Internet security
 

Did a search, didn't really see what I was looking for (forgive me if this type of thread has been posted before). Anywho, been getting increasingly more paranoid about identity theft and internet security. Made the switch to FireFox last week, and currently use McCaffee for virus protection, Ad-aware for spyware stuff. However, looking for the best all-around package deal for protecting passwords, etc. on the computer. Lets hear your suggestions.

David, from what I have read and tried, of the free spyware apps, Spybot is the best.
I use it and a paid version of Spysweeper by Webroot.
I like that the best, and it protects your surfing in the background.

For antivirus I ran Mcafee for years, but switched over to AVG.
It is less bloated, and the PC runs much better with it than with Mcafee hogging system ram and resources.

They have a free verion 7 out now if you want to experiment with it.

I am not sure about what type of program to protect your passwords though.
It is best to have them in paper though, and not in a file on your PC unless you have it in secret code ;)

if you're referring to using passwords for internet banking and the like... it's up to your financial institution to secure the link between you and them, encrptying it. Computer security is far from 100%, but most things in life are the same.

Check out the PC Tips section for more info...

but basically, here's what I do:

• Symantec Corporate Antivirus or AVG Free edition - no problems with either... but I like Symantec's a little better. Just depends on if you want to pay or not.
• Microsoft AntiSpyware has been surprisingly good, and it's still free. It runs realtime protection much like Corey's SpySweeper. Once I run this and clean everything, 99% of the time Spybot and/or Adaware will both turn up nothing.
• Install Javacool's SpywareBlaster and update it every now and then.
• Get a firewall up and running. If anything, get a router even if you just have one computer. They're so cheap these days and are your best bet at the best protection. Also, despite what some others here will say, it's a good idea to have a software firewall running also. It's more of a pain to get them both to work together correctly, but the extra level of security is worth it. Hardware firewalls keep stuff from coming in, but do nothing to prevent it from going out. A software firewall will monitor both. I use XP's firewall and it's been fine for what I need and has also been the easiest to configure IMO.

As far as passwords go, the most foolproof way is a pen and paper and a good hiding spot. Anywhere on your computer is going to have some degree of risk. If you really want a program to do it for you, check out RoboForm. It takes time to get it configured the way you like, but the end is worth it.

Best approach is to verify secured connections before typing in any passwords, and to run a firewall on your PC that controls access to the internet on an application level.

Key loggers are the only real danger once a secure connection is established, and to guard against them simply don't allow unknown outgoing traffic.

Thanks guys, it sounds like I'm on the right track. I use XP's firewall, and I just went to a wireless router last week. I keep my passwords written down, not saved on the computer, but I was afraid of some sort of data logger getting access to my bank and stock trading accounts. I'll check out AVG and spybot for sure.

:}

XP firewall can't control traffic on the application level. You'd want something like ZoneAlarm which will allow you to select which application can have access to the internet. If you enable access to say your browser and an email client, you will effectively block most malware, as nothing will be able to escape from the computer.

When a user/password combo is stored in the computer it almost always is encrypted, and there has been no precedent that I know of where some malware stole passwords that were stored in auto-fill programs. You are actually safer using an auto-fill as you don't type the password, and you are much more likely to pick up a key-logger, rather than someone stealing your encrypted password file and cracking it.

Are you sure about that? I can recall several instances where XP's firewall has blocked unknown programs that I use that need access to the 'net. I might be wrong... just wondering.

Possibly in XP SP2. But I would not touch that with a 10 foot bad software touching pole. :P At least not until SP2a or something like that.

cnet.com has good security info on their site, but everyone here has pretty much covered you with good advice. what's wrong with the SP2? i'm curious.

What's wrong with it? In a nutshell, it tries to fix problems that most don't have, but can also break things that worked fine before.

well, I wish i knew that before i installed the danm thing. :saw:

its easy to hack a xp system, esp if its not running SP2...at least according to my uber hacker buddy hehe....He writes programs for the government (something to do with targeting systems or something, hes not allowed to tell me) and he says he'll never enter his SS# or any credit card numbers onto a computer connected to the internet anymore. He showed me a few ways to hack WEP and then easily take over a an XP machine from a laptop that could have easily been a car park near the house. Once he does that its easy for him to record key strokes, or install something to secretly record keystroke then he can come back and get the log. Once SP2 came out he couldnt do it anymore for about a month till he found a work around. So I think its better then nothing might keep a beginner hacker out.

Regardless a computer is never secure but you can get it locked down fairly tight. If you are REALLY worried about it I wouldnt enter any important information on the web.

Wouldn't disabling the signals broadcast and coming up with a very creative SSID take care of most of that problem?

Computer security is another world onto itself. I have come to the conclusion that running a good software firewall and anti-virus program is normally sufficient but if you need a little more security you have to go with at least a 128-bit router between the modem and computer. If you want still better protection then you can add a hardware firewall after the router. If you went the full route, I don’t think the “extremely sophisticated” hacker will be able to penetrate this defense. The difference between a software and hardware firewall, is that another level of security is offered with the hardware unit, as it will do SPI (Stateful Packet Inspection) and additional traffic detection from the WAN (Wide Area Network) side. This “all encompassing” route is very inexpensive over time as the 128-bit router can be had for $39 and the hardware firewall such as the D-Link DFL-200 can be had in the $220 range. Cisco also makes a dandy firewall. A hardware firewall never needs a yearly “fee” to keep it current.

If your Uber Hacker buddy has any money in any bank, gets a pay check from "The Government" then his information is available if the system gets hacked. Most "Hacks" on banking systems are done from inside the banking industry or "lost back-up tapes" etc..etc..etc..They are not from some super smart guy breaking past all the security measures banks work with.
If you want a good way to keep password safe on a pc, go get the free version of PGP. type the passwords into a document and then encrypt the data with at least a 128 bit key. Don't publish your public key and keep a copy of the private and public key safe on a CD in a safe place. Use a password you can remember but would be difficult for someone else to guess. Don't use birthdays, pets names, kids names and stuff like that. Something like I81U812 ( I ate one, you ate one 2) can work to make it easy to remember. A short passage from a favorite book for a pass PHRASE would be even better.
Check you Credit report on a regular basis and enjoy life.......No sense being paranoid.
" There is no conspiracy, they are ALL in together"

As previously stated, computer security is another world onto itself. In my humble opinion it’s always better to have an ounce of prevention than to try and find a pound of cure. We all would like to be as invisible as possible in cyberspace to minimize our chances of being “found” and hacked. An inexpensive 128-bit router on a non-network computer does a fair job in “cloaking” our presence to randomly prying eyes out there in cyberspace. It is my understanding that if by chance, a decent hacker (meaning one who has a good education/understanding of computers, possesses sufficient computer hardware and is very experienced at the art of “hacking”) finds or knows your location, he will defeat your software firewall and enter your computer. Once in, he will only be deterred if you have your “important” files encrypted further using industry standard encryption algorithms such as the 256-bit Blowfish program. If you have a definite need or desire to stop these asswipes, it is my understanding that you need a hardware firewall on your computer. I run the Cisco PIX 501 and since installing it, I haven’t been found by anyone out there “looking”. I have it programmed so when a ping is directed at me the PIX will divert it to my cable companies IP address. If you happen to have a network at home you can initiate Triple-DES/3DES, which is an advanced encryption algorithm program within the PIX, to provide the same level of security to your other computers. If you need or want the extra protection from asswipes, you have to spend a couple of dollars to obtain that extra level of security. The way I look at firewalls is: why spend $100 on a software firewall when for an extra $100 plus you can have a hardware firewall that is light-years ahead of the software firewalls, but then again, that’s just my opinion.

The Pix is a great firewall as long as you keep to IOS updated and update the configuration on a regular basis( I've configured 525,535 and the PIX IOS on,6500 and 4500, switches 2600, 4700 6500 routers and the PIX 6500 Card). There is no such thing as a "set and forget" type security system for a computer or computer network. Network security should be done on a layered basis. The more you secure the system, the less user friendly it becomes. The trick is to find a balance where the users are comfortable as are the security folks.
On a small note, if your PIX is diverting the ping, then it can be seen on the WAN, configure it to NOT respond to PING or traceroute and make sure you have it so there is no Telnet access to the box. Make sure it is set so it has to be configured from the port, not the network.
The artful hacker can also defeat hardware firewalls since all they are is a computer that does a dedicated task. Also Des and 3/Des has been replaced with AES for the government standard. Neither the DES/3DES or AES is specific to the PIX. FYI, DES is 56 bit and has been hacked for several years now but still takes a number of years to defeat the cipher. 3/Des has also been hacked but still takes longer to defeat since its 64bitx3.
Its all about how far do you want to go to secure your network. The Encryption on the PIX is designed to create VPN's, not encrypt data as it streams accross the interface. You can, if you like, create an internal VPN so your data is encrypted on the wire but takes alot of resources to use.

So.....becareful, not paranoid......or be like me...Happily Paranoid....

Thanks for the tip, I didn't realize I was WAN visible - I'll do as you suggested and I hear what you're saying - I guess I would describe the feeling as happily paranoid in my little world surrounded by gadgets that I truly appreciate but don't fully understand or comprehend the complexities of their makeup. In the ole days, no one ever messed with my 3X5 cards. :)

Honestly here folks, unless you're storing CC processing data for Bank of America, no one wants to hack into your network, take over your computers and turn your stereo up too loud. The most you're going to see, on average, is automated viral and bot-ware attacks against your machine. You can repel these with a good firewall (do yourself a favor and buy hardware and not software) solution.

If you're running wireless, it doesn't matter what you do the wireless connection is insecure. WEP keys break easily with modern CPUs. The point is, who wants in to your data? At home, you're probably not a high value target so you're not going to be bothered with. Set yourself up a WEP key and disable broadcasing of your SSID if you want, it will keep your neighbors off your system.

Secure your OS. I've been running XP SP2 on my laptop and my roommates laptop for quite some time and at work, we're running it on over 450 PCs and laptops with no problems attributable to SP2. Set SP2 up on your box and use the Windows firewall. This isn't to keep people off the internet out of your system but to keep the neighbor kids from being able to do malicious things to your system were they ever to gain entry to your network. Also, if you're using a laptop, you're not always at home. And when you're not at home, if you're connected to another network you never know what kind of security measures are upstream so it pays to be cautious.

The other thing to do is don't leave your passwords default. Don't set a blank admin password on your system (or a really easy password) and make sure you change the default passwords on your systems. It doesn't need to be something cryptic, just something cryptic to everyone but you. The easiest way to do this is to create a passphrase that you use to generate your password. The way this is done is you pick a sentence "I live at one two three four main street" and the you take the first letter of each word to make your password: "Ilaottfms" or "il@1234ms". No one knows what this means but you and it's difficult to guess. Your ATM PIN can become the first 4 letters of this password, your e-mail account password becomes the last letters of every word in the passphrase.. and on and on and on.

Shred your receipts when you're done with them. Dumpster diving is easy and you can nail a residential street in a single night if you know when trash day is. Check your monthly statements for BS activity. Review your credit report every so often to make sure no one has opened a line of credit in your name. These three items are probably a much bigger defense against true theivery than virtually anything you can do to your home PC.

Understand something here folks: your data is at more risk sitting in the storage bin at BofA or Amazon or e-Bay because that's where the dollar signs are. Someone breaks into those computers and they have informations for hundreds of thousands of people. Someone breaks into your computer and they might have some info on you, the e-mail you sent to your sister last week about the rash on your leg, and the notification that your subscription renewal to the Hair Club For Men has processed. Not much.

Don't go too far overboard. If it's overly complex you won't do it and you'll become vulnerable for the dependency on an unmanaged system. We lock the doors to our trucks and maybe throw a blanket over something valuable in the back. We don't weld steel mesh inside the windows to protect the 4 unopened quarts of Mobile 1 Synthetic we have stored near the spare. The goal here isn't to lock down your computer like Fort Knox but to exploit a vulnerability in perpetrators: lazyness.