willie
29-07-2003, 17:01
Just some little security tools that i post on sites from time to time and just noticed that it is not here so here it is...........
Of all the threads in this forum, this is one of the most important you'll ever see. In this thread are links, tools and procedures that will enable you to secure your systems. Check back every so often as I am constantly updating this thread with more information.
1. If you use any IRC's (AIM, Icq, MSN), make sure they do not start with your machine. Once they do, you do not want to be visible (if that option is available) or have your ip visible. Any other security features in there you should use as well.
2. While no firewall is infallible, ZoneAlarm http://www.zonelabs.com will defeat nMAP scans thru ports 65000+. It also is faster than most firewalls (yes, even ATGuard/Norton Internet Security, Tiny). It will also not crash as easily as many firewalls if they are scanned at high speed and bombarded with many packets. I allowed nMAP scans to pound away at my system for 2 hours and they were useless. Another good firewall that recently made it's debut is Outpost from http://www.agnitum.com . If you prefer rules based firewalls and are an advanced user, Tiny http://www.tinysoftware.com Norton Internet Security http://www.symantec.com/product/home-is.html and Sygate http://www.sygate.com are probably your best bet.
3. For everyone using ZoneAlarm and does not know about the many log analyzers there are available to assist you in determining what all those alerts mean, you can go to http://www.zonelog.co.uk/ or http://keir.net/icewatch.html (for BlackIce) and obtain free versions. Add-ons for ATGuard/Norton Internet Security may be obtained at http://balder.prohosting.com/~bud01/utils.html
A new freeware addition for ZoneAlarm and BlackIce analyzers is VisualZone Report Utility from http://www.visualizesoftware.com
4. Defeat those nasty .VBS scriptworms as well as the new trojan/virus embedded hostile web pages. This free tool from Symantec http://www.symantec.com/avcenter/venc/data...pt.hosting.html is all you need to protect you from them. This next tool (HTAStop) will disable the new virus embedded HTML issue. http://www.nsclean.com/psc-exe2.html
5. Maintain your operating system security updates. This is a must, because if they're important enough for Microsoft to take the time (finally) to address them, you should have them.
6. Whatever antivirus you decide to use must be maintained and upgraded constantly. I use PC-cillin2000 http://www.antivirus.com (free online scan is also available) . Antidote from Vintage Solutions http://www.vintage-solutions.com/English/A...uper/index.html (if you want a free scanner, then this is the only free one you want). If you want a free antivirus then look at Antivir from http://www.hbedv.com/index.html
http://www.symantec.com , McAfee http://www.mcafee.com, AVP is a good product at http://www.kasperskylabs.com/products.html and Sophos AV is available at http://www.sophos.com Panda antivirus is athttp://www.pandasoftware.com/ It's whatever you prefer. Having nothing at all is the worst thing you can do.
7. Tauscan from http://www.agnitum.com and The Cleaner http://www.softseek.com are two very effective add-on trojan scanners. PestControl from http://www.safersite.com/ has become the quiet contender for the crown.
8. Ah, the famous "Toybox" from our esteemed "rmbox"....some of the handiest little utilities I've ever seen. These work on 95/98 and to a point, ME. http://home.earthlink.net/~rmbox/Reticulated/Toys.html
9. RegistryProtect from http://www.diamondcs.com.au/web/htm/regprot.htm is a free registry monitor that will alert you to sudden changes in your system's registry.
10. AdAware
is available at http://www.lavasoftusa.com is the perfect way to get rid of that pesky spyware. SpyBlocker allows you to use the adyware infected programs you like and disables the embedded adware: http://noads.hypermart.net/ Another program users have been introduced to is SpyBlocker. SpyBlocker lets the adware connect...but not to your system. http://noads.hypermart.net/
A new form of advertising hijacks your browser. This has been appropriately nicknamed "scumware". One site that has taken the fight to the advertisers that utilize this practice is http://www.scumware.com
They have links and information users can research to assist them in fighting intrusive Internet advertising practices.
11.SpyChecker is the perfect way to check if that free program has spyware in it. www.spychecker.com
An additional site that you can also check is here: http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
12. Netlab http://www.webattack.com/download/dlnetlab.shtml
is freeware that you keep on your system. It's small and does WhoIs, DNS, ping, finger, quote, trace and time on those ip addresses that keep popping up in your firewall logs. Pretty nifty and you don't have to go to a separate site.
13. All kinds of virus removal tools, and for free! http://www.symantec.com/avcenter/tools.list.html http://www.pandasoftware.com/
McAfee's Manual Removal and tools page: http://vil.mcafee.com/virusSupport/virusSupport.asp? . (Click on 'Top10' 'Command line' or 'Misc.' links from that page). Or, try the AVERT page, here: http://www.mcafeeb2b.com/naicomm....ols.asp http://fireav.com/downloads/
14. Clean out your system after surfing. Window Washer is a great shareware utility for removal of Internet cache, cookies and other junk. It also has mega-free plugins to clean out tracks from dozens of programs!http://www.webroot.com/down1.htm
It works with MSIE, Netscape, AOL.
15. Need to filter everything from cookies to url referrers, popups and advertising? WebWasher is a great addition to your firewall system and is free for home or educational use. I've rarely seen such a configurable utility: http://www.webwasher.com/en/products/wwash...sh/download.htm
16. Here's one more site that has alot of very good security utilities: EPIC Online Guide to Practical Privacy Tools http://www.epic.org/privacy/tools.html
17. A site that has literally cyber-tons of security programs and utilities is Simtel.net File shredders, access conrol, keyloggers, lots of good control programs if you have kids or the system is shared, etc. http://www.simtel.net/pub/win95/security/diskvac2.zip
18. Paper Shredder is an easy to use Privacy utility.
Features:
Deletes Internet Cache, History, Cookies, Location bar Address
Clears Recent Documents menu
Clears Recent Clips (Windows Media Player and RealPlayer)
Clears Recent Projects (Delphi, Visual Basic, Visual C++)
Empty Recycle Bin and Temporary Files
Clears all of these items with the click of a button
Launch from Internet Explorer directly
Minimized in the system tray so it takes up no screen
Simulate Office XP menu look and feel
Smart Eject CD-ROM, when windows shutdown or log off
Compatible with Internet Explorer (4.x, 5.x)
Compatible with Windows 98, 2000, ME
Friendly install interface and Complete uninstall capabilities. http://www.simtel.net/pub/pd/55226.shtml
19. Firestorm is a Network Intrusion Detection sensor that is multi-threaded, fast, and is pluggable at almost every software architectural point. It also aims to support many open standards. Currently it is just a sensor, but plans are to support central correlation databases and an analyst console.
Current Features:
* Fully pluggable.
* Capture from libpcap files.
* Snort rule support.
* Almost as many matchers as snort.
* Support for IP, Ethernet and other common protocols.
* String match.
* TTL, and IP ID matchers. http://www.scaramanga.co.uk/firestorm/
20. If you do not use print and file sharing, TURN IT OFF! This is basic security. It's very simple to write malicious code that will allow someone to enter your system and do pretty much what they want with this function enabled. Turn off the PREVIEW feature in Outlook Express if it's enabled. This function basically opens your mail before you open your mail and allows malicious code to run. Disable OE's "Automatically put people I reply to in my address book" as this addresses another vunerability.
21. This is the MS patch that disables .VBS scriptworm's ability to propogate in your system.
MS Scriptlet.typeleb Eyedog patch http://www.microsoft.com/technet/security/...in/ms99-032.asp
22. Patch Available for "Malformed E-mail Header" Vulnerability http://www.microsoft.com/technet/security/...in/MS00-043.asp
23. Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Patch
http://www.microsoft.com/technet....020.asp
24. Disable WinXP's vunerable plug n play feature with "Unplug n Play" http://grc.com/UnPnP/UnPnP.htm
25. MailWasher is a great program! With it users are able to view, remove and bounce mail before it reaches their regular email client. Finding it hard to be removed from mailing lists? Getting harassed by someone on your email? Tired of getting junk email from unknown sources? Why not make them think you no longer exist by bouncing back their email so it looks like your address has been closed down.
Are you tired of getting forwarded e-mails with large attachments that take ages to download? Are you scared of getting an email virus? Why not delete the email directly off the server so you don't have to download it.
http://www.mailwasher.net/
Of all the threads in this forum, this is one of the most important you'll ever see. In this thread are links, tools and procedures that will enable you to secure your systems. Check back every so often as I am constantly updating this thread with more information.
1. If you use any IRC's (AIM, Icq, MSN), make sure they do not start with your machine. Once they do, you do not want to be visible (if that option is available) or have your ip visible. Any other security features in there you should use as well.
2. While no firewall is infallible, ZoneAlarm http://www.zonelabs.com will defeat nMAP scans thru ports 65000+. It also is faster than most firewalls (yes, even ATGuard/Norton Internet Security, Tiny). It will also not crash as easily as many firewalls if they are scanned at high speed and bombarded with many packets. I allowed nMAP scans to pound away at my system for 2 hours and they were useless. Another good firewall that recently made it's debut is Outpost from http://www.agnitum.com . If you prefer rules based firewalls and are an advanced user, Tiny http://www.tinysoftware.com Norton Internet Security http://www.symantec.com/product/home-is.html and Sygate http://www.sygate.com are probably your best bet.
3. For everyone using ZoneAlarm and does not know about the many log analyzers there are available to assist you in determining what all those alerts mean, you can go to http://www.zonelog.co.uk/ or http://keir.net/icewatch.html (for BlackIce) and obtain free versions. Add-ons for ATGuard/Norton Internet Security may be obtained at http://balder.prohosting.com/~bud01/utils.html
A new freeware addition for ZoneAlarm and BlackIce analyzers is VisualZone Report Utility from http://www.visualizesoftware.com
4. Defeat those nasty .VBS scriptworms as well as the new trojan/virus embedded hostile web pages. This free tool from Symantec http://www.symantec.com/avcenter/venc/data...pt.hosting.html is all you need to protect you from them. This next tool (HTAStop) will disable the new virus embedded HTML issue. http://www.nsclean.com/psc-exe2.html
5. Maintain your operating system security updates. This is a must, because if they're important enough for Microsoft to take the time (finally) to address them, you should have them.
6. Whatever antivirus you decide to use must be maintained and upgraded constantly. I use PC-cillin2000 http://www.antivirus.com (free online scan is also available) . Antidote from Vintage Solutions http://www.vintage-solutions.com/English/A...uper/index.html (if you want a free scanner, then this is the only free one you want). If you want a free antivirus then look at Antivir from http://www.hbedv.com/index.html
http://www.symantec.com , McAfee http://www.mcafee.com, AVP is a good product at http://www.kasperskylabs.com/products.html and Sophos AV is available at http://www.sophos.com Panda antivirus is athttp://www.pandasoftware.com/ It's whatever you prefer. Having nothing at all is the worst thing you can do.
7. Tauscan from http://www.agnitum.com and The Cleaner http://www.softseek.com are two very effective add-on trojan scanners. PestControl from http://www.safersite.com/ has become the quiet contender for the crown.
8. Ah, the famous "Toybox" from our esteemed "rmbox"....some of the handiest little utilities I've ever seen. These work on 95/98 and to a point, ME. http://home.earthlink.net/~rmbox/Reticulated/Toys.html
9. RegistryProtect from http://www.diamondcs.com.au/web/htm/regprot.htm is a free registry monitor that will alert you to sudden changes in your system's registry.
10. AdAware
is available at http://www.lavasoftusa.com is the perfect way to get rid of that pesky spyware. SpyBlocker allows you to use the adyware infected programs you like and disables the embedded adware: http://noads.hypermart.net/ Another program users have been introduced to is SpyBlocker. SpyBlocker lets the adware connect...but not to your system. http://noads.hypermart.net/
A new form of advertising hijacks your browser. This has been appropriately nicknamed "scumware". One site that has taken the fight to the advertisers that utilize this practice is http://www.scumware.com
They have links and information users can research to assist them in fighting intrusive Internet advertising practices.
11.SpyChecker is the perfect way to check if that free program has spyware in it. www.spychecker.com
An additional site that you can also check is here: http://www.infoforce.qc.ca/spyware/enknownlistfrm.html
12. Netlab http://www.webattack.com/download/dlnetlab.shtml
is freeware that you keep on your system. It's small and does WhoIs, DNS, ping, finger, quote, trace and time on those ip addresses that keep popping up in your firewall logs. Pretty nifty and you don't have to go to a separate site.
13. All kinds of virus removal tools, and for free! http://www.symantec.com/avcenter/tools.list.html http://www.pandasoftware.com/
McAfee's Manual Removal and tools page: http://vil.mcafee.com/virusSupport/virusSupport.asp? . (Click on 'Top10' 'Command line' or 'Misc.' links from that page). Or, try the AVERT page, here: http://www.mcafeeb2b.com/naicomm....ols.asp http://fireav.com/downloads/
14. Clean out your system after surfing. Window Washer is a great shareware utility for removal of Internet cache, cookies and other junk. It also has mega-free plugins to clean out tracks from dozens of programs!http://www.webroot.com/down1.htm
It works with MSIE, Netscape, AOL.
15. Need to filter everything from cookies to url referrers, popups and advertising? WebWasher is a great addition to your firewall system and is free for home or educational use. I've rarely seen such a configurable utility: http://www.webwasher.com/en/products/wwash...sh/download.htm
16. Here's one more site that has alot of very good security utilities: EPIC Online Guide to Practical Privacy Tools http://www.epic.org/privacy/tools.html
17. A site that has literally cyber-tons of security programs and utilities is Simtel.net File shredders, access conrol, keyloggers, lots of good control programs if you have kids or the system is shared, etc. http://www.simtel.net/pub/win95/security/diskvac2.zip
18. Paper Shredder is an easy to use Privacy utility.
Features:
Deletes Internet Cache, History, Cookies, Location bar Address
Clears Recent Documents menu
Clears Recent Clips (Windows Media Player and RealPlayer)
Clears Recent Projects (Delphi, Visual Basic, Visual C++)
Empty Recycle Bin and Temporary Files
Clears all of these items with the click of a button
Launch from Internet Explorer directly
Minimized in the system tray so it takes up no screen
Simulate Office XP menu look and feel
Smart Eject CD-ROM, when windows shutdown or log off
Compatible with Internet Explorer (4.x, 5.x)
Compatible with Windows 98, 2000, ME
Friendly install interface and Complete uninstall capabilities. http://www.simtel.net/pub/pd/55226.shtml
19. Firestorm is a Network Intrusion Detection sensor that is multi-threaded, fast, and is pluggable at almost every software architectural point. It also aims to support many open standards. Currently it is just a sensor, but plans are to support central correlation databases and an analyst console.
Current Features:
* Fully pluggable.
* Capture from libpcap files.
* Snort rule support.
* Almost as many matchers as snort.
* Support for IP, Ethernet and other common protocols.
* String match.
* TTL, and IP ID matchers. http://www.scaramanga.co.uk/firestorm/
20. If you do not use print and file sharing, TURN IT OFF! This is basic security. It's very simple to write malicious code that will allow someone to enter your system and do pretty much what they want with this function enabled. Turn off the PREVIEW feature in Outlook Express if it's enabled. This function basically opens your mail before you open your mail and allows malicious code to run. Disable OE's "Automatically put people I reply to in my address book" as this addresses another vunerability.
21. This is the MS patch that disables .VBS scriptworm's ability to propogate in your system.
MS Scriptlet.typeleb Eyedog patch http://www.microsoft.com/technet/security/...in/ms99-032.asp
22. Patch Available for "Malformed E-mail Header" Vulnerability http://www.microsoft.com/technet/security/...in/MS00-043.asp
23. Incorrect MIME Header Can Cause IE to Execute E-mail Attachment Patch
http://www.microsoft.com/technet....020.asp
24. Disable WinXP's vunerable plug n play feature with "Unplug n Play" http://grc.com/UnPnP/UnPnP.htm
25. MailWasher is a great program! With it users are able to view, remove and bounce mail before it reaches their regular email client. Finding it hard to be removed from mailing lists? Getting harassed by someone on your email? Tired of getting junk email from unknown sources? Why not make them think you no longer exist by bouncing back their email so it looks like your address has been closed down.
Are you tired of getting forwarded e-mails with large attachments that take ages to download? Are you scared of getting an email virus? Why not delete the email directly off the server so you don't have to download it.
http://www.mailwasher.net/