How can I improve my computer's security?

[nerdboyxxx]

Heya :).

 

I've been alerted to some potential gaps in my security for my computer, andwould like to rectify these problems. I have uninstalled all torrent downloaders or streamers, which were Vuze and Frostwire. I have also installed Nod 32, from what I've heard it is quite a powerful antivirus system. That's two down as far as I know.

 

But from what I've been told, I don't have a proper firewall. I have windows firewall running and fully updated (so latest versions and all) but my hijackthis report came back as a big fat no. So,I've posted a HiJackThis! report below. If you see any other problems or know how to fix this apparent "lack of a firewall" than please let me know :).

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:36:03 AM, on 6/02/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

 

Running processes:

H:\Windows\system32\taskhost[Caution: Executable File]

H:\Windows\system32\Dwm[Caution: Executable File]

H:\Windows\Explorer[Caution: Executable File]

H:\Program Files\iTunes\iTunesHelper[Caution: Executable File]

H:\Program Files\ESET\ESET NOD32 Antivirus\egui[Caution: Executable File]

H:\Program Files\Vtune\TBPANEL[Caution: Executable File]

H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File]

H:\Program Files\Xfire\Xfire[Caution: Executable File]

H:\Program Files\Mozilla Firefox\firefox[Caution: Executable File]

H:\Program Files\Trend Micro\HijackThis\HijackThis[Caution: Executable File]

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=13170&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - H:\Program Files\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\tbVuze.dll

R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - H:\Program Files\Vuze_Remote\tbVuze.dll

O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll

O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - H:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched[Caution: Executable File]"

O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\QTTask[Caution: Executable File]" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper[Caution: Executable File]"

O4 - HKLM\..\Run: [egui] "H:\Program Files\ESET\ESET NOD32 Antivirus\egui[Caution: Executable File]" /hide /waitservice

O4 - HKCU\..\Run: [TBPanel] H:\Program Files\Vtune\TBPanel[Caution: Executable File] /A

O4 - HKCU\..\Run: [steam] "H:\Program Files\Steam\Steam[Caution: Executable File]" -silent

O4 - HKCU\..\Run: [sUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File]

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin[Caution: Executable File] (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] H:\Windows\System32\mctadmin[Caution: Executable File] (User 'NETWORK SERVICE')

O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\Xfire[Caution: Executable File]

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService[Caution: Executable File]

O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder[Caution: Executable File]

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv[Caution: Executable File]

O23 - Service: ESET Service (ekrn) - ESET - H:\Program Files\ESET\ESET NOD32 Antivirus\ekrn[Caution: Executable File]

O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - H:\Windows\system32\nvvsvc[Caution: Executable File]

O23 - Service: PnkBstrA - Unknown owner - H:\Windows\system32\PnkBstrA[Caution: Executable File]

O23 - Service: PnkBstrB - Unknown owner - H:\Windows\system32\PnkBstrB[Caution: Executable File]

O23 - Service: Steam Client Service - Valve Corporation - H:\Program Files\Common Files\Steam\SteamService[Caution: Executable File]

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - H:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr[Caution: Executable File]

 

--

End of file - 5318 bytes

 

Thanks for all the help :).

[egbert_o_foo]

I have some questions about everyone "needing" a firewall. Most security threats to computers located at home or the SOHO environment are, as you yourself have given evidence, the result of social engineering rather than brute force scanning and "cracking".

 

Do a Google search for Steve Gibson's "Shields Up!" and run the test. He'll give you a pretty considered opinion on whether you need a firewall or not. But, be sure you understand your setup first. For example, most people these days are behind a DSL router doing NAT (network address translation), so it's really the *router* that needs the most protection.

 

My $0.02.

 

Disclaimer: I'm not Kevin Mitnick or Steve Gibson or Robert Watson or even Dr. Solomon, and I'm not responsible for any threats to your system, 'cause I don't do that stuff. :mrgreen:

[nerdboyxxx]

I have some questions about everyone "needing" a firewall. Most security threats to computers located at home or the SOHO environment are, as you yourself have given evidence, the result of social engineering rather than brute force scanning and "cracking".

 

Do a Google search for Steve Gibson's "Shields Up!" and run the test. He'll give you a pretty considered opinion on whether you need a firewall or not. But, be sure you understand your setup first. For example, most people these days are behind a DSL router doing NAT (network address translation), so it's really the *router* that needs the most protection.

 

My $0.02.

 

Disclaimer: I'm not Kevin Mitnick or Steve Gibson or Robert Watson or even Dr. Solomon, and I'm not responsible for any threats to your system, 'cause I don't do that stuff. :mrgreen:

 

Okay, I'm running the test now, but I will need a firewall of some sort for tip.it crew (I've already been denied, and it was because I didn't pass the security check. I need a firewall to pass :P).

[Lunar_Drifter]

I got on as a mod with just Windows Firewall/Defender. That was a few years ago though.

 

My #1 security tip is to not be an idiot online. Don't click on suspicious links, don't open emails from unknown senders, and don't fall for those stupid "We won't pay 3.99 for Facebook!" or other action-now scams. Be smart on the internet. Install ad-block if you use Firefox. If you really feel paranoid, then install Web of Trust add-on for Firefox. Speaking of Firefox, don't use Internet Explorer as that is the browser that most hackers/phishers/etc target. Uninstall Adobe Reader and get Foxit, as Adobe has some serious loopholes or so-I've-heard.

 

ESET is good, I use that. You don't need to uninstall torrent software (unless TIF requires you to for the crew). The software won't get you into any trouble, it's what you choose to download that'll do you in.

 

You shouldn't need anything else other than that. It still beats me to this day how people can get viruses so easily. I'm on the internet way more often than the people whose computers I've fixed, and I never (literally) get viruses. I've never had data corruption or stolen passwords or phished accounts.. it just doesn't happen. I guess I know what to look for- so, know what to look for!.

[nerdboyxxx]

I got on as a mod with just Windows Firewall/Defender. That was a few years ago though.

 

My #1 security tip is to not be an idiot online. Don't click on suspicious links, don't open emails from unknown senders, and don't fall for those stupid "We won't pay 3.99 for Facebook!" or other action-now scams. Be smart on the internet. Install ad-block if you use Firefox. If you really feel paranoid, then install Web of Trust add-on for Firefox. Speaking of Firefox, don't use Internet Explorer as that is the browser that most hackers/phishers/etc target. Uninstall Adobe Reader and get Foxit, as Adobe has some serious loopholes or so-I've-heard.

 

ESET is good, I use that. You don't need to uninstall torrent software (unless TIF requires you to for the crew). The software won't get you into any trouble, it's what you choose to download that'll do you in.

 

You shouldn't need anything else other than that. It still beats me to this day how people can get viruses so easily. I'm on the internet way more often than the people whose computers I've fixed, and I never (literally) get viruses. I've never had data corruption or stolen passwords or phished accounts.. it just doesn't happen. I guess I know what to look for- so, know what to look for!.

 

Thanks for all that info :). I had to get rid of my torrent downloaders because they weren't allowed at all. I use firefox (latest version) with adblock plus, an excellent add-on that ahs pretty much gotten rid of all annoying pop-ups that I used to get. I'll also look into foxit, because I've also heard about Adobe and their loopholes, but never knew of another program that read PDF files :wall:.

 

Still, I'm a bit concerned that my firewall didn't appear in my hijackthis report the first time; Unless it doesn't appear at all. But still, if anyone still cannot see it in the above report (I don't know what to look for...) let me know:). Thanks for all the helpful suggestions so far!

[Sbrideau]

I've used ESET for a year, and it deceived me. It's not as good as people say. The best free alternative you can get though is either MSE or Avira. Also, if you're behind a router, you usually won't be needing a software firewall as you already have a hardware one. Adblock plus is a very good add-on for both Firefox and Google Chrome. And yes, I've recently switched from Firefox to Chrome, as Firefox has been getting more and more sluggish since the release of 3.5 (I never permanently installed Firefox 3.5 and higher because of stability and speed problems, Firefox 3 is still superior to 3.5 and higher).

 

The reason that us, people very often on the internet, don't get viruses, is simple: we know what to lookout for, and know the tools not to get viruses. Nowadays almost all the viruses you will get is by user error, and what's even worse is if the person getting the virus is using Vista or 7, the have had 2 separate warnings before installing the virus, and that's without the antivirus. Viruses nowadays work with user errors, that's why people that don't go often get the viruses, they don't know the browser tools not to get them, and also will go to any website, even those containing viruses (I have a friend that does that even if I tell him not to go to that website, thinking of going on his computer and blocking it), and often will click on any ads on the page, which themselves sometimes contain viruses, but also scam ads that you see sometimes.

[Will H]

I'm with the other people here in saying that Microsoft Security Essentials, Windows Firewall, an ad blocker such as Adblock for Firefox or Chrome*, and some common sense when browsing will cover all of your bases to a reasonable degree, with no cost involved. The most important one of those is the latter. Don't click anything that you don't trust, keep an eye out for scams, and only use torrent programs with extreme caution (only on a computer where you don't mind formatting, reloading and backing up).

 

 

 

*At the time of posting, I believe that the Chrome version is only available if you use the Beta Channel version of the browser, which is perfectly safe and stable.

[Da Pirates]

I personally use Avast and it has stopped all viruses i've had before anything got out of hand. From what i've heard NOD32 uses up a lot of resources

[Jernlov]

You can avoid almost all virus trouble by just using common sense. Personally, I don't see a need to have a software firewall or even an antivirus (although, I do run one of these) to an extent, if you're an experienced user. It just ends up as wasted system resources. I would say you're secure as it is.

 

Also, you are very unlikely to get anything malicious coming through BitTorrent itself, but beware of what executable files you download and run. If you suspect it, scan it. Still in doubt? Delete it. It's that simple.