Erollisi Marr - The Nameless

Go Back   Erollisi Marr - The Nameless > NON EQ Stuff (Real life, other games, etc.) > Technical Related


Reply
 
Add/Share Add/Share Thread Tools Display Modes
Old 10-21-2002, 02:28 PM   #1
Festivus
Guest
 
Posts: n/a
Default Spyware/SPAM/Pop ups

I promised someone I would post something on this today. Given that the login servers are down and I have already procured my copy of PoP, I figured I would let you know what I do to keep pop-ups off my system and spyware to a dull roar (honestly, I never have problems anymore).

There are three areas that I look at:

1. Patching my system to ensure it's stability and safety.

2. Ridding myself of software installed onto my system that I am not aware of (spyware)

3. Preventing pop-up advertisements and other backdoor applications from being installed onto my system and Preventing unscrupulous advertising companies from getting any information from my hard drives.

Lastly, I want to emphasize that if you don't have a hardware firewall product and you have a full time internet connection (such as DSL or Cable Modem) you might want to seriously think about getting yourself set up with such a product. At a minimum, you should get a router that will perform Network Address Translation to prevent your home PC from being scanned by hackers. If you cannot afford something like this, please look into Zone Alarm or some other PC based firewall product.

>> Patching

The single most important thing you can do with your pc is to patch it. This is a mantra, repeat it as you power your PC on or something, what ever you need to do to do it, do it...

If you don't know how, point your Internet Explorer (yes, that yucky browser) to windowsupdate.microsoft.com and check your system for updates. Install *ALL* the critical updates that are listed, then the recommended. You may need to restart several dozen times if you have never updated before. Set aside a weekend afternoon if you have never done it, it will take some time at 56Kbps.

Once you have the critical and recommended updates from Microsoft on... go check your video drivers for updates, your computer manufacturer for updates, sound board, etc... then come back and check Microsoft's update page again.

Microsoft introduced the Critical Updates notifier applet recently. By the time that a patch is configured for that automatic critical update notifier, it can be months out of date. Personally, I don't use it, but then again, I check windowsupdate.microsoft.com every day.

Patching and keeping your system up to date will help to protect yourself from hackers, bugs and unscrupulous advertisers.

>> How do I know if I have Spyware installed?

The short answer to this is, you don't... at least not well written spyware software. There are a couple tools that I use to help ensure that I don't have any spyware on my system, and some best practices I use. Lets start with software I use:

* ADAware - This is a little application that I have configured to run when I start my computer up. For $15 you can get automatic updates to the software, well worth the money. I configured my copy to automatically delete spyware apps when encountered. You can get a demo version of this from www.lavasoftusa.com (there is a Euro mirror but I don't know it off the top of my head).

* ZoneAlarm - This is a FREE personal firewall utility. This will pop up a warning when your computer attempts to communicate with another on the internet. www.zonelabs.com

* Activeports - This application tells you what programs are running on your computer, and what ports it has open. I find this one particularly useful if I suspect a computer is being hacked. A lot of hackers will drop in trojan horse applications onto a pc and then use that to gain access later. Activeports would tell me for example if a hacked version of the MMC.EXE application was being used by another computer, and better yet, tells me the IP address and machine name of the person attempting to gain access (all of which I report to the owners ISP). Some day I will be able to sue them... some day. Anyhow, find more information about Activeports at www.protect-me.com/index.htm

* Antivirus - I use McAfee, use what you want but use something. Update it EVERY DAY! Scan your system periodically (I scan mine at night when I go to bed).

* Never trust anyone. Read carefully software license agreements when downloading stuff from the net, see if they are ad supported... if it is, then see some prevention techniques below before you go installing something like this. Do you trust me and my words here? Why? Take the time to read through the links I provide here... don't blindly follow what I say. Get yourself informed, or find a friend or relative who is knowledgeable and ask them about it. They might be shocked if you asked them about some of the stuff I mention (shocked as in how the heck did you know to even ask that?!?)

* Check out what is running. You can use REGEDIT to check your windows Run section to see if there is something that looks like spyware being loaded. click on Start, Run, Regedit (or Regedt32.exe on Windows NT), navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION \ and check out what is in RUN, RUNONCE and RUNONCEEX. If you don't recall installing it, it might not belong there.

*** NOTE: Editing your registry is dangerous and may result in the inability of your system to start up. Do not poke around in there unless you know what you are doing. Always make a backup of your registry before making changes!!! ***

>> How do I keep Spyware off my system?

Aside from the software and practices above, try these things to keep unwanted software from making it to your system...

* Use a better browser that can disable popups. In my case, I use Mozilla. Internet Explorer won't let you disable pop ups, I am unsure on Netscape, but I know you can disable pop ups in Mozilla. I have another post somewhere that talks about how to configure Mozilla for no pop ups. Just search my posts. You can get Mozilla from www.mozilla.org

* Don't allow cookies from untrusted sites. Some disagree with me, but I don't want anyone tracking my clicking trends with my web browser. Mozilla lets me block based upon domains. See above for the info about Mozilla, the cookies thing is in the same post.

* Blackhole internet advertisers. This is the single most effective way I have found to keep crap off my system and keep it from communicating with others. In a nutshell you take a internet spammer and tell your computer that it's IP address is 0.0.0.0 or 127.0.0.1. When a pop up comes up, it goes looking for myspamcompany.com's pop up but finds it directed to your local computer. They never get the content to you, and your computer never talks to theirs! A listing and detailed instructions on how this works can be found at www.smartin-designs.com/

* Disable VBS scripting from your system. VBS is what is used by both popup advertisers and virus writers (ILOVEYOU for example). You should not permit VBS scripts to run on your system. Here is a link with howto disable the scripts on several platforms:
www.barny.be/PC/vbs_scripting.htm

* Disable Windows Messenger Service. Unless you are a network admin and need to see alerts on your system, you really don't need this service. A new spammer company has figured out a way to drop an applet onto your system that uses this service to pop its ads up. For info on disabling your messenger service, see www.securityspace.com/smy...?id=10458. Thanks to Blaesteil for this tip.

Lastly, make sure you patched your system and updated your virus scanner. While it's downloading you can repeat the mantra to yourself "Patching is good... patching is good..."

If you have any comments or suggestions, please do provide them. I am not the only authority on this stuff, if you have something to add please do.


Admin edit:
If you find your mailbox full with spam every day, read one of the posts underneath with 3 tips on how to prevent spam.

Last edited by Ogmuk; 01-31-2004 at 10:26 AM.
  Reply With Quote
Old 10-21-2002, 03:19 PM   #2
Elan
Guest
 
Posts: n/a

Not a bad list. I prefer Spybot: Search & Destroy for spyware though, it found stuff the AdAware didn't.

www.techtv.com/screensave...19,00.html

My anti-virus is also free, with free updates too (I'm so cheap). It does the job, have not had a virus in over a year now. It's called AVG.

www.grisoft.com/html/us_i...8f193135c9

As far as popups go, I used to use PopUpKiller for the longest time and thought it was the best I could do, until I found this (also free):

www.bayden.com/popper/

It only works in IE browsers though, not Netscape or any others. But I use IE more than Netscape, especially that new 7.0 Netscape which I hate. Since getting this thing these boards load a heckuva lot faster for me.

My firewall is ZoneAlarm, I have no problems with it either.
  Reply With Quote
Old 10-22-2002, 03:32 AM   #3
Nocte
Guest
 
Posts: n/a

Personally I use No Ads for Pop-ups. A Godsend when surfing Pr0n .

I use Ontrack Fix-It as my Virus protection. This is probably the best piece of software I own. The system utilities built into it are phenomenal.

I never let Spyware on my machine using good old fashioned common sense. I run Spybot on occasion for S 'n Gs, it always comes back clean. NEVER install "free" shyte from random websites and you'll never have a problem. No animated cursors, nothing from Gator, No "surfing enhancements" unless they come from legit companies.

I use Neowatch as my firewall and it's idiot proof. Once it learns your surfing habits, you don't even know it's there.

Last week I purchased EZ Board Supporter and haven't regretted it. Forums are so much nicer (and faster) to surf now! Definitely worth the whopping $1 a month.
  Reply With Quote
Old 10-22-2002, 10:17 AM   #4
Festivus
Guest
 
Posts: n/a

It is worth mentioning that the freeware version of AdAware is nowhere as good as the $15 version. One of the best features is that it has a applet that sits on the system tray and monitors for spyware being installed. I will check out your suggestions above... I like free solutions
  Reply With Quote
Old 10-29-2002, 04:24 PM   #5
Ulujain Ebonelphette
Guest
 
Posts: n/a

And if netstat -a doesn't give you enough info, there's TCPView. I have it here: www.ulujain.org/modules.p...tit&lid=31

Works on any 32 bit version of Windows.

www.insecure.org has a whole bunch of tutorials and files to guard yourself against hax0rs and spyware.

Other stuff; unbind UPnP. Only really applicable to WinXP.

The key thing to remember with popups and other stuff is that they are client-side. Protect or fortify that client and 99% of your work is done.
  Reply With Quote
Old 08-14-2003, 02:12 AM   #6
Ulujain
Registered User
 
Join Date: Nov 2002
Location: La La Land
Posts: 1,930
Opera has too many quirks and whacky ways of doing things for my liking. And yeah, I have a hang-up about paying for a browser too. I use K-Meleon, which is a lightweight Mozilla for most surfing, or Firebird which is another Mozilla variant. Both ignore all pop-ups...both ignore no right-click javascript hacks too, the ones some folks use to "protect" their pictures.

And no software firewall can compete with a hardware solution. Little bit harder to get around them than it is a software one, like Sakkath suggested.
__________________
S.I.G.N.A.T.U.R.E.
Ulujain is offline   Reply With Quote
Old 08-14-2003, 07:10 AM   #7
Festivus
Registered User
 
Join Date: Nov 2002
Location: Alhambra, CA
Posts: 513
As for hardware firewall solutions... I was over at Best Buy here in Southern California, they have a Linksys unit, it's a wireless access point, 4 port switch with a router in it, so you can do NAT and basic hardware firewalling for $70. I bought this when it was new for $250, so prices have really come down. Here is the outpost.com listing for it:

http://shop4.outpost.com/product/2957055

With this unit, I have the added bonus of being able to peruse erollisimarr.com from the bathroom.

Which brings me to Wireless Access Points and securing them. I will try to come up with a writeup about best practices for that as well and will share when I get it done.
__________________
Festivus Metalpole
Twisting Beer and Music for 65 Levels
Proud member of Midnight Fury

no images!
Festivus is offline   Reply With Quote
Old 12-15-2003, 08:12 AM   #8
Ice Weasel X
Banned User
 
Ice Weasel X's Avatar
 
Join Date: Nov 2002
Posts: 3,799
Send a message via AIM to Ice Weasel X
Default Another one

A lot of the popular SpyWare removal tools don't catch all instances of CoolWebSearch (yet another browser redirection plague). I run Cool Web Shredder after Ad-Aware and SpyBot Search & Destroy.

Firewalls, pop-up stoppers, and most proactive protection are not an option here at this time, unfortunately.

EDIT: The original source for CWShredder is slammed by DDoS attacks every time it goes up, so it's now hosted here at SpyWareInfo.com. You can also download HijackThis there, which is a useful utility to see what's running on your system.

Last edited by Ice Weasel X; 04-04-2004 at 11:37 AM. Reason: Updating CWShredder URL
Ice Weasel X is offline   Reply With Quote
Old 01-31-2004, 10:24 AM   #9
Ogmuk
Administrator
 
Ogmuk's Avatar
 
Join Date: Nov 2002
Posts: 1,334
How spam works and how to prevent it:

1) Besides random mailing, spam companies often put your email address in a database. Once you click on the email it will load the images (can be an invisible 1 by 1 pixel image) and because of that you basically tell them that you've read their spam. Since your email address exists, you'll receive tons more in the future.

The best way to keep spam out is using a different mailer than Outlook Express. For instance Microsoft's Outlook 2003 has the option to read each message as Plain Text (with an option to read it in HTML if you trust the sender) and it will not download pictures unless you trust the sender as well.

2) If the spam is not from a trusted company, you do NOT want to click on "remove me from the mailing list." It is the same trick as the image.

3) You do not want to post your email address in a public place such as this forum because there are plenty of crawlers which can grab your email addy to surprise you with that much hatred spam. If you really need to give someone you email address, add something in it that the other party has to remove, i.e. dennishopper at hotmail.com or dennishopper(removethispart)@hotmail.com
__________________
Ogmuk <Da`Kor>
Ogmuk is offline   Reply With Quote
Old 07-06-2004, 10:54 AM   #10
Festivus
Registered User
 
Join Date: Nov 2002
Location: Alhambra, CA
Posts: 513
Default NIST Windows XP Pro Security Guide

The National Institute of Standards and Technology (NIST) has published a document on securing a Windows XP system. It's a lengthly read but has some very good pointers in it that I thought were befitting of this thread. You can get a copy of the document here:

http://csrc.nist.gov/itsec/NIST_WinX...1_07042004.zip

It is in draft form at the moment. Once I see a final I will update this post.
__________________
Festivus Metalpole
Twisting Beer and Music for 65 Levels
Proud member of Midnight Fury

no images!
Festivus is offline   Reply With Quote
Old 06-08-2005, 03:19 PM   #11
Treage
Registered User
 
Join Date: Dec 2002
Location: Parsons,KS
Posts: 90
Another useful utility that has a 30-day free trial period is Reg Supreme
It helps to get rid of traces in the registry after removing unwanted programs.
__________________
Non-active list:
Treage-Pendragon Society
Steenky-Defiant Exodus
Treage is offline   Reply With Quote
Old 05-06-2009, 08:42 AM   #12
Ogmuk
Administrator
 
Ogmuk's Avatar
 
Join Date: Nov 2002
Posts: 1,334
I've been using Avira Antivirus Personal, a free virus scanner, for years now. After all these years it's still up there with the best of the best. High detection rate (98%+). It doesn't take as much resources as most other virus scanners require. It's a lot better than AVG. The only downside is the nag screen each time the thing updates, but that's easy to get rid of: http://www.elitekiller.com/files/dis...ntivir_nag.htm. The same website has a nice compilation with tips: http://www.elitekiller.com/malware.htm

Since the site is now down, from the Internet Archive Wayback Machine:
http://web.archive.org/web/200804051...ntivir_nag.htm
http://web.archive.org/web/200804180...om/malware.htm
__________________
Ogmuk <Da`Kor>

Last edited by Ogmuk; 12-03-2009 at 12:21 AM.
Ogmuk is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -8. The time now is 10:19 AM.


Powered by: vBulletin. Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.