Wednesday, October 26, 2011

Preventing your system from getting Infected

Preventing your system from getting Infected


The most important thing to do is to make sure you have a decent Software Firewall installed on your PC and have it set to prompt on internet access and not to use the default setup. Then to train the Firewall for your internet applications such as Web browser, Downloaders and Messenger clients. If you can do this for all your internet applications then any new prompts should be very rare and could mean something is trying to access the internet which shouldn't! Note that some Firewalls have a allow/deny once feature which does not create a rule so you can deny it for just one time to test whether everything still works okay. When an application tries to connect to the internet it should show it's name and location where it is running from.

Malware creators try to name their applications and use icons which resemble legitimate applications such as Internet Explorer, Firefox, Windows Media Player, Adobe applications and other applications in an attempt to get people to allow internet access. If in doubt deny it access!

If you install the application without any other program running, like you should do, then it will be considerably easier to know that what is being prompted for is not a legitimate application but Malware trying to steal your passwords. In fact it is advisable to deny anything that tries to connect to the net while you are installing applications no matter what it is. After reading this post, Malware creators/posters will know that they must change the way their Malware operates or it will be unsuccessful so they might delay their software from attempting internet access to try and get you off your guard. Check task Manager or better still Process Master for any lingering programs that you did not know were running. Kill them if you can.


«« Recommended Firewalls »»

Please note that you should only install security software which has a Digital Signature as this shows the file has not be altered and no infection has been added since it left the software producer. See Below for a quick guide.
Recommended Firewalls and their performance (Note that Outpost Security Suite is not the same as Outpost Pro):
Code:
http://www.matousec.com/projects/proactive-security-challenge/results.php

Comodo make a very good and highly regarded Firewall which is available in a Freeware version so no potentially infected cracks/patches/keygens need to be used/run. The download package includes an Anti Virus which does not need to be installed.
XP (SP2) / Vista 32 bit/64 bit plus it can be got working on Windows 7

Code:
http://personalfirewall.comodo.com/


Outpost Firewall Pro is very easy to register using easily available serials on many Serial sites. The serials do not become blacklisted in my experience.
Supported platforms: 32/64-bit Windows (Vista, WIndows XP, Windows Server 2003, 2008), Windows 2000 (SP3 and above), Windows 7 (beta support).

Code:
http://www.agnitum.com/products/outpost/
Kaspersky Internet Security 2010 has improved dramatically recently, none of the previous versions are recommended. These require serials which will frequently be blacklisted so it will be a bit of a nuisance using it.

«« Checking Digital Signatures »»

Doing this ensures that the Application has not been altered by one of the people who are attempting to hack your accounts and this will prevent you from using an Application which has had an infection added.

Digital Signatures (DS) should be available for all recent Commercial Shareware software so if an Application that you download does not have one then it is highly likely to of been modified by someone to add an infection.

Freeware rarely uses DS's as it cost money to have Appz signed. So it is safer to obtain Freeware from the homesite but some custom made Applications written by some talented Warez-bb members are okay. This is not a complete list and many will be missing but a few valued and trustworthy members who write their own software in alphabetical order are Darkimmortal, swader & Yawn.


Code:
http://en.wikipedia.org/wiki/Code_signing

On the image below it shows who the countersignature is signed by. Recognised signing authorities include VeriSign, Thawte, COMODO, GlobalSign & GoDaddy. If the DS is not valid then proceed to the next step as a final check needs to be made.
On the image below it shows at what time the DS is valid, if the current date is outside the Valid from/to dates the DS cannot be valid and will show as such on the previous image. But if you change your Windows date so it is inside the Valid from/to dates and then repeat the process the file will be tested again and cannot be invalidated by the date. If it now shows as valid then all is okay with the file and it is unaltered and is safe to install. Change your system date back to the correct date.

Installing only DS applications and using serials or possibly keygens run in a Sandbox via Sandboxie (only on 32 bit x86 Windows) is the safest method of installing software. Keygens may be run in Virtual Machines for 64 bit x64 Windows but are a little more difficult and take up more disk space as an entire windows install needs to be stored/restored and not just a small sandbox. Remember to block any internet access .
Installing software to a Sandbox is a safe way of testing software and it can also be a way of re-using software after a trial expires if the Sandbox is deleted before re-installing.

If there is no DS tab in file properties for a Commercial application then you would be best to leave it well alone.

Runs with only some not totally necessary features disabled without a license and after 30 days displays a nag screen. Reg codes are available.

Code:
http://www.sandboxie.com/

The following software is recommended and can be used in addition to other security software such as Anti Viruses and they use very little System resources.
Code:
http://diamondcs.com.au/processguard/
http://www.threatfire.com/