index -- tips-n1 -- tips-n2 -- tweaks -- software -- cmdline -- .... -- links-n1 -- links-n2 -- theend
Times Visited:
Last Updated: 15.11.2004, 1:00 AM
KEYPAD 
As far as I am concerned, in case of "protection" and "security" issues (when connected on web of course), a good firewall software is the only, and trully important thing to run.
Though on the other hand, I must say, that I already made Internet Explorer preety safe with And various security-related modifications with gpedit.msc, and various additional registry hacks (additional policies restrictions and others), but especially with disabling many options under:
Please, not that I do not recommend others not to use Microsoft's patches (like me), or not to update/patch OS at all (like me). Also you just use some good antivirus software (not like me - running without any antivirus), but I certainly do recommend using a well-trusted and as the most important - good configured firewall (see the rest of the page for details). Of course, I can play with security, because of my knowledge. I know well, what I am doing (processes running, software installed, libraries used, etc.), and also because of my particular situation, i.e., single-user PC, dial-up modem connection, etc., you can imagine, I can afford all this.
But see my posts here:
It is just that, I consider myself kind of "amateur-computing-professional", so belive me, I know very well what is running, what is installed, what is set to run at startup, etc., etc. I use various tools from www.sysinternals.com (from Mark Russinovich, all "non-setups", no installation required, just .exe, the "form" of programs I prefer), for example, with TCPview from Sysinternals (see somewhere on the site for the link), I can monitor and close process, connection (by process which established it) so by separate connection line/entry in its UI (each process usually has manny opened for you to imagine what I mean), so each two endpints, don't know.
And there are also TDImon (monitors: activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel), Tokenmon (monitors: Logon/logoff, Enabling/disabling privileges, Impersonation, Process creation/exit), and especially Regmon, Filemon and Process Explorer, beside many, many others. Not to mention Mark's command-line programs, though they are not so "security related", rather system in general)
I must confess, I was "infected" (and it was few days ago) with Bagle.AF worm, and certainly, it was all because of me, and my ignorance, and not because of lack of knowledge.
It is that I often examine viruses/trojans for export functions, and which libs they call, etc. (of course with antivirus disabled), so yesterday as usual, I right-click on one of trojans, I got recently by mail (before moving them to my "collection of nasties" - the encrypted volume), but this time, I was to quick clicking it, and I mistakenly chose Open instead of "View Dependancies" (to send it to Dependancy Walker app), or "Send To --BinText", to send it to BinText app from Foundstone Inc. (to see the file strings/contents), so heh, I was actually infected.
Uhh, luckily, I ran Filemon and Regmon apps at that particular time, so I later simply reversed all the settings made by worm without any problem. I simply deleted the created run registry key, and deleted SYSXP.exe file that was created and executed as process after "infection" (and noticeably slowing the system), and few other related files. And even if I wouldn't ran those apps. Almoust every malicious software does only few common things. One is, the file is executed (by user), and therefore started running as process, and second, this process creates registry key under HKLM or HKCU, under Run subkey.
But it is true, there are others, more dangerous, which (as I've heard) are preventing to access virus/spyware cleaning pages and similar, and some shutting down anti-spyware reALTed software, when they are executed. And also, I've read of one even more dangerous and scary thing. Some viruses are supposed to change some pointers locations in BIOS (or CMOS, I really forgot), that after infection, they refer to other registers. That could be preety bad, and I was actually afraid, that this happened to me (see below).
One more thing about this Bagle.AF worm "infection". Somehow at that time, my C partition was screwed (containing XP's pagefile and Windows 98/SE OS). The cause was - there was suddenly no File System on C volume (partition), just "raw" disk. I clearly saw data was still untouched. I was already thinking of finally low-level formatting HD (as I plan for a long time now, because of other problems, like two bad-sectors, that were not solved by Windows FORMAT), but again - luckily, I didn't panic, and I first tested the drive with the HD manufacturer's PowerMax utility (for my Maxtor ATA-IDE hard-drive), and huh, it fixed error. and because of PowerMax's warning displayed before fixing it, I was in doubt - maybe if I try, it will screw also all other partitions.
But no, the errors were luckily fixed by PowerMax utility, though I still don't know for sure, what was the actual reason for C partition loosing File System, the worm, or something else
index -- tips-n1 -- tips-n2 -- tweaks -- software -- cmdline -- .... -- links-n1 -- links-n2 -- theend
KEYPAD Here are few examples, of few options/features, one can set/configure ("enable", "disable", "prompt"), under Internet Options -- Advanced (I make examples only for Internet Explorer, above version 5.0 (so versions 5.0, 5.01, 5.5, 6), because there are very few people out there, still using older, 3.x, 4.x versions, so I omitted examples for those "out-dated" versions), particulary steps about disabling Active Content in Internet Explorer, like active contents such as ActiveX scripts, ActiveX controls, and Java programs in Internet Explorer.
NOTE: If you disable scripting support in Internet Explorer, the functionality of many Web sites on the Internet will be affected.
Configure Internet Explorer so that it does not run Active scripts automatically:
b. In the Settings box, scroll down to the Scripting section, and click Disable under Active scripting and Scripting of Java applets.
c. Click OK, and then click OK again.
In Internet Explorer, the term "Active scripting" or "ActiveX scripting" refers to both Microsoft JScript scripting and Microsoft Visual Basic Scripting Edition. When you complete this procedure, you disable both types of scripts.
If you are able to load the Web page after performing this step, the problem is being caused by Active scripting that the Web page contains. The script most likely is written incorrectly, or contains unsupported objects, properties, or elements.
Configure Internet Explorer so that it does not automatically use items that show active content, such as vertical marquees or animations.
b. In the Settings box, click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting.
c. Click OK, and then click OK again.
If you are able to load the Web page after performing this step, the problem is being caused by active content that the Web page contains..
Verify that Internet Explorer's internal Java Just-In-Time (JIT) compiler is disabled:
b. Click OK.
If the problem is caused by a Java program that the Web page contains and the problem still occurs when the Java JIT Compiler is disabled, the Internet Explorer status bar should display a message that provides additional information about the problem. If the message indicates that a particular class is not found, the appropriate class file may not exist on the server that contains the Web page, or the server may be too busy.
Configure Internet Explorer so that it does not run Java programs automatically.
b. In the Settings box, click Disable Java under Java Permissions, click OK and then click OK again.
If you are able to load the Web page after performing this step, the problem is being caused by one or more Java programs that the Web page contains.
Customizing Safety Levels for Active Content
While most active content contained in Web pages is safe, some Web pages contain active content that can potentially cause security problems on your computer. For example, an ActiveX control that runs automatically when you load a particular Web page might damage your data or cause your computer to become infected with a virus. Internet Explorer uses safety levels for active content to help prevent this situation from occurring.
The following safety levels for active content are available in Internet Explorer
* Medium (more secure) Warn before running potentially damaging content.
* Medium-Low (Same as Medium) No warning before running potentially damaging content.
* Low Minimal safeguard and warning before running potentially damaging content.
* Custom Level (for expert users) Base security on settings you choose.
To modify the safety level for active content, follow these steps:
b. In the Select a Web content zone to specify its security settings box, select a zone.
c. In the security level for this zone box, move the slider to setting you prefer, or click Custom Level to customize your settings.
d. Click OK until you return to Internet Explorer.
This article was previously published under Q154036