BleepingComputer.com: Answers to common security questions - Best Practices

Best Practices for Safe Computing - Prevention

Common sense, safe computing and safe surfing habits is essential to protecting yourself from malware infection. No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice these principles and stay informed. Knowledge and the ability to use it is the best defensive tool anyone could have. This includes educating yourself as to the most common ways malware is contracted and spread as well as prevention.

Important Tip: No amount of security software is going to defend against today's sophisticated malware writers for those who do not practice safe computing and stay informed. Always remember that security begins with personal responsibility.

Tips to protect yourself against malware infection:

• Keep Windows and Internet Explorer current with all security updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. When necessary, Microsoft releases security updates on the second Tuesday of each month and publishes Security update bulletins to announce and describe the update. If you're not sure how to install updates, please refer to Updating your computer. Microsoft also recommends Internet 6 and 7 users to upgrade their browsers due to security vulnerabilities which can be exploited by hackers.

• Avoid gaming sites, porn sites, pirated software (warez), cracking tools, and keygens. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. In some instances an infection may cause so much damage to your system that recovery is not possible and the only option is to wipe your drive, reformat and reinstall the OS.

• Avoid peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, Kontiki, BitTorrent, BitComet, uTorrent, BitLord, BearShare). They too are a security risk which can make your computer susceptible to malware infections. File sharing networks are thoroughly infected and infested with malware according to Senior Virus Analyst, Norman ASA. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

• P2P Software User Advisories
  
• Risks of File-Sharing Technology

• Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs install themselves and spread infections, read How Malware Spreads - How did I get infected.

• Keeping Autorun enabled on flash drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. One in every eight malware attacks occurs via a USB device. Many security experts recommend you disable Autorun as a method of prevention. Microsoft recommends doing the same.

• Microsoft Security Advisory (967940): Update for Windows Autorun
  
• Microsoft Article ID: 971029: Update to the AutoPlay functionality in Windows

Note: If using Windows 7, be aware that in order to help prevent malware from spreading, the Windows 7 engineering team made important changes and improvements to AutoPlay so that it will no longer support the AutoRun functionality for non-optical removable media.

• Always update vulnerable software like browsers, Adobe Reader and Java Runtime Environment (JRE) with the latest security patches. Older versions of these programs have vulnerabilities that malicious sites can use to exploit and infect your system.

• Time to Update Your Adobe Reader
  
• Adobe Security bulletins and advisories
  
• Microsoft: ‘Unprecedented Wave of Java Exploitation’
  
• eight out of every 10 Web browsers are vulnerable to attack by exploits

If a website has been hacked or displays malicious ads, they can exploit the vulnerable software on your computer. To help prevent this, install and use Secunia Personal Software Inspector (PSI), a FREE security tool designed to detect vulnerable and out-dated programs/plug-ins which expose your computer to malware infection.

• Use strong passwords and change them anytime you encounter a malware infection, especially if the computer was used for online banking, paying bills, has credit card information or other sensitive data on it. This would include any used for taxes, email, eBay, paypal and other online activities. You should consider them to be compromised and change all passwords immediately as a precaution in case an attacker was able to steal your information when the computer was infected. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.

• Don't disable UAC in Vista or Windows 7 and use Limited User Accounts in Windows XP.

• Don't forget to Back up your important data and files on a regular basis. Some infections may render your computer unbootable during or before the disinfection process. Even if you're computer is not infected, backing up is part of best practices in the event of hardware or system failure related to other causes.

• Windows Backup - The essential guide
  
• Windows Backup Guide

It is also a good practice to make a disk image with an imaging tool (i.e. Acronis True Image, Drive Image, Ghost, Macrium Reflect, etc.). Disk Imaging allows you to take a complete snapshot (image) of your hard disk which can be used for system recovery in case of a hard disk disaster or malware resistant to disinfection. The image is an exact, byte-by-byte copy of an entire hard drive (partition or logical disk) which can be used to restore your system at a later time to the exact same state the system was when you imaged the disk or partition. Essentially, it will restore the computer to the state it was in when the image was made.

• By now everyone should be familiar with Email scams and how to avoid them but also be aware of Phone Scamming.

Quote

Microsoft Survey & Advice on Phone Scamming
Microsoft Advice on Phone Scamming for UK Citizens


• Security Resources from Microsoft:

• How can I help protect my computer from viruses?
  
• Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
  
• Threats and Countermeasures: Security Settings in Windows Server 2008 and Windows Vista
  
• Microsoft Solutions for Security: The Antivirus Defense-in-Depth Guide

• Other Security Resources:

• Simple and easy ways to keep your computer safe and secure on the Internet
  
• Malware Prevention - Preventing Re-infection
  
• Hardening Windows Security - Part 1 & Part 2
  
• How to Stop 11 Hidden Security Threats
  
• Your Guide To Staying Safe Online

• Browser Security Resources:

• Configuring Internet Explorer for Practical Security and Privacy
  
• How to Secure Your Web Browser
  
• LowerMyRights
  
• Safe Web practices - How to remain safe on the Internet
  
• Use Task Manager to close pop-up messages to safely exit malware attacks

• Simple Ways To Secure Your Privacy:

• The Simplest Security: A Guide To Better Password Practices
  
• Securing Privacy Part 1: Hardware Issues
  
• Securing Privacy Part 2: Software Issues
  
• Securing Privacy Part 3: E-mail Issues
  
• Securing Privacy Part 4: Internet Issues

Other topics discussed in this thread:
Choosing an Anti-Virus Program
Replacing your Anti-virus - Why should you use Antivirus software?
Choosing a Firewall
Supplementing your Anti-Virus Program with Anti-Malware Tools
Glossary of Malware Related Terms

Choosing an Anti-Virus Program

Choosing an anti-virus is a matter of personal preference, your needs, your technical ability and experience, features offered, user friendliness, ease of updating (and upgrading to new program release), ease of installation/removal, available technical support from the vendor and price. Other factors to consider include detection rates and methods, scanning engine effectiveness, how often virus definitions are updated, the amount of resources the program utilizes, how it may affect system performance and what will work best for your system. A particular anti-virus that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. You may need to experiment and find the one most suitable for your needs. For more specific information to consider, please read Choosing Your Anti-virus Software.

No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus or anti-malware scanner detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus or anti-malware database is updated can also account for differences in threat detections.

Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.

Free Antivirus programs: (choose and install only one). I recommend any of thesee.

• avast! Free Antivirus <- includes Google Chrome pre-checked by default during installation
  
• Microsoft Security Essentials
  
• Avira Free Antivirus <- includes Ask.com Toolbar pre-checked by default during installation

-- Note: Many anti-virus vendors are bundling toolbars and other software with their products. If pre-checked by default that means you need to uncheck that option during installation if you don't want it.


IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to conflicts that can arise when they are running in real-time protection mode simultaneously and issues with Windows resource management. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves into the operating systems core and using more than one can cause instability, crash your computer, slow performance and waste system resources. When actively running in the background while connected to the Internet, they both may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

Each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "False Positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that virus or suspicious file. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found when that is not the case.

Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of others and may insist they be removed prior to download and installation of another. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms while trying to use it.

To avoid these problems, use only one anti-virus solution. Deciding which one to remove is your choice. Be aware that you may lose your subscription to that anti-virus program's virus definitions once you uninstall that software.

Anti-virus vendors recommend that you install and run only one anti-virus program at a time

• Symantec's statement
  
• Eset's Statement
  
• Avast's statement
  
• AVG's statement
  
• Dell Support statement

You can always supplement your anti-virus by performing an Online Virus Scan.

This post has been edited by quietman7: 30 April 2012 - 07:28 AM

Replacing your Anti-virus

IMPORTANT: Before removing (or reinstalling) your existing anti-virus, you should download and save the setup file for the anti-virus you are going to replace it with. Also download any specialized removal tools available from the vendor for your current anti-virus in case you need them. If is not uncommon for some anti-virus programs to not completely uninstall itself using the usual method of Add/Remove Programs or Programs and Features in Vista/Windows 7. Many anti-virus vendors provide clean-up utilities on their web sites to remove remnants left behind after uninstalling or for a failed uninstall. When that is the case, it's best to download directly from the vendor's site to ensure you are using the most current version of the uninstall utility as it is not uncommon for third party hosting sites to have outdated versions which may not work properly.

• Eset's List of Uninstallers (removal tools) for common antivirus software
  
• SingularLabs: Uninstallers – Security Software
  
• Antivirus removal tools
  
• Removal Tools and Methods for Uninstalling Major Antivirus Products
  
• Comprehensive List of Uninstallers or Removal Tools for Antivirus Software

Alternatively, you can try using Opswat AppRemover - supported applications list.

After doing the above, follow these steps:

• Disconnect from the Internet.
  
• Uninstall your current anti-virus.
  
• Reboot and install the replacement.
  
• Reboot again to ensure it is working properly before reconnecting to the Internet.
  
• Connect to the Internet and immediately download the latest definition database updates.

Why should you use Antivirus software?

• Understanding Home Network Security: Why should I care about computer security?
  
• Understanding security and safer computing
  
• Why Should You Use Antivirus & Internet Software?

Using unprotected computers on the Internet is a security risk to everyone as they are prone to attack from hackers, Botnets, zombie computers and malware infection. Using anti-virus software will help minimize the risk and help to prevent the computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, spammers have more platforms from which to send e-mail and more zombies are created to perpetuate the cycle.

This post has been edited by quietman7: 08 May 2012 - 10:23 AM

Choosing a Firewall

Choosing a firewall is also a matter of personal preference, your needs, your technical ability/experience, features offered, user friendliness, ease of updating, ease of installation/removal, available technical support from the vendor and price. Other factors to consider include effectiveness, the amount of resources it utilizes, how it may affect system performance and what will work best for your system. A particular firewall that works well for one person may not work as well for another. There is no universal "one size fits all" solution that works for everyone. You may need to experiment and find the one most suitable for your use and your system. For more specific information to consider, please read:

• How to choose a firewall
  
• Understanding and Using Firewalls

There is always the option to use Windows built-in Firewall. Most concerns you may have heard or read about the Windows Firewall were in the XP operating system so many users were advised to use third-party alternatives. Microsoft significantly improved the firewall to address these concerns in Vista and then added more improvements in Windows 7.

Windows Vista Firewall offers two-way filtering for better security than it did in XP but it is still limited. The firewall is combined with IPsec, turned on by default and set to a basic configuration that works in tandem with the Windows Service Hardening feature. If the firewall detects activity that it considers prohibited behavior according to the Service Hardenings preset rules, the firewall will block the suspicious activity. Another feature in the Vista firewall is that it can set rules based on three different types of networks using the Rules Wizard so creating firewall rules is much simpler.

By default, most (not all) outbound filtering is turned off (outbound connections are allowed) and inbound filtering is turned on (inbound connections are blocked/not allowed). Why? This is what Microsoft has to say:

Quote

Although most outbound filtering is disabled, Vista’s firewall does provide limited outbound filtering which users may not be aware of as it is essentially invisible.

Quote

Outbound filtering can be configured to provide an additional layer of security and it does provide corporate and business administrators control over applications (i.e. peer-to-peer file sharing) they may want to restrict. Any such applications that require outbound access must be added to the rules list by using the firewall with the Advanced Security Microsoft Management Console (MMC). Configuration may be confusing for some and there is no practical way to to configure outbound filtering to stop all unwanted outbound connections. Inbound filtering can be turned on or off and through various tabs and configuration settings. Windows Firewall Control is a free utility which can be used for quick access to define rules and configure the most frequent options used from Windows Firewall.

For more specific information about configuration and security, please refer to these articles:

• Windows Vista Security and Data Protection Improvements
  
• Understanding Windows Firewall settings
  
• The Windows Vista Firewall explained
  
• How to Allow a program to communicate through Windows Firewall
  
• Netsh Commands for Windows Firewall with Advanced Security

For an independent review read these articles (some include a response by Microsoft regarding outbound filtering as quoted above):

• Review of the Windows Vista Firewall by Arun Kumar, MVP
  
• Security Blanket: Vista's Outbound Firewall
  
• Windows Firewall: the best new security feature in Vista?
  
• Vista Firewall Fails on Outbound Security
  
• Windows Vista's Firewall

Windows 7 Firewall is similar to Vista and also offers two-way filtering for inbound and outbound traffic. However, Windows 7 adds a few new features in the firewall and related network-safety areas such as separate configuration settings for private (Home or Work) and public networks.

Quote

What's new in the Windows 7 Firewall?

Quote

What's new in the Windows 7 Firewall?

For information about using the Windows 7 firewall, managing settings, block programs from accessing the Internet, open/close ports or disabling firewall notifications, please refer to:

• Understanding Windows Firewall settings
  
• How to Manage the Windows 7 Firewall

For an independent review read:

• Security in Windows 7: Firewall and Networking
  
• Should You Use Windows Firewall?

Windows Firewall Tools

• Windows Firewall Control is a free utility which can be used for quick access to define rules and configure the most frequently used options.
  
• Windows Firewall Notifier is a free utility which can be used to extend the default Windows embedded firewall behavior.

IMPORTANT NOTE: Using more than one software firewall on a single computer is not advisable. Why? Using two firewalls could cause issues with connectivity to the Internet or other unexpected behavior. Further, running multiple software firewalls can cause conflicts that are hard to identify and troubleshoot. Only one of the firewalls can receive the packets over the network and process them. Sometimes you may even have a conflict that causes neither firewall to protect your connection. However, you can use a hardware firewall (a router) and a software firewall (i.e. Kerio, ZoneAlarm, Comodo, etc) in conjunction.

• The Differences and Features of Hardware & Software Firewalls
  
• Choosing a Firewall: Hardware v. Software

This post has been edited by quietman7: 12 October 2011 - 08:21 AM

Supplementing your Anti-Virus Program with Anti-Malware Tools

Anti-virus and Anti-spyware (anti-malware) programs each perform different tasks as it relates to computer security and malware detection. Essentially, they look for and remove different types of malicious threats. In simplistic terms, an anti-virus program will focus on viruses, worms and Trojans while an anti-spyware program tends to focus more on spyware, adware and PUPS (potentially unwanted programs)?. However, there can be some overlap in functionality and detection features depending on the program's scanning engine, how the vendor defines a specific threat and what Naming Standards are used. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.

• Why should you use both Anti Virus and Anti Spyware Software?
  
• Antivirus and Antispyware Software: What's The Difference?
  
• Differences Between Antivirus & Anti-Spyware
  
• What Is the Difference Between Antivirus & Antispyware?

Since no single product is 100% foolproof, it is recommended to supplement your anti-virus by performing scans with trustworthy security tools like:

• Malwarebytes Anti-Malware: How to scan and remove malware from your computer
  
• SUPERAntiSpyware: How to use to scan and remove malware from your computer

For a list of other recommended security tools (i.e SpywareBlaster, WinPatrol) and resources, please refer to:

• Bleeping Computer's Freeware Replacements For Common Commercial Apps
  
• Bleeping Computer's List of Antivirus, Antimalware, And Antispyware Resources

As a general rule, using more than one anti-spyware program like Malwarebytes Anti-Malware, SuperAntispyware, Windows Defender, Spybot S&D, Ad-Aware, Spyware Terminator, etc. will not conflict with each other or your anti-virus if using only one of them for real-time protection and the others as stand-alone on demand scanners. In fact, doing so increases your protection coverage without causing the same kind of conflicts or affecting the stability of your system that can occur when using more than one anti-virus. The overlap of protection from using different signature databases will aid in detection and removal of more threats when scanning your system for malware.

Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-malware database is updated can also account for differences in threat detections. Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.

If using multiple real-time resident shields (TeaTimer, Ad-Watch, MBAM Protection Module, Spyware Terminator Shields, etc.) together at the same time, there can be conflicts as a result of the overlap in protection. These conflicts are typical when similar applications try to compete for resources and exclusive rights to perform an action. They may identify the activity of each other as suspicious and produce alerts. Further, your anti-virus may detect suspicious activity while anti-malware programs are scanning (reading) files, especially if it uses a heuristic scanning engine, regardless if they are running in real-time or on demand. The anti-virus may even detect as threats, any malware removed by these programs and placed into quarantined areas. This can lead to a repetitive cycle of endless alerts or false alarms that continually warn a threat has been found if the contents of the quarantine folder are not removed before beginning a new security scan. Generally these conflicts are more of an annoyance rather than the significant conflicts which occur when running two anti-virus programs in real time.


By the way, you can also supplement your security tools and get a second opinion by performing an Online Virus Scan.

• List of free online Anti virus scanners
  
• List of online Anti virus scanners
  
• Top Free Online Virus Scan Services
  

I recommend taking advantage of the Malwarebytes Anti-Malware (Pro) Protection Module in the full version which uses advanced heuristic scanning technology to monitor your system and provide real-time protection to prevent the installation of most new malware. This technology runs at startup where it monitors every process and helps stop malicious processes before they can infect your computer. Keep in mind that this feature does not guarantee something will not slip through as no product can detect and prevent every type of malware. The database that defines the heuristics is updated as often as there is something to add to it. Also keep in mind that Malwarebytes does not act as a real-time protection scanner for every file like an anti-virus program so it is intended to be a supplement, not a substitute.

IP Protection (malicious website blocking) is part of the Protection Module and works after it is enabled. When attempting to go to a potential malicious website, Malwarebytes will block the attempt and provide an alert. IP Protection is also designed to block incoming connections it determines to be malicious. More information about IP Protection can be found in the Malwarebytes Anti-Malware IP Protection FAQs.

Those who purchase the full version receive a license key via email to activate the protection module. The license includes a lifetime of free upgrades and support. For corporate and business customers, annual licenses are required. After activation, Malwarebytes can be set to update itself and schedule scans automatically on a daily basis. The Protection Module is not intrusive as it utilizes few system resources and should not conflict with other scanners or anti-virus programs. If any conflicts between Malwarebytes and another security program are reported, suggested solutions are usually provided in the Common Issues, Questions, and their Solutions, FAQs thread.

Note: A 14-day trial of Malwarebytes Anti-Malware PRO is available as an option when first installing the free version so all users can test the real-time protection component for a period of two weeks. When the limited time period expires those features will be deactivated and locked. Enabling the Protection Module feature again requires registration and purchase of a license key. If you continue to use the free version, there is no requirement to buy a license...you can just use it as a stand-alone scanner.

This post has been edited by quietman7: 25 April 2012 - 12:05 PM

Glossary of Malware Related Terms

What is Malware?
What is Spyware?
What is Adware?
What is Rogue software?
What is Ransomware?
What is a Spyware Dialer? - Understanding Spyware, Browser Hijackers, and Dialers

What are Potentially Unwanted Programs (PUPS)?
McAfee White Paper: Potentially Unwanted Programs

What is a Worm?
What is a Backdoor Trojan? - Backdoors explained
What is a Botnet?
What is an IRCBot?
What is a Remote Access Trojan (RAT)?
What is a Virus?
What is a File infecting virus?
What is a Boot sector virus?
What is a Polymorphic virus?
What is a Metamorphic virus?

The Difference Between a Virus, Worm, Trojan Horse and Blended Threats
What is the difference between viruses, worms, and Trojans?
Trojan FAQs: Common Trojans and how they work

What are Alternate Data Streams (ADS)?
What is Spam?
What is a Spambot?
What is a Web Crawler?

What is Whistler Bootkit
What Is A Rootkit?

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

What is a TDSS rootkit?
TDSS: Rootkit technologies from the beginning
TDSS part 1 - TDSS part 2: Ifs and Bots - TDSS part 3: Bootkit on the Other Foot
TDL4 – Top Bot: The ‘indestructible’ botnet
Memory Forging Attempt by a Rootkit: TDL4 variants
Bootkit: the challenge
TDL4 Rootkit Bypasses Windows Code-Signing Protection
TDSS loader has now got legs - a self-propagation mechanism
The Worm, the Rogue DHCP, and TDL4
Stalking TDL4: All Access Pass to the Hard Drive
POPUREB vs. TDL4
TDL4 rebooted and its hidden partition table
A New TDL4 with a Stealthy New Twist: creates hidden partition table


ZeroAccess (Max++) Rootkit:
TDL4 Infection Update Win32/Olmasco MAXSS Pihar
ZeroAccess / Max++ / Smiscer Crimeware Rootkit
Dissecting the ZeroAccess Rootkit
MAX++ sets its sights on x64 platforms
ZeroAccess (Max++) Rootkit
ZeroAccess Gets Another Update


These are .pdf documents with more comprehensive information.
ZeroAccess – an advanced kernel mode rootkit
Rooting about in TDSS
The Evolution of TDL: Conquering x64
Defeating x64: The Evolution of the TDL Rootkit
TDL3: The Rootkit of All Evil?
Backdoor.Tdss.565
TDL3: Part I A detailed analysis of TDL rootkit 3rd generation

Each security vendor uses their own naming conventions to identify various types of malware. Names with Generic or Patched are a very broad category.

• Understanding virus names
  
• Microsoft Malware Protection Center Naming Standards