Just remembered, make sure that you use Shields Up! at www.grc.com through the IP Agent because otherwise it could be testing another computer in the network!
Here are a few of the things I use: Hardware router/firewall running NAT ZA Pro Anti virus (grisoft.com) Surfin Guard 5.7 (finjan.com) prevents malicious code from running Ad-aware (lavasoft.com) Wipefree (shareware) Norton Utilities (on occassion) Spider (shareware) cleans index.dat re-associate .vbe, & .vbs to notepad disable hidden shares/turn off file sharing disable netbios over tcpip couple registry hacks that I'd have to look up to remember be aware of what your clicking Hope this helps
@PABST IMPORTANT As what i have read in your first post, i can safely claim that nobody had access to your C: It is simple to create a HTML doc, which has the effect, that if you open it in IE, your drive X: is shown, however, ONLY LOCALLY, i.e. IE does on your computer what your normal windows explorer does, this is no danger at all. The little "trick" you described there is rather well-known by wanna-be-hackers who just want to shock others. Also, before you get a free firewall software, make sure it is free from Trojans + Viruses. Sascha
Thanks, it does - didn't know about the vbe/vse assoc., and others.. do you have a url for the spider prog for index.dat? and, how to disable hidden shares and disable netbios over tcpip? (sorry for the questions, I don't know how to do those, sounds good though). nice post
Spider: http://www.webattack.com/get/spider.shtml netbios: properties of tcpip, WINS tab, (if 2k go into advanced) hidden shares: it shouldn't be a prob if file sharing is off, but i disable them anyway (not sure if it's a default in 98). In 2k right click my computer, manage, shared folders, shares, right click the folders to stop sharing. Or go into the properties of each drive, sharing, and turn it off there. Some times those hidden shares come back without being enabled. Hidden shares have a $
maximus, how do you turn off the hidden shares that restart automatically and are they a security threat?
If you have file and print sharing turned off if shouldn't be a problem. The reason I turn them off is b/c when I share a folder out on my network I need to enable file and print sharing. When I do that all the hidden shares become active. I also only allow one user to connect to what ever is being shared as well. I haven't looked into permanately disabling the hidden shares, I have seen them come up on my machines on occassion as well, but I have f/p sharing off 99% of the time. You guys may also want to try leak test at grc.com too. Another probing test for ports is at sygate.com. I can't find the link off hand
The system automatically creates hidden "administrative shares" for its logical drives C:, D:, and so forth which it names C$, D$ and so forth. It also creates the admin$ hidden share for to the \winnt folder. These shares are designed for remote access support by domain administrators. By default, if you delete these admin shares, they will be recreated when you reboot. To disable permanently so they will not be recreated on the next reboot, use the following Windows NT registry hack: Hive: HKEY_LOCAL_MACHINE Key: SYSTEM\CurrentControlSet\Services\LanManServer\Parameters Name: AutoShareServer for servers Name: AutoShareWks for workstations Type: REG_DWORD Value: 0 For background: Q156365. Perhaps the best approach to protect hard drive resources on workstations is to disable the server service if you can. There are a few workstation applications that need server service running, in particular, some SNA emulation packages. **** If you do turn off any services make sure you write down what you've done so it can be enable if some doesn't work.
Appreciate the links and info, it's a lot of work to secure our pcs nowadays.. nice to know everyone's working together to provide apps and procedures to help safeguard the data. the journey continues...