1. Don't click any links in Steam chat. Scammers are sending links with special characters that look exactly like real Steam-related websites.

READ ME Suggestions to secure your computer (Windows)

Discussion in 'SteamRep Guides' started by SilentReaper(SR), Nov 6, 2014.

  1. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    There are a number of things one can do to improve their computer's security. Not one single method protects against everything there is. But combining multiple things will help against most. One thing people do need to know is that having in-depth security on their computer on various levels will make that it won't be a single point of failure to block viruses or malware.

    And about that, an anti-virus program is a whole different thing then a anti-malware program due to the differences in their definition. Most free anti-virus programs do not protect versus malware, and vice verse. The advantage between anti-virus programs is that these companies have a overall "platform" organization where they exchange newly found specimen among each-other. This is however NOT the case for the anti-malware companies, for Symantec marked anti-malware software of competitors as malware and the newly set up platform didn't act against it.

    That platform is now sort-of dead, and this created the need to have (a good) Anti-Virus and at least 2 or 3 anti-malware programs installed, for they mostly do not communicate all the new stuff around and let everybody work on solutions.

    Of all the below security measures only the anti-virus and anti-malware programs are "active" as in requiring system resources of your computer.

    ==============================================

    OpenDNS, https://www.opendns.com/
    Explanation:
    OpenDNS is a DNS service which can be managed by its users. DNS is a service which converts the human readable name "http://steamrep.com" to a IP address that the computer can understand and then the browser or other program can access a server to get content from it. This solution will only improve your internet experience for it will block things you selected, without that it puts a load on your computer.

    Basic steps:
    1. Create a account on the site.
    2. Go to the dashboard (when logged in): https://dashboard.opendns.com/
    3. Go to the tab "Settings" and block at least "Parked Domains", "Adware", "Web Spam"
    4. Install the OpenDNS Updater: https://dashboard.opendns.com/support/ and configure it with your login credentials of OpenDNS.
    5. Configure your network to use OpenDNS: https://support.opendns.com/entries/38001040-Windows-7
    ==============================================

    MVPS Hosts, http://winhelp2002.mvps.org/hosts.htm
    Explanation:
    MVPS Hosts is a hosts file to block known malware, advertizing, and other domains having less then good intents with you. Read the above linked page for a full explanation. Use Hostsman to automatically update it. (it is linked on the bottom of the MVPS Hosts page. This solution will only improve your internet experience for it will block things you selected, without that it puts a load on your computer.

    Basic Steps:
    1. Disable DNS Client service. (vulnerable service redirecting to wrong server(s) if you ever get infected)
      1. Open Start, click "ok" after typing in the search box: services.msc
      2. Search for "DNS Client" in the list and double click it.
      3. Set "Startup type" to "Disabled"
      4. Click the "Stop" button.
      5. Click "OK" and close the Services window.
    2. Install Hostsman (program to automatically update the MVPS Hosts file, which gets updated about twice a month)
      1. Go to http://www.abelhadigital.com/hostsman and download the latest "Installer Version".
      2. Go to the download and extract the .zip file.
      3. Install the program (create "Desktop Icon" for ease of access).
      4. Start the program.
      5. Configure it:
        1. Click the "Run Hostsman as Administrator" button on the bottom if you have UAC enabled. It will restart the program.
        2. Click the "Select Sources..." button.
        3. Don't go crazy, only select "MVPS Hosts" not the others, those are a bit overzealous (understatement). The only one I'd also consider is the "Malware Domain List" one. Click "close" to close that dialog.
        4. On bottom right, click "Options"
        5. Set the following options:
          1. System, Automatically run on Windows Startup: All Users
          2. Import, tick the box for "Replace IP", and leave it with replacing 0.0.0.0 to 127.0.0.1
          3. Updater, untick the box "Ask for confirmation when new updates are available"
          4. Updater, tick the box for "Automatically check and download new hosts file updates"
          5. Updater, change "Default Action" to "Replace Hosts File"
          6. Click "OK"
        6. Click the button "Check for updates"

    ==============================================

    Web of Trust, http://www.mywot.com
    This is basically a "vote by member" system of trusting websites or not. It displays in your browser as a icon next to your URL bar and tells you about its "trust" rating by color and if that trust is rated low, why its "bad" if you click it. I personally don't like it, for I rather research myself (see replies below). But not everybody is so aware and researching everything they encounter. For normal users this can work as first warning... Be warned tho, it can be fooled. SteamRep has had for a long time a "bad rating" on their system, for hijackers and phishers had used bots or whatnot to rate us bad. We had like 10-15 topics regarding this in early 2012.

    ==============================================

    Anti-Virus Program
    Explanation:
    Have an actual anti-virus solution installed on your computer. But anyways, I recommend:
    • Eset Smart Security (paid) (works great with gaming, it is very low on using CPU and disk access.
    • Avast (Free)
    • Kaspersky
    • Bitdefender
    To check which would be good for you, I'd recommend to look around on the test results on anti-virus applications here:
    http://www.av-comparatives.org/

    A couple to avoid are:
    • Microsoft Security Essentials (its not a antivirus, never was, too many people think it is)
    • Avira (seen it bypassed too many times by malware, it is simply not defending itself against them)
    • McAfee (nice for corporate environments with other measurements in place, not for use at home)
    Once you selected one, a free one or a paid one, install it and keep it updated.

    To people without and convinced they will not get infected I will say: how did you check? And once you got hijacked, you can't complain. Most anti-virus programs have a "game mode" nowadays to be non-intrusive.

    ==============================================

    Browser
    Explanation:
    Use a different browser then Internet Explorer. While Firefox is maybe lacking in the UI at the moment, it is still a very secure browser. So is Google Chrome.

    Download Firefox: https://www.mozilla.org/en-US/firefox/all/
    Download Chrome: https://www.google.com/chrome/

    A few security improving plugins for Firefox:
    General Firefox security tips (although a bit old now): http://www.insanitybit.com/2012/06/02/the-definitive-guide-for-securing-firefox/

    As I'm a Firefox only user, and don't use Internet Explorer, Chrome and any of the others, I'm not familiar with counterparts for those plugins for those browsers. Some will have direct counterparts, others not.

    ==============================================

    SpywareBlaster, http://www.brightfort.com/
    Explanation:
    This is basically a program that will change settings in your browser to protect it from various bad sites, and their browser plugins. The "Home" version is free, and requires manual updating. After updating you will have to apply it to your browser(s). It is a pretty simple program, so I'm sure you will get the idea.

    Read more: http://www.brightfort.com/spywareblaster.html

    ==============================================

    SpyBot S&D, http://www.safer-networking.org/
    Explanation:
    SpyBot S&D free is useful as a Malware Scanner and has a Immunizer functionality (similar to SpywareBlaster, I use it to complement each to get a completer blocking). Install it, update and run the optimizer. Scan your computer like once a month with it for malware.
    I'm not familiar with their Anti-virus offering, and as they do not appear on av-comparatives.org yet, I'd not use them for anti-virus, for them being new in that category.

    The program is pretty big in features, explore and find out yourself.

    ==============================================

    SuperAntiSpyware, http://www.superantispyware.com/
    Explanation:
    I use this one often as a extra scan option to scan the computer for malware. No single anti-malware program finds all, and best is to use 2 or 3 different scanners to scan your system fully. I've had good results with this.

    ==============================================

    Malwarebytes Anti-Malware & Anti-Exploit Free, https://www.malwarebytes.org/
    These 2 are much used free anti malware tools. No single anti-malware program finds all, and best is to use 2 or 3 different scanners to scan your system fully. I've had good results with these.

    ==============================================

    JAVA.
    If you do not absolutely need it, please uninstall it. Every once in a while I do need it, I have to download the latest again and use it, and after I uninstall it again. Their update policy is so bad that 0-days aren't 0-days but 0-quarters (as in 3-montly before it is maybe fixed).
    Yes, it is a popular programming language. It is also one that is abused a LOT, for it has a load of loopholes that can directly access your system through your browser.

    Some of the readers won't be able to avoid to have Java installed, some suggestions:
    • Turn off Java in your main browser (often there are options to turn it off within it, or ask permission to run it) and dedicate a different browser for those Java-requiring websites you really need it for. Do that in a browser you really dislike (I use Internet Explorer for it when I need Java).
    • Some browsers can allow different profiles, which you then can set up to use 1 profile normally with Java disabled, and the other to have it enabled, but only to be used for your really needed sites that only work with Java:

    ** don't hang me on Opera, what I found was gone (see linked within the article here: http://www.howtogeek.com/139705/how-to-use-multiple-browser-profiles-in-any-browser/ )

    ==============================================

    RAT (Remote Administration Tool)
    There is often talk about RAT's used by hijackers/phishers to gain control over your computer. They often use a executable that isn't detected by various anti-virus or anti-malware tools because as soon as those get detected, they change the source code and recompile it into a new version that isn't detected. As the attack vector by them vary a lot by how they gain access, hide themselves and often aren't detected by the various tools above, these are hard to remove once they gained access to your system, some of these even remove themselves after doing their work (trading your items to their mule account, gaining passwords of email addresses to be able to "confirm" the trade, etc.) for they have what they wanted from you, and want to prevent that their tool(s) get detected etc.

    The only advice I can give you, is to use below mentioned resources, which often utilize a program named "ComboFix", this is a scanning and report program, they read those reports and those experienced security people on the various forums are more knowledgeable in this then I can convey in a simple topic. As I don't specialize in this, I wouldn't be able to help people with this either. I just know my way around, and am quite suspicious of any "new" program, esp if it comes from someone else instead of finding it yourself online (and yes, most of those RAT's are hosted on a fake website, some even have fake mumble sites copied fully to make you believe, but only if you then google it, you find that its actually mumble.info or mumble.com, not mumble[xxxx][dot][xxx] and especially not a "beta" of it.

    Popular RAT attacks:
    • "screenshot": Telling the user some "outragious" thing, like "Look what they said about you here", or whatever scheme to get you to click a link with a ".scr" extension.
    • Mumble: Telling user that the server is a "new beta" version of mumble, requiring a beta version of mumble.
      • This just foregoes the principle that new beta server versions of Mumble are fully compatible with older version clients.
    • TeamSpeak: Telling user to connect to a TeamSpeak server, and a "Error" pops up saying either about a wrong codec "needed" for this server, or a newer version of TeamSpeak, conveniently linking the malware directly for download.
      • This abuses a little known feature of TeamSpeak: The server can push to the client a dialog box with custom text and links etc. The real update and/or notification from TeamSpeak will always be in the status bar (bottom bar of the window), never a pop-up.
    • "Anti-cheat" program required by the CS:GO server: Basically inviting people to a "match" on their "server", telling them they need to install some program from a (fake) website to be able to connect with their game.
      • There is no server on that IP, hence the game tells you it cannot connect. The executable they want you to install....
    Well, if you read above... you recognize a pattern:
    - Someone contacts you and makes up SOME reason to give you a link or connect to something.
    - You have to click the link, and either its a site where their malware is located, or a direct download.
    - Your computer gets hijacked....

    So, don't click/download stuff others linked you, and if you do, make damn sure, for it can be a costly mistake if your Steam Items are worth in the 1000's.

    ==============================================

    Conclusion:
    The above all combined will keep you pretty secure as long as you keep involved to keep yourself secure. For instance the Firefox NoScript plugin is for advanced users, that keep track what sites they want to give permission to run scripts in their browser (normally everybody).

    There is no way to be safe 100%. A new 0-day vulnerability will get through (although NoScript will give them a hard time if you have that, and are sensible with it).

    Also, if you get linked something, do not download it. Search for it on your own merits via Google, or heaven forbid Bing. If you cannot find their "version" via your search, that should give you a clue that they cannot be trusted. If they want you to review images or w/e, tell them to host them on Imgur or other image hosting site, or email it to your email address (use a spam-address, see: http://forums.steamrep.com/threads/general-e-mail-security-considerations.17308/ ) The better mail providers have pretty good virus/malware scanners in place to protect their users.


    Resources you might like to check out if you get infected anyways:
    And many more. You can find a bunch of these and more in different languages on 3/4th of this page:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Now, do not run combofix unless instructed to by such site. It is too advanced and may cause problems.

    I do however have 1 general advice when you do get infected with malware: With more then 5 to 10 infections found by your anti-malware software (and no, I do not mean "bad cookies") you should start considering to reinstall your computer with windows to get rid of all the crap it left behind. Malware will negatively change your computer systems security settings and put in measures to get itself re-installed again. The more you find on your computer, the higher the chance on this, and the more problematic it becomes.

    I've seen computers infected literally with hundreds of pieces of malware, spyware and/or viruses. After cleaning they came back, either after a reboot or after a while with scheduled tasks to re-install themselves, and then install other one "helper" programs. It becomes then way too hard to get the computer cleaned, for they where spending months on how to hide their tracks, and you just come around looking to find it. Better then to get it all down the bin, and restart with a clean installment of windows and security measures. In that way, prevention is better than curing it.
    Last edited: Oct 19, 2015
  2. Wrath

    Wrath New User

    Messages:
    404
    Steam:
    STEAM_0:0:30129880
    @SilentReaper

    Your knowledge of HAX is scary and dangerous. Awesome Guide, I'll pass it around!
  3. cheatnow

    cheatnow New User

    Messages:
    27
    Steam:
    STEAM_0:1:43206935
    Very nice!
    For anti malware solutions I can also recommend Malwarebytes antimalware
    Also a nice plugin for ff users is the WOT add on short for web of trust. It let's users rate websites.
    Xenophobia and Bizarro like this.
  4. ЩĄ | Horse

    ЩĄ | Horse Wicked Afterlife Owner Retired Staff Partner Community

    Messages:
    54,362
    SteamRep Admin:
    STEAM_0:1:34690691
    It is pretty common knowledge and in fact all this information should be taught in schools as a requirement ahead of anyone pushing the power button of a computer.
    And yes I too recommend Malwarebytes - I dislike spybot S&D and sometimes a simple TDSSkiller run will help on most occasions with other applications, but there are processes to follow prior to running these applications. If you are infected (windows user) then you must turn OFF system restore prior to doing anything, turn it back on later if you want...and for God's sake stay away from toolbar crap and those stupid pc repair applications - they don't work and will only bog down a system.
    There is no quick fix to even minor infections, it takes time to remove things and to check the system over properly.

    Avast free is a good AV but for cleaning purposes its best used updated and ran thru a boot scan after something such as malwarebytes is run and a restart is performed so you go right from one to the other.
    Roudydogg1, Bizarro and Wrath like this.
  5. [JCGG] Jomarcenter - MJM

    [JCGG] Jomarcenter - MJM New User

    Messages:
    15
    Steam:
    STEAM_0:0:44619298
    True you should include it. Mostly it basically Steamrep but for website than users. therefore you can avoid bad reputation website that can harm your computer and it even integrated to your searches so you can avoid clicking it if it marked as a bad site.
  6. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Tbh, I'm a bit against such "vote by member" security. The average user voting for various sites is not aware of a lot of things. With NoScript the site won't be harmful, and I can still view the site if need be.
    NoScript does 10x or more then "WoT" is doing. It makes me aware of all the linked-in webresources a website uses, and can block or allow each one individually. WoT can be fooled if one really wants, just a matter of automation and use of proxies etc. I do remember that WoT had marked SteamRep as being "bad" for a while. Due that scammers and phishers had rated our site as bad. If they can do that, then its not "WoT" for Web of Trust, but "WoF" ie: Web of Fools. We had like 10-15 topics back in the day about it in the general section.

    The biggest vulnerability is advertisements on websites, those are most often externally hosted, and managed by some external advert platform, a party that wants to do such just "replaces" after the initial round with advertisements the advert link with a malware link that is harmful. The way they do it is by making first a legit advert and then replace the forward link to something harmful. MVPS HOSTS, Adblock, spywareblaster and spybot S&D' imunizer are next to NoScript great for blocking that kind of stuff in combination with eachother.
    Wrath and Lava like this.
  7. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    - Expanded the intro text.
  8. Hermul

    Hermul New User

    Messages:
    1
    Steam:
    STEAM_0:0:89249885
    Thanks sir for information.
  9. [S] Bulldog |₦ↁ|

    [S] Bulldog |₦ↁ| Donator - Tier V

    Messages:
    1
    Steam:
    STEAM_0:1:6851966
    Don't forget the new application from Malwarebytes. MBAM Anti Exploit does code inspection in most browsers and some applications (more if you use the pay version)! It protects differently than NoScript does, and works regardless of browser or other settings.

    https://www.malwarebytes.org/antiexploit/

    Thanks for the writeup!
    SilentReaper(SR) likes this.
  10. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Interesting one, I'll check it out.

    /edit: comments here are a good source of info: http://malware.dontneedcoffee.com/2014/06/mbae.html
    /edit2: Competition: http://blog.trailofbits.com/2012/10/29/ending-the-love-affair-with-exploitshield/ which seems of the same type as MB's, its analytical points are relevant. Still looking for the MB equivalent.
    Last edited: Jan 16, 2015
  11. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Hmm, the AdBlock Plus plugin has been on the news regarding letting advert channels pay them "30 %" of otherwise missed advertisements to them to let them thru...
  12. Flufy

    Flufy New User

    Messages:
    2
    Steam:
    STEAM_0:0:87483460
  13. Bobotov

    Bobotov New User

    Messages:
    1
    Steam:
    STEAM_0:0:82060350
    Here's a video of Malwarebytes Anti-Exploit in action:
  14. Hey. silent reaper can you add MyWOT as well? it is really help in identifying phishing links
  15. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
  16. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Added:
    - MyWoT
    - MalwareBytes
    - RAT attacks.
    - Some small textual changes.
  17. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,992
    SteamRep Admin:
    STEAM_0:0:89705646
    Added:
    - Java suggestions.
  18. Dan Castellaneta

    Dan Castellaneta New User

    Messages:
    1
    Steam:
    STEAM_0:0:138629535
  19. Monitie

    Monitie New User

    Messages:
    1
    Steam:
    STEAM_0:1:128277971
    Pretty good guide, might help me remove the 300 f✿✿✿✿✿✿ viruses I have currently..
  20. Heaven ツ

    Heaven ツ New User

    Messages:
    18
    Steam:
    STEAM_0:0:179138085
    I pretty much using a rdp with a sh*t ton of Antivirus ed loaded.