Complete and secure?

[PUnitBabyDaddy]

My dad was recently hacked or something I'm not exactly sure but whatever. I'm the computer person of the house and all of my computers and his are networked via linksys wrt54g router, some wired and some wireless. I'm going to reformat his computer and start all over with a fresh install of a legit Windows XP Home copy. I'm just here to ask for help/suggestions on where to go from the start...what programs to get and run, how, when and basically all that. I've been running Antivir Guard (Free Personal) and had the XP Firewall on as well as the hardware firewall being the router. He seems to need more protection. I don't like everything he does while online and this is why he doesn't get to use any of my systems, lol. He likes to have his passwords saved with the broswer option and all that so he's like lazy and just wants to go to msn.com and be at his inbox. LAME! I hate that and if its not safe please tell me here so that I can inform him. I'm going to need settings, tweaks and easy to use apps that I can install, setup and then not have to mess with again. Thanks in advance!

[atomizer]

well, you're probably going to get an awful lot of widely varying feedback on that one

here's my $.02...

first, take a good at nLite (free) - you can remove a lot of 'clutter' with that, before you ever install. good for hardening your systems as well.

second, get rid of IE, OE, WMP and the lame windows security center and firewall. i replace these with the following...

Firefox - it's a hell of a browser and VERY HIGHLY configurable. a good alternative for the not-so-savvy may be Opera. Firefox is small and pretty bare by default and really needs some extensions to enable further functionality. that's one of the reasons i like it so much though - you make it what you want it to be. and there's a ton of super extensions available.

Thunderbird - the Mozilla email client.

VLC - for multimedia. i can't really give a good opinion of it yet, as i've been using MPC and the k-lite codec package. VLC is regarded very highly by a lot of people here though and, from what i've seen so far, i like it a lot.

Kerio Personal Firewall - a **** good firewall. they have a free version that should be fine. in the free version, some options get disabled after a period of time, however i've found that stuff to be annoying anyway, plus, you don't need 'web filtering' with Firefox/Thunderbird anyway.

if you use nLite, you'll want to check out Ryan's website as well. he builds a wonderful, all-in-one CAB file that contains almost all of the post SP2 MS hotfixes/patches.

[RogueSpear]

If you're behind a Linksys router, I doubt anyone has hacked into his computer. The possibility would exist based on the wireless aspect, but one would have to be in relative proximity to do this. The more likely scenario is some sort of spyware has found it's way onto his computer. It's all too easy for this to happen too. I honestly don't think there's that much of a security issue with him letting IE store his passwords. It's obviously not the most secure way to operate, but I also have never encountered anything where someone had an account compromised based on that. In fact it may be more secure with the proliferation of keyloggers.

I think that the Firefox hype is just that - hype. I've been using Maxthon for a while now after growing more and more frustrated with Firefox. Maxthon is actually a broswer that uses the IE core for it's rendering engine and I personally find it to be a much nicer browser. Regardless, I don't think the browser will have much impact on overall system security if the system is properly secured to begin with.

It's really of the utmost importance to be running a reputable antivirus solution and a minimum of two antispyware products. I usually stick with Microsoft's AntiSpyware product and SpywareBlaster. SpywareBlaster isn't a true antispyware product, but more of an immunizing product. If you want, Ad-aware and Spybot are good additions. Seeing that you're behind a router, I think that the Windows Firewall should really suffice in terms of a firewalk. There are all kinds of personal firewall products out there, and if you think that he really needs one, a freeware product like the free ZoneAlarm should be just fine. Some of the fancier ones offer more comprehensive ad and popup blocking, cookie management, etc., but I find that the technological neophyte usually grows frustrated with these and disables some or all of the functionality before too long anyway. A fully patched Windows XP SP2 computer that's running AV and antispyware is really much more secure than a lot of so called "experts" would like to admit. What it really boils down to it this: sometimes you just can't protect people from themselves. If your family members insist on visiting questionable web sites, exchange electronic greeting cards, and try out every piece of free software out there that promises the world, then it's only a matter of time before bad things happen.

The other important topic for you would be to properly secure your wireless network. That's really a large topic in and of itself and it's one I don't plan on covering in detail here. But the short version of advice would be to not broadcast your SSID, use MAC filtering, use the highest form of security your router offers (hopefully WPA2 personal), change the router's internal IP address to something other than 192.168.1.1, change the default password for the admin login to the router management web page, disable router management over the internet and over wifi so that it can only be managed via hardwire, and finally disable DHCP and manually configure the network configuration on per computer basis. This way if someone somehow did manage to get through all the other security measures, at least they won't be able to DHCP to your network. Overkill? Definately. You can pick and choose what you'd like to do or use. It's all a balancing act where you weight the importance of security vs. the importance of convenience.

Edited January 12, 2006 by RogueSpear

[atomizer]

I think that the Firefox hype is just that - hype. I've been using Maxthon for a while now after growing more and more frustrated with Firefox. Maxthon is actually a broswer that uses the IE core for it's rendering engine and I personally find it to be a much nicer browser. Regardless, I don't think the browser will have much impact on overall system security if the system is properly secured to begin with.

good post.

i will admit that you can get away with IE if you make changes to the default security options and run blocking/proxy programs along with it. i ran IE for a long time like that and had very few problems. however, to say that firefox is hype as far as security, i don't agree at all. FF is inherently more resistant to problems than IE. it doesn't support ActiveX, is FAR more resistant to malware and has tighter controls on JS. i'm sure there are a numbe of other key benifits as well. another reason i switched was having to run 2 or 3 apps along with IE to keep it under control, and yet another 2 or 3 or 4 or 5 to scan/clean my system and waste my time every few days just to be sure i was clean. also, let's not forget that IE hasn't been updated in forever. it's just patch after patch after patch.

don't get me wrong, i'm not about to say "use FF or you're a dummy" because there's several other browsers that are designed with security in mind. what i would suggest, is to use anything other than IE. and if you dump IE to increase security, then it'd be foolish to keep OE since it's prone to many of the same problems IE is. and if you dump those, you may as well dump WMP since it's also vulnerable to problems because of script execution and whatever else. not to mention the privacy issues.

now, if you dump all that, then there's far less of a need for windows update, no need to hog resources by running 3rd party apps in the background and far less of a need to scan your system for problems every other day (or whatever).

oh, just an FYI for FF users:

if you really miss the windows update website, you can go here, install their plugin and have the auto-update functionality again.

Edited January 12, 2006 by atomizer

[CptMurphy]

You should always have a software firewall in your system. Even if you're behind a router because there are always ways around a router. If the router was using Dynamic NAT then you wouldn't need to worry but you should still use a software firewall. I'd suggest ZoneAlarm, they have a free edition. Firefox is a good browser. But there are still security flaws. One browser that was checked for flaws was Opera; they found 8 flaws that where patched up already by the company. I don't use it cuz I'm too integrated into Firefox but you could give it a try. If you still use IE, make sure that you block cookies and explicitly state which site can place cookies. Also, you should stop the ability of downloads via IE. Firefox has this option to clear all the personal info upon exit. You should also schedule virus and ad-ware scans at least once a month.

Edited January 12, 2006 by m3n70r

[atomizer]

@m3n70r

i think you're spot-on regarding the security of Opera. i believe it's better than FF. like you however, i'm WAY too hooked on FF to change. i even got a free Opera license when they were giving them away a short time ago and i still uninstalled it.

[LLXX]

Don't forget to add a site-blocking HOSTS file. Those are really useful for blocking malicious (including advertising) sites.

You can search the Internet for an updated one and merge it into your existing one once in a while.

Edited January 12, 2006 by LLXX

[PUnitBabyDaddy]

First I'd like to thank everyone for the help so far and just know it will definitely be useful!

Secondly I'd like to add that he does use FireFox as his default browser. I really didn't think he was actually 'hacked' but that's his claim. See he got a call on his cell phone one evening from a company in California that wanted to confirm a several thousand dollar purchase that was made through his paypal account. He denied it then and called me. I was home and hopped on the computer to check it out. The password to login into his paypal had changed and this was the case to 3 out of the four email addresses he uses. I don't know exactly what happened but when he was p***ed he was wanting to blame one of my friends that lives with us for visiting porn sites and anything else but my dad does in fact visit sites I was never too sure about anyhow. He was always calling me into his office for help with some site needing you to enable cookies or he needed to know how to open files. I had him with MS Word 2003 Pro and he was fine but then he needed to open .pdf so I installed Acrobat. If there were anything else that I wasn't sure about or too lazy to help with I told him it wasn't good or I didn't know and to not mess with it. His computer is connected to the router by ethernet cable rather than a wireless card. I should have stated that before, sorry but I was in a hurry at the dinner table, lol.

I really like the use of nLite but I'm not so much familiar with it so I'll be sure to check out the threads on it but regarding security in my case which is protecting my dad how should I go about using it?

Also with some of the above mentioned precautions and programs are any of them linked?...? What I mean is if on one computer in our network do they also need to be installed and configured on everyone of the systems as well?

Thanks again and I will check back later on with some more info from my dad, lol, he doesn't know what he talks about but atleast I've come to right spot for help.

[atomizer]

i'm wondering if he didn't install a trojan without knowing it??? this is one instance where a router AND a s/w firewall AND anit-virus can be useless as far as security - a 'good' trojan can tunnel right through all of them. because of his email passwords being changed, i'm guessing that may have been the problem. keep in mind that any other personal data he had stored could've also been compromised - CC #'s, phone #'s, bills, passwords, etc..

as far as the stuff i listed, no, nothing is linked.

[CptMurphy]

The only way to link the computers is to have one PC act as gateway; but it would need two nics. One for the internal network, one for internet access. Essentially, what you would be doing is, instead of sending traffic directly through the router, you would first send it to the gateway PC first, which would do a virus scan, firewall, privacy guard, etc. and from the gateway, send it out to the router once everything you specify has been filtered. There's a website http://www.baraka.ca/indexmain.asp which allows you to make any PC into a basic gateway/server, mainly for security. It also runs under Windows and is free. This way may be if you don't mind spending hours playing around with the programs.

However, going back to the simplest way, have a switch. Connect each of the PC's, including the gateway, to the switch, connect your gateway to the router (This is, again, where you need two NICs in the gateway PC). Have each of the PC's default gateway set to a static IP on the gateway PC, make sure it's a private IP address. And from the gateway PC just have the connection shared. And just put the firewall and antivirus scanner on there. If it seems like a lot of stuff to do, it is. It'd be easier and cheaper to just install the programs on each of the computers and not worry about buying extra equipment.

Edited January 12, 2006 by m3n70r

[RogueSpear]

Working as a security consultant, I can honestly say that overdoing security more often than not results in less security. Keep it simple. If you keep the OS up to date, which is easy to do with Automatic Updates, keep your AV and antispyware utilities up to date, which again should be easy with autoupdating.. well you're 90% of the way there.

Instituting all kinds of Rube Goldberg types of solutions will not further your cause in protecting a computer and it's network from various types of threats. I stand by my first post as well. For all practical purposes, the browser you use has little influence on the security of your computer. As time goes on, it's the user who has the most influence on the security of a system, not the software and hardware measures that are put in place.

[CptMurphy]

@RogueSpear:

Very true. But also keep in mind that black hat hackers will usually go after the easy scores. So if they see that getting into a system will take 'em 5hours, they'll skip it and move on to the next. One of the best ways is to keep away from well known AV, and firewall prog's because crackers go after those first since obviously many more people use those. The programs you suggested are perfect since not many people would use 'em. Too many people use either McAfee, Norton, and possibly now, ZoneAlarm.

As for the browser not being a major part of security protection? It only doesn't matter if you use the standard configs. But it's not just the configs. It's internal code that can't be blocked by reconfiguration.

Also, yea, you can use IE and be semi-safe as long as you update once a week. But to be honest, that a hassle. I also don't trust the Auto Update simply because anyone can execute specific code on that particular port that AU uses. It'd be better for them to use a more "secure" browser like FF. Now, as a security consultant, chances are you work with routers, possibly Cisco or Nortel routers. In those routers, there are commands for security that can seem excessive but are simply general practice for security. Same with computers. Yes, some changes seem excessive but again, it's all for ease of use.

[atomizer]

But also keep in mind that black hat hackers will usually go after the easy scores. So if they see that getting into a system will take 'em 5hours, they'll skip it and move on to the next.

yeah, but is it really a malicious "hacker" (in the true sens of the word) the average joe at home needs to worry about? the bigger problem is "script kiddies" i would think. i would guess that if you were bent on keeping out a real hacker, you'd have your hands very full, but the pimply faced, port scanning script kiddies are a different animal and easier to deal with. the problem is that they're so abundant. i would think a hacker has little reason to even bother with with mr. average. they're probably interested in far more challenging obstacles.

[PUnitBabyDaddy]

Ok, I've reformatted and reinstalled WinXP Home so far. I've not connected the computer to the network just yet because I am trying to get some apps on disc and installed first. I'll be including the SP2.exe in that mix as well. Once they are all installed and running I will then visit the Windows Update site for a complete and full update. Should I install everything that comes up? Like other than the security hotfixes such as the driver updates? Its going to take me awhile because I'm not going to mess with nLite just yet and I don't think its needed for his computer installation. I'm pretty much just planning to scrap our entire network and start over. My reorganized network will consist of two desktops (wired) and a laptop with a wireless connection. Any suggestions on the hardware setup? Once again my router is a linksys wrt54g.

Concerning software we haven't decided what to use at the moment because he likes to buy stuff whereas I like the free stuff. Its just nice to be able to have a system with all freeware apps that do the job just as good or better. I really like OpenOffice XD! Anyhow thanks for the help thus far and I am so ready to get through this whole situation lol. HE'S BUGGING ME!

[CptMurphy]

yeah, but is it really a malicious "hacker" (in the true sens of the word) the average joe at home needs to worry about? the bigger problem is "script kiddies" i would think. i would guess that if you were bent on keeping out a real hacker, you'd have your hands very full, but the pimply faced, port scanning script kiddies are a different animal and easier to deal with. the problem is that they're so abundant. i would think a hacker has little reason to even bother with with mr. average. they're probably interested in far more challenging obstacles.

You're absolutely right. Here's two main things to keep in mind. Script kiddies are only looking to fubar your system or get a look at what you got on ur HD, or just plain scare you and in relation amuse themselves. Black hats on the other hand, live only to profit. So while you think, "oh, some big hacker wont come after my system, I'm just an average dude." Maybe, but you're also an average dude with a bank acct and possibly CC's that can be used.

@PUnitBabyDaddy:

For the updates, at first just click on the Express button. After those essential updates are installed, reboot, go back to the windows update site but this time click on the custom button. And just pick and choose what you need. However, you should always make the critical updates a priority.

As for your network, as long as you use WEP on your wireless side. And have firewalls; anti-virus, and ad-ware scanners, whether payware or freeware. Best of luck man.

Edited January 13, 2006 by m3n70r