and settings and then make an image.
This may take a long time, but it is worth having an image of your
computer in a pristine state. Just image your system before you restage
so you have access to files etc. after your restage.

Tip: With Macrium Reflect, you can Browse or Explore an image by
mounting the image file in Windows Explorer. This makes the image appear
as a drive in Windows Explorer that you can access just like any other
drive and has its own drive letter. With Marium Reflect, the image is
mounted as read only. This means that you cannot change the contents of
image but you can copy files from the mounted image in Windows Explorer
to your PC. You can also open files (such as WORD documents) by double
clicking. To mount the image, right click on the image file in Windows
Explorer and select 'Explore Image.' Select the partition from your
image you wish to view. Your image partition will be displayed in
Windows Explorer with its own drive letter with all of the files and
folders that were on your computer when you made the image.


Ask yourself "If I restored the last image I made of my system, would I
be satisfied?" and if the answer is no, make a new image. It only takes
about 30 minutes.

My preferred choice of protecting my data files in between images, is to
use SugarSync, DropBox and Google Docs. All of my datafiles are kept on
either of those sites. I use SugarSync to sync MyDocuments folder, any
files in my Dropbox folder are sync'd realtime to my free Dropbox online
storage, and my Google Docs are accessed via my browser and reside on my
Google Docs free online storage. Therefore there is no need for me to
make incremental backups of my data files between images.
http://www.sugarsync.com /
http://www.dropbox.com /
http://docs.google.com /

If you choose not to use such services or such isn't suitable for your
needs, use backup software between images like FreeFileSync routinely to
sync your data files to a different folder than your Macrium Reflect
folder on your external hard drive. This will help make reverting to
your last image more painless if you ever have to do so as those
backed-up data files you changed since the last image can be copied back
to your system after you load your image. Just remember, most are not
realtime backups.

Your important data should be backed-up offsite or online, though some
people use 'fireproof containers" which could still become lost, stolen
or receive damage.


There are a lot of anti-malware programs that are very good and it is
difficult to choose an adequate 'suite' without over-burdoning your
computer or creating multitudes of annoying notices and still get decent
protection. I prefer a balance of the best protection with the least
amount of noise and configuration. The minimal Windows process I
recommend (all free) is as follows (this will be updated as this dynamic
environment changes.) If you wish to use more, by all means do.

I do not find the need for additional anti-spyware programs or other
security programs with the following setups. Just remember, no matter
what security products you use, none can guarantee you will not become
infected and all of them allow some types of malware through. People who
claim they never get infected are both lucky and use very conservative
safe hex practices. They will still get an infection at some time...the
odds are against them.

COMODO Internet Security Premium, has positioned itself as the top free
contender in this dynamic environment and likely the best all around
security protection of any free or even many paid options.

COMODO Internet Security Premium features a new user interface theme,
application sandboxing, reduced pop-up alerts and the ability to easily
take system snapshots or create restore points, antivirus with
heuristics engine built in, firewall with outbound and inbound
protection, system memory firewall protecting against buffer overflow,
HIPS (Defense+), Online Cloud Scanner and behavior analysis, spyware
scanner, improved malware cleaning, and game mode. CIS is my current
choice for best free anti-virus, anti-spyware and firewall suite.

Sure there is a Pro version, but functionality is the same as the free
version though additionally you get TrustConnect which offers protection
from Internet threats regardless of where the computer is being used or
how the computer is connected, and Hands-on Support (Apart from the
usual 24x7 product support, there are other services like remote virus
removal, wifi security, remote installation and PC tune-ups for a
sluggish machine.) While $40 a year isn't bad for those two additional
services, unless you really want/need them, they aren't significant
enough to warrent the cost. After all, you do have your operating system
image now.


I equally recommend Panda Cloud Antivirus Beta antivirus coupled with
ThreatFire and SpyShelter with the Windows Firewall as an alternative to
Comodo Internet Security. Panda Cloud Antivirus Beta is an effective
alternative along with ThreatFire and SpyShelter which do not rely on
signatures, but instead constantly analyzes your computer's behavior to
detect and block any unknown malicious activity.
http://blog.cloudantivirus.com/cloud/beta /
http://www.threatfire.com /

An alternative to Panda Cloud Antivirus Beta, AVAST, or AntiVir are also
good choices.
http://www.free-av.com /


Windows firewall is good enough, but if you want more control though
much noisier, use Comodo Firewall (without the antivirus) or Panda Cloud
Antivirus (remember to remove any other antivirus software) instead of
Windows firewall.
http://blog.cloudantivirus.com/cloud/beta /


Vulnerable and out-dated programs and plug-ins expose your PC to
attacks. Attacks exploiting vulnerable programs and plug-ins are rarely
blocked by traditional anti-virus and are therefore increasingly
"popular" among criminals. The only solution to block these kind of
attacks is to apply security updates, commonly referred to as patches.
Patches are offered free-of-charge by most software vendors, however,
finding all these patches is a tedious and time consuming task. I
recommend Secunia PSI as it automates these necessary updates and alerts
you when your programs and plug-ins require updating to stay secure.
http://secunia.com/vulnerability_scanning/personal /


Perform routine manual scans periodically with Superantispyware
Portable, Malwarebytes, Dr.Web CureIt and Emsisoft Anti-Malware (Install
the full version of Emsisoft Anti-Malware...after the installation, it
will give you several options....choose the free scanner only option
then on the next screen, deselect the privacy and online update options.
When you run the program, it will ask if you want to update. Emsisoft
Anti-Malware takes a long time to scan your system, but it is thorough.
http://www.malwarebytes.org /
http://www.freedrweb.com/cureit /
http://www.emsisoft.com/en/software/free /

To check for and clean rootkit infections run a scan with Gmer
Anti-Rootkit and let it walk you through removal if it finds any rootkits.
http://www.gmer.net /


If you think you are infected, perform a deep scan with your anti-virus
and then with the above manual scanners. If you are infected which is
causing management issues in normal mode, you can try to clean these
infections with the above scanners by booting your system into SAFE-MODE
(without networking) by re-booting and pressing F8 during boot and be
sure to use safe-mode without networking.

Tip: Sometimes malware will prevent these programs from running and a
good trick is to rename the executable file before running it.


SARDU (Shardana Antivirus Rescue Disk Utility) can build one multiboot
support CD, DVD or a USB device. The disk or USB device may include
comprehensive collections of "antivirus rescue cd", collections of
utilities, popular distributions of Linux Live, the best known Windows
PE , recovery disks and Install of Windows XP , Windows Vista and
Windows Seven. All you need for troubleshooting. SARDU does include a
few utilities, but is primarily a tool for managing the software (ISO
image files) that you download from other companies and developers,
which can be also done with this tool.
http://www.sarducd.it /

Video Example by Mr Izos


Video Example by Languy99 in three parts (older version of SARDU but
shows you how to use it.)
VIDEO 1rst part


VIDEO 2nd part


VIDEO 3rd part


There is no antimalware program(s) that is bullet proof...therefore more
important to have real time back up of your data and portable programs,
and a very current image of your system. Why...because *when* you become
infected, it takes more time to try to clean than re-image, and you can
never be certain you've cleaned it all. If you do not have such a plan,
SARDU is the best type of approach to cleaning. Trying to use programs
to clean your system while your system is booted is definitely a crap shoot.

If you have such a recovery plan, just about any decent anti-malware
program could be used. I mean it's not like any of them are bullet proof
so it's a crap shoot. You might have the best AV in the world and happen
across the one malware that defeats it...bang. You might use the worst
and never come across malware that defeats it. It's a crap shoot.

Tip: If you are so heavily infected requiring rescue CD's, it is much
faster and reliable to use the backup Image you made with Macrium
Reflect and restore your computer to the last image you made in 30
minutes or less. You must however, boot with the Macrium Reflect boot CD
to restore your image.


LastPass is the most secure solution for encrypted automated password
management, and form filler. There is also nothing easier to use to
manage your passwords with as many features although some folks prefer
computer based programs such as KeePass.
https://lastpass.com /

Steve Gibson, reknowned security expert, reviews LastPass in depth in a
podcast. Here is a text transcription of that podcast.


Google Public DNS allows you to use Google's DNS servers coupled with
their malware databases which block websites known to contain malware.
This gives you an additional layer of security without adding additional
burden to your system resources. It is also faster and has more valid
results than your ISP's. Look up how to change your DNS settings for
your particular operating system.


If you use wireless connections in your home network, it is imperative
that you encrypt the connection. Anyone within range of your wireless
transmission could connect to your network and use it or capture your
computing sessions.

WEP is no longer recommended. The FBI has demonstrated that WEP can be
cracked in just a few minutes using software tools that are readily
available over the Internet. Even a long random character password will
not protect you with WEP. You should be using WPA or preferably WPA2
encryption. Check with your wifi router manual to determine how to do this.

To encrypt your wifi, reset the wireless router to factory: press and
hold reset 20 seconds. On the main computer connected by wire to the
router, use any browser and go to to enter management page.
The router's login password is usually on one of the "Administration"
pages. The other settings are all found in the "Wireless" section of the
router's setup pages, located at

Linksys BEFW11S4 or WRT54G= admin
Linksys EtherFast Cable/DSL Ethernet routers= Administrator
Linksys Comcast routers= comcast
All other Linksys routers= [none].

Linksys BEFW11S4= [none]
Linksys Comcast routers= 1234
All other Linksys routers= admin.

First, give your router a unique SSID. Don't use "linksys". Make sure
"SSID Broadcast" is set to "disabled".

MAC Authentication should be applied.

Next, leave the router at its default settings (except for the unique
SSID), and then use a configured as above pc to connect wirelessly to
the router. Test your wireless Internet connection and make sure it is
working correctly. You must have a properly working wireless connection
before setting up wireless security.

To implement wireless security, you need to do one step at a time, then
verify that you can still connect your wireless computer to the router.

Next, select to encrypt your wireless system using the highest level of
encryption that all of your wireless devices will support. Common
encryption methods are:
WEP - poor
WPA (sometimes called PSK, or WPA with TKIP) - good
WPA2 (sometimes called PSK2, or WPA with AES) - best.

WPA and WPA2 sometimes come in versions of "personal" and "enterprise".
Most home users should use "personal". Also, if you have a choice
between AES and TKIP, and your wireless equipment is capable of both,
choose AES. With any encryption method, you will need to supply a key
(sometimes called a "password" ).

The wireless devices (computers, printers, etc.) that you have will need
to be set up with the SSID, encryption method, and key that matches what
you entered in the router. Retest your system and verify that your
wireless Internet connection is still working correctly.

And don't forget to give your router a new login password. Picking
Passwords (keys): You should never use a dictionary word as a password.
If you use a dictionary word as a password, even WPA2 can be cracked in
a few minutes. When you pick your login password and encryption key (or
password or passphrase) you should use a random coMBination of capital
letters, small letters, nuMBers, and characters but no spaces. A login
password, should be 12 characters or more. WPA and WPA2 passwords should
be at least 24 characters. Note: Your key, password, or passphrase must
not have any spaces in it.

Most home users should have their routers set so that "remote
management" of the router is disabled. If you must have this option
enabled, then your login password must be increased to a minumum of 24
random characters.

One additional issue is that Windows XP requires a patch to run WPA2. Go
to Microsoft Knowledge base, article ID=917021 and it will direct you to
the patch. Sadly, the patch is not part of the automatic Windows XP
updates, so lots of people are missing the patch.

A wireless Router with a Full FireWall implementation is best. Then only
the operating system's stock FireWall is needed and the LAN nodes will
have more resources available. A Router FireWall is stronger and more
secure than a software firewall.


If you believe you are infected and want on-line help (if you can go
on-line), go to one of the free tech support forums listed in my Tech
Support Section (I prefer TechSupportGuy,) post your issue and let them
walk you through cleaning. However, RESTORING THE LAST CLEAN IMAGE of
your computer is the surest and fastest solution.
http://www.techguy.org /


At the very minimum, keep a current clean image of your computer and use
AV/AS/Firewall software. Restore the image if you get into trouble.


Bear Bottoms, security consultant

Re: [UPDATE] BearWare Comprehensive Security Plan

On 9/10/11 1:57 PM, Bear Bottoms wrote:
Quoted text here. Click to load it

Bwahahahahaha, that right there is funny.


The system will be down for 10 days for preventive maintenance.

Re: [UPDATE] BearWare Comprehensive Security Plan

Quoted text here. Click to load it


Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk

Site Timeline