Useful Firefox Add-ons

                                                                

If you are using Mozilla Firefox as your web browser then you must have following Add-ons to secure your computer :

Web Of Trust (WOT)

If you want to keep yourself free from malware trouble, WOT (Web Of Trust) is what you want. Most of the times we are responsible for malware attacks as we don't know the reputation of every site on the Internet. This is where WOT helps us. It shows you which websites you can trust for safe surfing, shopping and searching on the web before you visit it.

 

Green means safe

Yellow means caution

Red means stop.

  

NoScript

This Add-on secures Firefox by blocking automatic execution of script for non-trusted sites, protection against clickjacking, xss attacks. It might annoy users during the early stages since most websites might appear broken without script. However, the security offered by this addon is worth the initial learning curve.

Firefox Sync

This Add-on helps in Backup Information like All your settings, passwords, bookmarks, and other customizations and save in a more universal way so that i can be accessed from any computer, no matter where you log in. More over Your information is encrypted so only you can access it when you enter a Secret Phrase. Firefox puts security as a top priority and syncing is no exception.

Protect USB Flash Drive (Pen Drive)

                                  

As you know, the most common use of USB drives (Pen Drives) is to transport and store personal files such as documents, pictures, videos and Data. But sometimes if you attach your USB drive to the infected computer the malware is transferred to the USB drive in no time infecting all the important data in USB drive, depending on the nature of the virus you may loose important data from the USB drive and never recover them back and also the infected USB drives can again infect other computers and so on.

This is one of the method through which malware spreads. Autorun commands are generally stored in Autorun.inf files. These commands enable applications to start, start installation programs, or start other routines. This is used to execute the malware which is hidden in USB drives. When you insert USB drive or Double click on that drive this Autorun.inf executes the malware immediately. There are several malwares which uses this techniques.

 

For Example

• Trojan.Win32.AutoIt
• Trojan win32.Autorun
• Worm.Win32.AutoIt

Instead of relying completely on Anti-Virus to detect infected USB drives, we can protect it by following ways :

     1. Disable Autorun
     2. Avoid Double Clicks
     3. Using Autorun.inf

Disable Autorun 

My best advice is to disable autorun facility given by the operating system. This can be done using  two ways 

    1. Group Policy settings
    2. Registry Changes

Group Policy settings 

    1. Click Start --> Run or Press "Windows Key" + R, Type Gpedit.msc and then press ENTER.
    2. Under "Computer Configuration", expand "Administrative Templates" and then click "System".
    3. In the Details pane, double-click "Turn off Autoplay".
    4. Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
    5. Restart the computer.

Registry Changes 

    1. Click Start --> Run or Press "Windows Key" + R, Type Regedit and then press ENTER.
    2. Locate and then click the following entry in the registry:
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun
    3. Right-click NoDriveTypeAutoRun, and then click Modify.
    4. In the Value data box, type FF to disable all types of drives.
    5. Click OK, and then exit Registry Editor.
    6. Restart the computer.

Avoid Double Clicks

    1. Avoid using "Double Click" to open Usb Drive.
    2. To open Usb Drive Right Click on Usb Drive and select Explore

Using Autorun.inf

As we know windows cannot have a file and folder of same name in a particular Drive or Folder, hence we can create a folder or File with name "autorun.inf" in USB drive, which will protects USB drive from getting infected with autorun.inf which helps in executing malware.

Some malware delete autorun.inf folder or File and place its autorun.inf in USB drive. To avoid this we should make our folder or file hidden in USB drive by changing its attributes.
 
    1. Click Start --> Run or Press "Windows Key" + R, Type Cmd and then press ENTER.
    2. Type attrib +h +s +r [Drive Letter]:\autorun.inf 

The malware present in USB drives would have set system attribute and  wont be visible in default settings of window. One should always keep an eye on suspicious file which are hidden as system files. To view such system files following settings must be changed :

UnHide extensions for known file types

Some malware create has name Clip.avi.exe, which will be displayed as Clip.avi  in default settings where "Hide extensions for known file types" option is Enabled. Following shows us how to disable "Hide extensions for known file types" :

    1. Open My Computer or any Folder
    2. Then Click on Tools Menu --> Folder Options
    3. Click on View Tab.
    4. Then Uncheck "Hide extensions for known file types"

Unhide Hidden Files & System Files


Some malware hide themselves as Hidden or System Files which wont be visible in default settings where “do not show hidden files and folders" option and "Hide Protected Operating System Files" option is Enabled. Following shows us how to disable these options :

    1. Open My Computer or any Folder
    2. Then Click on Tools Menu --> Folder Options
    3. Click on View Tab.
    4. Enable "Show hidden files and folders"

    5. Then Uncheck "Hide Protected Operating System Files"

 

Introduction to Malware Analysis

Since the malware growth is increasing with time its better to be an analyst instead of completely depending upon Anti-Virus products. Many malwares uses techniques which bypasses anti-virus and infect your PC, Hence this post will surely help you defending against malwares yourself :-)

To Analyse a malware, following systematic methodology should be followed :

•  Tools for Analyzing

• Preparing a controlled environment

• Collecting Informations

• Analyzing Informations

• Conclusion
  

 Tools for Analyzing

Tools are required to analyse the behaviour of malware. These tools help us locating  in file changes, Registriy changes, network and process changes etc..

Virtualization Software - Vmware Workstation

Vmware is powerful virtual machine software which can run multiple operating system on single system.Once operating system is installed in Vmware, Malwares can be executed in non-persistent disk with out infecting the host.

Regshot

Regshot is an registry & file system compare utility that allows you to quickly take a snapshot of your registry & file system and then compare it with a second one - done after doing system changes or installing a new software product. This helps in locating the files & registry changes  done after execution of  malware.

Process Explorer

Process Explorer shows a list of the currently active processes. It shows you information about which handles and DLLs processes have opened or loaded.

TCPView

TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.

Autorun

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.

Caution:

Do NOT delete or disable the entry named Userinit. Doing so will result in your inability to logon to any user account in the system.

HexEdit

Hex Edit is a binary file editor or hex editor. A great tool that allows you to edit and analysis the contents for either the data or resource of any type of file.It can also compare two files & shows all the differences in two files which helps in case of malware like virus.It can also find strings in hex, octal, and ASCII.

FileAlyzer

FileAlyzer is a tool to analyse files. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources structures (like text, graphics, HTML, media and PE).

BinText

A small, very fast and powerful text extractor that will be of particular interest to programmers. It can extract text from any kind of file and includes the ability to find plain ASCII text, Unicode (double byte ANSI) text and Resource strings, providing useful information for each item in the optional "advanced" view mode. Its comprehensive filtering helps prevent unwanted text being listed. The gathered list can be searched and saved to a separate file as either a plain text file or in informative tabular format.

PEiD

PEiD detects most common packers, cryptors and compilers for PE files. It can currently detect more than 600 different signatures in PE files.

PEiD is special in some aspects like

1. Shell integration, Command line support, Always on top and Drag'n'Drop capabilities.
2. Multiple file and directory scanning with recursion.
3. Plugin Interface with plugins like Generic OEP Finder and Krypto ANALyzer.
4. Heuristic Scanning options.
5. New PE details, Imports, Exports and TLS viewers
6. New built in quick disassembler.
7. New built in hex viewer.
8. External signature interface which can be updated by the user.

OllyDbg

OllyDbg is a 32-bit assembler-level analyzing Degugger with intuitive interface.It provides contents of registers, recognizes procedures, API calls, switches, tables, constants and strings. It can also write patches back to executable file.

 It has four divisions in it, the upper left shows the assembly code of the file, the upper right division shows register values and the flag values in it. The lower left division shows the hexadecimal dump of the file and the lower right shows the stack values. Any change in the value after the execution of an instruction in the file is shown in red color.

 It also provides facilities like break points, there are different types of break points available, like breakpoints on memory read or memory write.

IDA

IDA is an interactive disassembler. It means that the user takes active participation in the disassembly process. IDA is not an automatic analyzer of programs. IDA will give you hints of suspicious instructions, unsolved problems etc. It is your job to inform IDA how to proceed.IDA performs much automatic code analysis, using cross-references between code sections, knowledge of parameters of API calls, and other information.

Preparing safe and controlled environment

Before analyzing a malware you should create a safe and controlled environment for analysis. This is cause if you accidentally execute a malware it should not damage your system.

Following instructions to be followed before analyzing malwares :

1. Virtualization - Use Vmware Workstation for analyzing malware
2. Isolate Network - Make sure your network is isolated
3. Tools - Transfer all analyzing tools to Vmware Workstation
4. Non-Persistent - Use non-persistent disks

Collecting Informations

Now that we have prepared the lab , we will need to load the files associated with the malware specimen onto our lab systems.Now that malware is placed in its cage, we can start our analysis. To determine the purpose and capabilities of this piece of code, we can utilize two different analytical approaches: static and dynamic analysis. Static analysis involves looking at the file associated with the malware to determine its attributes, whereas dynamic analysis involves actually running the program and watching what happens.

With static malware analysis, we might be able to get a general idea of the characteristics and purpose of the code. However, with dynamic analysis, we'll actually activate the code on a controlled laboratory system. That way, we can more quickly get an idea of its behavior while running on an actual system.Lets see Dynamic analysis first.

Dynamic Analysis

    In Dynamic Analysis, we actually execute the binary and observe its interaction with the environment. All monitoring tools are activated. Different experiments are done to test the response of the running Malware process to our tools. Attempts to communicate with other machines are recorded. In this analysis phase a new snapshot of the environment is created like in the baselining the environment stage.

    After taking a snapshot of all the changes the Malware performs in the system, the Malware process is terminated. Now, the differences between the new snapshot and the baseline snapshot are determined using tools like AutoRuns, Regshot, Process Explorer, Tcp View which can be used for monitoring the file system, registry, Network & process information.

    Normally Malware gets executed within a flash of time, hence it is difficult to understand what has actually happened.We can also execute malware  in slow motion using OllyDbg , where we can execute instruction step by step and record the information using monitoring tools.

Static Analysis

    In static analysis, we collect as much information about the binary as possible, without executing it. Resources that are embedded in the binary are extracted and recorded. A program like Resource Hacker can be used for this purpose. The resources that can be discovered through this process include GUI elements, scripts, HTML, graphics, icons, and more. Human-readable strings are extracted from the Malware and these strings are recorded. A program like Binary Text Scan can be used for this purpose.Searching malware files for strings could reveal huge amounts of useful information, such as the following:

The malware specimen's name
Sometimes, malware developers are so proud of their work, they include the name of their creation inside their code. If the strings command reveals a specimen's name, I conduct more detailed research using the Web sites described earlier in this section.

Help or command-line options
Some programs include a list of command-line options to help a user sort out all of the different features. This list is quite useful to a malware analyst.

User dialog
Many programs, including malware, spit out error or confirmation messages to users. By looking over this dialog embedded inside the malware specimen, we might be able to glean its purpose.

Passwords for backdoors
If the malware stores a backdoor password in clear text, it will likely show up as a string in an executable.

URLs associated with the malware
On occasion, a malware author inserts a reference to a Web site in the code. I use these references to surf to the author's site to determine if more information about the code is available there.

E-mail addresses of the attacker or malware's author
Some malware specimens send e-mail to the attacker when they are installed or activated. An attacker's e-mail address can be quite useful to us in this investigation.

Libraries, function calls, and other executables used by the malware
Many malware programs include strings that reference various libraries and functions used by the code. On Windows machines, the malware might reference various Windows API functions, DLLs, or EXEs. On UNIX, I might find evidence of various libraries or other applications associated with the malware.

Other useful information
The strings present in malware could include other useful tips as well. In essence, we're performing detective work, pure and simple, looking for useful clues. During one investigation, I found the phone number of the software developer embedded in the code for a backdoor. I personally think it's insane for a developer to put a phone number in malware code. However, the malware developer wasn't the attacker who broke into my machine. The developer merely released the code on his Web site, where my attacker had anonymously downloaded it. In fact, this insane developer was incredibly friendly and useful in providing insight into how the backdoor worked. Besides phone numbers, many other useful tidbits could show up in the strings embedded in the code.

The tool used for analysis of executable code is a disassembler and debugger, which converts a raw binary executable into assembly language instructions that I can analyze in more detail. My favorite tool in this category is OllyDbg. This process of stepping through the reverse-compiled code, element by element, can be very painstaking, requiring many hours or even days of work. Therefore, it's often completely reasonable to move to dynamic analysis and put off the detailed static code look until later, or skip the detailed code review altogether.

Analyzing Informations

This is the stage where we can finally reverse engineer the binary based on all the information collected during the previous stages. Each part of the information is analyzed over and over and the "jigsaw puzzle" is completed. Then the big picture automatically begins to appear and the reverse engineering process is finished. However, before this is achieved, we may have to repeat the previous stages several times.

Using these information once can adapt following techniques :

Internet searches
A search engine can be used for searching for more information on the binary. Keywords for the search engine can be drawn from the information generated during the "Static Analysis" step during the previous stage. Things like filenames, registry entries, commands, etc. often reveal a lot of information about the malware. Some good sources of information on the internet include Online Virus Databases (mostly maintained by Antivirus Vendors), News Groups and Mailing Lists. Many times, internet searches reveal almost all there is to know about the malware and   no further research is needed. One can also use  automated threat analysis system  like http://www.threatexpert.com to get all information about malware.

Startup methods
Every malware needs a way to ensure that it is executed when a system reboots. This is the most vulnerable aspect of the malware. There are only a limited number of ways in all operating systems that a program can use to restart automatically when a machine reboots. The information collected during the previous stage can be analyzed to identify the startup method of the malware. A very good source for Startup Methods related information on the Internet is the Paul Collins' Startup List.

Communication protocol
A network protocol analyzer like Ethereal in many cases can identify the communication protocol used by the binary. When this is not the case, the protocol has to be reverse engineered. This is beyond the scope of this document.

Spreading mechanism
If the malware under scrutiny is a self-spreading worm or virus, the collected network traffic data will easily reveal its spreading mechanism. In most cases, a cursory glance is enough.

Conclusion

We have seen that a basic behavioral analysis of a Malware can be easily performed by an administrator, or indeed by a power user. While this approach does not give the same level of detail as code analysis or reverse engineering would, still it is sufficient for most people's needs when figuring out what a potentially malicious binary is capable of and also how to go ahead with the removal and disinfection process.

Documenting the results of the malware analysis and reverse engineering exercise is essential. One of the main advantages is that the knowledge incorporated into the documentation can be used for later analysis exercises.

Malware and its Classification

Malware

Malicious Software (Malware) is a software designed to damage or do other unwanted actions on a computer system. The term 'Mal' refers to Bad and hence its a bad software. Previously Malwares were just pranks, but these days they are completely "Profit Oriented".

The types of malwares can be broadly classified into, 

1. Infectious malware (viruses and worms)
2. Concealment malware (Trojan horses, backdoors, and rootkits)
3. Profit Oriented malware (adware & spyware and botnets)
4. Exploits

VIRUS

Virus is a program designed to spread its code to all system files. Virus may have payload which performs malicious activities.

Examples : 

• Virus.Win32.Sality
• Virus.Win32.Virut

WORM

Worm is a self-propagating malicious code which transmits itself over a network to infect other computers. Unlike virus worms do not infect a file or program, but rather stand on their own. Worm too may have payload which performs malicious activities. Worm can be again classified into :

• Email Worms - It spreads via E-Mail messages. It can be a link or an attachment in an E-Mail Message

• Instant Messaging Worms - It spreads via Instant Messagin messages.

• Internet Worms - It will scan all the network resources of the local machine to attack and gain full access through internet.

• IRC Worms - It spreads via chat channels.

• Networks Worms - It copies itself to all shared folders in the network.

Examples : 

• Net-Worm.Win32.Allaple

• Worm.Win32.AutoRun

• IM-Worm.Win32.Sumom

TROJAN HORSE

This is the most dangerous malware. By the name, It hides its malicious code inside a software which appears as an useful or harmless software like the astute Greeks in their attack on Troy. Trojan horses can be again classified into :

•  Trojan Clicker - It silently runs in the background and connects to a predetermined website to increase the vote counter.

• Trojan Downloader - It connects a remote server in order to download additional malware onto a users computer without their knowledge.

• Trojan Dropper - It drops malicious file and run it on the compromised computer.

• Trojan IM - It relies on instant messenger client application to do Malicious activity.

• Trojan Notifier - It is capable to notify remote client with the details of its installation on the current system.

• Trojan Proxy - It sets the local computer as a proxy server, allowing others to connect to the computer.

• Trojan PSW - It Steals passwords, login details and other information.

• Trojan Spy - It attempts to monitor keyboard stroke activities made by users of the affected system in hopes to gain essential personal information.

• Trojan Dialer - It used to dial a high-cost international phone number using a modem without the users permission or knowledge.

Examples : 

• Trojan-Clicker.Win32.Stixo

• Trojan-Dropper.Win32.Drooptroop

• Trojan-Downloader.Win32.Mufanom

Backdoor

Backdoor by name is a method of opening backdoors for unauthorised attackers to get complete access of the system.This method bypasses usual authentication for remote access to victim PC.

Examples : 

• Backdoor.Win32.IRCBot

• Backdoor.Win32.Rbot

• Backdoor.Win32.Hupigon

Rootkits
It is the hardest of all malwares to detect and remove. It camouflage itself in a system's core processes so as to go undetected. Rootkits are basically meant to help hackers. It hides resources such as processes, files, registry keys, and open ports that are being used by the malicious purpose.

Examples :

• Rootkit.Win32.TDSS

• Rootkit.win32.bubnix

Adware & Spyware
Its a software which automatically displays, plays or download Advertisements to the computer where it is installed. Spyware are also type of adwares which collects bits of information without their knowledge. Spyware such as keyloggers are also used by corporates in order to secretly monitor other users.

Examples :

• AdWare.Win32.Mirar

• Adware.Win32.Ardamax

Botnets

Botnets are becoming a major tool for cybercrimeDOS attack. Botnets, or “Bot Networks,” are made up of vast numbers of compromised computers (Zombies) that have been infected with malicious code, and can be remotely-controlled through commands sent via the Internet. Then the spammer purchases this service of the botnet and provide spam messages to Zombies. In some cases botnets are used for DDOS attack.

Examples :

• Conficker

• Kraken

Exploits

Exploit is a piece of software or commands that take advantage of a bug or vulnerability to perform malicious activity. These exploits are due to Buffer Overflows.

Buffer Overflows - If a programmer wants to put ten bytes of data into a buffer that had only been allocated eight bytes of space, that type of action is allowed, even though it will most likely cause the program to crash. This is known as a buffer overrun or buffer overflow.

Examples :

• Exploit.Win32.MS04-028

• Exploit.Win32.Pidief

Windows Startup - A Weapon for Malwares

Hey guys have you ever thought that why “Msn Messenger” or “Yahoo Messenger” or any other software open as your Windows starts?????

This is due to “Windows Startups”

Even malwares uses this facility to run every time Windows starts.It's a good practice to frequently inspect the startup entries for security.Now lets see how it works......

Startup using Windows Registry

Before saying about “Windows Startups” will give you a brief introduction to “Windows Registry”

Every OS needs place to store settings and options. Windows Registry is a database where Windows OS stores all configuration settings and user preferences. It contains information and settings for all the hardware, software, users, and preferences of the PC. It stores different kinds of data in a hierarchical manner. You cannot edit this database directly, you must use "Registry Editor" to make any changes.

To open "Registry Editor" type “regedit” in Run command.

You will notice five subtrees(HIVE), which appear as follows:

• HKEY_LOCAL_MACHINE
• HKEY_CURRENT_USER
• HKEY_CURRENT_CONFIG
• HKEY_USERS
• HKEY_CLASSES_ROOT

Following registry entry are used for Windows Startup  :

HKCU - HKEY_CURRENT_USER
HKLM - HKEY_LOCAL_MACHINE

• HKCU\Software\Microsoft\Windows\CurrentVersion\Run
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
• HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
• HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
• HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows :"Load" [VALUE]
  
  
• HKLM\Software\Microsoft\Windows\CurrentVersion\Run
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
• HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
• HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  
  
• HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
  
  
• HKLM\Software\Microsoft\Active Setup\Installed Components
• HKCU\Software\Microsoft\Internet Explorer\Main, Start Page [VALUE]
• HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
• HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
• HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs [VALUE]
• HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, UserInit [VALUE]
• HKLM\SYSTEM\CurrentControlSet\Control\Session Manager, BootExecute [VALUE]

Here is an example for "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run"

      1. Type “regedit” in Run command.

     2. Click [+]HKEY_CURRENT_USER

      3. Click [+]Software then [+]Microsoft then [+]Windows then [+]CurrentVersion

     4. Finally Click on Run.

Malwares can use such facility and start next time windows reboot...There are third party softwares available which shows all startups entries and ease your work.One of them is"Autoruns for Windows v10.01"

Autoruns :

This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor, shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them.

Caution:

Do NOT delete or disable the entry named Userinit. Doing so will result in your inability to logon to any user account in the system.

Common Security Tips

Common Security Tips to Keep You Safe :-)

Use an Anti-virus software

Be sure to keep your anti-virus software up-to-date. Many anti-virus packages support automatic updates of virus definitions. We recommend the use of these automatic updates when available.

Use a firewall

I strongly recommend the use of some type of firewall product, such as a network appliance or a personal firewall software package. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it’s not sufficient to install a firewall and then ignore all other security measures.

Avoid phishing

Always trust only yourself. It’s not too hard to type the address of online banking site on the address bar. Please DO NOT access online banking site via the link in your email or some untrusted sources.

Unknown email attachments

Before opening any email attachments, be sure you know the source of the attachment & also scan the file using your anti virus software.For additional protection, you can disconnect your computer's network connection before opening the file.

Unknown programs

Never run a program unless you know it to be authored by a person or company that you trust. Also, don't send programs of unknown origin to your friends or coworkers simply because they are amusing -- they might contain a Trojan horse program.

Disable hidden file name extensions

Windows operating systems contain an option to "Hide file extensions for known file types". The option is enabled by default, but you can disable this option in order to have file extensions displayed by Windows.
To disable hidden file name extensions follow these steps:

1. Click Start > Control Panel.
2. Double-click Folder Options.
3. Select the View tab.
4. Scroll down in the list and uncheck "Hide Protected operating system files" and check "show hidden files and folder".
5. Click OK.

Password tips

DO NOT use the same password in ALL your online accounts. If you do and one of your accounts got hacked, hacker will be able to access all your other accounts.
Try to avoid using dictionary words like “prettygirl”, “imagination” etc or any other stuff that’s easy to guess (like your birth date, your car plate number)
Password is case sensitive, choosing passwords that are composed by different case will add more strength to the security (for example, StRonG_pAss).
DO NOT disclose your password to anyone, even if the person claimed he/she is working for the bank or is the site admin.

Beware of Social Media Sites

Do not click on links in social media sites such as Twitter, Facebook or MySpace that don't look right.
Patch all applications, including your operating system
Keeping your OS updated is very important in keeping it secured from exploitation, and so should never be overlooked.Vendors will usually release patches for their software when a vulnerability has been discovered. Most product documentation offers a method to get updates and patches. You should be able to obtain updates from the vendor's web site.

Disable Simple File Sharing

Simple File Sharing allows users to share folders without a password and may allow malicious attackers to read or write files from your shared folders.Windows XP allows you to disable Simple File Sharing and require a user id and password for shared folder access.
To disable Simple File Sharing follow these steps:

1. Click Start > Control Panel.
2. Double-click Folder Options.
3. Select the View tab.
4. Scroll down in the list and uncheck "Use simple file sharing".
5. Click OK.

Secure Your Accounts and Passwords

You must establish effective passwords for all active accounts. Existing accounts with weak or nonexistent passwords are an invitation for malicious attackers to compromise your system.To disable any unused accounts such as "Guest" and to verify that an effective password is set for the Administrator account, follow these steps:

1. Click Start > Control Panel.
2. Double-click User Accounts.The User Accounts dialog box appears.
3. Select the User Account you want to set a password for (e.g., Administrator).
4. Click Change the password and enter your old and new password.
5. To disable a Guest account, select it in the dialog box and click Turn off the guest account.
   

Anti-Virus

What is Anti-Virus?

"Anti-virus" is protective software designed to defend your computer against malicious software.

Malicious software, or "malware" includes: viruses, Trojans, keyloggers, Backdoors,hijackers, dialers, and other code that vandalizes or steals your computer contents. In order to be an effective defense, your anti-virus software needs to run in the background at all times, and should be kept updated so it recognizes new versions of malicious software.

Once these viruses have been identified, your anti-virus program will then either neutralize (often by putting in "Quarantine") or delete the virus so that it cannot harm your computer.

Identification methods

There are several methods which anti virus software can use to identify malware.

Signature based detection is the most common method. To identify viruses and other malware, anti virus software compares the contents of a file to a dictionary of virus signatures. Because viruses can embed themselves in existing files, the entire file is searched, not just as a whole, but also in pieces.

Heuristic-based detection, like malicious activity detection, can be used to identify unknown viruses.

File emulation is another heuristic approach. File emulation involves executing a program in a virtual environment and logging what actions the program performs. Depending on the actions logged, the anti virus software can determine if the program is malicious or not and then carry out the appropriate disinfection actions.

Firewall

What is a firewall?

A firewall is a set of related programs, located at a network gateway server, that protects the resources of a private network from users from other networks.

Basically, a firewall is a barrier to keep destructive forces away from your property. A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

Firewall Configuration

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:

• IP addresses - Each machine on the Internet is assigned a unique address called an IP address. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 216.27.61.137. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
• Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.howstuffworks.com than it is to remember 216.27.61.137. A company might block all access to certain domain names, or allow access only to specific domain names.
• Protocols - The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. The http in the Web's protocol. Some common protocols that you can set firewall filters for include:
  
  
  
  
  
  • IP (Internet Protocol) - the main delivery system for information over the Internet
  • TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
  • HTTP (Hyper Text Transfer Protocol) - used for Web pages
  • FTP (File Transfer Protocol) - used to download and upload files
  • UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
  • ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
  • SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
  • SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
  • Telnet - used to perform commands on a remote computer
  A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
  
• Ports - Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server (see How Web Servers Work for details). For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21. A company might block port 21 access on all machines but one inside the company.
• Specific words and phrases - This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.

Computer Security

What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

A personal computer connected to the Internet without a firewall can be hijacked in just a few minutes by automated hacker ''Bots''. The only way to make your computer 100% secure is to turn it off or disconnect it from the Internet. The real issue is how to make your computer 99% secure when it is connected. Not having protection is like leaving your car running with the doors unlocked and the keys in it which a thief might interpret as "please steal me".

Why should I care about computer security?

We use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your email, using your computer to attack other systems, sending forged email from your computer, or examining personal information stored on your computer (such as financial statements).

Who would want to break into my computer at home?

Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems.

Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

How easy is it to break into my computer?

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems.

When holes are discovered, computer vendors will usually develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely.

Also, some software applications have default settings that allow other users to access your computer unless you change the settings to be more secure. Examples include chat programs that let outsiders execute commands on your computer or web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

Welcome to My Blog!!!!

Hey buddies, I have started this blog to spread my knowledge regarding computer security...I would like to share knowledge about following stuffs....

• Security Tips
• Types and Purpose of Malwares
• New and Latest Malwares
• Reverse Engineering (Static and Dynamic analysis)
• File Packers (Eg: Upx, Aspack, PeCompact....)
• File Crypters and Protectors
• Malwares Removal Techniques
• Analyst Tools

This is all I have in my mind...It wont End here...If u feel i have missed something let me know by comments...Lets be doctors of computers and remove all virus and malwares our self...