Belarc Tutorial ?

Topic

New Reply

Has anyone encountered a tutorial to help the uninitiated interpret the flood of results that come from a Belarc Advisor Profile. I am most mystified by the CIS Benchmark Score Details page, where I find that I encounter many more “red x’s” than “green checks.” What would help is a layman’s description of the seriousness of the many flags.

Thanks,

Reply | Quote

Replies

I guess I’d start here if I were you: Center for Internet Security – Standards (or look around the Belarc site, which I admit I’ve not done.)

I want to be careful how I say this, but CIS is a bit of an overkill for me. I DO believe in security in my life and that includes my computer, but I try not to be paranoid about it. I don’t make up passwords consisting of my initials or name (which are well known) but I also don’t get carried away with what some would consider truly secure passwords. Anyway, my little opinion is that truth be known, CIS thinks MY computer security STINKS, according to the red marks, but I AM satisfied with what I do to protect myself.

Hoping you find what you’re looking for…

Reply | Quote

This may be a bit off topic, but I was asked how one could Password protect a Family Research File?
I know of no way unless the using program provided it. The guy was concerned that since the data file had his and the wife’s birth date, that if someone stole his machine they would be subject to ID theft.

So I asked him for starters, if he uses a good password on his XP User account?
His reply “what account”? And WHY would I want to password access to the computer?

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

> how one could Password protect a Family Research File

The easiest way is to create a TrueCrypt virtual disk for storing the data file. You mount this with a password before running the program.

StuartR

Reply | Quote

Thanks Stuart, I will try and pass this on the next time I see this person.

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Hi, not sure if this is what you are looking for but I personally I found this blog page very useful for improving my security rating. I did manage to get it to a “perfect 10” though currently it is down to 6.46, mainly because I use automatic log-on and haven’t installed Service Pack 3. Before I went through the page I linked to I think my rating was under 3!

Hope this helps,

Chris (Hunt)

Reply | Quote

It probably won’t improve your calculated rating, but you can make your autologon more secure if you Boot up Windows before you even log in.

The linked tip lets you use autologon, but locks the computer so you have to enter your password to use it. That is, you turn on, go make a brew, come back, enter your password, and everything is loaded up and ready to go. Where you’re allowed to use it (the IT guys won’t like), it gives you a nice smooth start to the day. (NB: This is not 100% secure, but it is far better than autologon by itself.)

Reply | Quote

Having to enter a password defeats the whole purpose of auto logon as far as I’m concerned. I loathe entering passwords. With my present living conditions I’m more concerned about getting infected via a webpage than someone physically accessing my computer. For this reason I keep toying with the idea of implementing a limited user account but every time I’ve tried so far I’ve given up.

Chris (Hunt)

Reply | Quote

Fair enough. Passwords for physical access at home can be a nusisance, even redundant, if you’re behind a good router firewall.

The scenario where the tip for autologon, with password protection, is more relevant in a work place scenario, where moderate security is needed (would you want someone sending emails from your account?) and password are usually mandatory.

At home I use a limited user account. for all my routine work, surfing, playing, etc. I use a 2nd, admin, account for maintenance, configuration, installs, etc. Once you get into the habit (it takes a while), it helps you focus on the role you’re supposed to be in (user v admin). And hopefully also keeps me a little safer most of the time, especially on the web.

Reply | Quote

Thanks for the info. Do/did you have any programs that have/had problems with a limited user account? I seem to remember one or two programs I have that just don’t work with limited user accounts. Perhaps it is time to try again. Do you have any recommendations for setting up a LUA?

Cheers,

Chris (Hunt)

Reply | Quote

My LUA setup has been stable for quite a while now, although it took some fiddling to get there. The following is from memory, rather than the detailed notes I should have taken.

I started with the LUA/admin split when I still had XP Home, and had to “cheat” from time to time. A later switch to XP Pro, with all the controls available, pretty much eliminated the need for the cheats, because it allowed direct changes to folder/file permissions.

The most common and simplest work arounds I used for apps that didn’t want to play were:
– Uninstall the admin installled app, elevate LUA to admin, reinstall as LUA, demote LUA.
– Create a shortcut to run the app as admin (aka “Run with different credentials”).

The application that caused me the greatest grief was Primavera – a magic tool, but a long way from Windows compliant.

If you have specific apps that cause dramas, the Lounge is a good place to seek a solution.

btw A simple technique I use (started back in MS-DOS days) to assess the quality of a product is to install into a non-default folder. If it fails this test,it has to provide something special for me to persist with it. It’s a sign of poor coding practises and a good indicator of the thought and effort put into the product.

Reply | Quote

Thanks for the advice. I’m guessing that if a shortcut is used to run with different credentials that when you use it you will need the admin password? If so I imagine that would get very tiresome for me. I guess I’d need to make my password shorter and easier to remember. For me passwords take a lot of the fun out of computing.

All the best,

Chris

Reply | Quote

Yes, I had forgotten about the admin password thing, partly because with XP Pro I’ve been able toget away from the need for it. There maybe a few other “gotchas” as you go along.

I’ve found the exercise useful to help “partition” my computer use, but it ain’t for everyone. Apart from the admin and LUA accounts, I also have a games account, with a corresponding hardware profile to maximise performance (have to reboot for that one).

Reply | Quote

I’m using XP Pro – how did you get away from the password thing. That would be really good to know.

Thanks,

Chris

Reply | Quote

It’s a case by case exercise. The simplest is to install as the LUA, while temporarily elevated to admin role, as suggested earlier.

If that fails, you’re into the world of “advanced” file security. You’ll need to figure out which folders &/or files cause the problems for an LUA. Then (with your admin hat firmly on) in explorer you right-click the offender(s), select the “Security” tab and adjust permissions as needed. You can select the “advanced” button to bring up the “Advanced Security Settings” dialog to configure inheritance as well as check effective permissions.

I’m not the ideal person to explain the ins & outs of the details since I mostly muddled my way through by trial and error. It may look daunting at first glance, but if you pause, relax, and think about what you’re trying to achieve, it’s quite doable. After all, I managed it on the family PC, while it was shared by five of us, each with their own needs. (Now we’re spread across 4 PCs on a LAN.)

btw Although this is directly about XP Pro, it can be done in XP Home as well. You get to see and use the “Security” tab if you boot to Safe mode. Or you can use CACLS from the DOS command line (as I tried before XP Pro).

Reply | Quote

I hope you and Tim will pardon me for a small moment of intrusion into your discussion. I just can’t help but comment on the “objection” to passwords in our daily use of our computers. YES, it is a big pain in the tush and, YES it is hard to remember passwords, but the possible consequences of not password “protecting” the computer can be a disaster. Hey, it only takes a minute or two or three to start our computer, including the insertion of a password, so it isn’t as if it’s gonna take a hunk out of our day. Yes, you can use software like TweakUI to autologon, including a password and that’s better than nothing at all. I try not to be naive and I know that a hacker drilling in to my machine could ALSO bust my password, but I’m gonna make it as hard for him as I possibly can. Yes, my hardware and software firewalls help a lot, but I have just made myself get used to using a password and here in my home I even have it written on a post-it and hung on the monitor, just in case my son has to boot my machine. But at least I kid myself into thinking that I’m doing SOMETHING to protect my machine from the dirtbags of the internet.

OK, sorry for the lecture…

Reply | Quote

> intrusion

That’s impossible in the Lounge, isn’t it?

I also believe in the value of passwords, but also value choice. Somewhat like wearing seat belts & bike helmets; I wear mine almost religiously, but object vehemently to being forced to (I also believe I’m responsible for the mess if I don’t). So, especially in a corporate environment with arbitrary rules, I look for ways to make things work the way I like to, rather than what has been mandated (a rebel from way back ).

I also write down my less frequently used passwords, but try keep them safe in case one of the laptops goes “walkabout”, or the passwords fall into the wrong hands. Mine are slotted in among written to do lists and other “innocent” notes, well separated from the accounts they apply to, and made to appear like random doodlings, or errors, to anyone else.

In the office environment, to get access to someone else’ machine, the best places to look are the post-it note stuck under the keyboard or desk or wall calendar, the back of the desk calendar, and the top drawer. It’s also common to see passwords on whiteboards

Reply | Quote

Intrusion? What intrusion

My feeling about passwords is that they are important – too important to be written down. I can’t see the value of having a password and then putting it on a post-it note. Having said this I just seem to find it difficult to remember them nowadays. So, being at home, I use TweakUI and autologon. This loses me a few points with Belarc. Some what contradictorily, my password is time-limited – I have to change it every 90 days. One trap I fell into doing this is when I wanted to try out a very old back-up made with Acronis True Image. I restored the image but couldn’t log-on because the password had expired and I couldn’t remember it so I couldn’t renew it. I had to give up on my very old backups and get rid of them. I guess my password policy forced me to do some housekeeping but it is definitely something to be aware of.

All the best,

Chris

Reply | Quote

No one seems to have mentioned using an external drive as a location for a key (and for a TrueCrypt-protected folder as well). A key key, so to speak. An internal removable drive, such as an SD chip, is even less conspicuous.

Reply | Quote