i just posted something in an Thread over at Guru3d and i did write a bit more then i wanted and so i thought, well, why not make an Thread over here also on how to secure your OS a bit, ask questions and have a fun time..
The question over @ G3d was if and why you use an Anti Virus Programm.
Anyway, i just leave my Post here and well see if its interessting enough to make a full fledged INFO Thread out of it.
i used avira for years, but about 2 years ago i decided that an virus programm can see, and do everything, also some of them strip your ssl conection, change dns servers and more horrorble stuff.. There where a lot of news lately about the security of antivirus tools and after reading and testing i decided to just drop teh virus programms..
sources:
just name a few things that are wrong with this crap...There are thousands more if u really look..
Im using an extremely aggressiv Firewall (Trust nothing, block all till i sayd otherwise) with good settings, IP Fire, Rasperry Pi hole, upribox, Router Firewall, SET YOUR OWN DNS SERVER (https://www.kuketz-blog.de/empfehlungsecke/#dns), weekly scans with adwcleaner, an portable Virus scanner that does not have to be installed, updates for security (windows Offline updates, browser updates, Addons like uMatrix, uBlock, self destructing cookie, cookie monster, privacy settings, NoScript, disable java, NoResourceLeak, HTTPS Everywhere, Certifcate Patrol, etc, just keep everything up to date after reading about the updates and , well, common sense i guess..
Also it is an good idea to DISABLE the services you dont need, like remote controll etc etc.. If you dont need stuff, DISABLE it, so theres no room for attacks, also USE the HOSTS file, its there for a reason..I guess you could call this Hardening your OS.
Theres a lot more you can do, but its way to much to write it all down now, lets just say, in the years you learn a lot..
Just keep a clean PC, monitor everything and get to know your habbits, count the processes, so you know whats normal and when theres more processes then u used to be you should go investigate..
There are great tools for that stuff, for example:
Process Hacker, SvchostAnalyzer, leaktest, HostsServer tool for monitoring the blocked connections in the HOSTS file, nirsoft_package, MultiLogMonitor, SystemExplorer, SpyStudio, Acrylic DNS Proxy Monitor, etc etc.. And please try to use OpenSource software first..
Also, for the Paranoid, theres also an pretty slik thing, Most Malware, Trojan, crypter, etc are also monitoring your processes and if there are certain programms running it will go into hidden mode and is doing nothing because it doesnt want to get caught, so you can with an Powershell script spawn some services/programms that would trick the malware into thinking the real deal is installed and monitoring so it will hide..
Its an proven thing that this can and does work.
Let the Guy @ Github explain it a bit better:
Quote:
This small script will simulate fake processes of analysis, sandbox and VM software that some malware will try to avoid. You can download the original script made by @x0rz [URL='https://gist.github.com/x0rz/e8b36fee33b87aa7e4e5dfd4c0cfc1a6']here[/URL] (thanks, by the way).
You can also download my slightly optimized script from the root directory. The file is named fsp.ps1. This exact script is also used in the FSP installer.
Script-Features
Some (more advanced) spyware might stop executing correctly as long as the created processes run.
Requirements: Powershell (preinstalled on Win 7 and newer), that's all.
No system load.
Easy to use.
Installer-Features
Automatically install the script to your autostart directory, so that you don't have to execute it at every re-login.
Requirements: Only Powershell.
With uninstaller to purge all files.
Everything packed into one tiny offline package.
Optional updater included, you can choose if you want it or not.
# Simulate processes of analysis, sandbox and VM software that some malware will try to evade.
# This just spawns ping.exe with different names (wireshark.exe, vboxtray.exe, ...)
#
# This is the updated version with no system load at all. I might also add some more fake processes in future updates.
# Maintained by Phoenix1747, get updates and fixes on https://github.com/phoenix1747/fake-sandbox/
#
# Usage (CMD): Powershell -executionpolicy remotesigned -F "C:\Full\Path\To\File\fsp.ps1"
$action = read-host " What do you want to do? (start/stop)"
# Your processes come here:
$fakeProcesses = @('WinDbg.exe','idaq.exe','wireshark.exe','vmacthlp.exe','VBoxService.exe','VBoxTray.exe','procmon.exe','ollydbg.exe','vmware-tray.exe','idag.exe','ImmunityDebugger.exe')
# If you type in "start" it will run this:
if ($action -ceq "start") {
# We will store our renamed binaries into a temp folder
$tmpdir = [System.Guid]::NewGuid().ToString()
$binloc = Join-path $env:temp $tmpdir
foreach ($proc in $fakeProcesses) {
# Copy ping.exe and rename binary to fake one
Copy-Item c:\windows\system32\ping.exe "$binloc\$proc"
# Start infinite ping process (invalid ip) that pings every 3600000 ms (1 hour)
Start-Process ".\$proc" -WindowStyle Hidden -ArgumentList "-t -w 3600000 -4 1.1.1.1"
write-host "[+] Spawned $proc"
}
Set-Location $oldpwd
write-host ""
write-host "Press any key to close..."
cmd /c pause | out-null
}
# If you type in "stop" it will run this:
elseif ($action -ceq "stop") {
write-host ""
foreach ($proc in $fakeProcesses) {
Stop-Process -processname "$proc".Split(".")[0]
write-host "[+] Killed $proc"
}
write-host ""
write-host "Press any key to close..."
cmd /c pause | out-null
}
# Else print this:
else {
write-host ""
write-host "Bad usage: You need to use either 'start' or 'stop' for this to work!" -foregroundcolor Red
write-host "Press any key to close..."
cmd /c pause | out-null
}
Puuhh, that was a bit much for the normal user..
Anyway, i hope this helps someone and Please, get to know your OS, its the USER thats the Problem, mostly
Edit:
Forgot to mention, always make a system backup before testing any stuff..
Also, for deactivating services that you dont need to minimize the room for attacks, heres one of the best guides to do so..
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
