A little personal place for me and everyone who stops by to hang out.
Published on October 13, 2013 By BigDogBigFeet In Internet

Well I must admit I'm a bit surprised.  I use 2 Browsers.  My main browser is IE 10 in protected mode.  I also have Firefox only because I cannot comment in the WC Galleries without it.  IE 10 just wont work there!!  I have also removed all Java from my system.

 

I seldom use FireFox at all.  For security I have MSE and Malwarebytes Pro.  I hadn't turned on protection mode in awhile for Malwarebyte Pro until today.

 

It found a hijack in my registry to turn on graphics file execution in Firefox!!  I didn't even know there was such an exploit.  How did it even get there??  A bad email? (I try to be careful.  I delete without opening when suspicious).  An inadvertent web page landing??

So I used Revo Pro to de-install Firefox.  I used Regedit to remove Mozilla from the Registry then rebooted.  Finally I reinstalled Firefox.

 

Fortunately, since I seldom use Firefox I've seen no system instability or evidence of virus.  However, it seems there is no end of effort to install viruses on pc's these days.  I'm sure Smart Phones will become heavily targeted as well.

 

I use just an ordinary Cell Phone no data or text so I'm secure there.  I just want a phone to be a phone for me.

 

It takes constant review of my PC system to keep it clean and safe.

 

I've often gone to these Forums for improving my knowledge of PC security.  So.. any thoughts ideas etc on improving PC security??


Comments (Page 1)
on Oct 13, 2013

Portable Apps. The Portable Apps versions of Chrome  and Firefox write nothing to the registry and if, by some chance, they get hosed, a reformat of the flashdrive and reinstall of all your backed up apps will solve that. I only have IE actually installed on my machines and I also use the portable version of Skype. The PA platform itself keeps them updated. As a bonus they can be used anywhere I go, on any rig.

P.S. There are also portable versions of some good security/anti-malware software worth having along with the browsers.

on Oct 13, 2013

Well I must admit I'm a bit surprised. I use 2 Browsers. My main browser is IE 10 in protected mode. I also have Firefox only because I cannot comment in the WC Galleries without it. IE 10 just wont work there!!

That's interesting, I use IE 10 with Win 7 and have no problem leaving comments.  What OS are you using?  Not sure what you mean by protected mode.

EDIT:  Just checked my IE 10 settings and I am running in protected mode.

 

on Oct 13, 2013

 

The best suggestion I can offer (and I know Doc will jump on me in about a second to get that guide I keep talking about finished...hehe )  is to make sure you approach all of your devices from 'least privilege' thinking.

Never....and I mean NEVER use an account that has ADMINISTRATOR rights to browse the internet etc.  Of course your system needs an ADMIN account but keep that one aside for installing/uninstalling etc. and use your regular USER account for everything else.  Teach yourself the power that is your system's 'local security policy' (administrative tools) and again, provide your USER account with the least privileges necessary in order to use your system on a daily basis.

The single best protection your devices will ever enjoy is that from ourselves and least privilege goes a long way in providing that.  No third-party security software can come close to providing the 'protection' that the above ensures on a system-wide basis not to mention that as always prevention is worth so much more than a cure.

on Oct 13, 2013

Internet Security

 

Oxymoron.

on Oct 13, 2013

Speak for yourself, Oxy.

on Oct 13, 2013

the_Monk

 

The best suggestion I can offer (and I know Doc will jump on me in about a second to get that guide I keep talking about finished...hehe )  is to make sure you approach all of your devices from 'least privilege' thinking.

Never....and I mean NEVER use an account that has ADMINISTRATOR rights to browse the internet etc.  Of course your system needs an ADMIN account but keep that one aside for installing/uninstalling etc. and use your regular USER account for everything else.  Teach yourself the power that is your system's 'local security policy' (administrative tools) and again, provide your USER account with the least privileges necessary in order to use your system on a daily basis.

The single best protection your devices will ever enjoy is that from ourselves and least privilege goes a long way in providing that.  No third-party security software can come close to providing the 'protection' that the above ensures on a system-wide basis not to mention that as always prevention is worth so much more than a cure.

That's what I've been saying, Monk.

And when the hell will you get off your lazy butt and do that guide?

http://www.windows7update.com/Windows7-Local-Security-Policy.html

Maybe some suggestions on how to open and configure?

on Oct 13, 2013

Thanks for all the replies.

I'm using IE 10 in protected mode Win 7 Home Premium here now and forums posting works.  It is only WC Gallery posting that doesn't work for me.  Compatibility View does not change this result.

Yes unfortunately this is my Admin account but.... I only tend to go to safe websites with it.  Even a limited access user account will not prevent viruses from landing on a computer.  It will prevent most viruses from executing their destructive effects.

I do use a limited access account for general web browsing.

This is the Hijack threat it found:

HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FIREFOX.EXE (Security.Hijack) -> Quarantined and deleted successfully.

and:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe|Debugger (Security.Hijack)

I don't know for certain if these are true Hijack Threats or not since these were also reported as quarantined and deleted yet I had to manually use Regedit to really clean the registry.

Could it be the Data Value that Malwarebytes didn't like?

Anyway after re-installing the latest Firefox these entries are no longer in the registry though.

 

on Oct 13, 2013

I don't need to protect my system from me. If I ever get to the point that I do, I'll give up personal computing.

 

Least priviledge is for the kids. I want and will have access to anything and everything on my PC, or I don't need the thing.

on Oct 13, 2013

BigDogBigFeet
Even a limited access user account will not prevent viruses from landing on a computer. It will prevent most viruses from executing their destructive effects.

Amen.

on Oct 13, 2013

BDBF, it has been my experience that there are too many apps out there flagging other apps for who knows what reason.  Avast, MSE, and a few other A/V apps flag my gadgets ( the ones I make) as malware/trojans and quarantine them.

You get the results you got from HiJack This. ( or whatever you used )

 

My point, everyone out there says everyone else is bad. This app flags that app....etc, so on....

 

 

It's crazy.  Half of all the results seem to be false positives.

 

Be smart, know what you're working with, don't over do security.    The ONLY way to really be safe is to disconnect from the internet and print photos or play games on your PC.

on Oct 13, 2013

RedneckDude
You get the results you got from HiJack This.

No those Hijack Threats were reported by Malwarebyte Pro.  Since I don't use Firefox for anything other than posting comments in WC Galleries pretty much, I saw no reason not to take the threat seriously.

In any case Firefox is reinstalled and the registry entries are gone.

on Oct 13, 2013

BigDogBigFeet
Yes unfortunately this is my Admin account but.... I only tend to go to safe websites with it. Even a limited access user account will not prevent viruses from landing on a computer. It will prevent most viruses from executing their destructive effects.

Unfortunately there are no 'safe websites'.  I can't tell you over the years how many people have been infected by drive-by attacks from 'safe websites'. 

Of course limited user accounts do not prevent malware from 'landing on a computer'  (although that usually entails a temporary file folder somewhere so their initial payload is easily removed etc.) but using 'least privilege' does prevent not only the execution, installation, modification (ie. registry entries etc. etc.) of most malware it does block access to additional areas of the system as far as dumping payload is concerned.  For instance a lot of malware these days comes in parts.  The first part is designed to gain access and act as a 'receiver' for its friends.  The friends can be engineered to gain access to lower areas of the operating system who in turn can allow access to yet other malware designed with other purposes in mind.  Even just preventing where malware you come into contact with can 'land' helps in a big way.

 

RedneckDude
Least priviledge is for the kids. I want and will have access to anything and everything on my PC, or I don't need the thing.

 'Least Privilege' done right does not prevent you from using your computer or having access to anything/everything.  I have been correcting this major fault in the IT world with my clients for many years and have yet to have even one single complaint.  'Least Privilege' does not = UAC turned on.   In any case suggesting 'least privilege' is "for the kids" is not helpful.

 

DrJBHL
And when the hell will you get off your lazy butt and do that guide?

One of these days I will get that guide I keep promising to Doc completed. 

 

 

 

on Oct 13, 2013

I've had a couple of false flags in Malwarebytes. Before removing the alleged exploit check out the date of the file. If the file has the same date as the programs installation the chances are high its a false flag. I also use HJT to check the list of registry entries to see if anything latched on. A great place to check your logfile is here http://www.hijackthis.de/

on Oct 13, 2013

the_Monk
One of these days I will get that guide I keep promising to Doc completed. 

Monk is very fortunate I have no pic of him. Very. 

on Oct 13, 2013

RedneckDude
I want and will have access to anything and everything on my PC,

 

so why do allow any executable to run it's code on your computer and hope your antivirus-solution might catch it?

Meta
Views
» 5179
Comments
» 37
Category
Sponsored Links