Your brother could compromise your security, but if you have UAC at the maximum level and he's on a non-admin account then you should be okay. It's not an ideal situation though.

The best way to scan your computer is with an offline anti-virus scan using a Linux LiveCD. I wrote up instructions for using the Avira Rescue System.

Sanboxing your browser is a good idea. I don't have any opinions on Sanboxie because I've never tried it out. There are free DIY sandboxing alternatives. I usually suggest that people create a VM for their browsing and only use their host browser when they want to download something.

Not going to comment on newsgroups vs torrents other than to say you shouldn't download copyrighted material illegally and that pirated software is dangerous regardless of the source.

Hey Funkywurms

First of all really awesome guide you put up. Really appreciated!

I have a few questions - if you don't mind.

1. How do you pick a good masterpassword you can remember? Do you have any tips? Would you recommed a password phrase?

2. I've heard it should be more secure to play poker on a virtual OS. Do you know anything about that? Or is it completly irrelevant if I follow all your security tips?

3. Do you have any experience with Password Safe? One of my teachers (who work with computer security) swears by it, but his opinion might be biased..

Thanks in advance

1. I can't really answer this because it's different for every person. A passphrase will work. Just remember to add special characters and numbers.

2. Playing poker in a virtual OS isn't necessarily any safer than playing on the host OS. There are two different ways you can approach running virtual machines for the safety conscious.

a) Run Linux as your host OS and play poker in a Windows VM.
b) Run Windows and play poker on your host OS and do all of your internet browsing in a VM (Windows, Linux, BSD, whatever)

3. Keepass Password Safe is merely an improved version of Password Safe. Both are free and open source. Use either one.

Thanks for your answers!

I got 2 more question..

1. Untill now I've been running without a Firewall & Firefox with NoScript. I have no signs that I've been infected by any form of malware.. But would you recommend me that I reformat my PC and follow all of your advice from a freshly installed PC?

2. Really enjoyed your Windows XP guide, but I run with Windows 7 on my main computer. Was just wondering if you have any advice for how to make a fast unattended version of Windows 7? (what integrations, components etc. I can disable to make it run faster)

1. If your computer shows no signs of infection then I don't recommend a reformat. Now for some clarification. Do you mean you have been running without a software firewall (Comodo, Zonealarm, etc)? or Do you mean that you have been running without a router (i.e. Plugging directly into your cable modem). I don't recommend any software firewalls, but I recommend using a router with NAT (aka hardware firewall). I also recommend installing NoScript immediately.


2. Win7 guide will come. I don't have a firm release date and it's been pushed back more than the release of Starcraft 2, but it will be released eventually. I promise. (Hopefully before the release of Wndows 8).

I meant I havn't been running with a software firewall (as in windows defender / comodo etc.).. My internet goes through a router, but I'm not sure it has NAT (but I will try to check it out)..

Sounds very good

What a great read that was! And I thought I had decent knowledge about Windows security... Thank you so much, funkyworms!

I have two questions, though:

1. I heard that poker platforms (at least PS and FTP) perform some sort of scanning through your system. Not that I'm doing anything wrong, but I'm a bit paranoid and don't feel comfortable about that. Would running PS and/or FTP through Sandboxie or Virtual Box prevent this ? I also used to run PS through Wine on my previous job. I was feeling much better about my system back then, despite the limited functionality (you know what I mean if you have ever used Wine).

2. KeePass is amazing! I can't believe I never thought about googling something like this. I am still tweaking the program and I wonder how safe it is to upload my database on a web server for easy access from everywhere ? Any tips on how to secure the link, if of course there is any need at all ?

I appreciate your time and effort.

1. If you put a poker client in a VM then the client will only be able to scan the VM. It will not touch the host OS. Using a VM is much easier than using Wine, imo.

2. Make sure to back-up your database somewhere. I prefer local and online backups. Dropbox makes it easy to sync your database across multiple computers. It also allows you to have access to your database using just a web browser. Strong Keepass Master PW + strong Dropbox PW = very secure.

If you're super paranoid about securing your database, you might consider adding a key-file to your authentication mechanism. I don't recommend this for everyone because it can be a burden, and if you ever lose the key-file you're hosed.

very nice thank you funkyworms!!

two questions..

open source programs don't actually provide any guarantee do they since unless you are a very skilled programmer to check out the source yourself, you just have to trust that others have thoroughly checked it out but also there is no guarantee that the compiled software is the same as the version in the open source is there?

also don't know how stupid of a question this is in 2010 but are there still ways to compromise a computer's BIOS or booting sequence with flash drives
of some sort?

please also check out my pm. i wanted to post here but the forum crashed right before i posted it i guess it's still a very big chance that it was just coincidence but anyway i guess i just chose not to post in here. hope it's okay with u. thanks
best of luck!

This is awesome, I just read the entire thread and think it's all really good. Keepass is insane.
I have one question and two comments


Can you elaborate on this? This is my exact sentiment. When I saw you accept ytimg in your video my first thought was "How does he know it's safe?" I installed noscript a long time ago and got rid of it because I was just clicking yes to everything unless it was on a sketchy site, and now I just don't go to those kinds of websites.


My two comments are

1.) I think not storing your stars PW is a good idea. Keepassing it means it won't stay in the clipboard for more than x seconds(12 by default) and if you have people over and forget it's a lot easier for someone to just see if you have a poker program, run it and gain access to your account. Obviously if you're using other means of security(pin etc) the chances are almost non-existent but I still don't see the harm. (unless this is what you meant by storing it lol)
2.) u r awesome and your avatar is amazing
in any case A+ would read again, my hulu password is 108 bits <3

EDIT: Oh yeah, I feel it it can not be emphasized how important it is to back up your keepass DB

If your HD fails or you can't boot because of some lame Windows **** or your cyberlife is ******! IMO store it on a seperate HDD as well as a thumb drive and I feel if you're going to get a safety deposit box and put your PW in it, you might as well throw a backup in there, too.

The way I'm planning to do it with KeePass is this:

- Store the database on a webserver for easy access from everywhere. For better security it would be stored in a subfolder of a subfolder of a subfolder (and so on), usually one letter names per folder, like domain.com/p/a/s/s/w/o/r/d/database.kdbx
It may be a different word or random characters. I could also add many other folders and files inside of each subfolder for confusion, in case someone gains access to my ftp server for example.

- Store a key file on a flash drive I always carry with me. My settings require both master password and the key file in order to access the database.

- keep a backup of both on my cell phone. Usually a new folder somewhere within the system files. Even if its stolen, who would look there ?

- keep a backup of both on another flash (just in case something happens to the other backups), hidden somewhere at home or with someone I trust with very poor computer knowledge - grandma for example.

I am not sure how the portable version of KeePass works. I might give it a try for accessing my passwords on other computers. Have to test it.

I really need to remember only the character sequence for the database address and one long strong password. Simple.


I have two more questions:
1. Sometimes I use my company VPN for accessing poker platforms. One thing I notice is that PS for example doesn't remember my password when running through the VPN. Why is this ? As far as I understand, this should not affect the .ini file where the password is saved. Apparently, I am wrong... And when I enter my PIN, is there any way for some mad genius administrator to see it ? How secured is a secure connection through a VPN (given the fact that the VPN is not mine and not for personal use) ?

2. After installing most of the suggested add-ons in this thread (could be related, not sure), Mozilla stopped automatically inputing the stored usernames and passwords into the fields for sites it used to. They are still there, but something is preventing the browser from using them. I would be thankful if someone gives me a hint on this, as I was not able to find any info on Google. Cleared my cookies, cache, everything, but no luck.

Sorry if this is too long.

I recommend storing your Keepass database on Dropbox or similar file-syncing tool. Dropbox enables you to store a copy of your db on multiple computer and online. It also keeps it sync'd between all computers and preserves old versions in case you make a mistake.

I wouldn't put my keepass db on a public webserver. Dropbox is much easier.

1. You'll have to ask Stars about their security measures. Re: VPN - Anywhere from very secure to not secure at all. I can't answer this question without knowing who has access to your keys and VPN server.

2. It's possible that you enabled a master password, or maybe there is something in NoScript that is blocking a login prompt.

Yep.

Also, I now ytimg.com is a youtube content delivery domain. That is why I allowed it. The site would be broken without it.

My basic rules of NoScript.... Just add domains one by one until the site works properly. Then remove the ones that you didn't need. I think I described this in more detail earlier in this thread.

The keepass database is basically impossible to access without the password right? So could you just make a basic gmail account with a simple password and store it on there, and also email a copy of the database to parents in case you forgot the password?

I multi-table and have TN and stackandtile. Just recently I have been receiving a number of attacks while doing nothing but playing. It's the same few IP's that are doing it and it slows my laptop down a lot when it happens, this sucks when I have a few hundred dollars sitting on the tables and I am staring at a frozen screen. Any advice on why this could be happening? This is a completely clean computer that never goes near any NSFW sites and only recently have I noticed these attacks happening. It's TIDSERV Request attacks that are happening, is this possible without me having downloaded something or did I download a virus somehow.

You should start a new thread and follow the malware sticky. Please include the program that is detecting these TIDSERV requests.

Is Microsoft Security Essentials a suitable antivirus, anti-spyware and anti-malware solution?

uhm could you please give us your opinion on this ? Thanks. Have a healthy happy 2011!!

How about NIS2009? It seems to do everything is needed in order to be protected.
It does anyway slowing down the CPU...

Is there any way for Mac users to get hacked via virus/trojans etc. from browsing the web? People always say Mac's don't get viruses, that's just Windows. Is that really true?

Setting the delay between entering the PS and it actually opening, is that only for the program or is it embedded in the actual database?

Meaning if I keep it at 2 seconds is it going to be 2 seconds if someone installs Keepass on a laptop and tries to break my my PW on their own computer?

I'm not sure what you're asking but the answer is almost certainly no.

Yes macs can get viruses from browsing the web. Macs can get viruses. Being Unix-based, by default Macs protect the user from him/herself better than Windows. Nothing is immune to viruses though.

I'm not sure what your last sentence means. I recommend Avira. It has proven itself time and time again to me. It's free and stays out of your way. I have addressed other AV products previously in this thread. I won't be addressing them further.