Windows 7 / 8 Security

I am having constant issues with having my home network hacked. I have some neighbors that are having a one sided fight against me, not exactly sure why, but one is a network administrator and since this began they seem to be able to make my windows
horribly unstable, I get white icons, windows update hangs, shutdown hangs, very slow file search and even to just populate the left side folder options may take ten minutes at time.
Also, when launching small apps (ie. core ftp) there may be a five minute delay from double click to launch.
I can rebuild all the software and update drivers and not plug the machine into the network and it will run perfect for as long as it is unplugged.
He hacked my local network, which I was able to catch on my router log the strange machine name and mac address, then hacked my main business server taking it down, the off site backup and then erased the MFT and the mirror MFT on the local hard drive.
I have tried every fixit and step by step repair for all the issues I am having but to no avail. Also sfx /scannow says all files are OK.
My questions are.....
With no virus, rootkits or other malware on the network and nothing showing up on the router / firewall logs, what could be doing this?
Is there any kind of super admin access that can be shut down? I am not sure if one exists, I have heard it rumored and never thought it true but another web developer and I have started to wonder. If I leave the network in public mode, it seems
to have something happening that slows the system but what I described above happens after the network is put into home mode so I can access my home network.
Also if anyone knows how far can I track this MAC address past just the Apple Manufacturer?
Is it possible to spoof the Connection Type on the logs of routers? This really concerns me as it seems they were in or under my home to do this.

The de-facto move is to re-image, as you can never trust an infected machine after compromise. However, first we must identify what is compromised and the vector the attack took. So are you noticing this activity on only one machine or all machines? A
MAC address can be spoofed and really means nothing in this situation.
The first step is to kill network access. If you can kill internet access temporarily I would do so. You can do this on individual host machines or for the entire network. What router are you using? Is the firmware up to date? Is WiFi enabled? Have
you changed the wifi password yet? What type of encryption are you using on wifi? Do you have WPS enabled? What traffic do you allow in and out?
Next we must identify vulnerabilities on your host machine. A good start is to run MS Security Baseline tool, found here http://www.microsoft.com/en-us/download/details.aspx?id=7558 Common weaknesses are default password and accounts being enabled.
However, if the compromise has already taken place, the method of entry matters little at this point. Various persistence methods can be implemented on the compromised machines to ensure access is maintained after you apply mitigation to vulnerabilities. It
is fairly elementary to bypass most security software that uses a blacklist approach. Again, re-image is the best option if you can do it.
If you can't re-image run an assortment of scanners, and report what their findings are. Again, if they come back empty handed this is no guarantee of your security. Investigate running processes and services, using task manager or process explorer. Look at
a log files with event viewer, if they haven't been deleted yet. After you sort this out, through removal or reimage, I would suggest installing MS Enhanced Mitigation Toolkit. Its found here http://support.microsoft.com/kb/2458544, and make sure it is
enabled for all document, email, and network applications.
Also, I noticed you mentioned an FTP program. FTP is plaintext traffic, so credentials can be stolen easily once someone is on your network. Depending on the account running the ftp program it may be possible to compromise the machine that way, as well.
I doubt your attacker is that sophisticated, though. SCP is a better alternative, but this is really a secondary issue.
Another side point, if you know who is hacking you consider legal action. It is a felony to hack devices you do not own or have been given explicit permission to hack. How do you know who is hacking you?

Similar Messages

Windows phone security on wireless networks

I am a post-doc at large medical center, and requested access to our secure wireless network due to the nature of my work. I was told by our IT support desk analysts that Windows
Phone is not supported at our medical center (at all), because Windows phones are "too insecure to put on our network." Because of this, I either have to get rid of my brand new Windows Phone to get an android or I will never be allowed to have access
to the secure Wi-Fi as necessary for my job. Any thoughts or suggestions? This seems to be a serious limitation of Windows Phone.

Your support desk is outright lying to you. There is no issue with Windows Phone security on wireless networks, they just don't want to support your phone. It might be possible that Windows Phone doesn't support the particular kind of wireless encryption
that your org uses, but I'm pretty sure that was all solved with Windows Phone 8.
In fact, Windows Phone is more secure in some ways because unlike iOS and Android, you cannot override security certificate problems.

I have an iPhone4s. When I install apps, I have to give my Apple password first. That's okay. The last few apps I tried to download have opened another security window before they will install. The window says, "Security info Required. To help insure

I have an iPhone4s. When I install apps, I have to give my Apple password first. That’s okay. The last few apps I tried to download have opened another security window before they will install. The window says, “Security info Required. To help insure the security of your Apple ID we require additional information” When I select okay, the Apple ID Password window opens and asks for my Apple password a second time.
It doesn't happen with every app and I’m concerned that these apps may be trying to collent my password. Is Apple really doing a double check on my password?

See http://news.cnet.com/8301-13579_3-57413072-37/apple-ratchets-up-app-store-securi ty/ and http://www.macrumors.com/2012/04/12/apple-enhancing-apple-id-safety-by-enforcing -security-question-requirements/.

Windows 7 Security Audit Failure message 6281 & Security Kernel

OS: Windows 7 Home Premium Ver 6.1 Build 7601 SP 1
Toshiba Satellite C655
I received a Windows 7 Security pop-up saying there was a Kernel mismatch and asked if I wanted to proceed. Not thinking - i hit yes. Looking through the Security Audit Log - I found an audit failure with 6281 System Integrity Error. I
am assuming they are related.
Any idea what have I done and what do I need to check/do to recover?
Thanks

Hi,
Please upload us the full error messages here, we need more information to narrow down the cause. Then check into
Event Viewer, see if any other errors logged.
Besides, check to see if there are any devices have new drivers need to update.
Mostly this error is caused by the "Realtek Audio HD driver", please check to see if we have any related devices.
Reference:
Windows 7 freeze after shutdown
Best regards
Michael Shao
TechNet Community Support

JAX-WS web service client and Windows integrated Security authentication

I am currently developing a JAX-WS web service client running on WebLogic 10.3.2.0. The client is connecting to exchange web service running on IIS.
Everything works well when EWS is configured with Http basic authentication.
The problems started when I changed the autentication method on EWS from Http basic authentication to Windows integrated Security authentication.
The client is then unable to authenticate to the web service. Every request made to EWS returns with the message : Invalid HTTP server response [401] - Unauthorized.
I tried using an authenticator like this one:
static class RetrieveWSDLAuthenticator extends Authenticator
private String username, password;
public RetrieveWSDLAuthenticator(String user, String pass)
username = user;
password = pass;
@Override
protected PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(username, password.toCharArray());
and setting it as the default authenticator :
Authenticator.setDefault(new MyAuthenticator("username", "password"));
but the method getPasswordAuthentication() was not even called.
Is there a way to make a JAX-WS client works with Windows integrated Security ?

WIS is not suppported on WLS JAX-WS. You'll need to use other authentication mechanisms such as http basic (which you tried already), or message-level security such as UNT, or SAML.
Regards,
Pyounguk

How to simplify the Window AD Security admin?

Does anyone use window AD security? We use window AD, so we created group like BOE report writer, BOE admin. I also created application group, like Application webi. Application desktop, etc., The BOE report writer is member of Application WEBI, since the window AD group canu2019t create the subgroup. However, I also have these Business function groups, for example, the Executive User that can access particular universes and reports. How to simplify to tie to these together, so BOE report writer user can assign to different business functional groups besides assigned user one by one?

Hi Sharon,
So in enterprise you will have 2 group types it sounds like from your description.
AD groups that are mapped into the CMC from Active Directory
and Enterprise Groups created in BO CMC.
You can make AD groups members of Enterprise groups but not the other way around.
You can assign permissions to AD groups directly or make the AD group a member of enterprise groups as you stated so they can inherit permissions.
If you are going to assign permissions to AD groups please make sure you are on XIR2 SP2 FP 2.4 as the way the CMS queries AD and updates the graph was fixed in that version to allow the AD plugin to function if something happens on the AD side.
You can assign any group any permission (folders, users, applications, universes, etc)
Is there something more specific you are looking to do?
Also to note: Permissions have been greatly enhanced in XI 3.0 You may be interested in trying this out as well where you can create custom access levels that have access to any combination of access rights in the CMC.
Regards,
Tim

When I downloaded Firefox for windows, the security scan wouldnt allow it. I operate on windows 7 and was downloading mozzila firefox8

When I downloaded Firefox for windows, the security scan wouldnt allow it. I operate on windows 7 and was downloading mozzila firefox8

Hi annarepublic78,
As per the above mentioned error, your Win CS6 download was not complete, either it was in process or was interrupted. This is the only reason you see the MasterCollection_CS6_LS16.7z.crdownload. Here .crdownload means the download is in process.
Please try to download it again on the Desktop and please make sure that the download completes successfully(without the .crdownload extension).
Regards,
Romit SInha

GPO for Automatically trust sites for Windows OS security zones

Hi Team,
Need your urgent help
Could you confirm which GPO we can use for Automatically trust sites for Windows OS security zones
I have checked Adobe Reader GPO templates but its not exists?
Pls assist

Hi,
We need to import these settings before we modify them.
To import security zones and privacy settings from our computer using IEM:
Click
Import the current security zones and privacy settings
To import content ratings from our computer:
Click
Import the current Content Ratings settings
Regarding how to configure Security Zones and Content Ratings, the following article can be referred to for more information.
Configure Security Zones and Content Ratings
http://technet.microsoft.com/en-us/library/cc772410.aspx
Best regards,
Frank Shen

Fdm, create app with enabling "Windows Integrated Security"

currently, we need to enter UserID and Password each time we create a new fdm app on the web. we also cannot sign into the Workbench client.
how do we configure the system, so that we can create applications WITH enabling "Windows Integrated Security", so that we can use the same password to sign into the Workbench client.
thanks.
Edited by: user642786 on Feb 7, 2011 9:35 PM
Edited by: user642786 on Feb 8, 2011 11:54 AM

os admin takes care of this.

Windows 8 secure boot on P67A-GD55

Hello to everyone
I want to know if MSI has already released a fix that enables to run Windows 8 secure boot on P67A-GD55 Motherboard. I already have the 1.19 version installed which it says it is not compatible with secure boot mode.
There are two BIOS versions 4.1 and 4.2 that I want to know if they enable to use the secure boot mode of Windows 8 on this motherboard, because it already has UEFI but at the same time says it is not compatible.
Thanks,

You have been linked to the latest release which showed up during this topic. You won't break anything if you follow the directions precisely.
Quote from: xmad on 29-January-13, 13:26:10
Full release out today. I posted it at the link below. Follow directions precisely and you must use the forum flash tool.
https://forum-en.msi.com/index.php?topic=164135.msg1214789#msg1214789
If mainboard won't even start or you have stability issues don't consider flashing bios as you'd have a good chance of bricking the system. If the board crashes while flashing you can use it as a paper weight.
Just install one stick of ram and make sure it is stable before trying to flash.

What caused the Windows 2008R2 Security event discarded

Dear Support team,
I have a windows 2008 R2 server, The security events didn't recorded from last year.
1. The maximum log size set to 100 MB, But the log file is 300 MB. The retention was set to "archive the log when full,do not overwrite events".
2. Below last entry security log show the registry key that i modified at that time. After i modify the registry value all of the security event were discarded
A registry value was modified.
Subject:
Security ID: domain\userid
Account Name: userid
Account Domain: domain
Logon ID: 0x2c202074
Object:
Object Name: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security
Object Value Name: Retention
Handle ID: 0x100
Operation Type: Existing registry value modified
Process Information:
Process ID: 0x129c
Process Name: C:\Windows\regedit.exe
Change Information:
Old Value Type: REG_DWORD
Old Value: 0
New Value Type: REG_DWORD
New Value: 4294967295
3. As i know,The Windows Event Log supersedes the Event Logging API beginning with the Windows Vista operating system. Here is the KB link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385780(v=vs.85).aspx?ppud=4
And the registry key which i modified at the before ( \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\eventlog\Security\retention ) Seems only apply to Event logging for Windows 2003 and prior system.
Here is the KB link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa363648(v=vs.85).aspx
May i know what is the reason cause security event discarded ?
Does the retention setting at Registry still working at windows 2008?
Thanks very mush.
Randy

The new methods are via GPO described here.
http://technet.microsoft.com/en-us/library/cc722385(v=WS.10).aspx
http://blogs.technet.com/b/askds/archive/2008/08/12/event-logging-policy-settings-in-windows-server-2008-and-vista.aspx
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Windows AD Security Logs

Dear All,
We set our security log size to 190 MB but due to large number of events. Log can only cover 1 day events.
Is there a recommended size not compromising performance and can capture let say > 3 days of events.

Hi Jhunbanz,
You can increase the maximum log size or can change the overwrite setting by following below step :
Start --> Run --> EVENTVWR.MSC --> Right click Security log, go to Properties. Then, you can increase the Maximum log size. Though, you have
not mentioned about your windows server, so if you have windows server 2008 installed, you can choose “Achieve the log when full, do not overwrite events”.
If Windows Server 2003 is installed, you can choose “Overwrite events older that X days”.

My browser window and secure sites state I have an outdated version of Firefox though the 'about firefox' states its version 8....whats going on and how do I fix?

When I open the browser window (with Google as the homepage) this message is there..."URGENT!
Your version of Firefox is no longer protected against online attacks.
Get the upgrade - it’s fast and free! "...I have upgraded several times using the link but the warning continues.
When I am in sites like Paypal this warning is stated "Update your browser: It looks like you're using an older browser that may have security issues. Help protect your account. "
When I follow the HELP prompts to assess my current version in 'About Firefox' in the help menu it states that Firefox is up to date and 8.

Try what edmeister suggested here
* https://support.mozilla.com/en-US/questions/860579#answer-229218
let me know

Safari closed by Windows XP security

Data Execution Protection of Windows XP continues closing Safari even after to be included in the exceptions' list. Please, give me some idea to stop or close the security program, or how to fix the issue. It's not permanent, sometimes opens fine and others don't.

Okay ... so not the "misplaced old" QuickTime componentry thing then.
I think we'd better try scraping out and replacing your "proper" QuickTime componentry, just in case that's the source of the problem here. (Both Safari and Firefox use the same plugin files from the QuickTime program files, so if the QuickTime program files are damaged in the right/wrong way, that can cause trouble for both applications.) We'll also take a few other explicit precautions with the reinstall, just in case.
Best to print out these instructions, because at one stage of proceedings you won't be able to use a web browser.
Preliminaries
Download and save a copy of the QuickTimeInstaller.exe installer file from the Apple Website. (Don't run the install on line and don't start the install just yet. Get the installer that doesn't mention iTunes. If you discover you've accidentally downloaded an iTunesSetup.exe instead of a QuickTimeInstaller.exe, go back and download the other option.)
http://www.apple.com/quicktime/download/
Quit iTunes and/or Safari if you have them running.
Uninstall phase
Head into your Add or Remove Programs Control Panel. Uninstall QuickTime. (From here on out you won't be able to open iTunes until we get QuickTime reinstalled.)
Next we'll remove any leftover QuickTime program files or folders.
In My Computer open Local Disk C:\ or whichever drive you've got your program files installed on.
Open the "Program Files" folder.
Right-click on the "QuickTime" folder (if it still exists) and select "Delete".
Go back into Local Disk C:\ or whichever drive you've got your operating system installed on.
Open the "Windows" folder.
Open the "system32" folder.
Right-click on the QuickTime.qts and the QuickTimeVR.qtx files (if they still exist) and select "Delete".
Empty your recycle bin and restart the PC.
Reinstall phase
After the PC restarts, do not open any applications. Disconnect from your network and/or the internet. Now switch off all your security software (firewall, antivirus, antispyware).
Now start the QuickTime reinstall by doubleclicking the QuickTimeInstaller.exe file you downloaded earlier.
Re-enable all security software prior to reconnecting to the internet and/or your network.
Does the QuickTime reinstall seem to go through okay? If so, does Safari launch properly again?

How can I allow popup window within secured site?

How can I allow popup window wlthin NWA People.com(secured site)？
Ｉneed to see Access.

You can allow pop-ups in Safari via Settings > Safari > Block Pop-Ups set 'off'

Boot Camps & Windows 7 Security/Anti-virus Questions

Should I get anti-virus software for Windows 7? I don't plan on surfing the web on my Windows 7 partition. Basically all I plan on doing in Windows is gaming (so far I only have single player games but I could see myself getting an online multiplayer game like CoD MW 2). Are you still at risk in Windows just by having an internet connection, even if you never go onto Internet Explorer?
If so, then what Anti-virus programs would you recommend? (Preferably free programs if they exist)
Also, is it at all possible to get a virus on my Windows partition while surfing the web on my OS X partition? Can viruses modify the Windows partition of my harddrive while I'm on OS X?

Yes you need anti-virus. It's still Windows so just in case....
I can highly recommend the new Security Essentials from Microsoft. It's totally free, very light on system resources and getting rave reviews across the web. It has an excellent detection engine and very user friendly. I've dumped both AVG and AVAST (both also free) from my Windows systems and switched totally to Security Essentials. No regrets. Cheers!
http://www.microsoft.com/security_essentials/?mkt=en-us
James

Windows 7 / 8 Security

Similar Messages

Maybe you are looking for