How To Secure Windows, The Open Source Way

Many of us FOSS lovers get stuck behind a Windows box, some of us love the idea of FOSS but can’t seem to move off Windows. We get stuck using proprietary anti-spyware tools, anti-viruses, browsers, and firewalls. The open source community provides us with tools to get away from that finally. But don’t be mistaken, these tools are not perfect. They are not competition for Ad-Aware, Spybot, AVG, Avast, Kaspersky, etc.. yet. But if used properly along side of safe browsing habits you shouldn’t have much to worry about. I’ve gone for as much as 6 months using these tools and these tools alone, then went back and installed AVG and ran a scan and came up clean. Spybot did pick up a few pieces of spyware though but only tracking cookies.

WinClam Anti-Virus

Based on Clam for Linux, this anti-virus will run on Windows 98-2003. The good side about clam is that it updates very regularly. More so than any anti-virus I’ve come across. The bad side? No real time scanner (but that can be fixed, see WinPooch below, and no heuristic-based detection.). Another con, scheduled scans of large directories can take a very long time. It does have right click scan integration with Windows Explorer though as well as integration into MS Outlook to detect viruses as they come in to your e-mail.

WinPooch

Winpooch is more focused on spyware and trojans. It is a Windows watchdog, free and open source. Anti spyware and anti trojan, it gives a full protection against local or external attacks by scanning the activity of programs in real time. This application monitors your registry and main system folders for changes, and lets you approve or deny these changes.

If you go into winpooch settings, it has an option to hook an anti-virus, currently Clam is the only anti-virus I’ve known for it to hook. Once Clam is hooked into Winpooch, it turns clam into a real time scanner. So say you’re installing a program that drops some files in System32, Winpooch will ask to you allow or deny this, and Clam will now scan those files for potential threats. It’s a rather seamless process.

Winpooch uses the API Hooking method. It spies programs when they are running and gives to the user a powerful control of their activity.For example, you can forbide a program to write in a system directory or in the registry, or else to connect to internet. That makes the difference between others anti spywares using a database of known signatures.

Firefox

Now we all know that staying away from IE6 is a good thing, no matter if you’re on IE7, Opera, Firefox or something else for that matter, but Firefox’s extensions afford us an opportunity the others do not.

ClamGlue:

is an extension that scans every downloaded file automatically with ClamWin and giving you the option to keep or delete the file. Unfortunately they have not updated this to work with Firefox 2.0, so it’s still a 1.5.x thing folks.

NoScript

is an extension that allows JavaScript, Java and other executable content only for trusted domains of your choice, e.g. your home-banking web site.

This whitelist based preemptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality.

CookieSafe:

This extension will allow you to easily control cookie permissions. It will appear on your statusbar. Just click on the icon to allow, block, or temporarily allow the site to set cookies. You can also view or clear the cookies and exceptions by right clicking on the statusbar icon. For safer browsing you may choose to deny cookies globally and then enable them on a per site basis.

SafeCache

This extension segments the cache on the basis of the originating document, defending against web privacy attacks that remote sites can use to determine your browser history at other sites. For example, a b.com image appearing on an a.com page would have a separate cache entry from the same image appearing on a b.com page, so a.com cannot use timing techniques to determine if you have visited b.com before. Checks cookie settings (allow, originating site only, deny) to determine your desired privacy level (segmented cache, cache originating site only, or never cache).

SafeHistory

This extension restricts the marking of visited links on the basis of the originating document, defending against web privacy attacks that remote sites can use to determine your browser history at other sites. A link on a.com pointing at b.com will only be marked visited if you previously visited the b.com page with a referrer in the domain of a.com. On-site links work normally. Checks cookie settings (allow, originating site only, deny) to determine your desired privacy level (segmented by origin, don’t mark links visited in offsite frames, or never mark links visited).

TdiFw Firewall

Now I personally just use the Firewall that’s provided in SP2. I see no need for dual applications on my system, but many would like an open source alternative, and that’s where TdiFw steps in (horrid name). It is a s a simple TDI-Based Open Source Personal Firewall for Windows NT4/2000/XP/2003.

and I think that covers all of our bases. Remember, no matter what tools you have installed the number 1 way to secure yourself is knowing what and what not to click on. Point blank. You can have the best tools out there, but nothing is going to replace safe browsing and downloading habits.

Also, if you’d like to have an encrypted virtual disk to keep your data from prying eyes (on a USB stick or on your hard-drive), be sure to check out my tutorial on installing TrueCrypt on Windows

https://element14.wordpress.com/2006/10/15/how-to-setup-truecrypt-for-windows/