Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Preventing malware installation


  • Please log in to reply
8 replies to this topic

#1 Codaeus

Codaeus

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 18 June 2014 - 04:45 PM

I've heard mention on other forums that for XP Pro there is stuff like EMET, Software Restristion Policy, Hosts File, etc., that will prevent installation of malware like OpenCandy, YellowMoxie Redirect, and so on. If true, I'd like to know more (a lot more) about this! Advice? Links? Anything at all appreciated!



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:11:55 AM

Posted 18 June 2014 - 04:51 PM

 There are supported antivirus and antimalware programs for XP if that's what you're looking for.  They're pretty much the same ones you can get for later versions of Windows.

 Of course MS pulled the plug on the last of the Windows updates for XP back on 4/8, so it's going to become more and more vulnerable to attacks over time.  My recommendation is to either upgrade to Windows 7 or 8 or go with Linux.  The Mint and Ubuntu versions of Linux run very well on computers that run XP, and they just boot up, find your devices, connect to the Internet, have a Windows like user interface, and come with Firefox and LibreOffice.  AND they're supported.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:55 AM

Posted 19 June 2014 - 06:00 AM

EMET is a utility for System Administrators to help protect enterprise servers/client computers using application hardening, a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. The utility has built-in support for enterprise deployment which enables Administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
 

What is the Enhanced Mitigation Experience Toolkit?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.

The Enhanced Mitigation Experience Toolkit



The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help IT Professionals protect systems from common threats. EMET works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors...

Video: Enhanced Mitigation Experience Toolkit

Introducing Enhanced Mitigation Experience Toolkit (EMET)
Microsoft Security Blog: Enhanced Mitigation Experience Toolkit

 

Application Hardening is the process to address application security weaknesses by implementing the latest software paches, hotfixes and updates, using the latest and secured versions of protocols and following procedures and policies to reduce attacks and system down time. The critical applications that need hardening are Web servers, email servers, DNS servers, etc.

What is Application Hardening


The HOSTS file is more of a legacy of early IP networks and was never really designed for large-scale blocking of unwanted sites. SpywareBlaster, PeerBlock and custom HOSTS files are better alternatives for blocking purposes.

 

CryptoPrevent can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Kilroy

Kilroy

  • BC Advisor
  • 3,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:55 AM

Posted 19 June 2014 - 02:25 PM

One thing that you should know, Security isn't convenient.  The things that will protect your machine will also break other things.  Here are some of the things that won't work with EMET

Skype

Netflix

iPod Sync

AOL

 

If security is your goal moving to a supported operating system should be what you are looking to accomplish.


Edited by Kilroy, 19 June 2014 - 02:26 PM.


#5 DDK65JAG

DDK65JAG

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 19 June 2014 - 02:49 PM

Strange........I'm using EMET & have zero problems with Netflix.

Win7 with EMET set to 'recommended security settings'.

 

 

DDK



#6 Codaeus

Codaeus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 September 2014 - 01:36 PM

EMET is a utility for System Administrators to help protect enterprise servers/client computers using application hardening, a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. The utility has built-in support for enterprise deployment which enables Administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
 

What is the Enhanced Mitigation Experience Toolkit?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.

The Enhanced Mitigation Experience Toolkit


The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help IT Professionals protect systems from common threats. EMET works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors...

Video: Enhanced Mitigation Experience Toolkit

Introducing Enhanced Mitigation Experience Toolkit (EMET)
Microsoft Security Blog: Enhanced Mitigation Experience Toolkit
 

Application Hardening is the process to address application security weaknesses by implementing the latest software paches, hotfixes and updates, using the latest and secured versions of protocols and following procedures and policies to reduce attacks and system down time. The critical applications that need hardening are Web servers, email servers, DNS servers, etc.

What is Application Hardening


The HOSTS file is more of a legacy of early IP networks and was never really designed for large-scale blocking of unwanted sites. SpywareBlaster, PeerBlock and custom HOSTS files are better alternatives for blocking purposes.CryptoPrevent can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.

 
Wow! Thanks so much for the above! I will be researching this for awhile. May I ask your opinion of EMET 4.0 for XP Pro? I am considering installing it to bolster security, but found out it depends on .NET Framework, which some sites say to avoid due to security & privacy concerns. Do you think the benefit of EMET outweighs the detriment of .NET? Thanks again for all your help!

Edited by Orange Blossom, 25 September 2014 - 02:24 PM.
Fixed BB Code end tag placement. ~ OB


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:55 AM

Posted 25 September 2014 - 03:52 PM

I have XP Pro installed on my spare laptop and have never found the need for EMET.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Codaeus

Codaeus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 28 September 2014 - 04:07 PM

EMET is a utility for System Administrators to help protect enterprise servers/client computers using application hardening, a security feature designed to prevent exploitation of various types of vulnerabilities in software applications. The utility has built-in support for enterprise deployment which enables Administrators to use Group Policy or System Center Configuration Manager to deploy, configure and monitor EMET installations across the enterprise environment.
 

What is the Enhanced Mitigation Experience Toolkit?
The Enhanced Mitigation Experience Toolkit (EMET) is a utility that helps prevent vulnerabilities in software from being successfully exploited. EMET achieves this goal by using security mitigation technologies. These technologies function as special protections and obstacles that an exploit author must defeat to exploit software vulnerabilities. These security mitigation technologies do not guarantee that vulnerabilities cannot be exploited. However, they work to make exploitation as difficult as possible to perform.

The Enhanced Mitigation Experience Toolkit



The Enhanced Mitigation Experience Toolkit (EMET) is a utility designed to help IT Professionals protect systems from common threats. EMET works by applying security mitigation technologies to arbitrary applications to block against exploitation through common attack vectors...

Video: Enhanced Mitigation Experience Toolkit

Introducing Enhanced Mitigation Experience Toolkit (EMET)
Microsoft Security Blog: Enhanced Mitigation Experience Toolkit

 

Application Hardening is the process to address application security weaknesses by implementing the latest software paches, hotfixes and updates, using the latest and secured versions of protocols and following procedures and policies to reduce attacks and system down time. The critical applications that need hardening are Web servers, email servers, DNS servers, etc.

What is Application Hardening


The HOSTS file is more of a legacy of early IP networks and was never really designed for large-scale blocking of unwanted sites. SpywareBlaster, PeerBlock and custom HOSTS files are better alternatives for blocking purposes.

 

CryptoPrevent can be used to lock down any Windows OS to prevent infection by the Cryptolocker ransomware which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running. This allows it to stop other malicious files in addition to Crypotolocker. You can also use Command Line Parameters and manually whitelist individual items or automatically whitelist all .exe files currently found in the locations that would be blocked. The changes can be reversed by re-running the tool and selecting Undo, then rebooting. The free version of CryptoPrevent permits manually checking for updates. CryptoPrevent Premium (a one-time charge) keeps CryptoPrevent up-to-date automatically with free updates for life and can be used on all your home computers. CryptoPrevent's home page explains the User Interface, Prevention Methodology, Whitelisting, Scripting and includes a section on Questions and Answers.

 

Thanks for all the great info! Sorry for delayed response, but I'm still researching it. Anyway, sounds like we're on the same page, and that you have gone where I am headed. I would like to hear what you think of adding EMET 4.0 to XP Pro. Been advised to do it to bolster security, but it requires .NET Framework, which has privacy and security issues. Do you think the added benefit of EMET is worth the detriment that comes with .NET?

 

At the risk of sounding stupid, I am not real clear just how the 'Peerblock' differs from using HOST file, but I am still researching it.

By the way, I have both Deep Freeze and Anti-Executable Standard slated for install (I hear they are not only compatible, but synergistic).



#9 Codaeus

Codaeus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 28 September 2014 - 04:24 PM

One thing that you should know, Security isn't convenient.  The things that will protect your machine will also break other things.  Here are some of the things that won't work with EMET

Skype

Netflix

iPod Sync

AOL

 

If security is your goal moving to a supported operating system should be what you are looking to accomplish.

 

After much hardcore research into privacy/security concerns over the past few years (in prep to have a home PC), I would go a lot further than saying "convenient". Way bloody difficult might be more apt! That said, this 'keep up with the jones' approach is not in my playbook. One major reason to get a home PC is to end the public computer purveyors constantly forcefeeding me a new OS to deal with every three or four years. I have gone from XP Pro to Vista to Win7 with downgraded performance and ever higher irritation levels with each switch. I will stick with XP Pro until I absolutely cannot, and by then I will be familiar enough with Linux to make a painless transition (not that I intend to be cattle-prodded into going from Linux version to newer version either).






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users