Steps you can use to Enhance your Windows XP Security

What you do to keep your XP Operating system secure from virus attack? Putting an antivirus? Update antivirus everyday?.

All that steps above can be used to defend your operating system stability, but that’s not all.  To overcome the worst scenario, which is Reinstalling your computer, I’ve compile some steps :

1. Turn “Autorun and Autoplay” function off.

Autorun or autoplay is a function that will instantly offer you to open file when USB disk or CD ROM inserted into it’s place. This function sometimes helpful, but virus often use this function to run their program. So it’s wiser to turn this function off.

To turn this function off, you can use 2 ways, which is using REGEDIT for autorun, and GPEDIT for autoplay. Both has the same function, but with a different way to do so. Find the most suitable for you.

a. With Regedit command.

Open Regedit by clicking start > Run > write “regedit” (without quote) at the box availabe, then > click ok

Follow this string :

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Policies/Explorer

Double click at NoDriveTypeAutoRun and enter number 95 at Value Data.

b. with gpedit.

open gpedit by clicking start > Run > write “gpedit.msc” into box  available > click ok.

Follow this string :

Computer Configuration > Administrative Templates > System

Double click Turn Off Autoplay and click enabled.

2. Disable Copy Paste function through USB.

Activate USB copy paste function only if needed. This can be set with regedit using string as follow:

a. Click Start > Run > write “regedit” > then click ok.

Click HKEY_LOCALMACHINE > SYSTEM > CurrentControlSet > Control

b. Right click at Control, choose New>Key, Name it “StorageDevicePolicies”.

c. Right click at  StorageDevicePolicies, choose New > DWord Value name it “WriteProtect”.

d. Double click at  WriteProtect tersebut, and change the value data to 1.

e. Then  Restart your computer/Laptop.

If  success, every time you copy and paste file, there will appear a message  : Error Copying File or Folder.

If you want to activate this function again, change the value data to  0.

3. Update Your Antivirus Regularly

The purpose of updating antivirus is to add a new virus data, so antivirus will know if there’s new virus found. Updating can be done by clicking automatic update, if your computer connected to internet, or by manual updating. Just check your antivirus site to do so.

4. Scan your Flash Disk

Scan your  flash disk connected to the computer. Open flash disk files only after they’re scanned and free from virus. Rescan your flash disk after yang terhubung ke komputer. Buka file-file flash disk setelah proses scan selesai dan dinyatakan bersih atau virus yang bercokol di dalam flash disk telah terhapus atau diperbaiki.

5. Recognize Strange File Application

This action is a pre-caution for us not to click or run unrecognized file, except file that we really know what that’s file is. This is because sometimes antivirus can’t detect new version of some virus, for example when we are not update our antivirus yet.

6. Do not save file where Operating system Installed (usually drive C:)

This step is very important, and most people often forget it. Why are we should do this?. When your hard drive got virus, or something happen to your operating system that force you to re-install it, then your data is not lost. So, save your data file in  D:\ or E:\, or another partition. You can use free disk partition software like Easeus Disk Partition or other to make a partition.

7. Do a Operating System Backup using application like Ghost.

This will help you to avoid reinstalling operating system when it crash or broken by virus. Actually, ghost is similar to reinstalling, but it’s simpler and faster because all of your computer setting were saved in Ghost image file, you you just put back the files and everything (including softwares you previously install) will be appear as if there’s nothing happen. Besides Ghost (most popular is Norton Ghost), you can use Easeus Ghost maker.

Well, that’s a steps you can do to increase your computer security. Who will aware about our computer if not ourselves?

Please comment and add your experiences in increasing your own computer security.

The Virus Storyline

When did viruses, Trojans and worms begin to pose a threat?

Most histories of viruses start with the Brain virus, written in 1986. That was just the first virus for a Microsoft PC, though. Programs with all the characteristics of viruses date back much further.

Here’s a timeline showing key moments in virus history.

1949 Self-reproducing “cellular automata”
John von Neumann, the father of cybernetics, published a paper suggesting that a computer program could reproduce itself.

1959 Core Wars
H Douglas McIlroy, Victor Vysottsky, and Robert P Morris of Bell Labs developed a computer game called Core Wars, in which programs called
organisms competed for computer processing time.

1960 “Rabbit” programs
Programmers began to write placeholders for mainframe computers. If no jobs were waiting, these programs added a copy of themselves to the end of the queue. They were nicknamed “rabbits” because they multiplied, using up
system resources.

1971 The first worm
Bob Thomas, a developer working on ARPANET, a precursor to the internet, wrote a program called Creeper that passed from computer to computer, displaying a message.

1975 Replicating code
A K Dewdney wrote Pervade as a sub-routine for a game run on computers using the UNIVAC 1100 system. When any user played the game, it silently copied the latest version of itself into every accessible directory, including
shared directories, consequently spreading throughout the network.

1978 The Vampire worm
John Shoch and Jon Hupp at Xerox PARC began experimenting with worms designed to perform helpful tasks. The Vampire worm was idle during the day,
but at night it assigned tasks to under-used computers.

1981 Apple virus
Joe Dellinger, a student at Texas A&M University, modified the operating system on Apple II diskettes so that it would behave as a virus. As the virus had unintended side‑effects, it was never released, but further versions were written and allowed to spread.

1982 Apple virus with side effects
Rich Skrenta, a 15-year-old, wrote Elk Cloner for the Apple II operating system. Elk Cloner ran whenever a computer was started from an infected floppy disk,
and would infect any other floppy put into the disk drive. It displayed a message every 50 times the computer was started.

1985 Mail Trojan
The EGABTR Trojan horse was distributed via mailboxes, posing as a program designed to improve graphics display. However, once run, it deleted all files on the hard disk and displayed a message.

1986 The first virus for PCs
The first virus for IBM PCs, Brain, was allegedly written by two brothers in Pakistan, when they noticed that people were copying their software. The virus put a copy of itself and a copyright message on any floppy disk copies
their customers made.

1987 The Christmas tree worm
This was an email Christmas card that included program code. If the user ran it, it drew a Christmas tree as promised, but also forwarded itself to everyone
in the user’s address book. The traffic paralyzed the IBM worldwide network.

1988 The Internet Worm
Robert Morris, a 23-year-old student, released a worm on the US DARPA internet. It spread to thousands of computers and, due to an error, kept reinfecting
computers many times, causing them to crash.

1989 Trojan demands ransom
The AIDS Trojan horse came on a floppy disk that offered information about AIDS and HIV. The Trojan encrypted the computer’s hard disk and demanded payment in exchange for the password.

1991 The first polymorphic virus
Tequila was the first widespread polymorphic virus. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each
new infection.

1992 The Michelangelo panic
The Michelangelo virus was designed to erase computer hard disks each year on March 6 (Michelangelo’s birthday). After two companies accidentally distributed infected disks and PCs, there was worldwide panic, but few computers were infected.

1994 The first email virus hoax
The first email hoax warned of a malicious virus that would erase an entire hard drive just by opening an email with the subject line “Good Times”.

1995 The first document virus
The first document or “macro” virus, Concept, appeared. It spread by exploiting the macros in Microsoft Word.

1998 The first virus to affect hardware
CIH or Chernobyl became the first virus to paralyze computer hardware. The virus attacked the BIOS, which is needed to boot up the computer.

1999 Email viruses
Melissa, a virus that forwards itself by email, spread worldwide.

Bubbleboy, the first virus to infect a computer when email is viewed, appeared.

2000 Denial-of-service attacks
“Distributed denial-of-service” attacks by hackers put Yahoo, eBay, Amazon, and other high profile websites offline for several hours.

Love Bug became the most successful email virus yet.

2000 Palm virus
The first virus appeared for the Palm operating system, although no users were infected.

2001 Viruses spread via websites or network shares

Malicious programs began to exploit vulnerabilities in software, so that they could spread without user intervention. Nimda infected users who simply
browsed a website. Sircam used its own email program to spread, and also spread via network shares.

2004 IRC bots
Malicious IRC (Internet Relay Chat) bots were developed. Trojans could place the bot on a computer, where it would connect to an IRC channel without the user’s knowledge and give control of the computer to hackers.

2003 Zombie, Phishing
The Sobig worm gave control of the PC to hackers, so that it became a “zombie”, which could be used to send spam.
The Mimail worm posed as an email from Paypal, asking users to confirm credit card information.

2005 Rootkits
Sony’s DRM copy protection system, included on music CDs, installed a “rootkit” on users’ PCs, hiding files so that they could not be duplicated. Hackers wrote Trojans to exploit this security weakness and install a hidden “back door”.

2006 Share price scams
Spam mail hyping shares in small companies (“pump-and-dump” spam) became common.

2006 Ransomware
The Zippo and Archiveus Trojan horse programs, which encrypted users’ files and demanded payment in exchange for the password, were early examples of ransomware.

2008 Fake anti-virus software
Scaremongering tactics encourage people to hand over credit card details for fake anti-virus products like AntiVirus 2008.

2009 Conficker hits the headlines
Conficker, a worm that initially infects via unpatched machines, creates a media storm across the world.

2009 Polymorphic viruses rise again
Complex viruses return with avengance, including Scribble, a virus which mutates its appearance on each infection and used multiple vectors of attack.

SOURCE : SOPHOS A-Z COMPUTER AND DATA SECURITY THREAD

2010 Antivirus Performance test result

In the beginning of 2010, I am again serving an antivirus test result by Raymond, where yesterday he execute several antivirus performance test ( speed and memory use). This test consist of 106 antivirus products, which range from free product, premium to internet security.

For the complete result, you can check Raymond blog. This is a resume of popular free antivirus comparation. Raymond use Windows XP SP3.

Raymond test using several criteria as follow:

• Application Launch Time, running firefox browser 10 times, then calculate the average running time. 
• Boot time Increase, Calculating how long time addition booting time with antivirus installed. 
• Idle Memory Usage, Use of memory when idle. 
• Peak Memory Usage, Use of maximum memory usage. 
• Installation Size
• Detection, using one encripted virus sample to avoid detection. 
• Full Scan Time, computer scan time ( with the data samples 13.32 GB)

This graphs shows free antivirus test by Raymond. For detection test, only Spyware Terminator which able to detect and block encripted virus sample.

Launch Application Time

Boot Time Increase

Idle Memory Usage

Peak Memory Usage

Installation Size

Full Scan Time

Examining the result above, it’s rather difficult to conclude what is the best free antivirus performance, because there’s no one antivirus that powerful in all categories tested. Actually, Avast 5 has a relatively good result, and compared with it’s 4.8 version, lighter. But for full scan, this antivirus looks more slower than other free antivirus. So,  decide yourself what antivirus suit your need……

Installing 2 Or More Antivirus in A Computer, is it needed?

Several people ask me about how if we install 2 or more antivirus in a computer?. Some of us maybe think that it’s more secure for our computer, and another may think it’s redundant.

what is the best option?. Are we need 2 or more antivirus in a computer?. Here’s some consideration for you.

Actually, it’s not recommended to install more than one antivirus software in a computer, except for local antivirus to clean manually. Antivirus software vendor usually prohibit installing more than one antivirus.

The Consideration

If you really want to install 2 antivirus in a computer, you should consider this things:

• Computer specification. Make sure that your CPU and Memory (RAM) is more than enough. You can check minimun requirement for each antivirus.
• If both antivirus detect the same virus in a file, it can be a problem. You should should take manual action to resolve the problem. See the explanation below.
• Sometimes, one antivirus is not suitable to be installed together another antivirus. You should check the documentation or help file for detail. 
• You should give one antivirus greater priority than other. 
• Read the manual and documentation of each antivirus

Some antivirus can run together.

Here’s some antivirus that can run together without arising serious problem, except, memory consumption, maybe. AVG Free edition 7.5 or 8.0 can run together with Avira 8.0 and Avira 8.0 Free edition. This can be add with Avast 4.8 Home Edition (Free) without any other additional problem, except that your computer run very slow (of course!).

Avira 8.0 Free Edition can run together with Rising Antivirus Free Edition. Also, Avira 8.0 Free Edition can run smoothly with Bit Defender 10 Free Edition, but Kaspersky 2009 cannot be installed when Avira Antivirus exist in a system, maybe another antivirus too. So, Kaspersky is an exclusive antivirus, I guess.

How if 2 Antivirus detect the same virus file?

When there are 2 or more and antivirus installed on the computer, it can and very likely to occur. And sometimes this can cause problems, because if an antivirus detect a virus, antivirus will lock the file, so that it can not be accessed, run or even be deleted manually.

Maybe it happened, when one antivirus will delete or put into quarantine, this operation failed because other antivirus lock the access file. If this happens, we can non-activate one antivirus first, and then retry delete or put into quarantine. Though, this may not be successful and antivirus still locked the file.

Still Want to keep 2 Antivirus installed?

If you want to keep install 2 or more antivirus, but then you worried about the crash, error, conflict, slow computers and so forth, you can then only activated one antivirus in a time.

Each antivirus usually have menus that work actively monitor the computer all the time, such as: Active guard, Real-time guard, Proactive defense, Resident shield, Resident Protection and so on. To prevent conflicts and reduce computer work, we can be simply enable or disable this feature for an antivirus only. While other antivirus turned off (not activated), they can only  used to scan manually if necessary.

Or we could also turn off the autorun feature or prevent the automatic anti-virus running under Windows, which can be arranged through a program like Autoruns. With this program, we can see what antivirus is running when windows start (boot). But with just autorun software, sometimes is not enough, because anti-virus can activate itself through service windows (can be checked in the menu Control Panel> Administrative Tools> Services)

Experience is also important

This also may be the considerations, the experience of others who previously installed 2 or more antivirus  in a single computer is important. If you or your friends  had used two or more antivirus, please give feedback / comment. Whether there is ever a problem or not, we  can share our experience  each other and getting benefits from this

Top Ten Trojan Spread in January 2010

Sunbelt Software announced the 10 biggest malware threat of the month in January 2010.

7 of them are old malware ranked in December 2009. And 6 of 10 indicated as a Trojan horse malware.

Trojan.Win32.Generic! BT reaches half of the spread of malware found. It was their 3rd months in highest ranked. Why is this virus into the top, because it inserted directly into the fake antivirus programs. or Rogue Security Software.

Position 2, Trojan-Spy.Win32.Zbot.gen. The most famous of all Trojan and continued to appear in 10 major groups. It acts as a given name, to steal computer passwords.

3 Newcomer.

Virtumonde Adware, disrupting computer user on the Internet with ads. Many ads are offered by Virtumonde.
Packed.Win32.TDSS.aa.3 list of 10. Trojan rootkit class and outsmart search the web link to be directed by this virus.
Trojan.HTML.FakeAlert.a, can change Windows display background  as this trojan wish.

Tops 10 large malware attacks, including viruses and Adware.
1. Trojan.Win32.Generic! BT – 23:15%
2. Trojan-Spy.Win32.Zbot.gen – 4.91%
3. Exploit.PDF-JS.Gen – 4:55%
4. Trojan.Win32.Generic! SB.0 – 2.40%
5. Trojan.Win32.Malware – 1.93%
6. Trojan.ASF.Wimad – 1.92%
7. INF.Autorun – 1.46%
8. Virtumonde – 1.23%
9. Packed.Win32.TDSS.aa.3 – 1.21%
10. Trojan.HTML.FakeAlert.a – 0.98%