Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security suggestions, Post 1 of 7


  • Please log in to reply
6 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 20 July 2014 - 09:14 AM

Please read this first, it is post 1 of 7.
============

1.  These are security suggestions that I hope people will consider and think about.

2.  In no way should any of these posts I make, be taken as any type of disrespect to anyone, they're just SUGGESTIONS TO CONSIDER.

3.  Some may agree with my opinions, some may not, but that is OK.  Maybe they will bring up discussions on better security measures to use.

4.  It is up to the reader/user to evaluate these suggestions, and decide if they are something they want to do.  However, the reader/user accepts full responsibility for using the suggestions.

DISCLAIMER: THESE ARE MY PERSONAL OPINIONS, AND NOT ENDORSED BY THIS SITE.
============
This post - Backups
============

One of the two most important steps you need to take is establishing regular backups of your important data, pictures, etc.  There are countless programs and methods to backup your stuff, probably as many as their are people using computers.  OK, maybe not that many... hahaha... snicker.

For me, I use ZIP files and batch files.  This allows me the flexibility to perform "pre" tasks before the backup actually starts.  For instance, delete all temporary files, backup files, dump certain registry entries, export my bookmarks, etc.

For example, here is the BATCH file I use to export my Office 2007 registry entries:
 

REM RUN THIS AS ADMINISTRATOR
@echo off
@cls
echo *************************************
echo Date   : %date%
echo Weekday: %date:~0,3%
echo Month  : %date:~4,2%
echo Day    : %date:~7,2%
echo Year   : %date:~10,4%
echo *************************************
REM *****************************************************************
REM DO NOT PUT IN SPACE BEFORE OR AFTER "="
REM *****************************************************************
set YR=%date:~10,4%
set MO=%date:~4,2%
set DY=%date:~7,2%
echo %YR%_%MO%_%DY%
echo ******************************************
echo ******************************************
echo Make sure this is ran as ADMINISTRATOR
echo Make sure this is ran as ADMINISTRATOR
echo ******************************************
echo ******************************************
echo Extract Office 2007 enties
echo You can get up to 4 directories already exist
echo ******************************************
md c:\mydata
md C:\MYDATA\!!CONFIGURATION
md C:\MYDATA\!!CONFIGURATION\office_2007_pro_saved_settings
regedit /e:a "C:\TEMP\((%YR%_%MO%_%DY%))_((current_Office_2007_Outlook)).reg" "hkey_current_user\software\microsoft\windows nt\currentversion\windows messaging subsystem"
regedit /e:a "C:\TEMP\((%YR%_%MO%_%DY%))_((current_Office_2007_General)).reg" "hkey_current_user\software\microsoft\office\12.0"
COPY "C:\TEMP\((%YR%_%MO%_%DY%))_(((SRS))).zip"                        "C:\MyData\!!configuration\office_2007_pro_saved_settings\*.*"
copy "C:\TEMP\((%YR%_%MO%_%DY%))_((current_Office_2007_Outlook)).reg"  "C:\MyData\!!configuration\office_2007_pro_saved_settings\*.*"
copy "C:\TEMP\((%YR%_%MO%_%DY%))_((current_Office_2007_General)).reg"  "C:\MyData\!!configuration\office_2007_pro_saved_settings\*.*"
@echo off
del "C:\TEMP\*.*" /S /Q
PAUSE

Since the source is available, please don't ask for help.  The above provides you a baseline to create other batch files exporting other registry entries.

My backups are normally performed on Friday nights/Saturday mornings.  What I do is to start my backups Friday night just before I go to bed, and come Saturday morning they're done.  I have two copies of the current backup, and AT LEAST three grandfather copies.  This means the current backup, plus the three previous ones.

My core suggestion in this matter is that you need to establish a good backup, and perform it NOT LESS THAN once per week.  Like I said above, I perform my backups normally on Friday nights (some times more often).  I also have a program I wrote that will monitor a directory I create files in, and automatically copy them to several external drives.  So in this way, if something happens between backups, the files that change the most are preserved.

 

Have a Great Day!

:bananas: :bounce:


Edited by scotty_ncc1701, 20 July 2014 - 10:04 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 23 July 2014 - 06:18 PM

Regarding your BAT script: you should only delete the complete content of a directory when you are absolutely sure that no-one else or no other program is using that (temporary) folder. I suggest your script creates a temporary folder and then stores all its work files in said folder. When the script finishes, it deletes the temporary folder.

Regarding your pre-tasks: I suggest you delete temporary files after your backup, not before. This way, if the wrong files get deleted, you will have a backup.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 23 July 2014 - 11:22 PM

The "TEMP" folder is just that temporary.  All files in there that are used by other programs have an exclusive lock on them (e.g. ultraedit file being edited).  At the point the folder contents are deleted, during the initialization phase of the backups, all programs are closed.

 

Have a great day!

:bananas: :bounce:



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 25 July 2014 - 04:07 PM

From your explanation, I get that the C:\TEMP is not a temporary folder. It is a permanent folder for temporary files.

 

What I mean is to create a temporary folder, and have that as working folder for your script.

Like C:\TEMP\TMP123\. And then you create your files, like C:\TEMP\TMP123\BACKUP.REG

And when your script is done, you delete the content or the folder (del C:\TEMP\TMP123\*.*), and then you remove the folder (rmdir C:\TEMP\TMP123\).

 

Your method works for the moment, but it's likely that sometime later (for example with new programs or upgraded programs),

it will no longer work because you delete the wrong files (well actually, your script will still work, but the programs using the deleted files will malfunction).


Edited by Didier Stevens, 25 July 2014 - 04:25 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 25 July 2014 - 05:33 PM

Basically your right.  During the building of Windows, I change the environmental variables of TMP and TEMP to c:\temp.  Also in several programs (like my scanner), that I also change it to c:\temp (their work area that is).  Quite a few programs don't clean up behind themselves, so here I can just go into c:\temp and manually delete the files and folders.  For me, I'm still up to a point a "DOS" person, and find it quicker and more efficient to do things from the command line, or a batch file.

I've been doing this (c:\temp thing) since around 2002 when XP came out.  Also, I don't like where M$ stores personal files, so documents, music, etc was moved to c:\mydata, at the same time.  As you know under XP, music, etc was under ...My Documents..., then when M$ split them out into their own separate folders, I moved them back to the "original locations".

I admit, to a point, I'm a creature of habit, and I don't like moving my files around, unless it is needed.  I know that I could use junctions or symbolic links to do the same (I'm on Win 8.1U), but I only have to do it once, when I initially install windows, which is imaged in stages (see other posts, so really it's NBD, to me at least.

Have a great day!
:bananas: :bounce:

 



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 27 July 2014 - 08:49 AM

The reason why I'm mentioning this, is that some BC users will probably take over your script.

And if they have their own c:\temp directory, they might have files deleted by your script that they wish to keep.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 scotty_ncc1701

scotty_ncc1701
  • Topic Starter

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 27 July 2014 - 03:18 PM

The reason why I'm mentioning this, is that some BC users will probably take over your script.

And if they have their own c:\temp directory, they might have files deleted by your script that they wish to keep.

 

Knowledge of basic batch file programming is expected for people to utilize it.  Even then, the commands can be looked up on line.  I have multiple batch files like this to extract other key entries in the registry, so on rebuild/restore, I can quickly reconfigure my computer with just a few mouse clicks.

Have a great day!
:bananas: :bounce:
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users