Seems that the original post is what works good for that user, however it does not work for the rest of us.

I won't ever turn off the ability to see hidden files, nor the extensions of said files. That's just bad.

MSIE is a bad browser, I agree. Firefox, Opera...hell, even Netscape is safer. I, myself, prefer Firefox, and only use MSIE to access my anti-viral websites.
(housecall.trendmicro.com and www.pandasoftware.com/products/activescan.htm) as well as use "NoAdware", "Adaware SE Pro", "Spybot S&D", "HijackThis!" and then I clean up my registry with "Registry Mechanic"....but that is what works for me. I prefer the online scanners due to their ability to stay up to date without having me download 10 meg of updates every month, and then getting those corrupt when I do get attacked by a virus.

The sad thing, is when the majority of your drive is taken up by antiviral/anti-spyware programs because you cannot work online anymore without them. I know someone who had every spysweeper known to mankind, plus 8 antivirals running all at the same time. It took up like 9 gig. His drive was 20 gig.

The latter advice I had not thought about, it is most helpful. I had moved to firefox and most recently Opera from IE but had not thought to do what you had recommended.

Two things I'll add that haven't been mentioned yet:

- People are getting into the habit of updating the OS, antivirus, and anti-spyware, but not so much Office. Visiting Office Update should be as much a part of the routine as for anything else; vulnerabilities within its components do surface as much as with anything else.

- If you've moved over to another browser and are no longer using IE, you'll still need to keep it around to successfully run Windows Update (yes, I know there are extensions to enable ActiveX in Firefox / Mozilla, but let's not go there - it's just a bad idea). Recommendation: disallow all sites in IE's security settings that aren't *.office.microsoft.com, *.windowsupdate.microsoft.com, and *.windowsupdate.com. This will help to mitigate against malware that tries to pull up IE even if it's not the default browser, and can be marginally useful against hosts file poisoning.

for PCs a good registry protection program is MJRegWatcher it covers just about every where. any change i make it popsup and asks if it's OK. it uses polling
http://www.jacobsm.com/mjsoft.htm#rgwtchr

another good registry protector which is both shareware and freeware is RegDefend, it works in the kernel
http://www.ghostsecurity.com/index.php?page=regdefend

some good Host Intrusion Protection System (HIPS) programs are...
free for home use AntiHook
http://www.infoprocess.com.au/

i haven't tried it but Online Armor is supposed to be good.
http://www.tallemu.com/index.php?area=home

and Prevx
http://www.prevx.com/

in the past i used System Safety Monitor, it's was very very good, giving you a great amount of control e.g. interceping driver, service, dll, hooks and memory access and letting you choose which application can do what and how it can interact with other applications on an individual bases. what made me stop using it was that it worked on a timed bases, so would stop working at a certain time, and you'd have to update to the new version which could be buggy. it will go sharware too at some point.
http://syssafety.com/product.html

SafeXP is nice for turning off some unneeded features in XP
www.theorica.net/safexp.htm

Secure-It is good for hardening your system, some people have had problems with it, but most haven't
http://www.sniff-em.com/secureit.shtml

Harden-It like Secure-It, but for networks. i'm fairly sure SafeXP, Secure-It and Harden-It all have features that let you revert back to before you ran them, but you'll have to check.
http://www.sniff-em.com/hardenit.shtml

Its not hard at all, some if not many public release trojens have an icon chooser in the compile server phase, One could use the icon of a .doc document, assuming that file extensions are disabled.

To the victim, the document would look like a word file, smell like a word file, but when clicked, wopuld display anything the attacker wants, ie "File is corrupt" Or something of that standard.

I get the distinct impression that you do not work with the world of Microsoft Windows. A .exe file is not a document loaded by an external program through the file associations as a .doc file is; a .exe file is an application. If I have Document42.doc and Document42.exe, and the latter specifies an icon that identically resembles that of Microsoft Word, then both files will appear identical (assuming file extensions are disabled and the user actually has Microsoft Word installed).

I apologize for the aside here, but I think it is important that users understand these concepts.

I am not ignoring the fact, I am simply assuming the attacker does not have access to change your default file associations.

You are ignoring the fact that applications have the ability to specify their own icon. Is there any manner of disabling that feature?

it will appear as Document42.doc, but will have the icon of the default application used to load an exe and not the application to load a doc....just be alert.

I definately agree with Noid on the don't use Internet explorer if you don't have to.

great list of tips, noid. to this thread i'll add a link to this post i made to this thread which was received pretty well.

Here's some of the things I do on my computer

1. Browser Security

Dont use IE if you dont have to. Firefox and Opera have a far better baseline for security, however nothing is perfect; make sure you stay up on your updates. If you have to use IE, I recommend the data protection template from the JAP folks.

For browsing I recommend using JAP or TOR. Also, if you have the bandwidth, be a pal and become a TOR server.

2. Host Security

If you are using Windows XP, turn on the disk encryption. To to the file you want to encrypt, such as My Documents. Right click. Select Properties. Under the General Tab select Advanced. Select 'Encrypt contents to secure data'. You can use other programs like GnuPG or PGP Desktop if you want a solid crypto solution to encrypt files and email. I figure, the Windows stuff is in there, why not use it.

The other things to do in regards to Windows host security. Set up fucking passwords on each account. Make the passwords strong. 8 characters minimum, mixture of UPPER and lower case letters, numbers, and special characters (!@$*%, etc). Make sure automatic updates is turned on, but still hit windows update from time to time to make sure you are current on your patches. Disable any accounts that you arent using as well. If you're using Windows 2000, password protect, rename, then disable the Administrator account. Just like you should never log in as 'root', same goes for the Administrator account in Windoze.

3. Privacy protection

Don't delete files, Erase them!. Also, if/when you go to decommision a drive, take advantage of Eraser's boot 'n nuke floppy option.

Clean up after yourself by using something like Ilsystem wiper. You can have it wipe just about anything and it has the ability to add plugins to cover your custom apps.

Run Anti Virus software. For God's sake, run it. On behalf of the rest of the Internet using population, let me say that 90% of our problems would be solved if everyone patched their systems and ran AV. Check out AVG Anti Virus. Its free, you have no excuse not to run it.

Keep spyware off your system. I wont bother posting links, as its already been covered. Adaware by Lava Soft and SpyBot by Kola software both rock. Check out Microsoft's anti-spyware utility as well. Its not half bad.

If you have a ton of passwords, dont keep them in a text file. Use something like Password Safe to store them. Also, dont forget to change your passwords from time to time. ALL of your passwords. Online banking, ATM PINs, Logons, Web Mail, FORUM passwords, etc.


4. Physical protection

Set a BIOS password. Keep your laptop under lock and key when you dont have it. If you transport it in a backpack, put a padlock on it. No, it wont stop someone from stealing your backpack, but it will prevent someone from casualy popping your back pack open while you arent paying attention and bolting off your laptop. If you are traveling, take advantage of the in-room safes most hotels have. If you want to be paranoid, get a removable biometric card (note, I said removable). Keep it with you so the laptop wont work without it. Built-in biometrics kinda defeat the purpose, as its fairly easy to bypass a thumbprint scanner if you have access to the scanner itself.

5. Disaster Recovery

The forgotten 'A' of the CIA triad. Back your freeking data up already. Just about everything has a burner in it. If not, get one. PC Club has a CD/DVD+-RW burner on sale right now for 45 bucks. Back your data up. Back it up regularly. Make a note on your calendar to remind yourself to back up your data. When you back up your data, also make a list of all the programs you have installed on your computer. Anyone who's ever had to reflash a hard drive will know theres nothing worse than sitting down at your freshly imaged system and saying 'now what did I have installed on here?'. Keep the list installed software and your backups some place safe. For the paranoid, get a safety deposit box at the local bank. For the more realistic, go get a Fire Safe. Keep everything in there. Not a bad idea to also keep your passport, unused credit cards, insurance information, etc in there too. That way you can grab it and go if the house is burning and not have to wonder if you have everything.

I agree. I show all extensions by default.

I have a few bones to pick with the list and a fistful of items to add to it. Great start, I think it is a great idea to assemble baseline documents/links/resources like this in an organized fashion. If someone asks, we can easily point to a clean thread instead of just giving a standard 'googleitdammit'

Will contribute to this thread as time permits, I encourage others to do the same, or start similar threads (be sure to quote your source, like above, if you pull a doc from someone else).

Correct me if im wrong, But isnt it bad to hide file extensions?

A virus with the name:

Document42.doc.exe

would apeer as:

Document42.doc


There was even a small part about that in The Art of Deception.