[Self Help Updated] How To Protect And/Or Sanitize Your Device Before/After Security Breach/Hack

kalistiana

New Member
The post pinned here [https://forum.adguard.com/index.php?threads/how-to-remove-adware-and-malware-self-help.17578/] seems quite a bit outdated. Really outdated to be honest. Malwarebyes have been degraded its malware signature quality and 0day exploit protection is just isn't up to the standards other vendors are settings today, that is: 2020 25 April. Honestly, Many links and methods mentioned are much outdated or better solutions are available.

I am a little-bit familiar with Device security and sanitation post successful exploit and I'm familiar with security suites and tracking malware development since I love to perform malware analysis as one of my hobbies. I decided to make a brand new article hopefully it may help someone out today or in coming future.

I am IN NO WAY affiliated with any of the vendors I might suggest below. There are COVID19 crises going on and I'm bored, Might as well write an article that could potentially help someone going ahead :)

That being said, I would try to keep the list with software and services which are Free of cost [No trial No special catch No BS]

So if you are compromised or not, Below habits and implementing my suggestions would benefit you in a long run :)


The Post Comprises Of

  • Secure Complete Antimalwares [Not Just Antivirus]. Most of them if not all are free of cost, Has GDPR implemented and Security Audited. For Windows, MacOS, Linux, Android & iOS
  • Enhance Your Network Security With Firewalls, VPNs and Network-Filters. GDPR COMPLIANT
  • Good security practices in year 2020
  • Recover from Hacks, Data breaches & Credentials Thefts.
  • Bottom Line

Your Desktop Device Security Suites.

1. Start off with a solid security suite. There are independent researchers like av-test.org that test Antimalware solutions every other month, For consumers as well as for Enterprises. for all the OS, mobile as well as desktops. And YOU DO NOT NEED several different tools to remove annoying Toolsbars and Adwares. Today's Antimalwares, At least the good ones [listed below] detect these as PUP [Potentially Unwanted Program]

As of 2020, Signature based detection isn't really a big of a deal, Heuristics & Behavior based flagging however is, especially since we live in the ransomware age. A good heuristics detection 0day exploit protection module is what counts as the standard of a good antimalware.

There are the best Solutions which are Free, Secure, Audited and I have personally tested all of What I'm going to mention below and I can assure you these are pretty darn good:


The Top Tier Antimalwares :

1.
Sophos Home [Free Tier] - https://home.sophos.com/en-us/download-antivirus-pc.aspx

If you haven't heard about it, You're probably living under rocks. The Cybersecurity Giant Sophos recently was sold for $4bn USD. They have developed a variety of free product for Windows, Linux, MacOS and Android. They also have a paid tier but the features in paid tier can be replaced with other free individual services. Its antimalware products have a solid reputation for having Top Notch Antimalware & Heuristics Engine. It protects your device, scans websites you visit for virus and malwares, keeps your safe from all sorts of computer threats.

2. Kaspersky Secure Cloud [Free Tier] - https://www.kaspersky.com/free-cloud-antivirus

When it comes to sandboxing and handaling unknown threats, Nothing beats kaspersky. The long time rival Bitdefender has gave up on competing with Kaspersky, Thats a fact. Kaspersky Huristics engine and Cloud detection has improved immensely in last few years. I ahev tested it against my personal malware samples, Nothing beats kaspersky in handeling latest threats. There might be a tough fight between Kaspersky and Sophos, Sophos just takes a little edge when it comes to privacy. Kaspersky Has a solid browsing protection module that prevents you from credentials stealing attempts. State of the art product.

3. Bitdefender Antivirus [Free Tier] - https://www.bitdefender.com/solutions/free.html

Another Good antimalware security suite. Used to be great but It has slid down a little bit as compared to what it was few years ago, but It still one of the best, and up to be debatable that its the best, but I found the other way in my results. Ships with State of art malware signature database and unique approach to identify unknown 0day exploit based threats added with Browsing security to protect you from those pesky sites that want to harm you and your machine.

4. Avira Free Security - https://www.avira.com/en/free-security

Comes with a pinch of system lag and tinyminy bugs, but It has improved a lot, The free tier Avira Security Provides A Reliable Protection Against Known Threats. Ships with a anti-phishing module to protect you with attempts to steal your credentials. Not as good as the one with Kaspersky or sophos, but it has its own flavor to it.

I would have added AVAST but the company has been under a lot of shady behavior lately like [Source Link] spying on its users [Source Link] and having its consumer product update servers compromised. Just think about it, A cybersecurity company [Source Link]being compromised[Source Link], again. and again. and again. Not a good PR. Would have listed AVG too but AVG is owned and ran by AVAST & share the same core malware detection and process engine. AVAST also owns CCleaner - [Source Link] which was hijacked to hack into almost 3 million users devices. [Source Link] Think about it for a minute.

**********************************************************************************************************************************************************************************************
>>>>Network Security<<<<


  • USE A GOOD FIREWALL. Firewall is a layer that stands between your and the rest of the world of internet to protect you. Not having a firewall/good firewall/reconfigured firewall could cause A LOT of trouble. Even a anti-malware could not completely protect from things that could it cause, Windows default firewall has improved in recent years but there are much better, secure & free alternatives available for use

Here are some Free, REALLY GOOD, Security Audited and Reputed Firewalls.

The Top Tier Software Network Firewalls :

1. Comodo Free Firewall - https://www.comodo.com/home/internet-security/firewall.php

Arguable the best third party, security audited firewall with unmatched Network HIPS protection module. Blocks known Malwares and Virus, Completely configurable to take the complete control of your networked windows device. USE IT. Secure your Networked computer.

2.
Zone Alarm Free Firewall - https://www.zonealarm.com/software/free-firewall/

Another Gladiator of free firewalls. Security Audited, Highly reputed. Low resource usage. Highly configurable. Solid Network Protection. Nothing to say more about it. USE IT.

*******************************************************************************************************************************************************************************************

  • VPN - Virtual Private Network Encrypts your network and protects you from "bad guys" who tries to steal your data like Your banking data, passwords, snoop on your activities, target you with stuff you probably do not want to see, and much much more. Although one can argue financial networks already use a solid encryption, but hey! Another tiny layer of network encryption wont harm now, would it? :D
When it comes to VPNs, It really depends on your usage and your needs. Almost all the Good VPNs are paid. They free ones are laced with adwares and spywares. There are only two that offer a Free tier Secure VPN service that are satisfactory and not shady. Here they are :


1. ProtonVPN [Free Tier] - https://protonvpn.com/free-vpn
Based in switzerland [A solid privacy law protecting country (which is a good thing)] has to offer unlimited bandwidth, does not log your actives, Provides servers from three different countries. You are however restricted to using not more that 1 device per free tier account, rightfully so.. It's a good service. Try it. Adds a nice layer of security and privacy.
OS supported: Windows, Linux, MacOS, AndroidOS, iOS and many more.


2.
WindscribeVPN [Free Tier] - https://windscribe.com/
Based in Canada, The services is solid, fast, uses up-to-date secure technology and allows more free access to servers in more than 5 countries. It however has a Monthly quota limit for VPN usage. 10GB/month for free tier
but you can easily add more free quote by tweeting them nice stuff. They really do add more free high speed quota to your account. LOL.
OS supported: Windows, Linux, MacOS, AndroidOS, iOS, Routers, KODI, AmazonFireTV and many more.

If you could spend a few bucks a month [as low as $6/month] you could get high speed & maximum network security Best in class VPN services like



>>>Make Sure To Read The Privacy Policies & Terms & Conditions Of All The Mentioned Products Here.<<<

**********************************************************************************************************************************************************************************************
Content Filters - Services That Filter out unwanted or undesired content. Well, you know where I'm headed.


I Bow to Adguard Team for keeping up their gods work. A free Tier service that filters out Adult content as well as Advertising and tracking domains all that with [supposedly-] No logging DNS Service. It's no where near as good as paid antimalware services in blocking phishing and malicious domains, but the fact that they are majorly backed by us, the users who submit majority of the domains over at github, I love the fact that we working together to make a product better, where the developers actually listen to you and the suggestions.

I really wish to get me a paid lifetime subscription once A Secure Audited payment transaction framework is implemented, something like Paypal API. An active Community that works for better privacy and protection from cruel data hogging billionaire giants in 2020. Looking forward to engaging more with Adguard community and influencing more people to interact and help grow this forward <3

Moving ahead.

**********************************************************************************************************************************
>>>>Good Security Practices To Prevent / Minimize the Exploit Vector.<<<<


1. "abc123" isn't an answer to your passwords anymore. Its 2020 & People are still using weak, repeated passwords which were aialable in breached database in 2008. USE GOOD UNIQUE HIGH ENTROPY PASSWORDS people. Its not complicated. USE SECURE AND AUDITED FREE PASSWORD MANAGERS to store your complicated passwords securely.


A Good Password Is
  • 18+ Digit
  • Has Special Characters, Small & Capital, Numbers.
  • Password Does Not Have Words From Dictionary [Cat, C4t, P@$$w0rd, M0nK3y - All these words in dictionary aka week passwords]
  • Password Does Not Have Clues Related To You. [Your Birthdate, Graduation Date, Anniversary, Favorite Pet..Food..Cars..Songs.Etc]
  • Password Has Not Been/Will Not Be Used Anywhere Else.

Use SECURE, AUDITED Password Managers. Not just any password managers. They will store all your passwords, security, at ease.
**********************************************************************************************************************************
2.
Enable 2FA/MFA [Two Factor Authentication / Multi-factor Authentication]


Almost all the services that mean something, offer 2FA protection to your account. Facebook, Google, Amazon, Twitter, Paypal, You name it, they have 2FA. You need to go to your profiles account > security settings, look for Two Factor authentication and Enable it.

These 2FA services could be Either :
  • SMS sent to you on your phone which has a 6 to 8 digit security PIN that is vaild for utmost 15 minutes.
  • TOTP [Time-Based One Time Password] - Most secure form of 2FA arguably, Generated Offline Codes using QR code data or Code generated With respect to time with the help on "string" or "snippet" of digits provided to you when enabling 2FA TOTP option.
  • Hardware 2FA. I guess I don't really need to explain this since people who use hardware based 2FA key wont need to read this helping guide.
If an option is available, Opt-in for TOTP over SMS based 2FA since SMS can be intercepted and hijacked. TOTP is Generated Offline, hence theoretical making it less vulnerable to remote attack. Just Make sure the device you enter TOTP and the device TOTP is generated have date and time synchronized or you'll have a badddd time sorting it out. The hassle is worth the security you get.

*********************************************************************************************************************************

3.
Have Basic Sense.


Tiny things like changing your password every 90 days, Keeping your data encrypted and backed up in secure place, not to write-down passwords or hints on a piece of paper or anywhere for that matter, Change your ATM pins, Online Banking Password every another week, you have the password manager, don't hesitate to use the longest allowed password digit in financial services. Things like keeping your machines physically secure..not sharing your personal data with strangers or even people you've just met.. Talking to strangers might get you in trouble. Remember what mom and dad said when we were young? well..you know the drill.

If a Mail claims you have won an iPhone, all you have to do is click the link and enter your Credit details, Your name, Birth of date and your address....its probably true! someone is kind enough to lend you a $1000 utility for free :D
Or maybe
.
You are just ONE OF MILLIONS of targets who receive automated phishing and spam emails every minute to steal your money.

And Don't worry if your IRS man tells you they would raid your home and sieze all the items because you owe them $200. They probably wont. Nevermind the attached documents that claims to be something confidential or embarrassing. You really want to download the unknown bootytrap file on your personal device? Well, you really shouldn't. If you have a worrying email from your bank via call or email, dont answer them.


Do a little bit of research, Find the official customer support line and call them personally. The person who called you might very well be an impersonator who has a lot of real verified data because he/she found it from a databreach and decided to make you suffer more. Those intimidating and scary mails are scammers that send the same stuff to hundreds of thousands of people every day and way for them to fall for it.

Updates are annoying, I know. But try to cope with it. Trust me, One day, you'll get over it. Download and install those updates right away

************************************************************************************


I HAVE BEEN HACKED! well, Worry not,


Actually, Worry A LOT. Because you live in an digital era. Any tiny piece of data or even metadata can be used to absolutely destroy your life. Learn from your mistakes, Take actions. Here is what you should do


  • First of all, Always assume your device & data has been compromised even if the antimalware shows its a clean machine. Its called FUD Malware in our lingo. AKA Fully Undetected Malware. If you were compromised, Wipe your device/factory reset/reinstall system from scratch. Hey1 There are malware that remain persistence even once you've been compromised and wiped the device completely. Welcome to 2020 where no precaution is sufficient precautious. This included resetting your wireless routers too.
  • Go to a remote location on a completely different network, Maybe a cyber cafe? Try to log in the services like your email attached to your bank and social media and services like Paypal. Try to access it, Keep an eye on your banking transactions. Call your bank to freeze your account for a few days. Explain them the situation. Better yet, reach them out personally ASAP They'll work with you :).

  • After a fresh install from scratch, update your system to the latest. Download Any of the above mentioned Free Antimalware Mentioned above, Configure it for your use.

  • Use Brave Browser or Firefox to log into your account that you suspect could be compromised. Log into attached email and see if you still have access to it. Log out of all the signed-in locations, Change the passwords. Revoke all allowed 2FA bypass saved browsers.

  • Try to find the original source of how you got breached. Learn to avoid it going ahead. Keep your device bloatfree. Uninstall/Disable services you absolutely DO NOT NEED!
  • Keep Up With The Trends. Check out whats going out in the crazy wild world. Might give you a heads up on what to expect this day and age.
**********************************************************************************************************************************************************************************************

That's pretty much it. I am not so sure why I took 3 hours to write this essay on a random forum I joined few days ago. Guess I'm wayy to free these day.

Any Suggestion, Debates, Improvements Are Welcomed Warmly <3

I Really hope this helps someone. If Any of the Moderator happen to make it through this Literal massive blog post on Basic User Security until here, Consider Removing the previous one and Pinning this latest and very well updated one. Might help someone out one day :)
 
Last edited:

oldsarge

New Member
Nicely done. Is there a reason MalwareBytes did not make your cut? Attached link (applies only to windows) illustrates what MB catches:
 
Last edited:

kalistiana

New Member
Nicely done. Is there a reason MalwareBytes did not make your cut? Attached link (applies only to windows) illustrates what MB catches:
In my personal experience, MB has slowed down a lot. Around 2015, the antimalware industry was mostly focusing on signature based detection. However since the malware industry evolved, for instance, developing different approaches to encrypt files in ransomware attacks to avoid the file flagging, antimalware industry started investing tons of money and resources [That is, do develop a reliable front line Heuristics behavior based protection], something MB absolutely failed to do so.

In situations, lets say when I downloaded the file that is essentially a ransomware in disguise, The optimal approach today should be me launching file -> AV monitoring execution behavior with regards to user's files and folders -> observe something potentially malicious -> Kill the parent process & quarantine the infected file before it harms the entire system. This is done by developing a solid AI or machine learning integrated into antimalware. Kaspersky, BitDefender, Emsisoft and Sophos have achieved a solid 0day protection which relies on localhost and observes the system to prevent any breach or preventing system tempering, rather than sending the signature to the cloud to check against the list of available flagged file hashes from the cloud. In case of ransomware that uses new crypter that has been FUD, it would have been too late to rectify the loss done.

Even if MB was able to detect the file as infected, its often too late [system files have been encrypted]. No point of deleting the infected file now since the files on system has already been encrypted.

i hope I got my point clear :)
 

EnthusiastX

New Member
Good read! Thanks! I would advice not to use SMS for 2-Factor Authentication because bad actors these days can easily eavesdrop on your messages.

I would also strongly suggest to change your router, mobile devices numbers, and mobile devices. Basically, bad actors can and will use any identifiable information against you.

I worked for a control freak and made a mistake of using my personal phone with work Wi-Fi, connected my phone to my work PC, logged in to all my social accounts from work PC. I even used work PC to unlock my mobile phone's bootloader, root it, make backups of all apps (saved on work PC with all passwords), ZERO protection. I had nothing to hide and never had an issue with that before because I didn't realize that even if you don't do anything illegal online, what you do online can be used to identify you, to "time and place", to find/track you, etc. None of it was an issue until I came across sensitive information not meant for my ears and eyes and thought it was be a good idea to tell my employer and HR about it and about how unprofessional it was not to have any security in-place to safeguard that information and whether it was even legal for me to know that information... That resulted in my employers hiring a team of investigators and security techs from Allied Universal who went through everyone's work PC, including mine, and got all my phone data that was on my work PC. They used "Forgot your password" login attempt schemes to have 2FA SMS sent to my phone to identify my location with stingrays/IMSI catchers and then performed MITM attacks. I had to change just about everything, learn about privacy and security, teach my household members about it, etc.

Mobile phone telephony/voice and SMS/MMS are the main problem. You can use E2E encryption apps and/or VPN to heavily reduce chances of bad actors eavesdropping on your communication, but nothing (except for very expensive cryptophones) can protect you from stingrays and IMSI catchers that are widely used to track people when/if they use cellular towers for telephony/voice and/or SMS/MMS.
 
Last edited:
Top