Must-Haves for safely cruising the Internet

If you want to be on the Internet and don't want to pick up a bunch of viruses and trojans and spyware, there are a few things that can make your ride a lot safer.

1. I assume you're running Norton's Antivirus. I don't care for Symantec's other products but this one is all right. At $50, it was too expensive for me, so I went to half.com and bought a copy of it for $15 (including shipping!) and it comes with a full year (from time of purchase and registration) of upgrades! Sweet!

2. But Norton's won't catch everything! You're best off combining it's protection with that of the FREE Grisoft AVG. Get it here:
http://free.grisoft.com/freeweb.php/doc/1/

3. Get rid of MS Explorer. It's badly written, has horrid security, and is bloated and slow, and it benefits only the greedy Bill Gates and co. You don't have to uninstall it. Just park it somewhere and use *only* in case of dire need.

4. Replace MS Exploder with Mozilla FIREFOX. Download Firefox 1.0 here: http://www.mozilla.org/ It's much more secure, faster, stops popups, and does a whole bunch of other things automagically. It's FREE and open-source (to which I'm very partial from a philosphical standpoint but I digress...). And don't worry about the 1.0: Firefox has been in pre-release for a while and it's tested in the field by more geeks than anything other browser out there.

5. Download and install SPYWAREBLASTER from http://www.javacoolsoftware.com/spywareblaster.html
This FREE thingy will protect you from spyware, domain hijackers, and other vermin.

6. Also, while you're there get the (free) Windows Media Player scripting fix from http://www.javacoolsoftware.com/wmpscriptingfix.html
This has become a popular route of infection recently!

7. Download and install the FREE AdAware from http://www.lavasoft.com/. This will detect and remove spyware.

8. Download and install the FREE SpyBot Search & Destroy from
http://www.safer-networking.org/en/home/index.html

This *combined with AdAware* should cover most bases. Either product alone with leave holes.

9. Download and install the FREE RegistryProt. It's tiny and unobtrusive and firt-simple but it adds an extra layer of security to your system. It lets you know whenever something is trying to change your registry.

Like when you're installing a new program, RegistryProt may holler that someone is trying to change the registry. But since it's you, it's ok, and you can say OK. But if you're just surfing about and out of the blue RegistryProt hollers at you, you know something other than you is trying to alter the registry and you can tell it NO!

You may still need to do some other cleanup but it can save you a lot of trouble!

Download RegistryProt here: http://www.diamondcs.com.au/index.php?page=regprot

Btw, this place has some of the nicest software. If you're a geek, you may just fall in love with their toys!

10. If you want to check whether something is logging what you do on your PC, check out the FREE keylogging detector KL Detector at
http://dewasoft.com/privacy/kldetector.htm

11. And if you're not sure whether you've been hijacked or not, download the FREE HijackThis from
http://www.spywareinfo.com/~merijn/downloads.html
Note: If you use a hosts file, those entries will be detected by HijackThis but just ignore those, obviously.

12. STAY UP-TO-DATE! If you already have any of these installed, make sure you periodically check that you have the LATEST VERSION....

For future reading, check out http://www.spywareinfo.com/downloads.php?cat=av#av
This site is excellent!

Don't take the risk! It's a cruel world out there and nobody's going to cry about your stolen passwords except you....

Take care!

Angry Girl
nightweed.com

The only thing I'd add is the free anti-virus software from Grisoft, AVG.
Also, pick up the Mozilla email client, Thunderbird, and stop using Outlook.

Cletus

Thank you! and #2 did mentioned Grisoft's AVG... :-)

But, yes, you're right! GET RID OF OUTLOOK! It's THE most targetted mailer out there!

How do you like Tbird? I personally use Pegasus Mail, a free and very powerful mailer (available at http://www.pmail.com) but if Tbird integrates nicely with Firefox I may considering changing....


Cheers!
Angry Girl
nightweed.com

How do you like Tbird? I personally use Pegasus Mail,
Heh... I used Pegasus Mail at work first, then at home until I found Thunderbird.

I like it alot... I can collect email from all my POP accounts and it has a newsgroup function as well.
Plus you get plugins and themes like Firebird.

Cletus

I agree with everything you said except for that resource hog Norton. I have had that and I would never pay money for that software again. There are free programs that do a better job. And they do not drive you nuts telling you about all the false positives that make you think you are being attacked by the Hack the World group. But then again it gives the computer user a reason to keep buying it once a year...No Thanks

Norton's Antivirus is ok. Not very slim but you're paying for their expertise in the field too, which is definitely up there.

But their other products, like the bloated Internet Security or whatever they call their neurotic firewall, are horrible, agreed!

Angry Girl
nightweed.com

Make sure your operating system is up-to-date with the latest patches!

You'd be amazed how FEW people are up-to-date!

If you're on WinXP, make sure you have all of their latest 9900 patches.... EXCEPT SP2! I'm not going to install SP2 until Microsoft gets it right, maybe next year.

In the meantime, if you're WinXP is up-to-date but you haven't installed SP2, download and install this small IFRAMES patch:

http://www.majorgeeks.com/download.php?det=4412

Angry Girl
nightweed.com

I've done it twice.

Zone Alarm is the best firewall out there ... and it's free!!!

http://zonelabs.com/


Bazooka is a Spyware program that catches everything the SpyBot and Ad-Aware miss. You have to manually remove the spyware yourself, but it gives you instructions on how to. It's free.

http://www.kephyr.com/spywarescanner/index.html?source=appvisit


Peer Guardian blocks a big list of ip addresses from your computer, originally it was designed to block the RIAA when you were on a file sharing program. Now it blocks a lot of other bad people. It's a must if you're file sharing, but it's still good even if you're not. Leave it running on your computer for a day, and just look at the list it blocked. Not only that it's free - AND OPEN SOURCE!

http://methlabs.org/

Don't rely on WinXP's built-in firewall. It's crap.

I've heard that ZoneAlarm is very good too but I've also seen quite a few postings where ZoneAlarm interferes with other software, so if you're the kind of person who's always checking out new software, ZoneAlarm may not be your best choice.

A few other excellent FREE firewalls are

- SoftPerfect Personal Firewall
http://www.softperfect.com/

- Sysgate Personal Firewall
http://soho.sygate.com/products/spf_standard.htm

- Kerio Personal Firewall
http://www.kerio.com/kpf_home.html

You can read short descriptions about these and ZoneAlarm's Firewall at my favorite freeware site of all time: Nonags.com. Here's the Chicago mirror link:
http://www.tusafe.com/nonags/security.html

Almost every virus maker out there knows exactly how to screw Norton up, and they haven't rewritten their program yet to change this. I've given up on them until they completely change it- Norton NOW is like McAfee USED TO BE. Ironic, since I've switched back to McAfee as a better program.

Caveat: I use McAfee Enterprise V8, which is rather expensive for the home consumer. However, it catches joke programs, spyware, and all kinds of trojans that Norton misses. Its On-Access Scan is VERY good for infected web sites! I assume their consumer version looks for much of the same stuff.

If you are servicing a computer, the first sign you look for if a reasonably up to date Norton is installed is, is it active at bootup? If not, the computer is contaminated.

Sometimes it catches things Norton doesn't.

http://housecall.trendmicro.com/

I dl the extension, but the housecall window tells me the scan only workds with IE.

Suggestions?

Port 5000 at http://www.grc.com/default.htm Gibson Research. It scans for open ports and offers closure for the open shit. I don't do p2p or gaming, so this is pretty cool for me.
My system is fairly unstable. I have not installed SP2, but I don't use IE.

I have ZA Pro4. When I tried to update to Pro5, it totally screwed a bunch of my .dll files, which took me three days to figure out and restore (I am a n00b, pretty much). As always, ZA disavows any knowledge of this activity. Except 3 weeks after. In a group email. They offered a second try. I still haven't gotten up the guts to try again. I have so much trouble with ZA. They always deny it's them.

The settings on my NAV changed themselves (quit its scheduled scan). My Adaware uninstalled itself. I just got knocked of the internet the other night by NAV and ZA getting their collective undies in a bundle.

My MMJB quit working. No prob, but I'd like to get some music files outta there.

Thanks for your post, Angry Girl:). I know how you feel! x(

I mostly run in FreeBSD, but any non-Windoze OS will remove most of
your pain. I realize this is not for everyone.

When I do run in Windoze I use Zone Alarm (basic), a popup stopper,
and Netscape. I also use Mozilla, and Firefox is not doubt excellent
too. I make sure ALL file and printer shares are off. If you have
broadband (DSL or Cable) a router can offer firewall capabilities,
something like what ZA does, managed through a web interface, and
allows you to share your connection if you have more than one machine.

Most problems on Windoze machines exploit MS Outlook, Internet Explorer,
or open File/Printer shares. Remove those, and 99.9% of your problems
are gone.

surfing needs?

Only use Windows if I have to.

Virus free since 1995. Linux and Mac in this house.

If you run off the CD, only mount scratch/memory filesystems
for disk storage, and surf as an unprivileged user, you
should be more or less invulnerable to any permanent damage.

One can think of complicated scenarios where some "hacker" takes
control of such a machine through a sophisticated exploit, mounts
something important, and manages to damage it, but I would feel
safe enough. Such a scenario requires detailed foreknowledge of file
structure and taking control of a privileged process or attaining
root privilege for the brower from an unprivileged state, all
most unlikely things.

Old, no longer important machines are also good browsing sandboxes.
If nothing important is exposed to the net, nothing important can
be damaged by attacks.

My practical experience has been that if you have NO OPEN PORTS,
use a non-Windoze browser, and DO NOT USE MS OUTLOOK, you are safe
enough unless someone really sophisticated and with resources takes
an interest in you.

burned. Robert X Cringley has advocated ditching IE for a long time, saying it cut your chances of infection by about 90%. Plus IE doesn't have tabbed browsing.

I am now a confirmed 'Nix user. I would never willingly use Windows. Apple going UNIX was a brilliant move in my opinion.

I'll have to come back and sort through it all. Happily, I've got some of this already -- but lots more I don't have. Thanks AG!!

several months ago, plus I am running Zone Alarm even though I am on a dial up connection. I run AdAware, Spybot, and A Squared every 2 weeks and all they find is the occasional cookie. The biggest help is Firefox. With no Active X, no more spyware.

I got nailed by a Trojan Horse yesterday, and I have the latest Norton, too.

After seeing your list, I added Spybot, AdAware, and SPYWAREBLASTER.

I also use Google tool bar with popup blocker on.

and I still get an occasional popup ad.

I have to stick with XP and IE with ActiveX due to my job.

What else to do?

RL

but would add one more:

IE-SPYAID/SPYAID2

http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

I work in IT and have seen computers with 5000+ pieces of malware.

Angry Girl - thanks for spreading the word. Also avoid programs like Weatherbug and others that are known to be infected.

I like programs from sources like Sourceforge because GPL programs are unlikely to be infected. Many free pieces of software, unless explicitly released under the GPL or a similar licence are likely to have spyware. Be carefull and read the End User Licence Agreement.

You can catch a nasty unless you turn off the preview pane. Unfortunately, it is set to ON by default.

To turn off the preview pane in OE go to the Menu bar (the text bar across the top of the screen with File, Edit on it) and click on View. On the drop down menu that appears select the word Layout. This opens a new screen. This window has two sections. In the lower half under Preview Pane, remove the check mark next to Show Preview Pane by clicking on it. Select OK to exit and you are done.

Thanks AngryGirl for your great links!

when using some of the software items listed so far, such as SpyBot Search & Destroy, and Hijack This, if you are not overly confident on what the results tell you, check before you act.

Spybot is a great program but it also identifies items which are personal privacy issues, such as last 10 files used on Windows Media etc. If it finds Spyware, it will list the item in red, while things like the 10 last files stuff are posted in green. Once in a blue moon, you might get a yellow item, but I've only seen that once. You should probably immediately remove the red items, then check the green ones to see if you want to keep them. By default, it only highlights the red items for removal; you need to check the boxes on the green items for them to be removed.

Hijack This gives you a lot of info abt what is running on your PC, and if you don't know what the items represent, such as a 'BHO', seek help before deleting. The website http://www.castlecops.com has a forum where you can post the results of your scan, and someone will help you decipher whether you have a problem or not. You have to register, but they don't bother you with emails. It's a good site for overall information.

SpywareBlaster does not remove anything from your computer but rather places entries into the registry that block new spyware from planting itself. You need to run programs like Ad-Aware, and SpyBot to find things you already have acquired.

Always update the definition databases of the above programs before you run them.

If you can, run these programs in the Safe Mode on your PC. That way, more programs will be analyzed. (Some of them, usually the virus detectors like Norton, don't run in the safe mode.)

AVG users already probably know this, but a new free version just came out, AVG7. If you already run another virus protector, it's okay to launch a second one to scan your computer, but don't have 2 of them running at once for the purpose of checking incoming emails, webpage downloads etc. I prefer Norton as my virus software, but run AVG at least once a month to check for anything Norton possibly missed. (I've never gotten a hit.) Once I run the AVG scan, I exit the scanning program and the control center, which usually puts itself into the tray.)

I use a little program called AT notes, which will pop up a reminder to me to do various things on a schedule I set. It's a good way to get in the habit of updating your virus files and doing other scanning.

HTH,
PT

Most will never have heard of BoClean. Little known program. Pay once and updates are free forever. Set it to silently update and you never have to do anything. I have been a member of TomCoyote and Spywareinfo forums for quite a while. These folks will help with HJT logs and I have never seen anyone post a log who was running Boclean.

http://www.nsclean.com/boclean.html

http://www.jmu.edu/computing/info-security/engineering/issues/boclean.shtml

JMU computers are scanned almost daily from the Internet (and occasionally from on-campus) by various people looking for computers whose owners have inadvertently installed one of the remote control trojans on their Windows PC. If they find one, they basically own the computer. BOClean was purchased to supplement Norton Anti-Virus because it is more effective and user friendly in its handling of these trojans. Think of Anti-virus software as a door lock and BOClean as a motion detector.