SandBOX’D v1.0 – A guide to making your PC unbreachable against threats.

Historically, Microsoft’s Windows has been a very vulnerable operating system, mainly because of its extreme popularity and Microsoft’s slow response to threat patches. Things improved a bit with the launch of Vista in 2006, such as the inclusion of UAC, Bitlocker, Data execution prevention and all but it came packaged with it’s own issues. Windows 7 was a big improvement with streamlined security management and the inclusion of Windows Defender and Software Removal tool. Windows 8.1 and the newest kid in the block, Windows 10 are super secure due to a number of security improvements (UEFI Support, Bootloader protection et al.) and also because of Microsoft moving to a rapid release cycle schedule, meaning the patches are released much earlier than before.

Though Windows may have evolved in terms of Security & safety over all these generations, no version of Windows is 100% secure, because the hackers are as creative (or doubly creative) as the Windows security team, constantly innovating new types of malware and exploiting vulnerabilities.

And, in today’s world, I bet nothing can be as important as safe computing. That’s why Anti-virus industry is fledgling and the market is flooded with tons of products.

Still, if you practice safe browsing habits, you don’t really have to actually *buy* an antivirus and you’ll be just fine. Anyway, let’s stop talking bs and jump straight in, your PC, SandBOX’D

  • Use OpenDNS/Alternative DNS.
OpenDNS
OpenDNS – The frontline defence against threats!

DNS stands for Domain Name Server. It’s that thing in between your device and the website you visit and it helps to convert the URL into the site’s IP. It all works in the background and you generally shouldn’t worry about that. But the problem with your ISP’s default DNS is that it sucks and it’s slow.
OpenDNS is a private DNS operator specializing in catering to homes and business organizations. They also have free DNS service that by default blocks most of the Malware sites. They update their block list regularly so that you’re always far away from Malware infested sites. Also, if you want to block adult and violence promoting, there’s also a free option for that.
Overall, it’s pretty neat. You’re getting a free frontline defence against from malware for no additional cost. Plus, their servers are generally better equipped and the pings are much quicker, so you should feel a noticeable improvement in your browsing speed (don’t expect too much improvement though.).

To set OpenDNS as your default DNS, punch in these numbers under the DNS settings page. Hit up Win+R > ncpa.cpl > right click the connection > IPv4 settings. You can follow this guide for more info: OpenDNS Setup

208.67.222.222

208.67.222.220

Family Shield:

208.67.222.222

208.67.222.220

You also have other options, apart from OpenDNS such as Norton ConnectSafe etc.

199.85.126.30

199.85.127.30

Step 1 complete.

  • Get a good antivirus.
My Current AV
My Current AV – ESET Smart Security

The market is flooded with AVs. It’s critical to choose the right one, depending on your PC configuration and your requirements. Many a times, an AV without a firewall should hold up just good. Personally, I’m using ESET Smart Security *with* a Firewall, since I torrent a lot and also visit deep web links (courtesy: TOR) and all of this makes my PC vulnerable to DNS poisoning and other sort of attacks.

Another good option is to go for Bitdefender AV. Those guys have pretty decent AV up and it’s robust, but heavy on system resources. Norton/Avast el al will do the job too.

Check this link for more. This too.

  • Get Malwarebytes/Hitman PRO.
Malwarebytes
Malwarebytes

No, I’m not talking about the game. Malwarebytes and Hitman PRO are what is called secondary scanner. They reside alongside your primary antivirus and act as a secondary guard against threats, keeping a watch on those software commonly missed by traditional AV. Among these two, Malwarebytes is HIGHLY RECOMMENDED. It’s super powerful and it can even bypass a malware trying to blockade the installation.

Check here for Malwarebytes. Best of all it’s free, you can upgrade though to get additional features (mostly useless.)

Check here for Hitman PRO.

  • Use a robust browser.
The browser market
The browser market

Google Chrome. Mozilla Firefox. Microsoft Edge. Vivaldi. Opera.

Using a secure browser is super important, since it’s probably the most used piece of software on your PC. Not just *installing* one, keeping it *updated* is also critical. Chrome and Firefox have rapid release cycle, so you can expect quick fixes. Can’t say about the other three.

Though I’ll write a separate article about the best security extensions for Chrome, here’s a brief list of extensions to boost your browser security by a couple of orders of magnitude.

AdBlock Plus

MyWot

LastPass…etc.

  • Use CCleaner/Alternative cleaners.
Ccleaner Interface, Windows 8.1
Ccleaner Interface, Windows 8.1

When you visit websites on your browser, the server sends to your device a small file called a ‘cookie’. Overtime, cookies can get accumulated and some cookies even start tracking you and your online browsing activities. *Not Nice*.

You can get rid of all the clutter by using a neat little software called CCleaner. This little PC veteran tool helps to clean up all of the clutter that gets downloaded along with the site you visit. Apart from deleting tracking cookies/cache, this tool also helps clear up your disk space, for stuffs you care about, unlike tracking cookies.

Alternatives include:

Glary Utilities

Advance SystemCare (pretty bloat though.)

Wise Cleaner (recommended.)

  • Use Strong passwords.
Password (http://digwork.com/images/password-ftr.jpg)
Password (http://digwork.com/images/password-ftr.jpg)

No brainer. Threats also include *physical* threats. A password is a good place to start. You can read here on creating stronger passwords.

Not just stronger password for your PC/Online accounts, also try to set up a lock for your *BIOS*, if you really think you need to super secure your PC. A BIOS lock won’t let the computer boot unless you enter the key and is generally considered a double edged sword. You’re f*cked if you forget it.

  • Disable Autorun.
AutoPlay (http://blogs.technet.com/blogfiles/srd/WindowsLiveWriter/AutoRunchangesinWindows7_ECB1/image_2.png)
AutoPlay (http://blogs.technet.com/blogfiles/srd/WindowsLiveWriter/AutoRunchangesinWindows7_ECB1/image_2.png)

Autorun can be a neat and a convenient feature. Just plug in the drive into the port and enjoy. But, it’s like inviting virus with invitation served on a platter. Autorun is dangerous because, even before your AV can scan the drive, Windows runs the files contained in it. Malware like ‘NewFolder.exe’ can be a disaster if Autorun. I learnt it the hard way.

Instructions here: Disable Autorun

So, yeah. That’s about it for now. Doing all the above things should take your PC’s defence against malware from 0% to about 95%, since nothing is 100% secure. Practicing safe browsing habits too help.

Hope you enjoyed reading this article 🙂

Stay tuned and subscribe for more awesome tech-y stuff.

@Abhishekist

Advertisements

Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s