Lockdown: The InfoSecurity Guide to Securing Your Computer, Part I

This is a two-part series to locking down the computer to provide maximum protection. Even though this guide will sound intrusive, we are talking about reality here. Extreme measures must be taken to protect our computers, especially when we have confidential documentation or do internet banking, which many people do. We all have to use electronic devices at some stage, whether it be for business or personal use. 

Hackers are more educated than ever before. First thing in the morning, once I get up is make myself a coffee and read the RSS Feeds, I almost always come across the headlines, "data breach at xxx organisation".  Sadly, we cannot do much when our details are stolen from organisations. However, I will recommend signing up with smaller businesses that are less likely to be hacked. For example, don't go with a big name bank. Go with a bank that has less publicity. 

Today's article will be about the importance of updating your OS and software, and using Antivirus and Malware scanners along with using Sandboxie and EMET to complete your browser security needs. 

Keeping the OS & Software Up to Date

I see so many people complaining about having to update OS and the software. What people don't understand is how important these updates are. Microsoft has a rating system with "critical" being the highest. To be honest, all Microsoft updates should be applied the minute you get a notification. Microsoft releases update every second Tuesday of the month, but it will sometimes break that date to release an emergency update. Now once a month isn't too bad. I think in terms of the security patches it applies, it is well worth it.  

Now what should you do to make sure you receive updates straight away? I suggest you navigate: Start Menu -> All Programs -> Windows Update -> Change Settings. Further, I suggest the following changes to be made: From the drop-down located under "Important updates", select Install updates automatically. Choose to install updates every day and pick a time.

Personally, I choose 3.00 AM so I get the updates first thing in the morning which means it doesn't interfere with my daily tasks. Ensure you have enabled the following: "Give me recommended updates the same way I receive important updates", 'Give me updates for Microsoft Products and check for new optional Microsoft software when I update windows", and "Show me detailed notifications when the Microsoft software is available".

You should only enable "Allow all users to install updates on this computer" if you don't use the Administrator account. 

Lockdown: The InfoSecurity Guide to Securing Your Computer, Part I

Now let's talk a little about keeping programs up to date on your OS. There is important programs that should be treated like you would with an OS update, and then there are less important ones. 

Let's explain a little more about the important and the lower priority updates. Programs that are popular such as Adobe Flash and Java must be treated as high priority updates. These products are so popular and almost every computer in the world has them. There will be many more hackers attempting (and successfully) exploiting these programs compared to a little piece of software called Everything (useful program—should check it out!). So that is why some products are more dangerous than others and therefore make it a high priority updating software. 

Suggestion

  • I highly recommend not to download software in the Beta and Alpha stages. This is due to instability and they most likely will contain many bugs and open holes for hackers to exploit. 

Antivirus and Malware Scanners

It is absolutely crucial to have a virus scanner before you even consider going onto the internet or even plugging a USB stick into the computer. I know this will cause some heat but, I am against using a free antivirus program. 

Free programs come and go and they are usually easy targets. Many don't earn enough revenue to even maintain today's standard. I would much rather pay $80 on a yearly basis to keep my computer secure.  

Sure, Microsoft might earn big time money and have their own antivirus program. But look how many people are using it? Its customer base is growing and so is the hacker's interest in the software. I use Norton360 and I have never had a problem with the product. Customer support lacks, however. There are many more antivirus programs out there, such as Trend-Micro, F-Secure McAfee and more. 

In addition to having antivirus software, you should also have an on-demand malware scanner.  This time I'm going to recommend a free software such as Malwarebytes.  Antivirus software usually aren't good at getting Malware and that is why it is important to have a product for that as well.

Let's assume your computer is infected. You aren't sure whether it might be a virus or Malware.  What is the first step you should take? Disable the internet connection. Why? Because Malware is about collecting data from your system and sending it back to the author, which requires an internet connection. But like I said, you aren't sure whether it is a virus or Malware, so you have to take that step as a precaution. 

The next step is to run a full system scan on the computer to see whether the antivirus picks anything up. Let's say it didn't and then you wanted to run a scan with Malwarebytes. What can you do to improve the detection rate? You could rename Malwarebytes to a process that the Malware needs to send its data back to. For example, you could rename it to explorer.exe or 1234.com

Warnings

  • NEVER use multiple live scanners. The two live antivirus scanners will conflict and fight each other, which will result in system instability. You, however, can use multiple on-demand scanners with a live scanner. 

Browser Hardening

Sandboxie is yet another great internet tool. Basically, it run programs in an isolated environment. So when you visit an infected website it cannot get onto your operating system. Just close Sandboxie and delete all its contents and the virus will be gone.  

Now lets harden some programs such as Java, Firefox and Microsoft Office. For this, we will use The Enhanced Mitigation Toolkit (EMET) from Microsoft. I want you to install it and open up the main page, which will look like this:

Lockdown: The InfoSecurity Guide to Securing Your Computer, Part I

Do NOT configure the system. I recommend configuring apps.

Lockdown: The InfoSecurity Guide to Securing Your Computer, Part I

  • Firefox - Click Add - > Go to Program files (x86 on a 64-bit system) -> Mozilla Firefox -> then click on "firefox.exe". 
  • Firefox Container - Click Add -> Go to Program files (x86 on a 64-bit system) -> Mozilla Firefox -> then click on "plugin-container.exe".
  • Java - Click Add -> Program Files -> Java -> Then select the version (e.g. jre7) -> bin -> java.exe
  • Microsoft Word - Program Files -> Microsoft Office > Office 14 -> WINWORD.EXE

Caught the drift yet? Taking small steps such as the above methods really can improve your computer's overall security. 

Image by Network Security Blog

7 Comments

Cool tutorial man :). Chrome has sandboxing in it by default :), though, as with everything, there are exploits to escape the "jail" so-to-speak. Don't forget to mention VMs and disabling JavaScript etc :D. This will be great for Windows specific users :D.

I would post a tutorial on securing Linux but considering I've spent a max two days using Linux I don't think I'm qualified to give a tutorial on that OS at the moment. However I have plans on doing so in the future. I didn't mention Virtual Managers in the second part, sorry Alex. I didn't see your comment until now. However I did give a brief mention about disabling JavaScript.

Nawh, I've actually already posted a lengthy, multipart guide on securing computers for both Linux and Windows :). I could get really specific with Linux...but it's so secure by default, that a lot of the extras are unnecessary (default login isn't an admin, no open ports by default, etc).

I have to agree with you on that Alex. I was once told to have a dual OS. In example, Linux Mint with Windows Seven. Keep my confidential files on Mint and never access the internet on that while using W7 to browse the internet (while making sure I have good security on that OS) such as browsing with Sandboxie - using security based extensions and having a good antivirus program installed.

When I'm feeling extra paranoid, I just boot up a VM and tunnel my services, then shred the VM when I'm done. There are WAY too many ways to make a system secure xD. I guess it all depends on what someones wants and needs are, as well as how far they are willing to go to protect their own skin. But the information has always been there, and people still don't practice good security, so we can only do so much for them :(.

I typically use windows 7 just out of convenience and efficiency, but if I am feeling paranoid I use Linux (which has Tor and other various things for the overparanoid), haha. I don't think I have heard of EMET, I will have to check that out now.

Share Your Thoughts

  • Hot
  • Latest