[Beginner's Guide to Windows Security] So you want to be safe

[SirGod]

Dupa cum spune si titlul, este un ghid de securitate pentru Windows. Este facut pentru cei care nu sunt chiar experti in domeniu, cu explicatii naturale (scris pentru blogul meu). Doar cateva sfaturi si programe recomandate.

1) Always use an anti-virus software and a firewall. Now, there are many products available all around the web, but you can’t just use the first product you come across. All security vendors will worship their product telling you that it offers the best security you can get, but it is not like that. Now, you may be wondering what are you supposed to choose, I can’t help you very much with this. I just recommend you to constantly take a look at the latest reports of anti-virus testing companies, such as: AV-Comparatives, AV-Tests, Virus Bulletin and so on. There you will be able to see the performance of every anti-virus software tested (detection rate, disinfection capabilities etc.). Then you are capable of distinguishing the best and the worst anti-virus products based on facts, not words. My recommendations would be: Kaspersky, Avira, Bitdefender, G-Data and Norton (don’t hate me if I missed your beloved anti-virus). Personally, I use Kaspersky Internet Security 2011 and I am quite content of it. Most anti-virus products have auto-update, but in case yours doesn’t have, keep it up to date, always. As you probably know, you can choose a standalone anti-virus product and a standalone firewall or, like me, you can choose a security suite including both. I also strongly recommend you to use an on-demand virus scanner (not another anti-virus, two anti-viruses are never a good choice), such as Malwarebytes’ Anti Malware. Why? Because it has a great detection and it might detect something that your antivirus doesn’t.

2) Windows updates. Always keep your operating system up to date no matterhow much it nags you, it is important. Besides stability updates, error fixing updates etc., Microsoft provides security updates for the operating system and the products associated with it (e.g. Microsoft Office). Keeping your system up to date doesn’t make you invulnerable, but it reduces considerably the probability of being hacked. I recommend you to update the system as soon as the updates are available (check for updates every week).

3) Browser updates. Maybe the most important thing is to keep up to date your web browser and the plugins/add-ons installed on it. Why? Because the web browsers are the most targeted applications when it comes to exploitation. Every week there are all kinds of vulnerabilities discovered in web browsers. Obviously, your browser has a built-in updater, use it regularly (let’s say every week).

4) All programs updates. You update your system, you update your browser, but what about your other applications? Update them, all of them. Your media player, your torrent client, your IM client, your design application, no exceptions. You can’t be always sure that you don’t download a crafted file containing an exploit meant to remotely operate your computer. And you don’t know if a remote exploit has just been released in the wild and somebody is going to target it against you. You may find painful updating all your applications. You must open each one and check for a new version. Fortunately, we have a very handy tool at our disposal. It is called FileHippo Update Checker (I am sure that out there are many other tools similar to this one, choose which one you think is the best). The application, once launched, will scan your computer (in a few seconds) for known programs and check if a new version of each program has been released. The results will be displayed in your browser together with the download links for the new versions of your outdated programs.

5) Sandbox/Virtual Machine. If you download unknown software (you are not sure about its origin) and you really need to use it, do this: run it in a sandbox or on a virtual machine. Personally, I use Kaspersky Internet Security’s integrated sandbox, but if you have another antivirus, install Sandboxie. A sandbox will run the application in an isolated space which prevents malicious software from making permanent changes to other programs and data in your computer. You can also use a Virtual Machine: VMWare, Virtual PC etc., it doesn’t matter. Install on it your operating system but do not save important data or passwords on your virtual machine. If you get infected in your virtual machine, the loss of information will be drastically reduced, almost to zero, but if you get infected in your daily enviroment, you can lose precious data such as correspondence, files, passwords etc.

6) Analyse the file. You have downloaded a file and you need it and you have above average knowledge when it comes to viruses. Your antivirus has found it clean, but you are still suspicious, you don’t even want to run it in a Virtual Machine or Sandbox, or you want to check it before. What are you supposed to do? Upload it on Virus Total. Then your application will be scanned with 41 (currently) anti-viruses so you can see the results. Furthermore, the service provides you additional info, such as: PEInfo, TrID and some other useful information. Another great service is Anubis from iSecLab. You upload your executable file and you get detailed information on it: registry activity, packers, file activity and so on. And, do not forget, always look for Digital Signatures. If the application is digitally signed, the possibility that the application is infected is reduced dramatically.

7) Safe passwords. Use them. Generate safe passwords using password generator software or even your own algorithm. Use letters, numbers, capital letters, special characters. One password for one account, don’t use the same password for two accounts or more. Of course you can’t remember such passwords, but we have KeePass. KeePass is a very advanced password manager software. It has also a built-in password generator that will generate passwords based on your criteria. The database containing the passwords is encrypted and unbreakable (so far) if you use a strong master password. KeePass encrypts the passwords even in memory (when you copy them) so there is impossible for other applications to intercept them.

8) Security enhancements. You just can’t search the web daily to see if new vulnerabilities have been discovered in your software. Luckily, Secunia PSI helps you. Secunia PSI detects all (or almost) the programs you have installed on your computer and checks if there’s a vulnerability for the version of the software you are using. If it is, Secunia will alert and offer you a solution if available (update). If no solution is available, you will know what programs you shouldn’t use (or you can use a similar program) until a patch is issued. Another great security enhancement tool is EMET (Enhanced Mitigation Experience Toolkit) from Microsoft. If a vulnerability has just been discovered, you can’t find a patch right away, so your system is prone to compromise. EMET makes the exploatation of the vulnerabilities present in your software harder, impossible sometimes. You can select your applications (browser, media player, java, flash player etc.) and apply a decent range of protections, such as DEP, ASLR, SEHOP, protection against Heap Spray attacks, EAF and so on, directly from EMET’s GUI. This way, you are almost sure that no attacker can exploit your software’s vulnerabilities. As I have said, it doesn’t stop the attacks 100%, but it makes difficult, if not impossible, for the attacker to compromise your system.

9) Browsing security. Updating your browser doesn’t prevent your accounts to be stolen. All you can do is to make sure you don’t fall into a scam page or a cookie stealer (Cross-Site Scripting exploitation, usually). For luck, developers have this covered for us. A plethora of add-ons is ready to be installed and protect us. Extensions as WOT (Web Of Trust) can make our browsing even safer, it will alert us if we follow a dubious URL (scam page or pages containing exploits). Against Cross-Site Scripting attacks, we can use NoScript. This way you’ll surf the web more comfortable. If you received an e-mail with odd links or just simple images, after viewing the e-mail, sign out of the email and log back in, if needed. It takes only a few seconds. Doing this, if the link or the image were malicious and grabbed your cookie, the cookie would be useless for the attackers since you logged out. Security problems belonging to the websites are the responsibility of their administrators. No doubt there are more ways to harden your computer’s security, but follow this steps and make it harder for hackers to compromise your system or your accounts.

Remember, this guide is far from being complete. If you have any question, use the comment form below.

Edited December 13, 2011 by SirGod