FREE ANTI-SPYWARE

[CyrusKnyghtbane]

I don't deviate much in my anti-spyware. I use one, and only one, product. That is SpyBot. One of my favorite features about this anti-spyware is it lets you know if ANYTHING is trying to change the registry. That is an AMAZING feature. Deffinatly worth the download.

[CyrusKnyghtbane]

Okay, so back to not surfing on an administrator account. I have three different accounts of the same virus, hitting two different computers.

[CyrusKnyghtbane]

I had a person set up. I told this person these same things I am informing you all of now.

"Don't surf on your admin account. If you get a virus, it has the ability to install itself, and then it's over."

This person didn't listen to me. Although I had made a limited use account on their computer for them, they still surfed on their Admin. Soon, this person caught a virus, and a perticularly nasty one. It wiped out their computer.

[CyrusKnyghtbane]

Since the person did not listen to me, and the virus got ahold of their admin account, it locked them out of their own computer.

It was reporting that the anti-virus was a virus. You were locked out of the registry. Porn ads were popping up ever few seconds. The entire system had to be deleted and re-installed. This is a pain when using certain things, like a wireless card that is in an Expansion slot, because you have to get the drivers, but you can't download them from the internet because you can't use your wireless network. It took 3 days to recover the system to working again.

[CyrusKnyghtbane]

The same person, after recovering their system from the virus. Decided that it was very unlikely to happen again. So once again, they began to go to website on their administrator account. The same virus entered the system.

[CyrusKnyghtbane]

This time it was even harder to find drivers, because we were unable to get the information from the system, and I didn't keep a copy of the drivers. The computer went without networking capabilites for over 3 weeks. All in all, almost 1 month of not being able to use the computer, because they could not stand to surf on a limited use account. The computer is back in working order for now, and the user is swearing to stay on the limited use account.

[CyrusKnyghtbane]

This attack happened durring the recovery phase of the second virual attack on the other system. Only this time, the user was my grandmother/grandfather/niece. I had told them all the same things, and had set up their computer in the same fashion. I gave them a new broswer (Because IE sucks), installed flash and all that, and then set them on a limited use account, and gave them the admin pass incase they had to install something.

[CyrusKnyghtbane]

The comptuer got the virus on the limited use account. Porn ads would pop up and the system was slow to react. I logged into the Admin account, and ran the virus scan. No viruses showed up, but I was still able to reach the registry. The virus had been contained to the limited use account. I deleted the account and all it's associated files, and made a new acocunt. The computer was down for about 15 minutes.

[CyrusKnyghtbane]

As you can clearly see, using the limited use account can save the computer from having to be cleaned out and started over. So there's no reason why you should still be surfing on your admin account, unless you just are asking to have to download everything all over again.

[CyrusKnyghtbane]

For those of you that wish, you should probably configure your router to block certain ports, or at least block certain flags.

[CyrusKnyghtbane]

Flags are TCP's (Transfer Control Protocol) way of... keeping track of things. TCP sets up a session, using a three way hand shake.

[CyrusKnyghtbane]

The handshake goes as follows.

Client sends server a SYN flag.
Server sends client the SYN and ACK flags.
Client sends server the ACK flag.

[CyrusKnyghtbane]

That may sound kind of weird, but if you think about it, and I break it down a bit. It may make sense.

Client says to server. "I want to SYNchronize with you"
Server says to client. "I ACKnolwdege your request to SYNchronize with me."
Client says to server "I ACKnolwdege that it is okay to begin transmissions"

[CyrusKnyghtbane]

So one thing that should never happen, is that your system should NEVER be getting SYN flags. Unless that is, you are running a server of some kind out of your basement. Hey, you wouldn't be the first person I knew to do it. But chances are you are just running a regular OS and are doing the basic things on it. Surfing, gaming, watching porn, etc.

[CyrusKnyghtbane]

In that case, you need to control any SYN flags coming your way. To do that you simply tell your router to only allow SYN flags if they're accompanied by the ACK flag. Only allow someone in that YOU initiated a conversation with. This can also stop a SYN flood attack.

[CyrusKnyghtbane]

A SYN flood is where someone floods your system with SYN requests. It's a form of a DOS attack, which is Denial of Service.

[CyrusKnyghtbane]

Think of a SYN Flood like this. I HATE Applebee's... So I call them, and reserve a table. Over and over again. Soon, I've reserved every table in the resturant. I've rented out the place, so to speak, so that no one else can eat there. But I never show up. Applebee's loses business to keep open the tables I reserved that no one ever showed up for.
That is the basic premise of a SYN Flood attack.

[CyrusKnyghtbane]

There is an attack called the NULL Session, and this is a TCP packet with NO FLAGS. That is something that should never happen, and it can confuse your router something aweful, giving way for a hole to be created in the port of the attackers choosing.

[CyrusKnyghtbane]

The Christmas Tree attack is a little different. It makes use of the more rarely seen flags... PSH, RST, and URG ( Push, Reset, and Urgent respectively.) It sends all these flags flying at your system, so basically the packet is... "Lit up like a Christmas Tree"... And hopes that the router will think it lost a packet and will try to "re-establish" a session with the attacker's machine.

[CyrusKnyghtbane]

Each router is different, so I don't have time to break down how to get into every router and configure a firewall. But it is something you should only do if you have a GOOD understanding of what you're doing.

[CyrusKnyghtbane]

You may realize that port 53 is for DNS. And that 53 TCP is for DNS Zone Transfers. You're not hosting a DNS server... BLOCK THAT SNIT!

[CyrusKnyghtbane]

You may realize that port 53 is for DNS. And that 53 TCP is for DNS Zone Transfers. You're not hosting a DNS server... BLOCK THAT SNIT!

OH NO! Port 53 UDP is for DNS name queries. You have just blocked the port to allow your computer to realise that www.google.com = 165.146.25.98 (No, I don't know if that's google's real IP address.)

[CyrusKnyghtbane]

74.125.47.105 is Google's actual IP address. Just incase anyone was wondering.

[CyrusKnyghtbane]

Open up your command prompt and type in "ping google.com"
It will show that you get a reply from an IP address. That's google's.

[CyrusKnyghtbane]

Click your Start menu, then click "Run" and type in "cmd". It should open up a black box. That's where you type.

[Sponsored content]