Is it time to create a new "Security Help" thread to be pinned at the top of this forum?

The old one is a bit outdated, both in terms of old stuff gone dead or gone rotten and new stuff appearing.

It also seems to me that to be most useful it has to address the need of various types of netsurfers.

Level One: The bare minimum. For everyone who has internet access, especially including those who are are absolute beginners and have never downloaded an *.exe file and run an install program and never wittingly never wander outside of a very few safe zones. I would like to see a few recommended programs (including some options (there is no need for us to agree on which is "the best") accompanied by hand-holding walkthroughs. A case in point, I set up a new machine for my SO, left Windows Defender or whatever it's called in place, added Panda AV because it is utterly non-intrusive, set up Firefox with NoScript and warned her about the potential inconvenience, and maybe a few more things. She had previously used a Mac notebook which had never even had the OS updates done for several years just because requesters were just seen as an annoyance to be clicked away.

Level Two: For those who know or suspect that Level One is is easy but less than sufficient. I'm really not sure what goes here, but it's stuff that requires a bit more of the user than Level One but adds better protection with a bit more work.

Level Three: For those doing more dangerous activities. Link hopping, .ru sites, P2P, p0rn, facebook, .gov?, and all others who realize that what one might believe is probably safe may not be, or may be one day and not the next.

Level Geek: For those who want and are able to use logfiles and realtime monitoring to get information about threats or attacks that 99% of users will never even realize are possible to see or understand.


If people here have the inclination and time to redo the "Security Help" thread, one way to move this forward would be to post a "Draft One" version of what your initial suggestions would be, and, after some feedback, a "Draft Two" or "Three," if needed.

I would hope and expect that through discussion more than one Draft version would end up being combined and refined into some later version that could achieve consensus. I am certain that the "Security Help" post could be improved, and wonder if now is a good time for this effort.

I don't have the expertise to do a first draft that goes beyond some guesses, but maybe some of the gurus here want to give this effort a try or two?

I have never even noticed the pinned thread! But have often thought it would be a good idea to have such :silly:

One mention about the P2P... I notice on the reputable help forums that they refuse to offer help for P2P, viewing it as helping and/or endorsing acts of proprietary theft. That seems a sensible policy to me.

But I don't think you need to re-invent the wheel or make it more elaborate than absolutely necessary. I'd also stay away from grading the advice by competence levels. Ya know, self-assessment and all that.

Maybe the group could take some time to work out and agree on the best, most current and free security tools. It doesn't have to be limited to one particular program in each category as, after all, there are a diversity of opinions on say, antivirus. Personally, I'd stay away from paid software as there is more than enough good free stuff around.

The list could contain download and documentation links, and also links to good articles about security issues.

We could spend a couple of weeks talking about this, posting back and forth and maybe then a point person will emerge who is willing to put up a poll or a consensus-type thread and take it from there.

people will hopefully hear less from me with my level one questions.

Suggestion: Level "scares the hell out of me": For those of us who have no idea what is going on. Used exclusively by those of us who cannot understand the first levels.

It is out dated and needs to be changed. Good luck ConsAreLiars

for compiling the original post. A testament to its usefulness is the fact that the group wishes to retain and update it. :thumbsup:

And might I make a suggestion? We could post links to various reputable sites that test and evaluate
security, anti-virus and other malware apps. Perhaps no matter how old our thread would get these links
would be kept up to date by the site host. And if we had several links to different sites readers could
get a consensus of what software might be useful and what would be good to stay away from. And of course
as always personal critiques by DUers who had tried any of these apps would carry a lot of weight.

Also, I've been looking at some sites with 'timeless' information on them, such as definitions of viruses, trojans, phishing etc. I might start compiling a list.

I'll make a list.

Link: http://www.pcmag.com/article2/0,2817,2339912,00.asp

I don't necessarily agree or disagree with their findings but it is something to start a consensus with.

Bear in mind there are a lot of sites who will rank software reviews according to the highest bidder.

I'm reasonably comfortable with PCMag's reviews however.

to basic security knowledge. They are by no means the be-all-and-end-all, rather a starting point for informing folks of the risks out there.

Definitions of virus, worm, trojan
Phishing Scams
Spyware
Slow Running Computer?

The original sticky was put together by Berserker on his own, and it proved popular enough that I thought it should be pinned to the top. Someone else agreed, so I asked Skinner if he'd do it, and voila'.

I just mention this to note that once the new post has been compiled, it will of course need to be give its own thread, and then you'll need to contact an admin about changing the pinned topics.

Also FWIW, I agree it needs updating. I'm not, however, much of a fan of the "Level" distinctions. For one thing, I really don't think we should, as a group, get into giving advice on how to go "slumming," which is what I call intentionally exploring portions of the web where one is likely to run across nasties. For one thing, this comes across as an endorsement, especially if it's in a pinned topic, and for another, no one should be doing this unless they already have some significant amount of knowledge in the first place. Talking about strategies might be one thing, but, imo, it should be separate and not pinned. Such strategies change constantly anyway.

If we want to categorize things in some way, I believe it should be limited to something like Basic and Advanced. "Advanced" could involve help on logfiles, how to trace an IP to its source, etc., and people can use that however they want.

I'm quite computer literate, but not an expert by any measure. So I am comfortable with security programs asking me to choose "yes" or "no," but my experience with my SO reminded me of how such requesters are experienced simply as an annoyance by others and browsing menus to find "options" or "preferences" in order to discover more questions that resemble gibberish is not something that everyone will do.

Revising my sense of what would be most helpful to the most people, I think the suggestion to link to some outside references ranging from intro tutorials to ongoing debates among experts would help those who are interested in making their systems more secure and thus defining their own comfort level and how much work they are willing to do.

I've used AVG for a long time and until I build a new machine I'm using an older/slower Pentium HP. AVG takes a long time to run, noticeably slowing things down, and requires a rather complicated user input to get rid of tracking cookies. Panda AV, on the other hand, appears to work completely silently, to the extent that it works. But AVG scans incoming email, while Panda (I think) does not. I don't have a clue about about how Avira or Avast or any others rate in terms of "not being a hassle" to users like my SO, or how effective the Firewall built into XP or Vista or the coming W7 might be, but I do know that Comodo, when set at an intermediate level, would drive SO crazy if she ever tried to run an install routine. I also know she would never run (or likely need) the various anti-spyware programs that I might load into her computer. But SafeXP, being unobtrusive, and maybe some others would be a good thing to add. (Not to give the wrong impression, she has used computers for a long time - it's just she thinks they should just work and not whine and ask for help or demand answers to obscure questions.)


So, I guess what I think at this point is, as you suggest, two levels. One being essentially "silent" (zero or minimal user hassles), and the other being PDGP - "Pretty Damn Good Protection" - that requires a bit more user involvement to work effectively. Going toward top level CIA Snooper Spook levels, or deciding how exactly to take half steps between between Basic and PDGP should be up to the user, and not something we should try to define.

I also now agree with those who suggest that advising in the main post about the safest way to enter danger zones would be a bad idea, both because it might inaccurately appear to suggest that there is "a safe way" and thus implying and endorsement of such dangerous ventures. Some might comment in replies about additional security software beyond those mention in the OP, but I think the OP should be limited in scope as you and others have suggested. One further reason is that I would like to see a "Security Help" post that makes it absolutely as simple as possible for any DUer to implement Step One. I know my SO would have stopped reading about halfway through if I had simply suggested she do what was recommended in the original thread.

Just a personal anecdote. Back in the day I worked with an antiwar progressive group, well more than one, and more long since then, but this one was very high profile. We frequently encountered an obvious spy. CIA, John Birch Society, DIA, FBI, .... - who knew? Once he stopped me and my companion when walking our dog and reached down to read the tags, which included our "if lost return to" address. On the other side, we got his car license tabs and traced them back to, guess what, an empty lot. Made me aware of how vulnerable we are as individuals compared to those who are determined to spy and then do whatever and who have more resources to use.

verifying the links that are in the current OP. I've been unable to use Internet (mostly) for the past week.

Free Firewalls

Kerio and Kerio Manual DEAD
Sygate not there
Sygate Manual not there
ZoneAlarm Good
ZoneAlarm Guide 3rd Party Guide
FireWall Info DEAD


Test Your Computer’s Vulnerability!

Shields UP Good
Steve Gibson’s Home Site Good
Security Testing Site’s DEAD

Online Virus Scanners

HouseCall Good
eTrust Antivirus Scanner Good
Panda Good
RAV Antivirus Scanner 403 no access

Malware Scan
Jotti’s Malware Scan DEAD

Virus Information

Symantec Good (database)
Trend Micro Good (database)
McAfee DEAD
Sophos Good
eTrust Good (encyclopedia)
Security information from Secunia Secunia Good (encyclopedia)
Security information sites. Security Intelligence DEAD

Popular method of Web Site Spoofing
Anti-Phishing site and info Phishing Work Group Good
Anti-Phishing Work Group Phishing Archive Good

Spyware Research Links

Spyware Guide Good
Doxdesk Parasite Removal Information Good
PestPatrol Parasite Removal Information Good

Free Virus Fix and Removal Tools:

Grisoft AVG Download Good
AVG Special Removal Tools Good
Symantec Good - browser crash
Trend Micro Damage Cleanup Good
BitDefender Good
McAfee Avert Stinger Good

Secunia Personal Software Inspector (PSI)

http://secunia.com/vulnerability_scanning/personal/

:hi:

Does anyone have an opinion on this website?

http://www.majorgeeks.com/page.php?id=20

An introduction of sorts, http://majorgeeks.com/page.php?id=3

:kick:

http://forums.majorgeeks.com/showthread.php?t=35407

I can't get motivated to reinvent the wheel.

First, there seems to a general agreement that the current version of the pinned "security help" is broken in many ways. Why Syzygy kindly took the trouble to check the links and found many recommended software was gone and links were invalid.

Second, many suggested referring DUers to other sites where the information is both expert and more current. Major Geeks seems to be a favorite, because the software they recommend is freeware/shareware and the site is not littered with deceptive "clickme" ad links. This page http://www.majorgeeks.com/page.php?id=20 seems to cover most of what we included, but a lot more as well, which is both a good thing for some and a bad thing/confusing for others. I noticed only one dead link, but didn't check through everything. (I sent a heads-up to the webmaster.)

It seems to me that the novice when it comes to computer tech would take one look at that page, see a mix of terms that are only vaguely familiar at best, maybe firewall and virus, and a bunch more like malware and rootkit that meant only that this site was not aimed at them, and just "Run Away! Run Away!" Pardon the "Holy Grail" reference, but I think it is absolutely descriptive of the reaction of a great many here and elsewhere when shown that site.

I think maybe we could make that information on Major Geeks more accessible by providing a bit more introductory information and direct links to those sections that offer the links.

For example:

Majorgeeks can be confusing for novices. I would like to thank all the people that made the Security Help Stickie possible. Their work make my getting into computers so much easier.
I'm no help at all, I just wanted to say Thanks.

I use SuperAntiSpyware and Malware Bytes...plus cccleaner and indexdat file remover...I have no idea why, but it all seems to work...plus Hijack This!

we need to pin a standard malware removal protocol. Volunteers? Hobbit?

I mean, it's a good idea within some general guidelines, i.e. figure out what you have and attempt these basic steps. But if the basic steps don't work, which they often don't, then it becomes a different issue.

There are umpteen billion different kinds of viruses, some of which can be removed easily. Others take a lot of troubleshooting. I've spent hours removing a single virus from a system, almost all of that time consumed with trying to figure out how precisely what I needed to do and just as importantly not do. A list of instructions might have worked for that single virus, but those instructions wouldn't have worked for another kind.

And then if it's a trojan or a hijacker or just simple spyware or adware, all of these require different methods.

As Bluejazz said in another thread, doing it long-distance is difficult, even when you've got a constant back and forth with the person who has the problem. Creating a generic protocol for malware would be daunting at the least and likely impossible within a single post. I mean ... books have been written. :)

Not trying to knock down the idea, just wondering what you have in mind.

"general guidelines". Malwarebytes will often resolve an issue. I realize there are many bugs. There are several SOP procedures that can be recommended. If they don't work, of course the issue can be addressed in a separate OP.

We recently discovered my dad's computer was riddled with problems--several viruses, at least one trojan, etc. After some searching around, I managed to discover all the information I needed for cleaning up the mess at the Virus, Spyware and Trojan Removal board at Geeks to Go. They have an excellent Malware and Spyware Cleaning Guide as well as the option for free one on one help if you can't solve the problem with online guides alone.

Here are a couple of useful articles they also offer:
Computer Security, Defense-in-Depth
Preventing Malware and Safe Computing

Having spent days on end trying to clean my dad's poor computer (and finally weaning him away from McAfee to a better AV program), I just wanted to add this to the data pile to help anyone who might be going through a similar frustrating experience. Hope it helps.

Introduction to Computer Security Threats
http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=358&topic_id=5240&mesg_id=5245