Author Topic: Episode 384 - Keeping your Computer Safe  (Read 3434 times)

Offline Chris Redfield

  • Survivor
  • ***
  • Posts: 152
  • Karma: 11
Episode 384 - Keeping your Computer Safe
« on: February 23, 2010, 02:46:57 PM »
While I'm not the same Chris that sent in the email about the importance of data backup and computer security, I do have some additional thoughts on it. :)

The general Windows password that most people think keeps them "secure" is a complete joke, and can be bypassed entirely in seconds. If the data itself isn't encrypted, all that needs to be done is to boot into a different operating system from CD or USB key, and everything is wide open. Macs aren't much better - there's a quick series of commands that needs to be run from an OSX setup disc, and the root password can be reset. It's ostensibly there if you "forget your password" but there's two sides to the coin - the other side being that with my cell phone, a USB cable, and thirty seconds, I'm on your machine.

So how do you stop this? Encrypt your files. You can keep just the sensitive things (last year's tax return, if you file eletronically, for example) in an encrypted container, or you can go whole-hog and protect your entire disk. For encryption, I simply cannot say enough good things about TrueCrypt - it's powerful, it supports Windows, OSX, and Linux, and it's "free as in speech" software. (I'm aware that some OSes have built-in encryption, but I'm just offering an easy, widely compatible, and free option.)

Other things you can do to keep yourself safe:

Use an anti-virus program.
AVG, Avast!, and Microsoft Security Essentials are all free.
(If you use the STEAM software for gaming, don't use AVG - the two do not get along.)

Practice safe surfing.
Use a browser like FireFox with the NoScript plugin, or Internet Explorer 8 with its Protected Mode function. Dangerous software isn't just for the seedier side of the Web anymore - rotating banner ads that use Flash or other scripting languages have been points of infection recently, and those can pop up on any major site that you'd normally "trust."

Keep something between you and the Internet.
With the advent of wireless networking, this has become less of an issue - but make sure that you're using a software firewall or at the least a router to keep a layer of separation between your computer(s) and the outside Internet.

Don't click spam.
No, that magical pill with not make you "bigger." It will, however, make your bank account smaller. ;)

Cheers folks!

Offline MaddoginMass

  • Survivalist Mentor
  • *****
  • Posts: 525
  • Karma: 10
Re: Episode 384 - Keeping your Computer Safe
« Reply #1 on: February 23, 2010, 04:21:37 PM »
Very good advice.  I'm going to add a bit to it.

In addition to everything Chris said, I run several other security related applications on a regular basis.  I have found that this multilayered approach is very effective. 

Antivirus - Avira Antivir (I have also run AVG)
Malwarebytes - this protects against malware and spyware.  I have used this to fix several infected computers
SuperAntiSpyware - another anti-spyware app
Ad-aware - another ad-ware remover (but I've been using this less recently)
SpywareBlaster - this works a bit different as it is proactive versus reactive.  Very simply it blocks "bad" sites so that they can't access your browser or have your browser redirected to them.

My final comment is that no matter how many applications you have, if you don't keep them updated their effectiveness is greatly reduced.

adp113

  • Guest
Re: Episode 384 - Keeping your Computer Safe
« Reply #2 on: February 23, 2010, 08:57:34 PM »
I have to second Truecrypt.  This is the product that Kevin Mitnick uses to encrypt his laptops, you can google him.  When it comes to Windows Bitlocker, that is a joke.  At a conference were we got a one on one session with an FBI SSA, Bitlocker came up.  He stumbled a bit with his answer and finally said "bitlocker is not a something we are concerned with".  I took this to mean that MS has provided a back door to the gov't and soon enough that back door will be wide open to all.

Offline Archangel Mike

  • Prepper
  • **
  • Posts: 18
  • Karma: 0
Re: Episode 384 - Keeping your Computer Safe
« Reply #3 on: February 24, 2010, 04:07:39 PM »

Antivirus - Avira Antivir (I have also run AVG)
Malwarebytes - this protects against malware and spyware.  I have used this to fix several infected computers
SuperAntiSpyware - another anti-spyware app
Ad-aware - another ad-ware remover (but I've been using this less recently)
SpywareBlaster - this works a bit different as it is proactive versus reactive.  Very simply it blocks "bad" sites so that they can't access your browser or have your browser redirected to them.

My final comment is that no matter how many applications you have, if you don't keep them updated their effectiveness is greatly reduced.


Dittos to what you all said.

Ad-aware has gone downhill in my opinion, so I started using Malwarebytes as my cleaner, with Spybot immunization as my main defense.  I don't use/like the Spybot teatimer option.

If you see Limewire/Kazaa/etc or other file sharing program, assume that there is an infection. Install and update the programs listed in this thread, reboot into safe mode and scan and fix all the problems. Then reboot into safe mode and scan again with all programs. Rinse, wash and repeat until all infections are gone.

Stop using Internet Explorer.

Use an account without administrator access, or at least give your non-techie spouse and kids non-admin accounts.

Mike

Offline EMichael

  • Survivor
  • ***
  • Posts: 137
  • Karma: 5
Re: Episode 384 - Keeping your Computer Safe
« Reply #4 on: March 01, 2010, 11:27:14 AM »
...
Malwarebytes - this protects against malware and spyware.  I have used this to fix several infected computers
...

Careful here.  Malwarebytes is on record as only 'going after threats which the majors miss'.  They only detect around 2800 threats versus the millions of threats the majors protect against.

Point being, use a commercial security program (Symantec, McAfee, Trend) and supplement that as necessary with Malwarebytes.  Also remember with 'free' you get what you pay for.

Offline archer

  • Administrator
  • Ultimate Survival Veteran
  • *******
  • Posts: 17123
  • Karma: 381
  • #ImissAmerica
    • Journey to Greener Pastures
Re: Episode 384 - Keeping your Computer Safe
« Reply #5 on: March 01, 2010, 04:16:35 PM »
Here is a tool to use when you are getting rid of a system: DBAN (dban.org)
"Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction."

Offline luke

  • Anarchocaprivore
  • Survivalist Mentor
  • *****
  • Posts: 407
  • Karma: 18
Re: Episode 384 - Keeping your Computer Safe
« Reply #6 on: March 10, 2010, 02:06:12 AM »
I have to second Truecrypt.  This is the product that Kevin Mitnick uses to encrypt his laptops, you can google him.  When it comes to Windows Bitlocker, that is a joke.  At a conference were we got a one on one session with an FBI SSA, Bitlocker came up.  He stumbled a bit with his answer and finally said "bitlocker is not a something we are concerned with".  I took this to mean that MS has provided a back door to the gov't and soon enough that back door will be wide open to all.

Did you read his book after he got out of prison? I thought it was interesting and probably relevant to the people here. "The Art of Deception" is the title for everyone else, it is a good read either for prevention, entertainment, or preparation. Social Engineering is an art, and something that made me realize that being angry and screaming at people for counting your change wrong at the supermarket wouldn't get you anywhere. (stupid teenager, I was.)

The only thing I worry about with encryption is forgetting my password, especially if I don't use it for a while. I have several 1.44" floppies with PGP keys or whatever on them and no idea how to get the information back without enrolling a cloud computing system.

Offline Docwatmo

  • May Ignite Spontaneously
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8829
  • Karma: 267
  • The Prepper Rising from the Ashes
Re: Episode 384 - Keeping your Computer Safe
« Reply #7 on: March 10, 2010, 08:45:12 AM »
Probably the single best thing you can do to protect your computer is to not run it with admin privlidges.

Set up an admin account and a limited user account.  Then always log in under the user account.  If you have an application that needs elevated privileges to install, either go to the admin account to install or use the "Run as Administrator" option in explorer.

This is not foolproof, but the vast majority of malware gets hung up at the point of install by this.  This will offer great protection, and then when you add any AV, Malware, Firewall protection to your computer, you are going to be running much safer than with any single solution.

I had a machine at home (back in 01 or 02) that I ran open to the internet with no firewall (Just as an experiment) for 6 months with a limited account and automatic updates enabled.  I ran an IDP application in passive mode and saw hundreds of scripts and scans against the machine and not a single piece of malware ever made it onto that machine.  I used this machine as a default internet surfing machine and ran both IE and firefox on it.  I do admit I run IE in a more secure than default mode, but that should be the case anyway.  Never run the defaults, always lock things down and only open up as necissary.

By the way, I haven't listened to this podcast yet, Hoping to get to it tonight after class.

Offline Docwatmo

  • May Ignite Spontaneously
  • Administrator
  • Survival Veteran
  • *******
  • Posts: 8829
  • Karma: 267
  • The Prepper Rising from the Ashes
Re: Episode 384 - Keeping your Computer Safe
« Reply #8 on: March 10, 2010, 08:51:29 AM »
Also, when it comes to passwords, I use a scheme that makes it virtually impossible to forget passwords.

Use a passphrase that is easy to rememrber such as.  (My old girlfriend Cindy hated mice!)  That would be the first part of your password "MogChM!"  Then pick a series of numbers that have a meaning to you.  (I use weapon calibers and add several together such as "3006556"

So a password under this method would be "MogChM!3006556"  Awesome secure password.  No password cracker or dictionary will have those letters or numbers in that sequence.  Then since its not a good idea to use the same password for everything, you can just change up the calibers on the end for each new login you use.  Easy to remember and if you forget, you can usually figure out your password because you know what method you used.