A. Step 1 - Install a firewall, even if you already have one.
1. Download Kerio Personal Firewall v2.1.5 here.
2. Run it and let it install. (Click Start, then Run, then Browse and find wherever you put it, and double click it.) Bookmark or add to your Favorites this page and any others. Reboot.
3. Download my Spyware Blocklist for Kerio. Use either:
a. Kerio List Type 1 (basic,
no frills, less protection).
b. Kerio List Type 2 (better
protection, should work on almost all systems without tweaking. If in doubt, use this one).
c. Kerio List Type 3 (best protection, requires DNSKong and extra setup, below.)
d. Kerio List Type 4 (No spyware or adult filters, just ad blocks and tough rules. Not recommended for users of
Microsoft Internet Explorer, or corporate, file-sharing, or family users due to a lack of spyware and adult filters.)
4. Start up Kerio if you haven't already and right-click it's icon (little blue shield at bottom right).
5. Select Administration, then click the Miscellaneous tab.
6. Click Load, click on Files of Type box and select All Files.
7. Find the file you just downloaded. It will be called either SPONGE1.BIN, SPONGE2.BIN, SPONGE3.BIN, or SPONGE4.BIN. Click it, and click Open. Then click Ok.
8. Done.
B. Step 2 - Use DNSKong.
Note to Windows 2000 and XP users: Go here for setup instructions and to download DNSKong. Make sure to come back here when you're done.
1. Download DNSKong and save it as C:\DNSK106.EXE
2. Run it from the Start menu by typing this exactly as it appears: C:\DNSK106.EXE -d
3. If DO NOT you use a cable/DSL router or firewall, or are planning to buy one in the near future, skip to step 4. Click on Start then Run... If you are using Windows 95, 98, Me, or 2000, type in WINIPCFG. Select the type of connection you use from the pick list near the top. (If you use dialup, look for PPP Adapter [yes, there are cable/DSL routers for dialups]; if AOL, look for AOL something; if you use cable or DSL, look for something with a name and model number like "3COM 45HC305"). Then click the More Info...button on the screne that appears and write down the entries in the DNS Servers field. On Windows XP, type in CMD. At the command prompt, type in IPCONFIG /ALL | MORE and write down the DNS Servers pertaining to the type of connection you use.
4. Run DNSKong from the icon on the desktop or from your Programs menu. When it's running you should see a rectangle over two squares in the tray near the bottom right of your screen.
5. Go into Start menu/Settings/Control Panel/Network. (Windows XP users: click on Start/Settings/Control Panel, select the type of connection you use, right click it, and select Properties.)
6. Find TCP/IP (something) Adapter. (XP users: It's called just TCP/IP). Photo here.
7. Click DNS Configuration.
8. Click Enable (if not already Enabled).
9. Enter in the Host box: localhost
10. Enter into the DNS Server Search Order Box: 127.0.0.1 then click Add.
11. Make sure everything else is blank. It should look like this photo.
12. Click Ok.
13. Download named.txt into C:\PROGRAM FILES\PYRENEAN\DNSKONG The folder PROGRAM FILES may also be abbreviated PROGRA~1
14. If you DO NOT presently have a cable/DSL router or firewall, you can skip to step 16. Look in your router's documentation and add in 127.0.0.1 to the first DNS server and also, if available, for the WINS server setting. On the Linksys routers, you can do this by opening a new browser window and typing in 192.168.1.1 into the address bar. Enter your password (change your password if you never did! Hint, hint, hint!) Select DHCP from along the top. Enter 127.0.0.1 into the first DNS server line and also the WINS server line, using the TAB key to skip between columns. Click Apply when done.
15. Right-click DNSKong's icon at the bottom right and select Proxy DNS... Enter in the addresses of the DNS servers you wrote down from WINIPCFG or IPCONFIG. You can enter in up to five DNS servers.
16. Reboot if you want DNSKong to take effect immediately or wait until we finish as you have to reboot in later steps anyway.
C. Step 3 - Use The Proxomitron.
1. Download The Proxomitron here.
2. Run it and let it install.
3. Download my DEFAULT.CFG and save it in the folder Proxomitron installed into. Save it as DEFAULT.CFG. Make sure that the box underneath the name, usually called something like "Files of Type" is set to All Files. Remember to always do this when downloading.
4. Download these decryption files here. Extract them using WinZip or WinRAR. Copy the files called ssleay32.dll and libeay32.dll to the same folder as Proxomitron. You can delete the other files that came in the ZIP file.
5. Start Proxomitron if it is not running already. Click the green triangle at the lower right of your screen to call it up. From the File menu, select Load Config and select DEFAULT.CFG. Next, from the main menu, select the Config button, then click the HTTP tab along the top of the next menu. Check the box called "Use SSLeay/OpenSSL". Click Ok. Then click File from the main menu, and select Save Default Settings.
6. Modify your browser's settings. (Note, if you download another browser in Step 4, you might have to come back here to change this setting.)
a. For Mozilla or Netscape:
i. For Netscape or Mozilla, go into your Preferences menu (Click Edit, then
Preferences, then the little Plus (+) sign next to Advanced.
ii. Select Proxies.
iii. Click the radio button called Manual Proxy Configuration.
iv. In the box called HTTP, enter: localhost
v. In the box called Ports, enter: 8080
vi. In the box called SSL Proxy, enter: localhost
vii. In the box called Ports, enter: 8080
viii. Click Ok when done and move on to item D - Secure Your Browser and Email Programs.
b. For Internet Explorer:
i. From the Tools menu at the top, select Internet Options.
ii. From the tab at the top called Connections, go to the bottom and select LAN Settings.
iii. Check the box called Use A Proxy Server.
iv. Click the Advanced button.
v. Where it says HTTP, put localhost in the left-most box.
vi. In the right-hand box (Ports) put 8080
vii. Where it says Secured or SSL, put localhost in the left-most box.
viii. In the right-hand box next to it (Ports) put 8080
ix. Click Apply then Ok when done. Move on to Section D - Secure Your Browser and Email Programs.
c. For Opera:
i. Click File on the menu bar at the top of the screen.
ii. Scroll down and click Preferences.
iii. Select the item called Network in the list.
iv. Select Proxy Servers.
v. Check the box next to HTTP. In the left-most box, enter the word localhost
vi. In the right-most box (called Port:) enter in 8080
vii. Check the box next to HTTPS. In the left-most box, enter the word localhost
viii. In the right-most box (called Port:) enter in 8080
ix. Click Ok, then click Apply, then click Ok. Move on to Browser and Email Programs.
Note: If you dislike the filtering of SSL pages, you can always disable this be changing the Proxy feature of your browser and taking out what you entered under "Secured" or "SSL". However, it is strongly advised that you take advantage of Proxomitron's ability to filter https pages.
D. Step 4 - Secure Your Browser and Email Programs.
1. Download either Mozilla (faster than Internet Explorer, but more stable) or Opera (less stable than Mozilla, but the fastest browser available). IMPORTANT! - follow the steps for securing Internet Explorer, even if you install another browser!
2. Run it and let it install.
3. Repeat setup procedure from C. - Use The Proxomitron for the appropriate browser.
4. You might want to put this page in your Favorites or Bookmarks at this point and reboot.
5. Configure Internet Explorer (or your Internet Settings from your Control Panel) and Outlook, even if you don't plan on using them:
a. For Internet Explorer 4 on up:
i. Click Tools in Internet Explorer. (Alternatively, go into Internet Options by clicking Start, then Settings, then Control
Panel and then Internet Options.)
ii. Click Internet Options.
iii. You should be looking at the General tab. Click Delete or empty on your Temporary files. Also do this for your
cookies unless you are sure you need to keep them.
iv. At the History item, set this to 1 (one day.)
v. Click the tab along the top called Security. Picture here.
vi. Make sure the zone called Internet is highlighted. It looks like a globe.
vii. Select Custom Settings.
viii. In the Custom Settings menu, click Disable on anything mentioning ActiveX or Scripting. If you need to be able to use
ActiveX controls then at least disable unsigned ActiveX but select Prompt for all other ActiveX and Scripting items.
ix. Select Disable for the item Allow sites to set permanent cookies. (In IE 5 on up, click Apply first, then the Privacy tab,
then click Advanced, and select Allow all First Party Cookies, Deny all Third Party cookies. Make sure to uncheck the
box called Always allow session cookies.)
x. Click Ok.
xi. Back in the Security menu, select LAN or Intranet.
xii. Repeat items vii through x.
xiii. Again, you will be back in the security menu. This time, select Restricted and then repeat vii through x if everything is
not already set to Disable. Then click Apply then Ok.
xiv. Back in the Security menu, select Trusted Sites, which has a green symbol. Click on "Sites" and enter the following into
the Trusted Sites zone: *.windowsupdate.microsoft.com and then click Add. You may have to uncheck the box called
Require Server Verification (https). Click Apply then Ok.
xv. Next, click the item along the top called Advanced.
xvi. Disable the items called Enable Install-On-Demand and automatically check for Internet Explorer updates.
xvii. Click Apply then Ok when done.
b. Netscape 4.79 and below:
i. Click on Edit.
ii. Click Preferences.
iii. You will be looking under the item called Navigator. Look to the right.
iv. Where it says History, set this to 1. (Keeps history for one day at most.)
v. If you like you, can enter a new home page here. Enter the full address. Make where it says Navigator Starts With,
make sure you have Home Page selected.
vi. You might have to click the little plus (+) sign next to the menu item called Navigator to reveal more options. Select
Smart Browsing.
vii. Uncheck "Enable What's Related".
viii. Now, click the menu called Advanced.
ix. On the right, uncheck the item called Enable JavaScript for Mail & News. Also make sure the item called Send email
address as anonymous FTP password is uncheck unless you have been told otherwise.
x. Under Cookies, select the button called Only accept cookies that get sent back to the originating server.
xi. Click the plus (+) sign next to the Advanced menu to reveal more items.
xii. Select Cache.
xiii. Click the Clear Memory Cache and Clear Disk Cache buttons. Also, enter into the boxes called Memory Cache and
Disk Cache the number zero.
xiv Select SmartUpdate from the menu options at left.
xv. Uncheck the box called Enable SmartUpdate. Make sure the box called Require manual confirmation of each install is
checked.
xvi. You are done. If you also use another browser, continue here. Otherwise, we'll move on to the next step.
c. For Mozilla and Netscape 6 and above:
i. Click on Edit.
ii. Click Preferences.
iii. You will be looking under the item called Navigator. Look to the right.
iv. If you like you, can enter a new home page here. Enter the full address. Make where it says Navigator Starts With,
make sure you have Home Page selected.
v. Where it says History along the menu tree along the left, select History. In the History menu, enter 1 in the Browsing
history box.
vi. Click the little plus (+) sign next to the item called Privacy & Security along left to bring up that menu and select
Cookies.
vii. Check Enable cookies for the originating website only.
viii. Check the box called Disable cookies in Mail & Newsgroups if it's not already checked.
ix. Check the button called Limit Maximum lifetime of cookies to: and then check the button called Current session.
x. Click the menu called Images, and make sure the box at right called Do not load remote images in Mail & Newsgroups
is checked.
xi. For maximum privacy and security, you also might want to click the radio button called Accept images that come from
the originating server only. This is one of the most powerful and best privacy protection features available, but it may cause some
websites to display incorrectly.
xii. Select the Forms menu.
xiii. Uncheck Save form data from web pages when completing forms. This is a dangerous feature to leave on.
xiv. Click the Passwords menu. Unless you absolutely need it, make sure the box called Remember passwords is
unchecked.
xv. Click the Advanced menu. Make sure Send this email as anonymous FTP password is blank unless you require
otherwise.
xvi. Click the plus sign next to Advanced to show more menus and select Scripts & Plugins.
xvii. Uncheck Enable JavaScript for Mail & Newsgroups and Enable Plugins for Mail & Newsgroups unless otherwise
necessary.
xviii. In the box called Allow Scripts to:, uncheck open unrequested windows (pop-ups) and hide status bar.
xix. Next, select the menu called Cache.
xx. Click the Clear Memory Cache and Clear Disk Cache buttons. Also, enter into the boxes called Memory Cache and
Disk Cache the number zero.
xxi. Finally, select the menu item called Software Installation. Uncheck Enable software update.
xxii.Click Ok when done. Proceed to the next Step on cookies unless you have another browser you want to set up.
d. For Opera 5 and above:
i. Click File, then Preferences. (Make sure you do not select Quick Preferences!
ii. Under the Personal Information menu (may not be in Opera 7 and above) make sure everything is blank.
iii. In the Advertising menu, make sure everything is set to Unspecified.
iv. Select the History & Cache menu.
v. Hit the two clear buttons and the Empty Now button.
vi. If you want to disable Opera's cache (which will reduce it's speed -- the cache is why Opera lives up to the claim of
being so fast) then set the History and the Disk Cache boxes all to zero.
vii. Select the menu called Privacy & Security.
viii. Under Cookies, select in the top pick-list Automatically accept all cookies.
ix. In the lower box, select Do not accept third-party cookies.
x. Below the cookies menus, make sure Throw away new cookies on exit and Display warning for illegal path are
checked. Only uncheck the former if you absolutely want cookies.
xi. Under Privacy in this menu, uncheck Enable referrer logging and Use cookies to trace password protected pages.
Disabling Automatic redirection by unchecking it is a very powerful privacy-protection tool, but it can be annoying to use
on some sites.
xii. Click Apply. Then click Ok. Now, move on to Step 5 unless you want to configure another browser.
e. Outlook (all versions):
i. Click Tools.
ii. Click Options.
iii. Select the tab called Read. Check the box called Read all messages in plain text.
iv. Select the Security tab.
v. Check the button called Restricted Sites Zone. (Note: if you use Outlook for email, you must follow the
security procedures for Internet Explorer, above, even if you do not plan on using IE!)
vi. Make sure the box called Do not allow attachments which potentially may be a virus is checked.
vii. Click Apply then Ok. Continue configuration of other email clients if you use them.
f. Eudora 5 and above email client:
i. Click Tools.
ii. Select Options at the bottom.
iii. Select Display.
iv. Uncheck the box at right called Automatically download HTML graphics.
v. Under Viewing Mail, uncheck Use Microsoft's Viewer and make sure Allow executables in HTML content is
unchecked.
vi. Find the item along the left called Automation.
vii. Uncheck Automation enabled from the machine if it isn't already. Only allow this to be checked if you are in a network
environment which requires it.
viii. Scroll down to Extra Warnings and make sure that the two items pertaining to Launch a program are checked.
ix. Click Ok when done and move on.
g. Pegasus Email Client:
i. Click Tools.
ii. Click Preferences.
iii. Find the menu item called Hyperlinks and select it.
iv. On the right, if you use Internet Explorer as your browser, check the box Use the non-standard URLs expected by
nternet Explorer.
v. Click to select the menu above this, called Content Viewers.
vi. Click Add.
vii. In the menu that pops up, select 'Attachment-Type information'.
viii. Select from the pick-list Visual Basic. Now click the button on the lower half of the menu called Do not run any
application, and issue no warning (fail silently). Click Ok.
ix. Repeat items vi through viii for the following items in the pick-list: Program-Source, Gif Image, JPEG Image, PCEXE.
You may not have all these.
x. Repeat items vi through viii, this time selecting the Filename extension button. In the matches this: box, put EXE, DLL,
JS, XML.
xi. Click Apply then Ok when done. Move on to the next Step.
E. Step 5 - Clean up your Cookies
Note: If you want to keep existing cookies (say, to be able to get into your webmail without re-logging in each time), or if you think it's too difficult, then skip directly to Step 9.
1. Click your Start menu button, then Run.
2. Cut and paste the following line into the Run box: c:\windows\command\edit c:\autoexec.bat and hit Enter. (Note: Windows NT and 2000 users, substitute WINNT for WINDOWS in that line.)
3. Add the following line: call c:\clean.bat C:\WINDOWS and save it. (Again, Windows NT and 2000 users substitute WINNT for WINDOWS in that line. If Windows is on a different drive, substitute the appropriate drive letter for C:.)
4. Download my cookie cleaner and save it exactly as follows: C:\CLEAN.BAT.
5. Reboot.
6. Again, from your Run menu like in step 2, type or cut and paste the following exactly: c:\windows\command\edit c:\autoexec.bat
7. Delete the line you entered previously, call c:\clean.bat and save it.
8. Delete \CLEAN.BAT using Windows Explorer, DOS, or whatever you prefer to use.
F. Step 6 - Housecleaning for your Computer.
NOTE: Skip this section if you are connected to a LAN or are networked to another nearby computer.
1. Go into your Network panel (like you did in the DNSKong section.)
2. If File & Print sharing is grayed out, skip to step 3 below. If not, click that button and uncheck everything from the following menu, and then click Ok.
3. Find an item in the upper list called Client for Microsoft Networks (name may vary, but it's called Microsoft Client or some variation. If it's not there, skip to Step 5.)
4. Click it to highlight it and click Remove.
5. Click the first item with a green icon next to it. For a picture of what this looks like, click here. Click Properties.
6. From this menu, select Bindings.
7. Uncheck everything except anything that has TCP/IP in its name and click Ok. There might not be anything in this box.
8. Repeat this for the remaining green-iconed items on the list.
9. Select one of the TCP/IP Adapters like you did when you set up DNSKong and click Properties. To view an image of what this looks like, click here.
10. Click the NetBIOS tab. If it is checked, uncheck the box called I want to enable NetBIOS over TCP/IP.
11. If present, highlight anything called NetBEUI or IPX or SPX and click Remove. Click Apply or Ok to get out of the Network menus.
12. Download and run DSO Stop and HTA Stop. You can download and run this utility to disable Windows Scripting Host, although this may interfere with using macros in Microsoft Word.
13. Download and run GRC's Unplug 'n' Pray and Shoot the Messenger. If you use Windows XP, also run the XPdite patch.
14. Next, start Windows Explorer and go into your \Windows\System folder. THIS APPLIES ONLY TO WINDOWS 95, 98, or ME/CE! SKIP TO STEP 7 (SECTION G) IF YOU ARE USING WINDOWS NT, 2000, OR XP!
15. Find a file called RPCSS.EXE and rename it or move it to another folder elsewhere on your disk.
16. You are done with this section.
G. Step 7 - Get Software to Stop Malicious Programs.
1. Download and all of the following. Make sure to Bookmark this page or add it to your Favorites as these links will take you off this site:
a. SpyBot.
b. Ad-Aware.
c. Spywareblaster.
2. Run each one to install it and afterwards start the program and let it do it's respective thing. Remember, you can continue doing other items on this list while they are actually downloading or while they are checking for spyware.
3. Purchase either McAfee's or Norton/Symantec's respective Anti-Virus products. Don't do this now but do it the next time you are at Best Buy or a computer store. If you don't want to buy them skip to the next step.
4. Download Kaspersky's. You get a free 30-day trial. This is more important than Norton's or McAfee's, though you should ideally have one of those AND Kaspersky's. If you buy it, I recommend buying it offline.
5. You are done with this section.
H. Step 8 - Extra Information and Things to Watch Out For.
1. Start up Windows Media Player. If is usually on your desktop or in your Programs menu.
2. Click Options and click the various tabs along the top. You are looking for an option called "Allow websites to uniquely identify my player." If you find it, uncheck it. Skip to Step 12.
3. If you did not find it, either upgrade to at least version 6.4 or try this:
a. Download ID-Blaster and run to install it. Then download this configuration file and save it wherever you installed ID-Blaster. Make sure to save it with the name DEFAULT.INI and allow it to overwrite the file than came with the program. Make sure that the box underneath the name, usually called something like "Files of Type" is set to All Files. Remember to always do this when downloading.
4. Run it from your Programs menu by clicking Start/Programs and look for ID-Blaster Plus. Then double click its icon (a black thing with a red circle over it located at the bottom right.
5. Uncheck the item in the big box called Windows or NT ID. That is, only WMP7 + WMP8 and Windows Media Player ID should be checked. DO NOT check any box referring to Windows ID or NT or 2000 ID.. Click Save.
6. Select Options from the menu bar across the top then General Options. Enable all three items in this menu. Click Ok then click File then Exit.
7. Restart your computer and check to see if everything works ok. Remember, if you have not already done so, to delete that line from your \AUTOEXEC.BAT file from the section on cookies.
8. Finally, we're in the home stretch. If you installed DNSKong, continue. Otherwise, you are done with everything. Celebrate!
9. Download my Kerio List Type 3 and import it like you did in the first section.
10. If you feel confident enough to follow these instructions, continue. Otherwise, you are done with everything and can take a break.
11. Email your Internet Service Provider and ask them for the IP addresses of your DNS servers.
12. Go into Kerio's Rule list by right-clicking it's icon, and selecting Administration, then Advanced. This menu should look like this photo. Note: DO NOT use the square arrows on the right to navigate up and down: that will foul up the order of items in the list!
13. Make sure the rule called Permit DNSKong to 127.0.0.1 is enabled (not grayed out) Check it if necessary to enable it.
14. If not already enabled, click to enable the rule called Block All DNS. Disable a rule if it's there called Permit DNS.
15. Look up on the list for rules called Permit DNS to DNS Server x. By default, these are set up to work with AOL.
16. Select the first one and click Edit. It will look like this photo.
17. In the box called Host Address, enter the first IP address supplied by your ISP and click Ok.
18. Click the box next to the rule to enable it and repeat this for any other IP addresses your ISP has given you. There are 6 rules available so you can input up to six IP addresses although you probably won't use them all. It will look like something like the photo mentioned in step 16 when you're done, though the addresses under "Remote" may be different. Any unused "DNS to DNS Server" rules should remain disabled and grayed out.
19. Click Apply then Ok.
20. Should you have problems connecting to the net, undo these changes. You can also disable the rule called Block All, located near the bottom of the list.
21. You are done. Completely.
PLEASE GO BACK OVER THIS LIST TO MAKE SURE YOU'VE FOLLOWED EVERY STEP!
Also, keep in mind there is a Frequently-Asked Questions and Troubleshooting Guide if you have questions or concerns.
Click here to go back to the 8-Steps index page.
Click here to go on to Step 1.
In case you get lost, this page is located at http://www.oocities.org/yosponge/checklist.html