Securing your computer

[AnonymousI]

The average user installs antivirus and firewall software and then call their computer secure... Reality is: your computer is still not secure. Most viruses, trojans, -wares, etc. can easily disable any protection. I would say that my computer is more secure than the average user. Up to now, I never had any viruses, -wares, etc. on my computer. It is also recommended to have the professional version of XP and the latest updates.

Here are my security tips (See end for additional notes):
- Reformat and reinstall to remove all viruses, -wares, etc.
- Get antivirus, firewall, privacy, and spam protection from reliable and reputable vendors (ex. mcafee, trendmicro, symantec, etc.)
- For wireless networks: Use the WPA or WPA2 security protocol on your wifi devices
- Create two accounts: Administrator and User
- Password protect all accounts
- Set group policy settings using Group Policy Editor (gpedit.msc)
- Use the windows classic logon style instead of the windows welcome
- Turn on DEP (Data Execution Prevention) for ALL programs

Additional Notes:
*The Administrator of the computer has full control of the system. Most computer users have one or two accounts that have administrator rights. This means that anything/body can change or disable security settings. It is recommended that you create and use an account THAT IS part of the USERS group at ALL times (Run lusrmgr.msc to do this). Members in the Users group cannot make system wide changes which makes any attempt to compromise security useless. Therefore, if viruses, -wares, etc. were to get on your computer, it wouldnt affect the security because members of the Users group cannot make changes to system and program files due to restricted permissions; also, the antivirus and/or firewall will notify you. If you need to install something, right-click the setup executable and select runas and enter the admin login info.

*The Group Policy Editor (only available on Pro) is a powerful tool that system/network admins use to reinforce security. For example, the "LAN Manager Authentication Level" is a crucial security setting for windows passwords. Most password crackers generally get the password fastest by cracking the LANMAN hashing algorithm (easiest to crack) that is applied to windows passwords. Setting the "LAN Manager Authentication Level" to "Send NTLMv2 response only - refuse NTLM and LM" greatly increases password security because of the complexity of the NTLMv2 hashing algorithum. To crack this type of security would take forever and nearly uncrackable.

*The DEP prevents protects your computer from damages caused by viruses, trojans, etc. It is NOT a substitute for anti-virus.

[~mr mixx~]

Great info: i will sticky this ...

[~mr mixx~]

If anyone else has good tips on Securing a PC or laptop..put em in this thread..

[amit]

it contains the lot of important matter which is not easily gathered from other sources.

[RewtGuy]

For an added layer of security add a BIOS password
Take off boot from cd / floppy (change it back when you need it)
Set a screensaver and have it "on resume, return to welcome screen"
A router firewall will stop most attacks in its tracks
Make sure you only port foward necessary ports
Check msconfig for any new suspicious adds to your startup (once in a while)
CTRL ALT DELETE and check running processes for anything suspicious (once in a while)
Keep your system up to date
Common sense, don't open .exe files from random people ect...

[MHollacaust]

Hi to All,
I take it that when you refer to privacy, you are refering to Anti-Spyware software. If so, then I totally agree.

I am one of the fools that thought he was protected with Norton Anti-Virus and Windows XP Firewall software running. (I did not have anti-Spyware) Recently, I tried to use one of the computers in the house and found it infected with "Spy sheriff," an adware and spy program. It took me two days to disinfect this computer. (I have three kids who frequently go to sites such as "Puff Games, Neo Pets, etc.) This program was a vicious annoyance that took control of the Browser and the Desktop as well as corrupted the Wi-Fi network associated with this computer. It took control of the computer, slowed it to a snails pace, and invaded numerous files and tried to hide itself in many places. It protected itself from deletion and un-install attempts.

The solution - Spy Sweeper and complicated sweps through Safe mode, and then difficult redundant attempts of reprograming wi-fi network protocol and finially I had to install Fire-Fox as a browser.

Now I keep Spy Sweeper running constantly in the background, my windows firewall always on, yet still use Norton, although I am a little less confident in its abilities.

Any comments?

Mark

[phrankco]

I run spybot s&d, adaware se plus and norton - sys works 2006 has process viewer that shows autorun processes task manager does not pick up

this from pc mag

Do you know Win Firewall can be hacked with port exceptions inserted
directly to Windows Registry with "malformed" names so the Windows
Firewall user interface would not be able to display them and you
would never know the port is open?

To determine if you have any sneaky exceptions see
http://find.pcworld.com/49776

To get update that makes invisible entrys visibal in Win Firewall see
http://find.pcworld.com/49777

[dyserq]

That's a great guide AnonymousI ... nice work

[SLIPKNOTN21]

Nice i luv these sites that tell you about how to secure youre system , even though i never ever worry about spyware, viruses trojans or hackers or spam

[BullDog(UK)]

Good common sence information anonymousI

Also can the following post be added to a sticky, as it contains invaluable information for setting up secure wireless networks.

http://www.computerforums.org/showthread.php?t=29221

BullDog(UK)