I know nothing about firewalls and suck at the internets

[nageov3t]

admitting your noob status is the first step to recovery

I recently had an incident wherein a keylogger was installed on my computer, someone got my world of warcraft password, and totally trashed my account. I'm trying to figure out every step I can take to avoid this ever happening again.

I've already reformatted my drive, installed a bunch of anti-virus / anti-spyware programs and a software firewall, but I was thinking it might be time to use my firewall for something more than a router with some pretty blinking lights.

anyone know how I'd go about blocking all out-going traffic except what I need to run WoW, firefox, usenet, and the updates my DVR gets?

 

[JackMDS]

Software Firewall should block what is going out.

Basic Protection for Broadband Internet Installation.

Freeware Security suit for Internet Connection Protection.

 

[nageov3t]

Originally posted by: JackMDS
Software Firewall should block what is going out.

Basic Protection for Broadband Internet Installation.

Freeware Security suit for Internet Connection Protection.

thank you!

 

[BurnItDwn]

This doesn't directly answer your question, however I think you're going to have a difficult time with this.

If a keylogger is able to somehow get onto your system, then any security features on that system can usually be bypassed or disabled by the keylogger.
Often many keyloggers use the POST mechanism of your default browser in order to send the keys to somewhere.

This further complicates the problem because unless you only allow access to certain IP addresses, you're firewall (which would have to of course be a seperate machine between the PC and the ISP) would see the keylogger's attempt at sending data and treat it just like every webpage you visit, as it wouldn't be able to tell the difference.

 

[nageov3t]

Originally posted by: BurnItDwn
This doesn't directly answer your question, however I think you're going to have a difficult time with this.

If a keylogger is able to somehow get onto your system, then any security features on that system can usually be bypassed or disabled by the keylogger.
Often many keyloggers use the POST mechanism of your default browser in order to send the keys to somewhere.

This further complicates the problem because unless you only allow access to certain IP addresses, you're firewall (which would have to of course be a seperate machine between the PC and the ISP) would see the keylogger's attempt at sending data and treat it just like every webpage you visit, as it wouldn't be able to tell the difference.

so is there a way to get 100% protection? or should I be prepared to run a system scan before ever entering in a password?

 

[BurnItDwn]

Originally posted by: loki8481

Originally posted by: BurnItDwn
This doesn't directly answer your question, however I think you're going to have a difficult time with this.

If a keylogger is able to somehow get onto your system, then any security features on that system can usually be bypassed or disabled by the keylogger.
Often many keyloggers use the POST mechanism of your default browser in order to send the keys to somewhere.

This further complicates the problem because unless you only allow access to certain IP addresses, you're firewall (which would have to of course be a seperate machine between the PC and the ISP) would see the keylogger's attempt at sending data and treat it just like every webpage you visit, as it wouldn't be able to tell the difference.

so is there a way to get 100% protection? or should I be prepared to run a system scan before ever entering in a password?

Unfortunatly, there is no such thing as a computer that is 100% secure.
Running a system scan every time you enter a password is mostly a waste of time, especially because lots of the newwest worms, trojans, viruses, etc don't get detected right off the bat.

Your best bet is
1) never run anything unless you are 100% sure what it is and that it's safe.
2) a software firewall is a great line of defense. They are very usefull, but they are not magic cure alls.
3) never use an "administrator" account, unless you are doing actual administrative things that require that access level. I know it's a pain in the ass to switch accounts for this and that, but it can save you a lot of trouble.
4) any time you notice ANYTHING out of the ordinary with your PC, no matter how insignificant it appears, research it and figure it out.
5) Regular scans of things like spybot, adaware, antivir will help to keep your box in shape, however, they too are not magic cure alls.

There is no way to 100% protect your PC or yourself from threats or user error.
Following steps like these can help a lot though.

One other thing, and this is going to be a major hassle, Use different passwords for everything, and don't keep them saved in a plain text file somewhere.

If you need some help remembering passwords, you can always use a secure open source password management utility, that way, you only have to remember one or two passwords, as opposed to dozens or maybe even hundreds.

The One I use (well actually, my entire department at work uses it) is called Password Safe.


So, be smart, protect yourself the best you can, don't have a sense of invulnerability or "that can't happen to me", and you should for the most part be nice and secure.

 

[Pulsar]

I'm going to wager something.

I'm going to wager that a keylogger was not installed on your computer by random and just HAPPENED to get your WOW password.

I'm going to wager that you downloaded something that you shouldn't have... related to WOW... that perhaps Blizzard wouldn't have appreciated your having. Or rather, I'm going to wager that you TRIED to.

I'm going to wager that the "program" that you downloaded to do... something... is what installed the keylogger.

I can't tell you how many times I've had to deal with people doing this. If that is what happened, then I suggest you simply stop downloading non-verified 3rd party hacks.

 

[Lemon law]

To loki8481,

Admitting you are a security noob is just step 1---step 2 really involves learning how a hacker thinks.
The hacker or malware writer wants to get you for fun or profit--you are trying to defend your self and sadly can't shoot back. And as you now know---what you don't know can hurt you. But on the bright side, you burnt the system to to the ground and got all the malware in the process---so you are starting out with a clean system.---and you want to keep it that way.

As any decent link will show you---you need layers of protection---and a firewall is just sort of an like a concrete barrier you put around a building so a terrorist can't drive a truck bomb next to the building---but in terms of a software firewall---choose wisely because you can have one and only one---but you can also have a hardware firewall to add some protection also---but if you want a totally safe building--( your computer in my analogy )---you put a concrete barrier all around that stops anything getting in or out. Which defeats the purpose of having a building---so you restrict access---which is exactly what a firewall does.---but you leave an opening so people can get in and out.---and if you tell the firewall to let something in---the firewall rolls out the red carpet.

Once the packet gets to the building door---you need a gatekeeper---and thats your active anti-virus
comes in--and you can have one and only one at a time--that hopefully has the pictures of all known worms, viruses, trojans, and keyloggers---and it will also search the suitcases, briefcases, and backpacks to see if bad guys are hiding inside of zipfiles. But if a totally unknown real bad guy comes in---and they are created a rate of about 10 per day--your gatekeeper will let them in until he gets that wanted dead or alive poster---so keep your AV updated.---sort of lesser thieves and pickpockets---things that don't do horrible things will be allowed in by the AV---just too many for any active AV to have wanted posters on.

So now you hopefully have a building with no one really super dangerous in it---ranging from the good citizens--cookies--some less good tracking cookies---to all kinds of theives who will try to steal data and phone home.---that is where the local police come in---which are your passive scanners. That identify them after they get in and give them the old heave ho---giving the bums rush out of the building.---so make sure they are updated and run them often.

But the holy grail for all this malware is to get that ID badge that says I am a good citizen---and to get on the system registry---and that is where process control comes in--when you are installing a legitimate program they can bug the bejesus out of you as they ask you to approve this that and the other thing---but at least they sometimes save your butt when they catch a bad guy who tries to sneak by.---the other holy grail strategy is to hide in a group of legitimate cirtizens---which is the generic equalvalent of a program with a security hole in it---and lots of them--most of the macromedia flash players are of that nature---the older apple players, ie6 is a big hole---go to the secunia site for a free on line scan and update to a newer more secure version--or pitch the security hole all together.---and to push the analogy further--keep everything on the to be pitched out at closing time list by using a non-administrative account---better yet a non-administrative account with a software restriction policy if you have XP pro.---but also piles of generic advice around on other ways to frustrate any malware that gets in--always worth reading.

Very abridged coverage--but when you start thinking that way---you can start to understand various defense strategies---and implement something that works for you---and it helps to think about where you are vulnerable---and alter your behavoir to frustrate the bad guys.

Once you have that clean computer---its not very hard to implement a strategy that keeps you pretty safe---and with an almost infinite supply of almost totally ignorant PC users---the malware writer does not have to work very hard to get more victims than they can handle.---why should they break a sweat to get you?

 

[nageov3t]

Originally posted by: LsDPulsar
I'm going to wager something.

I'm going to wager that a keylogger was not installed on your computer by random and just HAPPENED to get your WOW password.

I'm going to wager that you downloaded something that you shouldn't have... related to WOW... that perhaps Blizzard wouldn't have appreciated your having. Or rather, I'm going to wager that you TRIED to.

I'm going to wager that the "program" that you downloaded to do... something... is what installed the keylogger.

I can't tell you how many times I've had to deal with people doing this. If that is what happened, then I suggest you simply stop downloading non-verified 3rd party hacks.

I hope you're not a betting man, because you just lost a lot of money.

 

[JackMDS]

This is post is not directed to you loki8481.

While there is No 100% security, the majority of people who maintain reasonable security systems.

I.e. Router NAT Firewall, Software, Fire, Anti Spyware, and AntiVirus, do not get infected.

My experience shows that most of adult people who get infected are the one that can not resist ?Pie in the Sky attachments? and similar type of interactions.

Most of computers that need to be cleaned contains traces, or attempts of erasing Adult Material.

I know of people that dumped into the garbage good computers because they were embarrassed to give them to some one else to clean knowing that the cleaner would find the Adult material.

Or and, young people that are on a constant quest for ?free? music, ?free? Movies, and other Theft of copyrighted material, with No understanding or regards to what the Price of this ?Free? might be.

Most of the sites that are dishing the ?Forbidden Fruits? do not work well, or do not let you to download, or see their Juicy stuff without switching off some of the security measures.

So, what the big deal, I can disable the Firewall for two minutes, get my stuff, and than enable it again. What the heck can happen to me in two minutes. Two minutes is just .0000001% of the time that I use the Internet so what if for .0000001% I am not secured.:shocked: