Ursus Grande Services  -  Custom Software Development

              For project estimates, contact Ursus Grande Services.    No project is too large or too small.

  Basic Computer Security for Home Users and Small Network Administrators  Δ  February 2012 Regarding software for computer security on Windows™ platform:    READ THIS ENTIRE DOCUMENT FIRST Please note that the information below pertains to computers running Microsoft Windows™ Operating System only, version XP, Vista or Windows 7. The information is not applicable to computers running any Apple Operating System, nor is it applicable to computers running any version Linux or Solaris.

Among corporate clients the most trouble-prone security software in my experience (anti-malware, firewall, etc) is from Symantec (AKA "Norton"), followed closely by Trend Micro and McAfee products.  To be fair, most of the troubles are the result of incompatibility with other existing software applications, and/or existing driver software which may have bugs of its own.  However, on those exact same systems, certain other security applications generally do not result in the same erratic behavior, yet afford quality defense against malware.  Configuration is important, in any case. Typical symptoms I observe on systems with products from Symantec, Trend Micro and McAfee include:  • Malware sometimes infects the systems they are supposed to be protecting  • BSOD (the notorious "Blue Screen of Death")  • Other non-BSOD "freezes", "crashes" and/or "lock-ups"  • Application incompatibility, causing various error messages  • System performance degradation issues  • False "positives" (reports "infection" when there is none) Also on the negative side is that they may cease to protect the system if the paid service is not renewed. Sometimes the "status check" on the client computer fails to communicate with their servers, which can cause it to behave as if the paid service has expired. That can be caused by things such as a poor internet connection, heavy traffic on the server, corrupted or incorrect date/time information on the client computer, or conflict/incompatibility with some of the other on-client software that is installed/running. On the "plus" side, those products offer superior administration, where an admin can alter any/every system attached to the network easily from a remote location. Some of those products also offer simple admin "spy" capabilities which facilitates surveillance of any/all computers attached to the network.  It is my experience that the vast majority of professional IT admins prefer not to sacrifice performance and stability as a trade-off for easier remote administration. Another issue is the recurring cost of those products.  For small networks, the cost per computer is substantial, and more difficult to negotiate than it is for a larger installation (such as greater than 1000 licenses, for example).  Home users will find that, for single computers and/or smaller networks (small business for example, less than 100 licenses) the cost can vary from week to week, with different promotions and/or enticements sometimes in effect. In my opinion, the recurring cost of security software makes free security applications a prudent and viable alternative.

  NOTE: Much is assumed with regard to the procedures discussed within this document. Most important, however, is that you have a   good working knowledge of your computer and Operating system. You must know how to download files from websites into specific   folders on your computer; how to copy files into specific folders; how to uninstall applications via Control Panel; how to find version   information (32-bit, 64-bit, etc); how to disconnect/connect your internet connection, and more.  To the experienced computer user   those things will all seem trivial but to a novice even such simple tasks can be confusing and/or difficult. If you are not a skilled user   then I strongly recommend that you obtain the services of a computer professional to handle the tasks detailed within this document.

Free Security Software There are many free security software applications available. Ask a hundred people which one is "best", and you could get a hundred different answers. Part of my work entails cleaning up infected computers that are brought to me. Every week I see computers that are infected with various malware. Some of those machines run free security software, and some run very expensive security software.  NOBODY makes "perfect" security software.  Sooner or later, somebody figures out how to attack computers through any given protection. In the past 3 years I have not been made aware of any computer configured with the security applications I recommend becoming infected. The applications I recommend comprise a layered approach, and are carefully chosen to be well-behaved and to never interfere with a computer's observed performance. Enter Microsoft Microsoft values their reputation. If computers running a Microsoft Windows™ Operating System are easily infected, that is bad for their reputation.  While it would be easy for Microsoft to point blame at a given security software developer, such as Symantec, Trend Micro or McAfee, if one's computer became infected, they chose to take a proactive course.  Some years ago (2004?) Microsoft purchased Giant, a security software developer who marketed "GIANT AntiSpyware", the top-rated product in the computer security sector at the time.  Microsoft retained the development team as well, thus acquiring their expertise in the field. Today, that product has evolved into "Microsoft Security Essentials" and is available for Windows™ users at no charge. It is a highly competitive product, offering good security and, equally important, excellent compatibility. Microsoft Security Essentials does not cause system instability, nor does it cause performance degradation issues. It operates seamlessly in the background, while providing very good system protection. Microsoft Security Essentials  (MSE) http://www.microsoft.com/security_essentials/ As with many security software applications, the initial installation is a little time-consuming. The install itself is quick, but then the software requires internet access to download the latest data sets, and then runs a full system scan. If the computer has a large internal drive, heavily populated (a 1000 gigabyte disk with 14 million files, for example), the scan can take a while -- 5 to 180 minutes, depending on the capability of the hardware, and whether or not many other background tasks are running.  To the best of my knowledge, ALL computer security software exhibits similar behavior the first time it is installed. The steps outlined below provide a method to secure a computer through the use of zero-cost software applications.  Following these steps should have the added benefit of a very stable computer, free from "crashes", "freezes" and/or "blue-screen" errors, all of which should minimize risk of loss/damage of your data — documents, pictures, music, etc. Preliminary preparation steps should be: → Be sure you know your Operating System... what version... and if it is 32-bit or 64-bit.   Not sure??  Look here. → On a known "clean" computer, download the following software applications . . .  • Download Microsoft Security Essentials  ("x86" is 32-bit version, "amd64" is 64-bit)  • Be sure to save the file to someplace you can find it later, when ready to install.  • Download the latest definitions for MSE  (either the 32-bit, or the 64-bit file)  • Be sure to download the latest Network Inspection System definitions too.  • Download the most up-to-date HOSTS file from the Blocking Unwanted Parasites page.  • Note that there are different instructions provided for Windows Vista and for Windows 7.  • Download the most recent Malicious Software Removal Tool from Microsoft.  • Download the most recent Safety Scanner from Microsoft.  (the 32-bit or the 64-bit file)  • Click the link that shows "Need to run on a different PC? Select your version." on that page.  • Download the most recent Oracle JRE 7 Java Runtime Environment.  • Be SURE to download the 32-bit version, even if you -ARE- running a 64-bit Operating System.  • Then, also download the 64-bit version, —IF— you are are running a 64-bit Operating System.  • The 32-bit file to download, labeled as "Windows x86 Offline", is "jre-7u3-windows-i586.exe".  • The 64-bit file to download, labeled as "Windows x64", is "jre-7u3-windows-x64.exe".  • (as of February 18, 2012, on the "Java SE Runtime Environment 7 Downloads" page)  • Additional installation information for the Oracle JRE can be found here.  • IF you use Adobe Reader, download the most recent version of the Foxit Reader.  • (the idea being that you will uninstall the Adobe Reader, and use Foxit instead)

 • IF this is not a new computer, but rather is one you want to improve, then the following software  • is recommended to help ensure that it is free of any malware, and running in optimum condition...

Preliminary clean-up steps should be:  • Disconnect internet/network on the computer to be modified (let's call this computer the "target").  • Find and make a note of the MAC address for Wireless LAN and for Ethernet (if exists).  • Open a "Command Prompt" on the "target" computer . . .  •  Windows 7 or Vista:  Click "Start", then type cmd and press Enter.  •  Windows XP users:  Click "Start", then click "Run", then type cmd and press Enter.  • In the black "Command" window that is opened, type ipconfig /all and press Enter.  • If the results of that command are not all visible, scroll up till you can see the start.  • Look for the block of data titled "Wireless LAN adapter Wireless Network Connection:"  • Make note of the "Physical Address" which will be something like 00-2C-10-A2-45-80.  • Further down, find the block of data titled "Ethernet adapter Local Area Connection:"  • Make note of the "Physical Address" which will be something like 00-2D-11-A4-5C-F2.  • Close the session:  In the black "Command" window, type exit and press Enter.  •  →  The MAC address(s) will be used later, to secure your router(s).  • Completely UNINSTALL and remove ANY/ALL other "security" software.  • If you need help uninstalling existing security software, read this page.  • Above, "Completely UNINSTALL and remove..." refers to  any/all  existing anti-virus, anti-malware,  • anti-adware, and non-Windows firewall software. A reboot will probably be necessary after that step.  • For products such as Symantec's Norton Internet Security suite,  a special "removal tool" (software) is  • available from Symantec, because its own built-in uninstaller may not always work properly.  • The Symantec/Norton "removal tool" software is free of charge, and may be obtained from:  • http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US  • Other security software may require the same kind of thing, but Symantec (Norton) is the only brand that  • requires special removal software, as far as I am aware at this point in time (February 18th 2012).  • IF the "target" computer has "Adobe Reader" installed, completely uninstall it.  • Program removal can normally be accomplished via Control Panel.  • Completely UNINSTALL and remove ANY/ALL 3rd-party browser toolbars.  • You can re-install them later, though I recommend against them.  • IF the "target" computer is running "Windows Vista", and IF the Sidebar is active, close it.  • I recommend removal of any/all "Gadgets" due to potential for causing system instability.  • "Instant Messenger" software is a security nightmare.  I urge removal of Messenger software.  •  At a minimum, terminate any/all Messenger software for the remainder of this procedure.  •   [continued on next page]

 • Download the most recent version of CCleaner, free edition.    • (use the “Piriform.com” link, »NOT« the “FileHippo.com” link)

 • Download the most recent version of Malwarebytes.

 • "Peer-to-Peer" software is a security nightmare.  I urge removal of "Peer-to-Peer" applications.  •  Examples of "Peer-to-Peer" applications include . . .

 • Shut off and/or disable any/all unnecessary software not previously mentioned. Above, "Shut off and/or disable..." means to close any/all open programs, and any/all unnecessary "background" tasks. Background tasks can include automatic update services (but ignore the Windows Update service),  Browser Toolbars, Instant Messengers,  "Peer-to-Peer" applications,  Photo/image monitoring applications,  QuickTime,  etc. When in doubt, ask an IT professional for advice.  They should [should!] know which tasks to disable. And don't worry... upon subsequent reboot, those tasks will all be loaded again, automatically. Note that Dell, HP and IBM computers all have a lot of unnecessary software that runs in the background. Note also, Acer and Toshiba computers have a LOT of unnecessary software that runs in the background. NOTE:   AT NO TIME SHOULD MULTIPLE SECURITY SOFTWARE APPLICATIONS BE INSTALLED/RUNNING. Preliminary installation steps should be:  • Make sure the computer is not connected to the internet (in case it reconnected).  • If not already loaded on the "target" computer, copy the following files to it . . .  • On drive C: create a folder named install.  • Copy file "mseinstall.exe" into the new install folder.  • Copy file "mpam-fe.exe" or "mpam-fex64.exe" into the new install folder.  • Copy file "nis_full.exe" into the new install folder.  • Copy file "HOSTS" into the new install folder.  • Note that if the file is "hosts.txt" then you must rename is as "HOSTS".  • Copy file "windows-kb890830-v4.5.exe" into the new install folder.  • Note that the file version information (v4.5 here) will change for each update.  • Copy file "msert.exe" into the new install folder.  • Note that this file expires 10 days from date of download.  • Copy file "jre-7u3-windows-i586.exe" into the new install folder.  • IF applicable, copy file "jre-7u3-windows-x64.exe" into the new install folder.  • Note that the file version information (7u3 here) will change for each update.  • IF applicable, copy the "Foxit Reader" file into the new install folder.  • Note that the Foxit Reader will replace the Adobe Reader.  • Using "Malwarebytes" and "CCleaner" to prepare your computer...  • (this step is recommended for any/all used computers)  •   [continued on next page]

  • ANts P2P • Ares • Azureus    • Bearshare • BitTorrent • eDonkey    • eMule • FrostWire • Gnutella    • iMesh • Kaaza • KCeasy    • LimeWire • Morpheus • Overnet    • Piolet • Shareaza • Soulseek    • uTorrent • Vuze • WinMX  

If you downloaded  "CCleaner"  and  "Malwarebytes" . . .  Copy those files into the new install folder.  Install "Malwarebytes"    -   It will ask you to choose Language   -   It will tell you to close all other programs   -   It will present the User License Agreement        →  Click "Accept"   -   At the "Select Additional Tasks" dialog, UNcheck "Create a desktop icon"        →  Click "Next", then click "Install"   -   Now UNcheck  "Update Malwarebytes Anti-Malware"       (because your internet connection if OFF at this time)   -   A "trial" dialog will open -- click the "Start Trial" button   -   Select "Perform full scan", then click the "Scan" button   -   When completed (can take a while), if "Objects detected" is NOT zero . . .       »  Click "Show Results"       »  Evaluate items in the list       »  UNselect any items that you deem mistakenly flagged       »  Click the "Remove Selected" button       »  Close the log file that opens (you can review it later)       »  Click the "Exit" button   -   Close Malwarebytes   -   Right-click the Malwarebytes icon in the System Tray   -   Click "Enable Protection" to UNselect it   -   Click "Yes" when it asks "Are you sure..."   -   UNinstall Malwarebytes completely   →  NOTE that a reboot may be required  Install "CCleaner"    -   It will ask you to choose Language -- do it   -   Click the "Next" button   -   Click the "I Agree" button   -   UN-check the following choices . . .       »  "Add Desktop Shortcut"       »  "Add Start Menu Shortcuts"       »  "Add 'Run CCleaner' option to Recycle Bin context menu"       »  "Add 'Open CCleaner' option to Recycle Bin context menu"       »  "Automatically check for updates to CCleaner"   -   UNcheck "Install the free Google Toolbar along with CCleaner"   -   Click the "Install" button   -   Click the "Yes (Recommended)" button   -   Click the "Analyze" button   -   When it shows "ANALYSIS COMPLETE" click the "Run Cleaner" button, then click "OK"   -   When it shows "CLEANING COMPLETE" click the "Registry" square in the left-side panel   -   Click the "Scan for Issues" button   -   When the progress bar shows 100% click the "Fix selected issues..." button   -   Click "Yes" when asked if you want to save backup of changes to the registry   -   Click the "Save" button   -   Click the "Fix All Selected Issues" button   -   When finished, click the "Close" button   -   Close CCleaner   -   UNinstall CCleaner completely   →  REBOOT after the uninstall has completed

Now you are ready to start:  • Install the HOSTS file per instructions found here  • You should print the instructions for your specific Operating System BEFORE you  • start to do any of the clean-up procedure and subsequent installation procedure.  • Open/run the Microsoft Safety Scanner, "msert.exe"  • Note that the Safety Scanner may take some time to complete.  Wait for it.  • Open/run the Malicious Software Removal Tool, "windows-kb890830-v4.5.exe"  • Note that the MSRT may take some time to complete.   Wait for it.  • Remember, the version info (v4.5) will be different for each release.  • Open/run Microsoft Security Essentials (MSE), "mseinstall.exe"  • If it complains about no update available because of no internet, ignore it.  • Open/run the MSE definitions, either "mpam-fe.exe" or "mpam-fex64.exe"  • This step can sometimes take several minutes to complete.  Wait for it.  • Open/run the Network Inspection System definition updates, "nis_full.exe"  • This step normally completes quickly, but wait for it to finish before proceeding. Initial Full Scan:  • Open/run Microsoft Security Essentials (MSE)  • Choose "Full" under "Scan options:" on the "Home" tab.  • After the initial scan is finished, you should reboot the machine as a safety measure.  • Note that a "Full" scan can take a long time to complete.   Wait for it to finish.  • Connect internet/network connection.  • Open Windows Update and be sure that all the latest important updates are installed.  • Note that a system reboot may be required if Windows Updates were needed.  • Open/run the 32-bit Oracle JRE installer, "jre-7u3-windows-i586.exe".  • Note that "7u3" is the version info in the filename... may be different.  • IF applicable, open/run the 64-bit Oracle JRE installer, "jre-7u3-windows-x64.exe".  • Note that, as above, "7u3" is the version info in the filename... may be different.  • Install the newest version of the Adobe Flash Player:  •   UNcheck  "Yes, install Google Toolbar - optional"  •   http://www.adobe.com/go/getflash  • Run the Secunia Software Inspector to determine if any important updates are missing:  •   http://secunia.com/vulnerability_scanning/online/  • The Secunia Software Inspector is kept current.  As of February 18th 2012 it was current, and in my experience  • it always is.  It will report if the most recent "patch Tuesday" updates are not installed for Windows™, as well as  • for many other potentially insecure high-risk software applications. Special note about Adobe PDF Reader:  • The Adobe PDF Reader is a frequently attacked application with a very long history of security issues.  • Hence I strongly recommend avoiding the Adobe PDF Reader, and using the Foxit PDF Reader instead.  • The Foxit PDF Reader is more secure than the Adobe Reader, offers more functionality, and has a much  • smaller "footprint" than Adobe's software... meaning, it uses less memory, is faster and is less likely  • to interfere with other installed software.  Like the Adobe Reader, the Foxit PDF Reader is free.  • If you are going to use the Foxit PDF Reader, install it now.  You can download a sample PDF file.

Special note about Adobe Flash Player:  • The Adobe Flash Player is one of the most attacked applications but is also required by many websites.  • You should check for updates to the Adobe Flash Player at least twice each week, if you hope to keep  • your computer secure.  Adobe products have a very long record of security flaws, and the Flash Player  • does not always automatically update itself. Browsers:  • The most popular browsers are Firefox and Microsoft Internet Explorer. Regardless of which browser you  • use, make sure the most recent updates are installed. Also make sure that active scripting is limited, and  • that only known safe and/or necessary Browser Helper Objects are active. Most malicious web sites  • exploit either Flash, or a browser security hole based on scripting, or on Browser Helper Objects.  •  • Ursus Grande Services recommends the Lunascape browser. Router Security:  • MAC Address:  MAC is the Media Access Controller. Above, you were instructed to note the MAC address(s).  • Most modern routers support a MAC-Address Filter Table.  If you are using a wireless router, then you should  • log in to it,  and enable MAC-Address filtering,  and add your computer's Wireless LAN MAC address.  • If you connect via Ethernet (direct wire from computer to router), enter the Ethernet MAC address.  • Using MAC Address filtering will keep your home network much more secure than without it.  • NOTE that your router may have separate tables for Wireless Filtering and Ethernet Filtering. Using Passwords:  • Using a password for every "important" item in your system will help you remain safe and secure.  • Any/all passwords should be "strong", meaning a combination of lower and uppercase letters, and  • numbers, and "special" characters such as !@#$%^&*()_+-[] for example. Avoid short passwords.  • Using at least 8 characters is a wise choice...  using 14 characters is a much better choice.  • Example of a strong password:  Ek^o2#J8pQ4i1M  •  → Password-protect your computer.  •  → Password-protect your router.  •  → Password-protect your email. Online Dangers:  • Comprehensive discussion of online dangers, security risks, is beyond the scope of this document.  • However, it is worth mention that certain online activities carry inherent dangers. Your computer  • can be "infected" by malware in many different ways.  Here are some helpful tips...  •   •  Never use Peer-to-Peer file sharing sites/services  •   •  Never visit sites that provide pornography  •   •  Never visit online gambling sites  •   •  Never visit online gaming sites  •   •  Block ALL Facebook Applications  •   •  Never click on links in "chain" emails  •   •  Never open email attachments you did not expect  •   •  Never use "Instant Message" services (Yahoo, MSN, etc)  • That advice is not “popular”, because many people will want to continure their habits regardless  • of computer security issues.  Ultimately, the choice is yours.

→  It is  extremely important  to keep your browser up-to-date! 

Computer Security Resources:  • The internet is loaded with sites presenting information regarding Computer Security, but only a  • very small percentage of them are useful.  Below is a list of sites that are informative as well as  • useful, in my opinion.  They are not listed in any particular order.

 • The field of Computer Security is broad, and is ever-changing, and I've touched on only a small portion of it.  • If you have questions, you may contact me here.   BUT... if I receive a lot of emails that day, then chances  • of receiving a response from me are greatly reduced.  Sorry... that's just how it is. Disclaimer:       Note that I have no vested interest in Adobe, Foxit, Microsoft or Oracle, and hold no stock from any of those entities.  I recommend their software based on merit,  based on over 25 years of personal experience with those  and hundreds of other similar software products.  However, I give no guarantee that any software product will be forever bug free.

Security News from Sophos     Security News from ComputerWorld Security News from NetworkWorld     eWeek Security Solution Center SecurityFocus: Vulnerability Issues     Home Network Security Microsoft Safety & Security Center     Facebook Security Threats

US-CERT — Computer Emergency Readines Team     Home Network Security NIST Information Technology Portal     Computer Crime and more DHS Cybersecurity     Government Computer News Federal Computer Week     Washington Technology

The links above were valid as of February 18, 2012.  But links do not always remain valid.

©2012  Ursus Grande Services  —  This document may be freely reprinted and shared so long as no fee of any kind is attached.