First if you have a serious problem you would be best to repair utilizing another OS, either a bootable USB (E.g. Linux/Knoppix) or another machine entirely.
I recommend following some online hardening guides, however you may cause headaches if you shutdown too many services, I recommend you take many well-named restore points along the way and test the functionality of whatever programs you plan to use.
This is a useful guide: Hardening Windows 8.1
Note: ** Do Not ** download the recommended software in the guide: Software Restriction Policy 1.2 - Although it is hosted on Sourceforge multiple scanners have detected a Trojan (Artemesis). Generally you should be extremely careful about downloading any software from popular file-sharing sites including yet not limited to CNET, Sourceforge, etc. If you have an option to download from the author / developer / owner website directly - I recommend that you always choose that option. Furthermore if you see MD5 or SHA1 hash sums always check to make sure they match *before* you install the program. And scan everything! A good line of defense will have multiple tiers: E.g. Antivirus (E.g. McAfee) -> Spyware (E.g. Malwarebytes Anti-Malware, SpyHunter, Spybot Search & Destroy) then even another level can be herdProtect Anti-Malware. If you have to utilize CNET to obtain software you should use everything you have to check it out before using it and it is recommended to sandbox/jail it or run it from within a VM to see what it does before using it on your real system.
After getting all the antivirus, malware and adware removed you can cautiously begin to connect your system back to the internet.
Download and install EMET directly from Microsoft (latest version as of this post Apr, 04 2015 is EMET 5.2) - preferably from another machine while staying still offline: Microsoft - Enhanced Mitigation Experience Toolkit 5.2
Microsoft EMET is free and is key to making your Windows box secure, when turned up to the maximum protection level EMET thwarts a huge variety of threats and is defeatable only by the latest-and-greatest threats out there.
After EMET is installed and the settings are configured to ALWAYS ON, one of the first things to run are some of the free Microsoft built-in repair tools.
First up is to run System File Checker, run the following from an elevated command prompt - read more at Microsoft Support - Use SFC to repair missing or corrupted system files:
C:\> sfc /scannow
Next run the Deployment Imaging and Servicing Management (DISM) tool to repair any Windows Image corruption, the /online flag tells DISM to use Windows Update for the repair image source - you can read more about it at Microsoft Technet- Repair a Windows Image:
C:\> dism /online /cleanup-image /restorehealth
Further ways to be secure, as the guide I linked to above recommends there is a software called Sandboxie that is really remarkable and it is free for one sandbox. Yet it is so useful that it is one of the few programs that I use that I decided to buy for extended features.
Sandboxie allows for jailing applications, so you can install and run applications from the sandbox without the application being capable of tampering with your real system files. When you install a program you can see exactly what it does, what registry entries it would have made where it would put files. Also when it runs you can see all the files that its accessing. If you don't like something with a single click you can wipe out everything that it did without affecting your real system.
Sandboxie is also EMET aware and is actively being developed (as of Jan 27,2015).
I have sandboxed on my system Firefox, Cygwin to name a few useful ones - I recommend to keep Firefox sandboxed at all times and additionally to install the add-on No Script and put it on the maximum protection settings whitelisting and opening up whatever features you need along the way and also a decent anti-keylogger (as of Feb 2, 2015 - QFX Key Scrambler works well and is free).
Furthermore I recommend you image your system (E.g.using Clonezilla, Macrium Reflect) and consider utilizing Virtual Machines (E.g. VirtualBox, VMware are both free) for anything really risky before you try it on your real system.
Lastly if you really want to take it to the next level you can familiarize yourself with the way Military/DoD and Government Agencies secure their Windows computers, here: IASE
Windows 8 STIG - Version 1, Release 8 (Last Updated: Jan 23,2015)
Windows Operating Systems Overview (Last Updated: Jan 23,2015)
No comments:
Post a Comment