1. Microsoft EMET
Enhanced Mitigation Experience Toolkit: a free tool from Microsoftwhich help Windows users enhance the
security of commonly used applications, either
third-party vendor or Microsoft's. EMET allows users to force
applications to use one or both of two key security defenses built into Windows Vista and Windows 7 — ASLR and DEP.
- DEP (Data Execution Prevention) : is designed to make it harder to exploit
security vulnerabilities on Windows
- ASLR(Address Space Layout Randomization): makes it more difficult
for exploits and malware to find the specific places in a system’s
memory that they need to do their dirty work.
EMET can force individual applications to perform ASLR on every
component they load, whether the program wants it or not. Please note
that before you install EMET, you’ll need to have Microsoft’s .NET platform at least a 4.0 .Net Framework should be installed. And while it does technically work on Windows XP
(Service Pack 3 only), XP users cannot take advantage of mandatory ASLR
and some of the other notable protections included in this tool.
To proceed with EMET, download the program
and install it. To wrap EMET’s protection around a program i.e.
Internet Explorer — launch EMET and click the “Configure Apps” button in
the bottom right corner of the application window. Selecting the “Add”
button in the next box that brings up a program selection prompt; browse
to C:\Program Files\Internet Explorer, and then add the “iexplore.exe”
file. It should be okay to accept all of the defaults that EMET adds for
you.
While you’re at it, add the rest of your more commonly used,
Internet-facing apps. But go slow with it, and avoid the temptation to
make system-wide changes. Changing system defaults across the board –
such as changing ASLR and DEP settings using the “configure system” tab –
may cause stability, slowness and bootup problems which can cause the application to crash.
2. Sandbox
If you’re looking to add extra layers or protection, consider purchasing a license to Sandboxie,
which forces your programs to run in a protective sandbox that prevents
said programs from making changes to the computer. This is effective when you are not sure of what you are abount to run or install. Avast Antivirus also provide a free form of sand-box which you can set certain applications, but it comes with the antivirus when installed.
3. Combofix
is a malware removal tool that is extremely good at extracting
difficult-to-banish malware and rootkits, malicious tools that attackers
can use to burrow deep into an infected system. If a virus scan says
you have some version of “TDSS” on your system, or you have an infection
that comes back no matter what tools you use, try TDSSkiller. Other handy removal tools include Malwarebytes and Superantispyware.
4.OpenDNS : You can consider
changing your router’s default DNS servers to those maintained by
OpenDNS. The company’s free service filters out malicious Web page
requests at the domain name system (DNS) level. DNS is responsible for
translating human-friendly Web site names into
numeric, machine-readable Internet addresses. Anytime you send an e-mail
or browse a Web site, your machine is sending a DNS look-up request to
your Internet service provider to help route the traffic.
Most Internet users use their ISP’s DNS servers for this task, either
explicitly because the information was entered when signing up for
service, or by default because the user hasn’t specified any external
DNS servers. By creating a free account at OpenDNS.com, changing the DNS
settings on your machine, and registering your Internet address with
OpenDNS, the company will block your computer from communicating with
known malware and phishing sites. OpenDNS also offers a fairly effective
adult content filtering service that can be used to block porn sites on
an entire household’s network. This will be discussed later explicitly.
Tips from Krebsecurity
No comments:
Post a Comment