Announcement

Collapse
No announcement yet.

[Civil] Protecting/fixing your computer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Civil] Protecting/fixing your computer

    I do volunteer work doing software repairs on people's computers (I don't do hardware, I have a habit of frying motherboards). I am also slightly-to-moderately paranoid about data security. Anyway, here's how I set up other people's computers (and my computer) so that a. the computer is probably not going to get virused up, and b. if it's stolen then nobody's going to get anything good off of it. This assumes that you've got a PC.

    Part I: Your computer is working fine

    A: Program Security

    1. Get an antivirus program, I recommend the free version of Avast because it's probably got all of the features that you want/need (in particular, it's got file and web shields, a boot-time scan, and the ability to make a rescue disk). I don't think that there's ever a reason for a home user to buy an antivirus program.

    If you've already got an antivirus program that you're happy with, then keep using it. Otherwise, try Avast.

    2. For intrusion prevention, you've got two options:
    a. The easy solution is Windows Firewall + the free version of Sandboxie. Sandboxie lets you isolate a program so that it can't muck with the rest of the system, so that you can more or less safely run dodgy programs that you downloaded from Sourceforge or a more nefarious source.
    b. The comprehensive solution is to install the free version of Comodo, which is a firewall, host intrusion prevention system (HIPS), and sandbox. If Comodo doesn't recognize a program then it will either block its execution or else run it inside of a sandbox, depending on your config settings. Comodo can be a bit of a beast to configure properly, but it's essential if clueless people (e.g. your kids) are going to be downloading programs to your computer.

    B: Data Security (Plus Backup)

    First off, you'll need at least two partitions: a relatively small System partition which has your operating system and non-secure programs, and your Data partition which has your data and secure programs. The reason is that you're going to be making an image of the System partition and so you don't want the stuff on the Data partition expanding the size of this image, and also you're going to be encrypting the Data partition but you're not going to be encrypting the System partition. In order to repartition your hard drive(s) without having to reformat, use the free version of Partition Wizard.

    1. To encrypt the Data partition, use Diskcryptor - use all of the defaults (AES, no wipe). Don't encrypt the System partition as this will make it more difficult to perform backups.

    I recommend putting "secure programs" such as web browsers on the Data partition in the form of portable apps, e.g. Firefox Portable or Chrome Portable - this way if somebody steals your computer then you don't need to worry about the integrity of your cookies, saved passwords, internet history, etc.

    As a supplement to putting your browser on the Data partition, you can store your passwords using Lastpass - this way you'll be certain that you're never saving a plaintext copy of your passwords anywhere.

    Note for the ultra-paranoid - the government can probably subpoena your encryption key (or beat it out of you if you're Serb). Previously the free program Truecrypt let you create an encrypted container with a hidden section on it, but this program has since been deprecated (there's a bit of dodgyness about this in that the developers were a secretive bunch and the program had just passed an independent security audit, so there's some speculation that the developers sold the program and then claimed that the previously free version was broken; so, use at your own risk). I'm not aware of any good free program that offers this functionality, but there are commercial programs that do (e.g. Bestcrypt). The way this works is that you create an encrypted container of size X encrypted with key K1, then within this container you have a second container encrypted with key K2 - it's impossible to tell that the two different sections of the container were encrypted with different keys. When you're forced to reveal the container's encryption key you reveal K1, and so the data encrypted under K2 is still safe. But again, this is way overkill unless you're planning on overthrowing the government or whatever.

    2. To securely erase files from your unencrypted partition(s), use Eraser. You'll need to configure this program so that it uses Pseudorandom as the default wipe for files instead of the ridiculously overkill Gutmann wipe that comes as the default. (Definitely DO NOT use Gutmann on a flash drive.)

    3. Use Paragon to back up your System partition to an external hard drive - then if things go horribly wrong you can just restore from a backup. For backing up data from the Data drive, use an encrypted external hard drive and then use Puresync to sync your files.

    Part II: Your computer is ****ed

    This is assuming that you don't have a good backup.

    1. Start with using an antivirus cd, such as Kaspersky.

    2. To get data off of your computer prior to a reformat, use a live cd - I recommend Hiren's Boot CD because it's got a GUI (not a given with a live cd) and comes as a pre-built ISO (typical for Linux-based live cds, pretty much unheard of for Windows based live cds; Hiren's can read/write NTFS, so its Linux-ness doesn't really matter). Pull your data from your computer, and if you're feeling ambitious then try mucking around with the rescue tools. If you're feeling even more ambitious then you can build your own Windows boot cd, e.g. Ultimate Boot CD For Windows or LiveXP - these aren't pre-built ISOs, instead you need to furnish your own Windows XP cd and build a live cd out of it.

    3. Reformat and reinstall your operating system.
    <p style="font-size:1024px">HTML is disabled in signatures </p>

  • #2
    great advice loinburger.
    "The Christian way has not been tried and found wanting, it has been found to be hard and left untried" - GK Chesterton.

    "The most obvious predicition about the future is that it will be mostly like the past" - Alain de Botton

    Comment


    • #3
      actually my free avast stopped working. it just refused to update and wouldn't uninstall/reinstall, so i installed another free virus program that seems to work pretty well. i also use malwarebytes, which seems useful for removing all the crap one gets from browsing normal pages.
      "The Christian way has not been tried and found wanting, it has been found to be hard and left untried" - GK Chesterton.

      "The most obvious predicition about the future is that it will be mostly like the past" - Alain de Botton

      Comment


      • #4
        I like the Malwarebytes anti-malware program, so I'm sure their anti-virus is also decent. Pretty much the only way to really screw up an antivirus is to have it hog too many resources (which Norton and McAfee are notorious for)
        <p style="font-size:1024px">HTML is disabled in signatures </p>

        Comment


        • #5
          1. Get an antivirus program, I recommend the free version of Avast
          How is Avast better/worse than AVG free?
          Libraries are state sanctioned, so they're technically engaged in privateering. - Felch
          I thought we're trying to have a serious discussion? It says serious in the thread title!- Al. B. Sure

          Comment


          • #6
            I haven't used AVG, but according to this website (which is my go-to freeware review website): they give Avast a 5/5 and AVG a 4/5 citing slightly worse detection rates for AVG. If you're happy with AVG then stick with that.
            <p style="font-size:1024px">HTML is disabled in signatures </p>

            Comment


            • #7
              If your computer is already messed up, just pay me $2500 and I will buy you a new $1250 computer.
              “It is no use trying to 'see through' first principles. If you see through everything, then everything is transparent. But a wholly transparent world is an invisible world. To 'see through' all things is the same as not to see.”

              ― C.S. Lewis, The Abolition of Man

              Comment


              • #8
                Loin, is AVG still ok? I've used the free version of AVG with Spybot: Search and Destroy as my main protections for years, but haven't looked into whether they are still any use for a long time.

                Comment


                • #9
                  Originally posted by kentonio View Post
                  Loin, is AVG still ok? I've used the free version of AVG with Spybot: Search and Destroy as my main protections for years, but haven't looked into whether they are still any use for a long time.
                  Inquisitive minds want to know

                  And thanks for the thread.
                  "Ceterum censeo Ben esse expellendum."

                  Comment


                  • #10
                    It seems Avast has one of the more "active" safe browsing modes. On websites I run, it's the anti-virus most likely to have users report malicious ads to me. (Using 3rd party networks, it's simply an eventually that bad ads will be shown from time to time.)

                    Comment


                    • #11
                      Grammar no compute...
                      "Ceterum censeo Ben esse expellendum."

                      Comment


                      • #12
                        @Aeson (and everybody): I suggest you add the browser extension Adblock Plus (supported in Firefox and Chrome, not sure about other browsers) - you can whitelist sites whose ads are useful or who you want to help support. Another useful extension is Web of Trust (again, Firefox and Chrome, dunno about others), which will warn you before you visit a dodgy (yellow) or malicious (red) site (as determined by the other people using Web of Trust); Avast also includes a similar plugin, but I prefer Web of Trust primarily because I started using it before Avast offered its browser plugin.

                        @All: Regarding AVG vs Avast, pretty much all of the reviews I've read say that Avast is better for reasons like using fewer system resources and having a better user interface - I don't think that you're considerably more or less likely to get an infected computer while using either Avast or AVG, especially if you're careful about running dodgy programs using Sandboxie or Comodo. In other words, if you're happy with AVG, stick with AVG.
                        <p style="font-size:1024px">HTML is disabled in signatures </p>

                        Comment


                        • #13
                          Originally posted by loinburger View Post
                          @Aeson (and everybody): I suggest you add the browser extension Adblock Plus (supported in Firefox and Chrome, not sure about other browsers)
                          What he says... Adblock Plus is the best. It does a great job.
                          Keep on Civin'
                          RIP rah, Tony Bogey & Baron O

                          Comment


                          • #14
                            I meant that users of my sites have over the years reported problems. Usually it's Avast taking issue with one of the ads. Most of the time it's a false positive.

                            As someone who makes a living off of ad revenue, Adblock is kinda a sore topic for me.

                            Comment


                            • #15
                              Do you mean "bad" as in the ad was running malicious code, or "bad" as in it led to a malicious website, (or unknown)?
                              <p style="font-size:1024px">HTML is disabled in signatures </p>

                              Comment

                              Working...
                              X