This guide will teach you the most effect way to recover your Windows system from corruption and keep it healthy by taking the proper precautions and performing regular maintenance. It is strongly recommended that you follow all the steps in this guide and do not skip over any of them.
Step 1. Unplug your modem and change your router settings (like MAC Address).
Step 2. Back up any important files (like pics, fonts). Do not back up any pirated files.
Step 3. Reinstall the OS.
Step 4. Properly configure Windows.
Step 5. Plug your modem back in.
Step 6. Run Windows Update blocking everything else in your firewall (including web browsers).
Step 7. Disconnect from the internet.
Step 8. Create a System Image and a System Repair Disc or Recovery Drive.
Step 9. Encrypt your system with full disk encryption.*
Step 2. Back up any important files (like pics, fonts). Do not back up any pirated files.
Step 3. Reinstall the OS.
Step 4. Properly configure Windows.
Step 5. Plug your modem back in.
Step 6. Run Windows Update blocking everything else in your firewall (including web browsers).
Step 7. Disconnect from the internet.
Step 8. Create a System Image and a System Repair Disc or Recovery Drive.
Step 9. Encrypt your system with full disk encryption.*
Step 10. Don't place any backed up files on your online system and you're done.
*Optional
End.
Intro to Computer Security
Operating System Corruption
OS Corruption is a term that describes when one or more components existing within your OS (or alongside it) become corrupted in a way that compromises your computer system's health. The general intentions of OS Corruption include—to spy on what you're doing—to steal your personal information (or personal files)—and/or to personally attack you by ruining your computer system's ability to work as cleanly and fluidly as it should.
OS Corruption is always the product of malware—which is a general term used to describe any form of computer virus, spyware, bot program, or any other type of malicious code.
What does that mean? Well, code is what computer's run on. It's entire foundation of instructions that guide them in their operations. By design, computer systems are neutral instruction-based machines. They simply do what they're told to do (via the code the instructs them)—which means that code can equally good or bad.
Now the term malware literally means malicious software—but it can extend to encompass any type of malicious code. And where does malware come from? Well, malware is created by computer programmers—who use their knowledge of coding languages (like C++ or Java)—alongside coding software (like Microsoft Visual Studio)—in order to develop custom malicious programs that can later be used to cyber attack other people in various ways.
Code can be written to do almost anything (the possibilities are nearly endless)—which means that scope of malware can be very diverse—and malware can take many forms.
For example, malware can be a computer virus (a custom built program) developed by a programmer in order to carry out one or more of following malicious operations.
✮ Gain access to your computer.
✮ Spy on your computer activity.
✮ Gain total control over your computer.
✮ Steal your personal information (or your personal files).
✮ Copy itself to other computer systems you connect with.
✮ Otherwise compromise your computer system's ability to function perfectly.
In addition to that—as time has gone on—the tactics of cyber criminals continue to become more and more complex (as cyber criminals seek to gain the ultimate advantage in their hacker activity). File corruption is ultimately the product of this. File corruption is when a cyber criminal takes a legitmate program, OS component, or any other file—and corrupts that file by embedding bits of malicious code into it in order to turn that file into malware. The intention here is to make the corruption inconspicuous (so that it's harder to detect by simple means). This tactic often involves corrupting a myriad of different files—so that if one of these corrupted files happens to be fixed—there are a number of other corrupted files to fall back on.
For this reason, it's important to point out that anything can be malware—because anything can be turned into malware through the use of malicious embedding techniques. And this also means that the scope of corruption can take a very deep hold—where in the wake of a moderately advanced cyber attack—this corruption can eventually spread to every core file in your OS and/or every one of your personal files (ruining everything in your computer).
This is the defining element that makes dealing with malware and OS Corruption so troublesome. Conventional anti-virus and anti-malware software have a hard time protecting us against malware, because their security engines are developed to detect malicious software via their digital signatures. However, the largest majority of malware is all custom made on-the-fly (embedded into files right then and there)—which gives all those files a unique digital signature—and that makes collecting those signatures (to protect us ahead of time) nearly impossible.
In our current age, this aspect has nearly made anti-virus and anti-malware programs obsolete—and more of a supplementary defense at best. These days—the greatest defense against malware is knowing the system—knowing what to look for—and having a foul-proof recovery method in order to restore your computer systems to 100% health whenever you need to.
OS Corruption can get extremely technical, making it impossible for even a seasoned veteran to spot remove every single corruption existing within a computer system after it's been hijacked. This is why it's so important to have a stand-alone shadow copy of your OS (like a Windows System Image)—that was made while the OS was in perfect working condition—and before any corruptions (or corrupt files) were placed within (or alongside) the OS. This is the only absolute solution to deal with advanced cyber attacks and heavy OS Corruption.
In addition to that, it's also important to have an offline computer that you can work from exclusively—in the wake that one or more of your personal files have become corrupted like this (and you cannot do without those files). Removing the embedded malicious code from a corrupted file (with 100% success) can be a task that only a federal elitest is able perform.
Why? Well, because someone who utilizes an advanced embedding technique like this will often corrupt many other files alongside it—and these files all work to corrupt each other again in the event that one or more of them have become restored. For this reason, the method of recovery here doesn't just involve removing the embedded malicious code from a single file alone. It involves removing that code from every single corrupted file at the same time.
For this reason, when you backup your important personal files (before you restore your computer from a System Image)—it might be best to just move those files over to your offline system right away in order to prevent your online system from being compromised after you restore it. And make sure to never expose an online system to those personal files (or the device you use to transfer them)—because otherwise, that system may become corrupted in the same way. This could become a nightmare—if say the network of the company you work for becomes corrupted because of this. Network corruption involves several computers and is often even more troublesome to fix than a single computer system.
On a final note, make sure that your offline system is absolutely internet proof. Advanced cyber criminal methods often involve corrupting the display kernal so that the OS doesn't display what's truly going on sometimes. And alongside this, these cyber criminals can program malware to hijack your wireless card and force a connection to the internet through it—even if you're not connected to your network or you try to disable the Wireless service.
So for best results, make sure that your offline computer has no internet capable hardware whatsoever. And if you can't afford another computer, just keep those files tucked away on a removable storage drive until you can get them inspected by government authority. I wouldn't trust anyone else to inspect my files for a corruption like this—and so I recommend that you do the same as me. OS corruption can be a complex and troublesome thing—but there is a definite defense (and solution) for the problem in nearly every case.
Server Corruption
Server Corruption is a term that's used to explain when someone who works at an internet based company (like a website or an online game provider) abuses their job's resources to a criminal end. As the age of technology continues to advance, server corruption has become one of the most precedent issues in regards to our safety on the internet. It seems that everyone these days wants to be a hacker, and that aspiration leads to a whole world of corruption in regards to computer systems—web-based companies—and the internet.
Every single company in our modern history has at one time (or still does have) various individuals that abuse their job's resources in order to do things that they're not supposed to do. Microsoft, Wizards of the Coast, Facebook, Apple, Blizzard Entertainment, Google, The Pokémon Company, Yahoo!—and the list goes on & on & on. For this reason, you should be suspicious of every single website that you visit. There is possibly server corruption at all of them—and therein lies the strict importance for us to be aware of dangers of the internet.
When server corruption takes place at a website, someone is generally using their job's resources (like database info) in order to exploit your web browser and gain access to your computer system. This is most often done through the use of malware scripts—which utilize the direct connection between you and the website—alongside the general files associated with web browsing (like Active X, Java scripts, and web browser cookies).
Malicious script attacks are often the easiest methods to pull off—because most web browsers lack the full range of development in order to properly defend against the spectrum of attacks like this. In fact, only Windows Internet Explorer even comes close. Over the years, Internet Explorer has been increasingly amping up its security in order to prevent cyber attackers from exploiting the web browser to compromising the system.
If you've ever seen all that negative commentary out there about Windows Internet Explorer—this is why. Because hackers manipulatively seek to veer people away from using Internet Explorer (due to it being very difficult to exploit). And depending on how well configured Internet Explorer and Windows is—it can be nearly impossible to exploit Internet Explorer at all. That is truly the scope of development that has gone into IE over the years.
Furthermore, web-based attacks are only a single form of server corruption—which also includes the event of an individual working server side stealing your personal information from the database (like your passwords, e-mail, or IP address)—then either selling that information to someone else—or just giving it away to another for them to do as they please with it. This form of server corruption is often harder to detect and take precaution against.
The greatest precaution that we can take against this is be as aware as possible of suspicious activity—and report everything that we suspect right away to a number of different authorities. Although this sounds like it can be complicated (and you might not know where to start)—this can actually be a lot easier than you think. All you've got to do is write up a detailed explanation of what you've been facing—print it out—then either mail it (or hand deliever it) to as many different points of authority as possible.
Why so many? Well, the key to this tactic is to provide a spectrum of coverage when dealing with the authorities—since sometimes a specific authority might be too busy with something else and push your request aside. Yet also because the source of corruption can be the authorities themselves—and so you don't want your request for help ending up at a dead end (by reporting your problem to the source of it).
So for the best results—just write up a detailed report of everything you've dealing with (making sure to include every suspicion that you might have as well)—then send that report to your local police, state police, local FBI, the mayor of your city—and even the White House. This should provide a full spectrum of coverage in the event the source of corruption is one of those authorities themselves (which I will get into greater detail about next).
In some cases, it can be enough to simply send a detailed report like this to the company executives themselves. And that is definitely an option to add to the list above—unless of course you suspect that those executives are also corrupt. This can generally be determined if they deny you of assistance after you request it—or if they just ignore you altogether. In this case, you will need to reach out to a higher authority in order to deal with the problem.
Android and iOS
You can further help protect your sensitive information by getting an Andoid device to use exclusively when you need to transfer sensitive information over the internet (like Credit Card numbers and Bank Account info). Currently, so long as you're only using any shady Apps—this is nearly a 100% safe option.
Soooo—let's say you'd like to purchase something online (yet you don't want to type out your sensitive information on your computer)—you can use an Android device to your greatest advantage. However, this device has to be an Android or iOS device specifically—because these mobile OS systems are not accessable through conventional cyber criminal means. No one except cyber authorities working for the government have access to these devices in this way.
However, if you use a Tablet PC (or other device) that's loaded with a traditional OS (like Windows 8.1)—that's going to be just as vulnerable. I would like to further add that it is possible for common cyber criminals to corrupt Android and iOS devices as well, so be very careful of the Apps that you download for your device—and try to keep it as clean as possible for your safety.
Other than that, this is a very safe method for transfering your sensitive information over the internet—and the only thing to be added to this is to make sure that you safeguard your passwords as well. Don't log into any websites that your sensitive information stored there through the use of conventional computers, because then someone might be able to exploit your system—obtain your passwords—and steal your sensitive information from the website.
Finally, if you ever suspect that your device might be compromised consider clearing all of the data off it first to resolve the problem. You can do this by using Factory data reset (a Backup & reset option in the Settings menu). This can restore your phone from simple corruption and remove remote access to the device. However, if the attacker was able to gain root access to your device—then this method will not work. In this event, the only option is to sell your device and buy a brand new one (making sure to change all of your passwords and sensitive information afterwards).
Online Game Corruption
On a final note, I would like to talk about server corruption in regards to online gaming and MMORPGs. This is a very popular brand of entertainment in our age—and for that reason, it's also become a gateway to cyber crime in many forms. Sometimes, the programmers that develop, maintenance, or implement new code for these games go behind the back of the company and impement malware into the those game programs. From this, those cyber criminals can gain instant access to the computer system of every single person who downloads the game.
From there, it becomes a factor of OS corruption—which encompasses the entire spectrum of complications that I have previously addressed. For this reason, it's extremely important to never download (or install) any online game before you make your System Image. If you do, then any of its corruptions will ruin the purity of your System Image recovery. Always create that System Image clean—without any third-party programs if you can—and always download, install, or update those programs after you've created (or restored from) your System Image.
This can also take place if a cyber criminal happens to infiltrate a gaming company's network—from which that cyber criminal can then infect the server files (and/or) gain access to every single person who plays the game through the game server. Although the source of the problem in this event is not the same—the song remains the same—and in't the danger.
So be extremely cautious when it comes to online games and try your best to be on the lookout for this. Gaming server corruption is a really prominent issue these days, and you should be suspicious of every online game in the same way that you should be suspicious of every single website. If you happen to notice suspicious activity (and you suspect the source is your online game), the method for dealing with this problem is the same as previously explained. You need to report your suspicions (in detail) to a number of different authorities—in order to best ensure that the problem will get addressed and resolved.
Abuse of Process
Abuse of Process is an advanced form of server corruption. The term comes from a Tort crime that's apart of the United States Law Code. The law almost exclusively applies to authorities—and in regards to the way that they handle their appointed power. In summary, Abuse of Process primarily exists as an enforcement against unnecessary action.
As I said above, sometimes the source of corruption is the authorities themselves—and Abuse of Process is the most common problem that you can expect to face when dealing with corrupt cyber authorities. Its sister offense (Malicious Persecution) is another common problem you can expect to face—and the two generally go hand-in-hand when it comes to corrupt authorities. Malicious Persecution is the crime of when an individual (or group of individuals) exact a personal punishment onto someone for themselves—instead of going through the justice system as they should do in order to professionally resolve the conflict.
Malicious Persecution impedes upon the Plenary Power of a government (which is one of the main reasons that it's a crime). Plenary Power is the government's official authority to carry out actions which have been deemed unsafe to allow just anyone to handle for themselves without any administration. These actions are trusted to select memebers of our governement—who themselves are either directly elected by the people—or professionally appointed by an elected authority to uphold the duties of their public service job.
For example, the Judicial system exists for this reason. The judges, lawyers, and other judicial professionals are not bestowed their seats of authority for nothing. Their job is to handle conviction and judgment regarding all civilian conflicts. For this reason, it's a crime for anyone else to "take the law into their own hands" by judging and punishing a person for any percieved crime by their own hands and their own standards outside of a court of law.
And that is why I say that the two go hand-in-hand, because people who work as authorites tend to envelop themselves too strongly in the entire spectrum of the justice system—to the point where they overstep their appointed authority by exercising executive (and/or) judical authorities that are not truly granted to them. And these people may abuse the authority bestowed upon them to personally judge or punish a person like this (Abuse of Process).
This is almost always going to be the case when it comes to dealing with corrupt cyber authorities. They have a strong tendency to take full advantage of the general cover that the cyber world provides—in addition to the advanced cover provided by their elevated government protocol. Together these two aspects give them a nearly absolute advantage to do anything that they want in the cyber world and get away with it. And corrupt cyber authorities will take full advantage of this—to exact personal judgement on you (and cyber attacking you) by use their programming talent and their elevated government protocol (commiting Malicious Persecution & Abuse of Process).
Over the years, computer systems have been built to suite the government and give them the ultimate edge in the fight against crime. For this reason, it's generally well within any cyber authorities' capability to use their elevated government protocol to override the security (and configuration) of a civilian computer system. This can become a matter of power without control—which is truly where the greatest danger lies.
And for people who aren't too familiar with computer systems—it can be a nightmare for them to figure out that the source of their cyber problems is not a normal one. There is a lot of information about computer systems that is far from common knowledge. (like how they work in general—and how their OS components are supposed to work when properly configured).
Remember that it plays into the hands of cyber criminals for us to not understand these things, so you can expect nothing but lies and misinformation from the general public. The majority of computer people out there these days are aspiring hackers, and that leaves honest people like you and me out in the cold without a clue as to how we can truly protect ourselves from cyber criminals like them.
Thankfully—there is a way to secure ourselves from common cyber criminals—yet unfortunately, there is absolutely no way to secure ourselves from cyber authorities (since our computer systems are designed to the core to give such authorities absolute power).
This opens up the potential for a corrupt cyber authority to use their elevated command in attempts to present themselves as some kind of advanced cyber criminal (in order to cast the illusion of despair on an unknowing person). However, in reality—they are just abusing their authority and trying to take advantage of someone through their manipulative tactics.
For this reason, it's very important for us to know how the our computer systems are supposed to work—so that we can't be fooled by a corrupt cyber authority. When we know how our systems are supposed to work, the signs of Abuse of Process become more prevalent—and it can be easy to tell when a cyber authority is using their elevated government protocol to manipulate our systems (which would otherwise be totally secure).
However, that's not to downplay the challenge of detecting something like this—because cyber authorities tend to be just as malicious and manipulative as black hat hackers. In fact, a large majority of the cyber authorities we have today are former black hat cyber criminals—who have been taken and reconstituted to serve as a cyber authorities for the government.
I would like to believe that this has been the source our struggle in regards to all this—yet unfortunately, for the time being it's just another obstacle that we have no choice but to work around. It can be challenge to detect this—but knowing how the system is supposed to work is a great start to help us defend against Abuse of Process.
In addition to that, be aware that corrupt cyber authorities may not always cyber attack you directly. At times, they will simply use their elevated protocol to infiltrate your totally secure computer system—and from there they will open up a vulnerability in your system that allows a common cyber criminal to cyber attack you. This takes the blood of their hands sorta-speak—and aims to cast the illusion that you didn't know what you were doing in the first place because your computer wasn't properly configured (even though it was before they manipulated it). This method is even harder to detect, yet even this can be determined when you use a hardened security policy and pick up a strong habit of regular system maintenance.
Now—the technique for dealing with Abuse of Process is very similar to dealing with server corruption. You will want to write out a detailed report of what you've been experiencing and make sure to include every suspicion that you might have in regards to who might be behind it—then send a copy of that report to as many diverse authorities as possible.
However, since this tends to be an elevated problem to begin with—the authorites that you'll want to send your report to tend to be a little more particular. For good measure, try sending a copy of the report to your local police—your local FBI—the mayor of your city—your local military division—the White House—(and if things really get grim)—you'll want to send a copy of your report to the United Nations Headquarters (located in New York City).
From there on out, much of this problem becomes out of your hands—and the best you can do from there is try to be vigilant in your reports and wait it out. Your System Image backup should help you defend against cyber attackers in the meantime. So long as you follow the guidelines that I provide for you here, you should be able to recover and properly configure your Windows system in the wake of any cyber attack incident. And even if you can't work from your System Image anymore (if it becomes corrupted), you can always re-install the OS fresh from the original disk and start new.
And that's about all there is to it. Knowing is half the battle—so know how your system is supposed to work—and know what to look out for in order to bring your security potential full circle. Now that this is all explained, you might truly be able to use this guide to its ultimate potential.
In order to begin the recovery process, you will need to get a new IP address, and you will need to conceal your IP address throughout the update process until after you've created a System Image disc set. Doing this is very simple—just unplug the power cord of your ISP modem and leave it unplugged for at least an hour. When you plug it back in, you'll be given a new IP address.
The reason you want to do this—is to shake all the troublemakers who have obtained your IP address. If you don't renew your IP address, then the moment you connect to the internet, those troublemakers with your IP address can launch an attack on your system right away. From this, they can gain access to your system and corrupt it before you can secure it.
As long as they don't have your IP address, you don't have to worry about this. In addition to unplugging your modem to renew your IP address, you are going to want to stay disconnected from any form of peer-to-peer networking. This includes instant messaging, so don't sign-in to any messenger or log-in to any websites until after you've restored, configured, backed-up your system, and encrypted it. Also, during this time—don't let anyone else use your internet connection, they may give away your IP address by connecting to network (or if their system is corrupted).
Note: Some ISP assign their dynamic addresses based on your system's MAC address. Meaning, no matter how many times you unplug (or how long you leave it unplugged), you will likely get the same IP address when you reconnect. In order to change your IP address under these conditions, you will need to contact your ISP and ask them to manually change your IP address.
Another option is to log-in to your Router (Linksys or Netgear)—and find the "Clone MAC address" function in the router's configuration. From there, you will want to check "User Defined Entry" and just enter in anything. This will register a new MAC address with your ISP and that should result in a new IP address. You will have to change this "User Defined Entry" in your router's configuration properties every time you want to get a new IP address from your ISP.
Another precaution you will have to take if you want to keep your system secure—is to do away with all pirated media and pirated programs. If you carry over any media like this onto your system, then you will be vulnerable to hackers who will ruin all your hard work. It's just not worth it. You can listen to streaming music on many websites carefree, as well as get a subscription to a music service (like Zune or Rhapsody). It's very inexpensive (about 10 bucks a month), and offers more music than you could ever possibly download—without opening yourself up to any troublemakers.
The same goes for movies, TV shows, and anime. Do not download or carry-over any pirated media like this because hackers embed malicious code onto the media files. Sometimes this malicious code is undetectable (even to an IT pro). This malicious code can do a number of things to ruin your system. It might change your system settings, (like your security settings) making you unsecure; or it might turn the media file into an exploit, enabling a hacker to tap into the file and get to your system.
The reason you want to do this—is to shake all the troublemakers who have obtained your IP address. If you don't renew your IP address, then the moment you connect to the internet, those troublemakers with your IP address can launch an attack on your system right away. From this, they can gain access to your system and corrupt it before you can secure it.
As long as they don't have your IP address, you don't have to worry about this. In addition to unplugging your modem to renew your IP address, you are going to want to stay disconnected from any form of peer-to-peer networking. This includes instant messaging, so don't sign-in to any messenger or log-in to any websites until after you've restored, configured, backed-up your system, and encrypted it. Also, during this time—don't let anyone else use your internet connection, they may give away your IP address by connecting to network (or if their system is corrupted).
Note: Some ISP assign their dynamic addresses based on your system's MAC address. Meaning, no matter how many times you unplug (or how long you leave it unplugged), you will likely get the same IP address when you reconnect. In order to change your IP address under these conditions, you will need to contact your ISP and ask them to manually change your IP address.
Another option is to log-in to your Router (Linksys or Netgear)—and find the "Clone MAC address" function in the router's configuration. From there, you will want to check "User Defined Entry" and just enter in anything. This will register a new MAC address with your ISP and that should result in a new IP address. You will have to change this "User Defined Entry" in your router's configuration properties every time you want to get a new IP address from your ISP.
Another precaution you will have to take if you want to keep your system secure—is to do away with all pirated media and pirated programs. If you carry over any media like this onto your system, then you will be vulnerable to hackers who will ruin all your hard work. It's just not worth it. You can listen to streaming music on many websites carefree, as well as get a subscription to a music service (like Zune or Rhapsody). It's very inexpensive (about 10 bucks a month), and offers more music than you could ever possibly download—without opening yourself up to any troublemakers.
The same goes for movies, TV shows, and anime. Do not download or carry-over any pirated media like this because hackers embed malicious code onto the media files. Sometimes this malicious code is undetectable (even to an IT pro). This malicious code can do a number of things to ruin your system. It might change your system settings, (like your security settings) making you unsecure; or it might turn the media file into an exploit, enabling a hacker to tap into the file and get to your system.
Note: Do not return any of the files you backed up onto your system until your system is fully encrypted. You may even have to keep them off this system if you discover they are corrupted.
Note: Depending on your hardware and the version of Windows you are using, the system may not recognize your Ethernet port upon reinstallation. Make sure that you have a clean copy of the driver for you computer's Ethernet port. If you also have a wireless Ethernet, you may be okay—and you'll be able to connect via WiFi to get your updates for everything else. However—otherwise, you will not be able to connect to the internet in order to run Windows update, etc.
In order to find out what Ethernet model your computer has,
Go to Control Panel > Device Manager
Note: Depending on your hardware and the version of Windows you are using, the system may not recognize your Ethernet port upon reinstallation. Make sure that you have a clean copy of the driver for you computer's Ethernet port. If you also have a wireless Ethernet, you may be okay—and you'll be able to connect via WiFi to get your updates for everything else. However—otherwise, you will not be able to connect to the internet in order to run Windows update, etc.
In order to find out what Ethernet model your computer has,
Go to Control Panel > Device Manager
Then click the Network Adapters tab.
You should see your computer's PCI-Ethernet model listed there in the drop tab. Make sure that you go to the official source (like your PC maker's support page), and do not download drivers from any unofficial sources.
Before you install the operating system, make sure that you unplug your computer from the internet. It's best to configure the computer while it's disconnected. To re-install the OS, you will need your original Windows OS disc—or you can purchase a recovery disc from several sources.
You can contact Microsoft directly Mon-Fri 5AM~9PM Sat-Sun 6AM~3PM by calling 1-800-642-7676; or 1-877-568-2495 (Canada). Make sure that you order the recovery disc for exact version of Windows your license Key suits. Note the difference, because Home Basic and Home Premium are two different OS versions.
In some cases, you may have to contact your computer manufacturer (like Toshiba, Dell, or Gateway)—in order to get the proper Recovery Disk set that you need.
Once you've got the disc, just put it into the CD/DVD drive and start up the computer. At the BIOS screen, you will need to press the key that launches "Boot options..." Traditionally, it will display which button this is, but you will have to be very quick pressing it. Normally, it's the ESC button—but other systems use a unique key (like F12). If you did it right, a menu screen will appear. Highlight the CD/DVD drive and press Enter. This will take you to a screen that states "Press any key to boot from disc..." Be quick and press any key, this screen doesn't give you much time—and if you miss it, you will have to start all over.
From here, the Windows installation Wizard should take over and guide you along the process. Make sure to reformat the drive and install over the old version of Windows. Do not install the new Windows alongside the old one, you want to get all those old files off your system. Make in the menu that you install to the main drive (the biggest drive), and make sure to select "Format" before you being. Also, select and "Delete" any other drives that appear in the installation menu. Hackers corrupt files in those reserve spaces, so you want to just delete them totally.
You should see your computer's PCI-Ethernet model listed there in the drop tab. Make sure that you go to the official source (like your PC maker's support page), and do not download drivers from any unofficial sources.
Before you install the operating system, make sure that you unplug your computer from the internet. It's best to configure the computer while it's disconnected. To re-install the OS, you will need your original Windows OS disc—or you can purchase a recovery disc from several sources.
You can contact Microsoft directly Mon-Fri 5AM~9PM Sat-Sun 6AM~3PM by calling 1-800-642-7676; or 1-877-568-2495 (Canada). Make sure that you order the recovery disc for exact version of Windows your license Key suits. Note the difference, because Home Basic and Home Premium are two different OS versions.
In some cases, you may have to contact your computer manufacturer (like Toshiba, Dell, or Gateway)—in order to get the proper Recovery Disk set that you need.
Once you've got the disc, just put it into the CD/DVD drive and start up the computer. At the BIOS screen, you will need to press the key that launches "Boot options..." Traditionally, it will display which button this is, but you will have to be very quick pressing it. Normally, it's the ESC button—but other systems use a unique key (like F12). If you did it right, a menu screen will appear. Highlight the CD/DVD drive and press Enter. This will take you to a screen that states "Press any key to boot from disc..." Be quick and press any key, this screen doesn't give you much time—and if you miss it, you will have to start all over.
From here, the Windows installation Wizard should take over and guide you along the process. Make sure to reformat the drive and install over the old version of Windows. Do not install the new Windows alongside the old one, you want to get all those old files off your system. Make in the menu that you install to the main drive (the biggest drive), and make sure to select "Format" before you being. Also, select and "Delete" any other drives that appear in the installation menu. Hackers corrupt files in those reserve spaces, so you want to just delete them totally.
After you've reinstalled the operating system, you're going to want to configure it for best performance. Use these methods to give your system a tune-up.
Step 1. Name your computer.
Step 2. Disable Remote Connection.
Step 3. Create a password for Windows.Step 4. Adjust Pagefile Virtual Memory
Step 5. Enable view of Hidden Files/Folders.
Step 6. Set the L2 Cache.
Step 7. Tweak Windows Services.
Step 8. Configure Windows Firewall and Internet Explorer.
End.
To do this, click the Windows button and go into the Control Panel.
Then, click the View tab in the upper right-hand corner and select "small icons". Then find the icon for "System" and select that.
In the window that appears, you will see your computer's name displayed, and right next to that you will see a "Change settings" button—click that button.
The tab you will see is the Computer Name tab. Within that tab you will see a "Change..." button alongside the corresponding text—click that button.
In the next window, enter in a new name for your computer and press OK to finish. It will then say, "These changes will take effect after you restart your computer." Just press Ok again and proceed.
While you've got the System Properties window open, click on the Remote tab and uncheck the box next to "Allow Remote Assistance connection to this computer"—then click OK.
The next thing you will want to do is create a password to your Windows account. To do this, click the Windows button and then click you account image at the top of the Start Menu—that will take you right to your Windows account settings.
From there, select the "Create a password for your account" option, and in the next window enter in your password—then click Ok to finish.
Just like any other password, you want to make sure this is a strong password. You should use the same method I recommended for creating your encryption password. Otherwise, even amateur hackers will be able to easily break the password and gain access to your account. As long as your entire disc is encrypted, they won't be able to touch anything until they crack the password for that—but you still don't want anyone spying on you and watching your computer activity so don't cut any corners. For this password, you may not need as many characters—about 20~25 should do just fine as long as you're following the same enrichment method; just remember that more characters with this method is always better.
To adjust your virtual memory, go back into the Control Panel and click on the System button again. Then, select the Advanced System Security option in the left-hand plane.
In the window that pops up, click on the Advanced Tab and then click the Settings within the Performance option.
In the window that pops up, click the Advanced Tab, then click the Change button at the bottom within the Virtual memory option.
In the window that pops up, click the Advanced Tab, then click the Change button at the bottom within the Virtual memory option.
In the next window, select "Custom size" and enter the recommended number listed under "Total paging file for all drives" in the same window. Then click the Set button, and make sure to click the Ok button out. If you click the X or Cancel, your changes will be undone. Always click Ok when you are finishing making changes.
To do this, click on the "Organize" button in the Windows Explorer menu.
Then select "Folder and search options" from the list.
In the window that pops up, select the View tab, then select the "Show hidden files, folders, and drives" option below "Hidden files and folders"—and finally click OK.
First thing you need to do is find out how much L2 memory your CPU has. In order to do this, you can look it up on the web; or you find it by generating a system health report. It's probably easier to look it up on the web, but for those who can't—here is how to find the L2 Cache with a system health report. If you already know how much L2 Cache your processor supports, then you can skip ahead to Regedit and configuration.
To generate a System Health Report, first you will need to go into the Control Panel and select the Performance Information and Tools icon.
In the next window, select the Advanced tools option in the left-hand plane.
At the bottom of the list you will see the option "Generate a system health report". Just click that option and wait until it finishes.
Follow the path, Hardware Configuration > Devices Tab > Motherboard Classes
[+] root\cimv2:SELECT * FROM Win32_Processor
[+] Win32_Processor.DeviceID="CPU0"
After you click the final box, you can scroll down and see the L2 Cache size.
Next open Regedit by clicking the Windows button and typing its name in the search box, then pressing Enter.
Follow this path to find the proper key,
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Then double click key labeled "SecondLevelDataCache".
In the window you will want to enter the number of your processor's L2 Cache size. Then collapse all the boxes and exit Regedit. The changes will take effect the next time you reboot.
Windows comes with a lot of great components, but more likely than not—you're going to be using more than half of them. Many of these services automatically start-up with the computer; by tweaking the Windows Services, you can improve the performance—as well as improve the security of your system.
In order to get to Windows Services, go into the Control Panel and then click the Administrative Tools icon.
In the next window, find Services among the list and double click that to enter the Windows Services panel.
In order to configure the services, just double click the service you want to edit. In the service properties windows, you can select the Startup Type tab, then change accordingly. Sometimes, you will not be able to directly disable the service, and you will have to stop the service first. If you encounter this problem, just click the Stop button among the Service status options. Other times, you may even have to stop another service first—before you can disable that specific service. You can either disable that other service right away, or come back to it after you've disabled it later—going along the list.
Here is a Window Services cheat sheet. Just configure your services to match and you should be good to go. If you have a printer, then make sure not to disable the Printer Spooler service. If you come across any other services you feel you might need, then don't touch those either. Otherwise, follow this list's configuration as best you can. If come across something that's not on this list, just pass it up and look it up on the web after your system is secured.
Some of you may have internet security suites or stand-alone firewalls to protect your system—but you don't need to pay for a firewall, because the best one comes free with Windows. Third-party firewalls do not come configured and the automatic configuration mode is often unreliable. Windows firewall doesn't come configured either, but it's so much simpler to use—you can save yourself a lot of trouble by switching (or using it in unison with your other firewall). Which is another perk of Windows Firewall, it's totally compatible with every other firewall program and Internet Security Suite I know of (enabling double firewall power).
To open up Windows Firewall w/ Advanced Security, just click the Windows button then type in its name and click Enter. The window that will open up is the control panel for Windows Firewall. This is the true form of Windows Firewall (for those of you who have never seen it before). Windows Firewall can be very comprehensive, but we can utilize it simply to very effective means. This is definitely something you are going to want to do before you begin running Windows Updates in preparation to create your System Image recovery disk set.
I'm only going to teach you the basics here, but before we start there is some important information you should be aware of first.
First off—the concept of people being able to "open up backdoors" in your firewall is misinformation. Unless they are able to manipulate the Kernel (and hack the display itself), whatever the firewall says is blocked—is blocked.
More commonly, they are not "opening up ports" in your firewall, they are corrupting programs that are allowed through your firewall (like Internet Explorer or Firefox)—and using those programs to access and manipulate your system.
Another common issue is—that the firewall is not truly blocking all connections that don't match a rule; that means any incoming connection will be able to connect with your system, and any outgoing connection can be sent from your system.
Even when your firewall is properly blocking all non-defined sources—if someone can corrupt one of the programs allowed through your firewall, they will still be able to ruin your system; so be mindful of the programs you open up your firewall too.
Firewalls handle two primary connections—incoming and outgoing.
Incoming rules manage connections sent from other computers to your computer. These are generally bad connections, and you should consider them unwelcomed because it means people will be able to send a connection from their computer to yours without restriction.
Whenever you install a program, they have a tendency to create inbound rules in your firewall—so make sure you install them while disconnected from the internet; then delete those inbound rules and make the correct outbound rules you'll need for that program to access the internet more safely.
Outbound rules manage connections sent from your computer to other computers. These are the safer of the two connections, because outbound rules concentrate your connections, and keep them restricted to sources on your system only.
Many open source programs (like GIMP or Magic Set Editor) come with secret trojan protocols built into them, so block them in your firewall so they cannot gain access to your computer through those secret protocols. Not just that, but be mindful of the programs themselves—because some of them (like emulators) may open up other exploits on your system (in the event the trojan connections fail). This can change your computer settings and open you up to attack from the inside out.
Incoming rules manage connections sent from other computers to your computer. These are generally bad connections, and you should consider them unwelcomed because it means people will be able to send a connection from their computer to yours without restriction.
Whenever you install a program, they have a tendency to create inbound rules in your firewall—so make sure you install them while disconnected from the internet; then delete those inbound rules and make the correct outbound rules you'll need for that program to access the internet more safely.
Outbound rules manage connections sent from your computer to other computers. These are the safer of the two connections, because outbound rules concentrate your connections, and keep them restricted to sources on your system only.
Many open source programs (like GIMP or Magic Set Editor) come with secret trojan protocols built into them, so block them in your firewall so they cannot gain access to your computer through those secret protocols. Not just that, but be mindful of the programs themselves—because some of them (like emulators) may open up other exploits on your system (in the event the trojan connections fail). This can change your computer settings and open you up to attack from the inside out.
Before you set down any rules, the first you are going to want to do is block all connections that do not match a rule (for inbound and outbound). To do this, go into "Windows Firewall properties".
Next you should three tabs [domain] [private] [public], within each make sure that the firewall is displayed as "On (recommended)".
Then—in the tabs below that, you should see two more options. Click on the "Incoming connections" tab and select the option "Block all connections". Then click on the "Outgoing connections" tab and select the option "Block". This is going to ensure that no undefined programs or protocols can send any signals or make any connections as they please.
Windows Firewall offers individual inbound and outbound rules, so you will have to configure each one separate. To begin this process, just select Inbound Rules or Outbound Rules in the left-hand plane.
From there you will be able to create a rule by selecting "New Rule..." in the right-hand plane. Let's give it a try by creating an inbound rule to block all echo request (ping).
Follow the path, Inbound Rules > New rule > Custom Rule > All programs > Protocol Type: ICMPv
Next click the Customize button below.
In the window that pops up, select "Specific ICMP types, and then check the box next to "Echo Request". Below these options you should see a table that reads "This ICMP type:" Click on the "Type" tab, select 8 (leave the Code tab listing Any)—then click Ok.
In the next window "Scope", just click Next again (leave them both selected on "Any IP address". In the window after that, select "Block connection", then click Next.
You should see three checked boxes in the next window, [Domain] [Private] [Public], leave them all checked and click Next.
Finally give your rule a name—maybe try, No Bueno Pingas. And that's it!
You should see three checked boxes in the next window, [Domain] [Private] [Public], leave them all checked and click Next.
Finally give your rule a name—maybe try, No Bueno Pingas. And that's it!
Now let's create a rule for Windows Update.
Outbound Rules > New Rule > Custom Rule
Outbound Rules > New Rule > Custom Rule
Select "This program path" and type in, "%SystemRoot%\System32\svchost.exe".
Below you should see where it displays "Services", click the "Customize" button there. In the window that pops up, select "Apply to this service" then scroll down and highlight "Windows Update wuauserv", then click Ok—then click Next.
You will get a warning pop-up, but just click Ok.
In the next window, in the "Protocol type" menu, click the protocol tab—then select TCP. Below you will see [local ports] [remote ports]. Click on the remote ports tab and select "Specific ports"—then enter in the number 80, 443. These are the ports that Windows Update uses to connect to Microsoft and download updates. You will need to specify specific ports and protocols (TCP, UDP) like this for every program create a firewall rule for.
If you use a router, then there's another important rule you will need to create in order to enable your system to establish a proper internet connection. Even without a router, you will still need these two rules—so I will show you how to create them.
Follow the path, Outbound Rules > New Rule > Predefined
Once you've selected Predefined, the drop menu will unlock—click that tab and select Core Networking from among the options. Then click Next.
Once you've selected Predefined, the drop menu will unlock—click that tab and select Core Networking from among the options. Then click Next.
Another list of options will be displayed in the next window—from among them, select DNS (UDP-OUT) and Dynamic Host Configuration Protocol (DHCP-Out). Then click Next. Continue on as natural all the way through to the end, just make sure you select "Allow the connection" when prompted with the connection options.
Lastly, since creating a rule for Internet Explorer is very similar to creating a rule for any other basic program; to get some experience with creating rules for programs, I'll walk you through creating the rules needed for Internet Explorer. Creating a rule for a program is just the same as making a custom rule, only you'll be choosing an actual program this time (rather than an OS service/component).
Follow the path, Outbound rules > New Rule > Custom Rule
In the next window, select "This program path:"—then click the "Browse..." button. For every program you want to create a rule for, you will have to find the actual program file on your hard drive through this browse function.
Most programs are located in the Program Files folder or Program Files (x86) folder.
Specifically, the Internet Explorer folder is found in the Program Files (x86) folder; there you will need to find the actual program among the rest of the contents. You will need to learn how to recognize the main program when you see it (to create firewall rules for all your programs).
Internet Explorer's filename is iexplore.exe, so browse for that file in the corresponding folder—and select it, then press Open.
Next we want to set the protocol and port restriction for the program. To begin, first click the Protocol Type tab, then highlight the protocol the program needs. Most programs only use TCP protocol, but some programs (like Internet Explorer) will also need another rule for the UDP protocol.
After you've selected the Protocol Type, (since this is an outbound rule) click the Remote Port tab and select Specific Ports. From there you will need to manually enter all of the ports you want to open for this program. This is important because programs are easily exploited if any port is open to them. For best results, we only want to open the exact ports demanded by them to work. That information is generally listed somewhere by the company—yet other times we may have to ask in specific which ports are required
As you can see above, you need to separate each port number with a comma—and you can also cover a series of successive ports by entering the starting port number—a dash—and then the ending port number. This will cover (and open) every port from the starting number to the ending number, and it's a convenient for programs that use several successive ports in a row—enabling you to cover them all in one sweep, rather than having to enter each port one by one.
To know for sure which protocols and ports each program uses, you will usually have to look them up.
Windows Store in 8.1
Windows 8 introduces a whole new layout which includes the implementation of specialty apps. One of these apps is a flagship to the Windows market. This app is called Windows Store (or just Store). However, Windows 8 and 8.1 don't naturally come properly configured with all the rules needed in order to properly use Windows Store. This can lead to people using a less hardened Firewall policy to fix it (like allowing all outbound connections).
This is not something you want to do, so I am going to provide all the rules that you will also need to add to your Windows Firewall in order for Windows Store to work perfectly in Windows 8 (and 8.1 especially). I believe that some of these components are exclusive to version 8.1, so if you are still using Window 8—then you can just skip over them.
Outbound Rules to Allow
Credential Broker
Path: %SystemRoot%\System32\CredentialUIBroker.exe
Protocol: TCP
Remote Port: 80, 443
Runtime Broker
Path: %SystemRoot%\System32\RuntimeBroker.exe
Protocol: TCP
Remote Port: 80, 443
Windows Acquisition Host
Path: %SystemRoot%\System32\WWAHost.exe
Protocol: TCP
Remote Port: 80, 443
Windows Store Host
Path: %SystemRoot%\WinStore\WSHost.exe
Protocol: TCP
Remote Port: 80, 443
Service Host
Path: %SystemRoot%\System32\svchost.exe
Protocol: TCP
Remote Port: 80, 443
After you've selected the Protocol Type, (since this is an outbound rule) click the Remote Port tab and select Specific Ports. From there you will need to manually enter all of the ports you want to open for this program. This is important because programs are easily exploited if any port is open to them. For best results, we only want to open the exact ports demanded by them to work. That information is generally listed somewhere by the company—yet other times we may have to ask in specific which ports are required
As you can see above, you need to separate each port number with a comma—and you can also cover a series of successive ports by entering the starting port number—a dash—and then the ending port number. This will cover (and open) every port from the starting number to the ending number, and it's a convenient for programs that use several successive ports in a row—enabling you to cover them all in one sweep, rather than having to enter each port one by one.
To know for sure which protocols and ports each program uses, you will usually have to look them up.
Windows Store in 8.1
Windows 8 introduces a whole new layout which includes the implementation of specialty apps. One of these apps is a flagship to the Windows market. This app is called Windows Store (or just Store). However, Windows 8 and 8.1 don't naturally come properly configured with all the rules needed in order to properly use Windows Store. This can lead to people using a less hardened Firewall policy to fix it (like allowing all outbound connections).
This is not something you want to do, so I am going to provide all the rules that you will also need to add to your Windows Firewall in order for Windows Store to work perfectly in Windows 8 (and 8.1 especially). I believe that some of these components are exclusive to version 8.1, so if you are still using Window 8—then you can just skip over them.
Outbound Rules to Allow
Credential Broker
Path: %SystemRoot%\System32\CredentialUIBroker.exe
Protocol: TCP
Remote Port: 80, 443
Runtime Broker
Path: %SystemRoot%\System32\RuntimeBroker.exe
Protocol: TCP
Remote Port: 80, 443
Windows Acquisition Host
Path: %SystemRoot%\System32\WWAHost.exe
Protocol: TCP
Remote Port: 80, 443
Windows Store Host
Path: %SystemRoot%\WinStore\WSHost.exe
Protocol: TCP
Remote Port: 80, 443
Service Host
Path: %SystemRoot%\System32\svchost.exe
Protocol: TCP
Remote Port: 80, 443
___________________________________________
There is a manual way you can figure out which local and remote ports a program uses—it's by use of the netstat command prompt. However, in order to do this you will have to allow the program unrestricted through your firewall (never turn the firewall off)—and allowing a program unrestricted like that can be potentially dangerous.
If you must do this—for best results, only have that program open and connected to the internet. That will make it easier to determine when you populate the list.
To begin, press the Windows button and type in "cmd" then hit Enter. When the command prompt opens, type in "netstat -a -no"—then hit Enter.
A list of all the active connections will show up. From here, you will have to find the program's connections based on familiarity alone. Note the active connections in brown, and the ports are beside them. Notice the diversity of ports because you will need to list all the ports the program uses in order for the program to properly connect to the internet. The same can be done to find local ports if you need them by using the Local Address column.
Browser Security Options
Browser security is another important aspect to protect our systems while we're surfing the web. Many website are purposely set up with malicious intentions to exploit our systems through the web browser while we're surfing the web. To protect ourselves from this, it's important to harden our Internet Explorer policy the best we can. As I stated in the introduction, it's not recommended that you use any other browser—because their level of development is far inferior to Internet Explorer—and those browsers are not nearly as secure as IE is.
To configure the security settings of your Internet Explorer browser, you will need to open the browser and go to Internet Options—by clicking the gear icon in the upper right-hand corner.
The first of these tabs is the Security Tab. After you click it, you will see four more clickable icons for each defined zone of web-browsing (Internet, Local intranet, Trusted Websites, Restricted Websites). You will want to click each of them and set the Security Bar you there to Medium-High. If you don't see this option, click the "Reset to default" button first—then you should be able adjust the Security Bar. And when you do this (for Restricted Websites and Local Intranet)—set the bar to High.
As an advanced measure of security, make sure that you also check each box (for each zone) that says "Enable Protected Mode". This will give you an additional level of security.
Now—before you move on to the next tab, you will want to click the "Custom level..." button for each zone and scroll down to User Authentication. In that option, click the "Prompt for username and password". Then click OK.
What this is supposed to do is prompt a remote system for your personal Windows user name and password when they're trying to access your computer through Internet Explorer and Windows Network architectures. This is primarily the reason why a very strong Windows password is so important, because weaker passwords are easily broken by Brute Force methods—easily enabling a common cyber criminal to break into your account. A strong password makes this method impossible, because the amount of time it would take to use this method exceeds a single human lifespan.
To configure the security settings of your Internet Explorer browser, you will need to open the browser and go to Internet Options—by clicking the gear icon in the upper right-hand corner.
Next there are few tabs we will need to visit in succession in order to configure all of the security options. These tabs are the Security Tab, Privacy Tab, and Advanced Tab.
As an advanced measure of security, make sure that you also check each box (for each zone) that says "Enable Protected Mode". This will give you an additional level of security.
What this is supposed to do is prompt a remote system for your personal Windows user name and password when they're trying to access your computer through Internet Explorer and Windows Network architectures. This is primarily the reason why a very strong Windows password is so important, because weaker passwords are easily broken by Brute Force methods—easily enabling a common cyber criminal to break into your account. A strong password makes this method impossible, because the amount of time it would take to use this method exceeds a single human lifespan.
After you've done that, you will want to move over to the Privacy Tab and set the Security Bar there to Medium High—also making sure you copy the other settings you can see highlighted below.
After you've done that, click on Advanced and block Third-party Cookies to add a little extra security to your web browsing.
And finally, you will need to move over to the Advanced Tab, then scroll down all the way to the security section and enable Enhanced Protected Mode alongside Enable 64-bit processes for Enhanced Protected Mode*. This is quite possibly the greatest measure of security in regards to your browser's safety. This mode adds depth of defense to Protected Mode and shuts down the browser's ability to execute certain operations in the event that someone tries to execute malicious code via their website (or through a website that's been corrupted).
You can also try only surfing the web with InPrivate Browsing enabled for further security and privacy. You can do this by pressing [CTRL] + [SHIFT] + P.
After you've reinstalled Windows, configured it, activated your license key, and brought your system totally up to date with all the Windows Updates; and after you've installed all your primary programs, configured them, and brought them up to date; the final step is preserving your system in its purest form—free of any corruption or manipulation of hackers; both detectable and undetectable.
One of the greatest repair and recovery tools available for Windows is built right into the OS. By creating a System Image, you will make a copy of the operating system exactly as it exists on the hard drive. Unlike some other forms of recovery (like System Restore), a System Image will override all drivers and any other changes done to your system between the time of the System Image point and the day of recovery. It is the most thorough and definite means to recover your system from corruption.
You can also create a System Image on the hard drive—but this is unwise, because hackers can access the partition and corrupt the files within it. For that reason, it's very important to burn the System Image onto a stand-alone disc set.
You can also create a System Image on the hard drive—but this is unwise, because hackers can access the partition and corrupt the files within it. For that reason, it's very important to burn the System Image onto a stand-alone disc set.
To make a System Image, just click the Windows button and type in "Backup and restore", then click Enter. In the left-hand plane, you will see two options. Click on the one that says, "Create a System Image". From there, the Wizard will guide you through the process.
Just make sure you select "On one or more DVDs" when it asks you "Where do you want to store this data?"
Note: In Windows 8, creating a System Image is found in Windows 7 Recovery—which can be found in the Control Panel as its own option. In Windows 8.1, creating a System Image is found in File History—which can be found in the Control Panel as its own option. The rest of the process will be identical as the above.
Also note that currently—you cannot save a System Image to a DVD set in Windows 8.1. You will have to use a spare hard drive or solid state drive until they fix the issue. This is because the console fails to automatically format the DVD's as it should.
Also note that currently—you cannot save a System Image to a DVD set in Windows 8.1. You will have to use a spare hard drive or solid state drive until they fix the issue. This is because the console fails to automatically format the DVD's as it should.
First you will need to download Rufus [ http://rufus.akeo.ie/ ].
This is a lite application that will be used to convert the Recovery Drive to GPT in order to hotfix System Image recovery for our UEFI version of Windows 8.1 and the System Image it creates.
To begin the process, we need to create a Recovery Drive using the Windows 8.1 recovery console. This function is found in File History. To access this in Windows 8.1, you just need to press the Windows button in order to bring up the Metro Start screen—then type in File History. The search panel will pop up and File History should be displayed below it—select File History to continue.
You can also follow the path Control Panel > File History > Recovery (option in the lower left-hand corner).
Next you will need to select the Recovery option in the bottom left-hand panel. From there you want to select the first option under Advanced recovery tools. It will say [] Create a recovery drive. Select that option and follow the instructions as it says to create your USB Recovery Drive.
After that's finished, you will need to go into File Explorer and select the drive, then take all the files created by Windows and drag them onto the desktop (or another folder).Once you've done that, we need to change the partition to GPT.
This is where Rufus comes in. So with the recovery files in another folder—run Rufus. Then check to see that the proper drive is loaded (selected in the options). For best results, you should only have your Recovery Drive plugged in during this operation.
In the Partition scheme and target system type menu, click and select the option, "GPT for UEFI Systems".
Then in the File System menu, click and select "NTFS".
Every thing can be left where it is (or at default), with the only other precaution being to possibly uncheck all the other format options (except maybe Quick Format and Check Device for Bad Blocks). If you do check the device, just make sure to select [4 passes] for best results. In addition to that, make sure that the drive retains the name RECOVERY, which is given to it by Windows in the Recovery Drive creation process. You can even just rename the drive RECOVERY in File Explorer if you have to.
Lastly, after you've converted it with Rufus—just take all the files you set aside and put them back onto the drive. This completes the Recovery Drive hotfix process. On a final note, make sure that you do this offline (with your modem unplugged) and while your computer is in perfect conditions (like directly after you install Windows 8.1 fresh). If you try to do this online (or leave the drive plugged in), then a cyber attacker might be able to corrupt the files and ruin the integrity of your Recovery Drive.
[ Creating System Image in Windows 8.1 ]
Currently, System Image creation by use of DVD is not available in Windows 8.1. This is because the console fails to initialize the formatting process of the DVDs. However, System Image is available on a Network place (so I've heard) and also, definitely available for Hard Drive.
In order to create a System Image backup in Windows 8.1, it's recommended that you get yourself an external hard drive or a spare internal hard drive that you can detach from the system when you don't need it (outside of the System Image creation process and the System Image recovery process). You want this drive to be detachable to keep it safe from corruption. If you leave the drive plugged into the system, then a cyber attacker may be able to get into those XML files and corrupt them.
In order to create a System Image backup in Windows 8.1, it's recommended that you get yourself an external hard drive or a spare internal hard drive that you can detach from the system when you don't need it (outside of the System Image creation process and the System Image recovery process). You want this drive to be detachable to keep it safe from corruption. If you leave the drive plugged into the system, then a cyber attacker may be able to get into those XML files and corrupt them.
Method here is simple, nothing special. Just go into File History, and then click System Image Recovery (in the lower left-hand panel). Once the console pops up, just select "Save Image to Hard Drive" and proceed. After this is done, you will need to turn off your computer and detach it from the system. Meaning, either unplug the USB cable or unplug the SATA cable.
Lastly, always remember to make your System Image offline in order to keep it safe from corruption.
Using full disk encryption is another very powerful tactic to secure your system from the manipulation of many would-be hackers. It can be a very lengthy process, but it's always worth it. The smaller your hard drive, the faster this process will be. However, processor power and memory also play a factor. For best results, exchange your hard drive with a smaller one.
Generally, you shouldn't need more than 180GB. Replacing your hard drive can be fairly inexpensive, if you can find someone who will offer an exchange rate for your higher capacity drive. You may even be able to upgrade to a higher performance hard drive of lower capacity (like a Solid-State Drive); that's what I'd recommend.
If you really need more space, latest versions of Windows enable you to utilize a DVD-R as though it were a USB storage device. You can store any extra data or media files on a series of DVD-R discs (which are 4.7GB in size each). If you have a Blu-Ray drive, BD-R discs offer capacity of 25GB each.
It's recommended that you make a disc like this to backup any new pictures or other misc. data that you'd like to preserve each time you restore your system. It's also recommended that you use this disc to keep a fresh copy of the latest Java, Flash, graphics card driver installers packs, and other programs. This way—each time you restore you system, you will be able to install the latest versions of those programs fresh from your storage disc.
There are many programs you will be able to use to encrypt your system. If you would like to purchase an encryption program, many of them offer much higher bits of protection than you will be able to find from free programs.
Generally, you shouldn't need more than 180GB. Replacing your hard drive can be fairly inexpensive, if you can find someone who will offer an exchange rate for your higher capacity drive. You may even be able to upgrade to a higher performance hard drive of lower capacity (like a Solid-State Drive); that's what I'd recommend.
If you really need more space, latest versions of Windows enable you to utilize a DVD-R as though it were a USB storage device. You can store any extra data or media files on a series of DVD-R discs (which are 4.7GB in size each). If you have a Blu-Ray drive, BD-R discs offer capacity of 25GB each.
It's recommended that you make a disc like this to backup any new pictures or other misc. data that you'd like to preserve each time you restore your system. It's also recommended that you use this disc to keep a fresh copy of the latest Java, Flash, graphics card driver installers packs, and other programs. This way—each time you restore you system, you will be able to install the latest versions of those programs fresh from your storage disc.
There are many programs you will be able to use to encrypt your system. If you would like to purchase an encryption program, many of them offer much higher bits of protection than you will be able to find from free programs.
TrueCrypt is the program I am going to be working with—and I will show you how you can go about securing your system with full disk encryption. TrueCrypt is a free program that you can obtain at TrueCrypt.org. It offers 256-bit encryption through one or more encryption algorithms. Most of the time, trying to use a combination of algorithms (a cascade) is not stable; but with the maintenance method I am teaching you, there is potentially no reason why you will need to use more than AES encryption by itself.
To begin, start the TrueCrypt program and click on the "System" tab in the menu. The first option you should see is "Encrypt System Partition/Drive..."—select that option.
In the next window, it will ask you the type of encryption. Just select normal, you won't need to create a hidden volume because it's irrelevant. The government's technology far surpasses this, and you wouldn't be hiding anything from them anyways—whether they tell you or not. It would be unwise for you to attempt to hide or lie to them; I don't want you to say you picked up that bad habit from me.
Next you will be asked if you want to encrypt a partition or the entire drive, For best results, you will want to encrypt the entire drive—that way, no remote computer will be able to access or drop data onto your drive. Only your local machine will have the priority of doing this, keeping you tucked in safe—and them out. This won't keep you safe from all malware, so you still need to be careful. If you drop malicious code onto your drive for yourself (like downloading a corrupted file), the malicious code will be able to operate from the inside out.
At this point, you may get a pop-up that says your drive contains a non-standard partition—and if you would like to encrypt it. Just click no, you've already made yourself your own stand-alone System Image backup, those portions only exist in theory at this point. When you reinstalled the OS (or when you recover from a System Image), you reformat the disc and will have erased these portions.
You may also encounter a window that prompts you about encrypting the Host Protected Area. For the exact same reasons, just select No and continue. Those portions of the disk won't exist anymore if you're following my recovery method.
Now you will have to select the option that matches your computer. If you only have a single OS installed on your system, then you will want to select "Single Boot". Otherwise, select the "Multi-boot" option if you've installed more than one OS on your system.
Next you will need to select the type of encryption you would like to use. AES is my personal recommendation. Select AES and make sure RIPEMD-160 is selected as the Hash Algorithm. Once that's done, click next.
This next step is the single most important part of the encryption process. You will need to come up with a password for your encryption. This password has to be extremely strong, or else even amateur hackers will be able to use certain methods to break your password. It gets even worse when you factor in adept hackers, because they have even stronger programs and tactics to break complex passwords. There is a method to even their madness, so here is what you'll need to know in order to develop the best password.
When you're creating a password for your TrueCrypt, it's wise to use a password that's at least 30~40 characters long. Sit down and think about it for awhile. Take your time and don't rush this. Remember this is the most important aspect of your security.
To create the most potent password, you will want to use a strong mixture of characters (case sensitive letters, numbers, and symbols). It's also very important that you don't use conventional terms or spelling. It might sound hard, but I've developed an easy method for password enrichment that you can take up for great results.
First you take a phrase—like a lyric from a song...
"Never gonna run around, and hurt you!"
Then you begin the enrichment process by scrambling the spelling, and replacing letters with symbols, numbers, and case-sensitive characters.
You'll end up with something like,
N>^>&G0//4&^N@R0*%D-};NHiR+J0u!
As you can see, I didn't use conventional spelling, and used a strong diversity of characters—but I've kept the primary foundation of the phrase in-tact. It's always a good idea to write your password down so you don't forget it. If you do it right, the structure should flow together in a way that makes it easy to get the rhythm down and remember it naturally.
The step is also very important. Here you will have to enrich your data pool for your encryption keys. The program does a lot of the work for you, but you will have to move your mouse as wildly as possibly within the window so that it can collect the random data for the enrichment process. You can go in wild circles, that's fine—but make sure to do it as fast as possible and move all around. Also, mix it up and do some star-like patterns and other scrambling. It says at least a few minutes, but I recommend you do this for at least 10 minutes. If it helps to walk away and take a break after a few minutes, just do that—anything so long as you scramble the mouse for at least 10 minutes.
In the second from final step of the encryption process, you will have to burn a backup disc. When you're prompted, put a disc in the drive and TrueCrypt will automatically launch the process. Give it the okay to make the disc, and when the drive ejects it, close the drive with the disk in place. After it's done making the disc, TrueCrypt will need to verify it.
After that, you can just break the disc and throw it away. Since you've made a System Repair disc and a stand-alone System Image disc set, you will be able to boot from the System Repair disc and launch the System Image recovery outright. From there, you will be able to restore your system and reformat the entire drive without having to go through the trouble of decrypting it first.
Right before the final stretch, TrueCrypt is going to test the system for stability; what it's going to do is reboot the system, and what you want to watch out for is a blue screen. If this happens to you, it means that something serious has gone wrong and you will have to start over by booting from the System Repair disc and restoring your system from the System Image. Unless you went over my head and selected a cascade of algorithms, this is very unlikely to happen—so don't worry about it; I just wanted explain what you need to do in case it does happen.
After that, you can just break the disc and throw it away. Since you've made a System Repair disc and a stand-alone System Image disc set, you will be able to boot from the System Repair disc and launch the System Image recovery outright. From there, you will be able to restore your system and reformat the entire drive without having to go through the trouble of decrypting it first.
Right before the final stretch, TrueCrypt is going to test the system for stability; what it's going to do is reboot the system, and what you want to watch out for is a blue screen. If this happens to you, it means that something serious has gone wrong and you will have to start over by booting from the System Repair disc and restoring your system from the System Image. Unless you went over my head and selected a cascade of algorithms, this is very unlikely to happen—so don't worry about it; I just wanted explain what you need to do in case it does happen.
Before your system boots up, you will have to enter your encryption password. You will have to enter this password every time you boot the computer. It might be a little trouble, but it's well worth the security. Make sure you go slow and enter the password right. Given the complexity of the password I've taught you to develop, you might butterfingers it—and it will display "Incorrect Password". Just keep calm, and try again—sometimes you may have to try a few times before you get it right. After you've familiarized yourself with the password, it should become easier and easier for you to type in.
After a successful boot, the actual encryption process will begin. Depending on the size of your hard drive and the speed of your system, this can take anywhere from a few hours to several hours. For this reason, I recommend you first replace an expansive hard-drive (500GB and up) with a smaller Solid State drive (150~200GB). As I said, any local computer shop can help you with this—so just call around as ask them about an exchange. You won't have to worry about them secretly corrupting your system because you're already going to restore it fresh yourself.
While it's encrypting just enjoy yourself and do something to pass the time. I would say that up to 4 hours is a fair amount of time to wait. If it's within that range, then no changes are necessary. You can even pause the process, shut the computer down, and resume it later. However, do not connect to the internet in this time—and do not connect to any messengers or other networks. Do not let anyone use your internet connection or log into any networks either.
If you're recovering your system for maintenance, it's a wise idea to encrypt your system before you install Windows Updates. You can restore from a System Image, encrypt your system—then install your Java, Flash, latest graphics driver, run Windows Update, and everything else carefree.
Internet Security Suite and Host Intrusion Prevention
The most core-essential security tool you will need to get is an Internet Security Suite. Why I recommend this over just an Anti-virus program is because an Internet Security Suite's coverage is generally far more comprehensive. They secure your system from a wider array of cyber attack and corruption methods. These can get a little complicated when it comes to learning how to navigate and properly configure them—so be mindful the one you choose.
You tend to get what you pay for, but don't let the price tag fool you. Shop around and check reviews. Look for the cheapest one that offers the most options.
If you can't afford to buy a premium program, then there are some reasonable free versions available. First one I would suggest is Microsoft Security Essentials. If you'd like something more comprehensive than I would suggest Comodo Internet Security or Bit defender Free.
Virtual Private Network (VPN service)
In our age, this is very recommended for maximum security. This is a paid service that will mask your IP address safely and securely from all remote sources. The IP address is the primary way that hackers can launch an attack on your system. Your IP address is left at every website you visit—from which any person can take it and use it against you; or give your IP address away to others so they can attack you.
If you play lots of online games, the people who work server-side will have your IP address. Not only that, but hackers who can gain access to the game server can steal your IP address from the database. Being exposed to so many people only amplifies the risk factor many times over. It is a huge vulnerability that cannot be covered any other way.
You never want to use a free proxy service, because those proxy servers are unstable, often very slow, and cannot be verified as absolutely legit. In fact, they are often breeding pits for experienced hackers—so using a free proxy server is a sure-fire way to get hacked and ruin your system.
Once again, the best idea is to shop around. Find the one that's right for you. Speed is pretty much the ultimate factor, but always keep security in mind. Given the nature of this kind of service, security is sort-of a given—but just do your homework anyways.
If you can't afford this service, you should still be alright so long as no one is able to break your encryption password. You might end up with a few people spying on you (watching your activity), but they won't be able to touch anything without the password. Concealing your IP address is pretty much the only sure-fire way to prevent direct IP address based attacks.
If-or-when you begin to notice suspicious behavior on your computer, it might be a good idea to preform a maintenance, renew your IP, and update your encryption—because by some uncanny force, someone may have unlocked your encryption password.
System Optimization Program
Another very important system tool is an optimization program. There are a lot of different programs which cover many different technical services. When it comes to programs like this, very few offer full coverage unless you purchase a license for them. There are some free versions available, but what was said for VPN goes for this as well. It's a premium service.
Some notable premium optimization programs would be, IOBit™ Advanced SystemCare Pro, WiseCleaner™ Wise Care 365, TuneUp™ Utilities, PC Tools™ Performance Toolkit, and Systweak™ Advanced System Optimizer.
Some good free options would be IOBit™ Advanced SystemCare [Free], Piriform™ CCleaner, WiseCleaner™ Wise Care 365 [Free], or GlarySoft™ Glary Utilities.
Definitely get something, because something is better than nothing.
Step 1. Unplug your modem and renew your IP.
Step 2. Back up any important files (like pics, fonts).
Step 3. Boot you system from System Repair disc.
Step 4. Restore your system from System Image.
Step 5. Configure your system.
Step 6. Encrypt your hard drive.
Step 7. Run Windows Update and update your other programs (like MMORPGs).
Step 8. Install the latest versions of temporary software (like Java, Flash, CCleaner).
Step 2. Back up any important files (like pics, fonts).
Step 3. Boot you system from System Repair disc.
Step 4. Restore your system from System Image.
Step 5. Configure your system.
Step 6. Encrypt your hard drive.
Step 7. Run Windows Update and update your other programs (like MMORPGs).
Step 8. Install the latest versions of temporary software (like Java, Flash, CCleaner).
Restore from System Image
To perform maintenance, you should begin by unplugging the power cord from your modem, then backup any new images, fonts, or any other things you wish to preserve. Just remember to be mindful of what you backup, you don't want to backup any pirated or third-party content because it might have malicious code embedded.
After you backed up all your stuff, and boot the system from your System Repair disc using the same method as reinstalling your operating system.
Once the System Repair disc boots up, a menu will show up and you will want to click on the option that says "Recover your computer from a System Image"; this will launch the recovery counsel. It might display a message stating "No system image detected."
At this time, just take out the System Repair disc and put in the final disc in the set of System Image discs. Continue on until you see the window with a box and section stating "Reformat the drive and re-image". Make sure you click that box to override the boot encryption. The box may be greyed out and checked for you. If it is, then don't worry—just continue on.
Wait until you get a pop-up image stating "Enter (System Image name) disc I now." If you take the final disc out too soon, you will have to start all over—wait for the okay, then take out the final disc and put in the first disc to begin the restore process.
Configuration
After the recovery process has finished, the first thing you will want to do is change your computer's name, then assign a new Windows password; and change your Windows theme if you'd like. Once that's done, pop in your Storage disc or USB and extract all your preserved photos and other files and put them in place. Also take out your fresh copies of your program installers and get those ready (like the latest Java, Flash). You can install them and configure them right away (like Firefox). Otherwise, just do it after encryption. After you've updated your computer name, assign a new password to your Windows account, then restart your computer.
Once you've got all your backed up data in place, encrypt your hard drive with full disc encryption and make sure to use a different password.
After your hard drive in encrypted, if you use a router, first log-in to your router and change all the settings (router name, wireless network name, passwords, subnet mask, and starting IP address); then unplug the power from your router, and plug your ISP modem back in; and once it's connected, plug your router's power cord in. Once it's all connected, go into command prompt, release and renew your IP, and flush the DNS cache.
To do this, click the Windows button and type in "cmd"—then right click on the cmd icon and select "Run as administrator" from the menu.
In the command prompt, enter the following commands, then press Enter to release and renew your IP—and also, to flush your DNS cache. Also—if you ever experience a lag in your web browser, try using this method to speed things up.
To release your IP,
ipconfig /release
To renew your IP,
ipconfig /renew
To flush your DNS cache,
ipconfig /flushdns
Once that's done, you can begin with Windows Update—and updating any other programs that are behind due to the date that your System Image was created on. After Windows Update is all good, just go into the "Temp" folder and clear it (highlight everything and press the "DEL" key). You can easily access this folder by clicking on the Windows button and selecting "Computer" from the menu.
From there, follow the path C: > Users > [Account name] > AppData > Local > Temp
As the final step, run your System optimization program, restart your computer, and you are good to go.
From there, follow the path C: > Users > [Account name] > AppData > Local > Temp
As the final step, run your System optimization program, restart your computer, and you are good to go.
No comments:
Post a Comment