OPC Presentation 10-31-17 More about Windows OS Security By Len Groth
PC Security by Listing Blacklisting Greylisting Whitelisting
Blacklisting* (in Computing) A Blacklist is an access control system that denies entry to a specific list of users, programs, or network addresses* Security technologies such as antivirus or other malware which prevents known bad activity & permits all others Requires virus signature code to identify Requires continuous updating of signature codes Zero Day Vulnerability: There can be a delay between appearance of virus and signature code Personally Use: Avast antivirus & Malwarebytes, Glary Utilities *Source: Wikipedea
Verifying Good Software Sysinternals Utilities: Check for Software Verification & for Viruses Download URL https://docs.microsoft.com/en-us/sysinternals/downloads/ Download entire suite or specific files Live Service URL https://live.sysinternals.com/ Run a program from the web Very useful Sysinternals Programs: Autoruns Demo ProcExp Demo
Multi Antivirus Scan Virus Total website: Upload & scan File Search or Scan a URL Search a URL, IP Address, Domain, or File hash https://www.virustotal.com/#/home/upload Demos Good File Virus
User Account Control (UAC):* UAC is a technology and security infrastructure introduced by MS in Windows Vista. UAC is also in Windows 7, 8 and 10 Aims to improve the security of Windows, by limiting application software to standard user privileges until an administrator authorizes and increase or elevation (in privileges). In this way applications trusted by the user may receive admin privileges, and malware should be kept from compromising the operating system. * Source: Wikipedia
UAC continued:* User Account Control asks for credentials in a Secure Desktop mode, where the entire screen is temporarily dimmed, Windows Aero disabled, and only the authorization window at full brightness, to present only the elevation user interface (UI). Normal applications cannot interact with the Secure Desktop. This helps prevent spoofing, such as overlaying different text or graphics on top of the elevation request, or tweaking the mouse pointer to click the confirmation button when that's not what the user intended. If an administrative activity comes from a minimized application, the secure desktop request will also be minimized so as to prevent the focus from being lost. It is possible to disable Secure Desktop, though this is inadvisable from a security perspective. UAC Demo *Source: Wikipedia
Grey-/Graylisting Greylisting:* Greylisting is a method of defending e-mail users against spam. A mail transfer agent using greylisting will temporarily reject any email from a sender it does not recognize. If the mail is legitimate the originating server will try again after a delay, and if sufficient time has elapsed the email will be accepted. Thunderbird has ways to filter scam or block a sender Graylisting:** A graylist is a list of of entities that have not yet been established as benign or malicious and more info is needed to move graylist items to blacklists or whitelists. *Source: Wikipedia ** Guide to Application Whitelisting, NIST Special Pub. 800-167
Whitelisting (in Computing): Permitting only specific known good software to run on a PC that has been identified by the Whitelist. Thought by some to be more effective than blacklisting in stopping unknown malware threats where signature code is not known. Experts recommend use of both whitelisting and blacklisting: e.g. use of a Whitelist and Antivirus. Using both methods is better than just one. Note: Expert hackers can get around both
Whitelisting Methods: Apps from Apple store, since Apple verifies the integrity of the Apps software. Same for Microsoft Store Apps Microsoft AppLocker: Available in Win 7, 8, 10 Win 7: Professional, Enterprise, Ultimate Win 8: Enterprise Win 10: Enterprise and Education How to Find Applocker in Windows 7 or 10: secpol.msc Special Software
Whitelisting continued. Windows 7, 8, 10, Versions Pro and above allow whitelisting using the Security Policy Editor Using Windows Security Policy Editor: Bleepingcomputer.com/Tutorial Whitelisting in Windows Home needs special software: CryptoPrevent (free and premium versions) CryptoPrevent Demo Note: Before running CryptoPrevent make sure your system is clean!!!
Some points on CryptoPrevent It is a Security Supplement It works along side Anti Virus Prgrams It is not a replacement for Anti-Virus, and Firewalls Backups CryptoPrevent Manual Best Practices for Avoiding Malicious Software
Some Useful Programs I Use IOBit Uninstaller Aomei Partion Assistant CPUID Monitor DrvBk.exe Self Driving Vehicle Law