Powered by Windows XP Pro

Security Issues for Windows and IE

Select a Tip

 

Practice Safe Hex! - Browsing the Internet without protection is just plain foolish!
It can't be stressed enough on how important it is to keep your system up-to-date. This not only involves Windows Update, but also all the other programs on your machine. The vast majority of user problems (hijacks, adware/spyware) I see are due to failure to keep Windows patched, and lack of a proper "Layer of Protection".

Preventing Vulnerabilities in Windows and Internet Explorer

  • Tighten the Settings in Internet Explorer
  • Do NOT run as Administrator or an account with Administrator privileges
  • Build a Layer of Protection - there are enough freeware products available on the Internet that there is no excuse for not having an adequate defense. Add an anti-spyware program that has "real-time" protection such as Microsoft's Windows Defender (freeware)
  • Microsoft has several new (paid) products - Windows Live Safety Center and Windows OneCare

Preventing the spread of Worms and Spam

Setup Outlook Express/Windows Mail for Plain Text only! - yes turn off the fluff ... you'll be much safer and the end result you will receive less spam. Spammers embed web bugs into HTML emails so even if you don't reply, they know that the message was received/viewed and will continue to bombard you. Worse yet once they determine a valid address this info is often sold to other spammers and the cycle continues!

  • Open Outlook Express/Windows Mail - click Tools | Options | Read tab
    Select: "Read all messages in Plain Text" click Apply
    Click the Send tab and uncheck:
    "Reply to messages in the format they were sent"
    Mail Sending and News Sending Format - select: Plain Text
    Click the Security tab and select the following options [screenshot] click Apply
  • Test the security of your email system

Many users are reporting they are getting huge amounts of email that contains infections. This usually occurs when their email address has been harvested from a newsgroup posting, web site page or from someone else who is infected and your email address is in their Address Book. A simply way to prevent this is to NOT use your real email address in a newsgroup posting. Other steps to reduce the amount of Spam you receive:

  • Help keep spam out of your inbox
  • Munging Your Email Address
  • Create several email accounts at Hotmail or Yahoo and then use those when you have to enter your email address at some site that you want to use their service. This also helps to determine if a site you are dealing with is selling your email address, or turns out to be a spammer.
  • A good example of a site spamming you to death is virtuagirl2.com
    "After entering our e-mail address on this site we received 1376 e-mails per week."

Enable the Hidden Files Option

Often times a user open an innocent looking file attachment only to discover they have infected themselves. One favorite tactic these parasites use is a double-extension file where one or both file extensions are hidden. By default Microsoft hides the "registered" file types from view - to protect the user from opening protected system files. However this also prevents the user from seeing these extensions in their email. To allow yourself to view all file types, open Windows Explorer Folder Options - View [tab]: [screenshot]

  • Scroll down to the Hidden Files and Folders section
  • Select: "Show hidden files and folders"
  • Uncheck: "Hide file extensions for known file types"
  • Uncheck: " Hide protected operating system files"
  • Ok the Prompt, click Apply, Ok

Protecting your system from unknown Startups

99% of these threats all have one thing in common - they are set to execute from one or more of the "Run" keys in the Registry. To protect against these silent additions: Add a Startup Monitor to your Layered Protection.

StartupMonitor WinPatrol (recommended)
    WinPatrol also protects/monitors your HomePage and Search URL's!
Microsoft's Windows Defender also provides a "Startup Monitor" as part of it's "real-time" protection.

Startup Diagnostic Utilities

Sysinternals Autoruns | Silent Runners |

Firewall Software

Even the built-in Firewall in XP can protect the average home user. And yes XP's Firewall can produce "stealth" results if your services are properly configured.

Troubleshooting Windows Firewall settings in Windows XP SP 2
Editors Note: There is a terrific wealth of information in this article. However for stand-alone setups there should be no "Exceptions" enabled. Start | Run (type) Firewall.cpl

Test your Firewall configuration with ShieldsUp

Additional Firewall Products

SunBelt (Kerio) Firewall (XP/Vista) now that SunBelt has rescued this popular firewall, users have another option over the default Firewall built into XP. This terrific utility is well worth the price! ... even if you don't purchase the full version the freeware version offers better (two-way) protection than the default (one-way) XP firewall.
ZoneAlarm [freeware]   Zone Labs Support Forum
For new users this is a more or less "set it and forget it" firewall. TIP: (broadband users) turn off the Inbound Alerts! - there are so many that the prompts become bothersome. There is really nothing you can do about these probes and you can ignore these as long as your setup is Stealth.
Zone Labs Security Scanner (identify third party tracking cookies)

OutPost Personal Firewall [freeware] [Experienced Users]

What is the outlook for the Future?

A disturbing trend in the type of infections we are seeing is the use of "injection" techniques. This involves one or more files injecting themselves into other Windows processes. Once this is accomplished, these type infections generally hide themselves not only from the user, but also from most Security related programs.

As it stands now the majority of Antivirus and Anti-Spyware programs are unable to properly deal with these techniques. Although several are starting to develop (IDS) "Security Suites", these are rather expensive and the subscription renewal offers make them even less attractive.

RootkitRevealer - root kit detection utility Windows Sysinternals RootkitRevealer Forum

Other Security & Privacy Related Links

Gibson Research Quick Reference Guide to the GRC Newsgroups
ShieldsUP [Internet port vulnerabilities]

Microsoft Security Bulletins
Home Computer Security by: CERT® Coordination Center (recommended)
Sunbelt BLOG

Antivirus Info

List of Antivirus Software Vendors Virus Bulletin Home Page
Cannot Start Executable Programs (.exe Files) on Your Computer
You Are Unable to Start a Program with an .exe File Extension
OLEXP: Using Virus Protection Features in Outlook Express 6
 Virus Hoax: Microsoft Debugger (Jdbgmgr.exe) Is Not a Virus
How to start the computer in Safe Mode (98/ME/2K/XP)
How to turn off or turn on System Restore [ME] [XP] [more info]

McAfee AVERT Stinger - Stinger is a stand-alone freeware utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. McAfee Support Forums

Trend Micro, Inc. offers a free online virus scanning
Panda ActiveScan Online Virus Scanner
Kaspersky Anti-Virus: Free Online Virus Scanner

This site subscribes to the following: General Criteria for Detection
Privacy Policy

Copyright © 1998 - 2009 All rights reserved.
Creative Commons License
This work is licensed under a Creative Commons License.
http://www.mvps.org/winhelp2002/security.htm