Keyloggers:

Windows® Stuff:

• ALERT! Check to see if you have Starforce CD Protection secretly installed on your system. If some games don't work or your CD or DVD drive is acting up. Open Device Manager in your Control Panel under the System icon. Under the View drop down menu click Show Hidden Devices and expand the Non Plug And Play Drivers list. Remove any listing you have for Starforce.
• ALERT! Check to see if you have the SONY DRM rootkit on your computer. Type cmd /k sc query $sys$aries into your "RUN" dialog box on the start menu. If you get the response that "STATE 4 IS RUNNING" you have SONY's invasive DRM protection tool (a virus created by SONY to enforce Digital Rights Management [DRM] on your computer whether you like it or not). Download an unistalling program from SONY here. You may join the class action LAWSUIT here.
  Check out the SONY BOYCOTT and sign a petition HERE.
• MALICIOUS SOFTWARE REMOVAL TOOL: This free utility removes several different classes of virus' [ e.g. Bagle, Sober and Sobig]. Download it from Microsoft Support. "The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000"


• BASLINE SECURITY ANALYZER: Microsoft® has a program to download that will scan your computer to ensure you have all the latest updates to keep your Windows2000/XP computer running secure.  Download the Baseline Security Analyzer . "MBSA is the free, best practices vulnerability assessment tool for the Microsoft platform." [thier words, not mine]


• WINDOWS XP SP2:
• What to Know Before You Download and Install Windows XP Service Pack 2 . From Microsoft®
• Download Service Pack 2 for Windows XP "Windows XP Service Pack 2 Network Installation Package for IT Professionals and Developers " and of course since it is from Microsoft there is a patch for the patch. Get it here.
• Order Windows XP service pack 2 on CD here . They say to allow for 4-6 weeks for delivery but mine came a lot faster than that. I think it was a week and I've heard as little as 4 days for delivery.
• For Microsoft® security bulletins and “recent incidents” check out thier Security Page
• Microsofts toll free number is: 888.772.4357

Related stuff (web Sites and programs)

• F-Secure operates a weblog with an RSS feed for the latest threats going around the internets...
• iamnotageek.com has a list of how-to's for removing types of spyware. Each link on this page goes to a page with instructions for removing types of spyware. They also have a HiJack this analyzer that can help you understand what HiJack this is telling you.
• I found Computer Associates Spyware Information Center to be very informative. Especially thier About page. It shows you how to delete registry items, kill running processes, remove autostart programs, and how to unregister .dll's [dynamic link libraries]
• Security Glossary is a list of definitions of the various terms used when discussing Security, Spyware, Adware, Viruses, etc from Vision Technology Management
• Attack Denied! This is a good site for EXPLANATIONS about what you need for your computer to be safe. What is a cookie? What is a "Firewall"? Password safety. etc. etc.etc. In their words it's..."Security tips for broadband internet users". This is a big help if your new to Broadband Internet because things are a lot different with "always on" internet access.
• Microsoft Security Page is a good place to go for advice and updates for your computer.
• Secunia website "monitors vulnerabilities in more than 5000 products" like Internet Explorer, Firefox, Windows, Linux, etc. etc. etc. [a LOT of products, cy]
• Symantec Security Check Symantec Security Check is a free service designed to help you understand your computer's exposure to online security intrusions and virus threats. [won't work with FireFox, requires Internet Explorer 5.0 or newer or Netscape 4.5 or newer.]
• US-CERT Protects the United States internet infrastructure against cyber attacks. They have all the latest information on viruses and exploitations going around the internet. Check out thier Home user or new to computer security? web page for all you newbies out there.
• Sygate Online Services offers a free security check of your computer: You can scan your computer thru their web site to look for security holes.
• Tasklist.org is a resource for finding out if your computer is infected with spyware. It is mostly an ad for XoftSpy Adware scanner but there is some useful information there such as a list of running task that could be spyware. Special note: don't confuse winlogon with winlogin when disabling task (winlogon is ok, winlogIN is bad).
• Got a program running running in your programs file and you don't know what it is? Spyware? Malware? Harmless? PC Pitstop has a feature that will let you search their database to see what it is. It also gives you info about how often the prog has been seen in system tested on their web site. Go to: PC Pitstop/Spy. They also have a Spyware Information Center that can scan your online computer thru their web page.

• UnHackMe is a rootkit discovering program. It cost $19.95 but they do have a trial version which is fully functional.
• Netcrafts Anti-Phishing Toolbar This add-on to Internet Explorer (or FireFox) will display information about the website you are at. It will show you who owns the website, when it was started and a risk meter. So you are more informed and less likely to end up at a "phishing" website. IE 7 should have this built in when it comes out [what is "phishing"? ].
  
  
• Process Explorer This very impresssive software program show what going on with all your "processes" that are running in the backgound in Windows. a "MUST HAVE" for any self respecting geek out there. It blows away Windows "Task manager". It even shows what .dll files are in use and what/who is using them. Awesome.
• Netcrafts Anti-Phishing Toolbar This add-on to Internet Explorer (or FireFox) will display information about the website you are at. It will show you who owns the website, when it was started and a risk meter. So you are more informed and less likely to end up at a "phishing" website. [what is "phishing"?]
• Onion Router "The Onion Routing program is made up of projects researching, designing, building, and analyzing anonymous communications systems. The focus is on practical systems for low-latency Internet-based connections that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routing servers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network."
• Google offers a cool toolbar to add to your Internet Explorer web browser that blocks pop up ads. It also gives you quick access to searching the internet and a quick link to googlenews. Try it! Google Toolbar
• SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. Works with Firefox too.
• a-squared personal is a malware scanner and remover of the latest generation which is specialized in Trojans, Dialers and Spyware. So it is the perfect addition to your existing antivirus software. [I used this and it found a trojan horse/back door program none of my other anti-spyware/virus programs could find! cy]
• KL-Detector detect keylogging activity on your computer! Use KL-Detector to find out whether your activity is being recorded without your knowledge. It is designed to be able to detect all keyloggers. And it's free.
• Filemon for Windows "FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations."
• Download CWS Shredder Click this link to get rid of Cool Web Search spyware. Thanks to Aumha.org for the link.
• WallWatcher runs under Microsoft Windows 98 and above. It collects, displays, and analyzes log information from Routers and firewalls.

Tips, hints, helpful stuff:

Do's and Don'ts
1. Don't trust unsolicited e-mails - even if the e-mail looks legit. The crooks out there are getting better every day (and learning better english)
2. Look for a padlock icon in your browser window if your on a secure website. Usually on the bottom right corner of your web browser program (not on the web page). There should also be an "S" in the https:// of the web address.
3. Type your banks URL or Web Address in yourself, don't just click on a link in an e-mail ot website. The URL can be faked to look like something else.
4. Use an anti phishing tool bar or use IE7's built in Anti-Phishing setup.



• Set a "Killbit" for Active X Controls Active X controls are a vulnerable part of Windows. Patches from MS close the loopholes that allow hackers to use these to gain acces to your PC but usually take a few months to be posted for dowbload from MS. Use a killbit to control your Active X plugins for internet browsers. You need a CLSID to edit your registry get it from Sans Internet Storm Center and get news of recent threats. Learn how to do this via PCWorld Article "Disable ActiveX Controls That Are Under Attack". Disabling Active X controls can make some websites lose funcionality. Don't forget to delete the KillBit after a patch is issued. Turn off all Active X controls if you don't want to take chances...
• Disable "Guest Account" To disable in WindowsXP Pro open User Accounts in Control Panel and click "Turn off guest account". In WindowsXP Home this will just make it disappear from the login page but still exist in the background. You will need to assign a password to this account for the best protection (then turn off the guest account).
  
• Set up Outlook Express to warn you when other programs try to send e-mails in your name. Click Tools/Options, select the security tab and check the box marked "Warn me when other appplications try to send emails as me".
• Firefox is a really good web browser but sometimes "pop under" adds sneak up on you behind your open window using flash based ads. To get into the config file for Firefox type about:config in the address bar up top. Now we can add a line to this list by right clicking an open space and clicking on 'New' and then 'interger'. In the box that pops up type privacy.popups.disable_from_plugins, then click OK . In the second box that pops up after this one make sure it says '2'. Bet you didn't know Firefox did that, did you? You can change a lot of behaviors using this secret but be careful!
• Disable network sharing thru the internet: Are you sharing your files and folders with the rest of the world? Make sure you have "NetBIOS" disabled or you might be leaving your stuff open for anybody to snoop thru. Right click 'My Network Places' icon on your desktop and goto 'Properties'. In the'Network Connections' dialog box right click Internet Protocol TCP/IP and click 'Properties'. Select the NetBIOS tab. Uncheck the 'Enable NetBIOS Over TCP/IP'
  
• Disable hidden Administrator account (in WinXP) If you have a user account setup as administrator you can disable the 'backdoor' administrator account. Any hackers sneaking into your computer will have to know your administrator username and password to wreak havoc now. Do this: Right click My Computer and click on 'Manage', On the left side expand 'Local Users And Groups' , click 'Users'. In the details on the right double click 'Administrator', under the general tab checkmark the 'Account is Disabled' box. Click OK and close.
  
• ALERT! Disable remote registry editing. Incredibly Windows® enables remote editing of YOUR registry automatically every time your computer starts thru 'Remote Registry Service'! (also in Win2000, WinServer2003).
  To stop this nonsense:
  1. open 'Control Panel' and double-click 'Administration Tools'
  2. then double-click 'Services'
  3. Right-click 'Remoter Registry Service Properties' dialog box.
  4. On the drop down menu change the startup type from 'Automatic' to 'Disabled'

How to disable Messenger service in Windows®:

Windows 2000

1. Click Start->Programs->Administrative Tools->Services
2. Scroll down and highlight "Messenger"
3. Right-click the highlighted line and choose Properties.
4. Click the STOP button.
5. Select Disable in the Startup Type scroll bar
6. Click OK

Windows XP

1. Click Start->Control Panel
2. Click Performance and Maintenance
3. Click Administrative Tools
4. Double click Services
5. Scroll down and highlight "Messenger"
6. Right-click the highlighted line and choose Properties.
7. Click the STOP button
8. Select Disable in the Startup Type scroll bar
9. Click OK
10. Verify that the service is disabled by opening a DOS promt or Command promt (to do this in the Start menu click "run", then type cmd ) and type: net send 127.0.0.1 "test"

Print this page