Help
This topic is locked
There is protection you need to use to protect yourself from these attacks.
Normally when loading a persons browser with Firefox Extensions or telling them which ones to get, I wouldnt ever load NoScript if they were not tech-savvy enough to understand how it works.
but this hacking stuff is becoming too much of a problem so heres your made-of-steel condom guide for the internet.
Now, I know theres plenty of guides out there saying use firefox+abp+ns etc, but none the guides actually tell you how noscript works for those non tech-savvy people. So heres a full guide (with pictures) for non tech-savvy people.
- ==== Browser Changes ====
- --- Securing Internet Explorer ---
- Update to IE7 if your still using IE6 (even if you use firefox). IE6 is horrible to even have on your PC. IE7 can be found on the Microsoft website, and should be a recommended update when you do Windows Update on your computer.
- Open your Internet Explorer (even if you use firefox): Tools -> Internet Options
- Go to the Security Tab, and on the Internet Zone, change the Slidebar to High (max).
- Go to the Privacy Tab, and click Advanced (Medium Slider should be sufficient). Enable the override checkbox, Prompt for first party cookies, block 3rd party cookies, and always allow session cookies. Click Ok.
- Go to the Advanced Tab, and uncheck both Enable third-party browser extensions and Enable websites to use the search pane. Click OK once these changes are made and close IE. Your done securing it.
- Update to IE7 if your still using IE6 (even if you use firefox). IE6 is horrible to even have on your PC. IE7 can be found on the Microsoft website, and should be a recommended update when you do Windows Update on your computer.
- --- Switching to Firefox ---
- Our goal above was to secure IE for use of only trusted websites such as Microsoft.com and use Firefox which offers you much more secure tools when browsing.
- Download Firefox: Here (Instructions for Installing Firefox on that website)
- Upon start it will ask to be your default browser. CLICK YES! It will also ask to Import your Internet Explorer Settings such as bookmarks. Go through the wizard and bring your bookmarks and such over.
- Time to get extensions. Heres how you normally get extensions: Go to Tools -> Add-ons -> Click Get Extensions. However I'm just going to give you direct links to them to help you out.
- Our goal above was to secure IE for use of only trusted websites such as Microsoft.com and use Firefox which offers you much more secure tools when browsing.
- --- Securing Internet Explorer ---
- ==== Putting on your condoms (configuring) ====
- Click OK or Close any popup's that spawn upon opening Firefox. (I already have these installed, so I cant remember exactly what pops up so well go from the menu's to configure them).
- **Go to Tools -> Addons: we will do this step multiple times for extensions. Each extension you installed will have an Options button on it that we need to configure (with exception to FlashBlock, the default settings are fine)
- AdBlock:
- Open AdBlock Options(above) -> Options Menu > Make sure the extension is fully enabled.
- Open the Filters Menu and Add Filter Subscription: You want to enter a title and URL for each subscription and be sure both checkboxes are enabled!
- Add the following subscriptions (format: [/b]Title: Location[/b]):
- EasyElement+EasyList: http://easylist.adbl...nt+easylist.txt
- Fanboy's List: http://www.fanboy.co.nz/adblock/fanboy-adb...nt-expanded.txt
- ABP Tracking Filter: http://easylist.adbl...king-filter.txt
- EasyElement+EasyList: http://easylist.adbl...nt+easylist.txt
- Once all 3 are added click OK to finish.
- Open AdBlock Options(above) -> Options Menu > Make sure the extension is fully enabled.
- NoScript:
- Open NoScript options, and go to the Plugins Tab -> Make sure all of the RED CIRCLED checkboxes are selected. DO NOT SELECT THE BOTTOM BOLDED CHECKBOX!!
- Go to the Advanced Tab, You will see Sub-Tabs -> Click on Untrusted Tab (if not already selected). You want to make sure all of these are selected.
- Click OK to finish.
- Open NoScript options, and go to the Plugins Tab -> Make sure all of the RED CIRCLED checkboxes are selected. DO NOT SELECT THE BOTTOM BOLDED CHECKBOX!!
- Click OK or Close any popup's that spawn upon opening Firefox. (I already have these installed, so I cant remember exactly what pops up so well go from the menu's to configure them).
- ==== Using your condoms (browsing) ====
- NoScript:
- NoScript blocks all unknown websites from executing javascript on load.
- It also blocks all unknown sites from using 3rd party plugins such as Flash and Java
- Many websites use javascript to function properly.. Upon visiting a site that uses JavaScript, Flash, Java Applets and more, you will notice the NoScript Icon in the bottom right corner of your Firefox.
-
: This means ALL javascript was blocked. The site may not function correctly, or it might work fine. it all depends on how the sites coded to use the javascript. -
: This means javascript was PARTIALLY blocked. This means the site your visiting was allowed to run javascript (or did not contain any) however a 3rd party URL (an address thats not the same website) was blocked from being ran.
4/5 times this means some ad websites javascript was blocked. In most cases your website your visiting will function correctly, and noscript is doing its job: blocking the unwanted javascript. -
: This means ALL javascript on this website was allowed to run, or else the website did not contain any javascript. This site will function just as if you did not have NoScript.
-
- By default you will also receive notification on the bottom with a big bar (this bar can be told to not show).
- If the website your using needs javascript to run (things are not working properly), you may simply click the NoScript icon, and you will see in Bold Letters "Allow domain.tld" or by option you can allow it temporarily.
- If you choose to only allow it temporarily, noscript will block that website again the next time you reopen firefox (its saved until you close firefox).
- If you choose to allow (the bold letters) this site will always be allowed to run javascript.
- How do you know which sites need to be allowed? Simple: None unless they dont work without it. When you visit a site, browse it normal. If things arnt working such as links misbehaving or not working at all, and scripts are blocked, enable it temporarily. Does the link now work? If so, then it needs the javascript.
If you add a site to temporary allow that you want to perma allow, you need to remove the temporary allow (as in reblock it) then choose the permanent option. - Next you ask, what if you allow javascript on these trusted websites, how is that protecting you from the malware? These malware infections are linking offsite to other websites. Remember that 2nd icon (Partially blocked)?
That malware website its linking to will not have permission to be ran in noscript. Your root website your viewing will, but that extra url will be blocked because its not the same address.
The only case you will be vulnerable to the javascript is if the malware infectors add their virus code to the websites server itself (so that its not linking to another website).
This is very possible for them to do, but they in general want to link it to their own site so they may modify the virus code when they need and log whos being infected -- so they in general wont (or cant) do this approach,
so noscript will be protecting you.
A blocked flash player will also display a NoScript icon showing its blocked. Simply click the NS icon to display it if needed (It will auto be allowed if the current site its coming from is already allowed)
You generally will not need to run most flash applications on a web page unless its for navigational purposes or a video player. Most sites use flash for ads or logos, which you do not need to see.
For sites like youtube and such, adding them to allow list to view videos easier is recommended.
- NoScript blocks all unknown websites from executing javascript on load.
- NoScript:
- ==== Additional Security Measures ====
Following the above guide will provide you a condom made of steel, and protect you from at least 95% of possible infections.
A good first layer of security on your browser is the best step at protecting yourself from infection. However, theres always a chance something new comes out and bypasses your first layer of protection, so there is additional things to be sure you have.
- Anti Virus: Some like to argue this is the most important thing. I have to disagree, an anti virus software is only useful if your first layer of protection is penetrated. Following my guide above puts you in very low chance that it ever is penetrated.
Common sense, Web Browser Security and safe browsing habits are the most important thing in securing your PC.
However, its a good thing to have that backup protection in place to possibly catch the new exploits.
I STRONGLY recommend Avast. Avast has state of the art protection even in the free edition, and uses very little resources. Compared to AVG, Avast is Steel and AVG is Plastic.
If you have the money, get ESET Smart Security, a non free AV/Firewall/AS suite and one the highest ranked.
- Firewall: Ok, so you got some nasty trojan that bypassed BOTH of your 2 layers of protection (Secure Browsing, AntiVirus), theres one final Layer, a software firewall.
Software firewalls alert you when unknown applications are trying to connect to the internet. So even if you are key logged, your firewall is going to ask "Can this program you have no clue what the hell is connect to some website you have no clue what the hell is with some information?"
Pretty obvious answer. Keylogger DENIED!
I recommend Sygate Personal Firewall. Its very quiet beyond the questions about allowing applications - Doesnt eat up resources - and it even knows when an application changes to reask for permission.
- Install AntiSpyware: Spybot Search & Destroy is one of the leading spyware removal and prevention tools. Best of all, its free! Spybot S&D has tools to help prevent you from getting Spyware -- however, it shouldnt catch 'much' as your first layer should be blocking spyware too.
- Uninstall Real Player & QuickTime: Access your Control Panel by clicking your Start Menu then going to Control Panel. Then go to Add & Remove Programs. Wait a minute for the list to build, and then check it for anything about "Real Player" and Quicktime.
Is it installed? If so, REMOVE IT! Quicktime/Real Player are devil applications that some of the main reasons many are losing their accounts.
Get rid of them, get rid of any piece of trash that relies on it. You have 2 options: Keep your FFXI account or keep Real Player, decide now. - Save your PlayOnline Password!!!! - Most trojans are key loggers, and monitor key strokes to steal your password. While this isnt fullproof, I have not heard of the new password file format being cracked, and even if so, this is the least likely method of them stealing your password.
If you need to keep people out of your account on your PC, use that alternate password lock thing and use a DIFFERENT PASSWORD!! - Keep flash updated!! - Go to http://adobe.com and keep flash updated.
- Keep your PC up to date with Windows Updates. We had security beefed up on Internet Explorer in the first part of the guide, but Microsoft.com is automatically in Trusted group so it will be fine.
If you want to update your PC without even using Internet Explorer, there is a free update website called WindizUpdate for Firefox users that offers all of the Windows Updates that Microsoft offers.
- Anti Virus: Some like to argue this is the most important thing. I have to disagree, an anti virus software is only useful if your first layer of protection is penetrated. Following my guide above puts you in very low chance that it ever is penetrated.
There you go, Safe Surfing.
Search
