config2.html

This is a more or less security configuration related page, but I still need to decide if it will be titled as "config" also in future. I would like/prefer to call it "security", however, the one under the software section is already named security so the name/title "config" seemed the most appropriate at the time of writing it (compare to "safety" or "privacy" that were other two options that I thought of back then); simply because as mentioned, it's more or less related to security configurations, rather than to the security programs themselves.

NAVIGATE: previous --> config1.html

CONFIGURATION OF INTERNET EXPLORER

Next is about customizing level of security particularly for the so-called "Active Content". The truth is that most of active content contained in web-pages is safe, some pages contain active content that can potentially cause security problems on your computer. For example, an ActiveX control that runs automatically when you load a particular Web page might damage your data or cause your computer to become infected with a virus. Internet Explorer uses safety levels for active content to help preventing that kind of situations from occurring.

To modify the safety level for active content you must first go to Tools in Internet Explorer menu, or go to Control Panel in either one choose/click Internet Options and then go to the Security tab. Then just select one of the available zones and move the slider to the setting you want. Further, you can customize all the detailed settings by clicking on "Custom Level..." button, though this is meant only for experienced users. If you don't see this button, click first on "Default Level", apply the changes, and then you that other button will appear. Finally click on OK button until you return to Internet Explorer or Control Panel.

First short explanation of the available pre-set safety levels for active content in Internet Options applet, Security tab.:

- High (the most secure one) ... it excludes the content that could damage your computer.

- Medium (quite secure) ...it warns you before running potentially dangerous content.

- Medium-Low (same as Medium) ... without prompting before running potentially dangerous content.

- Low (the less secure one) ... minimal restrictions and warnings, most of the content is downloaded and/or run without prompts.

- Custom Level (for experienced users) ... you choose all the security settings by yourself.

And here bellow there are few examples, of few options/features, one can set/configure ("enable", "disable", "prompt"), under Internet Options. Particularly on how to go through disabling parts of Active Content in Internet Explorer step by step, i.e. content such as Java programs and ActiveX scripts/controls; be specially aware of drive-by download ActiveX control/exploit. In Internet Explorer, the term "Active scripting" or "ActiveX scripting" refers to both Microsoft JScript scripting and Microsoft Visual Basic Scripting Edition. When you complete this procedure, you disable both types of scripts.

I made examples for setting of Internet Explorer programs versions above 5.0 (5.0, 5.01, 5.5, 6), since I am familiar only with these, and also because there are very few people out there still using older 3.x, 4.x versions, so I omitted examples for those "out-dated" versions. Also note that the functionality of many Web sites on the Internet will be affected ater applying these changes.

Configure Internet Explorer so that it does not run Active scripts automatically:

On the Tools menu, click Internet Options, click the security tab, click the Internet Web content zone, and then click Custom

In the Settings box, go to the Scripting section, and choose the Disable check-box under "Active scripting" and "Scripting of Java applets".

Click OK, and then click OK again.

Configure Internet Explorer so that it does not run Java programs automatically:

On the Tools menu, click Internet Options, go to the security tab, click the Internet Web content zone, change the setting to Custom Level.

Settings box, click "Disable Java" under Permissions, click OK twice to close both pop-up windows.

Configure Internet Explorer to not automatically use items that show active content (animations, marquees):

On the Tools menu, click Internet Options, click the security tab, click the Internet Web content zone, and then click Custom Level.

In the Settings box, click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting.

Click OK, and then click OK again.

---

MY PREVENTION SPEECH FOR CASTLECOPS

And finally, I also copied my so-called "PREVENTION SPEECH" (on how to prevent future re-infections etc.) that I use as a 1st Responder trainee on CastleCops forum:  http://castlecops.com, particularly I'm talking about the  http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html part, while here are my two user-profile pages:  http://castlecops.com/userinfo-satyr.html,  http://castlecops.com/modules.php?name=Forums&file=profile&mode=viewprofile&u=31896. But for the starters just in a few concise sentences, which summarize the most important rules below: keep Windows and Internet Explorer current with the latest critical security updates from Microsoft update page. This will patch many security holes through which attackers can gain access to your computer, prevent spyware-related problems, problems related to other potentially unwanted software (such as dialers, browser hijackers and adware) with SpywareBlaster, which includes "Internet Explorer", "Mozilla/Firefox" and "Restricted Sites" protection. You can get SpywareBlaster here: http://www.javacoolsoftware.com/spywareblaster.html, eliminate dangerous cookies, prevent dangerous system changes and homepage hijacking, and increase your general browser security by using the two free programs. You can get SpywareGuard here: http://www.javacoolsoftware.com/spywareguard.html and IE-SPYAD here: https://netfiles.uiuc.edu/ehowes/www/resource.htm, and finally, often delete you browsing traces stored by Internet Explorer. To do this, go to Tools in Internet Explorer's main window menu (or open Control Panel) and in either one choose/click Internet Options applet, go to the General tab (it opens there by default) and click on "Delete Cookies...", "Delete Files..." and "Delete History..." buttons. Here you will find a few linked websites and below also no less than 10 crucial points with SECURITY-RELATED RULES, TIPS AND HINTS that you should follow to lower the chances of future malware infections, and to prevent re-infections in general. If you want to, also read the linked articles below.

The 1ST Responder's prevention speech

Congratulations [ user_name ], your HijackThis log shows that your system is indeed clean ...

However, now that your system is clean, you need to actively protect (i.e. to reduce the chances of future malware infections) yourself against any re-infections in the future. To reduce the chances of future malware infections, and to prevent any re-infections, you need to actively protect yourself against it, so here below are a few very useful general security/privacy related suggestions, tips and hints (note that some might be duplicated since I yet need to clean this section up):

As first, you should always SET A NEW RESTORE POINT to prevent any future reinfections from the old restore points after your computer was cleaned out. Any virus, worm, trojan horse or spyware that you've picked in past could have been stored in System Restore and is just waiting to re-infect you. Since the files and directories saved by System Restore are protected, your file-manager doesn't have an access/permission and therefore cannot delete them. Setting a new restore point should be done to prevent any future reinfection from the old restore point(s), and to enable your computer to be able to "roll-back" in case if of a problem in future. Beside the steps below, you can also check the tutorial for Windows XP operating system: http://www.bleepingcomputer.com/forums/index.php?showtutorial=56 on the Bleepingcomputer website.

To set/create a new system restore point:

- Go to Start -- Programs -- Accessories -- System Tools and click "System Restore".
- Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
- Then go to Start -- Run and type: Cleanmgr
- Click "OK".
- Click the "More Options" Tab.
- Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

I highly recommend you to read these security-related articles listed in this paragraph; as first the Ralph Caddell's: Find and Eliminate Spyware article, to learn more about spyware and how to eliminate it, next read the Pieter Arntz's: Help Preventing Spyware article for detailed instructions on how to install and use the above preventive tools, then an article written by Tony Klein and titled How did I get infected in the first place?, a Configure Windows XP: Create Your Accounts article on Microsoft site which deals with how to learn on how to setup a user account (instead of an administrator one) to prevent malware installation and other stuff, further the Safer Settings for Internet Explorer for SP1 & SP2 article written by Larry Stevenson and hosted here at CastleCops site, then the How to Protect Yourself page on Aumha website, the TomCat's computer-safety overview article Secure Your Home Computer, then the Simple and easy ways to keep your computer safe on page under the "tutorials" section on the Bleepingcomputer site, and finally also check out the Rogue/Suspect Anti-Spyware Products listing of rogue/suspect programs vs. good security programs, nicely sorted in a nice table.

A few useful suggestions, tips and hints:

1. As you might already know (it's also stressed in many articles linked above), it is very important to keep Windows and Internet Explorer with current security updates from Microsoft update page (at least with the latest "critical" ones); this will patch many new security holes through which attackers can gain access to your computer. Also, consider upgrading to the Service Pack 2 for Windows XP (SP2 in short), which implements many new security features (such as "popup blocker", firewall's "outbound connection attempt warning/prompt" etc.) and additionally enhance and fixes any bugs/vulnerabilities in old ones.

2. Then, it is also crucial to frequently delete you browsing traces stored by your web-browser. To do this in/through Internet Explorer, first go to Tools in its main menu (or open Control Panel), and in either one choose/double-click the "Internet Options" applet, go to General tab (it opens there by default) and click on "Delete Cookies...", "Delete Files..." and "Delete History..." buttons. It's best that Internet Explorer process is not running at the time of performing these steps. In Firefox, first go to Tools in its main menu, and choose/click the "Clear Private Data..." menu-item.

3. Further, make sure that your firwall program is functioning properly. To do this, click on Start Menu, and choose the Run item, then click OK and type "services.msc" (with or without quotes, it doesn't matter) in an input-filed and click OK again. When you will be Services window, scroll down through the list of services and check if "Windows Firewall/Internet Connection Sharing (ICS)" service is set to Automatic startup-type and running (through "Properties" menu-item); otherwise set it like that. If you have a fully patched operating system, then Windows XP SP2's in-built firewall is enough, however, if you want/need more protection (for instance outbound traffic filtering), then you can always download and install a third-party firewall software.

4. Make sure that your anti-virus program is functioning properly. To do this, first make sure that your subscription is not out of date, of course, only if you are not using a free anti-virus software. This is because in some anti-virus software' cases, if your product subscription is out of date, then the anti-virus program can no longer download and install new/updated virus definitions, thus it can't detect the latest viruses, worms and trojan horses. Further, you need to configure your anti-virus program to check for new/updated virus definitions frequently (at least once a week or something like that), but remember that it's best to do it as often as possible. Then also check if your ake sure your anti-virus program is configured to perform a scheduled scan of a computer's hard-disk (which usually also includes a memory scanning)

5. In general, do not rely on an anti-virus program's real-time scanning engine alone, but make sure that you are using some kind of anti-adware and anti-spyware software, which performs a real-time scanning too. One program that I can recommend is SpywareGuard, which is also developed by JavaCoolSoftware (same as SpywareBlaster below): http://www.javacoolsoftware.com/spywareguard.html, and also see this tutorial in a thread on Bleepingcomputer forum: http://www.bleepingcomputer.com/forums/index.php?showtutorial=50.

6. Make sure to prevent spyware and other potentially unwanted software-related problems (dialers, hijackers, adware and spyware) with another application from JavaCoolSoftware website called SpywareBlaster program: http://www.javacoolsoftware.com/spywareblaster.html. SpywareBlaster includes "Internet Explorer", "Mozilla/Firefox" and "Restricted Sites" protection. Same as in the paragraph above, see this tutorial in a Bleepingcomputer forum's thread: http://www.bleepingcomputer.com/forums/index.php?showtutorial=49. Another similar program which helps to eliminate dangerous cookies, prevent dangerous system changes and home-page hijacking, and increase your general browser security is an IE-SPYAD program: https://netfiles.uiuc.edu/ehowes/www/resource.htm, and again same as above, also see this tutorial on Bleepingcomputer forum: http://www.bleepingcomputer.com/forums/index.php?showtutorial=53

7. If you receive an unsolicited e-mail message, do not open it, or yet better, delete the message right away. An unsolicited message like for instance an e-mail from a friend that you were not expecting, or one with a strange/unusual subject etc., but rather emediately contact your fiend and ask them if he/she has actually sent the message. Be sure to not even "preview" the e-mail message in question, since in case of some e-mail clients, it's enough to only highlight that particular e-mail message to get infected. If your e-mail client is configured this way, turn off the automatic-preview or even turn off the preview feature completely. Also consider using an anti-spam filtering program; I use and recommend the K9 program: http://www.keir.net/k9.html (here is also a link to a file that I've uploaded to CastleCops website: http://castlecops.com/downloads-file-497-details-K9%20version%201.2.8.0.html) from Keirnet software.

8. It is clever to consider using one of many content-filtering programs or proxies (local or remote ones); programs like for instance Proxomitron: http://castlecops.com/downloads-file-270.html, which is a local/remote proxy and filtering application. Then there is DNSKong: http://www.pyrenean.com/?page_value=-1 from Pyrenean website (yet again, a link to a file at CastleCops: http://castlecops.com/downloads-file-494-details-DNSKong.html), a local DNS server running on your own machine, which uses customized filter rules to substitute the IP address of your own machine for computer names you desire to filter. DNSKong is system-wide and basically works for any program, like e-mail clients, web-browsers, as well as for any other programs that access the Internet. And finally the eDexter program: http://www.pyrenean.com/?page_value=-2 from the same site/author as DNSKong above (once again, a link to a file at the CastleCops: http://castlecops.com/downloads-file-498-details-eDexter.html), which supplements Internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. You can use eDexter's internal transparent image or even use your own images.

9. I urge anyone with a dial-up connection to always set you computer's modem settings to "Never dial a connection", but especially to "Show terminal window" before dialing for the particular connection/account you are currently using. This way, there is no chance for malicious "dialers" programs to do any harm. Here are the two links to screenshots of windows with these two settings stored at CastleCops (I used the graphics in one of my posts): http://castlecops.com/modules.php?name=Forums&file=download&id=5725, http://castlecops.com/modules.php?name=Forums&file=download&id=5726, and the links to two screenshots hosted on Imageshack: http://img259.imageshack.us/img259/5233/terminalwindow0gb.gif, http://img259.imageshack.us/img259/8858/connection2qc.gif. Optionally also read the related "Security and dial-up" article: http://wiki.castlecops.com/Security_and_dial-up that I wrote form CastleCopsWiki.

10. Finally, it is also clever to consider lowering the safety level for Internet Explorer's "active content"; although these steps described below are meant only for more or less experienced users. To modify the safety level for active content, first go to "Tools" in Internet Explorer's menu (or alternatively open the Control Panel), and in either one choose/click "Internet Options" and go to the Security" tab. Modify the safety level for active content. To do this, go to Tools in Internet Explorer menu. First short explanation of the available pre-set safety levels:

- High (the most secure one) ... it excludes the content that could damage your computer

- Medium (quite secure) ...it warns you before running potentially dangerous content

- Medium-Low (same as Medium) ... without prompting before running potentially dangerous content

- Low (the less secure one) ... minimal restrictions and warnings, most of the content is downloaded and/or run without prompts

- Custom Level (for experienced users) ... you choose all the security settings by yourself

Then just select one of the available zones and see if the slider for four safety levels is visible. If you don't see the slider nor the "Custom Level..." button, click first on the "Default Level" button, apply the changes, and then "Custom Level..." button will appear. After "Custom Level..." button will appear you can customize the detailed settings, although this is meant only for experienced users.

a. Configure Internet Explorer so that it does not run Active scripts automatically: Choose the Internet Web content zone (world icon), click "Custom Level..." button, go to the Scripting section, and choose the Disable check-box under "Active scripting" and "Scripting of Java applets". Click OK to apply the changes.

b. Configure Internet Explorer so that it does not run Java programs automatically: Choose the Internet Web content zone, click "Custom Level..." button and click "Disable Java" under Permissions, Click OK to apply the changes.

c. Configure Internet Explorer to not automatically use items that show active content (animations, marquees): Choose the Internet Web content zone, click "Custom Level..." button and click Disable under Download signed ActiveX controls, Download unsigned ActiveX controls, Initialize and script ActiveX controls not marked as safe, Run ActiveX controls and plugins, and Script ActiveX controls marked safe for scripting. Click OK to apply the changes.

When in the Security tab, you need to just select one of the available zones, and see if the slider for four safety levels is visible. If you don't see the slider nor the "Custom Level..." button, click on the "Default Level" button, apply the changes, and then the slider and the "Custom Level..." button will appear. After that, you can choose one of the available pre-set safety levels (by moving the slider) or click on now visible "Custom Level..." button so that you can customize the detailed settings. In the Settings box, go to the Scripting section, and configure Internet Explorer so that it does not run Active scripts automatically (disable the check-box under "Active scripting" and "Scripting of Java applets"), does not run Java programs automatically (click "Disable Java" under "Permissions"), and does not automatically use items that show active content such as animations and marquees (disable "Download unsigned ActiveX controls", "Initialize and script ActiveX controls not marked as safe", "Run ActiveX controls and plugins" and "Script ActiveX controls marked safe for scripting"), while optionally, also check the Privacy tab and configure the additional privacy settings for the Internet zone; of course, if you are confident enough in yourself and you computing skills. Finally click on the OK button to close all pop-up windows until you return to Internet Explorer or Control Panel. Optionally, if you are enough confident, check also the Privacy tab and configure privacy settings for the Internet zone.

Finally click on the OK button to close all pop-up windows until you return to Internet Explorer or Control Panel. Optionally, if you are enough confident, check also the Privacy tab and configure privacy settings for the Internet zone.

NAVIGATE: previous --> config1.html

Disclaimer 1: The opinions expressed on my website and in my files are mine, or belong to other individuals/entities where so specified. Each product or service is the trademark of their respective company. All the registered copyrights and trademarks (© and ™) referred in this site retain the property of their respective owners. All information is provided as opinions only. Please, also see the "Disclaimer 2" on the page "about.html".