They say a man's house is his castle and nothing is more truer than that. No one likes it when you go into his or her PC without permission and with Windows, security is something you need to be careful of since crackers love to break that Operating System. It gets worst now that Microsoft will only release the Windows XP Service Pack 3 in the latter half of 2007.
Here's 2 detailed checklists to determine if your Windows system is been broken into.
1. Windows Intruder Detection Checklist being published jointly by the CERT Coordination Center and AusCERT (Australian Computer Emergency Response Team)
This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses.
The term "Windows system" is used throughout this document to refer to systems running Windows 2000, Windows XP, and Windows Server 2003. Where there is a distinction between the various operating system versions (e.g., a capability available to only one OS version) the document will note this as such.
2. Tools for Windows intrusion analysis
The paper describes many of the tools one can use during a rough-and-ready forensics session. You probably know about many of them (FileMon, DumpSec, MBSA, etc.), but you will probably also learn of some that you hadn't been aware of. I was reminded again of sigverif.exe, a little-known tool which is built into Windows 2000, XP and 2003; it has helped me quickly locate virus/trojans in the past.
Comment Preview