1) Alternatives to Internet Explorer

There are alternatives out there. Better, quicker, easier than IE.

Web Browser List | Alternative Browser Alliance

Standalone, Cross Platform

Standalone - Mac (OSX)
Camino (Mozilla)

Camino is The Mozilla Foundation's browser built specifically for the Mac and OSX. It, like FireFox, is built on the excellent Gecko rendering engine.

* Very Standards compliant - Based on Gecko engine
* Simple, small and fast
* Tabbed browsing
* Secure
* Good accessibility

Download Camino Now!

-----
Standalone - Windows
K-Meleon

K-Meleon is a barebone browser which contains only the necessities of displaying web pages. It is a little too featureless for some.

* Very Standards compliant - Based on Gecko engine
* Minimalist: A Small and fast browser.
* Free, open source
* Secure
* Good accessibility
* Lacks some handy features

Download K-Melon Now

-----
Cross Platform with Integrated Mail and Chat
Mozilla

* Built on the excellent Gecko rendering engine, with most of Firefox's features. Mozilla - People who have used Netscape will find this browser very similar to NS. It is based off of the fast Gecko core. It has built in email, newsgroups, IRC (Internet Relay Chat), and an HTML editor. This browser is brought to you free from the Mozilla Group.

Download Mozilla now!

-----
Mozilla Firefox

Switching to Mozilla Firefox from Internet Explorer
Mozilla Firefox is a light but feature packed browser built on the Gecko core. It is fast, free, and renders pages the way they should be seen. It comes with built in Google Search, pop-up blocker, tabbed browsing, and a slew of themes and extensions to make it your best browsing experience. This browser is also from the Mozilla Group.

Firefox is attracting huge attention due to its good webpage rendering engine, security, and handy features. It is also easy to personalise with extensions and themes.
* Very Standards compliant - Based on Gecko engine
* Tabbed browsing, one-click-downloading
* Open source
* Very secure
* Extensions - Countless add on features can be downloaded
* Themes - You can personalise your Firefox by downloading themes
* Easy to use and intuitive
* Good accessibility
* Improved Tabbed Browsing
* Spell Checking
* Search Suggestions
* Session Restore
* Web Feeds (RSS)
* Live Titles
* Integrated Search
* Live Bookmarks
* Streamlined Interface
* Accessibility
* Phishing Protection
* Automated Update
* Protection from Spyware
* Clear Private Data
* An Add-on for Everyone
* Add-ons Manager for Extensions and Themes
* Search Engine Manager

Download Firefox Now!

-----
Opera - (Commercial - $39)

* Free version displays ads
* Nice feel and design
* Tabbed browsing
* Far more secure than Internet Explorer
* Easy to use and intuitive
* Good accessibility

Download Opera Now!

-----
Safari (Apple)

Apple's Safari for Mac OSX is a neat little browser with good standards compliancy and excellent speed. However, it is often less favoured than open-source competitors.

* Good Standards compliancy
* Quick and light
* Tabbed browsing
* Free
* More secure than Internet Explorer
* Good accessibility

Download Safari now!

________________________________________________________
2) Anti-Spyware

Dealing with Unwanted Spyware and Parasites by mvps.org on spyware issues.

Spyware is any program that hides on your system with the intent of collecting marketing information about you and your surfing habits, and/or displaying pop-ads on your screen. Spyware is currently the most annoying problem on the Internet, and in my experience, the single most common cause of unreliability and slowdowns on Windows machines.

1. Start by killing any viruses and trojan horses. Boot to a CD with an up-to-date antivirus and disinfect the system. [We need a tutorial on Creating An Antivirus Boot CD].

2. Then remove spyware using the free AdAware, Spybot S&D, Microsoft Windows AntiSpyware (Beta) Home (Only works with Windows XP and Windows 2000) and Malicious Software Removal Tool (Only works with Windows XP and Windows 2000). Update those, scan and remove all the infections you can, then turn on the immunization feature of Spybot. This should take care of the spyware, but often is insufficient to remove browser hijackers.

Also you can get rid of junk on your hard disk on your computer with Windows Live Safety Center: Free online tool for PC health and safety, CCleaner - free software download - Spyware Free and CleanUp!

3. I recommend using Mozilla or Firefox to avoid future hijacking. If you must use Internet Explorer install Spyware Blaster to block future infections. Better yet, follow Steve Gibson’s instructions for Using Internet Explorer Safely.

Spyware is not a problem on Macintosh computers. Yet.

PC Review has a great article, explaining what spyware is and how to get rid of it. Here is a link

Anti-Spyware - Anti-spyware Tool's product reviews and Corrupt Anti-Spyware - Corrupt anti-spyware tools

* Commercial Anti-Spyware Software

CounterSpy

Network Security IT Security Vulnerability Assessment

Nod32

Pest Patrol

Spy Cop

Spy Subtract

Spy Sweeper

XBlock

* Free Anti-Spyware Software

Ad-Aware SE

BHODemon

CW Shredder

Dealing with Unwanted Spyware and Parasites

Firewall Test, Port Scan and Internet Security made easy - Spy Ware, Audit and Tools

HijackThis!

Resources: Ad Blocking Resources - IE Spyad

Microsoft Anti-Spyware

Peer Guardian at Methlabs Website

Merijn.org

PAL Spyware Remover

Privacy-Security (UIUC)- Software

SpyBot Search and Destory

Spyware Blaster

Spyware Guard

Spyware Terminator

WinPatrol

* More Spyware Warriors

Air Freight Adware and spyware, knowing the basics

Alliance of Security Analysis Professionals

Ben Edelman

Bigger Threats, Better Defense

CARMA

Counterexploitation

Eric L. Howes

Doxdesk Parasites

Javacool

Machine Information Consulting Alliance

Merijn

MickeyTheMan

NoMoreSpyware

ParasiteWare.com

Patrick M. Kolla

Russell Texas

Scumware.com

SpywareInfo

TeMerc Internet Security Site

Therock247uk

Thiefware.com

TomCat

Tom Coyote

Webhelper

Wilders.org Security Advisors

* Spyware Help Forums

BroadbandReports.com Security Forum

Castle Cops Security Forums

Cexx.org Discussion Boards

Net-Integration Forums

SpywareInfo Forums

SpyWare BeWare

Spyware Warrior Forums

Subratam Forums

Tankweb.net Forums

therock247uks Pc help Forum

Tech Support Guy Security Forum

TeMerc Internet Countermeasures Forums

Tom Coyote Forums

Wilders Security Forums

If you need help with spyware go to WyldRyde IRC Network - Chatrooms, Free Chat Script, Chat Software

* Spyware Tutorials and Info

Another HijackThis Tutorial

Anti-Spyware Feature Comparison by Eric L. Howes

Anti-Spyware Tests by Eric L. Howes

Bleeping Computer: Computer Help - Tutorial Sections

Bleeping Computer Tutorials

CoolWebSearch Chronicles

Getting Help with Spyware

Hijack Prevention

HijackThis Detailed Tutorial

HijackThis Quick Start Tutorial

Internet Explorer Privacy & Security Settings

Javacool Software Knowledge Base

Rogue/Suspect Anti-Spyware Products & Web Sites

Spyware and Other Internet Nuisances

Spybot Search & Destroy Help

Spybot Search & Destroy Tutorial

So how did I get infected in the first place?

* You can search your spyware for removal instruction.

Spychecker - download spyware removal and Internet privacy tools

________________________________________________________
3) Anti-Virus

Tips for using AVG 7.0 by mvps.org on AVG 7.0

If you’re a Windows user you need an Anti-Virus. I do not recommend the current top sellers: Norton Anti-virus or McAfee. They’re bloated and less effective than others. Check any anti-virus before you buy by visiting the independent Virus Bulletin : Independent Anti-virus and Anti-spam Advice. Any anti-virus you choose should also be certified by the Standards for commercial security products are set by ICSA Labs (all the big commercial products are).

* If you can’t afford, or don’t want to buy, an anti-virus program I recommend the Free Version of AVG from Grisoft. It’s fairly accurate but to reduce bloat you might want to turn off the background tasks.

* The best commercial anti-virus is NOD32 from Eset. It’s relatively inexpensive and has a 100% effective rating from the Virus Bulletin.

Symantec’s Anti-Virus Research Center is a good source of virus information. The site also lists hoaxes and offers many free virus removal tools. Most anti-virus companies maintain similar sites. Unfortunately, there’s no standard for virus names, so you may have to look around to find the right page.

If you are having problems installing an AV product it may be that your system is infected. Use one of these free Online Anti-Virus/Trojans/Worms.

* Anti-Virus Program's

AntiVir Personal Edition

AVG

Bitdefender

Kaspersky

McAfee Inc. - McAfee AVERT Stinger

Nod32 Free ESET Online Antivirus Scanner

Symantec

This scanner from Trend does not require an activeX to run, this means that you can use Firefox or any other browser to run it as long as the browser supports Java

TrendMicro HouseCall

Trend Java Scan

Windowsecurity

* You can search your virus for removal instruction.

Free Removal Tools from bitdefender.com

McAfee Inc. - Virus Information Library

Norton Removal Tool

Symantec Search

Symantec Security Response - Removal Tools Page

Virus Info

F-Secure : News from the Lab - December of 2005

________________________________________________________
4) Default Browser

Your Default Browser is the one that your system will automatically open when you click on a link outside of an open web page.

Anyone remember how to change which is your default after you have told the system to stop with the popups that keep asking you to make the other browsers default?

Change Default Browser within Windows

* Windows XP:
Go to START, then click “Set Program Access and Defaults”. Then select custom and select the browser you would like to use as the default and click ok. (You can also find “Set Program Access and Defaults” by going to the control panel and selecting Add/Remove programs).

Change Default Browser within Browser

* Internet Explorer:
Open internet explorer and go to Tools ==> Options ==> Programs. Check the box that says “Internet Explorer should check to see if it is the default browser.” Close internet explorer. Open internet explorer. It should ask if you want to make internet explorer the default browser.

* Mozilla Firefox:
Open Firefox and go to Tools ==> Options ==> General. Click the “Check Now” button in the default browser section. If Firefox is not the current default browser it will ask you if you want to make it the default, otherwise it will let you know that it is already the default browser.

It should also be noted that on an OS X (mac) you change your default browser by opening Safari, clicking the Safari menu, click preferences. Under the General tab you have an option to select your default browser.

That’s great for XP, but is it different if you have an Earlier Windows?

________________________________________________________
5) DSL Accesories

There are many PC’s out there that are still High Speed Virgins… Here are a few pre-cautionary steps you can take to ensure system safety.

1. Use a router. A lot of problems can arise if you don’t use caution at the entry level. A firewall router is a simple, yet very good means of keeping the worst unwanted stuff out.

2. Don’t use IE. I recommend using Mozilla Firefox because of it’s amazing speed, stability, and so far unbeatable security standards. Click here for the Mozilla Information Center on Leoville.

3. SpyWare Blaster & SpyWare Guardian. Both available from JavaCool Software, these two applications are a must.

4. PeerGuardian. Blocks unwanted IP addresses.

________________________________________________________
6) Email Encryption

With the latest news that your email can legally be read by your ISP, the receiving ISP, and any server in the middle, encrypting email is even more important than ever before.

Securing your email can take two forms, signing or encrypting.

An email signature can ensure that the message was sent by you and has not been tampered with (but it can still be read). You can send a signed email to anyone, but they’ll need some software to verify it, usually PGP. You can use PGP to sign mail (that’s what I do) or get a certificate from somewhere like Thawte.

Encrypting the email scrambles it completely so only the recipient can read it. To send an encrypted email you’ll first need the recipient’s public key. Many folks, including me, put our public keys on various keyservers like keyserver.pgp.com and keys.pgp.net. Your PGP software should be able to search the servers for an appropriate key.

* For free PGP software visit PGP International You can also get a free version for non-commercial use from PGP Corporation.

* There is the Windows Privacy Tools project that includes a set of free Open Source tools to help make it easy to encrypt and sign your e-mail.

* Thawte offers free email certificates suitable for signing or encrypting.

* An even easier way to send secure email is Hushmail, a web based email service. Hushmail offers free and paid encryption services.

________________________________________________________
7) How to not be infected with all that spyware on your computer in the first place

Five Things to Do to Protect Yourself on the internet

1. Don’t open email attachments; even if it’s from someone you know. If you do get something from someone you know, make sure that they really sent it to you.

2. Don’t click links in email. That link could lead you to a phishing site, or the link may lead you to install malicious software. Copy and paste links instead. You can avoid this if you disable HTML email. Use plain text email.

3. Don’t download files from places you aren’t absolutely sure are safe. Stick with the well known sites.

4. Update regularly! There are problems with software that occur. If there’s a patch out, you better apply it. Even MySpace can infect you. There was once a banner ad that had malicious code that took advantage of an Internet Explorer flaw that Microsoft had already patched. However, over a million people still got infected.

5. It is absolutely necessary to have a firewall. The best firewall is a hardware firewall: your router. It keeps your system clean of worms. There are worms that are network viruses. If you don’t have a firewall on the Net, the worms will get you right away. You can also turn on the Windows or OSX firewall.

-----
Well, you usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

1) Watch what you download! Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself.

2) Go to: Internet Explorer Downloads

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

3) Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option/security.

So why is activex so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

And some more advice:

4) Install Javacool's SpywareBlaster

It will protect you from all spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer.)

Press "select all", then "kill all checked", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection. Don't forget to check for updates every week or so.

There's a board at Wilderssecurity as well.

Let's also not forget that AdAware, SpyBot Search and Destroy and Microsoft Windows AntiSpyware (Beta) Home has the Immunize features which works roughly the same way. Only work's with Microsoft Windows 2000, Windows XP, or Windows Server 2003

5) Another brilliant program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware! And you can easily have an anti-virus program running alongside SpywareGuard.
It now also features Download Protection and Browser Hijacking Protection!

6) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Incidentally, another site with an enormous amount of information on computer security, and which is well worth a visit is wilders.org security advisors

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests.
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.

________________________________________________________
8) Installing Windows Safely

When you install Windows follow these steps to make sure you don’t get infected by spyware and network worms…

1. If your computer is plugged into a DSL line/Cable modem, physically disconnect the network cable from the computer.

2. Install Windows XP

3. If you’re not using a router to connect to the ‘net, turn on the Windows firewall (Open Network Connections, right click your online connection, click Properties, click the Advanced Tab, then check the Internet Connection Firewall.)

4. Now re-attach any cabling you removed earlier. Get online and run Windows Update then install all Critical Updates. If you have to restart re-run Windows Update until there are no more critical updates to install. If you’re using a Dialup connection, consider ordering and using the the free Windows XP Service Pack 2 on CD to reduce the download time.

5. Install an anti-virus and update it immediately. (If you don’t have one download the Free AVG.)

6. Install anti-spyware tools, AdAware, Spybot S&D then turn on the immunization feature of Spybot and Microsoft Windows AntiSpyware (Beta) Home (Microsoft Windows 2000, Windows XP, or Windows Server 2003). Update those program's when you install them.

7. Install Spyware Blaster and protect your browsers from hijacking. I strongly recommend against using IE. Use Mozilla or Firefox instead.

Make sure to run Windows Update regularly, or better yet, turn on Automatic Updates by opening the System Control Panel, click the Automatic Updates tab, then check either “Download the updates automatically” or the scheduled updates installer. You should also enable the automatic updates in your anti-virus and keep all the spyware programs up-to-date, as well.

________________________________________________________
9) Learning HiJack This Program

1. Read up on browser hijackers at SpywareInfo.com and Hijack This Quick Start - tomcoyote.org. You may need to use a dedicated tool. Start with Hijack This to download and install HiJack This prgram. Here is how to install HiJack This Creating the C:\HJT Folder.

2. You can post your HJT log in one of these websites at Merijn.org - Online Help Forums. Also at HijackThis Log file for you can do it yourself.

3. To learn more about HiJack This go to Bleeping Computer - HijackThis Tutorial - How to use HijackThis to remove Browser Hijackers & Spyware and Merijn.org - HijackThis log tutorial's.

4. Common hijackers include Cool Web Search and 180 search Assistant. For a list of all the known Browser Hijacking programs and removal tools visit Sysinfo.org. Searching Google can also be useful in finding removal help.

________________________________________________________
10) Must Have Security Software

These are FREE programs I recommend nearly every weekend. All Windows users should download and use these to protect themselves against viruses and spyware…

* AVG free anti-virus and Nod32 every bit as good as Norton and not as intrusive.

You should only use one anti-virus at a time, but it’s ok to have multiple spyware killers. In fact, I recommend it.

* AdAware - One of the first Sypware killers and still one of the best
* Spybot S&D - My favorite. Use the immunize feature to protect yourself against future infection.
* Microsoft Windows AntiSpyware (Beta) Home (Microsoft Windows 2000, Windows XP, or Windows Server 2003)
* Spyware Blaster - Run this to protect Internet Explorer from browser hijacking

Internet Explorer is not the safest browser to use - nor is it the best. I recommend one of these free choices based on Netscape.

* Mozilla - Full featured, includes an e-mail program and web design tool
* Firefox - just the browser. Small, speedy, and powerful. My first choice for web browsing.
Must have Firefox Security extensions FoxFilter :: Firefox Add-ons and NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction

IE-based web browsers are not safer (Avant Browser, Crazy Browser, iRider, Maxthon [pka MyIE2], NetCaptor, NeoPlanet, SlimBrowser) since they only offer alternative interfaces plus some of the extra features on top of IE. These “shell” applications are not new browsers. Under that new “skins”, however, deep down they’re still IE! And still subjected to IE targeted attacks.

You’ll be safest with an email program that doesn’t use the built-in Internet Explorer engine to display HTML emails (otherwise it will have the same security problems as Outlook etc.) Eudora does use the built-in web viewer, but you can turn off HTML email. I suggest you do - HTML email contains all sorts of security and privacy issues.

Thunderbird from the Mozilla Project supports HTML mail but uses the Mozilla Gecko engine to render it safely.

Also you can use Netscape or Opera just as long as you stop using IE(internet explorer)for normal broswing the only reason you will needed it is to run Windows Updates and a few other things.

Zonealarm is a still very good firewall, but it suffers from creeping featuritis. My new favorite, free, firewall is the Sygate Personal Firewall. It’s very powerful and has proved reliable on my system. Also Bugoff It's disables three exploits that are commonly used by browser hijackers (including CWS).

Which raises an important point. Anti-virus and firewall programs are very invasive. They have to be to get the job done. The programs I’ve recommended above are good and reliable, but as with any system level software they can cause problems on your machine. And since they’re free you can’t expect any support from the vendor. I’ve had good results with these programs, but your mileage may vary.

That’s why for most people I don’t recommend a software firewall. An Internet router like the Linksys Etherfast provides most of the protection of a software firewall without the relibility issues. If you’re using DSL a broadband router has the added advantage of replacing the software PPPoE dialer - which is convenient and can also improve reliability. Broadband routers are cheap, as little as $50.

If you have a virus and don't know what it is you want to check it out below.

* Bleeping Computer - Startup Database
* Spychecker - download spyware removal and Internet privacy tools
* Trend Micro Virus Information, virus alerts, advisories, Top 10, antivirus, worm, trojan, macro, free, virus encyclopedia

We’ve had reports of installation problems with AVG Anti-virus. These are almost always caused by a virus infected system. Many new viruses and spyware programs block anti-virus installation. I recommend you scan your system for spyware and viruses before you attempt to install an anti-virus. There are several excellent free online virus scan programs for Windows (they require Internet Explorer by the way):

Panda Active Scan from Panda Software

Trend Micro - Free online virus Scan

Must have security apps - For Macintosh

Just the one suggestion from this Mac user.

Little Snitch: Network traffic monitor. Runs in background at startup. Once set up with “rules” this a great app to prevent unathorised transmissions. Easy to configure. Nice interface in the System Preferences.
Linky:
Little Snitch

________________________________________________________
11) Removing Sasser

Sasser is a worm that spreads itself via the Internet. An unprotected Windows XP machine will get Sasser within just a few minutes of being put on the ‘net. To protect your system run Windows Update regularly and use a firewall (a broadband router will do fine).

To remove the Sasser infection follow these steps:

1. Disconnect from the Internet.
2. Disable Sasser to keep your system from rebooting. Click Start, select Run… and enter shutdown -a then press OK. That will stop the worm.
3. Turn on your Windows XP firewall. Open Network Connections, right-click your network connection icon and select Properties. Click the Advanced tab and turn on the firewall. This will prevent reinfection.
4. Reconnect to the Internet
5. Update your anti-virus and disinfect your computer, or download the free Sasser removal tool from SARC.
6. Run Windows Update and install all critical updates. You should do this regularly.

________________________________________________________
12) Service Pack 2

Windows XP System Housekeeping Before SP2 Upgrading!

The key to a successful install of Windows XP Service Pack 2 is to have as clean a system as possible.

SP-2 nearly always installs just fine on a fresh install of XP. It’s what we’ve done since installing that causes most of the problems. The chief issue is spyware. Make sure your system is absolutely free of all spyware (Spyware Prevention on this weblog). Viruses, too. Uninstall unnecessary software. Make sure you have SP-2 compatible drivers for your hardware. make a good backup before installing. And finally, set a system restore point - this will be invaluable if you need to remove SP-2.

* Service Pack 2 full download: Download details: Windows XP Service Pack 2 for IT Professionals and Developers Download details: Windows XP Service Pack 2 for IT Professionals and Developers

Uninstalling SP-2

If you experience problems after you install SP-2 you can uninstall it by running the Add/Remove Programs control panel. After uninstalling, use System Restore to restore your system to its pre-SP-2 state. (That’s why it’s important to set a system restore point before you install SP-2.)

If you can’t get to the Windows prompt, you can run System Restore from the command line. Type c:\windows\system\restore\rstrui.exe at the command line.

Check with Hardware Vendors for SP2 Supports

If you haven’t installed SP2 for Windows XP, you should check and see what your hardware vendor has to say about it before you do the install.

There are web sites around the net, that are about general issues with SP2, but you should check your PC makers web site for any issues that may be related directly to your hardware.

The big makers have issued their own recommendations for upgrading their PCs to SP2. Check them out here:

Dell

Gateway

HP & Compaq

Sony

Slipstreaming Bootable WindowsXP SP2 CD

You can use nLite to easily create a Windows XP + SP2 slipstreamed bootable CD. Such a method is to integrate the original unpatched version of Windows XP with the lastest Service Pack 2 so that it would be much easier the next time you reinstall XP (saves a lot of time too). Make sure you have .NET Framework installed and patched (GDI+ security issue) to run nLite. You would need to have with you:

1. Original installation CD of Windows XP Home or Professional.
2. The full 266MB Windows XP Service Pack 2. Microsoft will also mail you a disc free of charge.

* Service Pack 2 full download: http://tinyurl.com/6ubys
* Service Pack 2 free install disc: http://tinyurl.com/6g675

See MSFN and MCSEworld for more information on sliptreaming.

Please read this artical on service pack 2 Push Is Coming to Shove for XP SP2 Deployment for more info on service pack 2.

________________________________________________________
13) Spyware Prevention

Dealing with Unwanted Spyware and Parasites by mvps.org on spyware issues.

I recommend three programs for all Windows users:

* AdAware SE
* Spybot Search & Destroy
* Windows Defender (Beta 2) Only work's with Windows 2000 and Windows XP

These are free. Turn on the immunization feature of Spybot to block many spyware programs. As with an anti-virus, you should update both these programs regularly and scan at least weekly.

To avoid browser hijacking use the free Mozilla or Firefox browsers. They also block pop-ups, and have useful additional features like tabbed browsing. You needn’t try to remove Internet Explorer (that’s not a good idea) but I suggest you not use it for day-to-day browsing. Reserve it for sites that require it like Windows Update.

If you insist on using Internet Explorer, I strongly recommend the free Spyware Blaster to make it a little safer.

The one commercial program I recommend is Pest Patrol. You can get much of its functionality free with the Yahoo Toolbar for Internet Explorer.

The following article was written by Justin Wallace, a listener. I haven’t tried all these programs so I’m not passing any judgment on them.

Spyware should be stopped before it starts. I have decided to post a few of the the things I always tell people to prevent spyware.

* Spyware Blaster & Guardian

* Spy Sweeper - Best Spyware removal tool out there. It really gets the hard stuff…

* PeerGuardian — Well known, but ever since I started using it I haven’t had a single trace of Spyware (mainly because it blocks all incoming IP adresses for sites that have Spyware or other Mal-ware/Police-ware.

* Use Sandoxie of dealing with rogue software, spyware and malware? Tired of spending countless hours removing unsolicited software? Download Sandboxie

* Get rid of IE!!! I like Mozilla Firefox or Opera. Firefox does a superb job of filtering out malicious scripts, Active-X controls, etc.

I feel that it is important to run some type of Spy removal tool and scanner at least once a week. I run Spy Sweeper on all my Windows machines at least once-a-day (I usually turn it on as I’m going to bed and let it run all night).

Spyware is becoming more and more of a threat and it’s getting out of hand. I feel that it [Spyware] should be taken care of before it starts. By monitoring and implementing “check stops” at each point that Spyware can penetrate, then you will almost always [within 99 percent of the time] be safe. I can honestly say that my Windows systems are 100% spy-ware free because I usually reinstall Windows at least every 6-months when possible, and then I run all the anti-spyware measures that I mentioned above.

If you’re running XP and have multiple users, always remember to run Spy-Sweeper (or whatever Spyware remover you’re using) on each account. Spy removal tools will not check any other section of the HD but what user you are.

________________________________________________________
14) Startup Programs

Topic: Enabling / Disabling programs that start up when Windows XP is started.

Objective: Limit the number of programs that startup when Windows KP is started so as to lower the boot time. Controlling programs in this way can have other benefits as well.

Difficulty: Beginner / Intermediate

Tip: running “msconfig” in the run dialogue box can be as dangerous as running regedit if you are not sure what to disable / enable. A better option is to run “services.msc” This will allow you to disable / enable programs that start up, but there is some protection without sacrificing functionality.

Knowledge Requirement: This is one of the more simple improvements that can be made to your system and does not require much knowledge. A basic understanding of the file system and how files are organized into folders on a drive may be useful.

How To:

1. Run “services.msc” from the run command in the start menu (WindowsKey+R).
2. Resize the window or maximize to view all of the columns.
3. Choose either: Manual => Services start when Windows XP feels like it. Automatic => Service starts at startup. Disabled => Service will not start (may still be forced to start).
4. Remember what you changed or print / write down so as to change it back if some undesired effect occurs.

IMPORTANT: Check Black Viper’s site for a complete list of services and the reccomended startup type for each (Manual, Automatic, Disabled).
The list can be found at http://www.blackviper.com/WinXP/service411.htm

________________________________________________________
15) Stop Popups

Dealing with Unwanted Pop-ups by mvps.org on popup's.

Popups are those annoying ads that pop up (or under) while you’re surfing the ‘net. There are three kinds of popups, and you’ll need to do three separate things to block them.

For Windows Users:

* Pop up windows created by web pages can be easily blocked by a third-party pop up blocker like the free Google Toolbar. However, the best way to block popups (and other nasties like browser hijackers) is not to use Internet Explorer at all. I recommend Mozilla or Firefox browser. Both have built-in pop-up blocking but you must turn it on in the preferences.

* Pop-ups can also be created by spyware. These programs run in the background and can appear any time, even if you’re not online. I recommend AdAware, Microsoft Windows AntiSpyware (Beta) Home (Microsoft Windows 2000, Windows XP, or Windows Server 2003) and
Spybot Search & Destroy and to clean out spyware and block it in future. If you’re going to continue to use Internet Explorer also get Spyware Blaster to prevent browser hijacking.

* Finally, there’s a really annoying kind of pop-up that’s, in my opinion, a security flaw in Windows NT/2000/XP. These versions of Windows have a function called netsend that’s designed for system administrators. They can use it to communicate with all the computers on the network. Unfortunately, it can also be used by a spammer who can send a pop-up to ANY computer on the Internet. To block this form of Messenger spam you can turn off the Messenger service, or turn on a firewall. Enabling the built-in Windows XP firewall will block this spam forever. Windows XP Service Pack 2 turns on the firewall by default.

For Macintosh Users

* Pop up windows created by web pages. In Safari, ensure you have “Block Pop-Up Windows” selected in the Safari menu (there should be a check mark in front of the item in the menu). Other Mac browsers vary, but there’s usually a setting somewhere in the browser’s preferences to turn on popup window blocking.

* Pop-ups created by spyware. So far at least, Macs don’t get spyware, so this just doesn’t happen on Macs.

* Messenger spam. This also has no Mac equivalent; it just never happens on a Mac.

________________________________________________________
16) Using Internet Explorer Safely

Secure your System and keep out Spyware, Adware, viruses and Popups.

When security expert Steve Gibson of ShieldsUp fame was on he told us he still uses Microsoft’s Internet Explorer in Windows, despite the security and spyware issues.

For Windows Users:

Here’s how Steve uses IE safely:

Under IE’s Tool menu open your Internet Options… click the Security tab, and set security for the Internet zone to High (slide the slider all the way to the top).

1. Start Internet Explorer.
2. Click Tools, and then click Internet Options.
3. Click the Security tab.
4. Click Trusted Sites, and then click Sites.
5. Clear the require server verification (https:) for all sites in this zone check box.
6. Make sure that the following URLs are listed in the Web Sites box:
• http://*.windowsupdate.microsoft.com
• http://*.windowsupdate.com
Note: If you want to add a URL to the Web Sites list, and the Add button is unavailable, contact your system administrator.

Only add sites you know are safe to your trusted list.

To prevent browser hijacking I recommend installing Spyware Blaster. (This is unnecessary if you have security set to high, but it’s useful just in case you accidentally give access to a bad site.)

UPDATE: Windows XP SP-2 adds a new zone to XP: My Computer, and locks it down. This is a very effective way to combat browser hijacking. Microsoft provides instructions for people who have not yet installed SP-2 here but it’s not for the faint of heart.

Although this will make Microsoft Internet Explorer a little more secure it will never be as secure as Mozilla and Firefox browser's.

For Macintosh User

Internet Explorer for Mac is more secure than IE for Windows, as the Mac version of IE doesn’t support ActiveX controls and other Windows “features” that can also create security holes. But, IE for Mac hasn’t been updated by Microsoft in a long time, and they don’t plan to continue developing it. So, you might want to switch to another Mac browser for reasons other than security—such as performance, or in order to have support for all of the web’s latest “bells and whistles.”
________________________________________________________
17) Windows Encrypted File System

(EFS) For Win2000, WinXP & Win2003 only.

If you’re using Windows 2000 or Windows XP Professional and your disk is formatted with NTFS you can use the system’s built-in encryption to keep others from reading your files, even the System Administrator. This way, you can protect your sensitive data.

How to encrypt/decrypt files/folders with Windows XP
Begin by right-clicking on the folder/file to encrypt, select “Properties…” from the pop-up menu. Click the “Advanced…” button. Check the “Encrypt contents to secure data box”. Subsequently, you may be ask to choose whether to encrypt all the files in that folder or just the file you have selected. Pick the preferred one and click “OK” and we are done.

Notice that the encrypted file will be in green color (Compressed file is in blue). If users form other login accounts tried to open it - the Access is denied window will shows up (as displayed above). In this case, Notepad failed to open the file.

You can also use Tweak UI from Microsoft to simplify the process of encrypt/decrypt. By putting in the encryption functionality to the context menu, encrypt/decrypt can be done by right-clicking on a file/folders. Launch Tweak UI, select “Explorer”. Over the right panel, check the “Show “Encrypt” on context menu” and click “OK”.

How to back up your certificate
You only need to perform this once.

Backing up files is a good habit for all computer users. More importantly, is to backup your encryption certificate(s) or key(s), if you have ever encrypted data in your system. A unique certificate associates with your account was created and stored in the account the first time data were encrypted. Although users may not realized this, since users always login to thier own accounts to open encrypted files, that unique encryption certificate is needed to authenticate that the user has the right to access or decrypt those data.

Problem occurs when users clean install their Windows XP. Unfortunately, like some of the callers, even with the same user name and password; even if those data were still intact; they cannot open those files because the special certificate tied closely to those data was missing. Therefore, be wise to always backup your data with the encryption certificate as well. So back up now. Losing data is better than having them but cannot access them - so cruel!

Step 1

Begin by login to your user account. To backup the certificate(s), we need to get to the file first. There are two ways of accessing the account’s certificate:

1. Using Internet Explorer: Go to menu: “ToolsInternet Options” select the “Content” tab and click on the “Certificates…” button. This will brings up the Certificates windows showing a certificates under the “Personal” tab. It has the same name as your login. Select it and click on on the “Export” button and follow Step 2.

2. The second way is: Go to “StartRun”, type in “certmgr.msc” into the box and hit enter. A window named Certificates will pops up. Expand the Certificates - Current User to “PersonalCertificates”. A certificate with login name shows up on the right panel (in this example, it is named Bill). Lastly, right click on certificate and select: “All taskExport”. We are now ready for Step 2.

Step 2

A Certificate Export Wizard will appears. Click “Next >”.
Here, you will be asked to export the key or not. Select “Yes,…” and proceed.
Check only the first two options and click “Next >”.
Enter a new password and confirm to protect your certificate. Only those who have the password can import (restore) the backed up certificate to their accounts. This is to ensure nobody else but you have the right to access your encrypted files. Please don’t forget the password.
Choose a directory and file name to save your certificate. Remember to back it up to a safer place like burning it to a CD. I don’t trust Floppy disk.
This will brings us to the end of the “Certificate Export Wizard”. Confirm all your inputs and click “Finish” and we are done! You will see “The export was successful.”

How to restore your certificate
After reinstalling your system or you would like to associate the backed up certificate to a new account, then the backed up certificate would need to be restored. It is pretty straight forward to do so.

But before that, for convenience purposes, always restore the backed up certificate first before starting to encrypt data on a new account. The new account will then continues to use the backed up certificate for encryption and prevent Windows XP from generating a new account’s certificate for new encryption. As a result, you don’t need to back up this new certificate as well (you’d have two certificates now).

Just double click on your backed up certificate and this will brings up the Certificate Import Wizard. Follow the instructions given by the wizard. You will need to enter the password (if you’ve chosen to export private key) created during certificate export.

Below is a .gif generated slideshow (remember to enable browser’s animation, if you can’t see it). Just follow it step-by-step.
You should see the confirmation window when the certificate is successfully imported. Done!

References

External Links

* Guide: Windows XP Pro - Using File Encryption
* How to Share Files Using Encrypting File System
* MCSEWorld: What’s EFS?
* Microsoft: Best practices for the Encrypting File System
* Microsoft Windows XP Resource Kit - Overview of EFS
* Wikipedia: EFS

EFS Related Softwares

* EFS Key
* ElcomSoft - Advanced EFS Data Recovery (AEFSDR)

________________________________________________________
18) Windows Security Tips

Install Windows XP SP2:
Windows Update
Full Download 266 MB
Order CD

Run an Anti-Adware and Anti-Spyware:
Ad-Aware SE
Microsoft Windows AntiSpyware (Beta) Home
Spybot Search and Destroy

Run an Anti-Virus:
AVG Anti-Virus
Eset Home - NOD32 Antivirus System

Run a Personal Firewall If You are on a Broadband/Cable/DSL Router:
D-Link D-Link TechSupport - Downloads
Welcome To Linksys.com

Run a Personal Firewall If You are on a Dealup:
Sygate PersonalFirewall
ZoneAlarm

Turn off unused services:
BlackViper