[Dshield] Hardening A Sytem & Re: A few strange exe's

jayjwa jayjwa at atr2.ath.cx
Tue Jan 13 03:52:10 GMT 2004


On Sun, 11 Jan 2004, Kenneth Coney wrote:

> This is one of my hobbies.  I have learned you can't just rely on Norton AV
> alone when dealing with a strange PC.  An updated Norton is an excellent

Good advice. Don't neglect the registry either! Back it up when the
system's in a good state, not damaged. A large % of trojans/virus/worms
modify the HKLM/software/microsoft/windows/currentversion/run, run-once,
etc reg. keys to auto-run the trojan/virus/worm on each boot up, and
something odd in there is usually a good sign that something's amiss.

AV-scanners can and do fail. When I ran Windows, I disabled System
Restore, disabled auto-anything: including anything that happend without
my explicit consent, used a firewall, replaced IE with Mozilla, turned off
ActiveX, Java, Javascript, etc except for sites that actually required those
to do something that _I_ wanted done, used a text email reader, an
(extensive) hosts file (that I still use, works very nice- no ads either),
denied all cookies by default, never ran exe's from unknown sources,
logged everything, and backed up the registry religiously. I was never big
on spyware-scanners or AV's, but I never had a problem. Some tools make
things easier under Windows, since they don't come with the OS, but can be
DL'ed seperately. I liked 3D-TraceRoute (whois, ping, traceroute, OS
detection, portscanner- all in one), Fresh UI & Diagnose (good for showing
running processes and such. Since these are relatively unknown, few if any
viruses/trojans attempt to disable them), and Port-Peeker (watch what's
coming into any port you want- ICMP, TCP, UDP- anykind). Make sure your
machine isn't "pinging" other machines randomly. Some P2P programs &
others do this (I'm not speaking of worms & infected hosts now, just user
programs), then don't stop when they should- effectively announcing
your presence to anyone with malicious intent who is listening.

[jayjwa]RLF





More information about the list mailing list