Home

======================

THE BULLETPROOF SYSTEM

======================

The bulletproof system consists of a multi-pronged approach which

will make your system essentially invulnerable to attack by the

vast majority of spyware, adware, and malware.

I - ASSESS YOUR VULNERABILITY

Go to Steve Gibson's ShieldsUP! page and test how accessible

your computer's ports are to a hacker looking for a way in:

https://www.grc.com/x/ne.dll?bh0bkyd2

Click on Common Ports to test the ones most used.

Click on All Service Ports for a complete test.

The perfect firewall will show Stealth (invisible) status

for all ports. ZoneAlarm is one of the few software

firewalls that can provide this level of protection.

It used to be the ONLY one.

II - INSTALL PROTECTION

1 - FIREWALL

You have a choice of a hardware or software solution here.

SOFTWARE FIREWALL

The best software firewall is ZoneAlarm, and it has the

advantage of being free, as well. ZoneAlarm protects both

against incoming attacks and outgoing events, such as

a keylogger sending private information, by asking you

if you initiated the program which is attempting to access

the internet at that moment. If you recognize the program,

such as the Internet Explorer browser, you can give it

blanket permission to access at all times, without being

checked out. If you say no, it will be blocked. You can

also give one-time access to check out any results, like

error messages from a Windows service which needs to run

in order to give your browser access.

ZoneAlarm offer a Pro version which provides additional

features and support, but the free version is just fine:

http://www.zonelabs.com/store/content/home.jsp

HARDWARE FIREWALL

A hardware firewall is simply a router that sits

between your DSL or Cable modem and the network

card in your PC. It very effectively blocks all

incoming traffic which has not been intitiated

from your PC. It will NOT block programs on your

PC from accessing the internet, so, while it may

prevent a trojan from being loaded onto your PC,

it will not prevent it from working once it's

been initiated. When combined with the other

protection here, that won't be a problem, but

you should know that this blocking of outgoing

access by programs, without your permission, is

one of the virtues of ZoneAlarm.

The biggest advantage of a router is that is

fields all the traffic sent to the IP address

given to you by your ISP, and reassigns the IP

address used by your computer, so your PC's IP

address is simply not accessible.

Though they offer the possibility of being

configured, little or no configuration is

usually necessary.

One of the best routers for the money is Asante.

One of the most cost-effective solutions is the

FriendlyNET FR1004:

http://www.asante.com/products/productsLvl3/FR1004.asp

2 - ANTIVIRUS (AV)

Many of the commercial AV programs are notorious for failing

to detect bugs in a timely manner, and for causing conflicts

with other software (Norton is one of these). As a result,

users started looking for better solutions. I've tried any

number of the freeware solutions and finally settled on

AntiVir.

Here's a good list of possible programs:

Free online or downloadable virus scans:

AntiVir:

http://www.free-av.com/

BitDefender:

http://www.bitdefender.com/scan/licence.php

Computer Associates:

http://www3.ca.com/virusinfo/virusscan.aspx

Panda:

www.pandasoftware.com/activescan/com/activescan_principal.htm

Trend Micro:

http://housecall.trendmicro.com/housecall/start_corp.asp

I like AntiVir for several reasons:

- It tends to find viruses missed by other AV programs.

- Detection files are updated frequently - often several

times a day. You can set the update component to update

as often as you like. I update once a day.

- It has a component called AntiVir Guard which monitors

file activity on your hard drive and scans on-the-fly.

This is especially valuable in the case of hidden

"drive-by" downloads from malicious sites - a common

source of trojans. The Guard component sees these

hidden downloads and scans the files, immediately

alerting you of malicious content, and offering you

the option of deleting, moving or renaming the file

or placing it in quarantine. Priceless.

3 - WINDOWS UPDATES

Microsoft is painfully aware of the many vulnerabilities

in its software, from Windows itself to Outlook Express

to Internet Explorer. They work hard to patch them as

quickly as possible after becoming aware of a problem.

Updating your system is vital to any comprehensive

effort to protect yourself:

http://www.windowsupdate.com/

You can set Windows up to automatically check for new

updates and notify you from the system tray by going

to Start -> Settings -> Control Panel -> Automatic

Updates and checking the box that says "Keep my

computer up to date."

4 - FREEWARE SOLUTIONS

Out of all the freeware solutions out there, the following

programs should be considered essential. They are tried and

true, contain no spyware or adware themselves, work well with

other programs, and are constantly being updated and improved

by some of the most creative and conscientious programmers in

the world.

Many of them overlap in their protective capabilities, but

there's no such thing as too much protection. At the same

time, they each contain some unique aspects which more

than make up for any overlap in function.

- AdAware

"Ad-Aware is designed to provide advanced protection from

known Data-mining, aggressive advertising, Parasites,

Scumware, selected traditional Trojans, Dialers, Malware,

Browser hijackers, and tracking components. With the

release of Ad-Aware SE Personal edition, Lavasoft takes

the fight against Spyware to the next level."

http://www.lavasoftusa.com/software/adaware/

The free version is essential. Plus and Professional

versions are also available.

Use it once a week, or more often if you browse aggressively.

Manually update before each use.

- Spybot Search & Destroy

A partial list of features:

Removal of adware and spyware

Removal of dialers

Removal of keyloggers

Removal of trojans and other baddies

Removal of usage tracks

Save removal of threats by shredding them

Backups of every removed problem

Exclude option to ignore specific problems

Permanent blocking of threatening ActiveX downloads

Permanent blocking of known tracking cookies for IE

Permanent blocking of threating downloads in IE

http://www.safer-networking.org/en/features/index.html

Overview:

http://www.safer-networking.org/en/spybotsd/index.html

- Javacool Software's Spyware Blaster

"Prevent the installation of ActiveX-based spyware, adware,

browser hijackers, dialers, and other potentially unwanted

software.

Block spyware/tracking cookies in Internet Explorer and

Mozilla/Firefox.

Restrict the actions of potentially unwanted sites in

Internet Explorer.

SpywareBlaster can help keep your system spyware-free and

secure, without interfering with the "good side" of the web.

And unlike other programs, SpywareBlaster does not have to

remain running in the background."

http://www.javacoolsoftware.com/spywareblaster.html

Run it once a week to update it, and enable all protection.

Then close the program. This program acts more like an

inoculation, preventing changes to the system. 4349 items

are currently in the database.

- WinPatrol

"WinPatrol uses a heuristic approach to detecting attacks

and violations of your computing environment. Traditional

security programs scan your hard drive searching for

previously identified threats. WinPatrol takes snapshot

of your critical system resources and alerts you to any

changes that may occur without your knowledge."

http://www.winpatrol.com/

This program loads with Windows and sits in the system

tray, offering many features. The most noticeable are

when Scotty, the Scottish Terrier, barks to alert you

that a new program has been added to the Windows Startup

sequence, either in the registry or the Startup Folder.

Since one of the ways that viruses multiply themselves

is to add an entry to Windows Startup, this is a very

valuable program. You can immediately deny any program

from placing a startup entry.

You can also use the program by double-clicking on the

tray icon. Scotty will bark in response, and you'll

have access to several tabs of options, including

viewing Startup Programs, Active Tasks, IE Helpers,

Cookies, and much, much more.

Scotty can also be set to monitor any changes made to

your HOSTS file. Much more on this later.

- HijackThis (HJT)

HijackThis is a legendary program which is of immense

value if you've already been infected, or think you

might have been.

"HijackThis examines certain key areas of the Registry

and Hard Drive and lists their contents. These are areas

which are used by both legitimate programmers and hijackers."

http://www.tomcoyote.org/hjt/

HJT creates a log of what it finds which can then be

posted for analysis by experts such as those found here

on Google Answers, or in a forum dedicated to assisting

those who are infected, such as 'TomCoyote Forums',

'Geeks to Go Forums' and 'SpywareInfo Forums'.

Experts can tell you precisely what entries to check for

removal by HJT.

One of the latest enhancements to this program is the

addition of online HJT log analyzers, which can give

you a leg up in analyzing them yourself:

IamNotaGeek.com log parser:

http://hjt.iamnotageek.com/

HijackThis log analyzer (a more graphic version):

http://www.hijackthis.de/en

HJT has other very useful features, including one which

marks a file for deletion on reboot. This is very useful

when Windows prevents you from deleting a file because

it's currently in use, which happens a lot with viruses.

- Microsoft Windows Anti-Spyware (Beta)

I installed this and ran it for about a week. It didn't

give any indication of having found anything that wasn't

already protected against by the other software here, but

I'm including it because it's received very good reviews

in the geek community, and I'd certainly recommend it to

anyone who has limited knowledge of spyware and the other

programs I've outlined to prevent it.

Let this run in your system tray.

Microsoft Windows Anti-Spyware

5 - HOSTS FILE

The HOSTS file is a little-known Windows file which normally

does nothing, since the content is minimal by default, that

being:

127.0.0.1 localhost

That entry just points to your computer and identifies it

as localhost.

But additional entries can be made to this file that amount

to Windows wizardry!

The file is typically located here, in W2000 & XP:

C:\WINNT[or Windows]\system32\drivers\etc

It has no extension, but your can rename it HOSTS.txt

and open it with Notepad to see that it is a text file.

Entries can be added on a custom basis. These entries

will point specified addresses to your computer, rather

than to your DNS server, so that, instead of looking for

the files on the web, your browser will look for them on

your PC. Since they don't exist there, they won't be

found and loaded. In this way, you can effectively block

certain sites from ever being loaded in your browser.

Many people use the file to prevent known advertising

servers and malicious sites from having access to your

browser. There are many sites which post replacement

HOSTS files to use in place of the default one.

Different sites focus on different content. You can find

sites that block porn sites, sites that block ads from

loading in your browser, sites that are known to be

malicious, and combinations of all of these.

Since there are hundreds of sites of all these types, the

number of entries in the HOSTS file can cause it to become

much larger. If the file is too large, it will slow the

speed of your browser's loading things, so some authors

of HOSTS files take this into account, and use it to

redirect only the most malicious sites and ubiquitous

advertisers.

The following page on the MS Most Valuable Professionals

site, offers the best compromise and supporting information

I've found for the HOSTS file:

http://www.mvps.org/winhelp2002/hosts.htm

You can download the one they provide and use it to

replace the default one (after renaming it). You can

then also lock the file, by right-clicking on it,

selecting Properties and checking Read-only. This will

prevent trojans and other hijackers from writing to

it, which can cause some major problems.

The MVPs page also offer a batch file utility which allows

you to temporarily turn off protection by renaming the file.

III RE-TEST YOUR SYSTEM

Once you've installed your firewall, go back to Steve Gibson's

ShieldsUP! page and test it out.

Then just update and run your AV program, Spyware Blaster,

Spybot S&D, and AdAware about once a week, and more often

if you have a period of agressive browsing in unknown

territory, or you have reason to suspect there is a bug

on the loose.

Meanwhile, AntiVir Guard, WinPatrol's Scotty, and MS's

Anti-Spyware programs, as well as Spyware Blaster's

innoculations, are keeping your system safe, and looking

for any changes.

BULLETPROOF!