How Do You Secure Your Home Pc?

[xtr3m3]

What if you use it for online gaming? I've recently made the move to Linux, leaving windows specifically for games.

Any other windows related stuff is done in a VM.

Any recommendations?? Ta..

[DaBeach]

Speaking of root kits.

http://blogs.technet.com/b/mmpc/archive/20...xnet-sting.aspx

[barry99705]

What if you use it for online gaming? I've recently made the move to Linux, leaving windows specifically for games.

Any other windows related stuff is done in a VM.

Any recommendations?? Ta..

My gaming machine is running win7 with the microsoft security essentials apps running for av/anti-malware. I don't run a firewall on it. I used deploystudio to make an image of it. If something happens, it gets blown away and reimaged. The only thing I use it for is games and sketchup, so nothing is stored on it.

[Guest Deleted_Account]

Good to know, so there seems to be a compatibility issue between the two. Comodo seems to play real nice with Avast never had any issue. But thanks for letting me know.

Ya not sure 100% what the problem is but it seems to be something with Defense plus and Threatfire my fix is either disable Defense plus or stop threatfire from starting at boot :P

[Infiltrator]

I only run an AV and let Windows deal with the firewall and haven't had any problems.

Sidenote: Using a VM in "seamless mode" works great for web browsing.

Apparently the retail version of Avast, comes with a sandbox environment where you can run any software or even access internet without the risk of compromising the system with viruses or other shitware.

[eliminatebotnets]

I had stopped using scanners etc... around XP and during Vista days. It started to feel like a burden having to update and check for updates and taking time to scan with multiple softwares not to mention defrag. The last time I caught a virus was with XP and IE which by simply visiting a page something changed my notepad.exe to a virus and it attempted to get by the firewall (this was my 2nd virus caught in my lifetime btw). I feel now that safe practices combined with firewalling is better and if you catch a virus your probably done anyway and off to a reinstall these days.

I used your same approach in the past and have paid dearly for it. There are nasty rootkits/trojans out there that can attack the BIOS and Firmware despite what people tell you. Physical Access is NOT necessary IF the trojan is able to gain administrative rights to your pc. Then a hacker can view all your files/hardware settings and pick from any rouge file on the web to execute on your pc. Which can be done silently in the background with stealth.

http://www.securityfocus.com/news/11372

Most good Anti-Virus programs will block/alert 99 percent of threats. Have to agree with Infiltrator that Kaspersky Internet Security is the best paid AV out there in my opinion. In addition to just having virus definitions, it also monitors all processes, memory, etc. and stop any suspicious activity before it executes. Yet it manages to use very little system resources. It's expensive at $80 but it is the most advanced AV in the world. Otherwise like others have said a free AV like AVG or Avast does a solid job and is much better than no protection.

If I could secure my pc it would be Kaspersky, Comodo Firewall, and maybe a good spyware scanner. Haven't kept up on spyware scanners lately but Lavasoft Ad-Aware used to be a good one.

[DaBeach]

Physical Access is NOT necessary IF the trojan is able to gain administrative rights to your pc.

Most good Anti-Virus programs will block/alert 99 percent of threats.

How would a Trojan be able to gain admin rights?

If BIOS or Firmware are susceptible to attack and a Trojan could rewrite or add an executable that would infect even a new install after a partition wipe and format how would anti virus help and how would one even know this was happening?

I don't recall in the case of the Sony DRM root kit situation a while back if the user would have had to facilitate the install of the root kit or not.

[eliminatebotnets]

How would a Trojan be able to gain admin rights?

If BIOS or Firmware are susceptible to attack and a Trojan could rewrite or add an executable that would infect even a new install after a partition wipe and format how would anti virus help and how would one even know this was happening?

I don't recall in the case of the Sony DRM root kit situation a while back if the user would have had to facilitate the install of the root kit or not.

When I got hit by it, there was an exploit out where your computer could get infected by simply getting tricked into looking at a Flash page. It could have happened that way or by downloading a file from a file sharing site that was packaged with malware. There are literally hundreds of ways for malicious files to secretly install on your computer.

There was no AV running on my pc and I'll admit by router password was pretty weak, probably using WEP . Was broadcasting my wireless SSID with no encryption. I'd never been hacked before so I was an easy target.

So my complete lack of security enabled this to happen but my point is if I had antivirus running, it would have alerted me that someone was trying to break in.

You are right that once your hardware is effected, your antivirus does NOT help. It doesn't know what is happening because it cannot read what is happening at the BIOS level. So scans will come up clean because nothing is detected at the operating system level.

This type of attack has apparently existed for years but because of it's undetectable nature, many people never know anything is wrong. The only sign of it's existence is random errors when trying to install/uninstall software. Especially programs from the internet as they are always modified.

So while you may have to be targeted and the person must know your computer specs for this to happen, my point is it can happen. There's a "script kiddie" in every neighborhood scanning for unsecure computers, just looking to cause problems. You don't respect security until you get hit.

Edited July 25, 2010 by eliminatebotnets

[DaBeach]

So my complete lack of security enabled this to happen but my point is if I had antivirus running, it would have alerted me that someone was trying to break in.

I had a similar thing happen in my XP days when I believe I was using the latest version of IE and by visiting a site without my knowledge or actions my notepad.exe was replaced with a Trojan/virus which then attempted to go out to the net. The firewall stopped it and alerted me and that's how I learned of the problem. Since this time I have the software firewall on each system blocking everything except my exceptions followed by the router/firewall setup in the same fashion.

While I am still not impressed enough to jump back into virus and/or spyware/malware scanners I would like to think that my practice of restoring the system via full image restore of a fresh install followed by the router/firewall procedures help me. And in the future after my new build I am going to play around with going virtual and a regular practice of deleting used OS images after use.

[Mr-Protocol]

All you really need is a good free AV.

DO NOT use Internet Explorer.

Have good internet habits.

Some people are just plain paranoid with the talk of hardware root-kits and exotic infections.

BlackHat DC 07 paper on Implementing and Detecting Hardware PCI rootkits.

https://www.blackhat.com/presentations/bh-d...-Heasman-WP.pdf

Preventative Measures

General rootkit prevention steps typically keeping the system and all third party software fully patched as well as running a personal firewall and antivirus software. As an additional step, the user can write protect the firmware of certain PCI cards via a physical switch or jumper, as can be seen in Figure 3.

And as for getting administrative privs, you have to click "Yes I allow this" in Vista/7.

Edited July 25, 2010 by Mr-Protocol

[HaVoK-69]

I currently use this setup on my pc:

Microsoft Security Essentials (Primary AV)

Spyware Blaster

Comodo Firewall

Also I am working on setting up an Untangle Box to secure my network better and also looking into DecaffinatID

I am the computer professional of the household and make sure I don't do anything stupid to compromise secruity of the network. Suggestions are welcomed

[Ghost The Alien Hunter]

I noticed here that nobody has mentioned using a user account for everyday tasks. Just wanted to throw that in.

[Infiltrator]

How to secure a home computer:

1. Ensure all software, including the OS is fully patched up

2. To mitigate zero days attack, a good firewall (I recommend Comodo) should be installed, with rules set to only allow certain traffic to access the internet and to deny any incoming request, that hasn't been made.

3. I would recommend using Avast 5, as your AV engine. Its free and it will 99.0% of all times protect your computer, there is no user interaction required for updating it it all happens automatically on the background.

4. If you are still using XP, do not use LMLam to manage your logon passwords, upgrade it to NTLM and make sure you use a complex password or use another means for user authentication that doesn't rely on windows itself.

5. For spyware detection, I use spybot - Search and Destroy and spyware blaster.

6. A VM could also be used for isolating viruses infections when browsing the internet.

7. For a more effective protection a firewall with IDPS functionality could be implemented at the Network perimeter to prevent threats from entering the network.

8. Upgrade any firmware you have on your router or switch and always remember to never click on files or links you are not 100% sure where they come from.

[Guest Deleted_Account]

How to secure a home computer:

1. Ensure all software, including the OS is fully patched up

2. To mitigate zero days attack, a good firewall (I recommend Comodo) should be installed, with rules set to only allow certain traffic to access the internet and to deny any incoming request, that hasn't been made.

3. I would recommend using Avast 5, as your AV engine. Its free and it will 99.0% of all times protect your computer, there is no user interaction required for updating it it all happens automatically on the background.

4. If you are still using XP, do not use LMLam to manage your logon passwords, upgrade it to NTLM and make sure you use a complex password or use another means for user authentication that doesn't rely on windows itself.

5. For spyware detection, I use spybot - Search and Destroy and spyware blaster.

6. A VM could also be used for isolating viruses infections when browsing the internet.

7. For a more effective protection a firewall with IDPS functionality could be implemented at the Network perimeter to prevent threats from entering the network.

8. Upgrade any firmware you have on your router or switch and always remember to never click on files or links you are not 100% sure where they come from.

I definitely agree with everything you said. Especially the part about NEVER clicking links that are "ify" or you are unsure about. Also I recommend checking out something like The Alpha-Sheild

if you dont want to setup Untangle this is easier and just as good.It does lack the "apps/addons" though.

[Infiltrator]

if you dont want to setup Untangle this is easier and just as good.It does lack the "apps/addons" though.

Darren did a segment back then on Untangle and to be honest, I kinda liked it a lot, and seems to provide a lot more features than any other linux based firewalls.

[Guest Deleted_Account]

Darren did a segment back then on Untangle and to be honest, I kinda liked it a lot, and seems to provide a lot more features than any other linux based firewalls.

I agree but for Plug and Go Alphasheild is good. For iptables, ease, power, addons, Linux, etc. Untangle is the way to go. Definitely go with one of these. a dedicated IDS or Firewall is way better and works well along side of you OS's Software Fire wall (Comodo as an example).

[Infiltrator]

I agree but for Plug and Go Alphasheild is good. For iptables, ease, power, addons, Linux, etc. Untangle is the way to go. Definitely go with one of these. a dedicated IDS or Firewall is way better and works well along side of you OS's Software Fire wall (Comodo as an example).

With today's threats an IDS firewall is not enough, IPS must also be implemented to strength the security and integrity of the network.

Comodo Internet Security Complete, is an all in one security software package that comes with host intrusion prevention and many other more security features, that is a must to have.

[HaVoK-69]

Is Avast really that good? I've always been using ESET NOD32 or Microsoft Security Essentials lately for anti-malware and they have worked great. I have seen ESET NOD32 has been rated very high as well. I have to say Microsoft Security Essentials is probably one of the best things released by the company. I use it more often now as it runs on less resources than NOD32 and is nearly as good, not to mention its free.

[Infiltrator]

Is Avast really that good? I've always been using ESET NOD32 or Microsoft Security Essentials lately for anti-malware and they have worked great. I have seen ESET NOD32 has been rated very high as well. I have to say Microsoft Security Essentials is probably one of the best things released by the company. I use it more often now as it runs on less resources than NOD32 and is nearly as good, not to mention its free.

I use Avast at home and never had any issues with, its very effective at blocking and detecting malwares. ESET NOD32, haven't really used it, but have heard some really good feedback about it.

Where I work my employer, uses Forefront to protect all their PCs, I personally don't like it but it seems to do its job decently.

Edit: Not as effective as Kaspersky.

Edited August 11, 2010 by Infiltrator

[CrYpTiC]

In regards to the boot sector and/or master boot record, would a deletion of all partitions blow any root kit/virus off?

No. Personal Exp with this one has told me you have to go with a low level format or be a pest about it and run a duel boot setup. It's very hard for a windows box to get a rootkit in the MBR for grub considering it doesn't understand it.

But just to chime in and say common sense works well for me. Yes about I said Personal Exp.. I have a few test VM's that I use for surfing sights that seem off. And I was stupid many years ago... "Some stupidness remains"

I personally like the sand box approach to browsing toss that in a VM if you know your doing something and toss it away afterwards. No harm done to your machine and hell most modern PC and Laptops included can take a beating with 3 to 4 VM's. I know it's not the ideal way but set one copy of a fresh install of Ubuntu up in a VM "40mins max" clone it and do what ever you want. I know thats over the top what your looking for but its just something I didn't notice on the first page from the responses.

[Infiltrator]

I personally like the sand box approach to browsing toss that in a VM if you know your doing something and toss it away afterwards. No harm done to your machine and hell most modern PC and Laptops included can take a beating with 3 to 4 VM's. I know it's not the ideal way but set one copy of a fresh install of Ubuntu up in a VM "40mins max" clone it and do what ever you want. I know thats over the top what your looking for but its just something I didn't notice on the first page from the responses.

I don't know if you have heard but Dell has released a virtualized version of Firefox. A bit more secure than running firefox in a VM.

[Sparda]

I don't know if you have heard but Dell has released a virtualized version of Firefox. A bit more secure than running firefox in a VM.

Well, not really. A full virtual machine will be more secure than a 'sandboxed' (as the term is) application. Though both could have flaws that allows code to 'escape', the sandbox is more likely to have such flaws.

[Charles]

Running an browser in a VM in "Seamless/fullscreen" mode > sandboxed browser.

[Infiltrator]

Well, not really. A full virtual machine will be more secure than a 'sandboxed' (as the term is) application. Though both could have flaws that allows code to 'escape', the sandbox is more likely to have such flaws.

From reading articles in virtualization, they always mentioned that a full virtual machine could be more insecure than the actual hosting operating system.

I guess that statement could be wrong, it all depends on how well and secured the VM really is.

Edit: By the way, thanks for correcting me there.

Edited August 11, 2010 by Infiltrator

[Gianluca]

Information leakage is everywere, it's almost impossible to avoid it.

The best I can do is to centralize all the confidential data in a very secure host (linux based of course) and use 2 other spare xp PCs for gaming, non-critical web browsing etc etc... (I don't mind if I get viruses on those 2 PCs)

Keepassx database stores all the passwords and an encrypted truecrypt volume store the personal data. One single master password unlocks the keepassx db and in turn all the other stuff. Every now and then I print on paper the keepassx password db in base64.

Edited August 27, 2010 by gianluca ghettini