Forgot your password?
Or sign in with one of these services
November 22, 2007 in A Collection of Essential Guides
Very nice guide (Y)(Y)
Just to let you know that the IP address ranges 202.x 203.x 210.x 211.x and 212.x can and are assigned in Australia and New Zealand (And in some cases the western USA/Canada) - in the case of any TelstraClear customers, blocking the above ranges would deny acces to their DNS server, their mail server and their ISP homepage for starters.
Thanks man... you can never be SURE all the info. you are getting is "110% straight", so point noted & I will edit that part out (I didn't care much for it either!)
* AND, lol, if you note & look closely? You will see I made a fairly CRUCIAL mistake above - I put the IP Address - URL equation in the WRONG ORDER!
Man... that is what I get for doing things without my coffee in the a.m.! I have to edit for that too!
BELOW IS THE REVISION OF MY LAST POST WITH CORRECT IPAddress-to-URL EQUATION ORDER + POINT iMonkey noted
As regards the "Russian BUsiness Network" (RBN) who has been @ the heart of MANY online
attacks (or, things like Zlob trojan & IDTheft related attacks, etc. et al)?
Use this information to protect yourselves, from them.
(RELIABLE/REPUTABLE SOURCE = http://www.spamhaus.org/rokso/evidence.las...kso_id=ROK7465)
ADD THIS LIST TO YOUR CUSTOM HOSTS FILE (usually located in %windir%\system32\drivers\etc subfolder-subdirectory):
You can verify its location, because it CAN be moved (& some virus/spywares do so, like QHosts) by using regedit.exe
& going here:
& checking to see it has NOT been misdirected from C:\WINDOWS\SYSTEM32\DRIVERS\etc
(Unless you KNOW that YOU move it, as I do!)
I move mine INTENTIONALLY to another disk here that is less used & faster on seeks!
That is just so it init.'s faster since the HDD is not contending with other programs loading etc.
or data loading etc. - mine's on an SSD (solid-state ramdisk, for access-seek gains for example).
# === START OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
# === END OF KNOWN RUSSIAN BUSINESS NETWORK/RBN MAPPINGS + AFFILIATED KNOWN SERVERS ===
FIRST OF ALL - Note, I use "0.0.0.0" vs. "127.0.0.1" because iirc, the zero's based one leads to a NULL port type of
request, rather than your "loopback adapter" (i.e.-> YOUR OWN MACHINE fielding requests) for a couple
of reasons (which it took me some time to come up w/ & testing as to which is "better" to use).
SECONDLY, 0.0.0.0 is SMALLER than 127.0.0.1, & thus, parses faster (I found this out using a multithreaded
port scanner I wrote, which whipped thru FAR faster using zero entries, rather than 127.0.0.1 ones)
FOR FIREWALL BLOCKING RULES (or IE "restricted zones" lists (in IE options), OR possibly IP Security Policies usage):
I.P. address block for Russian Business Network:
(184.108.40.206 - 220.127.116.11)
And the address blocks for its equally corrupt cousins at Intercage, Inhoster, and Nevacon:
(18.104.22.168 - 22.214.171.124)
(126.96.36.199 - 188.8.131.52)
(184.108.40.206 - 220.127.116.11)
You should block all IPs starting with these if you do not care about Russia and China:
A few major Internet providers that provide services to RBN including
Aki Mon Telecom
P.S.=> THIS IS THE REVISION TO USE, & thanks in part to myself looking it over again guys (did the first post above without drinking my coffee in the a.m., which for me, lol? IS CRUCIAL) & the rest of the credit goes to iMonkey from above (thanks man)... apk
Thank you, I am glad you like it, & I hope you get GOOD CIS Tool scores, PLUS & above all else? A faster & safer system online... the very reason WHY I put it out across many forums!
Thanks, enjoy, & get a GREAT score on CIS Tool, & a F A S T E R + definitely safer system online using the points in this thread!
* I'd like to thank the moderation staff here & iMonkey too. iMonkey for his excellent points that helped correct my last post here, & the mods for quickly editing out the 1st post I did that had less than "totally accurate" info. in it!
P.S.=> AND, so you all know WHY I put up info. on the "RBN" (Russian Business Network) in my last post above? Well, I strongly suspect "they're @ it again" & here is why:
Cyber-attack launched from 10,000 web pages:
"A single entity is likely to be behind this attack, since the malicious code on all these pages came from the same server in China."
(AND, the "RBN" is KNOWN to 'hop between' China & Russia regularly, as needed, & I suspect they are the ones behind this, but the article offers NO discrete IP Address ranges or IP's so, we have to wait on the specifics, but it is a GOOD guess based on their prior track record w/ Zlob, which I see nearly every day @ times on the job)... apk
"New NEWS": Well, it appears I was correct in my "assumption/guess" above (about my suspecting the "RBN being @ it again") 2 posts up, which are NOW verified, per this quote from the above source:
SECOND MASS HACK EXPOSED:
AND, the source I used for this list:
And, the salient portion that notes that my suspicion was correct:
"if you look at the IPs used in the IFRAMEs, these are the front-end to rogue anti virus and anti spyware tools that were using RBN's infrastructure before it went dark, and continue using some of the new netblocks acquired by the RBN"
So, with that said? Here are those URL's from the list above, albeit altered to 0.0.0.0 equations, for your CUSTOM HOSTS FILE, that shuts out RBN (these appear to be their newly acquired domains list) & the servers they use:
START OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
END OF LIST TO ADD TO YOUR CUSTOM HOSTS FILE FOR BLOCKING OUT BAD SITEs/ADBANNERS THAT MAY BE INFECTED ETC.:
FOR THOSE INTERESTED (or, those that need actual IP addresses to add to firewall rules tables OR IE restricted zones etc.), here are the actual IP addresses of the bogus servers:
Also - These you won't be able to block via HOSTS file filtering methods, but still can be blocked via other means (IE restricted zones, firewall rules tables, etc. et al):
* Enjoy, stay safe, & keep surfing!
Some added points from various sources to either SUPPLEMENT what I put out here earlier, OR, to addon more points I may have missed:
CRSC (computer security resource center) & NIST (National Institute of Standards Technology)
@/from the gov't.:
That this ->
SP800-69.pdf (freely downloadable @ the URL above & it too, lists a ")
PDF document makes a few SOLID points about security that my post here HAS overlooked (however, no longer), OR needs supplementing:
And, a Mr. Markuss Jansen (sp?) on his point on TELNET service (tlntsrv.exe iirc).
Turn Telnet NTLM logings off
-> Run: telnet.exe
--> Type (and press enter): unset ntlm
He also has more on things like "EFS" (encrypting filesystem) which I omitted, & both Mr. J.'s site & the GOVERNMENT ones I note, also cover it too (or, supplement points I made with more alternatives etc.).
USE YOUR "ADD-REMOVE" CONTROL PANEL APPLET!
This is important - as MANY 'malware/trojans' actually DO use since they realize folks do NOT regularly check this area. IF you don't recognize a ware? Look it up on GOOGLE (or altavista/yahoo, etc.) to find out if it is MALWARE or not, &/or IF you need it @ all (if you don't? It's "dead weight" & taking up space on your disks & slowing you down only).
The PDF file guide above, like my guide here also? That also lists a "6.32 Removing Malware" section as well!
So, that is in response to 'my naysayers' from various forums that cricized me for listing such a guide (many MS-MVP mods too no less, but many on many forums would NOT cite "why" or yield specifics I asked for as to WHY I SHOULD NOT LIST SUCH A GUIDE in this article's content... well, experts in this area appear to agree with myself, as it IS part of "securing a computer" in knowing HOW TO REMOVE INFESTATIONS, as I do, like THEY do as well!)
3.14 (regarding filetype associations) which supplements point(s) # from my posting here on this website:
Associate THESE file extensions with a program that is NOT their "default" one
JS, JSE, OTF, REG, SCT, SHB, SHS, VBE, VBS, WSC, WSF, and WSH.
HOW TO Modify File Associations
Advanced users should modify the settings for default file associations, as described in Section 3.1.4. These settings need to be changed separately for every user account on the computer. To change them, perform the following steps:
Personally? I typically associate them with notepad.exe for safety, AND, so I can see their interiors & get SOME CLUE as to what they are up to/doing!
18.104.22.168 Web Browsers
Also, here is a guide for securing IE7x & onwards (as it IS the webbrowser out there with the most potential for problems due to exploits of its features &/or default configuration):
Internet Explorer 7 Desktop Security Guide:
* AND, here is an "interesting" optional (or, supplementary) tool that aids in secured websurfing, that goes along the lines of "restricted limited use User Accounts" usage for security:
DROPMYRIGHTS, by MS from MSDN (freeware):
22.214.171.124 E-Mail Clients
126.96.36.199 Instant Messaging Clients
188.8.131.52 Office Productivity Suites
184.108.40.206 Secure wireless networking
If the computer uses wireless networking, review the documentation provided with the wireless access point and the computer’s wireless network card, then implement the following recommendations according to the vendor directions.85 These directions assume that the Microsoft wireless management utility is being used, not a third-party utility provided by the computer’s vendor or the wireless network card’s vendor. If a third-party utility is being used, do not follow the directions in this section; instead, consult the vendor’s directions for additional guidance on secure configuration.
1. Create a long and complex WEP key (also known as a WPA key or WPA passphrase). Configure the wireless access point so the WEP key is required. Enter it into the wireless access point and the Windows XP Home Edition computer. To do the latter, perform the following steps:
Also, configure the access point to use the selected data encryption option, if it does not already use it by default. Consult the access point manufacturer’s documentation for information on how to do this.
2. On the Windows XP Home Edition computer, configure Wireless Auto Configuration so that it will not attempt to join any wireless network automatically and it will only connect to wireless access points. To do so, perform the following steps:
3. Review the wireless access point’s documentation. If it permits access to be restricted by the media access control (MAC) addresses of wireless network cards, enter the MAC addresses of all authorized wireless devices into the access point. To identify the MAC address for a wireless network card on a Windows XP Home Edition computer, perform the following steps:
Data Execution Prevention
Windows XP Home Edition offers a feature known as Data Execution Prevention (DEP).
When enabled, this feature prevents software on the computer from performing certain actions that could cause problems. For example, DEP could stop certain types of malware from successfully infecting a computer. Different computers offer varying levels of support for DEP based on their processors. Because DEP limits what software can do, unfortunately there might be occasional conflicts between DEP and certain applications, causing those applications to malfunction. Accordingly, users should consider enabling DEP on their computers, and if DEP is enabled, users should monitor their computers for application conflicts and disable DEP if necessary. Appendix B.1 contains instructions for configuring DEP.
220.127.116.11 File Signature Verification Utility
The System Information utility described in Section 18.104.22.168 includes several diagnostic tools, including the File Signature Verification Utility. This utility checks Windows XP Home Edition operating system files to ensure that they have been digitally signed by Microsoft. Files that fail this match could have been added by a benign third party, such as a hardware vendor, or by malware or other attacks. To check the Windows XP Home Edition files, perform the following steps:
22.214.171.124 System Restore
Windows XP Home Edition computers save their state periodically in a format known as a restore point. Administrators can also save restore points manually as desired. The System Restore utility built into Windows XP Home Edition can be used to restore the state of the computer to the state captured in a restore point. The goal is to select a restore point from a date that is before the problem began, but as late as possible so that previous application changes, computer updates, and other changes to the system are not lost.
To restore the computer to an earlier state, perform the following steps:
126.96.36.199 Recovery Console
The Recovery Console is considered a last-resort option when other recovery methods have failed. It also requires expert-level knowledge of Windows XP Home Edition. To use the Recovery Console, perform the following steps:
188.8.131.52 Use a Limited User Account for Daily Tasks
User accounts on Windows XP Home Edition computers can have full privileges or limited privileges. An account with full privileges, also known as an administrative account, is intended to be used only when performing computer management tasks, such as installing updates and application software, managing user accounts, and modifying Windows XP Home Edition and application settings. If a computer is attacked while an administrative account is in use, the attack will be able to do more damage to the computer.
Therefore, user accounts should be set up to have limited privileges; such accounts are known as daily use or limited user accounts (LUA).22 Users should not use administrative accounts for general tasks such as reading e-mail and surfing the Web because such tasks are common ways of infecting computers with malware.
Malware is likely to do more damage to a computer if accessed using an administrative account than a limited user account.
The primary disadvantages of having separate administrative and limited user accounts are that limited users might not be able to run some applications, such as games and other applications designed for older operating systems, or to install applications, Windows XP Home Edition updates, and application updates. This could cause a significant delay in downloading and installing updates, as well as making other certain tasks less convenient for users. To help work around this problem,
Windows XP Home Edition includes a Run As feature, which allows a person logged in as a limited user to perform individual administrative tasks. For example, by right-clicking on an Internet Explorer icon, a limited user can select the Run As option, which causes Internet Explorer to be run with administrative privileges after the limited user has provided a valid administrative username and password. The Fast User Switching feature provides another way to use a separate administrative account to perform a single task while still logged in to a computer with a limited user account.
184.108.40.206 Disable Unneeded Default User Accounts
Attackers often attempt to use the default Administrator account on various operating systems. Windows XP Home Edition does have an account named Administrator, but it is only available for use when the computer is booted into Safe Mode. Since the account is inaccessible under normal circumstances and is needed for Safe Mode to work properly, the original Administrator account should not be disabled, and it should have a password set to prevent unauthorized access.20 Windows XP Home Edition requires a separate administrative account to be created during the Windows XP Home Edition installation process. This account or other additional administrative accounts should be used instead of the original Administrator account when performing computer administration.
In earlier versions of Windows, the Guest account was a common means by which to gain remote access to a computer through a network and launch additional attacks against the computer. In Windows XP Home Edition, the Guest account has strictly limited privileges. By default, it is disabled. When enabled, it can only access resources that have been specifically designated for remote sharing, such as folders and printers. If a computer does not share any of its resources, the Guest account is effectively made useless.
This account is used only for Remote Assistance sessions, which are described in Section 220.127.116.11. The HelpAssistant account should be disabled unless the Remote Assistance feature is needed. By default, this account should already be disabled
This account is intended to assist in providing technical support within an enterprise environment. Therefore, it should be disabled for computers used in home and mobile environments. By default, this account should already be disabled. Computer vendors may install their own remote technical support accounts as part of their Windows XP Home Edition installations. Such accounts should also be disabled if possible.
* And, lastly, a SANS compilation of KNOWN security issues &/or vulnerabilities from 2007 for your references (to check if apps you use are vulnerable, OR have patches you can apply (or, @ least workarounds)):
Nicest part of ALL of this, IS THIS:
You get a clean system, that is FASTER online as well!
Plus? IF YOU'RE "SMART"??
You can back it up & be RIGHT back to a fast secure rig in minutes time only after doing ALL of this... theoretically, NEVER being unable to do so in fact!
(So - Use BOTH "System Restore Points" & std. backup tools like network backups OR imaging tools like Acronis TRUE IMAGE (my fav)) & always be able to get RIGHT BACK TO A SECURE SYSTEM, in about 1 hrs' time (load an OS, load backup-restore software, restore secure + CLEAN image, etc. & all done!)
P.S.=> That OUGHT to "finalize" this post, on MOST ALL POINTS for security's sake on a Windows rig @ least... & other than occasionally having me post more material for say, the HOSTS file again if needed? This OUGHT to be it... enjoy! apk
I also "took the liberty" of contacting a well-known "security-pro" (in Don Parker of "SecurityFocus.com" fame, whom I post with @ Security Forums online with whose URL is below & I referred he to it, as it is the same content as the one here)!
This is in regards to my outline/article/guide here, & here were HIS thoughts/opinions on its content @ this point:
I don't see any real downsides to what you posted. The only thing is that
you need to remember the audience that it is you are trying to reach. If
your goal was to hit the newbies as it were then you may have missed the
mark a bit. Beyond that, it looks fine to me.
From: APK [mailto:firstname.lastname@example.org]
Sent: Wednesday, March 19, 2008 5:34 PM
Subject: REVIEW THIS IF YOU HAVE TIME (I see you posting @ Windows Security
Forums is why I ask, & it is where the post is)... apk
See subject-line, & this URL:
P.S.=> Loved your articles @ SecurityFocus, entitled Catch them IF you can" & "Don't blame the IDS", by the way...
Good stuff, & thus, I respect your views on my posting above & would like to see/hear any "downsides" from your point-of-view regarding the points I made in said posting... again, thanks! apk
That's so you guys all reading here have SOME idea this stuff is SOLID, & works, & 'passes muster' with the "top geeks" (lol, no offense intended, but lacking a better expression here is all) in the arena of computer security, & DO CATCH DON'S ARTICLES I NOTED ABOVE (especially "Catch them IF you can", as it makes points many DO overlook (especially logs!))... apk
I like the idea of having such an article available but the writing could be improved quite a bit because the instructions you provide are about as clear as mud. I'm sure many people would appreciate it if you could rewrite the article to improve it's clarity.
I'm sure many people would appreciate it if you could rewrite the article to improve it's clarity.
Well, again: OPINIONS vary... but, then again, so do QUANTIFIABLE & VISIBLE increases in folks' CIS Tool scores (no opinion there, just fact & GOOD fact, when folks try it, & apply its points based on "best practices" for most ANY OS PLATFORM OUT THERE (not just Windows, no less, & their scores visibly & verifiably increase on it))...
So - in addition to the 12 folks whom I quoted in my last post prior to this one on the last page/above/earlier who LIKED this post from OTHER FORUMS? Well, we have folks here now, who feel contrary to YOUR opinion:
Nice job, I will read through it more thoroughly after I've slept :)Oh and stop hating on him, he obviously has an idea as to what he's talking about, there's been alot of rude replies when, IMO, they are clearly not warranted.
He's doing people a favour here, he didn't have to post this information, be grateful.
Oh and stop hating on him, he obviously has an idea as to what he's talking about, there's been alot of rude replies when, IMO, they are clearly not warranted.
He's doing people a favour here, he didn't have to post this information, be grateful.
Pretty good guide.
Just wanted to thank you for putting this info out. I made the changes on my windows 2003 server and the changes are working good for my home environment
nicely compiled. Thanks for sharing.
moved here very nice guide :)
THAT'S EVEN MORE THAN THE 12 folks (from other forums I quoted/cited above (in my post prior to THIS one on the page preceeding this one), including a security pro in Don Parker of SecurityFocus who either like it, OR, felt it was solid/correct/accurate (& there are more who felt the same across OTHER forums too, not just the dozen I quoted)) who felt it is a SOLID post, from folks here no less, & had no troubles reading it (or, applying it)!
iMonkey @ least, posted something SOLID here on THESE forums, that improved it...
(Which is more than I can say for those telling us about "writing style", who don't have a PhD in English no less)
P.S.=> So, all in all? You have 20 folks opinions (1 is even a security pro in this field no less & SANS certified as well + writes for SECURITY FOCUS) that seem to feel otherwise, vs. YOUR opinion... & there are more, but, that list of them will do, for now... apk
I never said your advice is bad. As a matter of fact, my Windows XP Professional SP2 installation scores 71.6 on the CIS benchmark and I intend to improve it further. I agree with your advice. My criticism was about the clarity of the instructions you provided. You've used jargon that can easily confuse people who are unfamiliar with rigorous computer security—your target audience. You have parenthesized text within parenthesized text—you have digressed from a digression, which is strange—and that is difficult to follow without reading the sentence in which it occurs several times. You truly should consider revising your post because it will help more people if more people can understand it.
I never said your advice is bad.
It isn't, & the CIS Tool merely makes it easier to implement & understand WHY also, as it is based on industry "best practices" for security for the OS platform it's being run on (CIS Tool is NOT just "restricted to Windows only", it also runs on Solaris, BSD & Linux variants as well, for example).
As a matter of fact, my Windows XP Professional SP2 installation scores 71.6 on the CIS benchmark and I intend to improve it further.
That's VERY good, & means (most likely, imo @ least) you may have done some "registry hacking" to secure yourself!
See, on a guess here: The reason I state that is because in testing on a pal of mine's system (the "prototype user" I tested this ALL on in my pal Jack, a "PI" (Private Investigator) by trade?)
Well - I applied a series of .reg file hacks to his system, commonly used ones for speed + security (& he got up to 71.xxx ranges like yourself)...
I agree with your advice.
Good, & I hope it works out to 90.xxx scores for you, as it did for AlexStarFire (screenshot of score I put up for Windows XP users) - that guy has posted a score I have YET to see exceeded on Windows XP (see screenshot of his score a page or two back if necessary for validation of my statement).
My criticism was about the clarity of the instructions you provided. You've used jargon that can easily confuse people who are unfamiliar with rigorous computer security
Well, 2 things I guess:
—your target audience. You have parenthesized text within parenthesized text—you have digressed from a digression, which is strange—and that is difficult to follow without reading the sentence in which it occurs several times. You truly should consider revising your post because it will help more people if more people can understand it.
Well, perhaps... but, again: There are 20 or so people's examples on this page & the one prior where I quoted/cited their results & feelings about this thread's materials, both from THIS forums (& others), who felt clearly otherwise...
Oh well: Opinions vary (& so do CIS Tool scores, but these? They vary, to the GOOD, in increased scores in it).
Thanks a lot!
Long to read :p but useful & complete !
HOW TO REMOVE MALWARE - INTRODUCTION (using 110% free tools, OR ones you have in your OS already natively, to remove malware infestations of ANY kind HOW TO):
If I was ever infested bad with Malware I would just format and start over. Because I would never trust my computer enough to do online banking ever again unless windows was reformated.
That IS a way, & as long as you backup ALL OF YOUR DATA (personally created stuff like resumes for instance)? You'd be ok... but, I spent years of professional time in both forensics in computing + actually fixing & repairing them (both software & hardware levels) to tell you 1 thing: MOST TIMES, you can get rid of these things, fully... except in the case of ROOTKITS (non-bootsector type). Then, it is recommended to do as you note - "REPAVE".
P.S.=> E.G.-> This year alone, I have done approximately & LITERALLY, around 1,000 virus/spyware/trojan/malware removals alone... I only failed on 2 of them, if this illustrates my point @ all (even anecdotally based on MY experience professionally)... apk
Thanks a lot! Long to read :p but useful & complete !
Thank you SLeeM@N:
All-in-all - I hope you enjoyed it! There is an option to rate this thread, so, go for it if you like & thanks!
(& I hope you gained yourself a GOOD CIS Tool score (hit those 90's man, like AlexStarFire did, good luck)).
You'll go faster online & safer as well, if you follow this ALL THE WAY THRU, & apply CIS Tool's points + the ones I layer ontop of that, guaranteed.
P.S.=> I wonder what "megamanXplosion' will think of YOUR experience & statement I quote above though... apk
You assume they had no problem reading it.
OH, I think that seeing AlexStarFire's 90.112/100 score on CIS Tool exemplifies he had NO problems with it, or my writing (especially when I helped him go from an 80's range score, into the 90's range, via questions he asked & I answered for he to do so, for example).
(Given those points, as evidences contrary to your opinions?
Well, I guess "others couldn't understand it" or my writing eh (& just decided to make it a guide, or sticky thread...)
The people you quoted did not state their opinion on the quality of your writing. All you've done is pull numbers out of a magic hat and waved those magic numbers around as if they proved something when they don't.
ABOVE ALL ELSE/BOTTOM-LINE HERE: Is this an English class? Is this my "last will & testament"?? No, to both.
(AND, again - do you have a PhD in English??? Before you tell others how to write, I'd advise getting one... there are @ least 20 others I noted from THIS forums (& others also, only a SMALL partial set of them no less), including SLeeM@N above now, who felt contrary to YOUR opinion, just fact & one anyone can verify on the page prior to this one)
This is NOT a legal document, nor a paper for a grade in English class: This is about computers & securing them. You are off topic man...
Don Parker said, "I don't see any real downsides to what you posted."... Allow me to translate, "Your advice is good but you could've presented the advice in a much clearer manner." Allow me to translate further, "I agree with megamanXplosion."
Putting words into the mouth of others now I see... the main point is that the man said this:
"I don't see any real downsides to what you posted. "
& he IS a SANS GIAC certified pro in the area of computer security (& he just got done @ the CanSecWest security conference no less, which we corresponded about via email & pm).
P.S.=> Opinions on "writing style" from someone w/ NO PhD in English? Mere opinion... so, thus, I put up 20 other people's opinions (and CIS Tool scores from others also) that contradict yours is all... opinions vary! So do CIS Tool scores though... not much arguing with that though, especially when they INCREASE! apk
Funny thing happened here today:
I did some searching here on this forums (for my initials "APK", to see posts I had done here etc. over time & what-not) & I found that someone named "me101" posted the ORIGINAL MODEL OF THIS GUIDE (which iirc, I mentioned in the 1st post of THIS posting of this guide. It came originally from NTCompatible.com "Article #1", from 1997-2002 there), here on THIS SITE, albeit years ago (circa 2001 in fact)...
APK "A to Z" Internet Speedup & Security Text!
(Posted by me101 on 29 November 2001 - 04:40 ? no comments & 795 views)>
Frankly, upon reading it again, after MANY years now? Well, it amazed me (upon comparing it to THIS version now (in THIS post)), on how much it has grown since then... especially for security hacks (for speed ones, it's loaded though).
* The setup that post gives you WILL take you to around 70.xxx/100 scores on CIS Tool though, whereas using CIS Tool & THIS NEWER POST? Well, you can see the scores folks got (in addition to mine) & thus, I definitely consider THIS POSTS' MODEL of said guide, to be far superior than that older one in the URL above.
P.S.=> Besides - This post is more "security-oriented", by far, vs. that one (though that URL above DOES directly & DEFINITELY cover more "speedups" type information, especially registry hacks for speed (and security too though)), so it may be something to take a peek @ as well... enjoy! apk
I'd suggest that the OP need to learn to take some constructive criticism instead of entering in to long arguments about his writing style...
In future, keep that kind of thing by PM please. This thread was already closed once because of bickering and arguing. Any more and it'll be closed again - this time permenantly.
You're welcome - & thank yourself MOSTLY, for applying it, because it does work (for both SPEED online & gains in it, AND security vs. attacks of many forms).
Long to read :p but useful & complete !
Yes - it IS long (because the material is "somewhat complex"), & by way of comparison to the original!
(Which, again, somebody named "me101" posted here, years ago as noted in my last post prior to THIS one above, circa 2001 (from its original material that dated 1997-2002 @ NTCompatible.com))
Yes - it has gotten even larger/longer... which is good!
I say that, simply because that set of registry hacks & such from it only take you to around 71.xxx level scores in CIS Tool. By way of comparison, you can see how much better this guide is now, just based on CIS Tool scoring results.
Especially in my score on CIS Tool (85.706/100 on Windows Server 2003 SP#2 fully hotfix patched) & AlexStarFire's score photo (90.112/100 on Windows XP SP#2 fully hotfix patched) which would not have been as easily possible, imo, w/out CIS Tool guidance.
However, using CIS Tool's suggestions makes it simpler to do (& accurate enough, as it is based upon "best practices" for security)...
I have learned a great deal since 2001 that helps secure you online even moreso, hence, why this has gotten so much larger/longer (and, how my score got 15 points better no less).
BOTTOM-LINE: It WORKS (the most important part) to help secure you online AND, speed you up too as a bonus - & anyone reading + applying this posts' points gains by it, as I did & others noted in this thread.
Thanks, I "pm'd"/reported this thread to you mods/admins here, because of megamanXplosion calling me "clueless"... which apparently, you have REMOVED (the post where he did so).
I have NO problem with that - especially when I can point out (as I did in reply to such "critique", the kind that does NOT help others increase their security no less) others who felt differently (and, that was roughly 10 people from THIS forums, & 10 others from other forums (only a small sample of that no less, there are FAR more)).
However - I do have issue with those that toss names & such, as megamanXplosion did (& others such as betasp, OR others like raskren that posted FALSEHOODS regarding antivirus effectiveness which I wholly disproved with evidences from sites that test such programs).
Still - Thanks for clearing that up where megamanXplosion called me "clueless" - funny though, how you don't scold he for that, eh?
(I suggest YOU exercise fairness & reprimand HE publicly as well... as you have myself. He may be a "long time poster here", big deal, & your pal... but, does that put HIM above such reprimand? NO, it does not).
In future, keep that kind of thing by PM please. This thread was already closed once because of bickering and arguing.
Yes, & the FUNNY part was, those I argued with always ended up tossing names & such, NOT I.
(All over "writing style", MERE OPINIONS - So, give me a break: If those that post such "suggestions", minus a PhD in English no less, have "ADD" etc.? Well, that is NOT my problem! Nor is it if they have a lack of patience when poring over subject material that is LONG & COMPLEX either)
I merely put up opposing opinions, many of which came from THIS forums, & others (small sample only) as well.
Any more and it'll be closed again - this time permenantly.
Your loss if you do!
( & I was NEVER the person calling others names & such, period, as my "wannabe PhD in English/English teachers" had - does their "critique/opinion" help secure others? NO! Did others read & APPLY this material?? YES, to their benefit... period!)
All I ever used was:
ALL easily verifiable, & fact.
P.S.=> I ask for critique, but ONLY on TECHNICAL POINTS (that actually HELP to secure others online)... not a grade in English class (much less from those lacking a PhD in the subject of that language)...
TO THE "WANNABE ENGLISH WRITING TEACHERS" OUT THERE (minus their PhD in English, and most likely minus any degrees, certifications, OR decades of hands-on experience in this field):
Get a PhD in English, I may listen... & ONLY then: Simply because I can do what I did, & that was to put up a TON of others whose opinions & CIS Tool scores no less as well, counter THAT b.s. easily.
Above all else: IF YOU DON'T LIKE IT? DON'T READ IT! Nobody's "twisting your arm" to do so... right? English grammar critiques, pure personal opinions, do NOT help point out technical "downsides" to this article's points... zero contribution to the good of others.
Otherwise? You ARE "off topic", no questions asked (as this is a forums on computing, NOT English spelling/grammar - the resort of the technically WEAK online, imo @ least)... apk
OT: Flames are routinely deleted when reported; subsequent posts referencing them may be edited to preserve the flow. Mods have to read a thread to decide upon actions when a post is reported; antagonising them isn't going to get you very far. Threads have been excised from history for far less here...
A suggestion: Make a PDF and present it for download. I, and others, appreciate your efforts to impart knowledge you have gained over the past n years, but the whole thing has ballooned from the "12 steps" as mentioned in the topic title and is now a novella. It gives you a chance to present the whole shebang in an orderly and concise manner and neatly gets around the "long to read" problem where what information you are trying to impart is mixed in with ripostes.
OT: Flames are routinely deleted when reported;
Right, & I reported it in fact (when megamanXplosion called me "clueless" etc. et al)... simply because "writing style" is JUST A MATTER OF OPINION (& I posted 20++ people who read this post just fine, AND, applied it also, w/ no problems reading it whatsoever, in response from myself & yes, others).
subsequent posts referencing them may be edited to preserve the flow.
THAT, I have NO PROBLEM with... even IF they're MY POSTS (however, I did NOT toss names @ megamanXplosion, or others like raskren & betasp - I just put up either facts, OR the experiences & opinions of others, to show their "CRITIQUE" was just opinion, & THOSE? Clearly, vary).
Mods have to read a thread to decide upon actions when a post is reported; antagonising them isn't going to get you very far.
Who was I antagonizing? I only told it how it was, with proofs, that's all. Proofs of others' opinions who stated this post was good/useful etc. & also those of other forums (who like this one, instantly made it a guide OR sticky thread) & even THAT OF A KNOWN SECURITY PRO, from a respected website (security focus).
This is all. No name tossing, just facts that back up what I write. This is NOT an "english class" or a paper for a grade in it, nor is it my "last will & testament" (ala a legal document)... it is a FORUMS ON COMPUTING, not English grammar. Critique of "writing style"? Opinions, only. Those vary, & many others felt otherwise (whom I quoted in THAT regard, no less).
Threads have been excised from history for far less here...
Fine, again: Do so? You lose a view EVERY 15 minutes of this thread (from your website's point-of-view) & also, folks gaining by it (because this stuff in this post DOES work, & very well, to secure folks online AND speed them up too).
It'd be this forums' loss, & there are many others like it online I can put this info. up on (& I have done so, just in case some moderator decides to burn a thread, because forums aren't some "unique quantity" online, there are many of them).
Locking a useful thread, I can see, but outright "burning it"? Man... come on!
A suggestion: Make a PDF and present it for download. I, and others, appreciate your efforts to impart knowledge you have gained over the past n years
DECENT SUGGESTION, by ALL means... I just may do so, but, not until I get feedback that's TRULY USEFUL (such as iMonkey's was here on THESE forums)... to "perfect it" & NOT mislead others with inaccurate info..
To iMonkey - Thanks iMonkey!
What I am looking for, is TECHNICAL POINTS CRITIQUE (not a grade in English)... that is what HELPS PEOPLE the most, AND is "on topic"... & last time I looked? This is a forums on COMPUTING (not English grammar).
but the whole thing has ballooned from the "12 steps" as mentioned in the topic title and is now a novella.
It's complex subject material, AND YES, long (but, detailed & ACCURATE)... no way around it.
MORE "critical information" such as bad banner servers (ala my RBN example) changes... it is NOT 'static in nature' & USEFUL for securing folks vs. attacks by RBN for example!
It's GOING TO CHANGE & need addons... no way around it, period.
It gives you a chance to present the whole shebang in an orderly and concise manner and neatly gets around the "long to read" problem where what information you are trying to impart is mixed in with ripostes.
Yes, I admit readily, it is long (what am I supposed to do about that? It IS complex & long material period - how much can I "shave off" of it, w/ out impacting detail, in other words?).
NOTE ALSO, especially above from SleeM@N: He said, yes, it's long BUT, he thanked me for posting it (& said it is "complete")...
For users of Adobe Reader:
HOWEVER, if you don't trust that, as I do not, FULLY?
(Simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)
Plus, like I had stated earlier in this guide?
APK... the personal insults stop now... as well as the PM's you've been sending to him.
Uhm, you read them, & then YOU unlocked this thread, after seeing "who was sending what, to whom" etc./et al!
(Thanks for that much - you saw the names he tossed, iirc, & also the photos he put up about me here like some frustrated child might, lol!)
Then, he had the balls to lie to you. How does a guy like THAT, live with himself, I wonder?
Anyhow, for laffs?
I even archived them here, just for posterities' sake!
& it's nice to see someone who is a liar (there's NO WAY betasp has an MCSE, unless it's just paper in other words, based on his performance & his posting photos about myself, lol, childish, but also more below) get put in his place (& it wasn't me - I''m still here posting, & he's LONG GONE WITH THE DAWN, lol, no doubt out of shame, lol!).
Anymore issues and you will be restricted.
Well, that never happened, because of the above (you took it to he, not I)... which was how it ought to be, as he was WAY off/wrong on technical issues, for an "MCSE" (doubt it, or he is just a mgr. paper one, like so many are - NO hands on actual work with the tools)
Well, thanks for ACTUALLY DOING YOUR JOB (a rarity in a mod/admin OR manager of most any kind many times imo, lol), & letting this thread continue... betasp's little photographs he put up were his undoing, on his own (then lying saying I was sending him bogus pm mail here, & HE WAS SENDING THEM MY WAY).
Thank goodness there's mods that really DO, do their jobs!
P.S.=> Too bad you have some "bad elements" here... I mean, for example: Those that try to tell others how to write, with no PhD in English, OR degrees or professional experience!
(In English professionally as editors, OR teachers @ least - not that it'd matter: THIS IS A FORUMS ON COMPUTERS, not English class, lol, & "writing style"? PURE OPINION, especially from a non-pro in THAT field (English), & the outright last resort of the TECHNICALLY WEAK ONLINE (well, that, & "downrating" a post in retaliation, lmao!))
The part that really makes me laugh, even MORE than betasp's photos & lies which you caught he in?
I am sure, that then HE, "in impotent retaliation", rated this post down!
"Oh no... the world's over, lol!"
Funny part is, when the folks reading see others stating they like it, for the benefits this post yields? Who looks silly then?? lol... not I! Just as I did not in THIS situation you note.
Now, I am sure there are those who are computer pros though, gotta be some of that here, & they read this (or even those that are not, but did apply it (especially kudos to THEY, it takes some courage first time & patience))... & did not note any really bogus stuff in it (other than 1 spot I actually ASKED if anyone saw anything wrong, as I quoted it from another source, & that's iMonkey (again, thanks iMonkey)).
(On down rating in retaliation? LOL, anyone can do that, but to justify it as 'good' when this forums' about COMPUTERS, not ENGLISH SPELLING &/or GRAMMAR? LOL... effete, & WEAK!)
Yes... well, but... that's when they end up with egg on their faces, & they do it to themselves, that type...
Those that have their MCSE (supposedly, in betasp, which he told me in pm no less but certainly did NOT SHOW IT, especially when he said there's "no way to mass deploy this setup" & not have helpdesk calls)
Hilariously funny, that, because I, & others I noted in this thread like Thronka (from another site, URL proof too) that have setup a company MUCH LARGER THAN HIS with more client nodes this way!
Just as I described, quickly + using tools to do so with that most ANY JUNIOR NETWORK TECH EVEN KNOWS!
(Ala AD Group Policy Tools &/or logon scripts)
Yea - some MCSE he is... the"Paper kind" w/ NO HANDS ON ACTUAL EXPERIENCES DOING THE JOB - typical of "mgt." today in fact (& QUITE PITIFUL!)... apk
It gives you a chance to present the whole shebang in an orderly and concise manner
Shhhh. You need an English PhD to suggest such a thing.
Those that try to tell others how to write, with no PhD in English, OR degrees or professional experience!
Analyze curriculi for English PhDs. An English PhD is attained through a study of literature—Shakespeare, Poe, et cetera—rather than grammar and syntax, which are not college-level subjects. In this discussion, English PhDs are irrelevant.
Shhhh. You need an English PhD to suggest such a thing.Analyze curriculi for English PhDs. An English PhD is attained through a study of literature—Shakespeare, Poe, et cetera—rather than grammar and syntax, which are not college-level subjects. In this discussion, English PhDs are irrelevant.
MegamanXplosion: You are MORE THAN WELCOME to find errors/holes in this post to critique its points, which are ABOUT COMPUTERS & SECURITY (not "english grammar writing style opinions", lol - which IS offtopic, as this is a forums on computers (not English grammar))
So, that all said & aside? Hey... please, stay on topic & try to do so, IF you can... ok?
(Sarcasm & further foolishness on YOUR PART only makes you look even more silly)
* Have a GREAT day, & good luck finding technical errors OF A COMPUTING SECURITY NATURE, in this thread's points here (be useful, try it, as it is ALL I asked for & it benefits others to make this post stronger too)
No registered users viewing this page.