View Single Post
 
Old 30.12.2009, 13:23
drbits's Avatar
drbits drbits is offline
JD English Support (inactive)
 
Join Date: Sep 2009
Location: Physically in Los Angeles, CA, USA
Posts: 4,437
Default Choosing and installing security software

English Overview:

The security software (Antivirus, Firewall, and so on) must allow JDownloader, java, and javaw to connect to any port on any computer and to listen on any local port. This setting may have to be updated after you install a new version of Java or JDownloader.

The security software must never filter or restrict the contents of network packets, it has no reason to ever read that data.

Some adjustments to ESET or Kaspersky are described here. However, no "Internet Security" package is recommended.

I recommend Microsoft Security Essentials (as your antivirus) or AVG free without Link Scanner installed), the Free (for personal use) PCTools.com Firewall and PCTools.com Threatfire. They are effective and work well with JDownloader and they work well together. They are all free for personal use.

For your web browser, I recommend Firefox with NoScript and WOT. Opera is a good alternative.


Deutsch Überblick

Das Antiviren-Programm und die Firewall müssen JDownloader, java, und javaw erlauben, sich mit allen Ports zu verbinden und an allen lokalen Ports zu hören. Diese Einstellung muss aktualisiert, nachdem Sie eine neue Version von Java oder JD installieren.

Das Antiviren-Programm und die Firewall müssen jedoch nicht den Inhalt der Netzwerkpakete überwachen.

Einige Anpassungen ESET oder Kaspersky sind hier beschrieben..

Empfohlen Sicherheit Programme:
Microsoft Security Essentials (für Antiviren) oder AVG Frei mit LinkScanner nicht installieren.
pctools.com Kostenlos Firewall.
pctools.com ThreatFire (Kostenlos).
Für FireFox verbinden NoScript und WOT.
Alle sind einfach und sie ausführen gut mit JDownloader.


Información General Español:

El software de seguridad (Antivirus, Firewall (cortafuegos), y así sucesivamente) en su equipo debe permitir el JDownloader para conectarse a cualquier puerto en cualquier ordenador y escuchar en cualquier puerto local. Este ajuste tendrá que ser actualizado después de instalar una nueva versión de Java o JDownloader.

El software de seguridad nunca debe filtrar o restringir el contenido de los paquetes de red, no tiene razón para leer cada vez que los datos.

Hay algunos ajustes a ESET o Kaspersky se describen aquí..

Yo recomiendo:
Microsoft Security Essentials o AVG Sin Costs sin LinkGrabber.
PCTools Sin Costo (para uso personal) Firewall (cortafuegos).
PCTools Sin Costo (para uso personal) Threatfire.

Son eficaces y trabajan bien juntos. Estos programas no interfieran con JDownloader.

Para su navegador web, yo recomiendo Firefox con NoScript y WOT complementos.

--=oOo=-- --~=oXo=~-- --=oOo=-- --~=oXo=~-- --=oOo=-- --~=oXo=~-- --=oOo=-- --~=oXo=~-- --=oOo=--

1) Even in Windows, you don't need an antivirus or firewall to watch everything on your computer. You need an antivirus to scan files and scripts when they are first opened (which you can do manually). You need a firewall to keep hackers out. Except for scanning for scripts in e-mail, browsers, and office documents, most of the rest of what they hang on your security software is sales pitch.

1a) Whatever security software you use must tell you when it is about to block a program. This is not just for JDownloader, it is needed on every system. If your security software cannot be changed to do this, uninstall it immediately.

If you are using an antivirus or firewall that requires you to create exceptions for jdownloader, java, or javaw, then updating JDownloader or java should cause the security software to start blocking again. Whenever you start having problems, make sure the security software exceptions are still valid.

When a program has changed, well designed security software will ask whether this is an update of the same software and the old exception will be applied to the new version as well.

2) If your router contains a firewall, that will deter almost all known attacks that a firewall can block. What it does not do is protect the rest of the internet if your computer becomes infected by a virus. Since you will never allow your computer to become infected, you don't need a fancy firewall.

2a) If you are paranoid (as I am), you can install a software firewall. However, most will noticeably slow down your computer. After trying several software firewalls, the only one I have found that allowed me to run both JDownloader and uTorrent at full blast was PCtools Free Firewall. This firewall needs to be trained (or you can leave it in training mode for a while), but it is simple to set up and checks every time a program tries to open a port or call another program (see 3) IDS below).

2b) The best Firewall protection is a separate box (like Barracuda Networks or similar products from companies like Cisco) that connects between your router and your computer. The box updates frequently to protect against the latest known threats and also filters for viruses and other malware. This costs about twice what a software security package costs, but it doesn't slow down your computer.

3) Intrusion Detection Systems
One of the most effective ways to avoid virus infestation is to protect your system against virus-like activity. This is the job of an IDS. The only complete IDS I know of for a personal computer is ThreatFire (threatfire.com), made by PCtools (also included in their firewall and integrated packages). This product is also free for personal use. There are more sophisticated IDS systems for servers. The advantage of an IDS is that it has a very low profile (small memory footprint and almost no CPU time when everything is OK). These programs require training (which programs are allowed to do what), but they are worthwhile.

4) Antivirus
I have said some negative things about antivirus programs, but I wouldn't work without one. The problem is that most of them are bundles, not just virus scanners. A virus scanner should check each file as you open it for execution or when ask it to scan a file, and nothing more. AVG Free antivirus (without LinkScanner installed), and Microsoft Security Essentials are close to this.

Uninstalling an antivirus program usually leaves hooks in your operating system. When uninstalling an antivirus program, first obtain the "Cleanup" program from the manufacturer's website. Then set a restore point, uninstall the antivirus program, restart your computer, run the cleanup program, and restart your computer.

If you choose AVG, choose the custom installation and do not install the Web link scanning (this goes for any antivirus). These work poorly and can interfere with programs like JDownloader. The program is simple, contains a module that will scan files when you open them for read or execute, and contains a scanner. It also contains an e-mail scanner and automatic updates (the free version updates once per day).

Another very good antivirus is called Viper. However, this program is not free for personal use. It is a combination of a traditional antivirus and an IDS.

Cloud antivirus systems are new, but their advantages are minimal. When combined with an IDS, they should be essentially the same as a regular antivirus.

Avoid (or uninstall) any antivirus that includes features like "Web shield", "Network shield', "Link shield", "Link checker", "network checker", and so on (Antivir, Avast!, AVG, Kaspersky, Norton, Symantec, McAfee, and so on). You can try installing them without these features if the program permits it.Even worse are the "Internet Security" suites - always uninstall these and run the cleanup program.

Ideally, a system wide antivirus would scan files only when opened for execution (executable files and scripts only). An excellent browser, RSS reader, or e-mail reader can be set to scan each script before execution (possibly with an antivirus addon). Do not allow active-X to execute unless it is both signed and virus scanned. If you use Microsoft IE, install WOT and be very careful about what scripts (activeX, .NET, Javascript, and so on) you allow to run. If you use FireFox, WOT and NoScript are recommended to assist you in selecting which scripts to run (and Dr.Web can perform an antivirus scan). Chrome and Opera are like Firefox.

A useful antivirus programs can attach to your e-mail program and scan all scripts and attachments. It is even better if one can preview all messages in "Plain text" mode (I always do this is Outlook). E-Mail programs should always use an encrypted connection to the mail server. Thunderbird defaults to a safe viewing mode.

The most important problem with security programs that read the contents of network packets instead of just the header is that they give the user a false sense of security. The worst of malware is encrypted until it is ready for use, so the antivirus cannot find it in the network (only the stupid ones get found). They break JDownloader by holding back a large number of packets (leading to dropped connections) and often drop or filter the contents of packets (leading to improper data and CRC errors).

4a) JDownloader, P2P and IM programs do not execute what is transferred. They write them to disk, where the antivirus can scan them before they can be executed (exclude *.part files from scanning, they are incomplete and scanning them is a waste. The same is true for the incomplete P2P files, such as *.!UT).

Browsers sometimes download and immediately execute scripts (.NET, activeX, and JavaScript). Fortunately, the only Browser that does that is Microsoft Explorer. In Opera, Firefox (and its Chrome version), only JavaScript is executed before it is written to disk, and it is "Sandboxed" (restricted in what it can access).

For people who still use P2P programs, blocklists are important (see "blocklistpro.com")

5) Registry and Disk cleaning

We have already discussed registry cleaners.

One of my my favorite registry scanners is Regseeker, but it is overly aggressive and I always have to repair or reinstall MS Office after I use it (it needs extra filters). However, it finds many times more problems than Comodo and Glary products. I save this one for occasional use. Again, I always backup the registry before using a cleaner.

Disk cleaners are best at finding temporary files that are left around and deleting them. The Comodo and Glary packages both come with powerful disk cleaners. Ccleaner is an easy to use program, but it has fewer tools to find disk trash. For example, Comodo System Cleaner includes a scan for empty directories. This can save a significant amount of disk space.

The part of a disk cleaner that seems like it would find the most waste is the "Duplicate file search". Do not use this unless you are sure of what you are doing. They usually aren't worth the effort of figuring out which copies of files are necessary.

Digital Volcano Duplicate Cleaner is an easy to use duplicate cleaner. Using the Hard Link option makes this a safe and easy tool. It takes advantage of some little-known features in NTFS and if two files are exact duplicates, it changes the directories so that they both point to the same file on disk (and deletes the unused file). This means that you can still get to the file from both directories, but you only store it once. Unix users are familiar with links, this is new to most Windows users.

Duplicate Finder Hard Link (DFHL) is the original tool, but is harder to use and is command line driven with many options. You can download it from "jensscheffler.de/dfhl". To use it open a command window, and cd to the directory containing DFHL.exe. Enter a command like
Code:
DFHL /h /l /m /q /r /s /w {list of top directories}
This combination of parameters will quietly /q scan the specified directories (including small files /m, hidden files /h, and system files /s) and all of the subdirectories /r. Files that match byte for byte will be hard linked (so that only one copy is retained /l). A summary will be printed at the end (/w). If you leave out /l and /q it will just create a report. The major limitation is that it should only be run on one partition at a time (NTFS cannot hard link across partitions).

6) Complete Virus Scanning
A normal virus scanner cannot find all viruses. One reason is that there are new viruses every day and it can take days to find a way to detect new ones without also finding normal files. This is why an IDS (intrusion detection system) is so useful. Since most people don't know about IDS, about 1/3 of computers have some kind of malware infection. A second reason is that some viruses (called rootkits) have found ways to insert themselves into the operating system and hide from the antivirus programs (or even infect the antivirus programs). Also, most antivirus programs work by searching for strings in programs (called signatures), but modern viruses encrypt themselves, so that they cannot be found by a signature until they begin executing.

The first step is to find the viruses that are hiding in the operating system. You find them with Root Kit Scanners, and there is a free (for personal use) root kit search in Threatfire and one available from PandaSecurity. These are not the only two, but I have found both of these to be satisfactory and they work in different ways.

A full antivirus search is done when the operating system is not running. A boot disk running a different operating system is used to boot the computer and scan the system. One such virus scanner is PandaSafeCD (search pandasecurity.com). This program is available from download.com. It comes as a zip file containing an ISO file you burn onto a CD. The CD then contains a reasonably recent antivirus scanner. It updates itself by looking in the central location where Panda programs keep the updated virus definitions. When you boot the computer from the disk, it boots into a protected version of Linux, prompts for the parts of the computer to scan, and scans your computer.

The Windows operating system contains a Software File Checker. Periodically run SFC /SCANONCE and reboot.

Except for the Vipre program I mentioned above, all of the programs in this thread are free for personal use. If you have a massive virus infestation or an infestation of low level OS files, you my have to spend money to repair the problem. However, usually, you fix the low level OS files by reinstalling the OS (telling it to keep user settings) and the free antivirus programs should clean up even a massive infestation. You might have to run the Repair for some programs (in the Install/Uninstall command), but you can clean your computer. The Panda SafeCD needs up to date antivirus files. You can download these for free from PandaSecurity.

The ERUNT program saves a full backup of the registry. I schedule it to run daily and keep a month worth of backups. If I have to reinstall the OS, I can use the backup to restore my settings and programs.

7) Virtualization
A lot of times, when one tries to install a program from the internet there will be pirate files (like keygens or cracks) in the installation package. I do not want to encourage piracy, but if you use these files, you need to protect yourself. Your antivirus program will pick these up as inappropriate programs. Sometimes, the antivirus will say it is a Hack tool (which is true and means the file is OK). Sometimes, the antivirus will report that there is a virus, worm, trojan, or backdoor in the file. This means don't run that in Windows!

You can run the program on a virtual computer or in a sandbox.

The solution to the problem for keygens is to run them on a spare computer that you can just throw away. You say that isn't practical, that is where virtualization comes in. Both VMware and Microsoft have programs available (free for personal use) that you install an operating system on and can run programs on. However, the programs are not running in your operating system, but in the copy, so they don't harm your computer. You can do this with any program you are not sure about. There is a file that represents the operating system installed on the virtual computer, and you keep that intact, while running on a copy.

Sandboxing is a little easier. It is a partial virtual computer, so it doesn't use as much memory and is easier to set-up. The most popular program is Sandboxie. There are alternatives, but none aa well tested. Sandboxie is what is called nagware. You can use it for free (for personal use), but they keep asking you to register (your choice).

Last edited by drbits; 26.02.2011 at 10:53. Reason: Update | Add German Summary | Add Spanish Summary | Change to MSSE
Reply With Quote