Jump to content

Search the Community

Showing results for tags 'firewall'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 55 results

  1. malakai1911

    Comprehensive Security Guide

    Comprehensive Security Guide i. Foreword The primary purpose of this guide is to offer a concise list of best-of-breed software and advice on selected areas of computer security. The secondary purpose of this guide is to offer limited advice on other areas of security. The target audience is an intermediately skilled user of home computers. Computer software listed are the freeware versions when possible or have free versions available. If there are no free versions available for a particular product, it is noted with the "$" symbol. The guide is as well formatted as I could make it, within the confines of a message board post. This guide is constantly evolving, if it is not as in-depth as you require in any specific area, you can try Google if you're interested in more. ii. Table of Contents i. Foreword ii. Table of Contents 1. Physical Security .. a. Home .. b. Computer .. c. Personal 2. Network Security .. a. Hardware Firewall .. b. Software Firewall 3. Hardening Windows .. a. Pre-install Hardening .. b. Post-install Hardening .. c. Alternative Software .. d. Keep Windows Up-To-Date 4. Anti-Malware .. a. Anti-Virus .. b. HIPS / Proactive Defense .. c. Malware Removal 5. Information and Data Security .. a. Privacy / Anonymity .. b. Encryption .. c. Backup, Erasure and Recovery .. d. Access Control (Passwords, Security Tokens) 6. Conclusion 1. Physical Security I just wanted to touch on a few things in the realm of physical security, and you should investigate physical and personal security in places other than here. a. Home How would you break in to your own home? Take a close look at your perimeter security and work inwards. Make sure fences or gates aren't easy to climb over or bypass. The areas outside your home should be well lit, and motion sensor lights and walkway lights make nice additions to poorly lit areas. If possible, your home should have a security system featuring hardwired door and window sensors, motion detectors, and audible sirens (indoor and outdoor). Consider integrated smoke and carbon monoxide detectors for safety. Don't overlook monitoring services, so the police or fire department can be automatically called during an emergency. Invest in good locks for your home, I recommend Medeco and Schlage Primus locks highly. Both Medeco and Schlage Primus locks are pick-resistant, bump-proof, and have key control (restricted copying systems). Exterior doors should be made of steel or solid-core wood and each should have locking hardware (locking doorknob or handle), an auxiliary lock (mortise deadbolt) with a reinforced strike plate, and a chain. Consider a fireproof (and waterproof) safe for the storage of important documents and valuables. A small safe can be carried away during a robbery, and simply opened at another location later, so be sure and get a safe you can secure to a physical structure (in-wall, in-floor, or secured to something reasonably considered immovable). You may be able to hide or obscure the location of your safe in order to obtain some additional security, but don't make it cumbersome for yourself to access. b. Computer Computers are easy to just pick up and take away, so the only goal you should have is to deter crimes of opportunity. For desktop computers, you may bring your desktop somewhere and an attacker may not be interested in the entire computer, but perhaps just an expensive component (video card) or your data (hard drive), and for that I suggest a well-built case with a locking side and locking front panel. There are a variety of case security screws available (I like the ones from Enermax (UC-SST8) as they use a special tool), or you can use screws with less common bits (such as tamper resistant Torx screws) to secure side panels and computer components. There are also cable lock systems available for desktop computers to secure them to another object. For laptop computers, you are going to be primarily concerned about a grab-and-go type robbery. There are a variety of security cables available from Kensington, which lock into the Kensington lock slot found on nearly all laptops, which you can use to secure it to another object (a desk or table, for example). Remember though, even if it's locked to something with a cable, it doesn't make it theft-proof, so keep an eye on your belongings. c. Personal Always be aware of your surroundings. Use your judgment, if you feel an area or situation is unsafe, avoid it altogether or get away as quickly and safely as possible. Regarding hand to hand combat, consider a self-defense course. Don't screw around with traditional martial arts (Karate, Aikido, Kung-Fu), and stay away from a McDojo. You should consider self-defense techniques like Krav Maga if you are serious about self defense in a real life context. I generally don't advocate carrying a weapon on your person (besides the legal mess that may be involved with use of a weapon, even for self-defense, an attacker could wrestle away a weapon and use it against you). If you choose to carry any type of weapon on your person for self-defense, I advise you to take a training course (if applicable) and to check with and follow the laws within the jurisdiction you decide to possess or carry such weapons. Dealing with the Police Be sure to read Know Your Rights: What to Do If You're Stopped by the Police a guide by the ACLU, and apply it. Its advice is for within the jurisdiction of the US but may apply generally elsewhere, consult with a lawyer for legal advice. You should aso watch the popular video "Don't talk to the police!" by Prof. James Duane of the Regent University Law School for helpful instructions on what to do and say when questioned by the police: regent.edu (Mirror: )Travelling Abroad Be sure and visit the State Department or Travel Office for your home country before embarking on a trip abroad. Read any travel warnings or advisories, and they are a wealth of information for travelers (offering guides, checklists, and travel advice): (US, UK, CA). 2. Network Security As this is a guide geared towards a home or home office network, the central theme of network security is going to be focused around having a hardware firewall behind your broadband modem, along with a software firewall installed on each client. Since broadband is a 24/7 connection to the internet, you are constantly at risk of attack, making both a hardware and software firewall absolutely essential. a. Hardware Firewall A hardware firewall (router) is very important. Consider the hardware firewall as your first line of defense. Unfortunately, routers (usually) aren't designed to block outbound attempts from trojans and viruses, which is why it is important to use a hardware firewall in conjunction with a software firewall. Be sure that the firewall you choose features SPI (Stateful Packet Inspection). Highly Recommended I recommend Wireless N (802.11n) equipment, as it is robust and widely available. Wireless N is backwards compatible with the earlier Wireless G (802.11g) and B (802.11b) standards. 802.11n supports higher speeds and longer distances than the previous standards, making it highly attractive. I recommend any of the following Wireless N compatible routers: Asus: RT-N16, WL500W, RT-N12, RT-N10. Linksys: E3000, E2000, WRT610Nv2, WRT320N. If price is a concern, Wireless G (802.11g) equipment is generally less expensive, as it has been around longer than Wireless N equipment. Range extender antennas and boosters exist if range is an issue, and 125HSM (Afterburner) technology exists to boost single-channel throughput. I recommend any of the following Wireless G compatible routers: Asus: WL-500G Premium, WL500G Deluxe, WL520GU. Linksys: WRT54-GL (or GS v1-v4), WRT54G-TM, WRTSL54GS. Use WPA2/WPA with AES if possible, and a passphrase with a minimum of 12 characters. If you are really paranoid, use a strong random password and remember to change it every so often. Alternatives A spare PC running SmoothWall or IPCop, with a pair of NIC's and a switch can be used to turn a PC into a fully functional firewall. b. Software Firewall A software firewall nicely compliments a hardware firewall such as those listed above. In addition to protecting you from inbound intrusion attempts, it also gives you a level of outbound security by acting as a gateway for applications looking to access the internet. Programs you want can access the internet, while ones you don't are blocked. Do not use multiple software firewalls simultaneously. You can actually make yourself less secure by running two or more software firewall products at once, as they can conflict with one another. Check out Matousec Firewall Challenge for a comparison of leak tests among top firewall vendors. Leaktests are an important way of testing outbound filtering effectiveness. Highly Recommended Comodo Internet Security Comodo is an easy to use, free firewall that provides top-notch security. I highly recommend this as a first choice firewall. While it includes Antivirus protection, I advise to install it as firewall-only and use an alternate Antivirus. Alternatives Agnitum Outpost Firewall Free A free personal firewall that is very secure. Be sure to check out the Outpost Firewall Forums, to search, and ask questions if you have any problems. Online Armor Personal Firewall Free Online Armor Personal Firewall makes another great choice for those who refuse to run Comodo or Outpost. Online Armor 3. Hardening Windows Windows can be made much more secure by updating its components, and changing security and privacy related settings. a Pre-install Hardening Pre-install hardening has its primary focus on integrating the latest available service packs and security patches. Its secondary focus is applying whatever security setting tweaks you can integrate. By integrating patches and tweaks, you will be safer from the first boot. Step 1 - Take an original Windows disc (Windows 2000 or later) and copy it to a folder on your hard drive so you can work with the install files. Step 2 - Slipstream the latest available service pack. Slipstreaming is a term for integrating the latest service pack into your copy of windows. Step 3 -Integrate the latest available post-service pack updates. This can be done with a utility such as nLite or vLite, and post-service pack updates may be available in an unofficial collection (such as the RyanVM Update Pack for XP). Step 4 - Use nLite (Windows 2000/XP) or vLite (Windows Vista/7) to customize your install. Remove unwanted components and services, and use the tweaks section of nLite/vLite to apply some security and cosmetic tweaks. Step 5 - Burn your newly customized CD, and install Windows. Do not connect the computer to a network until you install a software firewall and anti-virus. b. Post-Install Hardening If you have followed the pre-install hardening section, then your aim will be to tweak settings to further lock down windows. If you hadn't installed from a custom CD, you will need to first update to the latest service pack, then install incremental security patches to become current. After updating, you'll then disable unneeded Windows services, perform some security tweaks, and use software such as xpy to tweak privacy options. Disable Services Start by disabling unneeded or unnecessary services. By disabling services you will minimize potential security risks, and use fewer resources (which may make your system slightly faster). Some good guides on disabling unnecessary services are available at Smallvoid: Windows 2000 / Windows XP / Windows Vista. Some commonly disabled services: Alerter, Indexing, Messenger, Remote Registry, TCP/IP NetBIOS Helper, and Telnet. Security Tweaks I highly recommend using a strong Local Security Policy template as an easy way to tweak windows security options, followed by the registry. Use my template (security.inf) to easily tweak your install for enhanced security (Windows 2000/XP/Vista/7): 1. Save the following attachment: (Download Link Soon!) 2. Extract the files. 3. Apply the Security Policy automatically by running the included "install.bat" file. 4. (Optional) Apply your policy manually using the following command: [ secedit /configure /db secedit.sdb /cfg "C:\<Path To Security.inf>\<template>.inf" ] then refresh your policy using the following the command:[ secedit /refreshpolicy machine_policy ] (Windows 2000), [ gpupdate ] (Windows XP/Vista/7) This template will disable automatic ("administrative") windows shares, prevent anonymous log on access to system resources, disable (weak) LM Password Hashes and enable NTLMv2, disable DCOM, harden the Windows TCP/IP Stack, and much more. Unfortunately my template can't do everything, you will still need to disable NetBIOS over TCP (NetBT), enable Data Execution Prevention (AlwaysOn), and perform other manual tweaks that you may use. Privacy Tweaks xpy (Windows 2000/XP) and vispa (Windows Vista/7) These utilities are great for modifying privacy settings. They supersede XP AntiSpy because they include all of XP Anti-Spy's features and more. You should use them in conjunction with the security tweaks I've listed above. c. Alternative Software Another simple way of mitigating possible attack vectors is to use software that is engineered with better or open security processes. These products are generally more secure and offer more features then their Microsoft counterparts. Highly Recommended Mozilla Firefox (Web Browser) Mozilla Thunderbird (Email Client) OpenOffice.org (Office Suite) Alternatives Google Chrome (Web Browser) Opera (Web Browser) The Bat! (Email Client) Google Docs (Online) (Office Suite) Firefox Additions Mozilla has a Privacy & Security add-on section. There are a variety of add-ons that may appeal to you (such as NoScript). And although these aren't strictly privacy related, I highly recommend the AdBlock Plus add-on, with the EasyList and EasyPrivacy filtersets. d. Keep Windows Up-To-Date Speaking of keeping up-to-date, do yourself a favor and upgrade to at least Windows 2000 (for older PC's) and Windows XP Pro (or later) for newer PC's. Windows 9x/Me is completely broken in terms of the possibilities for a secure computing environment, and as such updates for them have been removed from the list. Be sure to keep up-to-date on your service packs, they're a comprehensive collection of security patches and updates, and some may add minor features. Microsoft Windows Service Packs Windows 2000 - Service Pack 4 with Unofficial Security Rollup Package Windows XP - Service Pack 3 with Unofficial Security Rollup Package Windows XP x64 - Service Pack 2 with Unofficial Security Rollup Package Windows Vista - Service Pack 2 Windows 7 - Service Pack 1 Microsoft Office Service Packs Office 2000 - Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office XP (2002) - Service Pack 3 with the Office 2007 Compatibility Pack (SP3). Office 2003 - Service Pack 3 with the Office 2007 Compatibility Pack (SP3) and Office File Validation add-in. Office 2007 - Service Pack 3with the Office File Validation add-in. Office 2010 - Service Pack 1 After the service pack, you still need to keep up-to-date on incremental security patches. Windows supports Automatic Updates to automatically update itself. However, if you don't like Automatic Updates: You can use WindowsUpdate to update windows periodically (Must use IE5 or greater, must have BITS service enabled), or you can use MS Technet Security to search for and download patches individually, or you can use Autopatcher, an unofficial updating utility. In addition to security patches, remember to keep virus definitions up-to-date (modern virus scanners support automatic updates so this should not be a problem), and stay current with latest program versions and updates, including your replacement internet browser and mail clients. 4. Anti-Malware There are many dangers lurking on the internet. Trojans, viruses, spyware. If you are a veteran user of the internet, you've probably developed a sixth-sense when it comes to avoiding malware, but I advocate backing up common sense with reliable anti-malware software. a. Anti-Virus Picking a virus scanner is important, I highly recommend Nod32, but there are good alternatives these days. Check out AV Comparatives for a comparison of scanning effectiveness and speed among top AV vendors. Highly Recommended Nod32 Antivirus $ I recommend Nod32 as a non-free Antivirus. Features excellent detection rates and fast scanning speed. Nod32 has a great heuristic engine that is good at spotting unknown threats. Very resource-friendly and historically known for using less memory than other AV's. There is a 30 day free trial available. Alternatives Avira AntiVir Personal I recommend Avira as a free Antivirus. Avira is a free AV with excellent detection rates and fast scanning speed. Kaspersky Anti-Virus $ Kaspersky AV is a good alternative to Nod32. Features very good detection rates, and fast scanning speed. Online-Scanners Single File Scanning Jotti Online Malware Scan or VirusTotal These scanners can run a single file through a large number of different Antivirus/Antimalware suites in order to improve detection rates. Highly recommended. Whole PC Scanning ESET Online Scanner Nod32 Online Antivirus is pretty good, ActiveX though, so IE only. There is a beta version available that works with Firefox and Opera. b. HIPS / Proactive Defense Host-based intrusion prevention systems (HIPS) work by disallowing malware from modifying critical parts of the Operating System without permission. Classic (behavioral) HIPS software will prompt the user for interaction before allowing certain system modifications, allowing you stop malware in its tracks, whereas Virtualization-based HIPS works primarily by sandboxing executables. Although HIPS is very effective, the additional setup and prompts are not worth the headache for novice users (which may take to just clicking 'allow' to everything and defeating the purpose altogether). I only recommend HIPS for intermediate or advanced users that require a high level of security. Highly Recommended I highly recommend firewall-integrated HIPS solutions. Comodo Defense+ is a classic HIPS built into Comodo Internet Security, and provides a very good level of protection. Outpost and Online Armor provide their own HIPS solutions, and the component control features of the firewalls are powerful enough to keep unwanted applications from bypassing or terminating the firewall. If you want to use a different HIPS, you can disable the firewall HIPS module and use an alternative below. Alternatives Stand-alone HIPS solutions are good for users who either don't like the firewall built-in HIPS (and disable the firewall HIPS), or use a firewall without HIPS features. HIPS based on Behavior (Classic) ThreatFire ThreatFire provides a strong, free behavioral HIPS that works well in conjunction with Antivirus and Firewall suites to provide additional protection. HIPS based on Virtualization DefenseWall HIPS $ DefenseWall is a strong and easy-to-use HIPS solution that uses sandboxing for applications that access the internet. GeSWall Freeware GeSWall makes a nice free addition to the HIPS category, like DefenseWall it also uses sandboxing for applications that access the internet. Dealing with Suspicious Executables You can run suspicious executables in a full featured Virtual Machine (such as VMware) or using a standalone sandbox utility (such as Sandboxie) if you are in doubt of what it may do (though, you may argue that you shouldn't be running executables you don't trust anyway). A more advanced approach to examining a suspicious executable is to run it through Anubis, a tool for analyzing the behavior of Windows executables. It displays a useful report with things the executable does (files read, registry modifications performed, etc.), which will give you insight as to how it works. c. Malware Removal I recommend running all malware removal utilities on-demand (not resident). With a firewall, virus scanner, HIPS, and some common sense, you won't usually get to the point of needing to remove malware... but sometimes things happen, perhaps unavoidably, and you'll need to remove some pretty nasty stuff from a computer. Highly Recommended Anti-Spyware Spybot Search & Destroy Spybot S&D has been around a long time, and is very effective in removing spyware and adware. I personally install and use both Spybot & Ad-Aware, but I believe that Spybot S&D has the current edge in overall detection and usability. Anti-Trojan Malwarebytes' Anti-Malware Malwarebytes has a good trojan detector here, and scans fast. Anti-Rootkit Rootkit Unhooker RKU is a very advanced rootkit detection utility. Alternatives Anti-Spyware Ad-Aware Free Edition Ad-Aware is a fine alternative to Spybot S&D, its scanning engine is slower but it is both effective and popular. Anti-Trojan a-squared (a2) Free a-squared is a highly reputable (and free) trojan scanner. Anti-Rootkit IceSword (Mirror) IceSword is one of the most capable and advanced rootkit detectors available. 5. Information and Data Security Data can be reasonably protected using encryption and a strong password, but you will never have complete and absolute anonymity on the internet as long as you have an IP address. a. Privacy / Anonymity Anonymity is elusive. Some of the following software can help you achieve a more anonymous internet experience, but you also must be vigilant in protecting your own personal information. If you use social networking sites, use privacy settings to restrict public access to your profile, and only 'friend' people you know in real life. Don't use (or make any references to) any of your aliases or anonymous handles on any websites that have any of your personal information (Facebook, Amazon, etc..). You should opt-out from information sharing individually for all banks and financial institutions you do business with using their privacy policy choices. You should opt-out of preapproved credit offers (US), unsolicited commercial mail and email (US, UK, CA), and put your phone numbers on the "Do Not Call" list (US, UK, CA). Highly Recommended Simply install and use Tor with Vidalia to surf the internet anonymously. It's free, only downside is it's not terribly fast, but has fairly good anonymity, so it's a tradeoff. Keep in mind its for anonymity not for security, so make sure sites you put passwords in are SSL encrypted (and have valid SSL certificates), and remember that all end point traffic can be sniffed. You can use the Torbutton extension for Firefox to easily toggle on/off anonymous browsing. POP3/IMAP and P2P software won't work through Tor, so keep that in mind. Portable Anonymous Browsing The Tor Project now has a "Zero-Install Bundle" which includes Portable Firefox and Tor with Vidalia to surf anonymously from a USB memory stick pretty much anywhere with the internet. It also includes Pidgin with OTR for encrypted IM communications. Note: These won't protect you from Trojans/Keyloggers/Viruses on insecure public terminals. Never type important passwords or login to important accounts on a public computer unless it is absolutely necessary! Alternatives I2P functions similar to Tor, allowing you to surf the general internet with anonymity. IPREDator $ is a VPN that can be used to anonymize P2P/BitTorrent downloads. Freenet is notable, but not for surfing the general internet, it's its own network with its own content. b. Encryption For most people, encryption may be unnecessary. But if you have a laptop, or any sort of sensitive data (whether it be trade secrets, corporate documents, legal or medical documents) then you can't beat the kind of protection that encryption will offer. There are a variety of options available today, including a lot of software not listed here. A word to the wise, please, please don't fall for snake oil, use well established applications that use time tested (and unbroken) ciphers. Regardless of what software you use, the following "what to pick" charts will apply universally. If you have to pick an encryption cipher: Best: AES (Rijndael) (128-bit block size) Better: Twofish (128-bit block size), Serpent (128-bit block size) Good: RC6 (128-bit block size) Depreciated: Blowfish (64-bit block size), CAST5 (CAST-128) (64-bit block size), Triple-DES (64-bit block size) When encrypting large volumes of data, it is important to pick a cipher that has a block size of at least 128-bytes. This affords you protection for up to 2^64x16 bytes (264 exabytes) . 64-bit block ciphers only afford protection of up to 2^32x8 bytes (32 gigabytes) so using it as a full disk or whole disk encryption cipher is not recommended. The depreciated list is only because some of you might be stuck using software that only supports older encryption methods, so I've ordered it from what I feel is best to worst (though all three that are on there are pretty time tested and if properly implemented, quite secure). If you have to pick a hash to use: Best: Whirlpool (512-bit) Better: SHA-512 (512-bit), SHA-256 (256-bit) Good: Tiger2/Tiger (192-bit), RIPEMD-160 (160-bit) Depreciated: RIPEMD-128, SHA-1, MD-5. With all the recent advances in cryptanalysis (specifically with work on hash collisions) These days I wouldn't trust any hash that is less than 160-bits on principle. To be on the safe side, use a 192-bit, 256-bit, or 512-bit hash where available. There will be cases where your only options are insecure hashes, in which case I've ordered the "depreciated" list from best to worst (they are all varying levels of insecure). Many older hashes (MD4, MD2, RIPEMD(original), and others) are totally broken, and are not to be used. A quick software rundown, these applications are popular and trusted: Highly Recommended Freeware Whole Disk Encryption TrueCrypt Based upon E4M, TrueCrypt is a full featured disk encryption suite, and can even be run off a USB memory stick. TrueCrypt supports the whole disk encryption of Windows, with pre-boot authentication. Very nice. If you can't use whole-disk encryption (WDE), you can use the TCTEMP add-on to encrypt your swapfile, temp files and print spooler, and you can use the TCGINA add-on to encrypt your windows home directory. (Note: TCTEMP/TCGINA is less secure than WDE, and only preferable if WDE is not an option. WDE is highly recommended.). Freeware PKI Encryption GnuPG (GPG) GnuPG provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, and encryption and decryption of documents and email messages. Freeware Email Encryption Enigmail Enigmail is truly a work of art, it integrates with GnuPG and provides seamless support for encryption and decryption of email messages, and can automatically check PGP signed documents for validity. (Enigmail requires both Mozilla Thunderbird and GnuPG) Alternatives Encryption Suite (with Whole Disk and Email Encryption) PGP Full Disk Encryption $ PGP provides public-key encryption, including key generation and maintenance, signing and checking documents and email messages, encryption and decryption of documents and email messages, volume disk encryption, whole disk encryption, outlook integration, and instant messenger encryption support. c. Backup, Erasure and Recovery // This section is under construction. Backups Your data might be safe from prying eyes, but what if you are affected by hardware failure, theft, flood or fire? Regular backups of your important data can help you recover from a disaster. You should consider encryption of your backups for enhanced security. Local Backup Cobian Backup Cobian Backup is a fully-featured freeware backup utility. SyncBack Freeware, Macrium Reflect Free SyncBack Freeware and Macrium Reflect Free are feature-limited freeware backup utilities. Off-site Backup SkyDrive (25GB, filesize limited to 100MB), box.net (5GB) SkyDrive and box.net offer free online storage, useful for easy offsite backups. Be sure to utilize encrypted containers for any sensitive documents. Data Destruction It would be better to have your data residing in an encrypted partition, but sometimes that may not be possible. When sanitizing a hard drive, I recommend using a quality Block Erase tool like DBAN followed by a run-through with ATA Secure Erase if you really want a drive squeaky clean. Block erasing is good for data you can normally reach, but ATA secure erase can hit areas of the drive block erasers can't. As for multiple overwrite passes, there is no proof that data overwritten even one time can be recovered by professional data recovery corporations. For moderate security, a single pseudorandom block-erase pass (random-write) followed by an ATA Secure Erase pass (zero-write) is sufficient to thwart any attempts at data recovery. For a high level of security, a "DoD Short (3 pass)" block-erase pass followed by an ATA Enhanced Secure Erase will ensure no recovery is possible. Single-File/Free Space Erase - If you are interested in just erasing single files or wiping free space, you can use the Eraser utility. Block Erase - For hard drive block-erasure, use DBAN. ATA Secure Erase - For ATA Secure Erasing, use the CMRR Secure Erase Utility. CMRR Secure Erase Protocols (.pdf) - http://cmrr.ucsd.edu...seProtocols.pdf NIST Guidelines for Media Sanitation (.pdf) - http://csrc.nist.gov...800-88_rev1.pdf File Recovery Software This is kind of the opposite of data destruction. Keep in mind no software utility can recover properly overwritten data, so if it's overwritten there is no recovery. Highly Recommended Recuva Recuva is an easy to use GUI-based recovery utility. Alternatives TestDisk and PhotoRec These tools are powerful command-line recovery utilities. TestDisk can recover partitions, and PhotoRec is for general file recovery. Ontrack EasyRecovery Professional $ EasyRecovery is one of the best paid utilites for file recovery. d. Access Control (Passwords, Security Tokens) // This section is under construction. Secure Passwords //Section under construction. Your security is only as strong as its weakest password. There are a few basic rules to follow when creating a strong password. Length - Passwords should be at least 12 characters long. When possible, use a password of 12 or more characters, or a "passphrase". If you are limited to using less than 12 characters, you should try and make your password as long as allowable. Complexity - Passwords should have an element of complexity, a combination of upper and lowercase characters, numbers, and symbols will make your passwords much harder to guess, and harder to bruteforce. Uniqueness - Passwords should avoid containing common dictionary words, names, birthdays, or any identification related to you (social security, drivers license, or phone numbers for example). Secret - If you have a password of the utmost importance, do not write it down. Do not type them in plain view of another person or share them with anyone. Avoid use of the same password in multiple places. Security Tokens Security Tokens are cryptographic devices that allow for two-factor authentication. Aladdin eToken Safenet iKey IronKey Basic 6. Conclusion And here we are at the end! I would like to thank all of you for taking the time to read my guide, it's a few (slow) years in the making and I've kept it up to date. This guide is always changing, so check back from time to time. Revision 1.10.018-upd3 Copyright © 2004-2012 Malakai1911, All Rights Reserved The information contained within this guide is intended solely for the general information of the reader and is provided "as is" with absolutely no warranty expressed or implied. Any use of this material is at your own risk, its authors are not liable for any direct, special, indirect, consequential, or incidental damages or any damages of any kind. This guide is subject to change without notice. Windows_Security_Template__1.10.015_.zip
  2. Good news for existing users of the firewall enhancing software Windows Firewall Control; the most recent update of the application released today unlocked the donation-only functionality for all users of the application. Windows Firewall Control is a security software for Windows that gives users more control over the built-in firewall of the operating system. We reviewed Windows Firewall Control 5.0 and Windows Firewall Control 5.1 recently. Among the many features that the program supports are better options to manage firewall rules, better protection against rule tampering, or a learning mode that keeps user interaction to a minimum. Windows Firewall Control was available as a free version that was feature limited. The core functionality that was missing from the free version was notifications support. Notifications are an essential feature of the application for many users. The application displays a prompt each time a software program or process attempts to make an outbound connection. It is up to the user to allow or block the connection temporarily or permanently, or use built-in options to find out more about the process, port and other information before making a decision. Malwarebytes, makers of the popular anti-malware software of the same name, acquired Windows Firewall Control in June of 2018. It was not the first acquisition of the company in the past three years; it acquired the popular adware remover AdwCleaner in 2016 and Junkware Removal Tool, another program to clean up potentially unwanted applications in 2015. Malwarebytes revealed in the official press release back in June that it had plans to integrate the solution in its core products. The company reassured users of the product that the program would be kept as a standalone program but that it would fly under the Malwarebytes branding in the future. It appears that one outcome of the acquisition is that Malwarebytes dropped the donation-only requirement to use Windows Firewall Control to the fullest. The official release notes of version 5.4.0.0 confirm that: Nothing will change for users who donated in the past. Users who did not donate get access to the same functionality as supporters, however. You may need to select Notifications > Display notifications to enable the feature. It should not be locked anymore so that the functionality can be enabled right after installation of the new version. Windows Firewall Control comes with signed installer and files in the new release, another welcome change that should improve the program's standing with other security tools and Windows' own anti-malware protections. Ghacks.net
  3. Jime234

    Changing my AV

    Hi, I have been using ESET SS since half a decade now, Now I'm thinking about changing my security setup for a change. I was thinking about MSE with WFC and MBAM, will it be good enough ? In the past I have tried out Nortan, Kaspersky, Avast, Avira but they had huge update size or/and I just found them to be annoying... And then I found ESET I just want an AV with small sized update definitions, just like ESET has. If you guys have tried and experienced or know about such an av, then kindly suggest ! Thanks in Advance !!
  4. vissha

    simplewall 2.3.1 Stable

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.3.1 (25 Juny 2018) fixed loopback rules (added more reserved ip addresses) fixed sometimes system cannot be going to sleep fixed applying rules for services (appcrash) fixed update sometimes cannot be installed fixed services enumeration fixed system rules Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.3.1 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.3.1/simplewall-2.3.1-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.3.1/simplewall-2.3.1-bin.zip
  5. vissha

    simplewall 2.3.0 Stable

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.3.0 (19 Juny 2018) Maintenance release. added allowed connections monitoring in dropped packets log (win8+) added inbound multicast and broadcast connections logging (win8+) added outbound redirection filter layer (win7+) added separation for remote/local address/port in rules editor added hotkeys for import/export profile added win10 rs5 support prevent memory overflow for singly linked lists (win7+) (issue #193) do not load icons for processes if icons displaying are disabled improved multiple rules applying speed in settings window increased time limit for displaying same notification (win7+) search loading dlls in system directories only (safety) check for correct xml data type before loading store last notification timestamp for apps removed proxy support (win8+) fixed dropped events callback crash (win7+) fixed applying services filters fixed alphanumeric sorting improved port scanning defense improved loopback connections improved boot-time filters stability improvements cleanup xml atributes updated system rules cosmetics fixes fixed ui bugs fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.3.0 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.3/simplewall-2.3-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.3/simplewall-2.3-bin.zip
  6. Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.2.12 (6 Juny 2018) fixed win10rs4 netevents subscription (win10rs4+) fixed double race condition lock (critical) v2.2.10 (6 Juny 2018) added feature to disable special rules group (issue #181) revert special rules highlighting fixed listview focusing (maybe?) (issue #164) fixed switching modes fixed reported bugs code cleanup fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - v2.2.12 stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.12/simplewall-2.2.12-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.12/simplewall-2.2.12-bin.zip Downloads - v2.2.10: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.10/simplewall-2.2.10-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.10/simplewall-2.2.10-bin.zip
  7. https://www.binisoft.orgSharecode: /download/wfc5setup.exe What's new in version 5.3.1.0 (24.04.2018) - New: Added a confirmation dialog before enabling Secure Rules and Secure Profile, informing the users that they should consult the user manual to understand the effects and the side effects of enabling these features. - Fixed: The status of Secure Rules and Secure Profile are incorrectly reported in the Security tab in Windows 10 version 1803.
  8. Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.2.1 Beta (14 March 2018) instant apps list sorting notifications: added information about blocked protocol notifications: replaced "disable notifications for this app" icon notifications: changed default timeout between same notifications notifications: tray popup sometimes won't shown on some systems notifications: ignore button combined with block button notifications: changed texts for remote/local addresses timer does not removed when user manually uncheck apps removed font boldening for itself (issue #135) changed minimal width of main window fixed timers formatting fixed ui bugs fixed bugs v2.2 Beta (4 March 2018) new notification ui now simplewall added to the apps list automatically (issue #106) added windows services support [beta] (issue #88) added profile timestamping new localization engine (single .lng file) more sensitive notifications (issue #107) lock-free dropped events callback (win7+) added group total items count indication added block action for notifications (issue #123) automatic profile backup (issue #110) added network address resolution make internal apps undeletable menu bitmap transparent icons app paths case correction added timers (issue #96) set process high priority ipsec dropped packets logging (win8+) removed wow64 redirection (use simplewall 64-bit binaries for win64) revert "purge unused apps" feature optimized apps types recognition improved tray context menu (issue #103) improved memory allocation changed verify signatures algorithm (issue #94) changed "purge invalid apps" hotkey changed default font cosmetics for filter names cosmetic fixes (issue #108) stability improvements updated default colors updated localization fixed dropped events callback failure (win10 rs3 and above) fixed steal focus at startup and when notification displaying fixed working under blacklist mode fixed multi-monitor support fixed ui bugs fixed bugs v2.1.4 (27 November 2017) do not verify signatures for store apps (win8+) optimized digital signatures verification (issue #94) fixed appcontainers listing (removed firewallapi.dll dependence) (win8+) (issue #104) fixed notifications race conditions (it may fix issue #73) fixed status does not changed when app deleted fixed "system" process marked as pico updated blocklist code cleanup fixed bugs v2.1.3 (22 November 2017) disabled loopback and digital signatures config by default fixed displaying name of store apps (win8+) (issue #98) fixed network paths rules (issue #102) v2.1.2 RC (21 November 2017) added option to disable apps signature checking set selected apps when you are open rules editor from main window reworked special rules (minimized memory usage and speed improvements, also removed limit in apps selection for special rules) removed ocsp signature verification (issue #94) improved apps version receiving renamed "filters" into "rules" fixed various rules editor crashes (issue #89) fixed notifications race conditions (it may fix issue #73) fixed blocklist incorrect check state fixed restoring after hibernation updated localization fixed ui bugs fixed bugs v2.1.1 Beta (17 November 2017) reworked filter settings page added option to disable hosts support for rules added option to load blocklist extra rules cosmetic fixes for ipv6 address format fixed dns resolutions where it does not required (issue #94) fixed various rules editor crashes (issue #89) fixed windows store icon destroying removed filters configuration from menu (use settings dialog instead) removed internal rules files from distro updated internal rules updated localization fixed ui bugs fixed bugs v2.1 Beta (12 November 2017) added windows store apps support (win8+) revert allowing loopback connection feature converted log limit unit to kilobytes dropped packets log cosmetic fixes improved confirmation dialogs updated localization fixed settings will not be applied for main menu fixed displaying icons for some processes fixed rules editor crash (issue #89) fixed color items reorganization fixed ui bugs fixed bugs v2.0.20 (6 November 2017) now custom rules will overwrite system rules added warning message for listen connections option apply filters on demand in settings dialog added port support for ip ranges removed rules configuration from menu (use settings dialog instead) fixed rule apps does not saved when checkbox are checked fixed rule generation from notification window fixed listen connections does not blocked fixed highlighting special rules for apps fixed running under non-admin account fixed skip-uac working directory fixed listview sorting fixed ui bugs fixed bugs Homepage: https://www.henrypp.org/product/simplewall Downloads - stable: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.1.4/simplewall-2.1.4-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.1.4/simplewall-2.1.4-bin.zip Downloads - 2.2 beta: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2/simplewall-2.2-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2/simplewall-2.2-bin.zip Downloads - 2.2.1 beta: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.2.1/simplewall-2.2.1-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.2.1/simplewall-2.2.1-bin.zip
  9. Dr.Web Security Space PRO v12.1.1 + Keys Requirements: 4.0+ Overview: Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. Complex protection from all kinds of threats for mobile devices, Anti-virus for TV sets, media players, and game consoles based on Android TV. The product is free for 14 days; after that you need to purchase a commercial license valid for a year or more. Use Dr.Web Security Space for Android for free with the purchase of Dr.Web Security Space or Dr.Web Anti-virus for PC/Mac. Features and Advantages • Quick and full file system scanning; scanning of individual files and folders upon a request. Real-time scanning of a file system. Unlocking of data from ransomware Trojans and data safety with no need to pay a ransom to cybercriminals. Even when a phone is fully blocked, even by blockers unknown to the Dr.Web virus databases. • Detection of new, unknown malicious programs using the unique Origins Tracing™ technology. • Moving of detected threats to the quarantine; restoration of files. Password protection of the Anti-virus settings and access to applications Minimal load on the operating system. • Discreet use of battery resources. • Traffic saving due to a small size of the virus database updates. • Detailed statistics. A convenient and informative widget on a device home screen. Call and SMS Filter Protection from unwanted calls and SMS messages. • Selection of filtration modes. - Personal filtering profiles. • Black list. • Review of blocked calls and messages. Caution: The Call and SMS Filter does not operate on devices without a SIM card. Anti-theft It will help in locating a device in case of its loss or theft; its data can be remotely deleted if necessary. • Blocking of a device after a restart • Blocking of a device with a request to enter a password for unlocking • Unlocking using SMS/via the website https://asc.drweb.com • GPS coordinates of a device • Possibility to remotely delete data from a device memory and its SD card. • Audio alarm • Possibility to display a text on a screen of a blocked device • Possibility to create a list of contacts that will receive a notification on a change of a SIM card on the lost device with the number of the new SIM card, which can be used when appealing to police. These numbers can be used to unlock a phone, if you forget a password. Caution: Anti-theft does not operate on devices without a SIM card. URL filter Restricts access to unwanted Internet resources. Blocking of websites that distribute viruses. Blocking according to subject categories (drugs, violence, etc.). White and black lists of websites Access only to websites from the White list Parental Control Protects application from an unauthorized access and the Anti-virus settings—from unwanted changes by outsiders and children. Blocking of access to applications. Blocking of Dr.Web settings modification. Password protection Security Auditor • Runs diagnostics, exposes security issues and proposes their solutions. Firewall Controls network activity of applications. • Filtering of external network traffic of applications, that are installed on a device, and system applications—according to a user choice (Wi-Fi, network) and configurable rules (according to IP addresses and/or ports, entire networks, address ranges); • Monitoring of current and already transferred traffic—with information on addresses/ports connected by applications and on incoming and outgoing traffic; • Detailed logs. Features of Dr.Web removal when Anti-theft is installed If Dr.Web Anti-theft is enabled on your device, disable it before the application removal. This app uses the Device Administrator permission. This app uses Accessibility services. What's New * Fixed an issue of an emergency application shutdown that occurred on some devices. * Introduced minor interface changes. 1) Install Dr.Web 2) Unzip key 3) Open Dr.Web 4) Select "Use existing license" 5) Select "Copy from file" then OK 6) Browser for the key and select it 7) It shows "The key file is received" This app has no advertisements More Info: https://play.google.com/store/apps/details?id=com.drweb.pro&hl=en Download Instructions https://uploadocean.com http://turbobit.net
  10. vissha

    simplewall 2.0.19

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.0.19 (1 November 2017) new rules editor ui added highlighting rules with errors automatically sorting rules after changing added feature to set custom dns ipv4 server ("DnsServerV4" in .ini) added option to exclude blocklist rules from notifications show process information in statusbar on menu item hover optimized signature information retrieving from binaries updated localization fixed saving profile in some cases fixed parsing rules types (issue #70) fixed dns queries fixed ui bugs fixed bugs Downloads: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.0.19/simplewall-2.0.19-bin.zip 566 Bytes simplewall-2.0.19-setup.sig 372 Bytes simplewall-2.0.19.sha256 Source code (zip) Source code (tar.gz)
  11. NetGuard - no-root firewall v2.143 [Pro] Requirements: 5.0+ Overview: NetGuard provides simple and advanced ways to block access to the internet - no root required. Applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection. Blocking access to the internet can help: • reduce your data usage • save your battery • increase your privacy Features: • Simple to use • No root required • 100% open source • No calling home • No tracking or analytics • Actively developed and supported • Android 4.0 and later supported • IPv4/IPv6 TCP/UDP supported • Tethering supported • Multiple device users supported • Optionally allow when screen on • Optionally block when roaming • Optionally block system applications • Optionally notify when an application accesses the internet • Optionally record network usage per application per address • Material design theme with light and dark theme PRO features: • Log all outgoing traffic; search and filter access attempts; export PCAP files to analyze traffic • Allow/block individual addresses per application • New application notifications; configure NetGuard directly from the notification • Display network speed graph in a status bar notification • Select from five additional themes in both light and dark version There is no other no-root firewall offering all these features. WHAT'S NEW Updated for Android 8.1 Updated build tools and libraries Discontinued support for Android KitKat Small improvements and minor bug fixes This app has no advertisements https://play.google.com/store/apps/details?id=eu.faircode.netguard Download Instructions: PRO features Unlocked
  12. vissha

    simplewall 2.0.18

    Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. This tool is presented within a simple interface enabling fast configuration and includes internal blocking lists (malware, telemetry). simplewall (WFP Tool) can be considered as an alternative to the default filters provided by Windows Firewall. It will enable you to effectively regulate which of your processes or apps require internet access restriction or not. simplewall (WFP Tool) is designed to make your life easy by automatically blocking malware and telemetry-related data but can also be used with custom rules for blocking particular ports or IP addresses if desired. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support Changelog: v2.0.18 added setting to disable proxy support (win8 and above only) prevent notifications duplicate fixed windows firewall disabling on win10 fixed notifications sound configuration does not saved fixed notifications sound does not played on some systems cosmetic fixes about notifications cross button updated localization updated blocklist fixed dpi support fixed ui bugs Downloads: Installer: https://github.com/henrypp/simplewall/releases/download/v.2.0.18/simplewall-2.0.18-setup.exe Portable: https://github.com/henrypp/simplewall/releases/download/v.2.0.18/simplewall-2.0.18-bin.zip 566 Bytes simplewall-2.0.18-setup.sig 372 Bytes simplewall-2.0.18.sha256 Source code (zip) Source code (tar.gz)
  13. Windows Firewall Control 5.0.0.0 Changelog: https://www.binisoft.org/changelog.txt Download: https://www.binisoft.org/download/wfc4setup.exe Changes: What's new in version 5.0.0.0 (04.10.2017) - New: Connections Log contains now an "Auto refresh on open" check box which will automatically trigger Refresh when the window is opened. - New: Connections Log contains now an "Auto receive updates" check box which will automatically add the newest entries on top of the list. More info can be found in the user manual. - New: Main Panel displays now the currently connected location of Windows Firewall. - New: Added "Open the website" functionality in the About tab. - Fixed: Duplicate notifications may be displayed if the location of Windows Firewall changes after WFC service start-up and there are rules defined for specific locations. - Fixed: Merge rules functionality from Rules Panel does create the merged rule, but does not remove anymore the old rules. - Fixed: Import policy displays a successful operation result, even if the import has failed due to a file access denied error. - Fixed: Refresh does not work anymore in Connections Log after using the search. The window must be closed and reopened to be able to refresh again the data grid. - Fixed: Some group names from Windows 10 are not recognized. - Fixed: 'mDNS' keyword is not valid in Properties dialog as local port when opening such an inbound rule for UDP protocol. - Updated: The user manual was updated with new screenshots and updated topics.
  14. Scientists have developed an innovative firewall programme that can protect smartphones from malicious codes and security threats. Earlier this year, researchers from the Ben-Gurion University of the Negev (BGU) in Israel discovered a security vulnerability in the internal communications between Android cellphone components and a phone's central processing unit (CPU). They alerted Android developer Google and helped the company address the problem. "Our technology doesn't require device manufacturers to understand or modify any new code," said Yossi Oren from BGU. "It's a firewall that can be implemented as a tiny chip, or as an independent software module running on the CPU," said Oren. Some 400 million people change their phone's components, such as touchscreens, chargers, and battery or sensor assemblies, which are all susceptible to significant security breaches and attacks. These components, referred to as "field replaceable units (FRUs)," communicate with the phone CPU over simple interfaces with no authentication mechanisms or error detection capabilities. A malicious vendor could add a compromised FRU to a phone, leaving it vulnerable to password and financial theft, fraud, malicious photo or video distribution, and unauthorised app downloads. "This problem is especially acute in the Android market with many manufacturers that operate independently," researchers said. "An attack of this type occurs outside the phone's storage area; it can survive phone factory resets, remote wipes and firmware updates. Existing security solutions cannot prevent this specific security issue," they said. "There is no way for the phone itself to discover that it's under this type of an attack. Our solution prevents a malicious or misconfigured FRU from compromising the code running on the CPU by checking all the incoming and outgoing communication," said Omer Schwartz from BGU. The research team uses machine learning algorithms to monitor the phones' internal communications for anomalies that may indicate malicious code. The software allowed them to identify and prevent hardware-generated data leaks and hacks. The researchers are seeking to further test the patent-pending technology with phone manufacturers. Article source
  15. vissha

    GlassWire Elite v.1.2.102

    Firewall for monitoring the network activity, viewing bandwidth usage statistics and preventing apps from connecting to the Internet Although you may not always be notified about it, processes and applications sometimes connect to the Internet to send or receive data. Because of this, your computer can get hijacked or infected by malware, especially if you are not aware of the vulnerability and you do not take any measures to protect the system against unauthorized access. Monitor applications and network activity GlassWire is a software utility that provides you with around-the-clock security when it comes to your Internet connection, by monitoring the incoming and outgoing network traffic. Hence, it is able to detect and display information about every service or process that is currently making use of your bandwidth, as well as the IP addresses of each third party connection. Version 1.2.102 - (May 25, 2017) Hash # FD976333A81AA58DF592CEBD118A00C5599A13B915C6EFFC857BB3B64E939789 Fixed a problem that caused some executables to have no description in unusual situations. IP sorting is now correct with the "Network" tab. Other bug fixes and resource usage enhancements. Homepage: https://www.glasswire.com Download: https://download.glasswire.com/GlassWireSetup.exe Medicine only by Popeyes~XU / URET - shared by Recruit: Site: https://www.upload.ee Sharecode[?]: /files/7077000/crack.rar.html or Site: https://www.mirrorcreator.com Sharecode[?]: /files/FAHSCFH2/crack_0.rar_links Installer + Fix: Site: https://cloud.mail.ru Sharecode: /public/3KZs/FhGripCoo
  16. The following is not contained in an article but is common knowledge among security professionals that ALL malware that uses SMB (starting with the Blaster worm in 2000) can be blocked using a firewall. Initially Blaster was stopped by blocking TCP ports 139 and 445. We have been blocking those ports permanently since that time. Additionally, for WannaCry, you should block TCP port 137 and UDP ports 137 and 138.
  17. igorca

    GlassWire Elite v.1.2.100

    Firewall for monitoring the network activity, viewing bandwidth usage statistics and preventing apps from connecting to the Internet Although you may not always be notified about it, processes and applications sometimes connect to the Internet to send or receive data. Because of this, your computer can get hijacked or infected by malware, especially if you are not aware of the vulnerability and you do not take any measures to protect the system against unauthorized access. Monitor applications and network activity GlassWire is a software utility that provides you with around-the-clock security when it comes to your Internet connection, by monitoring the incoming and outgoing network traffic. Hence, it is able to detect and display information about every service or process that is currently making use of your bandwidth, as well as the IP addresses of each third party connection. Homepage:https://www.glasswire.com Download setup+crack from URET TEAM: Site: https://cloud.mail.ru Sharecode[?]: /public/9UCJ/MEMRYxStj All credits goes to my friend Popeyes ~ XU
  18. SimpleWall 1.4.6 (x86/x64) + Portable Description Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer. Features Simple interface without annoying pop ups Dropped packets logging (Windows 7 and above) Internal blocking lists (malware, telemetry) Free and open source Localization support IPv4/IPv6 support You can download either the installer or portable version. For correct working, need administrator rights. Settings To activate portable mode, create "simplewall.ini" in application folder, or move it from "%APPDATA%\Henry++\simplewall". ===================================== Changelog: v1.4.6 - (2017-04-04): added write error logs into a file feature fixed process list does not recognize pico applications on win10 updated translations fixed bugs ===================================== Version: 1.4.6 Author: Henry++ Last release: 4 April 2017 Changelog: https://raw.githubusercontent.com/henrypp/simplewall/master/CHANGELOG.md Released: 26 July 2016 License: GPL v3 Language: C/C++ Supported OS: Vista, 7, 8, 8.1, 10 Platform architecture: 32-bit/64-bit ====================================== Homepage: http://www.henrypp.org/product/simplewall Downloads: Latest Version from GitHub(1) / Latest Version from GitHub(2) Localization from GitHub Downloads 422 KB simplewall-1.4.6-bin.zip Source code (zip) Source code (tar.gz)
  19. This Device Works as a Firewall for Your USB Ports USG v1.0 (via Robert Fisk) The USG is an USB attachment that allows users to connect USB flash drives and other USB devices to their computer without any of the risks. Attacks like BadUSB have shown how a rogue device can mimic a benign USB interface, but secretly send malicious low-level commands and take over a computer via its USB port. USG works like a firewall for USB connections USG, created by New Zealander Robert Fisk, works as an intermediary between the computer and the USB device (flash drive, USB keyboard, USB mouse) and behaves similar to a firewall, inspecting the data that passes through it. USG, which runs on custom firmware, only lets data pass, ignoring any kind of low-level interactions between the USB device and computer. Furthermore, USG protection goes both ways, meaning you can use USG to protect USB flash drives when connecting to unknown computers. USG designed to thwart BadUSB attacks BadUSB attacks work because computers inherently trust anything connected via an USB port. If it's a mouse or a device such as PoisonTap, which can alter DNS settings and dump passwords, the computer behaves the same. It doesn't care. Fisk says he developed USG after realizing he also couldn't trust the vendors of USB-based components. "Do you know who developed your flash drive's firmware" Fisk asks, "It's probably not the company name printed on the packaging." "Has the firmware been audited for backdoors and malicious functionality? Can you confirm that the firmware running on your drive hasn't been maliciously modified during or after manufacture?" These questions drove him to create USG using off-the-shelf development boards. He then wrote custom firmware to power these boards and make USG work as USB devices should, only focusing on the data transfer, and nothing else. Fisk open-sourced USG's firmware on GitHub. USG drawbacks Of course, this has its drawbacks. A lot of the noise traffic on USB devices is the firmware negotiating connections and improving data transfer speeds. These things are not included in USG, as they are the attack vectors for BadUSB. As such, the recently released USG v1.0 only supports a data transfer speed of up to 1 MB/s, much inferior to commercial USB devices that work in the range of tens of MB/s. In addition, USG only supports USB mass storage (flash drives), keyboards, and mice, but Fisk promises to add support for other types of USB devices in the future. People can buy or make their own USG Fisk says that anyone can make their own USG devices using off-the-shelf development boards, but if they don't have the skills, he's also selling USG devices for around $60 + shipping. "My reputation hinges on the integrity of this project," Fisk explains. "This includes the integrity of the hardware I am offering for sale. This is why I will never outsource the manufacture of USG hardware to another country." "The USG is assembled in New Zealand under my direct supervision, and the firmware is programmed from a secure device by yours truly," the developer adds. "USG devices delivered by post have tamper-evident seals placed around the case, so any attempt to reprogram the firmware is visible." Fisk recommends USG for companies and people who want to protect crucial workstations, or for people who travel a lot and have an USB flash drive they often connect to many untrusted computers. The only downside to USG (by design) is that it doesn't distinguish between good data and bad data. Malware stored on an USB flash drive can pass through USG without any warnings since the malware is just a random blob of data to USG. For malware attacks, you'll have to rely on an antivirus. Source
  20. The vendors were told about the problem and have yet to patch things up, leaving the door open to attackers It seems that security researchers have found some bugs in Java and Python which allow attackers to go around any firewall defenses. Over the past few days, two different researchers - Alexander Klink and Timothy Morgan of Blindspot Security - expressed their concern over a new vulnerability they say occurred because Java does not verify the syntax of user names in its FTP protocol. Despite the fact that connecting to FTP servers can be done with authentication, Java's XML eXternal Entity (XEE) doesn't check for the present of carriage returns or line feeds in usernames, which poses a security threat. Attackers can terminate "user" or "pass" commands, inject new commands into the FTP session and connect remotely to servers in order to send unauthorized email. "FTP protocol injection allows one to fool a victim's firewall into allowing TCP connections from the Internet to the vulnerable host's system on any "high" port (1024-65535). A nearly identical vulnerability exists in Python's urllib2 and urllib libraries. In the case of Java, this attack can be carried out against desktop users even if those desktop users do not have the Java browser plugin enabled," Morgan writes. The vulnerability can be exploited in several ways, including to parse malicious JNLP files, conduct man-in-the-middle attacks or engage in server-side request forgery campaigns. Delayed response The vendors have yet to patch the bug, despite the security teams of both companies being notified. Python was informed of the issues in January 2016, while Oracle was told about it in November 2016, indicating just how long the researchers waited before exposing the problem to the world. Hopefully, now that it's all public, the two vendors will actually patch things up in order to avoid a wave of attacks using these particular bugs. The recommendation, until then, is for both enterprise players and the general public to disable classic mode FTP by default. Source
  21. SAN FRANCISCO—Google may have sent the tired castle analogy of network security’s soft center protected by a tough exterior out to pasture for good. On Tuesday at RSA Conference, Google shared the seven-year journey of its internal BeyondCorp rollout where it affirms trust based on what it knows about its users and devices connecting to its networks. And all of this is done at the expense—or lack thereof—of firewalls and traditional network security gear. Director of security Heather Adkins said the company’s security engineers had their Eureka moment seven years ago, envisioning a world without walls and daring to challenge the assumption that existing walls were working as advertised. “We acknowledged that we had to identify [users] because of their device, and had to move all authentication to the device,” Adkins said. Google, probably quicker than most enterprises, understood how mobility was going to change productivity and employee satisfaction. It also knew that connecting to corporate resources living behind the firewall via a VPN wasn’t a longterm solution, especially for those connecting on low-speed mobile networks where reliability quickly became an issue. The solution was to flip the problem on its head and treat every network as untrusted, and grant access to services based on what was known about users and their device. All access to services, Adkins said, must then be authenticated, authorized and on encrypted connections. “This was the mission six years ago, to work successfully from untrusted networks without the use of a VPN,” Adkins said. Implementing BeyondCorp required a new architecture, said Rory Ward, a site reliability engineering manager at Google, with a sharp focus on collecting quality data for analysis. The first step was to inventory users and their roles as their careers at Google progress, essentially re-inventing job hierarchies, and assessing how and why they need to access internal services. The same intimacy was needed with respect to device information, requiring construction of a similar inventory system that tracks all devices connecting to services through its lifecycle. For the time being, Ward said, this applies to managed devices only, though in the future he hopes to extend this capability to user-owned private devices. With that in place, Ward said Google engineers went to work building a dynamic trust repository that ingested data from more than two dozen data sources feeding it information about what devices were doing on the network. Policy files would describe how to define trust for a device and that would be done dynamically. “The trust definition of a device can go up or down dynamically depending on what was done and what the policy says,” Ward said. “We have complete knowledge of users, devices and an indication of trust of every device accessing Google systems.” Next, an access control engine was developed to enforce policy; it has the capability to ingest service requests along with user and device information and apply and enforce policy rules for accessing resources. For example, Ward said, to access source code systems, one would have to be a full-time Google employee in engineering and using a fully trusted desktop. This part of the rollout, Ward said, took two to three years to implement and brought Google closer to its goal of enabling access from anywhere. The final part of the rollout, Adkins and Ward said, was the implementation phase. While the project had executive support, there was a caveat: Don’t break anything or anybody. This was a tall order given Google’s tens of thousands of internal users and devices and 15 years of assertions about a privileged network. Ward said the expensive first step was to deploy an unprivileged and untrusted network in every one of Google’s approximately 200 buildings. Engineers grabbed samples of traffic from its trusted network and replayed it on the new untrusted network in order to analyze how workloads would behave. An agent was installed on every device in its inventory and every packet from those devices was also replayed on the new network to see what would fail as unqualified. This was a two-year process as well, and as it turned out, the project successfully chugged ahead to its full implementation. “We managed to move the vast majority of devices, tens of thousands of devices and users, onto the new network and did not manage to break anybody,” Ward said. Adkins said that earning executive support required making convincing arguments about this initiative making IT simpler, less expensive, more secure and employees happier and more productive. “Clear business objectives are compelling to executives,” Adkins said. “We went from location-based authentication and knowledge-based authentication that relies on quality data. Accurate data was the key to be able to make this thing work.” Article source
  22. Firewall App Blocker 1.5: Easier Windows Application Blocking Firewall App Blocker 1.5 is the latest version of the popular third-party program for Windows to block applications from accessing the Internet. While you can block any process from connecting to the Internet using the built-in firewall on Windows machines, the process is not overly comfortable as it involves several steps to complete. That's one of the main reasons why programs such as Windows Firewall Control and Firewall App Blocker are popular. Firewall App Blocker 1.5 Firewall App Blocker was designed to improve the process of allowing or blocking applications in Windows Firewall. The portable program extends Windows Firewall in this regard. To use it, download the latest version of the firewall program from the developer website (linked in the summary box below this article), and extract the archive that it is provided in. The program is provided as a 32-bit and 64-bit application in the program folder after extraction. The 64-bit version of the application is a new feature of this release. If you have used the last version of the program, released in 2014, you may notice differences immediately. The outbound and inbound rules are now separated, so that it is easier to keep an overview. All existing rules are listed in the interface. Each entry is listed with its name (usually program name and filename), the location on the disk, whether the rule is enabled, and the action (allow, block). You can sort the data with a click on a column header, for instance to display all active rules, or all rules that block connections. Add process is another new feature of Firewall App Blocker 1.5. You had to select programs on the disk in previous versions to add rules for them. With the new add process option, it is now possible to pick running processes as well which makes it easier as you don't have to browse the system for the file location anymore. Another feature that adds to the comfort level of the program is the add a folder option. It blocks all executable files in the selected folder automatically. This is useful if there are multiple executable files in a folder that you want to block. Instead of selecting each executable file individually, you'd simply block the whole folder using the program. How that is done? Simple: click on File > Add Folder Contents, and select the folder using the file browser that opens. This adds all executable files of that folder to the block list. Please note that this is a one-time process. The folder is not monitored for new executable files. So, any executable file placed in the folder after you run the operation is still allowed to run. You need to re-run the add folder option in this case or add the new executable file manually. Firewall App Blocker supports a new and handy "block all Internet" feature which you can toggle with a click on Firewall > Block Internet. You may use the same Firewall menu to disable the firewall as well. What else? The program window is resizable now, and you may change the font used by the application to display the firewall rules in the list. Last but not least, there is a new whitelist mode feature which blocks all processes from connecting to the Internet except for those on the whitelist. You switch between default mode and whitelist mode in the firewall menu. Closing Words The Firewall App Blocker 1.5 update improves the program in several significant ways: 64-bit program support, the new whitelist and folder blocking features, and the new handy process blocking options. Now You: Which firewall, and program, do you use on your machines? Source
  23. Sphinx Windows Firewall Control A guest post from Noel Carboni: Firewall software is responsible for blocking or allowing network communications. A lot of folks who care about security and privacy visit AskWoody.com, so I want to let everyone here know about a good piece of 3rd party firewall software that’s just been released: Sphinx Windows Firewall Control version 8 http://www.sphinx-soft.com/Vista/index.html Essentially Sphinx Windows Firewall Control offers, for Win 7, 8, and 10 users, the practical ability to set up and manage a “deny outgoing connections by default” configuration. The Sphinx Windows Firewall Control application works with the Microsoft-provided Windows Filtering Platform / Base Filtering Engine, where the “dirty work” of actually gating network connections is done. The filtering platform is a mature, working system component that has been around for a while now. Out of the box, Windows of course provides the Windows Advanced Firewall, but in its default configuration it really doesn’t do much to enhance users’ privacy and security, since it allows all outgoing communications by default. That made some sense when we actually trusted the OS maker to have our backs. Now… Think of the Sphinx Windows Firewall Control software package as a different, better, user interface for managing the firewall configuration on the PC, and in fact it CAN run alongside the Windows Advanced Firewall – there is no coupling between the two – though in practice you really want to just shut off the Windows Advanced Firewall and manage firewall operations entirely with the Sphinx software. Having both active would just lead to confusion. But the really neat part – the thing that’s really special about this new version 8 release – is that the firewall configuration can now be managed using names, not addresses. That’s very significant. It changes the effort in setting up and maintaining a firewall configuration from impractical to almost trivial, given today’s networking that’s rich with server banks and content delivery networks (where a given host name can resolve to many different addresses). It means, in layman’s terms, that if you want to allow site svc.anksvn.net to be contacted you just enter the name svc.anksvn.net into a zone rule and you’re done. You don’t have to figure out that this name can resolve to any of multiple different network addresses and enter them all. And you don’t have to try to figure out when a new server at a different address is added or one of them is taken offline in the future. I can’t stress enough how much managing the firewall configuration by name simplifies the setup and greatly reduces ongoing maintenance. It literally changes it from practically impossible to something that can be taken to a very detailed level and still kept up. I personally am a control aficionado and have what some would call quite a pedantic setup, where EVERYTHING is controlled to the finest point. The Sphinx software sets up a workable default configuration, but I’ve developed my own configs completely from scratch. I’m quite willing to share them if it can be helpful to others to see what I’ve set up. I have literally not had to make any changes to my Sphinx firewall configuration in weeks. It really is possible to develop a practically “set it and forget it” configuration that lets you do normal things without exposing you to new threats. Some observations, after using this software for quite a while: Seeing what Windows tries to contact in the Events pane of this software gives one a warm feeling of knowing what’s happening on your system. Logging can be managed by application – meaning you can, for example, log everything your services do online but suppress logging of sites you visit with your browser. There’s a UI panel for the events (that you can, for example, clear or filter for certain things), and there’s a bona fide geek level log put in a file as well. It offers complex-enough configuration capabilities to set up most of the system to run in a deny-by-default mode, yet some applications (e.g., your browser or Skype) can be set to allow-by-default – with exceptions to both of course. So, for example, no newly installed program will be allowed to contact online servers until you add a rule to allow it, and conversely your browser can contact previously unvisited websites without any pop-up, yet still be blocked from contacting certain bad ones. New / unexpected attempts to make network connections are blocked with a pop-up that has a “horror movie” violin sound effect (which you can change if you like), at which point you can choose to either allow future such attempts or continue to deny them. What this means is that once you’ve got things initially set up, ongoing maintenance because of changes e.g., installing new software is essentially reactionary. In this day and age, knowing communications you have NOT allowed ahead of time will NOT succeed is comforting. This software has your back. There is a rich configuration interface. A change, for example, to allow or disallow Windows Updates is trivial for me. I just change the zone assigned to the Host Process for Windows Services (svchost) and it’s done. Thus no update will occur unless I specifically set the system up to do it. Through the Domain Names tab you can set up a list of security servers that are always allowed system-wide (e.g., machines serving the ocsp protocol that your system contacts when verifying code signing certificates, etc.). You can also set up a list of servers that are never allowed system-wide. Getting an indication of when an unapproved connection is attempted, by what application, and to what server, is very valuable in learning what needs to be reconfigured or tweaked via registry settings to make a system more private. Do that for a while and you end up with a Windows system that doesn’t even try to spill the beans. No matter what rules a software installer (e.g., a telemetry update) might try to add to the Windows Advanced Firewall they don’t affect the Sphinx Windows Firewall Control configuration, so you’re still in complete charge of what is being allowed or denied. I have been working closely with the author all through the beta testing period of the name-based software, and I have run the package through all kinds of harsh tests. He’s a smart, careful engineer who has been very responsive to feedback. As a result, the software really works. I use the Network/Cloud edition on all my systems. I am not associated commercially with this product in any way. The only connection I have is that I have been a beta tester all through the development of version 8 and some time before that. Noel Carboni Source
  24. Show of hands—How many of you have heard someone say something like this: “You don’t need an extra firewall. The one that comes with Windows is sufficient for home users”. While this may be true for the default settings when it comes to protection, how many who have heard this remark are able to check which programs have added themselves to the list of allowed programs? Find the settings Let’s take a look. You can find the settings for the Windows firewall under Control Panel > System and Security > Windows Firewall > Allow a program or feature through Windows Firewall. Despite the title “Allow a program or feature …”, this is also the place where you can remove them from the list of allowed programs and features. Changing the settings To get started, click the “Change settings” button. This requires Administrator rights and, after execution, you will see that the tick boxes are no longer grayed out. Effectively, you can check here if everything that has permissions to connect are programs you trust, or whether you actually feel that they need to have these permissions. Some programs can be trusted to run on your computer, but there might be no real reason for them to make outside connections. The method above can be rather painstaking, especially if you have a large amount of programs installed. Not to mention all the (undoubtedly) confusing names. Malware authors are sometimes counting on our reluctance to disable anything made to look like it’s related to Microsoft, Windows, or Internet Explorer. “Who knows what will stop working if I disable that?” An easier way to check To make it a little easier, you can use a program that makes a log and uses whitelisting, so all you have to do is take a look at the remaining entries. One such program which is very popular at many tech help forums is FRST. If you download FRST (make sure to get the right version) and run it, make sure there is a tick in the “Addition.txt” field if you want to look at the firewall section. Once “FRST.txt” and “Addition.txt” are ready, you will be prompted. Click OK on both prompts, and the logs will be saved in the same folder as “FRST(64).exe”. A typical firewall related section of FRST will look like this: ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3297B962-0770-4831-890E-FEF6510610E4}] => (Allow) C:\Program Files\Newsbin\newsbinpro64.exe FirewallRules: [{8D2A05D2-99CF-487E-A1B9-F8564A86F6A2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{E5055742-8397-4AFB-BDD9-DF9CFB3B2C4E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{64DC59A3-D99D-4926-8010-A4006CC83EC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{AD102C3A-3D40-4A47-9483-AB5C8FC40D25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{06100084-A816-405E-B3E8-965FD63E1B8F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{8B8C1A5C-20E0-4B64-BC6B-705C4B002763}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [UDP Query User{1D2F5D5C-673D-4480-A385-C362D7BE39F7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{16301F9C-A2E7-4758-894D-18B300A6E0F9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{47F0B7D0-D0EA-403F-9D8B-0A1F92E5E84E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{88724164-66B1-4D9B-97BD-76BDBD486E3F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2A926726-D200-4CAD-9A56-7D6B10516B53}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{CAE1A4B8-4C29-4929-A508-D2B2D89AFEAA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{1AB7A511-8CC3-4032-936D-6E6121445CF5}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{5B7AD292-902A-44BE-A6F1-E276DC1E4E89}] => (Allow) C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe FirewallRules: [{854E69F5-896D-4BF9-A5EB-F1C645E8EBD1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{006610CB-49E1-4F19-BB70-783191B21F91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe If you need help analyzing one of these logs, we recommend asking for help on our forums. Malware adding allowed programs So, if it’s so difficult to find and get rid of unwanted entries, it must be really hard to add one, you might think. Unfortunately, that’s not true. If a program is run elevated—with Administrator privileges—all it has to do is run a command like the example below: netsh firewall add allowedprogram "C:\Users\{username}\AppData\Roaming\Tr.exe" "Tr.exe" ENABLE This example is taken from a Trojan that runs this command to grant itself internet access. After which, it downloads additional malware. Of course, this is not only true for malware. Every program and installer that runs elevated has the ability to add programs to the “Allowed” list, which is exactly the reason why we recommend regular checks to see which programs are allowed if you are relying on the Windows firewall alone. Some might argue that this is true for every firewall, and they would be right in my book. It never hurts to check your firewall settings, certainly not after cleaning up an infection. Conclusion While the built-in Windows firewall may offer adequate protection, this is only true if you check the settings on a regular basis, and certainly immediately after removing an infection. Links Netsh Commands for Windows Firewall Article source
  25. werty12345

    NetBalancer 9.5.6

    NetBalancer is an internet traffic control and monitoring tool designed for Microsoft Windows XP, 2003, Vista, 7, 8 with native x64 support. With NetBalancer you can: Set a download and/or upload network priority or limit for any process Manage priorities and limits for each network adapter separately Define detailed network traffic rules Group local network computers and balance their traffic synchronised Set global traffic limits Get detailed statistics and totals about your data usage Show network traffic in system tray and much more! Homepage: https://netbalancer.com Release Date: 21-Sep-2016 Update 9.5.2 - 9.5.6: Bug fixing and stability improvements. Features: https://netbalancer.com/features Download: https://netbalancer.com/downloads/NetBalancerSetup.exe
×