This question covers multiple security apps so I'm not really sure which forum would be the best. If the moderator feels it should be elsewhere, please move it where appropriate.

My question is, how good of a security setup would this be?

Firewall/HIPS/IDS: Blink Neighborhood Watch
Antivirus: AOL Active Virus Shield
Spyware protection: Spyware Terminator, SpywareBlaster & K9 Web Protection

Would there be any need or benefit for anything else? If so, what and why?

edit: This system would be behind a hardware router/firewall with SPI.

Looks fine to me. Surf safely and with common sense and you'll be fine.
Heck, lately i've been testing out some apps and purposely trying to get infected and i tell ya its a lot harder than i thought.

Ghost Security Suite would compliment nicely other hIPS to better alert for some potential malicious intrusions. My findings bear that out.

:thumb: :thumb: :thumb: Add CyberHawk for procesmodification and data injection protection, plus enable DEP for all programs in XP (you could also use SafeXP and Seconfig for some hardening). Everything else is covered nice setup.

Do you have HIPS enabled in SpywareTerminator? Is Blink satisfactory (I like the concept) and running fine?

Kees1958,

I haven't put this in place yet. I have been investigating the potential setup and wanted to get some feedback from others before moving forward.

Here is my thinking around the setup I want:

1. Free
2. Secure
3. Relatively user friendly for non-techie users, therefore it can't be overly "talkative" after initial training
4. Reliable
5. Resonable memory footprint
6. Resonable CPU usage
7. Not overly difficult to learn and use
8. Good GUI interfaces (well laid out and intuitive)

I know this setup will be "heavier" than the configuration it will replace but I believe it will be much more secure and therefore worth the extra weight.

My one area of concern right now is with Spyware Terminator. I very much like the idea of, and want, real time protection but after reading about the former spyware connection for the parent company (Crawler) I do have some reservations about this app.

Considering your criteria, I would agree with another poster that suggested CyberHawk.

http://www.novatix.com/Cyberhawk/Features/

You may also want to consider Snoopfree.

http://www.snoopfree.com/

Ok, I have set this system up based on my initial configuration with one exception, which was to leave off Spyware Terminator...at least for now. What I did was replace the following:

Arovax Shield
Avast Antivirus (free)
Kerio 2.1.5

with:

Blink Neighborhood Watch
AOL Active Virus Shield

Additionally, I was running WinPatrol, SpywareBlaster & K9 Web Protection before and continue to use those.

According to Task Manager I am using around 7-9 MB more RAM for these new programs. The best things I have noticed however is that I am seeing no system slowdowns, unless you want to count an approximate 2 to 3 second longer boot time. An even better thing is that I do feel like I am more secure now based on these initial responses:

Blink alerted me to some websites with this message (which may or may not be a bad thing):

Event ID: BLINK-BAM-5016
Severity: Medium
Description: Request contains a header with an invalid format
Action: Terminated

It also stopped my POP3 email checking program on some spam emails with this message:

Event ID: BLINK-BAM-16001
Severity: High
Description: Potential buffer overflow
Action: Terminated

In the above case it was because the "TO:" field was too long. The spammer had listed many, many email addresses.

One thing I was surprised about was that prior to installing the AOL Active Virus Shield I had installed the trial version of NOD32, performed a complete system scan and it found nothing. After that I removed NOD32, installed the AOL-AVS and again did a complete system scan and surprisingly it found this in my deleted mail folder.

Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Mail body: XXXXXXXXXXXXX\Local Folders\Deleted Items\[From:"PayPal" <service@paypal.com>][Subject:New email address added to your PayPal account][Time:2007/01/25 15:46:59]\text/plain\text/html/UNNAMED/Edit

I remember receiving this email and forwarding it to Paypal for review. They confirmed my suspicions and verified that it was bogus so I deleted it, but forgot to delete it from the "Deleted Items" folder.

So anyway, I said all that to say this, thus far I have a good feeling about this setup and am willing to sacrifice the additional memory for what certainly appears to be better security; especially in light of me feeling that with Avast I was secure (and recommending it to others) :(

I have included a screen capture from the Blink Event Log regarding the alerts. (the "Service started" line was a reboot)

edited for spelling...and to add that I am still looking at Cyberhawk and some other programs as possible add-ons. Thanks for the suggestions

Thanks,

Why change Antivir free for AOL. Antivir has got better heuristics than the liteware version of AOL. Detenction rates are more or less teh same.

It was Avast that I replaced, not Antivir. I did consider replacing Avast with Antivir but unless I'm mistaken, Antivir doesn't actively scan email.

Also, after the system scan by AOL-AVS found something that NOD32 missed I decided it was worth a try.

Stay with AVS, it will offer you excellent virus detection. :thumb:

-{ Quote: "Here is my thinking around the setup I want:

1. Free
2. Secure
3. Relatively user friendly for non-techie users, therefore it can't be overly "talkative" after initial training
4. Reliable
5. Resonable memory footprint
6. Resonable CPU usage
7. Not overly difficult to learn and use
8. Good GUI interfaces (well laid out and intuitive)

I know this setup will be "heavier" than the configuration it will replace but I believe it will be much more secure and therefore worth the extra weight.

My one area of concern right now is with Spyware Terminator. I very much like the idea of, and want, real time protection but after reading about the former spyware connection for the parent company (Crawler) I do have some reservations about this app." }-

Sounds like a linux distro is needed - ticks all those boxes and more :) No need for all those anti-spyware apps, setup iptables correctly, install a AV if you wish to protect any Windows systems you share files with. Add rkhunter, and you are good to go :)