Hey...not too long ago (past month or two) someone posted a good thread that dealt with certain steps you should take to build a secure workstation...Does anybody know where this thread is? Having a hard time searching for it b/c I can't really remember anything about the thread "keyword" other than it was informative.
1: You definitely, under all circumstances need a hardware firewall. Most routers do include one, that's fine - software firewalls are not enough. 2: Do not mess with your firewall. No eMule, no bittorrent, no IRC, never open any ports permanently. 3: Given that you have a fine working hardware firewall you don't need a software one. Waste of resources. 4: The only three websites that you let perform ActiveX commands on your machine is the windows update server, the kaspersky free virus check and the TrendMicro free spyware scan. For anything else Internet Explorer/ ActiveX is OFF LIMITS. Two browsers are safe: Opera and firefox, if you install NoScript. 5: Microsoft Outlook is off limits. Use Thunderbird. 6: Deactivate autoplay for inserted disks. (Remember the Sony rootkit?) How to: www.xp-antispy.org 7: Deactivate services that enable remote control of your machine. How to: http://www.z123.org/techsupport/xpservices.htm 8: Have a look at www.diamondcs.com.au/ 9: Always open downloaded/ unknown files with a right-click: "open with" That should be safe enough. I'm not even having anti-virus installed in the moment. If you have the power and RAM, get the latest kaspersky. On the other hand, if you're using IB you better not, because TWS is using the command interface and that will give you permanent security alarms.
If you can do work on a computer that is never online you are fairly safe. You have to transfer data to that machine with an external hdd or disc and you have to scan the transfer device for rootkits, trojans, etc. As an aside, I got the first mass distribution computer virus ever maybe, it was on a Radio Shack Model 4 and guess how it got transferred in to my computer? Via a magazine article with instructions on how to improve the word processor, I followed them to the exact letter and wound up with a word processor that would lock me out and do weird things to my documents!! I read an article recently about the difficulties Cisco is having because hackers are targeting their hardware and Cisco has a zillion versions of routers and software for same out there. Maybe even the hardware firewall is not going to be that great at some point.
You may want to have a look at this post: http://www.elitetrader.com/vb/showthread.php?s=&postid=652302#post652302
Hi hirsch I usually go to techguy with these questions, but just in case you're able and inclined to answer... I just installed eMule on my machine. I did a port analysis at Steve Gibson's site http://www.grc.com/default.htm after installing and it showed my machine to be secure in terms of open ports. Is there something else I should know about eMule - is it still affecting my security even though it's not 'officially' launched? I should make it clear that I am not a techhead, although I am trying to improve my knowledge of computer systems and security in particular. Tech talk may go over my head. Thanks, Nik
I love eMule. But you are opening your firewall to random attacks, that might or might not happen. Furthermore I suspect that the music/film industry is using illegal means to counterattack nets like eMule. The problem is, there is no protection against a kernel mode rootkit, that's hiding inside csrss.exe or in other places you can't really access. Code scanners are useless, including Norton, MacAfee, kaspersky. The best one until recently, TRS-3, just surrendered. ProcessGuard is the maximum safety you can get, but it doesn't seem to be 100%. What do you need for eMule? A 286 is basically enough. Any old computer will do. So set it up on its own machine, only eMule - nothing else, open the firewall for that specific machine and that's it. If you're not downloading executables, just check files that are named mp3 really are mp3 and not something nasty with a nice name. Programs from eMule you should run awhile (maybe on the old machine) and check then your ports (e.g. with Port Explorer), autostart, etc. (e.g. with rootkit revealer).