I made this article because I felt the other sticky was too outdated.
I tried not to clutter the article with external links. On proyb2's suggestions, Red = Bad and green = good for easier skim-through.
WARNING: THIS ARTICLE IS LONG.
It is meant to be as comprehensive, and updated, as possible. If you want to know how to defend your computer armed with the latest information*, you've come to the right place. If you're TL;DR - too bad.
If you are unfamiliar with any of the terms used or products mentioned, GOOGLE IT.
*latest as of April 2008
Contents
1) Anti-virus
Shortlisted rankings of anti-virus products based on the most recent comprehensive test.
Recommended: Avira, G Data AVK
1b) Anti-Rootkit
Because viruses are getting better at hiding. Antivirus programs fail at rootkit detection.
Recommended: RootKit Unhooker
2) Internet Browsers
Stop using IE. Use something else.
Recommended: Firefox + Extensions
3) Firewalls
Breakdown of firewall products.
Recommended: Winpooch, Core-Force, Outpost
4) Anti-spyware
Breif on available software.
Recommended: Spybot S&D
5) Process Explorer (For experts)
The ultimate tool for controlling the realtime system.
6) Hosts file (For experts)
Hardcore firewall alternative.
7) Backup and Recovery
Personal solutions for backing up stuff in case shit happens.
Especially on RAID/AHCI.
8) System Tweaks - Startup, Services, Registry (For experts)
Msconfig, Services, Registry tweaks.
======================================
1) Anti-virus
For easy reference, here are the latest comprehensive tests. These links were updated as of August 2008.
For the purposes of this article, I will refer to the testing charts of two laboratory sites - AV-Test GmbH and AV-Comparatives.
AV-Test GmbH is a German research laboratory that has published numerous research papers for the academic security community, as well as industry conferences. It indexes the databases of all major AV and security Corporations to maintain a master cross-reference list of virus names and definitions for the industry.
March 2008: On-demand scanning
June 2008: Disinfection difficulties
AV-Comparatives is a non-profit organization based in Austria which is affiliated with the technology faculties of several European universities.
February 2008: On-demand scanning
May 2008: Retroactive and proactive response
Summary, with software most of us have heard of, or use:
Software with over 99% Detection:
Avira Antivir (Free)
Software failing 99% benchmark (Borderline 98%):
Avast! Anti-Virus (Free)
AVG/Grisoft AV (Free)
Kaspersky AV(Paid)
Bitdefender(Paid)
Norton/Symantec (Paid) - Worst reputation. Bloatware.
Software failing worse than 98%:
97% Sophos
95% Panda
94% Norman
94% Rising
93% Mcafee
93% NOD32
77% ClamAV/Clamwin (Free)
Etc.
Consult the links for actual test data. This information is factual, not opinion, and is provided for the public good.
=======================================
1b) Anti-Rootkit
Most anti-virus products fail rootkit detection. Rootkits are the new major threat to the IT industry, allowing viruses, trojans and spyware to hide and embded themselves into the kernel of a computer system, from which they have ultimate control and near-invisibility.
Here is a proof-of-concept test: http://www.anti-malware-test.com/fil...otkits_en1.pdf
As you can see, *no* product is 100% - and most anti-virus programs cannot find least afew active rootkits in the system. Every rootkit tested represents a complete category, based on how deeply they penetrate, and the styles used for hiding. It is safe to say that in every category, a hundred others exist; therefore, no anti-virus can protest you from the worst threat imaginable.
This is a list of current products offered: http://www.antirootkit.com/software/index.htm
In a nutshell, Rootkit Unhooker is the only product that I can reccomend. But it is not perfect.
=======================================
2) Internet Browsers
Mozilla Firefox - Safest browser when used with extensions. Uses more memory than opera. Faster than IE.
Firefox 3.01 is the current version as of this edit.
Opera - Some say faster than firefox. Definitely better than IE in every way. Not very customizable.
Safari - Not bad, especially if you're used to mac. Rendering engine better than IE.
Internet Explorer - Worst. Tens of thousands of known bugs and security loopholes that haven't been fixed. Slow. Tied to system problems. Bad privacy.
The thousands of reasons for changing over to firefox have been discussed ad nauseum across the internet, so no use talking about it alot here.
If you have doubts, just do a search, or ask *anyone* who uses it.
But generally speaking, both firefox and opera are faster and safer and have better rendering engines than IE in every way.
Firefox is also fully customizable with very powerful extensions.
If using it, the following extensions are a must-have:
Noscript - Site-by-site javascript security
Cookiesafe Lite - Site-by-site cookie security
Adblock Plus - Customizable ad-blocking
Fasterfox - Customizing firefox's speed settings
Tabmixplus - Full tab control, including backups, auto-refreshing, etc
BugMeNot - Provides login info for most free login sites. Avoid spam.
You can install extensions by going to Tools > Add-ons > "Get Extensions" link at the bottom.
Remember to keep your firefox updated.
Make your homepage Google.com instead of Yahoo or MSN for fastest and cleanest loading.
BTW: If you're still using kazaa or limewire, dump them. BT is better and safer, and there are legal usages for it. I suggest uTorrent.
=======================================
3) Firewalls
For easy reference, and for the purposes of this article, I will link the most comprehensive independent firewall shootout I have found on the internet, found on Matiosec.com.
What makes this firewall testing project unique is that they don't sugar-coat anything: There are 11 products that actually failed the test with an "F9" - less than 10%. Firewall corporations actually respond with new updates, or excuses, when they see their results.
Firewall challenge results
In a nutshell:
Best result (Paid) - 99% - Outpost Pro 2009
Best result (Free) - 95% - Comodo Pro 3
More well-known software that are not recommended:
Kaspersky 7 - 85%
Lavasoft 3 - 70%
Zonalarm Pro 7 - 63% - Known to cause major problems in network stack
Norton Internet Security 2008 - 32% - Known to be bloatware, installed without permission on OEM computers
Total failures (less than 30%):
AVG, Kerio/Sunbelt, Panda, Mcafee, Windows
Sygate was bought over by Symantec (Norton).
For experts - Your best firewall alternative is the hosts file. See section 6.
=======================================
4) Anti-Spyware
Using firefox with good surfing habits, together with the extensions mentioned, will nearly completely eliminate infection by spyware and adware.
Free:
Spybot S&D has just been updated to version 1.6. The detection engine has been improved. The old version (1.4-5) is critically out of date. All users should download the new version ASAP.
Ad-Aware is fairly reliable. Has a slow scan engine that may conflicts with the secure access tools of various organizations. Catches some threats that spybot misses.
Winpooch is recommended for experts who need to lock their system down. Locks down memory, registry, and I/O activity.
Paid:
Spyware Doctor has a better detection engine, in general, than Ad-Aware. It conflicts with certain builds of ad-aware and certain windows tweaks. A free version of it is available with the Google Starter Pack.
Webroot spysweeper
At one point of time, this software was considered quite good, but has since declined.
No program is 100% failproof. There are system vulnerabilities and loopholes that normal programs fail to detect.
However, some programs are designed to find just those kinds of vulnerabilities, although they do not clean them for you:
Rootkitrevealer
Hijackthis
Bazooka
Windows Defender, is a known failure.
=======================================
5) Experts only - Process Explorer
I want a tool I have been using for some time now to be included in the list as I feel that all advanced users should be able to use it.
But those who do not dare or do not know well how to modify process instances, edit the registry, or tweak services and modules, should exercise caution with this program, or simply stick to Task Manager.
This tool I have to recommended is called Process Explorer.
It replaces the task manager, aka the famous (and infamous) ctrl+alt+del module.
It is a no-nonsense, system investigation and control tool. It reports everything going on in your system that you need to know, unless you're an advanced programmer.
It is able to view, control, suspend, and terminate processes ctrl+alt+del can't even see, at the thread, I/O and handle level.
http://technet.microsoft.com/en-us/s.../bb896653.aspx
The most useful feature I find in it is the ability to find and close open handles and terminate threads.
It is my secret weapon to deleting anything I want that is undeletable, and getting some hung processes to get on with it.
WARNING:
If you decide to close any handle to a system file, which you can, the computer will crash.
If you decide to close actively written-into file handles, which you can, the file will become corrupted and can even cease to exist.
If you decide to terminate the wrong thread, the process will self-destruct.
If you decide to close a device handle, the hardware may start to function in unexpected and undesirable ways, data can become corrupted, and critical errors may occur.
If you decide to close, suspend, or kill anything, any handle, any event, any key, any thread, any memory object, anything, unnamed or that you don't have a clue about, the memory may become corrupted and the system will fail. Do so at the wrong time and it will fail catastrophically.
=======================================
6) Experts only - Hosts file.
An extra level of security that blocks almost all threats from the internet is the use of an updated hosts file.
The hosts file is a component of the internet windows uses for custom routing. It is also the final word on internet connections. Firewalls can be bypassed and told to shut up, but the hosts file is loaded directly into the system TCP/IP drivers. By editing the hosts file, you can completely block the full known list of every spying, tracking, bad-pr0n, phishing, and advertisment servers on the internet. However, this is experts-only as you stand the risk of royally screwing up your system, like process explorer. Sites such as ebay are also known to use spying services deeply integrated into their website, so blocking these servers may break ebay, etc.
The hosts file resides in the following directory: C:\WINDOWS\system32\drivers\etc
If you cannot see it, unhide protected system files and folders, and hidden files and folders. If you do not know how to do this, forget it, as you probably shouldn't be messing around with them.
Open the file "hosts" with a simple editor such as notepad. Notepad++ is reccomended. When saving, do not use an extension.
This website has the most up-to-date list of servers for the hosts file. You are highly advised to read through it and inspect the entire list for sites you might want the services of, such as ebay.
http://someonewhocares.org/hosts/
=======================================
7) Backup and Recovery
These are the two final words on security and system performance is recovering from a crisis. Sometimes you just can't stop shit from happening.
Backup your data often.
Use winrar to archive normal data on maximum compression.
I use Acronis Trueimage for the C: drive.
Avoid Norton Ghost as older versions cannot handle NTFS and newer versions, by popular opinion, is horrible and hard to recover from.
Store your backups on an external hard drive that is not plugged in all the time, advisably using FAT32, 16k cluster size. Or burn the backups to a good DVD (eg. yuden) for archiving.
Never back up your system just to a different partition on the same drive. It is usable for restoring windows when it crashed, but if the drive itself crashes, you're screwed.
A good rate of backing up is once every month. If having constantly changing critical data, every weekend is advised.
Alternatively, use a RAID1 or RAID5 array if you have the money and value your data. They have a 1-drive crash tolerance.
RAID6 has 2-drive crash tolerance, for large server storage machines.
For systems without floppy drives and using XP on RAID/AHCI, I know how you feel when windows needs to be reformatted. Santa Rosa laptops all suffer from this if you don't use vista on them.
In such a case, this is the only known solution for rescuing data from a broken or infested partition, and restoring the OS on RAID or AHCI without a reformat.
Create a backup XP OS on a CD using BartPE.
It is essentially creates a live XP kernel which you can run programs off, and access NTFS on RAID/AHCI with impunity.
You will need an existing XP install disc, any XP install disc for this.
Also, the AHCI/RAID drivers - for most boards and laptopts, it's the intel chipset drivers. Santa Rosa uses ICH8M, iirc.
I have installed acronis and partitionmagic on mine, and tested it in a simulated system failure by crash-uninstalling windows.
It booted right into the CD, loaded AHCI to access the destroyed C: drive, loaded acronis, and recovered my partition backup.
I was up and running from a total OS failure in under 30 minutes. I can safely say this works.
=======================================
8) Experts only - Tweaking the System
Needless to say, these are for advanced users. There are plenty of important internal controls that can be modified for performance and security, but at your own risk. If you aren't completely confident of your skills, don't try it. Bad moves may cause your programs and system to fail catastrophically. When I say running, it means accessing it from the run command box in the start menu.
You can edit system files and the registry to change the system internals of windows to suit your performance, security, and interface needs.
A comprehensive manual - almost every single important registry tweak - can be found here: http://www.tweakguides.com/TGTC.html
You can edit your startup list by running "msconfig".
This is useful for preventing useful but otherwise irritating programs from loading at startup. For example: WinampAgent, QuicktimeTasks, MS Office loader, Adobe acrobat loader, etc.
Some kinds of malware load themselves at startup here.
You can control your services by running "services.msc".
Services are the "core" processes of windows. Many AV and firewall programs are registered as services in order to gain access to the system I/O kernel. Bad, useless, or improperly configured services cause windows to slow considerably during boot and on normal usage.
This is what my services look like: http://img220.imageshack.us/img220/9141/serviceszk5.jpg
Quote:
|
Critical Services Plug and Play - Hardware Interface - If you disable this, parts of your system will destabilise. Remote Procedure Call (RPC) - Kernel Service - If you disable this, your system will critically destabilise. The only service I really don't dare disable. Windows Management Instrument - Software & System Interface - If you disable this, "software will not function properly." Essential Services Security Accounts Manager - If you disable this, many security functions won't work. (You want to kena haxxor) This service cannot be stopped. Cryptographic Services - Windows Security - If you disable this, some security functions won't work also. Including encryption. I set this to manual at first, but it gets started alot of the time, so I just figured to put it on auto. Windows Audio - Sound Subsystem - If you disable this, you will have no audio. Logical Disk Manager - Volume Subsystem - If you disable this, some storage and HDD functions won't work. USB flash drives and mp3 players won't work without this (duh). HID Input Service - Additional Input Functions - IYDT, hotkeys, tablets, voice recog and gaming mice won't work properly. My razor mouse cocks up without this. Network Connections - Network Subsystem - IYDT, your network and maybe internet won't work. Even dailup also use this. Network Location Awareness - LAN Interface - IYDT, some LAN functions won't work. I set this to manual at first, but it still starts up at every startup, so I just figured to put it on auto. Functional Services DCOM Server Process Launcher - DCOM Subsystem - Essential for all defrag and some other programs and databases. Disabling will release resources and increase security. This service cannot be stopped. (I was wondering why my defrag, ghost and perfectdisk wouldn't work after disabling this.) Event Log - System Internal Logging - Vital to debugging and error-checking. This service cannot be stopped. This service records every single internal event since the OS was installed unless you limit the log size. You should limit it or it can become very bloated. It can be viewed in compmgmt.msc under "Event Viewer". Task Scheduler - Task scheduling and Prefetching - Prefetching fuction speeds up windows. Some automated software uses this. I disabled this until I found out it supposedly speeds up windows system file access. But it's a security flaw as adbots etc can insert themselves to auto-run inside. (IYDT = If you disable this) |
Server - Allows your computer to host file shares.
Workstation - Allows your computer to access file shares on other computers.
Computer Browser - Needed to list all the computers in the workgroup under network neighbourhood's "Entire Network".
Network Location Awareness - Needed to access file shares without direct links through network neighbourhood.
=======================================
Last updated: April 2008
Updated with: New AV comparison results. New rootkit section. Winpooch Firewall.
Last updated: September 2008
Updated with: New AV comparison results. Revamped firewall section. Added network services. Changed software versions here and there.
I will update this thread periodically, albeit haphazardly as per contributions and insights from other users and new developments. Please don't PM me about stuff on this thread as I don't check VrZ very often.
Disclaimer:
Any and all activities hereon by you (reader), whether following or in contrary to the advice above, are solely at your own risk. Vr-zone and the user Orca accepts no liability for any losses, damages, or problems irregardless of circumstances. Clear attempts have been made to indicate things which run the risk of system instability and may require a significant amount of expertise. This thread is for the necessary sharing of factual information only.
Linear Mode
21 OCZ Fans!
