Cybersecurity help and quick reference guide

[Amazonsucks]

The discussion about cybersecurity is almost non existent on this forum so I thought I'd make a basic list of things to do, that people can point to if they're having, or trying to prevent having, cybersecurity related issues. Also after reading stuff about peoples' PC's being full of malware and all the news of hacking etc. I figured I might as well take a few minutes and write a post on it. Not sure if this is the best place to put it though. Oh well.

 

 

 

Security Basics

 

The first thing to do is follow and familiarize yourself with basic security best practices. By doing so, you can avoid most problems and mitigate the damage caused by any that can't be prevented.

 

Never assume that your security setup is going to be 100% effective, and therefore assume that someone, somehow can get malware onto your system or that your password will be hacked in a database breach of some sort. If that sounds depressing, it's not that bad.

 

 

 

 

Two Factor Authentication(2FA) Basics

 

Use two factor authentication and two step verification for every account you can. The most secure 2FA is NOT to use the cell phone based text message code. Its unlikely, but an adversary who is an advanced persistent threat(APT), can intercept normal text messages pretty easily, and actually get into an account using such 2FA without the account owner knowing.

 

That's why you should use a 2FA app like the Google Authenticator, which uses codes that expire every minute or so and constantly change. Other companies like Blizzard and Steam have these type of authenticators built into their apps or they have dedicated 2FA apps for mobile devices. Use them.

 

Since no one can easily access the account if you have 2FA, including you if you lose your backup codes, make sure that you keep the backup codes off your device, somewhere safe. Like written down or burned to a DVD in a fireproof safe. That way, if your devices break, you're not locked out of your accounts.

 

 

The second thing to do is make sure that you are running your computer in a way that does several things to minimize potential infections and mitigate any damage they might cause:

 

• Minimize the use of accounts with high priveliges within your operating system(so don't have admin priveliges on every account by default or something like that).

 

• Minimize the attack surface of your computer by not having a bunch of unnecessary programs that can be vectors for attack. For example, if you have some free program that has a bunch of ads in it that you don't use, uninstall it. Ad networks get compromised all the time and if you don't use it, don't have it active. The same goes for mobile devices too.

 

• Always keep your software updated. Make sure that Widows Update is fully functional(malware will often disable it) and install all of the security related updates.

 

• Get rid of commonly attacked programs that you don't need. If you have Java and Flash and you don't need them, uninstall them.

 

• Use something that actually works for security software.

 

 

 

Security Software

 

Most conventional AV software, and a lot of unconventional antimalware software, is worse than just useless. It gives people a false sense of security, so they don't think a phishing link can affect them, or they think that visiting webpages with exploit kits in the ads won't affect them, and very quickly their PC will be full of rootkits. Some antimalware is itself a vector for malware to enter a system. PC Matic was called out relatively recently for allowing an attacker to take over a system.

 

Its important to realize that AV test and comparison websites are also basically useless, much like synthetic hardware benchmark websites are useless. They don't represent the kind of threats that are actually faced today. A very common way to get the nastiest malware out there like a rootkit or a crypted RAT, is to browse the internet on perfectly normal websites that have ads(ad blockers don't stop this either), or a website that has been hacked, and has an exploit kit on it or in an ad being displayed.

 

An exploit kit will, without any user interaction, silently drop malware onto the target machine and the user will often never be the wiser. Most antivirus software will remain silent on runtime, and there are anti-detection techniques that assist the malware in evading detection(polymorphism, crypting, stuff like that).

 

In my experience, the only consumer level piece of antimalware that has actual exploit mitigations(like the now deprecated EMET from Microsoft, but more effective and actually user friendly) is Malwarebytes premium. If you don't want to pay for it, you can get the permanent beta version of Malwarebytes Anti Exploit off their forum, and it has much of the functionality of the premium version's. Whatever version of Malwarebytes Anti Malware you use, make sure you go into the detection settings and enable the rootkit detection option before you do a scan, and for the first scan do a Threat Scan instead of a Hyper Scan.

 

Normal program with premium trial:

 

https://www.malwarebytes.com/

 

Free permanent beta of MBAE:

 

https://forums.malwarebytes.com/forum/126-anti-exploit-beta/

 

There are a few other tools that can be run as second, and third opinion scanners as well. These are not full fledged antivirus or antimalware solutions, so don't think that they replace one.

 

Interestingly, Malwarebytes bought one of the best ones and now runs it as well: Adwcleaner. Anyone who has had to fix browser hijackers knows this piece of software well!

 

https://www.malwarebytes.com/adwcleaner/

 

Microsoft, of course, has their Malicious Software Removal Tool

 

https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx

 

And the Microsoft Safety Scanner

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

F-Secure has a good, small, free scanner as well

 

https://www.f-secure.com/en/web/home_global/f-secure-online-scanner

 

There are two other tools that everyone using Windows should familiarize themselves with:

 

Process Explorer is basically an advanced version of Task Manager, which has Virus Total MD5 hash comparison integrated, meaning it will compare the cryptographic hashes of the processes running on your PC with Virus Total(owned by Google) database and show you a result in a column on your screen. You have to enable it, as well as "Signature Verification" which shows who the certificate signer of the software is.

 

Make sure you go to File and Show Details From All Processes or do run this as administrator.

 

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

Autoruns allows you to see, and prevent, things from starting with Windows easily. It also has Virus Total integration that can be enabled in settings. Administrator also applies here.

 

https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns

 

 

 

System Repair

 

After you have completely removed all traces of malware from your system, which if the tools listed don't do it, you should probably head over to Bleeping Computer or some forum like that where they have people who will step by step walk you through malware removal, you should run two built in Windows features.

 

Open an elevated command prompt by searching for command in Windows Search, and right click the Command Prompt and click "Run as Administrator". Once you're in there, type in the following commands and hit enter afterward. 

 

Note: you will need to wait for the previous command to finish running before going to the next one. Use the exact spacing that I use here:

 

DISM /online /cleanup-image /restorehealth

 

sfc /scannow

 

 

Mobile Security

 

A lot of people use mobile devices for banking and things like that nowadays as well. Not to mention that a phone or tablet will usually be the device that has the mobile authenticator app installed(as it should be), so it's important to keep those clean and secure as well.

 

•Disable all the useless bloatware in your devices application settings. 

 

• Disable "install from unknown locations" on for Android, don't root the phone.

 

• Don't Jailbreak the Apple stuff and that takes care of most of the problem for them.

 

• I would also enable Lookout Mobile Security and set it up correctly for Android devices that come with it preinstalled, and I install it on every Android device that I use that doesn't have it by default.  The free version is really quite good for mobile antimalware.

 

 

 

VPN Considerations

 

If you need a VPN, I would recommend using a VPN that's ACTUALLY a security/privacy product, and not a scam or data harvesting piece of malware itself. There was a good study a while back that I'll have to find about how many free "VPNs" were just massive security risks themselves.

 

I know that there are a few reputable ones out there, but the ones I always personally recommend are F-Secure Freedome(Finland) and ProtonVPN(run by CERN in Switzerland). Freedome has more security focused features like app scanning and malicious website blocking, but ProtonVPN has a completely free client that has unlimited data.

 

https://www.f-secure.com/en_US/web/home_us/freedome

 

https://protonvpn.com/

 

You do need a free Protonmail account to use it, but if you don't have a Protonmail account you should have one as a more secure alternative to Gmail or Hotmail. It has 2FA using Google Authenticator as well so it can be fully secured like a Gmail account.

 

Once you have your VPN of choice setup, make sure its working by going to:

 

https://ipleak.net

 

If you see your real IP or DNS with the VPN active, your browser is leaking, probably via WebRTC. There are various different ways to disable WebRTC depending on which browser you use. For example, in Chrome you need to type chrome://flags into the URL bar and disable the WebRTC stun header flag. 

 

 

 

Basic Network Security

 

For your home network and WiFi, make sure you change the default password and login name on your router/modem.

 

Make sure you have remote administration off on your modem/router, and that it's off on your computers unless you need it to be on.

 

Use Windows built in firewall! It's really the best one to use in Windows. Most of the third party ones are just an overlay on Windows Firewall anyway, and are useless.

 

 

 

Things to Avoid

 

Do not use software that does more harm than good like:

 

• Registry cleaners or optimizers. They are worse than useless and can break things.

 

• Driver updaters. They're mostly garbage and can break things. Just do it manually.

 

• File managers. They're often loaded with malware.

 

• "System booster" type software. Worse than useless and can have a bunch of malware as well.

 

• Don't connect a bunch of IoT garbage to your network. It's mostly just going to be exfiltrating data from your network for companies to sell and market you junk.

 

[Sauron]

This is pretty nice, but you need to structure it a bit more - it's hard to sift through a wall of text like this. Try dividing it into categories and adding some bullet points or example pictures.

[vorticalbox]

On android I recommend netguard[1], it's a great app. set it to monitor system apps and set it to default block wifi and mobile then slowly enable the apps you use. If you pay some money you can even control what an app can connect to allowing you to block all ads but keep the app functional.

 

[1] https://play.google.com/store/apps/details?id=eu.faircode.netguard&hl=en_GB

[Amazonsucks]

1 hour ago, Sauron said:

This is pretty nice, but you need to structure it a bit more - it's hard to sift through a wall of text like this. Try dividing it into categories and adding some bullet points or example pictures.

Still needs work but i rearranged and clarified it for the time being. 

[TacoSenpai]

Very cool!  I hope to see it keep growing with tips for general user! 

[Amazonsucks]

8 hours ago, LordOTaco said:

Very cool!  I hope to see it keep growing with tips for general user! 

I think they really need a security sub section of the forum. Its exasperating when someone asks for help but says "i have no malware" and they clearly do.

[Speed Weed]

Please update the thread.

 

MBAE is already implemented to MBAM 3.0 

 

[Amazonsucks]

1 hour ago, Speed Weed said:

Please update the thread.

 

MBAE is already implemented to MBAM 3.0 

 

Please read the thread. Its only in premium. If you want it free you need to use the beta.

[Speed Weed]

27 minutes ago, Amazonsucks said:

Please read the thread. Its only in premium. If you want it free you need to use the beta.

Last update is in 2017. Malwarebytes seems to abandoned this tool to force users to their MBAM 3.0 

 

Since Windows 10 is already implemented its own Anti Exploit features; therefore, Malwarebytes Anti Exploit doesn't need it. 

 

BETA security software are good for testing, but it is not recommended for daily use. Hint: BETA

 

 

 

 

[Amazonsucks]

1 hour ago, Speed Weed said:

Last update is in 2017. Malwarebytes seems to abandoned this tool to force users to their MBAM 3.0 

 

Since Windows 10 is already implemented its own Anti Exploit features; therefore, Malwarebytes Anti Exploit doesn't need it. 

 

BETA security software are good for testing, but it is not recommended for daily use. Hint: BETA

 

 

 

 

Thats when the locked stickied threads were posted. The beta is still up to date.

 

https://www.wilderssecurity.com/threads/malwarebytes-anti-exploit.354641/page-154

 

Its clearly marked as beta. Its a free option for people who refuse to pay for software so its better than nothing.

 

Also the exploit mitigations in Windows are not the same as those used in MBAE and arent available for all versions of Windows.

 

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/customize-exploit-protection

 

 

[YaBoiWill]

On 11/5/2018 at 5:49 AM, Amazonsucks said:

WebRTC

So I want webRTC off? 

Is there an efficient way of doing this in safari? 

[Amazonsucks]

4 minutes ago, YaBoiWill said:

So I want webRTC off? 

Is there an efficient way of doing this in safari? 

https://discussions.apple.com/thread/8136625

 

That should work. Test with ipleak after you disable it to verify that its been successfully disabled.

[Guest]

I agree, good stuff!

[AbsoluteFool]

Very nice! Maybe you should put in something about trying to find "cheaper" stuff from websites that obviously have "too goiod to be true" prices haha.

[Amazonsucks]

1 hour ago, AbsoluteFool said:

Very nice! Maybe you should put in something about trying to find "cheaper" stuff from websites that obviously have "too goiod to be true" prices haha.

You mean like how G2A is a used by credit card thieves for money laundering? Ive written extensively about it but ill need to get my list of links to the articles about it.

 

I should probs do that on another thread though since its not really malware related unless the carders use malware to get the numbers before laundering through G2A Kinguin etc.

[AbsoluteFool]

12 minutes ago, Amazonsucks said:

You mean like how G2A is a used by credit card thieves for money laundering? Ive written extensively about it but ill need to get my list of links to the articles about it.

 

I should probs do that on another thread though since its not really malware related unless the carders use malware to get the numbers before laundering through G2A Kinguin etc.

That is a very good point. It seems people are willing to risk alot to save a few pennies are people really that greedy? Sometimes people shock me

[Amazonsucks]

3 hours ago, AbsoluteFool said:

That is a very good point. It seems people are willing to risk alot to save a few pennies are people really that greedy? Sometimes people shock me

Well thats actually part of the problem. People dont really have much personal risk with g2a. They might lose a tens of dollars if the key they buy doesnt work.

 

The people buying from g2a arent the ones getting their credit cards stolen. Theyre just helping the credit card thieves launder the money they steal.

 

Ironically, the people who get hurt financially the most are small game devs and other consumers.

[Guest]

Oh! Could talk about a password manager? Can't tell you how many people I know who say they use "secure" passwords only to have their accounts hacked later on due to leaks at a site.

[AngryBeaver]

WHAT!? No piece on how to analyze email header information to look for spoofed emails and phishies. In the corporate world even with solutions like proofpoint I have found that a hacked contact that is spoofed is one of the more effective means of delivery a link to payload. I mean your normal phish is already effective enough to get users, but spoofed accounts and spear phish are some of the biggest threats these days. Even with good user training it still is a continual issue.

[Amazonsucks]

8 hours ago, nick11682 said:

Oh! Could talk about a password manager? Can't tell you how many people I know who say they use "secure" passwords only to have their accounts hacked later on due to leaks at a site.

I have mixed feelings about using or recomending them since there have been breaches of password managers. Theyre not something i personally use or recommend for that reason.

 

4 hours ago, AngryBeaver said:

WHAT!? No piece on how to analyze email header information to look for spoofed emails and phishies. In the corporate world even with solutions like proofpoint I have found that a hacked contact that is spoofed is one of the more effective means of delivery a link to payload. I mean your normal phish is already effective enough to get users, but spoofed accounts and spear phish are some of the biggest threats these days. Even with good user training it still is a continual issue.

Yeah spear phishing and social engineering and APTs who use them could fill their own threads though. I just wanted a basic "emergency response" type list of things to do since there are often people posting how their computer is acting up and need to clean out the malware.

[Guest]

17 hours ago, Amazonsucks said:

I have mixed feelings about using or recomending them since there have been breaches of password managers. Theyre not something i personally use or recommend for that reason.

Fair, but from what I've seen it's more likely that a person uses a horrible password for every site. Then one misconfigured site gets everything compromised in one blow. It's different for people who know how to make secure passwords since we understand the actual dangers of this. What I recommend people do is for the sites that don't really matter e.g. (forums, game sites, etc) use a wallet. Then for email, bank, and anything that can effect your real life, use unique passwords that live in your head. Of course there's no way to be 100% secure, you can be close, but not 100%.

 

I know tons of friends in the tech field who say that they use difficult unique passwords. I had a few do an audit of every site they signed up for by going through old emails (usually anywhere from 20-100). At that point only about 10-20% were actual sites they would feel if they got breached. As I'm sure you can tell most of those sites had the same if not similar passwords that wouldn't be hard to deduce if one site was leaked. It is preference but I've heard of more people being breached from using similar or the same password, than being compromised using a wallet.

 

If you're still concerned you can look into offline password managers as well, not as convenient of course but still get the job done. At the end of the day it's up to the end user, that's why I suggested it as an option.