View Single Post
Old 13-09-2008, 21:07   #6
-Jon- -Jon- is offline
Новенький
 
-Jon-'s Avatar
 
Join Date: Sep 2008
Location: Scotland
Posts: 18

Computer security :: Defence (Windows)

If you use windows then this is for you......

This is whats going to be covered in this post.

::: Access Control :::
- Windows default accounts
- Proper use of user accounts

::: Defending your Computer :::
- What could attack you
- What can you do to defend your computer

::: Maintaining your computer :::
- Software updates
- System utilites explained
------------------------------------------------
::: Access Control :::

-Windows default accounts-

Microsoft makes four accounts when you install windows, the Administrator / Guest / HelpAssistant and Support account. Other accounts may also be present (such as ASPNET) that were installed later and are used for special purposes or development.
These are special user accounts and are defined in the following registry entery: [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t] you can check that out ir you know how to use the 'regedit' program.
And if you dont but still want to have a look let me know and I willtell you how.

Another quick way to see the accounts on your computer is to go the the command prompt 'Run -> type 'cmd' -> click ok' then in the black box type 'net user' you will then see a table of accounts present on your computer.
The important one is the 'Administrator' account this is because asI already said the Guest account is limited. The other accounts are also limited and not used by users they are used by services. The 'Administrator' account is important because its their and it is unprotected.
You can login with this account as it dosnt have a password. And since it is an administrator account it has unrestricted access to do anything on your computer. If a virus is executed and you are using an administrator account the virus has unrestricted access to do anything it wants on your computer.

-Proper use of user accounts-

This is the important bit. This is only one thing, one step, but it makes a lot of difference to the security of your computer system as you use it daily.
You put yourself and your whole computer at risk if you use an administrator like a normal account. You should only use the admin account for installing programs and setting up your computer and other housekeeping tasks, as their known. When you do everything else it should be done using a normal account.
Here is a quick test you can do....Right-click the time on the bottom right of the screen. Their should be an option 'Adjust Date/Time' if your an administrator you will be able to chnge the time and date, otherwise you will get a message saying you dont have permission to change the date.
Changing the time and date might not seem so important but it is. If you change the system time or date it effects the time and date for everything... This includes things like logs and your timestamps that get given to files. All sorts of things depend on your system time.
I have already mentioned about viruses but I will say it again, if you have a few people sharing your computer, the administrator account can view edit and delete their files. If a virus is designed to delete all files on a computer. Windows will protect the system files but since your using an admin account and you executed the virus on that account it will wipe out everything you can delete.
If you were using a normal account then the virus would be prevented from deleting another users files. It might be able to delete yours but atleast their is some damage control.

I cant stress this one enough because its only a simple thing that prevents many problems. What you do is simple. If your using an administrator account create a normal user account for yourself, move all your files to that account and login using the normal user account and use that instead of the admin account.
If you think "what if I need to install stuff, I cant be botherd loggin into the admin accoint all the time" their is a simple solution. While in your restricted account (if you cant install something) Right-click the installer or setup program and select 'Run as...' you will then be able to rin the installer program using your account or another account. Simply select another account and enter the username and password of the admin account.
The program will then be installed using the admin account while your logged in as a norml user. Thats not to hard and saves time. So their is really no reason for you not to use a normal account like your supposed to in the first place.

---------------------------------------------
::: Defending your Computer :::

-What could attack you-

First thing you should do is read the 'Common threats' topic for a general idea os what you need to defend yourself against. After that their are few 'windows only' things you need to be aware of. The first thing is Internet Explorer (IE), I encourage everyone that browses the internet to use a different browser. This is not a biased statment, I have nothing against the people who made the browser but you need to consider the following, which is also ture for the windows operating system itself.
It is the most used browser a few years ago about 80-90% of internet users used IE to browse with and as soon as someone finds a flaw in the program they can exploit it. Everyone who uses the browser is effected, meaingin a worm or virus that spreads through a problem with IE has the potential to spread into 80-90% of the computers on the internet. Today it is only about 70% of the people on the internet that use IE, this has mainly been down to Firefox and Opera. Firefox is an opensource browser meaining if a bug is spotted it can be imediantly fixed.
People who write viruses and other programs are trying to infect as many computers as possable. That is why they target IE and Windows. Its not only IE, Outlook express, MSN, MS-Word and other Office programs have all been exploited. So keep that in mind and look for alternative programs. For example Mozilla Thunderbird for email or Open Office to replace MS Office.

-What can you do to defend your computer-

First thing you can do is teach yourself, be informed and keep an eye out for the latest exploits. You have the internet at your disposal, it is possable to find information on nearly anything. I have found everything from the specification for 'chip & pin' to firearms manuals to assembling nuclear weapons. Do I have any use for that information not really, but its out their. The first thing you can do to help you find information is learning how to look for it. You will eventually find what your looking for but if you want to find it faster and find more sources. read about using search engines, learn how to do advanced google searches.
After that you wll be able to find what your looking for easier and ofcourse save yourself from looking through all the crap thats on the internet to get to it. Other places of interest are proffessional bodies. Their are organisations set up by governments around the world that montier viruses and worms and where they have spread / how they spread. And thoes sites have lots of information on them you, me and everyone can benifit and learn from.

You should also think about installing the veryminimum of defensive software. A firewall, Anti-virus and Anti-spyware program. Their are a few out their for windows some are free and some you pay for but these three programs are the minimum you should have. If your not sure then you have the internet. You can search for a program, but dont get the first one you find. Get a few names and then search again for opinions about these programs. Dont go on the opinion of the average person... Look on programming forums and security forums for opinions. And importantly dont listen to anyone who cant gire a reason for their opinion and back it up with evidance.

-----------------------------------------------
::: Maintaining your computer :::

-Software updates-

Can you take the source code for a program patch it and recompile it? If the answer is no then updates are important to you. The great thing is everyone that uses windows has to say no to this question because only microsoft has the source code and their not sharing it. Updates are crucial for all of your programs even the operating system itself.
As I said when someone finds a bug and exploits it, this effects everyone untill that bug is fixed with an update. Thats why windows has automatic updates now. But what good is that if it is disabled...? and its not only windows you need to update as every pregram is bound to be improvedor a bug spotted in it you need to get the latest version.
You should also make sure your anti-virus and anti-spyware programs are updated regularly. you should check this once a week minimum every few days is good, but if you are in charge of something important like a server, then you need to check daily. And yes it is that serious. if a new bug was found in windows tonight or microsoft released an update, the bug can be exploited instantly and the update can be reverse engineered into an exploit within a day. And from that your computer can be attacked.

-System utilites explained-

Their are a few programs that you get to help you keep your computer going, with windows you eventually need to reinstall it for some reason but if you make a small effort then you shouldnt need to do that too often and possably not at all if your lucky.
The first program in going to tell you about is the 'Disk Defragmenter' located in 'Start->Programs->Accessories->System Tools' all this program dose is defragment files, I could explain memory managment policies and why files fragment if anyone requests, but for now I will just talk about the reason why this is bad.
When you access a file you want it to load into memory as fast as possable, if the file is in lots of little pieces it takes time for the file to be loaded. a few miliseconds might not seem like a long time, but it is and the computer works better if it can get the whole file loaded in one Input/Output (I/O) request.
If the fileis fragmented it has to look for all the difererent parts and this requires many I/O requests to the hard-drive. What the Disk Defragmenterdose is look for all the fragments of a flie, combine them and save them to another location on the disk. The file is now a 'Contiguous file' meaning all the memory blocks that are used to store the file are beside each other and so the file can be loaded quicker.
If the file can be loaded quicker then your computer will run faster. Programs will also run faster because they also have to be loaded into memory just like your music and pictures, and again if your listening to music on a media player it has to load the fle before it can play it. thats why sometimes if a videofile has been on your hard-drive for a longtime and you try to view it it takes a few seconds or a few minutes to load.

Next is the 'msconfig' program. Go to the start menu click run and type 'msconfig' and click ok. This will run the system configuration utility. You will see a few tabs at the top but you interested in the 'Startup' tab you can uncheck every program on the list, but their are a few things you do want to load when your computer starts, and thats your firewall your anti virus and your antispyware program. Thats it. and if you do have a computer that takes a long time to start then removing some of theseprograms fromloading at start up will improve that. So figure out what you need and dont and get rid of everything you dont. You will also ant to look in the Startup folder located in 'Start->programs' because if you place a shortcut to anything in that folder it will also load at startup.

Finally im going to talk briefly about is the windows restore point feature. Which is a good feature. But you have to be carefull. If you create a restore point and your computer is infected with a virus or something else and you restore that restore point you also restore the virus. Thts why its best to back-up manually.

That is the end of the windows section, if anyone has any questions or needs something explained or wants to point out something I might have missed, please do.
- Jon.
~~~~~~~~~~~
Read This -> www.tatu.ru/forum/viewtopic.php?t=1163

TA Chatroom - Come and say Hello
The best times to check the chatroom are:
- 8am GMT
- 4pm GMT
- 11pm GMT (I am normaly online at this time)
  Reply With Quote