Win a copy of Permaculture Design Companion this week in the Permaculture Design forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
permaculture forums growies critters building homesteading energy monies kitchen purity ungarbage community wilderness fiber arts art permaculture artisans regional education experiences global resources the cider press projects digital market private forums all forums
this forum made possible by our volunteer staff, including ...
master stewards:
  • Nicole Alderman
  • r ranson
  • Anne Miller
  • paul wheaton
  • Jocelyn Campbell
  • Mike Jay Haasl
  • Burra Maluca
garden masters:
  • James Freyr
  • Joylynn Hardesty
  • Steve Thorn
  • Greg Martin
  • Carla Burke
  • Dave Burton
  • Pearl Sutton

Rootkit blocking

Posts: 1400
Location: Verde Valley, AZ.
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the absolute minimum security packages

I wrote this up for another site on notepad, let me know what you think i should add, or change the descriptions.

Rootkit protection

Back up your documents to a cd or dvd.
Back up any movies or music to a removable hardrive, or burn the most favorite onto a bunch of dvd's.

Start a new directory on your computer named PROGbak, or BINbak, to store all the security software packages you are going to download. Put a subfolder in there called REPORTS. I would also put in a subdirectory for passwords and licenses for your other software. DONT label it passwords ! You will need these if you have to reinstall, so you should find all these passwords, and put em in one place now. That should be encrypted, but we aren't going there today....

Completely remove any Mcaffe or Norton antivirus products, or any security programs that came on your computer. They are nearly useless for all the new viruses and rootkits, and crash computers at least once a year. Big resource hogs too, and will suck up all the memory and bandwith they can. Sometimes that takes registry hacking, but get rid of the main programs at least for now.

If you have AVG, Avast, Kapersky, and maybe TrendMicro or Panda, you might want to keep those. They test out better, and are more independent.
I would disable ALL other auto-update features of ALL your other software, especially windoze and any media readers or players and social networking.
You are better off updating Windoze and other stuff a couple days AFTER major patches are released, so they can work the bugs out on other folks.
Windoze firewall program is OK, and you need a firewall, but their autoupdate for security is useless, and more problematical, prob dangerous to your systems stability.

Make sure you disable UPNP, try this to make sure it is disabled. This guy also has port scanning info, which you will need next.

Download and run a top rated port scanner. I wouldn't close any ports just yet, and if you don't know what you are doing with these, you may cause yourself some trouble with your wireless or internet connections.
Get a 14 year old to help you here.
What you really want is the report, to save and compare later. Put it in that REPORTS folder you made earlier.

IF you are still running XP, you need to visit this guy's site anyway.

download and run the MS update for loader, if you haven't been updating. This one is for Win7-64.

download and run the Avast cleaning tool. Run the tool, download virus signatures, then run it again. Save the report in REPORTS.
"Fix" any problems. This can be hazardous, but has to be done. Back it up first. If you are not sure what a program does, you can check it out with Virus Total, which is further below.
and the how to.

download and install the autorun eater, to keep from getting USB stick and other removable drive or picture frame infections.

download and install ExploitSheild (still in beta, but works fine)

download and install Threatfire- Get it before it is gone! Has been purchased by a major, so will soon have backdoors built in.... oops-gone. Try and find an archived version. Old versions work fine. It will pop up on installing all software, but is very thorough, and won't let hidden stuff install. (other than rootkits, autorun.inf, and browser stuff like XSS).

Download and install NoScript. update signatures, add the filter package in the suggested drop down box in the advanced section. READ THE FORUM STICKIES !

This is an incredibly powerful program, and will be a pain for the first week.
It will significantly speed up your system, and the web load times after that tho. A little bit of knowledge about this tool will teach you much about internet tracking. To see the difference, just pull up a web page you saved before and after, and check the _file folder for just how much junk is coming down the pipe.
It is prob the biggest single security program you can have on a computer that is hooked up to the internet, after a firewall.
You may want to save it for another day, but don't put it off forever.

For the browser in your life.
If you can barely find the "private browsing" button, you need to add this program. It sweeps out hard to clean stuff like index.dat, thumbs.db, and location files that are really hard to even find. Run it before and after any web grazing.

Download and install FaceBLOCK too, for browser. Many of the DoNotTrack programs actually DO tracking, so be careful with them. There is also a Google Sharing block that does the same thing for Google stuff. AdBlock breaks my browser pretty regularly (hourly), so i depend on the NoScript for ad blocking.

Put the Virus Total button on your toolbar or right click menu. It can check sites for XSS or CSS attacks and files for included viruses and other payloads.
You don't even have to know what that means to use it. Just cut and paste or left click and check if you install it that way.

Now go back and run that port scanning application again, and look for weaknesses and surprises.

If we were really practical now, we would back up a copy of the BINbak folder, and download a boot disk iso to burn and be prepared for trouble. There are a few good driver backup programs for older computers, but the new ones want signed drivers, and you need a "slipstream" iso backup program.

By trying random security stuff, you may get a "loaded" package, and inadvertently infect your own system with a hack. Go to the source company/dev page, and run Virus Total on it, before you instal ANY software, and for browser plugins, READ THE COMMENTS. Lots of users of plugins are dev's and will note if there are persistent threats in the plugin.

Remember, lots of security stuff was developed by your govt, and the big companies that made their own products have been threatened and/or cajoled to include backdoors for terrorist and patriot or hacker tracking. The western govt's are now the biggest employer of hackers, after the eastern block gangs.

The products recommended here rely on adapting to and identifying threats, not using lists that are outdated even before they are updated.

Quit posting to facbok and other socials.
It is possible that the little facbok tracking widget that crashed the web in Feb2013 was because it was funneling to many peoples Thumbnails.db files back to the server.
It was just a bit t00 obvious and blunt on scheduling, not defective to them.
Face was funded before it went public by NSA, by the In-Q-Tel division, and is feeding info to things like Zoneland defense, which is but a part of the the private corporation known as the Fedralreserve. No, really.
Just saying...

Posts: 823
Location: Chicago/San Francisco
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Whew! Been working a little? That looks pretty complete to me. Just a bunch of work to implement and keep going.

What version of ThreatFire do you recomment?

Morgan Morrigan
Posts: 1400
Location: Verde Valley, AZ.
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
IF you are on windows, you only need Threatfire if you are on XP. All newer versions of windoze contain execution prevention. Try the "wayback machine" or there is a site for "obsolete software"(not that name, is the one that means superseded)

Same with the UPNP, and the win loader, all included in the newer versions. Turn off Java immediately. Javascript will still run, and Firefox now includes a browser build in that removes the dangers, so you can remove ALL oracle software.(if you can, and i would try) I don't go to new browsers for a couple weeks at least, prob at least a month with this one.

AutoRunEater, ExploitShield, PrivacyMantra and NoScript , are the most important, and VirusTotal to check sketchy stuff.

I dont have to do any updating for any of these packages, really. NoScript about once a year. It will not even let most dangerous stuff load into a browser.
It's the only thing i have to even setup, and most of that is blocking ads.

Havn't used a standard antivirus package in over 5 years now.
Havn't gotten a virus since i stopped using them either.

thats why i ran the rootkit checking tool. I do that about every 6 months. Will step that up a bit now, since that is the "hot" danger now.....

We don't have time to be charming! Quick, read this tiny ad:
permaculture bootcamp - learn permaculture through a little hard work
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!