PROOF YOURSELVES, vs. Adobe Acrobat Reader .pdf bad javascript attack

For users of Adobe Reader:

Since it has been attacked so much recently (via its ability to place javascripting into its .pdf document format, & javascript that bears "ill will" no less)? Well, update to the latest/greatest version...

HOWEVER, if you don't trust that, as I do not, FULLY?

(Simply because browser makers have been trying that left & right since "time immemorial" online, & more of those types of attacks pop up of differing nature that evades new patches vs. it, keep popping up regardless of the patches!)

Plus, like I had stated earlier in this guide?

I suggested turning off using javascript for EVERY SITE online, in your webbrowser (& only keep it for ones that demand it (or, become useless w/out it, like many shopping &/or banking sites - this lessens the possibility of being poisoned by bad adbanner OR site code & also lessens the attack surface area + limits the possibles to the sites you left javascript on for, ONLY))??

Try this:

TURN OFF JAVASCRIPT USAGE IN ADOBE ACROBAT READER to be safe vs. attacks in it that are javascript-based in nature!

EDIT menu

PREFERENCES submenu

Javascript section (in left-hand side column of options), & uncheck "Enable Acrobat Javascript" in the right-hand side option for that.

APK

P.S.=> That assures you are "proofed" vs. Adobe Acrobat malware/bad javascript containing contaminated .pdf documents via bogus javascript in them... apk

Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

More security tools/info. (04/28/2008), for APPLICATION LEVEL SECURITY:

(I.E.-> For checking for apps you have that may be security vulnerable OR have been patched vs. said vulnerabilities, etc.):

----

SECUNIA PSI (checks for outdated OR apps that are known to be insecure):





NEW VERSION (released very recently too).

A good program, by a trusted & WELL-KNOWN security-oriented website online (I tried version 1 earlier on last year, it needed work. This one is solid though, so far @ least, imo!)

(It works, & sometimes catches things FILEHIPPO UPDATE CHECKER below, won't - good "2nd Doctor's opinion" etc.)

----

FileHippo's Update Checker (checks for outdated OR apps that are known to be insecure, supplement's PSI above):



FileHippo.com Update Checker - FileHippo.com

Decent program as well, & good to use as a supplement to the SECUNIA PSI Tool as well (from a well-known file downloads site also in filehippo).

(It works, & sometimes catches things SECUNIA PSI above, won't - good "2nd Doctor's opinion" etc.)

----

Windows Vulnerability Scanner:



Protector Plus - Windows Vulnerability Scanner - Proland Software

Nice program for checking Microsoft Operating Systems &/or Ms-Office versions vs. missing security patches, & it works, very well!

----

APK Registry Cleaning Engine 2002++ SR-7:



techPowerUp! :: Download APK Registry Cleaning Engine 2002++ SR-7

:)

* Yes, "shameless plug" on MY part on the last one, but, it does have "security benefits"...

(& more than potentially useful forensics ones, because it shows you what files a user calls upon via its lists (it does check recently used filelists, but, will also list those files the user attempted to delete (this assumes he may have been attempting to hide them)))... it is 100% proven SAFE on all 32-bit versions of Windows (see its description & feedback by users on the download page) 9x-VISTA as well)).

APK

Great referemce site for HOSTS file users (for security part, not speed)

A great site that Mr. Dancho Danchev "turned me onto", for making additions to your CUSTOM HOSTS FILE (mentioned earlier on in this guide in STEP # 5) via his security blog... how/why?

SRI Malware Threat Center

:)

* Well - it keeps an updated listing of sites & servers that are KNOWN TO BE MALICIOUS!

APK

Conclusion

Conclusion

To all interested/reading:

I think this is it guys, I know of NO MORE to secure a Windows System... & again - IF any of you have ponits to add, please do so, but, I only ask that you keep it @ a technical computer security level (per my 1st initial post here's "P.S." section @ its termination).

:)

----------

MODS/ADMINS: Thanks for making this a "STICKY/PINNED THREAD", it's very cool to see & let's me know this IS working well for folks online (my "New Year's Resolution" for 2008 was "DO A GOOD DEED" & I think this qualifies, lol)

Anyhow... this is the 15th forum it has "made-the-grade" on since Dec. 2007 (in 5 months) to the tune of over 100,000 views across 20 forums online, & usually it made an "ESSENTIAL GUIDE", or "STICKY/PINNED THREAD" (as it did here), &/or it was rated "5/5 STARS"... & that's all a guy could hope for! Again - Gracias!

----------

* To all readers - ENJOY A FASTER & SAFER Windows based system of modern variety (2000/XP/Server 2003 & even VISTA) online today (especially TODAY!)...

APK

P.S.=> In other words, please - no "grammar & spelling" English "writing style" critiques, as they do NOT help to secure a system further... I did try to keep it as SHORT as possible, & to have folks use the CIS Tool to help make it easier + more fun.

HOWEVER, @ times, the material is complex & I could not "shorten/condense it" anymore w/ out losing critical details & such! Please bear with that much...

I hope readers gain by this thread by getting those 90++ scores on CIS Tool, surfing safely & F A S T E R online as a bonus once you apply the points I layered ontop of CIS Tool's guidance points (based on "industry best practices" & such)... thanks! apk

Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

Testing Signature

Re: HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA, fully, per CIS Tool scoring

For those of you interested in using custom HOSTS files (for BOTH added security & added speed online)?

"APK Hosts File Grinder 4.0++"

Today ! - Page 33 - The New Tech



:)

----

The application above has been built by myself, for folks just like YOU, & of course, myself!

----

It allows you the end-user, the ability to:

• 1.) DO very EASY Integrating the HOSTS files of others, such as MVPS.ORG & others noted @ wikipedia, here -> Hosts file - Wikipedia, the free encyclopedia (even if in other internal line-by-line formats) "scrubbed into" the MOST EFFICIENT format there is (allowing less memory &/or disk space occupancy for loading, of 0<singlespace>URL<cr+lf> ), first, & then...

• 2.) Speed up access to your fav sites, via 1st pinging them (so their IP Address IS up-to-date/current), & adding them to the normalized non-repeat line items list on the right above

• 3.) Add/remove sites from a hosts file, but by first checking for their pre-existence inside the HOSTS file on ADDS, & rejecting if there already (& adding if NOT present)

• 4.) Lastly, it will FULLY NORMALIZE (accurately 110%) a HOSTS file (normalize = removal of duplicates)...leaving you with one in the MOST efficient format line-wise there is (noted above, which consumes less memory & faster loadtime from disk)

----

It has allowed me to:

A.) Take valid HOSTS file data EVERY known & respected HOSTS file there is (noted from the wikipedia link above, & also from SRI, Shadowserver, Dancho Dancheve's Blog, SpyBot S&D, Spamhaus, Phishtank, + others also, such as my own research into this area), & integrate them FIRST into a HUGE 20mb file, & then via normalization, reducing its size to 12mb on disk (removing repeats which they will have between one another & sometimes inside of themselves even), reduce its size that way (1/2 the intial size almost from all that date), first...

B.) It has also made a 12mb SUPER-COMPREHENSIVE custom HOSTS file out of an intially 20++ mb sized one, from the sources above... allowing the SAME function as they offer (because their HOSTS FILES' many times using 127.0.0.1, or, 0.0.0.0 formats, instead into a MORE EFFICIENT ONE, of 0<singlespace>URL<cr+lf>)... thus, MASSIVELY reducing its size on disk & in RAM once loaded into your local DNS cache, yet offering the SAME function!

C.) Create a CUSTOM HOSTS FILE loaded with FULLY alphabetized entries into your HOSTS file (so it is easy to search thru, even via notepad.exe).

-----

* It can do the same for you as well, should you be interested in such a tool... if you are? Email me, here:

[email protected]

APK

P.S.=> General statistics on its, while in operation:

700k-5900k memory occupancy prior to load of HOSTS file data...

( & up to 167mb IF a "huge" hosts file (like 1 million++ line entries) is used)\

Its runtimes (noted above) will vary, depending on the size of the HOSTS file being processed (should NOT exceed 3 hrs (&, for most folks, since they do NOT have files of such size in their HOSTS file? Heh, it will be the "blink of an eye" on most all sections (scrub, add/remove entries - validate entries, normalization-removal of repeated items, & save to disk) up to 2 minutes or so)

PLUS - It was built in the MOST efficient & fastest code combination I know of (Borland Delphi 7.x, Win32 API, & Inline Assembler code)

(Especially for this type of string processing (of which Delphi alone in math & strings often MORE THAN DOUBLED (sometimes, tripled) the speed of both MSVB & MSVC++ in, in (of all places) Visual Basic Programmer's Journal Sept./Oct. 1997 issue "INSIDE THE VB COMPILER" issue))

+

A truly "SUPER-EFFICIENT" algorithm, on each area of processing (especially normalization, taken down from DAYS time over 1 million++ records, to only 3 hours time max, if no repeats exist... if repeats? Far, FAR faster!)

Which speaks worlds alone right there... this app makes FAR shorter work of this, than does using ping.exe (for speedup of sites), MsAccess (via SQL Select Distinct queries work, & the potential import/export hassles it can have (leaving trailing spaces &/or quotes for example, bloating files on export)), & notepad.exe (good luck normalizing one using its Edit-Replace menus is all I can say... especially IF you have a BIG hosts file)... apk

YET ANOTHER REASON TO LIMIT THE USAGE OF JAVA/JAVASCRIPT, etc.

Researcher to demonstrate attack code for Intel chips:

Researcher to demonstrate attack code for Intel chips | InfoWorld | News | 2008-07-14 | By Sumner Lemon, IDG News Service

SALIENT/PERTINENT EXCERPT:
----------------------------------------------------
"Kaspersky says CPU bugs are a growing threat, with malware being written that targets these vulnerabilities... Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel's microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running."
----------------------------------------------------

* Now can anyone see WHY I recommended turning off Java/Javascript (& other browser addons/extension languages) for "every site you use under the sun" + IFrames etc.? Personally, this one's pretty bad, worse than what is out there/here now, worse than rootkits even in some ways...

However, I also think worse are on the way even moreso...

(... & I mentioned the architecture they could possibly use, quite "terminator-like", for rootkit delivery systems & such here earlier. Especially ones that can flash your BIOS, &/or other updateable PROMS (mainly because if usermode tools from vendors like ASUS + GIGABYTE & doubtless others can do it, from inside Windows, so can malwares & same way (via drivers & bios img files))

APK

P.S.=> There are more examples inside this guide, & of this SAME type of idea (crank off the java/javascript etc. et al & ONLY keep it active on sites you ABSOLUTELY need it for, to have the site function properly - lessening your potentially attackable surface online basically).. heck, even adbanners have exploits of this nature in them lately...

The examples I put in this guide ARE far older too, dating back 1-3 yrs. but the point is only here, again, & moreso (far more dangerous this time, imo @ least)... apk

Have @ it: Imo, it's FINALIZED - Your &quot;IRON MAN ARMOR ONLINE&quot;... apk

Well, @ this point?

I think this guide's PRETTY SOLID, because nobody has been able to "add points" to it, from across 27 other forums online (many are "serious geek" oriented sites too)!

(... & the fact that some folks from "THE PLANET" (a large website & hosting provider online) offered to hire me on as a remote security specialist @ this point (pretty cool) for Win2k3 servers they use, as well as what appears to be their personally managed or owned sites also (KTInteractive)).

In any event?

@ People Reading:

This IS your "Iron Man Armor Online"!



So, have @ it ('snap it on') - & enjoy a F A S T E R, & FAR MORE S E C U R E online setup on your Windows NT-based OS' of today (Windows 2000/XP/Server 2003 & yes, even VISTA to a good extent) via applying CIS Tools' suggestions & my own that "layer ontop of it"...

:)

* I am FAIRLY certain it's done - As I can't think of any more points & methods to secure your Windows NT-based rigs, & thus, I close this post off... she's all done as far as I am concerned... this same message will go across ALL others like it that I am still able to edit/add to online, @ some point today in fact.

APK

P.S.=> Sorry for the 'closing note' but, if anyone's interested, this is the "final model" of this guide & its points... enjoy! apk

Re: HOW TO SECURE Windows 2000/XP/Server 2003 &amp; VISTA, fully, per CIS Tool scoring

APK,

It has been forever since I spoke to you in a forum. I cannot remember what screen name I used back then and I am not sure of the fourm, it could have been the old 3dfiles.

In any event, I am glad to see you are still taking time out to help people.

Arty

Re: HOW TO SECURE Windows 2000/XP/Server 2003 &amp; VISTA, fully, per CIS Tool scoring

Ah, thanks Arty...

:)

(I wish you could recall your old screenname though, because, odds are? I'd actually remember you most likely! Alzheimer's hasn't "set in" here, just quite yet!)

* In any event, again, very cool, & thank you... oh, enjoy the guide, it really truly works!

APK

P.S.=> "Onwards, & upwards!"... apk

Ms missed a patch on 12/09/2008 - let's fix it, ourselves, easily! apk

Microsoft missed patching a KNOWN issue on this literally BIGGEST Ms-Patch Tuesday to date on 12/09/2008 (most bugfixes issued ever by Microsoft, & to close off year), & then?

Read here below to get the details, + past that, to patch yourself easily with an easy fix I figured out:

----

Oops! Missed One Fix — Windows Attacks Under Way:

Oops! Missed One Fix &mdash; Windows Attacks Under Way

----

&

----

Microsoft warns of new Windows bug, says attacks under way
(WordPad Text Converter flaw wasn't patched in big Tuesday update):

Microsoft warns of new Windows bug, says attacks under way

----

What is below, courtesy of "yours truly", fixes it!

(Simply by altering the file association for the Explorer/IE shell from WordPad.exe to winword.exe (it's immune to this, & Ms-Word handles old Windows 3.x & NT 3.5x Ms-Write .wri files, just fine...))

.REG FILE TO USE IF YOU USE WinWord 2003/Ms-Office 2003 (easily altered for 2000/XP/2008 versions):

----

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\.wri]
@="Word.Document.8"
"Content Type"="application/msword"

[HKEY_CLASSES_ROOT\.wri\PersistentHandler]
@="{98DE59A0-D175-11CD-A7BD-00006B827D94}"

[HKEY_CLASSES_ROOT\.wri\Word.Document.8]

[HKEY_CLASSES_ROOT\.wri\Word.Document.8\ShellNew]
"FileName"="winword8.doc"

----

• 1.) Paste what is between the dashed lines only above, into notepad.exe

• 2.) Save it as TYPE "All Files", & on disk as APKMsWordPadBugFix.reg

• 3.) , & then open it using regedit.exe. It will ask if you want to merge this registry file. Do so.

(That's a fix before Ms issues a fix, because it changes the .wri file extensions' file association from opening in WordPad.exe if you click on any bogus files sent your way, hopefully not, but just in case, & the shell will spawn the process as Microsoft Word, which is immune to this in most modern versions of it, if not all versions)

A simple to do, easy fix for anyone, even before MS issues a fix...

POTENTIALLY/POSSIBLY IMPORTANT:

IF you have versions of Ms-Office (Ms-WORD specifically), other than 2003?

You MIGHT have to change "Word.Document.8", wherever it appears above, to whatever version number yours is, along with the GUID used to do the OLEServer library marshalling/summoning of Word to open .wri files with, instead of Wordpad.exe & that's found in the .doc file association under -> HKEY_CLASSES_ROOT , easily enough)...

APK

P.S.=> "We can do this... We HAVE the technology!", lol, too bad MS didn't, talk about easy, I don't see HOW they could have missed this IF it was a KNOWN issue that came up before "Patch Tuesday" 2 days ago, I thought of it in literally 2 seconds, & took maybe 2 minutes to make the file & test it, it works... apk

Re: HOW TO SECURE Windows 2000/XP/Server 2003 &amp; VISTA, fully, per CIS Tool scoring

Here is a PRIME example of where most folks that try this test can take the result to, scoring-wise, on the CIS Tool Security Benchmark test:



99.058/100

:)

* Not TOO shabby, eh?

(I.E.-> A NEAR 100% perfect score for a client of mine whose system I secured this week taking it from a 45/100 default score, to this one, DOUBLING its security rating per this test, & THEN some... & , in fact, it probably is a perfect score (I say that, because 4/5 things it scored me down on, I actually DID have right for this client of mine, but yet the test scores me down on them (it makes SOME errors here & there is all)))

APK

P.S.=> Placing this result here for posterities' sake and as an example of how secured a Windows system can be, per this benchmark of security test's gauge thereof... apk

Re: HOW TO SECURE Windows 2000/XP/Server 2003 &amp; VISTA, fully, per CIS Tool scoring

To anyone using VISTA, Windows Server 2008, or the new "Windows 7" (which rocks, especially in 64-bit form)? Don't use the point I noted as this in its first sentence:

6.) USE Tons of security & speed oriented registry hacks

Not unless you ABSOLUTELY KNOW what you're doing.

(See, the older registry .reg file 'hacks' won't work that worked FINE on Windows 2000/XP/Server 2003, albeit (not all of them @ least) with VISTA, Server 2008, or the new Windows 7. So, "Steer Clear" of those on the newer MS' OS!)

Thanks!

APK

P.S.=> On that "note"? I like Windows 7, very much (again, especially in its 64-bit build), & it amazes me how F A S T it is, even with its large number of services resident + running, by default - &, when you "trim them down" even more? You get THAT MUCH FASTER! The services are now also secured better, by using "lesser privelege" user SID entities "built-in" types vs. LOCAL SYSTEM, such as NETWORK SERVICE or LOCAL SERVICE which I go into HOW TO DO IT on Windows 2000/XP/Server 2003 here (Server 2003 has much of it, as does XP, after MS did service packs + hotfixes, & Windows 2000 lacks a few "built in" entities, but you can "mock up" a lesser priveleged one easily enough to do that there also - this has put Windows on level with the likes of the BSD based MacOS X in that respect, which is GOOD!

Now, IF only MS would fix up HOSTS files being unable to use the FAR MORE EFFICIENT & FASTER "0 ip address" (pings resolve it back to 0.0.0.0 though on Windows 2000 (after service packs though, MS put it in there around SP#1-4 somewhere, so it was seen as a GOOD THING by them, because the original OEM version did not allow that, & only allowed as good as using 0.0.0.0 in a HOSTS file (which IS better than 127.0.0.1 by 2 bytes per line) but, using 0 beats them both, by large margins (making for a faster load up into RAM (be that the local DNS cache (disable that on larger HOSTS files), or, the local diskcache kernel mode subsystem)?

Windows 7 would be THAT MUCH BETTER, for both security and speed!

Well, in this case, ONLY for those that have the good sense to use a HOSTS file for added speed & security!

(FOR SPEED? BLOCK ADBANNERS (they too have been found to have malware in them for years now), & "hardcode" in your fav sites IP Address-to-DomainName/HOSTName? Well, doing that, you avoid calling out to potentially downed or compromised DNS servers (see Dan Kaminsky online for the latter, the Domain Name System has problems, even the "allegedly invulnerable" DJBDNS was found to have holes in it for security this year in fact))!

Thus, saving you between 30-x ms queries to those remote DNS servers (which CAN be logged no less as well), & instead using the speed of MEMORY/RAM (many, Many, MANY orders of magnitude faster) once the HOST file is loaded (which still occurs faster, because it would be using diskspeeds of today, which are 3-10 or more orders of magnitude faster than calling out to remote DNS servers). HOSTS use no CPU cycles, vs. DNS programs + they are EASILY EDITED vs. even other filters like IPTables in Linux (easier in notepad imo & ANYONE can do it, we all have text editors is why on ANY OS), & cost you NOTHING (many good sources for good ones too, like -> Hosts file - Wikipedia, the free encyclopedia for starters, or SpyBot "Search & Destroy" for updates to it that block out KNOWN bad malscripted sites, or bad servers used to control "botnets" too! I could go on & on on MORE of the benefits of HOSTS, but that'll do, for now (I hope MS fixes this removal of 0, as a blocking "ip" in HOSTS in Windows 7 @ least, because it is more efficient & faster).

What worries me some though even more on SECURITY though?

This, on Windows VISTA, Server 2008, & Windows 7's Firewall:

rootkit.com

PERTINENT EXCERPT/QUOTE:

"BTW, the firewalls based on NDIS v6, which was introduced in Windows Vista, are much easier to unhook and bypass."

That was a DIRECT QUOTE from said URL I just posted from rootkit.com ... & it 'worries me' some. I have confronted MS tech people & mgt. on this, to no avail... I don't know WHY they won't answer either - I am only asking WHY the thing with HOSTS was done, no answers, & pointed out to them what ROOTKIT.COM said above, many times (on MSDN, @ INTEL, @ /. with a user there named "Fordecker" who is a senior MS development mgr. for Windows no less, & also on the "Engineering Windows 7" blog by S. Sinofsky, a "Big Man" @ MS on Windows no less)... apk

Concerned about Conficker (which has 7 million PC's infected)? No problem!

Worried about being 1 of the 7++ million PC's infected/infested by the "CONFICKER" worm, per this article today @ /. (SLASHDOT)?

----

After 1 Year, Conficker Infects 7M Computers:

Slashdot | After 1 Year, Conficker Infects 7M Computers

----

Ok then, so you are apparently concerned, if you have read this far already!

Well, then here is a way to test yourself to see if you are infected/infested. Click on the URL below, & just literally see for yourself, here:

----



----

(And, good luck, hope you're not infested/infected (I wasn't thank goodness!)).

APK

P.S.=> ... & it truly is, as EASY as it gets (it's called the "conficker eye chart", & IF you can see all 6 pictures, then you are NOT infected, but if you cannot? It means it is quite possible you have been infected by this machination known as "conficker")... apk

IF you show up as &quot;Conficker infected&quot;? The cures are here

NOW, if you cannot reach that site (which has happened to folks today per this exchange I had on another forums -> HOW TO SECURE Windows 2000/XP/Server 2003 & VISTA - AT Forums )

It only means that the testing site has been "/.'d" (too many requests by users to that server, it happens, almost like a DOS/DDOS really, every website server has limits, which yes, can be RAISED by most site admins in fact, in the board engine's config files (usually)).

Still, if you show up "infested" Guys, there are cures, such as this list:

"Conficker" and "removal tool" - Google Search

:)

* Hope you're not, & hope if you are, you can remove it via said lists of removal tools is all!

APK

P.S.=> Onwards & upwards... apk