Anyone want to try a test CompletelyBonkers (new user here) turned me onto?

[anticlutch]

Geez this made my day... 1.88/10
lol!

 

[PVTCaboose1337]

Your computer is protected well... from you... not viruses.

 

[anticlutch]

I uninstalled my antivirus because it screwed with my logoff thing... with McAfee Enterprise installed my computer would not display the "Saving preferences" and those kinds of messages when I would shut the computer off (it would just show a Windows logo without any text and just hang there). I'm okay though... as long as I don't visit shady websites and don't open up weird emails, I should be reasonably safe

Edit: After updating Windows my score went up to 3.13... nice

 

[PVTCaboose1337]

I uninstalled my antivirus because it screwed with my logoff thing... with McAfee Enterprise installed my computer would not display the "Saving preferences" and those kinds of messages when I would shut the computer off (it would just show a Windows logo without any text and just hang there). I'm okay though... as long as I don't visit shady websites and don't open up weird emails, I should be reasonably safe

Edit: After updating Windows my score went up to 3.13... nice

Congrats, and goodnight.

 

[Completely Bonkers]

APK

5.00 = good job man!

When I've got more time... I'll try and beat that score!

P.S. Old member... new name ;-)

Bonkers

 

[Completely Bonkers]

I actually think the scoring should be different, ie. get "some" points for EACH item you lock down... not grouped in the way that calculate the score today... where if you CHOOSE not to implement just one thing... for real reasons... you loose a bunch of points even though you did lock down everything else.

But anyway... its food for discussion.

 

[Alec§taar]

Yep .

Excellent... Service Packs ARE worth applying by all means.



* You did yourself "right" popping that in there... quite the 'boost' in your score (like nearly 3 points worth).

APK

 

[Alec§taar]

I actually think the scoring should be different, ie. get "some" points for EACH item you lock down... not grouped in the way that calculate the score today... where if you CHOOSE not to implement just one thing... for real reasons... you loose a bunch of points even though you did lock down everything else.

But anyway... its food for discussion.

I agree, & it's part of what I am going to write BELARC's folks about, as well as being VERY WRONG (imo) on various points, I mention a few last page near the bottom that it 'hit me' on, such as services that I don't even HAVE RUNNING (non-security oriented ones mind you & I disable them + even altered their logon entity to LESS than SYSTEM as well, ontop of disabling them (services I do run though, that will function correctly, also get this type of security hardening as well)).

APK

 

[Alec§taar]

Geez this made my day... 1.88/10
lol!

See what I meant last page man? Microsoft I am pretty sure, can do a better job of this, especially out of the box/straight from them.

I realize they ship with MANY services active, so that systems can be put into say, a corporate network right away & work (stuff like Workstation &/or Server services)... but, you do NOT need them running period/all the time much less, if you don't use them & are NOT on a LAN/WAN!

They also leave services set as SYSTEM logon entity, & many will work just FINE set as a lesser ability logon entity & be more secure this way... BELARC doesn't pick up on this, anymore than it does say, a hardware firewall/NAT router!

APK

 

[Alec§taar]

APK

5.00 = good job man!

Thanks! Up from an initial score of 4.17, to 5.0, thanks to your pointing this program out to me, & my using it...

Still, I have reservations about some of its scoring as do you, & also some of its analysis, which I am CERTAIN are in error in conditions I note above... but, overall?

It's a GOOD solid analysis & does work overall for helping to shore up PC security.

When I've got more time... I'll try and beat that score!

You go for it... it's "doable", & any one of you CAN reach my current score, because the tools to use are outlined in this thread, & also the "SECURING SERVICES" sticky thread, per your asking me how to implement some things to get them right for better security!

... me? I am 'going for more', myself.

Still, I am a LONG ways off of the 10/10 you figured I'd nab!

The program misses things though as well as making what I am SURE are mistakes... it doesn't pick up on hardware firewalls (not sure how it could), or even things like CUSTOM HOSTS FILES: Which add not only to your SPEED, but also better security per this thread:

http://forums.techpowerup.com/showthread.php?t=25937

P.S. Old member... new name ;-)

Bonkers

Really? PM me, tell me who you "REALLY ARE" (lol)...



APK

 

[pt]

 

[Alec§taar]

PT is in 2nd place, right behind myself:

& the evidence is shown above in a screenshot no less, from both of us!



* PT has the BEST initial score I have ever seen!

PLUS, & he didn't really "go after it" as I have been in registry hacks, NTFS & Registry rights alterations, & more, as I have trying to beat my score & find things in BELARC that need adjustment, which I will write them on for purposes of discussion...

(BELARC ADVISOR, overall, is a good program, I am going to TRY to help make it better via this type of contribution)...

* BY THE WAY? GREAT job PT!

APK

 

[Steevo]

1.25 on this PC here at work.


It doesn't take into account a good firewall and other security measures.

 

[Alec§taar]

1.25 on this PC here at work.

Spooky, isn't it?

I comment on some assumptions & what I feel are OUTRIGHT errors in its analysis thru the thread, & also that MS ships these machines or rather the OS itself, in TOO 'generic' & weak security-wise configuration imo @ least!

Take a look, if you would like to take a peek & have the time to do so.

Up to you - you have a great deal of saavy in this area, & are a network admin iirc? It may interest you greatly...

It doesn't take into account a good firewall and other security measures.

Nope, & again, SOME of what it states, makes NO sense to me (see what I wrote about it knocking me on scores on services I have set disabled, period, & even though disabled, I secured them down to LOCAL SERVICE as well... still I get demerited!)

I think my score's ACTUALLY around a 6-7, but I will write BELARC once we are 'done' testing this here, on some points I noted.

OVERALL, it's a decent program, & one I'd like to contribute to, in terms of feedback & thus, making it better.

APK

 

[Steevo]

I don't know that I really feel threatened.


Some of the things here have to be in place for certain software to work, and others make my life and job easier. I renamed myself above Administrator and took control of most everything on our server. It considers that a security threat. I consider a new person with a laptop being given rights that haven't been locked down a threat.


To each their own however.

 

[Alec§taar]

I don't know that I really feel threatened.

Again, I hear you, & understand... some of what it 'knocked me for' I KNOW in my case is WAY wrong!

(E.G. -> The services I keep turned off is FAR MORE SECURE than leaving them running, potentially, if they turn up with holes, & they have before).

I'll address that much w/ BELARC, because I do feel it is a decent program, but needs work/improvement.

It can be a real favor to users in this capacity, but it has to account for some exceptions.

Some of the things here have to be in place for certain software to work, and others make my life and job easier.

That I can understand completely.

I renamed myself above Administrator and took control of most everything on our server. It considers that a security threat. I consider a new person with a laptop being given rights that haven't been locked down a threat.

Agreed on BOTH accounts.

To each their own however.

Right, but I am actually going to collect a few issues I saw, & comment on them to BELARC's development team & hopefully, it all comes outta the wash & straightens them out on those counts which I mention above (only 1 of them, there are around 4-5 I question, STRONGLY).

APK

 

[Guttboy]

Alec,

Initial run on laptop is 3.13....I am not sure I agree with being penalized for things not running at all....not sure why that is.

 

[Alec§taar]

Alec,

Initial run on laptop is 3.13....

Not bad - you're probably "up-to-date" on your Windows hotfixes & AntiVirus Definitions then would be my guess, judging on others' results that have scored around where you are (PVTCaboose being one iirc)...

YOU CAN GO HIGHER IF YOU TRY THOUGH! It's pretty much outlined how in this thread & also in the "Securing Windows' Services" sticky thread.

I am not sure I agree with being penalized for things not running at all....not sure why that is.

I am going to find out when I write the people from BELARC ADVISOR... it appears that if you have even 1 thing that doesn't agree w/ their program in certain sections, you get 'taken down' for the whole section - trouble is, determining which one that is in some of the sections (the single element that is 'off' according to their progrram).

Makes no sense sometimes... e.g./again: I have a set of services I don't even RUN, being marked here as 'wrong', well... how can they be insecure if I don't run them @ all & have them set as DISABLED? Ontop of that - I even secure them more here, by lessening their logon entity to LESS THAN THE SYSTEM ENTITY (usually LOCAL SERVICE, if I disabled them).

I also secured services here that can take it & run full function from SYSTEM, to NETWORK SERVICE or LOCAL SERVICE, which does secure them further.

I'll find out soon enough as to WHY some of their scoring is the way it is.

APK

 

[Alec§taar]

"Hector... HeCtOr... HECTOR!!!", lol...

^
|

"up, Up, UP!!!"

"Is there NO ONE else?" - Achilles' challenge to the Thessalonian Army after defeating their champion Agreus... lol!



* Have @ it guys... & good luck!

APK

 

[Completely Bonkers]

APK... good job at getting this topic discussed. Thanks for keeping it live. I WILL ADD when I've got more time available.

However, I've just found another interesting tool, Sunbelt Software / Subbelt Network Security Inspector. It's not free like Belarc... its $2000!!!!... but I think there is a demo. The output is nicely structured with explanations of the problems and what to do about it. Take a quick look.

 

[Alec§taar]

APK... good job at getting this topic discussed. Thanks for keeping it live. I WILL ADD when I've got more time available.

Oh, no problem, & you're welcome for 'turning me onto it' (this program)... it's decent, but does make some errors imo @ least, & I note a few above.

I intend to write them about it, & hopefully improve their program, OR misconceptions I MIGHT HAVE (either is possible).

It's so we can ALL learn about PC security, moreso, & this program helps in that capacity. In today's world of virus/spyware/malware/rootkits/nuisanceware, etc. et al?

It's analysis & your personal 'shoring up security' work using it as a baseline analysis can save you from a system rebuild @ the OS + software level (a PAIN).

However, I've just found another interesting tool, Sunbelt Software / Subbelt Network Security Inspector. It's not free like Belarc... its $2000!!!!... but I think there is a demo. The output is nicely structured with explanations of the problems and what to do about it. Take a quick look.

Whoooosh, that some HEAVY coins... However, I will keep it in mind as well.

By the way?

Microsoft has tools of that nature like SCW ('security configuration wizard') on Windows Server 2003 ONLY (& then, you have to install it, it does not by itself @ OS install),

&

Also their Microsoft Baseline Security Analyzer (BOTH FREE) as well... & the latter is for 2000/XP/Server 2003 (not just 2003 like the former)!

(Some you might want to check out too!)

"Tit-for-tat & ALL THAT"



* The ONLY part about MS' security analysis tools that is SOMEWHAT of a pain, is that they demand you run certain services (in the case of Server 2003 & SCW, the workstation service, which ordinarily I do NOT use - this is much like Windows Defender demanding Automatic Updates & more are running as services that are active for its update)... I am fairly certain IIRC? That Microsoft Baseline Security Analyzer will demand similar services running for IT to work as well.

APK

 

[Alec§taar]

I think I MAY have an answer, to get a higher score on this beast & it's simple:

And, per my subject-line/title above? Anyone want to test out a theory I have??

If you have a limited user logon, & have already taken this test...? That answers it for me: My idea would be wrong.

I logon as an ADMINISTRATIVE GROUP USER, & one w/ considerably more 'power'/abilities than normal admins, up near SYSTEM level priveleges on many things!

(AND, imo? This alone, probably hurts my score on this, badly)

HOWEVER, like Steevo said here earlier?

Doing so, just makes working on this thing, that much easier, as it would for he being a AD Administrator level user top-level, as well as having full rights to all systems under said network). I am as secure as I can make myself @ this point, I can't move any farther... & am going to discuss this w/ the folks @ BELARC once this final 'test' is done!

'THE TEST':

I'd bet that IF I (or, you others who didn't run this test as an Administrator group user member) were to logon as say, a limited use user?

That your, OR I'd 'bat off' close to the 10/10 CompletelyBonkers thought I'd snag... but, this IS only theory...

I don't have ANY limited use users here, & the ones I do have are basically 'cut off' & @ many places thru the system (tools noted to use to do this test & do better on it, & more in other tools)... I don't honestly know if I'd catch them ALL @ this point, all the places I shredded them out of my system as best I could.

* SO/BOTTOM-LINE - anyone who has run this test, as an administrator? Would you be willing to logon on some other LIMITED account, say GUEST, & then try it again, to see if it raises your score??

APK

P.S.=> I have a feeling it very well may... apk

 

[Alec§taar]

Well, I wrote BELARC.COM today: & this was the content... apk

Per my subject line above:

I have a number of questions regarding the "BELARC ADVISOR" browser security check up product, & some of its objections it has noted in my security setup.

(I.E.-> Some do not make sense to me, as to WHY I was 'downgraded' on some of them, & this is why I have written you folks).

I can send specifics, or any files you wish to use from my system which BELARC ADVISOR generated, upon request.

It is overall a good program imo, but because I question some of its findings? I think it may be better... conversely?

(NOW: IF am incorrect on my assumptions on the ones I feel are "off", then I just get THAT MUCH STRONGER for it, & my system will as well, security-wise.)

* Thanks!

Sincerely,

Alexander Peter Kowalski
apk4776239@hotmail.com
apk

P.S.=> My current score is 5.00/10 possible, & I would, of course, like to be a perfect 10/10... so, your advice is appreciated... thanks! apk

 

[Completely Bonkers]

Alec,

I think your email to them was a little general. You also said you had some questions... but you didn't pose them! LOL. I doubt they are mind readers... (although I can read your mind. LOL)

I'm going to do 2 things now:

1./ Find the CIS recommendations... since BELARC scores against the CIS rules

2./ I'll run in guest mode just to check results

****

P.S. I turned off Terminal Services some months ago on my laptop. And today I discovered why my infrared wasn't working... needs TS for the infrared service to work.

I do wish Windows would somehow make this information - and dependencies - more accessible to NON-PROFESSIONALS.

 

[Alec§taar]

I doubt they are mind readers... (although I can read your mind. LOL)

Careful: You can't always believe what you read... & bear in mind: You may not like what you find... lol!

Do read on!

Alec,

I think your email to them was a little general. You also said you had some questions... but you didn't pose them!

Note, that in the content of my letter, I wrote them I would/could submit any files they may require from it, which WOULD contain the information needed. I don't supply information until it is asked for in situations like these...

E.G.-> One will be, that it knocked me around on the services section!

(Which I can't understand, because I secure their logon entity & disabled ALL the ones they cut me down for, and set them disabled PLUS cutting their logon entity to LOCAL SERVICE (vs. SYSTEM or NETWORK SERVICE even, since local service is the weakest of the 3, in case somehow, an interloper/virus/malware/spyware turned them on, like in the event of a weakness/hole found in them - this? HAPPENS!))

There are others, plenty of them, in the post we initially discussed this in, but that would only be a TINY fraction of what I wish to discuss w/ they @ BELARC.

Many others as well. In fact, TOO many to put into that letter... I supply when asked for, & not before typically.

I also suspect that one's score COULD be raised by logging in as a LIMITED user (such as something like GUEST account, which I disable, but not sure... I note this above as an experiment to perform).

I'm going to do 2 things now:

1./ Find the CIS recommendations... since BELARC scores against the CIS rules

There is that, an ENTIRE LISTING of the sources used to develop the product by... pretty respected ones too. Still, per the SINGLE example above I posted & I have plenty of others it cut me down for? I question it, severely.

2./ I'll run in guest mode just to check results

****

Right... I wonder if it covers that part (it does not account for firewalls or NAT routers (true firewalling ones like mine even, not just NAT IP address assignments, which is NOT as strong)))

Not that their sources are "Bad", they're not... I typically do NOT operate on "proofs" other provide, not @ first... I operate on MY understanding of this stuff, & then later, do what I am doing now - inquiring...

However, how BELARC's applying them, per their analysis, may be incorrect in some cases... again, or I am!

... & I am out to help improve that, in either event, in case the folks @ belarc are in error... or, conversely, I am.

Either way? Everybody wins...

ALSO - Some things, BELARC ADVISOR doubtless can't account for... too new of attack vectors, or less obvious ones (such as what custom adbanner HOSTS files can secure you against, or turning off javascript/java & ActiveX/ActiveScripting in your webbrowsers on the public internet as well, using them ONLY if a site loses functionality doing so, & it is one that you need to access for whatever reasons).

P.S. I turned off Terminal Services some months ago on my laptop. And today I discovered why my infrared wasn't working... needs TS for the infrared service to work.

Odd it would require that... but, if it does, it does. Turn it back on... other things need it as well, like RDP (remote desktop) stuff iirc...

Only turn off services for security, if you ABSOLUTELY do not need them... sometimes, you turn this up later on (I did for PerfectDisk in fact... it needs DCOM Process Launcher started for example).

I do wish Windows would somehow make this information - and dependencies - more accessible to NON-PROFESSIONALS.

If infrared tools need it? It SHOULD be listed in each services DEPENDENCIES tab... there is that you know!

(I take it wasn't for this infrared service?)

APK