Protect yourself


HomeProjects & InfosCommodore16Bit ComputerCP/M ComputerCP/M Software
Detection of a virus 
Protect yourself 
Linux BootCDs 
Analyzing Tools 
Obvious Virus places 
EXE Types 
Display Driver Error 
Changing VGA cooler 
Outpost Distribution Tool 
Overclocking PIII 
Transfer service 
Flea market 
About Z80 
About me 



Protection against being spyed out by trojan programs, being wiretapped and similar dangers

These hints are related to Windows XP/Vista users only.
If you are using Linux (recommended if you know what you are doing), similar hints are existing, but for now you have to look for that at an other place.

Do you want to publish your bank account data to foreigners ?
Are you sure you want to make a gift to hacker (e.g. your password) ?
Do you want to be wiretapped from any agency ?

No, of course not.
So following the rules below can help to keep your privacy (almost):

Very simple, but still true: Do not trust any unknown download source.
Do not execute any file attachment in your mail, even if it's send by a known person (because that person's PC can be already infected).
Try to use only a restricted user account for your daily work. Do not use an administrator account for every purpose.

Try to use a browser only with disabled active scripting capabilities.
Use Firefox with "NoScript". Try to avoid Internet Explorer.
Try to avoid Flash/Java and for sure avoid Active-X components.
Firefox again with "FlashBlock" would be a good idea, too.
Use private browsing and private search from disconnect Inc ...

Try to understand your system. Take a look on the running processes, SysInternals Process Explorer is a very good tool (the build-in task manager is not fraud-resistant). Use also TcpView (better use a utility like TDIMon, but unfortunately it is abandoned by Microsoft, so may be TDIScope will do it also).
You can think about using Wireshark with another PC also, of course you must have also a "network hub" (which can distribute all packets to all other ports also) or a configurable network switch.

A personal firewall can help to get more control, but it is not really a protection against malware, because malware can transfer data via port 80 (means http) which is usually permitted, also it can act as an already permitted program, too. Or it can remote-control system processes (every program can send "messages" to other programs, even keystrokes !), e.g. the svchost.exe can be overtaken by a trojan program - but typically svchost.exe is "allowed" in a personal firewall !
A smarter personal firewall was Comodo Firewall, but meanwhile I can't recommend their free versions anymore (too much crippled), so take Glasswire instead (there is a free version, too).
Do not trust Microsoft's build-in Windows Firewall, because it's very, very easy manipulated (just by using specific registry entries).
Use hardware based firewalls instead (e.g. your router usually has firewall functionality).

An Anti-Virus program typically knows only known viruses and trojan programs. Even the heuristic methods can't protect you against a total new variant of a virus, because there are so many possibilities to hide the code (see also here for exepacker detection).
Control your autostart entries, the build-in command "msconfig" is a start, but does not show all possibilities. Try "Autoruns" by SysInternal or "Hijack" (it's better than all others, but isn't perfect too). The same vendor has also a tool to detect alternate data streams here (found with NTFS). Be also aware there are "Browser Helper Objects".

Try to minimize the number of used Windows services, several hints how to do this can be found here (for Win XP) and here (for Win 7).

Try to use your internet connection more restrictive (e.g. generally block specific important ports like RPC or AD DirectoryService).

In general, do not use administrative rights for jobs you don't have to use them.

For more safety/security try to do the following (if you are afraid being wiretapped or similar):

Connect to internet only with a virtual machine (e.g. use virtualbox). Set up the virtual machine once and copy the image to a safe place. Every time you start the virtual machine, try to use a fresh copy of the built image.
Also, if you are paranoid enough, think about the provider side ... the alteration of DNS data can be a way of pretending you being secure, but when downloading stuff, you are redirected to the wrong place. Or they can alter data directly (think about a kind of an application gateway to "infect" downloaded executables automatically).

Secure your private data in encrypted areas, e.g. use TrueCrypt or VeraCrypt for virtual drives, or use gnupg (sourcecode also available there) or Sophos Private Crypto (it is not maintained anymore, but seems to be trustworthy) or AxCrypt (they offer also the source code) to encrypt single files (if this is needed). Do not mount your encrypted drives if you are connected to the internet. If you use whole disk encryption only, it does not protect you against data loss via network because encryption is transparent to the user and the system. You can combine whole disk encryption with container disk encryption methods for that reason (remember: do not use/mount your private data during an internet connection). See also my Computer Forensic page.

Encrypt your mails if you really need to assure a private exchange of information. If you use public available certificates for S/MIME, these certificates can be compromised already. You can create your own certificates with SSLeay (see OpenSSL for more information).
Or use PGP / GnuPG for email encryption. Even PKZIP can help, but only if you use just one file inside the ZIP, and, you have to use a safe password (means long enough with special chars, at least 12 chars long). Do not trust server-based encryption services like Hushmail, there is no privacy (or see here).

Use only secured IP phone services like zFone or try to use VoIP clients from PC to PC with a VPN tunnel only. Ok, if you are afraid that someone can look inside your network connections (e.g. what you've downloaded or what web pages you are visiting), generally use Virtual Private Network (VPN's, at least IPSEC connections with 3DES or SSL/TLS, for free at OpenVPN) connections.  If you have enough time and money, rent a server in an other country (e.g. if you live in germany, rent a server in a non EU country) and install a vpn gateway on it. Then connect your own PC just to that gateway and try to connect to the internet (not the VPN itself) from this site only.

For all methods: Try to switch between the several possibilities (e.g. Mail Server) as often as you can. This will make it more difficult to track.


HomeProjects & InfosCommodore16Bit ComputerCP/M ComputerCP/M Software

Copyright (c) 2005-2014 Peter Dassow. All rights reserved. (remove NOSPAM. for a proper mail address)