Hi

I'm going to reformat my girlfriend's laptop and I want to build a security setup from scratch.
Currently I've set her up with NOD32, BOClean, SAS on-demand, firefox with adblockplus and SpywareBlaster. NOD32 license is expiring soon.

She has managed to stay relatively clean. Just one or 2 infections in over a year (for a person who doesn't know anything about security, that's a good record).

So, what I'm looking for is:
-Strong protection (I don't wanna waste my time cleaning her computer)
-ZERO to VERY FEW popups
-I don't mind that much about resource usage (as long as it's not a resource hog), but lightest is better.
-Free if possible, but I'm OK with paid when there's no better option

Her computer habits are:
-checking mail
-downloading music and movies
-university work (MS office mainly)
-general internet browsing
-youtube
-facebook

She DOES NOT:
-browse porn
-online banking
-gambling sites
-download cracks, keygens, etc

She is not what I would consider a happy-clicker, but she does download things without checking them with a second opinion AV or virustotal. I have tought her not to click yes on every popup, and read first, but I don't know how well she learned this.

Sometimes other people use her laptop.

So I had considered something like this:
-free AV (had thought avira or avast)
-policy based sandbox for browser
-SAS
-OS hardening

Not sure yet:
-Sandboxie instead of policy sandbox (mainly for also sandboxing the media player, I found one of those fake mp3's on her computer last week)
-NoScript
-ThreatFire
-Returnil for system partition

Any suggestions are kindly appreciated

-Anti-Executable, paid but only once. Main advantages are that it just works, and it's easy to understand how it works and what's at stake.
-Antivir or Avast!
-Limited user account.

AntiVir/Avast <- Just choose
DefenseWall <- It's easiest to use

Firefox with Adblock Plus

That's it :D IMO NoScript is too hard for "novice". I have tested it with my wife with bad results.

Yes I've thought about AE. I'm tryaling myself and I'm liking it a lot. But I'm still not sure if it will be right for her.

As for LUA, could be...I've never used it, I know it's safer, but I'm not sure in the regards of usability. Maybe I'll try it out myself first.

Since emails are a big source of malware, tell her
1. to ignore/delete any email from an unknown source without even opening them, if possible.
2. never to open email-attachments, not even from friends.
3. always read emails in text mode, if she reads emails in HTML-mode, don't click anywhere, just read and look (the same counts for websites, which isn't always easy of course)
4. never reply to spam-emals, not even as a joke or any other emotional outburst.
5. Reading .doc's with MS Wordpad is alot safer than with MS Word, because it can execute macro's.

The other big source of malware is her BROWSER.

She uses web-based email (gmail, hotmail), no local email client.
She gets a lot of pdf and doc attachments at her university account (also web-based).
On her personal account she hardly gets attachments.

{QUOTE-> She uses web-based email (gmail, hotmail), no local email client.
She gets a lot of pdf and doc attachments at her university account (also web-based).
On her personal account she hardly gets attachments. <-QUOTE}

Sandboxie would be great. She can recover the doc's,pdf's etc and open them sandboxed to make sure they are okay.

Indeed. If a sandbox is considered, the choice is SBIE, DW or GW. Each has its distinct advantages and disadvantages.
Also, make her change to Firefox or Opera. Although you mention FF, you also mentioned Hotmail. I stopped using it because i could only access it with IE.

Hotmail opens fine in FF.
When I used Opera 1 year ago, Hotmail wouldn't open in it.

I personally use SBIE, because when I started changing my approach (putting my faith more on other solutions and less in an AV), I could better understand how SBIE works. I tried GesWall but didn't understand it well. Now I do, but I've becomed used to SBIE.

I was considering a policy sandbox for her, since everything downloaded under it's supervision would be untrusted. With sandboxie, there is a popup (recover downloaded file) that I would like to avoid.
Besides, I know her: if she recovers it, she won't bother to run it sandboxed, so the file can do harm.

I fully agree with a sandbox, browsers are the biggest source of malware and she can LOCK data folders automatically, while she is surfing on the internet, no reading, no writing, no stealing possible by anything or anybody on the internet.

I might have a rant about this.

I've set my girlfriend up (and other friends) with AVG. Anything is just too much apparently. Clicking on the sandboxie icon and using that solution is just too troublesome. vmware player just takes too long.

GF stays clean because she just emails and checks the regular round of sites. Mate browses too much porn and ends up with spyware.

IMO,I think Sandboxie and or Returnil Free would be great.I think If you showed her How to use returnil protection on, She can play with the software as much as she wants Providing the software does not require a reboot for installation.If she decides that she wants to keep something she can reboot protection returnil off and the run the program sanboxie for a while and when she ready to keep just recover it and Install.No decision making pop ups just one to keep or not.Sandboxie would be great choice with your teaching here How to recover and configure the settings with returnil just In Case somthing crawled out.

i would go with a simple approatch. just get f-secure.
it has strong antivirus and firewall along with a HIPS that doesnt ask annoying questions. or if the laptop will be behind a firewalled router and isnt used on public networks just buy the AV. along with SAS on demand and your set.
havent tryed programs like sandboxie myself they seem like to much fuss to setup.

{QUOTE->
-Sandboxie instead of policy sandbox (mainly for also sandboxing the media player, I found one of those fake mp3's on her computer last week)
-NoScript
-ThreatFire
-Returnil for system partition

Any suggestions are kindly appreciated <-QUOTE}

Way to heavy and to difficult.

Question
All the female pc users I know buy music for their telephone/Mp3 player via the web, Digital Rights will be thrown away with the sandbox. They also buy a lot on-line. When she is not visiting dodgy sites why put together a disk and application virtualisation solution (makes no sense). You are putting together a Geeks's solution.

Option 1
Avira Premium (recently rewarded for best price/performance in a Dutch IT-magazine), she will be supporting a the Auerbach foundation also with Avira (top class AV+AS, cheap with a good story for her friends) and TF

Option 2
ThreatFire with a policy sandbox (DefenseWall or GesWall). Downloaded MP3 are treated as untrusted files, so do not worry. DefenseWall works out of the box when buying music, for GeSWall you have to contact Brian to adjust a setting.
Why cripple down her browser, just sandbox it in a policy application.

Option 3
Iodore's suggestion or any other main market suite with few pop-ups

Set ThreatFire to quarantaine red and grey warnings, make set TF to create a restore point before quarantaining. DW's go banking/shopping is ideal for safe on-line shopping.

@lodore,actual I think public network Is safer then private network even for home use.Public Disables Network discovery,File and printer sharing and allows not to be Seen by others computers on the same network.I Have a Single pc on my Network and its to my understanding Its actual Safer to use public then private.

{QUOTE-> @lodore,actual I think public network Is safer then private network even for home use.Public Disables Network discovery,File and printer sharing and allows not to be Seen by others computers on the same network.I Have a Single pc on my Network and its to my understanding Its actual Safer to use public then private.[/QUOTE
Hey Djohn,
what i ment was if the laptop is used on public networks. this means used wireless hotspots where a better firewall than the windows one would be useful

Ah ok, my bad sorry misunderstood.and agree with you

I have not used sanboxie for a while now,do to some lag on the browser openning but If I remember correctly, Sanboxie does not through away unless It Is check to delete on Browser close. If not the sanboxies retains what is In side until you force deletion.Then you can recover it and pull it outside the box for the Install.

Thanks guys for all the answers.

So I'm begining to see the future setup:

-Separate data from system partition
-Firefox with AdBlockPlus and NoScript (set to allow scripts globally, just to protect from XSS)
-DefenseWall for browser and downloaded mp3's and data partition locked (will have to try DefenseWall for a few days, I've never used it)
-Avast with only standart and p2p shield

I think this would be a solid non-intrusive setup.

Some possible other scenarios I might think about:
-Avira instead of avast (I have never used avira, so I'll try it for a few days)
-Returnil for system partition (but I think this might be overkill since she is a safe surfer and doesn't play with malware);D

{QUOTE-> She gets a lot of pdf and doc attachments at her university account (also web-based). <-QUOTE}
This means that she will need an AV scanner (the expert assesment as Blue likes to name it) to check those files.

Just get her KIS 2009

{QUOTE-> This means that she will need an AV scanner (the expert assesment as Blue likes to name it) to check those files. <-QUOTE}
I agree with this. BUT is one AV scanner enough to keep your data files clean ?
Many users like to believe it is true, but is it really true ?
Scanning downloaded data files with VirusTotal/Jotti/... would be unpractical. It's a problem and remains a problem, especially when you download and/or receive alot of data files.

{QUOTE-> This means that she will need an AV scanner (the expert assesment as Blue likes to name it) to check those files. <-QUOTE}
Hurst has it covered he mentioned Avast.:thumb:

Erik, this is for a normal user, who doesn't read Wilders. So yes, an AV is useful.

{QUOTE-> Erik, this is for a normal user, who doesn't read Wilders. So yes, an AV is useful. <-QUOTE}
:thumb:

But because I do read Wilders, and I will end up doing the cleaning, is that I want to harden the setup with something else.

ATM I'm tryaling the Avira+DW setup on another computer, to see if it fits my needs.

Hello HURST,

Since you are trialing DefenseWall, the link below may be of interest to you.

http://www.wilderssecurity.com/showpost.php?p=1250098&postcount=2

Hope this helps.


Peace & Gratitude,

CogitoErgoSum

{QUOTE-> Erik, this is for a normal user, who doesn't read Wilders. So yes, an AV is useful. <-QUOTE}
I never said she doesn't need an AV, I doubt that one scanner will be enough.
Wouldn't be the first time, that another scanner finds new malware on a computer.

{QUOTE-> Hello HURST,

Since you are trialing DefenseWall, the link below may be of interest to you.

http://www.wilderssecurity.com/showpost.php?p=1250098&postcount=2

Hope this helps.


Peace & Gratitude,

CogitoErgoSum <-QUOTE}


Thanks for the link.

Just finished using the computer with DW for today. I love the simplicity of it. I think it's just what I was looking for. Will throw some malware to it to see how it behaves (I know DW will protect it, I just want to fully understand it's operation).

(Off Topic: I'm tempted to try DW on my main computer, but I love SBIE and the way I've configured it)

One little question to any Avira Free user...how often does the popup that offers me the premium version come up?

{QUOTE->
One little question to any Avira Free user...how often does the popup that offers me the premium version come up? <-QUOTE}

Every time it updates. At least on my rig. Might be able to block the executable but I haven't tried it to see if that breaks anything. The content does change though and can be sort of entertaining ;D

{QUOTE-> Thanks for the link.
1
Just finished using the computer with DW for today. I love the simplicity of it. I think it's just what I was looking for.
2
(Off Topic: I'm tempted to try DW on my main computer, but I love SBIE and the way I've configured it)
<-QUOTE}

For friends I always use one of the below.
TF free, AVira Premium paid (the free version sometimes has trouble some updates) or Avast (when they are short on money) and DefenseWall

When she downloads a lot you could also use Webshield (inbound check of documents). At slow PC's I let Avast start up its services after the system (but let it perform a rootkit scan). I also set the standard shield to check at writes only (slow PC's), inbound is covered with internet mail, webshield, P2P shield etc.

AD 1, good

Ad 2, keep using SBIE, you are a power user on this application

Regards Kees

Hello HURST,

You are very welcome.


Peace & Gratitude,

CogitoErgoSum

heh..i hate to be the pain but according to ur description of her computer usage the best/most secure deal for her would be the new version of ubuntu(linux) which was a great choice for my girlfriend as well..just install the basics she would need and ur gonna be glad u did..no more "honey there are some funny windows popping up in my computer"..and it is so light,ideal for laptop

I haven't thought about linux.
While I'm tryaling the Avast+DW (avira got fired ;D), I might put her to try a liveCD to see if she can handle it.

The problem is that the "honey there are some funny windows popping up in my computer" I can handle relatively well and fast in Windows; but the "honey my wifi/mouse/screen/etc isn't working properly" can take a HUGE amount of time.
(I know, newer versions have less and less such problems, but there's always that chance)

I like your original setup. The other suggestions require user intervention. Girl Friends & wives simply want things to work with no special handling. If you really want to be sure that there will be no problems you have to have a way to restore the system without much trouble. I would back up data with Replicator & back up the system with an imaging program & keep it updated. Returnil is a good suggestions but you will have to find a way to retain all your Girlfriends data when the system reboots. Running in a sandbox & checking with an online AV seems like a nice idea until you get the question " Now what do I do:" This is followed by " I just approve all those popups I just have to do what I need to do to get done ". I like Iodores suggestion of just getting a nice comprehensive suite that works unobtrusively. Remember if this system does not work you will have to keep fixing it until she likes it.

How about using geswall instead of defensewall?
I know with geswall I can't lock data folders (am I right?), but isn't it easier to use for a totally non-tech user?

DefenseWall hips is the most easy friendly user app around.i used GeSWall
before and it wasnt the easy for me and facebook,so thats when i tried DefenseWall and it is in our familly pc and it will stay.:thumb: :thumb: :thumb: :thumb: :thumb: :thumb: so my advice for my own experience is to keep DefenseWall.

note:thats my own experience and my own opinion,so do what you think is best for you and your girlfriend.

:-) told you so :thumb: good decision

GeSwall changes untrusted files to trusted when moved from one partition to another, for a security noob this is a big danger, so DW is better

ooops..never heard of such thing..so if i re-image the main hdd with a setup not consisted of dw the files in the other partitions will carry that extra privillage reduction token?can cause instabillity?is it like KL's id tags?or just dw remembers them?

{QUOTE-> ooops..never heard of such thing..so if i re-image the main hdd with a setup not consisted of dw the files in the other partitions will carry that extra privillage reduction token?can cause instabillity?is it like KL's id tags?or just dw remembers them? <-QUOTE}

No DefenseWall has the total untrusted file control (applied automatically), your misunderstanding this, it is GesWall (GW) who has this implementation of changing the status when you move from one partition to another. GeSWall wil change this problably in the next release (it is not a flaw of GW, it was designed that way)

According to my knowledge both DW and GW remember it.

{QUOTE-> I know with geswall I can't lock data folders (am I right?) <-QUOTE}
Confidential resources (http://www.gentlesecurity.com/docs/resources.html)
{QUOTE-> A resource is confidential and an isolated application can neither read nor modify it. By default, GeSWall defines all users' My Documents\Confidential folders as confidential. Therefore, you may either create that folder and copy your private documents there or define another file folder, which stores your confidential data. <-QUOTE}
:)