Assented Order Forums

Disclaimer:
Do you have a pesky virus, tons of spam in your E-mail mailbox, just got "hacked" in Runescape? This guide is here to answer all the major questions for you. So, please read it before asking for help in other threads.

If you have suggestions for stuff to add to the guide, feel free to post about it.

Table of Contents:
Section 1: General Security Practices
Section 2: Keeping Your Computer Clean

Section 1: General Security Practices

It's a tricky world we live in with our lives becoming more and more entangled in computers. No matter how security conscious you are, you can't deny the most prevalent crime you face by simply using the Internet: Identity Theft. All of the sections of this guide play some role in reducing the chance you have of going into a job interview, trying to get a loan, etc. and are denied because they did a background check on you and you suddenly become aware of having a warrant for your arrest in a state or country you have never been too. That has happened more often than you think.

Be cautious of the information you give out:
There are many different types of people who use the Internet: using the sites for their intended purpose, using sites to market for their business, using sites to make a quick buck, and using sites to steal information. The first example is the majority of the population, and the last three all have severe consequences for people who aren't aware of this.

When you use the Internet, look at every website as a test of trust between you and a real person. There are plenty of websites out there which put on the appearance of a legit business to store your personal information for their own marketing plans (like using your name and E-mail to spam you with their 100's of their Viagra or weight loss offers), or simply sell off their lists for a quick buck to other companies who will spam your E-mail with those offers.

Even on reputable websites like Runescape, there are people who will see things you say in the game or on the forum and remember it for later to use social engineering to gain access to your account or find you on other websites for more malicious uses.

Don't click on suspicious advertisements:
If you are viewing a website and see an advertisement that makes you think something like, "Are you serious?" or "No way!" then don't click it or even move your mouse cursor anywhere near it.

There are many advertisements which use flash or JavaScript to operate. If you get your mouse cursor near it, they will make themselves larger, start a movie playing on the screen, or open up other websites. Besides being annoying, they often will be from malicious advertisers that will redirect you to sites which may compromise your computer in one way or another.

In some instances, I have had advertisements open up another window (by just loading on the web page and no interaction from me started it) and that window "looked" exactly like a traditional Windows XP file window that you would use to access folders on your computer. That then "attempted" to install a Trojan on my computer while also changing it's image to show an alert saying that my computer has been compromised and I need to update my virus protection. Needless to say, I use Kaspersky Internet Security 2010 and it blocked the Trojan and removed it. I then closed the entire browser because I didn't care to risk it anymore. Oh, and that advertisement happened to load from Facebook and again on a couple other Web 2.0 websites that used DoubleClick and AdWords to manage their advertisements (both trusted companies ran by Google).

Have secure passwords:
Did you know that the most common password is 123456? I kid you not, a good percentage of people use it. Take a moment and think about how common your password is. Do you use words from the dictionary, repetitive number sequences, your pets, your loved-ones birthdays?

A good password is one that is around 10-14 characters in length, has at least 2 special characters ($, ^, &, @), 3 numbers, and upper and lower case letters. Now, not all websites will allow all of these, but get as close as you can.

Don't leave your passwords written down, under your keyboard, on sticky notes, in your E-mail, saved in your browser's "remember your password" option, within identity management services, etc. The most secure place to leave your passwords is in your head. If you absolutely "must" have them stored somewhere then open up an image creation program like MS Paint or Photoshop and write them there and save the image as a PNG file and then zip that image into a ZIP file with password protection to open. The file names here should not be obvious like "passwords". A second option would be to print out all your passwords and keep them locked up in a safe somewhere.

A good way I like to create passwords is take a noun, verb, 2-4 numbers, and 2-4 special characters and create an acronym out of them.

Example:
Noun: Zebra
Verb: Fall
4 Numbers: 2, 9, 4, 5
2 Special Characters: @, &

Take each letter, number, and special character and jumble them up into an acronym that makes sense if you read it in LEET.

Result: Z&4l2F;@be9rala5
English translation: Zandal to fat benign ralas

It doesn't exactly make sense, but any program that needs to crack passwords will either run out of successful attempts and be caught by the server, or spend days in the process as there are just too many possibilities for a password of that strength.

Section 2: Keeping Your Computer Clean

There is a lot of misinformation in the world about security. For instance, there is the misconception that if you have a virus scan on your computer you are clean. Another is that Macintosh computers don't get viruses. Both are false.

Viruses, Trojans, malware, spyware, malicious scripts, etc. all have two things in common: to steal information and cause widespread infection. The majority of these come from two places in the world: Russia and the surrounding countries that use to be the Soviet Union, and Asia. This is because their cost of living is very low and they are very strong in mathematics and computer engineering. They can get a single identity of someone and make even $100 and that will have funded the investment to make the script that infected your computer.

Because of this, they go for the operating system and browsers which have the biggest pool of users. Once an operating system, browser, software, etc. covers more than 10% of the market, it is on their radar for ways to abuse it and use it for their purposes. The larger the percentage of the market that something has, the more likely it is that there will be risk to you. So, those Mac people that think they are safe – once Asia or Russia gets Apple computers – think again.

Setting up your Security:
The first step when you get a new computer is to secure it. New computers come with a lot of pre-installed programs which are just trials or teasers to other programs. These need to be uninstalled so that "only" the programs you plan to use are on your computer. After that, you need to remove all startup programs which are not vital to the immediate running of your computer (like your antivirus). iTunes or Quicktime for instance love running on startup to that when you need them they load faster. I don't know about you, but I only run them occasionally and don't like my computer taking long to startup because of that.

The above steps are easy to do with tools like Glary Utilities and Ccleaner. Both are free to use and make a lot of the following steps simpler.

Once you have removed pointless programs, you need to clean your computer's registry and clean it's temporary files. Ccleaner offers a very thorough way to do this. In the settings choose "Guttman 35-passes". Then, run the cleaner and after that is done, run the registry cleaner and fix all the errors. Once this is done, run Glary Utilities and catch the stuff Ccleaner missed.

What this does is remove all the temporary files that builds up while you operate your computer and also fixes the missing registry pointers to programs and logs which are no longer there for those programs you added or removed while setting your computer up.

It is time now to install your computer security software. I personally prefer Kaspersky Internet Security as I have found it to be extremely effective in catching stuff that Norton, McAffee, Panda, AVG, and others miss. It also has a vulnerability scan to check all your programs for security holes that could compromise your system – then it gives you links for tutorials on how to fix them. You can download the 30-day trial on Kaspersky's website and then buy a $35 copy from Wal-mart to save from paying the full price as you only need the 3-computer license key.

Now, use a backup program and create a complete backup and recovery disk for your computer. Now, if you ever have to recover your computer you know it is completely clean. An easy way to do this is buy an External USB harddrive that has a backup function.

Regular Maintenance:
Running regular maintenance on your computer is a must. While you use the computer, it is storing logs and histories of what you do – even by just running Microsoft Word! When you browse the web, install programs, download stuff, etc. temporary files, caches, and cookies build up. So, if you happen to get compromised and a virus gets on your computer those are the things it looks for to learn all about whoever uses the computer.

In your Internet Browsers, you should have it set to never remember passwords, store history, and empty temporary files and cookies when the browser is closed. In Internet Explorer and Firefox this is through the Tools >> Internet Options menu. In IE8 this is moved into the Safety and Security tab.

What I do is set Kaspersky to run an update once a day at midnight and then do a full system scan at 1AM. Neither browsers completely remove everything, and you need to be more thorough. I run Ccleaner and Glary Utilities (in that order) at least once a week to remove all of that. I run them both once a day at minimum.

Following these practices will ensure that your computer rarely has a virus or infection. When it does, it is very minimal in risk because there is no data built up to send back to the creator about you.

Reserved

Reserved

Reserved