Varnost

To temo odpiram, ker je virusov, črvov in raznih zajedalcev vsak dan več. Če imate kakšno vprašanje, bi želeli kaj dodati ali popraviti, ali pa bi samo radi delili vaše izkušnje pri exterminiranju te "golazni", ste vabljeni k sodelovanju.
O spamu nisem pisal skoraj nič. Če vas o tej temi zanima več, si lahko preberete tale Slo-Techov članek.

Obnovljeno: 27. september 2006

1. Zaščita in odstranjevanje

Windows XP Security Checklist: Uporaben seznam stvari, ki jih lahko vsak WinXP uporabnik stori za večjo varnost svojega operacijskega sistema. Tukaj pa je verzija seznama za Windows 2000.
Microsoft Baseline Security Analyzer: Pregled varnostnih mehanizmov v skladu s priporočili podjetja Microsoft.

I think my computer is infected or hijacked. What should I do?: Steb-by-step vodič, kako se rešiti virusov, spywara in podobne zalege.
Še en podoben vodič
Spyware/AdWare/Malware FAQ and Removal Guide

Dandanes so že za vsakega uporabnika priporočeni:
a. Firewall (tema na Slo-Techu o tem teče tule)
b. Antivirusni program (ST tema je tukaj)
c. Anti spyware/adware/malware program

2. Programi

2.1. Firewalli
2.1.1. Zastonjski firewalli
Sygate Personal Firewall | slike: .:1:. .:2:. .:3:.
ZoneAlarm free | slike: ..1..
Kerio Personal Firewall | slike: ..1.. ..2.. ..3..
Seznam zastonjskih firewallov in še nekaterih drugih varnostnih programov.

2.1.2. Plačljivi firewalli
Sygate Personal Firewall PRO | slike: .:1:. .:2:. .:3:. .:4:.
ZoneAlarm PLUS/PRO | slike: .:1:. .:2:. .:3:. .:4:. .:5:.
Norton Personal Firewall | slike: ..1..
Norton Internet Security | slike: .:1:. .:2:. .:3:. .:4:. .:5:. .:6:. .:7:.
Tiny Personal Firewall | slike: ..1.. ..2.. ..3.. ..4..
McAfee Personal Firewall | slike: ..1.. ..2..
F-Secure Internet Security | Pet slik najdete tukaj.
Za obširnejši seznam, se obrnite na tole stran.


2.2. Antivirusni programi
2.2.1. Zastonjski antivirusni programi
BitDefender Free Edition | slike: ..1..
AVG FREE edition | slike: ..1..
Avast 4 Home Edition
AntiVir Personal Edition | slike: ..1.. ..2..
F-Prot for DOS

2.2.2. Plačljivi antivirusni programi
BitDefender | slike: .:1:. .:2:. .:3:.
Norton Antivirus | slike: .:1:. .:2:. .:3:. .:4:. .:5:. .:6:.
McAfee Virus Scan | slike: ..1.. ..2..
TrendMicro PC-Cillin | slike: ..1..
Panda Antivirus | slike: ..1..
Sophos Antivirus | slike: ..1..
Kaspersky Antivirus | slike: ..1..
F-Secure Antivirus
Obširen seznam antivirusnih programov. Vključene so tudi povezave na teste le-teh.


2.3. Anti spyware, etc.

2.3.1. Zastonjski anti spyware programi
SpyBot Search & Destroy
AdAware
Javacool SpywareBlaster

2.3.2. Plačljivi anti spyware programi
Trojan Hunter
eTrust Pest Patrol
Webroot Spy Sweeper
Ewido Anti Spyware
SpyBlocker Spyware Stopper
Spam Arrest
PrevX (pregledovanje brezplačno)

Več, kot imate tehle naloženih, bolje je


2.4. Anti-spam programi
Norton AntiSpam
Obširen seznam z opisi ter testi najdete na tej strani.


2.5. Windows register
Registry Drill
Registry Analyst
Registry Mechanic

3. Definicije nekaterih splošno uprabljenih izrazov

3.1 Malware
Malware is a term used to describe any form of malicious software. A mal-ware can be viruses, trojan horses, malicious active content etc which are run normally without the knowledge and permission of the user. A malicious program can be thus broadly defined as any unwanted source code that runs in a workstation, causing unexpected results that could be system outages, performance problems or opening a back door for hackers.

3.2 Spyware
Spyware is any application that collects information about your computer activities and then sends that information to another individual or company without your knowledge or permission.

3.3 Adware
Adware is advertising-supported software that displays pop-up advertisements whenever the program is running. The software is usually available via free download from the Internet, and it is the advertisements that create revenue for the company. Although seemingly harmless (aside from intrusiveness and annoyance of pop-up ads), adware can install components onto your computer that track personal information (including your age, gender, location, buying preferences, surfing habits, etc.). Most advertising supported software doesn't inform you that it installs adware on your system, other than via buried reference in a license agreement. In many cases the software will not function without the adware component. Some Adware can install itself on your computer even if you decline the offer.

3.4. Računalniški virus
"A parasitic program written intentionally to enter a computer without the users permission or knowledge. The word parasite is used because a virus attaches to files or boot sectors and replicates itself, thus continuing to spread. Though some virus's do little but replicate others can cause serious damage or effect program and system performance. A virus should never be assumed harmless and left on a system."
- Symantec
"... a program which makes a copy of itself in such a way as to ‘infect’ parts of the operating system and/or application programs.”
- Survivor's Guide to Computer Viruses

3.5 Računalniški črv
In contrast to viruses, computer worms are malicious programs that copy themselves from system to system, rather than infiltrating legitimate files. For example, a mass-mailing email worm is a worm that sends copies of itself via email. A network worm makes copies of itself throughout a network, an Internet worm sends copies of itself via vulnerable computers on the Internet, and so on.

3.6 Trojanci
Trojans are malicious programs that appear as harmless or desirable applications. Trojans are designed to cause loss or theft of computer data, and to destroy your system. Some trojans, called RATs (Remote Administration Tools), allow an attacker to gain unrestricted access of your computer whenever you are online. The attacker can perform activities such as file transfers, adding/deleting files or programs, and controlling the mouse and keyboard. Trojans are generally distributed as email attachments or bundled with another software program.

3.7 Adware piškotki
Cookies are pieces of information that are generated by a web server and stored on your computer for future access. Cookies were originally implemented to allow you to customize your web experience, and continue to serve useful purpose in enabling a personalized web experience. However, some web sites now issue adware cookies, which allow multiple web sites to store and access cookies that may contain personal information (including surfing habits, user names and passwords, areas of interest, etc.), and then simultaneously share the information it contains with other web sites. This sharing of information allows marketing firms to create a user profile based on your personal information and sell it to other firms. Adware cookies are almost always installed and accessed without your knowledge or consent.

3.8 Dialerji
Dialers are a type of software typically used by vendors serving pornography via the Internet. Once dialer software is downloaded, the user is disconnected from their modem's usual Internet service provider, connected to another phone number, and the user is billed. Dialers do not "spy" on their intended victims, but these malevolent programs can rack up significant long distance phone charges, costing victims time and money.

3.9 Exploiti
"A technique or code that uses a vulnerability to provide system access to the attacker."

Kot nam je pojasnil jype: "Exploit je program, ki demonstrira ali pa kar zlorabi luknjo v programski opremi in obicajno vsebuje t.i. shellcode, strojno kodo, ki jo pripravi napadalec posebej zato, da dobi dostop do sistema ali si pridobi vecje pravice na sistemu."

"exploit - A security hole or an instance of taking advantage of a security hole.
{hackers} say exploit. {sysadmins} say hole -- Mike Emke (http://emke.com/)"

3.10 System monitorji in Keyloggerji
System monitors are applications designed to monitor computer activity to various degrees. These programs can capture virtually everything you do on your computer including recording all keystrokes, emails, chat room dialogue, web sites visited, and programs run. System monitors usually run in the background so that you do not know that you are being monitored. The information gathered by the system monitor is stored on your computer in an encrypted log file for later retrieval. Some programs are capable of emailing the log files to another location.
Traditionally, system monitors had to be installed by someone with administrative access to your computer, such as a system administrator or someone that shares your computer. However, there has been a recent wave of system monitoring tools disguised as email attachments or "freeware" software products.

3.11 Browser Helper Object (BHO)
"A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." There are many exploits of this technology which search all pages you view in IE and replace banner advertisements with other ads, monitor and report on your actions, change your home page, etc."

3.12 SPAM
"Spam is defined as unsolicited bulk e-mail sent to large numbers of people to promote products or services. Spam also refers to inappropriate and off-topic promotional or commercial postings to discussion groups, bulletin boards, or weblogging sites often referred to as "blogs"."

"The characteristics of SPAM are simply that the email is:
a. Mass mailed
b. Commercial in nature
c. Not requested by the recipient
d. Sent without a prior business relationship"

4. Povezave

4.1. Portali
SecurityOps portal
Ravbarji in zandarji (SLO)
ONLamp security

4.2. Informacije in novice
CERT
SI-CERT
Firewall Guide: Informacije in testi varnostnih programov z vseh področij.
Arnes - varnost solskih mrez (zacetniki)
Honeynet Project
Net Security
Security Focus
Virus encyclopedia
SpywareInfo
Counterexplotation

4.3. Varnostna orodja
PacketStorm Security
Removal Tools by Symantec
BitDefender Removal Tools
Free Panda Virus Disinfection Utilities
McAfee AVERT Tools
hacking exposed orodja
sysinternals: orodja za win

4.4 Forumi o varnosti
Spyware Warrior forumi
EliteSecurity forum (X-YU)
Wilders Security Forums

4.5. Anonimnost
Stay Invisible: Dnevno update-ana stran s seznamom zastonjskih proxyjev, novičkami, orodji ter raznimi informacijami/nasveti o zasebnosti
Anonymous Browsing Quick-Start Page: Hitra izbira med enajstimi različnimi proxyji in še veliko drugih koristnih linkov
The Cloak

4.6. On-line testi odprtih portov, ranljivosti, trojancev, ipd.
ShieldsUP!: Gibson Research Corporation security checkup
Sygate Online Services (S.O.S.): TCP, UDP, ICMP, Trojan, Stealth scan
PcFlank
HackerWatch Probe
BlackCode Security Scan
DSLReports Port Scan
Free online Trojan scanner

4.7 On-line antivirusno skeniranje
TrendMicro
RAV Antivirus
BitDefender
Panda
Symantec
McAfee
F-Secure
Command on Demand
eTrust (Computer Associates)
Kaspersky (samo za posamično datoteko)

4.8. O portih
ActivePorts: Freeware program za nadziranje prometa TCP in UDP portov
Seznam portov: kateri programi jih uporabljajo, itn.

4.9. Micro$oft
Office Update
Windows Update
WindizUpdate
Security Support Center
MS Security Homepage
MS TechNet\Security
Microsoft Learning Security Resources
Get Notified Right Away of Important Security Updates
Protect your PC Three steps to help ensure your PC is protected
What You Should Know About the Mydoom and Doomjuice Worms
Software inspector

4.10. Ostalo
MVPS: Dealing with Unwanted Spyware and Parasites
Wikipedia o spywaru
PestPatrol: Spyware, Adware, Hijackers and Other Pests
A penny earned: Spyware, Tracking Cookies, Browser Hijacking, Keylogging and More Internet
Krajši seznam zastonjskih removal programckov
wiki computer network security spodaj, kar nekaj uporabnih povezav na razlage pojmov, tehnik...
remote exploit tutorials razni tutoriali za uporabo orodij v backtracku
Irongeek Članki in tutoriali na temo informacijske varnosti
rootsecure veliko člankov, vodičev, uporabne povezave naprej...
AntiOnline Forum, članki, vodiči ...



K tej temi so prispevali še cryptozaver, JimiBtn, Sims, pzorko, jype in iNN.
Če najdete slike za programe, ki jih še ni ali pa boljše slike od obstoječih, jih le prilimajte

Najboljšega ni. So samo boljši, srednji in slabši. Ga ni programa, ki bi znal najti vse viruse in črve in trojance.Vedno se najde kak virus/trojanc, ki ga nek drug program zazna, tvoj favorit pa ga bo mogoče šele pri naslednji posodobitvi.
Pa tudi če trenutno najdeš najboljšega, bo čez kak mesec že drug najboljši. Danes eden jutri drugi.

Ne spomnem se, kdaj mi je nazadnje nevirusno datoteko tretiralo kot virus.

Bom povprašau nekaj v tej temi..

Mi lahko kdo pomaga pri eni zadevi.
Kak lahko jaz dostopam prek proxija na kako stran.
npr sedaj grem na stran www.moj-ip.com

Kak program naj mam ki podpira flash player in da mi spremeni ip. Ker mam statičen ip.

Pa baje se prek proxija da samo prek web proxi ni dobro ker ne podpirajo flash playera.
ma kdo kako idejo? da ni nevem kak zakomplicirano?
V veliko pomoč bi mi blo.

Beri moj podpis...

Bom vprašal v tej temi, ker se mi zdi najbolj primerna:

Malo prej sem nekaj surfal po netu, nakar sem prišel do strani http://newhackworld.tk/. Sem v brskalniku FF, šel sem na stran, ki se je naložila, na kar mi je antivirus javil nek warning, in stran prekinil.

FF mi ni javil prej nobenega warninga, G Chrome pa je javil, da stran vsebuje malware (Warning: Visiting this site may harm your computer!The website at newhackworld.tk contains elements from the site jl.chura.pl, which appears to host malware - software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.For detailed information about the problems with these elements, visit the Google Safe Browsing diagnostic page for jl.chura.pl.Learn more about how to protect yourself from harmful software online.I understand that visiting this site may harm my computer).

Kaj takega se mi je sedaj zgodilo prvič. Ker nisem na tem področju dosti izkušenj, me zanima, ali je sedaj dejansko lahko prišlo/pride do kake okužbe, izgube gesel, vdora, ker se je stran naložila za par sekund ali se še zdaj zaradi tega nemore nič zgodit?

Uporabljan pa Win XP SP3 (licenčne preko MSDNAA) in ESET smart security 3.0.621.0 (neoriginalno)

Hvala in lep dan!

Ljudjem z neorginalnim SWjem se ne pomaga ...

To je, kot če bi rekel, da se ljudi, ki nimajo dovolj denarja, naj izloča iz družbe.

Hvala vseeno!