Braindump

Virii suck, I just though I’d throw that out there.  They cost the world billions of dollars a year and keep people like you and me up at night.  I wish I had the final solution for you but I don’t, however, I do have a list of applications/tools/services that I use to keep my computers running virus and spyware free.

Desktop Antivirus / AntiSpyware

At work my company has standardized on NOD32 from ESET.  I had never herd of the company until I started at my current position about a year and a half ago and now, I rarely use anything but NOD32.  They have a couple of editions but I’m only familiar with ESET NOD32 AV v2.6 and v3.0.  So far I have not had a single problem with virii or spyware (except for a few hacking/cracking tools that I use on occasion).

If I’m not using or recommending NOD32 for home / client computers I go with AVG.  AVG AntiVirus 8.0, the newest version from AVG covers pretty much everything you would need from an AntiVirus / AntiSpyware software suite.  They even have a free edition that can be found here for home computers that only need basic protection.  If your on a budget, AVG Free Edition is for you.  Again, so far, with my use of AVG Antivirus, I have not had a single problem.

Safe Internet Browsing

This is a huge deal when it comes to keeping your computer safe.  Sometimes it doesn’t involve any software at all.  Just some intelligence and PG13 level surfing (no porn or online gambling allowed!!).  However, because of my ADHD and endless appetite for information, even I run across some potentially bad websites.

To combat this I use OpenDNS.  I’ve done a blog post on them a while back.  Search at the right if you are interested but I’ll cover a few points to OpenDNS here.  First of all, OpenDNS is cool.  Second, OpenDNS is free.  Now that I got those two things out of the way, I’ll explain it a bit.  OpenDNS is a free DNS service that you point your network DNS servers, clients, etc towards and you instantly get a bit better service.  If you go to the website and create an account and then register your IP address there, you can have settings specified that would prevent people from surfing websites that fall within a specific category.  Below is what I have mine set to.

The moderate setting includes blocking of Adaware, Alochol, Dating, Drugs, Gambling, Hate/Discrimination, Weapons, Tasteless, Lingerie/Bikini, Proxy/Anonymizer, Sexuality, Nudity, Pornography, and Phishing.  The last one is especially cool because it uses the phishing database PhishTank, which is THE defacto standard in phishing databases…well at least I believe so.

Desktop and Network Firewalls

As much as I should use a desktop firewall, I don’t.  It hinders my ability to do network scans, attach to different networks, open up shares on my computer remotely, test software, etc.  But, do what I say and not what I do.  If you have no reason not to use one…then do so.  The built in Windows Firewall is fine but if you need to feel a little safer at night, I recommend ZoneAlarm.  It has both high reviewes in the major computer magazines and is recommended by the security research group Gibson Research Corp.

My home network firewall is pfSense, a free open source, fully featured firewall that I have installed on an old workstation with two network interfaces.  Visit the website for a full list of features.  Other firewall’s that I would recommend would be the Cisco PIX or ASA, m0n0wall, and any Linux distribution running iptables.  It’s not that these are the only secure options out there but rather I only have extensive experience in this small list.

SPAM Protection

This cannot be stressed enough…  Never use an email address without a **GREAT** SPAM filter.  For personal use, grab a free GMail account.  For corporate use get a Barracuda SPAM firewall, use Postini or build your own SPAM filter based on SpamAssassin.  For the DIY I recommend Maia Mailguard.  The reason for this is quite simple, spyware and virii can be transmitted quite easily through email.  If you are not protected, you are asking for trouble.

Defense in Depth

Although all of my recomendations, in my option, are good ones..not a single one of them guarantees that you will not get infected.  Things like zero day attacks, trojans, virii, spyware, adaware, malware, etc are not always easily detected and therefore may hit a large number of computers over a short period of time without the security companies knowledge.  However, with the use of all of them together, you now have the tools for a fighting chance and with any luck, you’ll be virus free.

Hopefully you’ll take my advice on one or more of the above topics and have a safer more enjoyable time on the internet.

Extras!!

Here are a few extra tools that I did not fit in.

ESET Online Scanner | TrendMicro House Call | TrendMicro HijackThis | Symantec Removal Tools

Please!!  I’ve been using an old P4 1.6Ghz and 512Mb memory at home with Ubuntu loaded on it for some time now.  I can’t seem to ever come up with enough cash to purchase this myself so I thought I would give ChipIn at try.  It’s a new (I think) service that allows you to have a fund raiser of your own.  Check it out and try it for yourself.

I’m looking at one of the higher end HP or Dell’s running Vista Ultimate with a dual monitor setup for home.  I have dual monitors at work and it gets pretty hard to get all the work I want to get done at home when I only have a single 17″ flat panel.  Pretty low tech if you ask me.

For those of you who do donate, thank you very much.  I appreciate it.  For those of you who don’t, I won’t hold any grudges.

Recently I had a client who purchase a new laptop from Dell.  It was a failry straight forward setup, nothing out of the ordinary.  After we got the computer joined to the domain and the user’s profile setup, we started the file syncronization process for a number of directories that they needed to take offsite on a daily basis to be able to read/modify while out of the office and without internet connectivty.  They had been using Microsoft’s offline file feature.  Again, nothint out of the ordinary.

Well, this computer took up more than a few hours of my time as well as another associate of mine.  The computer no matter what we did would not syncronize files during the logon process even thought the little checkbox was checked to do so.  As it turns out, Dell has some sort of security suite that they are deploying with all the laptops now with the name of WavXDocMgr.  This was the culprit of the syncronization issue.  We took this out of MSCONFIG as a startup process and the problem was solved.  As this was not the answer but rather a workaround, we have started talking with Dell but as of yet have not found a fix for the issue so I thought I would share.

I live in command line on Linux, Cisco, HP, and a number of other products but for some reason it feels UnAmerican to do it on Windows.  I’m coming around though.  With the implementation of the Microsoft Powershell on Windows you now have a great deal of power that you may or may not have had before.  For me, troubleshooting Exchange 2007 and AD, it is a blessing.  However, finding the command that you need to use to get the information you want is pretty hard.  I guess that’s why Microsoft created the “get-command” command for PowerShell.  It is basically a search function for Powershell and will return a list of commands that you can run to get the information you need (per your search).

So lets use the command to find more about our Exchange queues (Exchange 2007 Server).

Get-Command *queue*

Which will return a list of commands that you can run from PowerShell like Get-Queue, Retry-Queue, and Suspend-Queue.

Now lets try something to do with Active Directory.  Try this command.

Get-Command *User*

It’ll return a boatload of commands but you can see a few that might be useful like New-ADUser and New-ADGroup.

Hopefully this will shine some light on the still fairly new (feeling) command line power of Microsoft’s Operating Systems.

This is a followon from my last post about weak SSL ciphers but they kind of go hand in hand.  SSLv3 offers a few security improvements over SSLv2 and is supported by the majority of new browsers.  What we will do in this post is disable the ability for a client co choose to use SSLv2 if connected to your webserver that has SSLv2 disabled.  To accomplish this we will need to do the following.

Open regedit and find the key

HKLM\SYSTEM|CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

Now for SSL 2.0 you will want to create a new DWORD value named Enabled with a data value of 0 in Hex in both the client and server subkeys.  This will disable the ability for the server to use or allow the use of SSLv2 during the use of SSL.  You can also create a registry import like the following.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
“Enabled”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
“Enabled”=dword:00000000

Again with this one, Nessus will find the vulnerability fairly easy so their is almost no reason to have it running. Nessus’ vulnerability will be displayed as “Synopsis : The remote service encrypts traffic using a protocol with known weaknesses.”

NOTE: This change may break clients/servers/applications so I take no responsibility for YOUR actions.