Hello, I'll try to keep this as brief as possible. I am a new Vista Ultimate
user. I acquired a laptop with it installed lastweek, and have been
installing sotware and configuring ever since.
I started out with a user count that had Administrator privileges, but
encountered problems and switched to the Administrator account to install
software. Hoever, then I noticed that when I reverted back to my user
account (still with Administrator privileges) that I was encoutering
problems. As a result I have completely turned off UAC. It is my desire to
be as secure as possible, and I am even willing to be somewhat incovenienced
to do so (such as the prompts asking me if it is ok to run). But I was
running into problems even getting things to run properly, or *at all* until
I turned off UAC.
I would like to turn UAC back on, which is why I am here. However, I can
not do so unless the problems I have witnessed are resolved. Rather than
list all of my woes, I thought I would start with just one problem and
perhaps I can extrapolate solutions to other problems from what I learn.
Do not work in elevated level; Day-to-day work should be performed while
the User Account Control (UAC) is enabled. Turning off UAC reduces the
security of your computer and may expose you to increased risk from
malicious software.
I attempted to install Zone Alarm Security Suite (the latest version that
supports Windows Vista). I could not get the installation program to run *at
all* under my user account with Administrator privileges. When I switched to
the Administrator account it insalled perfectly. Then I switched back to my
user account (still with Admin privilges) and I found that Zone Alarm was not
running correctly. I can't remembr if the True Vector service was running or
not, but the UI was definitely not - I could not interact with Zne Alarm at
all. The solution, in the end, was to turn off UAC. Then, it all worked
perfectly.
You are not going to find anything better than the Vista FW and Vista in
itself due to the advanced features the FW and Vista are using.
"Personal Firewalls" are mostly snake-oil.
http://www.samspade.org/d/firewalls.html
Jesper's Blogs-
At Least This Snake Oil Is Free.
http://msinfluentials.com/blogs/jesper/archive/2007/07/19/at-least-this-snake-oil-is-free.aspx
Windows Firewall: the best new security feature in Vista?
http://blogs.technet.com/jesper_johansson/archive/2006/05/01/426921.aspx
Exploring The Windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"If you try to block outbound connections from a computer that’s already
compromised, how can you be sure that the computer is really doing what you
ask? The answer: you can’t. Outbound protection is security theater—it’s a
gimmick that only gives the impression of improving your security without
doing anything that actually does improve your security. This is why
outbound protection didn’t exist in the Windows XP firewall and why it
doesn’t exist in the Windows Vista™ firewall."
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available).
Protects your applications from undesirable network incoming and outgoing
activity, controls applications internet access.
http://sphinx-soft.com/Vista/
Being that Zone Alarm is well know, I am hoping that someone might explain
how I should go about running it, while keeping UAC enabled.
http://zonealarm.donhoover.net/uninstall.html
Or
Absolute Uninstaller
http://www.glarysoft.com/au.html
Or
Revo Uninstaller
http://www.revouninstaller.com/
Aso, I am willing to help myself, so if anyone can point me at white papers
or other articles on UAC and how to work with it, I am all ears.
The best defenses are:
1. Do not work in 'elevated' level; For day-to-day work ensure that the
User Account Control (UAC) security module is enabled.
2. Familiarize yourself with "Services Hardening in Windows Vista".
3. Keep your operating (OS) system (and all software on it)updated/patched.
4. Reconsider the usage of IE.
5. Review your installed 3rd party software applications/utilities;Remove
clutter.
6. Don't expose services to public networks.
7. Activate the build-in firewall and tack together its advanced
configuration settings.
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10.Familiarize yourself with crash recovery tools and with
re-installing your operating system (OS).
11.Utilize a real-time anti-virus application and vital system monitoring
utilities/applications.
12.Keep abreast of the latest developments - Sh!t happens...you know.
The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.
re: #1
Windows User Account Control Step-by-Step Guide
http://technet2.microsoft.com/Windo...8514-4c9e-ac08-4c21f5c6c2d91033.mspx?mfr=true
re: #2
Services Hardening in Windows Vista
http://www.microsoft.com/technet/technetmag/issues/2007/01/SecurityWatch/
re: #3
Keep your operating system (OS) and all software on it updated/patched.
"So, you didn’t patch the system and it got hacked. What to do? Well, let’s
see: ..."
"The only way to clean a compromised system is to flatten and rebuild.
That’s right. If you have a system that has been completely compromised,
the only thing you can do is to flatten the system (reformat the system
disk) and rebuild it from scratch (re-install Windows and your
applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx
Windows update.
http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
Secunia Personal Software Inspector
http://secunia.com/software_inspector
https://psi.secunia.com/ and
M/S Security Baseline Analyzer 2.0
http://www.microsoft.com/downloads/...06-B5F9-4DAD-BE9D-7B51EC2E5AC9&displaylang=en
can assist also.
re: #4
Utilizing another browser application can add to the overall security of
the OS. But,
Microsoft says Internet Explorer more secure than Firefox
http://www.heise-security.co.uk/news/99955
IE7 safe/secure settings
Internet Explorer7 Desktop Security Guide
http://www.microsoft.com/downloads/...DA-6021-468E-A8CF-AF4AFE4C84B2&displaylang=en
The Internet Explorer 7 Security Status Bar
http://www.microsoft.com/windows/products/winfamily/ie/ev/security.mspx
Extended Validation SSL Certificates
http://www.microsoft.com/windows/products/winfamily/ie/ev/default.mspx
Note: *Tight security settings will break down some websites. You need to
add these websites into the Trusted Zone for smooth access.*
You could consider disabling all Security Settings in IE and use IE only
for the 'Patch Tuesday' updates; To do so you must add the following URL's
to the Trusted sites:
http://update.microsoft.com
http://download.windowsupdate.com
https://*.update.microsoft.com
http://*.update.microsoft.com
http://*.microsoft.com
Alternative Browsers:
Operaâ„¢
http://www.opera.com/download/
Firefoxâ„¢
http://www.mozilla.com/en-US/
The SeaMonkey® Suite (Internet Browser)
http://www.seamonkey-project.org/
re: #5
Review your installed 3rd party software applications;
Remove clutter, dispose of all your 'Anti-Whatever' applications. Keep you
pc lean, install only applications you are really need - try to be a
'minimalist'.
Belarc Advisor can assist
http://www.belarc.com/free_download.html
as can
Absolute Uninstaller
http://www.glarysoft.com/au.html and/or
Revo Uninstaller
http://www.revouninstaller.com/
re: #6
Windows Vista Service Configurations Introduction
http://www.blackviper.com/WinVista/servicecfg.htm
re: #7
Tap into the Vista firewall's advanced configuration features
http://articles.techrepublic.com.com/5100-10877-6098592.html
"...once you discover the secret of accessing its advanced configuration
settings via the MMC snap-in, you'll find it to be far more configurable
and functional. At last, Windows comes with a sophisticated personal
firewall that can be used to set up outbound rules as well as inbound, with
the ability to customize rules to fit your precise needs."
Or
Configure Vista Firewall to support outbound packet filtering
http://searchwindowssecurity.techtarget.com/tip/0,289483,sid45_gci1247138,00.html
Or
Vista Firewall Control (Free versions available)
http://sphinx-soft.com/Vista/
re: #8
Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp
re: #9
Back Up regularly; Develop a Contingency Plan; Be prepared!
Consider "What if..."
Use Windows to back up your computer.
http://www.microsoft.com/protect/yourself/data/backup.mspx
Powerful backup that is easy to do!
http://www.acronis.com.sg/homecomputing/
Casperâ„¢ Backup Solution for Windows
http://www.fssdev.com/
Norton Ghostâ„¢
http://www.symantec.com/norton/products/overview.jsp?pcid=br&pvid=ghost12
Free Back-Up Programs; There are many more - mileages will vary - get
appropriate advice before deciding on application.
http://www.karenware.com/powertools/ptreplicator.asp
http://www.2brightsparks.com/downloads.html#freeware
http://www.sover.net/~wysiwygx/WinUtils5.html
http://xxclone.com/
http://www.educ.umu.se/~cobian/cobianbackup.htm
'Must-have' utilities:
ERUNT and NTREGOPT
http://www.larshederer.homepage.t-online.de/erunt/
re: #10
Familiarize yourself with Crash recovery applications;
Sh!t happens, you know! (Don't get caught flatfooted!)
Beginners Guides: Crash Recovery - Dealing with the Blue Screen Of Death
http://www.pcstats.com/articleview.cfm?articleID=1647
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/
Windows PE 2.0 for Windows Vista Overview
http://technet.microsoft.com/en-us/windowsvista/aa905120.aspx
10a.
Re-install OS (reformat HDD). *See Footnote.
Back all your important Data files, Documents, Photo, Music, etc. to CD or
DVD media.
Download all the necessary drivers for Vista (motherboard, Video Card,
Audio, Network card, Etc.)
Verify that you have the Application DVD and key code.
Belarc Advisor can assist:
http://www.belarc.com/free_download.html
How to install Windows Vista
http://support.microsoft.com/kb/918884
Scroll down to:
How to perform a clean installation of Windows Vista by starting the
computer from the Windows Vista DVD
re: #11
Utilize some system monitoring utilities/applications.
Process Explorer
http://technet.microsoft.com/en-au/sysinternals/bb896653.aspx
AutoRuns for Windows
http://technet.microsoft.com/en-au/sysinternals/bb963902.aspx
What's Running
http://www.whatsrunning.net/whatsrunning/main.aspx
RunScanner
http://www.runscanner.net/
TCPView for Windows
http://technet.microsoft.com/en-au/sysinternals/bb897437.aspx
CurrPorts - View Opened TCP/IP ports/connections
http://www.nirsoft.net/utils/cports.html
WALLWATCHER - Collect, View, and Analyze Router Logs
http://sonic.net/wallwatcher/
Beginners may wish to employ a real-time AV application.
Real-time AV applications - for viral malware.
Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation Custom
Installation on some AV apps.) as it provides no additional protection.
http://www.oehelp.com/OETips.aspx#3
In fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.
Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html
AVG Anti-Virus Free Edition
http://free.grisoft.com/
Activate the in build Windows Defender application
Interesting reading:
http://www.pcworld.com/article/id,136195/article.html
"...Windows Defender did excel in behavior-based protection, which detects
changes to key areas of the system without having to know anything about
the actual threat."
And if you're really paranoid you can consider utilizing:
SUPERAntiSpyware Free (in conjunction with WinDef)
http://www.superantispyware.com/superantispywarefreevspro.html
re: #12
Windows Vista Security Guide
http://www.microsoft.com/Downloads/...ed-7f35-4e72-bfb5-b84a526c1565&displaylang=en
*Footnote:
Reformatting of HDD is the preferred course of action! But if this is
beyond your capabilities then consult professional computer services (but
not the supermarket-type repair shops). If this is not an option then you
may be able to clean your OS by employing David H. Lipman's MULTI_AV.EXE
which can be downloaded from the URL:-
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Swiss/German:
http://www.pctipp.ch/downloads/dl/35905.asp
http://pcdid.com/Multi_AV.htm
(Note: An experienced and prepared operator probably will reformat a HDD
faster then utilizing the MULTI_AV scanning tool).
Good luck