Hello,

First time poster, short time lurker. Ive been reading the discussions of people here and elsewhere, Gizmo especially.

Lord have mercy, Im trying to learn.

I have 2 computers, one is older desktop that needs a light resource touch. Another is a lappy, that is fairly up to snuff, both running Windows XP Home SP3.

Ive been trying to learn all the different terminology and types of protection. But its a bit overwhelming. I also have a User2 that is much more less tech savvy than I using the computers, (not calling myself a computer genius). They primarily use the Older Desktop with 2 GHz Celeron 2gb RAM, and I am testintg and trying out things ont the Fast Lappy, and will probably have 2 different setups at the end of the testing and learning (and teaching User2).

So far I have this...

Everything is latest release.

Desktop

XP Home SP3
Admin Rights

Linksys Hub Hardware Firewall

Windows Firewall On

Avira 10 Free
WinPatrol Free - which makes User2 jumpy and agitated.
KeyScrambler Free
Hostman with MVPS Hosts list

On Demand:

SuperAntiSpyware
CCleaner

Macrium Reflect - Just learning to use this.

IE8 which is basically not used, except for extremely stupid sites.

Firefox 3.6 (AdBlock Plus, BetterPrivacy, Certificate Patrol, CS Lite, FlashBlock, Ghostery, KeyScrambler, TACO, WorldIP, LinkExtend) Trying out NoScript but it seems a bit busy and labor intensive, I might be able to live with it but User2 will definitely not. Will be teaching User2 some of this stuff.

Opera 10 used as frequently as Firefox.

Chrome which I havent messed with much yet, but will be getting use.



Lappy

XP Home SP3
Admin Rights

Linksys Hub Hardware Firewall

Windows Firewall On

Fresh install of OS on new HD.
Avast 5 Free
WinPatrol Free

On Demand:

SuperAntiSpyware
A Squared Free
Malware Bytes Anti Malware
Hitman Pro
Secunia PSI
CCleaner


Macrium Reflect

Ditto Browsers

Thinking about Partitioning and dual booting Ubuntu, as well.


Need help, going forward.

Suites: Kaspersky, Comodo, Online Armor
AntiVirus: Kapersky, Vipre, Microsoft Security Essentials, AVG, Avast, Avira
Sandboxes: Geswall, SandboxIE, Returnil, Shadow Defender
Firewalls: PrivateFirewall, PCTools, Online Armor, Outpost, Comodo, DriveSentry
HIPS & Behavior Blockers: Defense Wall, Spyware Terminator, Theatfire, Mabutu, Immunet, Malware Defender, WinPatrol, ProcesGuard, AppGuard, AppRanger, PrevRX
Spyware Scanners & Removers: Spyware Blaster, Malware Bytes, SuperAntiSpyware, Hitman Pro, A Squared
Roll Back: Time Machine, Rollback RX
Backup and Drive Imagers: Macrium Reflect
System Hardening & Rights Management: LUC, SRP, DEP, Drop My Rights
Password Managers: Lastpass, Roboform, Weave
HostsFiles: Hostman with MVPS & HPHosts, Open DNS
Reports: HiJack This


Yikes! Lord Help Me! Information Overload!

Familar with AVG Free and Spybot S&D, have used those for a long time. Decided to get serious about security. Any help or suggestions appreciated.

What should I focus on...

Proxy servers? Backup? Virtualization Sandboxing?

Trying to keep the Desktop super light. Lappy skies the limit, but lots of popups may be too much.

Thinking about switching Avast to the Older Desktop and Avira to the newer Lappy.

Microsoft Outlook used on the Older Computer and Avast has email scanning.

Hi EscapeVelocity!!!

And you Shall Go to The Ball!!!

Really,you have set up your two machines pretty danged well.


"Yikes! Lord Help Me! Information Overload!"

Yeah,really!!
Patience Grasshopper!!

You are secure. 100%? I don't thank it exists.
But you are OK,fine really.
If you are bitten by the security bug,you will work it all out in time.
Jump in here,ask.
You are in the right place!!

Just as an example of the many different,equally viable lines of advice,you may recieve,I would tend to reverse the Anti virus switch,and put Avira on the WEAKER system,and Avast! on the STRONGER.

That based on the purely personal observation that Avira runs a little lighter.

All respect,
Rat

Thanks for the welcome ratwing. And the advice on Avira/Avast.

I tound this thread on Wilders Security Forum especially informative for a newbish person.

Is running a million security programs necessary? (http://www.wilderssecurity.com/showthread.php?t=268975)

Might be worth a sticky.

EscapeVelocity:

Yes sir,that is a pretty nice thread.
Hang around,if you find the time!!

ratwing.

Thanks. I have a bunch of questions. Lets start here...

What does turning off DNS with regards to the Hostsfiles do?

Why would I want to turn that off, since OpenDNS is touted? Is OpenDNS a proxy server? I think Id like to set up a proxy server set up. Also I have a static IP, will Tor or OpenDNS or something like that give me a dynamic IP? Is a static IP something to worry about, if so why?

What Hosts files do you recommend? Ive seen Malware Domains and BISS mentioned. Should I add those? Or is loading up the file to an unmanagable size undesireable as it slows down the system? Im dont really do P2P filesharing.

Im guessing that VM software isnt the way I want to go, especially on the weaker machine.

Could I run Sandboxie, Returnil, DefenseWall, Comodo Sandbox, Geswall, semi virtualization on the weaker machine? I might run something like that on the Stronger Lappy.

-{ Quote: "Thanks. I have a bunch of questions. Lets start here...

What does turning off DNS with regards to the Hostsfiles do?

Why would I want to turn that off, since OpenDNS is touted? Is OpenDNS a proxy server? I think Id like to set up a proxy server set up. Also I have a static IP, will Tor or OpenDNS or something like that give me a dynamic IP? Is a static IP something to worry about, if so why?

What Hosts files do you recommend? Ive seen Malware Domains and BISS mentioned. Should I add those? Or is loading up the file to an unmanagable size undesireable as it slows down the system? Im dont really do P2P filesharing." }-


The theory is that disabling DNS will mitigate any drag caused by a large host file.
At one time I used such a Host file,and dropped it it for the protection offered by SpyWareBlaster,although I seldom used IE.(SpyWareBlaster is geared to IE)
I still have DNS service disabled,more to save resource then anything else,and see no problem at all.

MVPS host file is the one I used,if you want to look into it.
I really do not see the need.

TOR and I did not get along.
Wiser heads may comment.

What does the DNS service in XP do? I did read that a large Hosts file with DNS on could drag the system, that is why I have the smallish MVPS file only on the Slower DeskTop, I loaded HPHosts along with MVPS on the Faster Lappy. Its much larger.

I tested my Firewall at ShieldsUp, and all ports were hidden. I did get a Ping back though. I have a static IP. Should I be concerned?

-{ Quote: "Im guessing that VM software isnt the way I want to go, especially on the weaker machine.

Could I run Sandboxie, Returnil, DefenseWall, Comodo Sandbox, Geswall, semi virtualization on the weaker machine? I might run something like that on the Stronger Lappy." }-


My policy of a tightly configured Sandboxie+Returnil (but I will probably go back to ShadowDefender), disabling all unneeded services in XP sp3,and selected on demand scanners,is based as much on a need to conserve resource,as anything else.

So you will be fine taking that tack with a weak machine.
As far as I am concerned,that is the BEST direction.


(VMs require you to carry both the overhead of the host,and the guest system.
my VirtualBox running XP Sp3 works,on my 1 gig RAM system,but I have a lot disabled in services.)

rat

-{ Quote: "What does the DNS service in XP do? I did read that a large Hosts file with DNS on could drag the system, that is why I have the smallish MVPS file only on the Slower DeskTop, I loaded HPHosts along with MVPS on the Faster Lappy. Its much larger.
" }-

I have always stayed with stock standard host file. Never saw the need for the specialized ones. ;)

Well, the Celeron Desktop is kindof slow already if I open too many programs, but I have plenty of RAM. In fact I have 2gb on the Slower Desktop and only 1gb on the Faster Lappy(which I may be upgrading but not concerned about it).

The thing about the Slower Desktop is that I need to keep it as simple as possible...without a lot of pop ups and extra steps, or complicated understandings for User2.

I can run fancier HIPS and Behavior Blockers and anything on the Faster Lappy, or at least try them out and play with them.

I may have to disable WinPatrol on the Slower DeskTop. That light classical HIPS may be too much for User2.

-{ Quote: "I have always stayed with stock standard host file. Never saw the need for the specialized ones. ;)" }-

Yeah, well, I dont do P2P file sharing so I dont really need specialized for those. Although I thought about messing with Miro.

Lets concentrate on the Slower Desktop, and a Lightish (but not necessarily ultralight) collection, with minimal User prompts.

Both Avira and Avast are relatively fast scanners, which is good. Avast runs faster than Avira, but that could just be the difference in the machines. Avast also updates faster....and scans incoming emails with the Outlook running on there. I think it might be better on the Slower DeskTop.

SuperAntiSpyware is running on startup. Any advantage to that with that particular program or is it just an On Demand scanner? Should I look into something else like MBAM or Spybot or Spyware Terminator, that adds some extra HIPS or something. Id like to keep Winpatrol on the Slower DeskTop, and might run something a bit more muscular on the Fast Lappy, though.

Having trouble with Web of Trust operating in Google Searches properly. Removed and Added LinkExtend....seems to work better.

I dont think I really need Tor. OpenDNS seems like I dont really need that either. But I could use some Proxy Servers, occassionally. I see FoxyProxy is a popular FireFox Plugin.

Well dumbarse finally found out what OpenDNS, and what DNS means. Ha! Ha!

That is one down. I think I will check out OpenDNS.

One step at a time. Till tommorrow. Thanks and later.

Loaded ThreatFire running concurrently with WinPatrol. Sensitvity level set to 4 out of 5, one level higher than the default 3. Will see how it does and check out how it operates? Got to start somewhere.

-{ Quote: "Lets concentrate on the Slower Desktop, and a Lightish (but not necessarily ultralight) collection, with minimal User prompts.
" }-

You should consider not running as admin for both of your systems. That alone will increase your security significantly and make most of these security applications redundant. If you want to enhance this, add a software restriction policy. Here's a pretty good explanation (http://www.mechbgon.com/srp/) of LUA and SRP and what it can do for you. Using SuRun (there's a thread on this in the forum) makes a limited account on XP a lot more comfortable.

OpenDNS is an alternative to using your ISP's nameservers or whatever nameservers you are using. There are a lot of publicly available nameservers to use, so you may want to consider using one that gives you the best performance. You can test nameservers with this little app (http://www.grc.com/dns/benchmark.htm) from grc.com. Using this I found out that my ISP nameservers were the fastest of the ones I tested.

Thanks Johnny for the advice and info. Ill give SuRun a look. I heard that running as admin on XP Home edition is more painful than on XP Pro, which allows you to do more via prompts to the limited account.

Furthermore, Im not sure if that is a viable plan for User2, though, whose surfing is tamer than mine generally. Im also considering DropMyRights as a solution, but Ill have to check out how it operates, like SuRun. Lots of testing and trying out things, to do.

Be careful with how high you set threat fire because it can do some damage if you set it up incorrectly or answer an alert wrong.

App's like Defensewall can be used on a slower machine. I have ran Defensewall + Threatfire + Winpatrol Free + Counterspy 4 + PC Tools Firewall Plus 6 at one time on a machine with 128 MB memory.

I have used Microsoft Security Essentials o my faster machine but it still slowed down boot time but I could not notice it once boot was finished. The latest 2.XX version of Defenswall won't work with Microsoft Security Essentials but v3 should be able to

-{ Quote: " I heard that running as admin on XP Home edition is more painful than on XP Pro, which allows you to do more via prompts to the limited account. " }-

If I'm guessing correctly, you are suggesting that LUA works differently on XP Home vs. Pro. Not at all, and it's not "painful" if you use SuRun. Now there is a major difference when it comes to the software restriction policy, because XP Home is missing the group policies editor. However, forum member Sully has developed an app called PrettyGoodSecurity which will enable SRP on Home versions. Forum member Kees has posted good info on using it.

-{ Quote: "Furthermore, Im not sure if that is a viable plan for User2, though, whose surfing is tamer than mine generally." }-

If User2 isn't installing/uninstalling a lot of software and mucking around with the system in general, then User2 might not even notice that the account is limited.

SuRun makes using a LUA very convenient. Here's a good tutorial (http://www.dedoimedo.com/computers/surun.html) on using it and an explanation on why you shouldn't run as admin.

Thanks again. Ill read the tutorial, and look into the Programs you mentioned.

Im having trouble adding filters to the AdBlock Plus program. Im trying to add Malware Domains.

Question: If I run Hosts files in Hostman, is Adblock Plus redundant? Is AdBlock Plus basically a Hosts file?

I think Im running into trouble because many of these programs overlap in functionality.

Ive noticed that Trojan Hunter seems to be more popular than A-Squared on the What security are you running thread. What is the reason?

Baby steps can sometimes teach you to walk with more confidence than sprinting :blink:

Lets examine some aspects here. First, DNS is a caching service essentially. If you have it turned on, you will cache ip addresses locally. Theory goes something like if you visit msn.com a lot, when you type it in, your local cache can return the actual ip address much faster than your ISPs dns server will. You gain, what, 150 milliseconds? Is it worth it? It can be. But, it will also cache dns values that return as non-resolvable. The cache flushes these out periodically. There used to be some tweaks I had somewhere that would change this time. Problem arises when you visit abc.com, and it is offline. You need to access it, so you try again every minute or two. But, the local cache is still telling you it is not online. Not until after the cache is cleared of negative values does it go back to the ISP dns to do the lookup. I have experienced this a few times, but normally it is not a worry.

Hosts files, I used to play with them. I feel like a large one (the useful kinds) put a lag on the experience. I have not tried them in some years, so maybe newer machines don't experience this. I do use a few hosts entries, but they are custom ones. I think OpenDNS would be a better solution personally, as it seems to be kept updated.

If you have a static ip, you need not worry. If you have a router, it is all good. If you don't have a router, then you are a potential target with assigned ip or static. All static does is give you a static address that hackers can return to over and over to try and exploit. A router pretty much solves any worries there might be. I have had a static ip for a very long time now.

When you speak of proxy servers (and you may know this) it is just a server that is the go-between for you. Many of them are designed for anonymity. Theory is you type in cbs.com, your computer goes to proxy, proxy goes to cbs.com, then returns web pages to you. If cbs.com was looking to see who visited, they would see the proxy did, but not you specifically. In the case of OpenDNS, it is your go-between for DNS. I don't think it is what you would typically refer to as a proxy server.

Concerning virtualization/sandboxing, you will probably have to try them to see both which runs best on your hardware, and maybe more importantly which you prefer to manage. Geswall is nice, but IMHO a bit more to understand/configure than Sandboxie is (for example). Once you get them dialed in though, it is pretty much set and forget from there on out.

Concerning ShieldsUp, there has been a great debate on whether that means anything for years. Essentially, with a router, you should not have any ports open really. If you have no router, then it becomes a bit more of an issue. If you are wondering about what I just said, it works something like this. Suppose you have Remote Desktop enabled right now (it is a service). Your computer would be holding a port, or a window to the outside world via the network, open. Your computer will answer to another computer who asks "hey, is window #3939 open" by saying "yes, port 3939 is open". Then the other computer will say "can I come in via that window?". Your computer should respond "no, you don't have permission". An exploit then can be made, where the other computer says "but I have pie!". Since this is an exploit, your computer will say "you have pie? I like pie! come on in".

ShieldsUp tries to test your ports, your openings to the outside world. It does not just see if they are open. It tries to tell you if they are closed as well. And if they are open, they try to see if the will reply to other computers. "hello, anyone at port 80?". "Yes, I am here, but you may not come in". They say you want to be stealthed, like "hello, anyone at port 80?". No reply. You do have port 80 open, but your firewall is saying "hee hee, you keep on knocking, but I am ignoring you".

Now your router in this case, he is saying "look bub, I told you before, the boss didn't ask for you to come knocking on his door today, so you ain't gonna do no knocking.. now beat it". In a router then you make exceptions. You tell the router it is OK for anyone to knock on a specific port.

Now, when you speak of AntiVirus, how much weight do you put on scan times versus what they term "real time"? I rarely ever scanned my drives. I would use an AV that was fast at watching anything being written, in real time. It made more sense to me that if my AV was good and fast (light) at watching what was new, why would I need to keep scanning old items that have already been scanned. I think being vigilant about what you add to your system is a better approach than what is already there (presuming it checks out ok).

The advice to run in LUA, as a User only, is very good advice. I dont' use it, but I do advocate it. Programs like SuRun can make it much more convenient to be a User instead of Admin. But you need to realize that just because you are User, does not mean much if you will allow everything Admin rights anyway with SuRun or similar.

LUA and SRP, it can be very effective. It can also be very restrictive. If you have your set programs you use and everything repeats over and over, it is great. However, if you are always in a state of change, it can be a lot of work to always be making exceptions. Of course the same goes with a firewall or HIPS too.

That is all I got for now. Hopefully I explained it in a way that you understand. No disrespect if you know some of that already.

Sul.

Thanks for the detailed explanations. I had researched some of the stuff and already figured some of it out, but it is really good to hear someone explain it, and you did explain about the local DNS cache, that I did not understand. Thanks for the explaination of the Shields Up, Router Hardware Firewalls, and such.

Is the Host File and the DNS filtering that something like OpenDNS does essentially the same, or are they different? They are different in how they work arent they, but you end up with similar results.

Hostsman has a button to clear the DNS cache, which I have done, but I didnt disable DNS at the startup and I dont see a button for that operation on the Hostsman program. But I will look into disabling the local DNS cache.

-{ Quote: "Now, when you speak of AntiVirus, how much weight do you put on scan times versus what they term "real time"? I rarely ever scanned my drives. I would use an AV that was fast at watching anything being written, in real time. It made more sense to me that if my AV was good and fast (light) at watching what was new, why would I need to keep scanning old items that have already been scanned. I think being vigilant about what you add to your system is a better approach than what is already there (presuming it checks out ok)." }-

That makes a lot of sense. Any recommendations on that? I can use on demand scanners to check behind the system I set up, until I feel secure. How often should I scan my system with Avast and Avira scheduling? Should I use the Quick Scan or the Deep Scan or the Complete System Scan?

-{ Quote: "The advice to run in LUA, as a User only, is very good advice. I dont' use it, but I do advocate it. Programs like SuRun can make it much more convenient to be a User instead of Admin. But you need to realize that just because you are User, does not mean much if you will allow everything Admin rights anyway with SuRun or similar.

LUA and SRP, it can be very effective. It can also be very restrictive. If you have your set programs you use and everything repeats over and over, it is great. However, if you are always in a state of change, it can be a lot of work to always be making exceptions. Of course the same goes with a firewall or HIPS too." }-

Im gonna play around with LUA and SRP, SuRun, and DropMyRights on the Fast Lappy. Check it out, see how it works. However, Im not leaning this direction....though I appreciat Johns informative links and suggestions(and yours). I havent had major problems in the past flying pretty ignorant and just using AVG Free and Spybot S&D. I will have backups in case of disaster. And I will be tightening things up a bit. Trying to learn what programs do what, since most are not in clear cut categories anymore.

ThreatFire seems to be agreeable. Set to level 4, one above default level 3, out of 5. Ran with Winpatrol. Was quieter than Winpatrol, but did have 2 pop ups that Winpatrol didnt pop up on, one was Opera connecting to the internet, which as set and remember and the other was Uninstall.exe of the program Launchy.

I will try Mamutu next, then Immunet.


Tried to run Acronis True Image Trial, but it failed to one click partition and backup. Then crashed the system. So I uninstalled and have settled on Macrium Reflect, which I have used on the Slower Desktop already. (On a side note: Didnt care for the Vista/7 look of Acronis True Image 10.) Wouldnt mind trying an earlier version of Acronis True Image, but Macrium Reflect worked good...and I might purchase it, if it gives me differential backup.

Hi EscapeVelocity.

I'm not even close to being in the same league as Sully and others here, but would like to share my thoughts with you. I have an XP Home desktop with half the CPU speed and a quarter of the RAM as you, so keeping things light is vital for me. I also have two teenagers in the house and their idea of safe surfing probably only extends as far as not hitting their heads on the monitor. :argh: As far as real world security is concerned I don't think there can be a better test than letting teenagers loose on the internet!

I have only ever let them run as Limited Users, and with the help of Sully's Pretty Good Security, have recently set up a Software Restriction Policy as well. I feel this secures me from the overwhelming majority of nasties out there, but as an additional security layer I use the paid version of Prevx 3 (including the free version of SafeOnline). It is very light to run and almost completely unobtrusive. Apart from the occasional on-demand scan with Hitman Pro, I run no other real-time security software, but I am behind a basic NAT router. In case the unthinkable does ever happen I also have disk images to fall back on.

It is fun and even educational to tinker around with security software (indeed any software), and I would never suggest anyone stops doing that; if that's why they are doing it. But especially if you have a slower PC, real security can be had for very few CPU cycles if you are willing to learn the concepts involved - and lurking on Wilders is a great place to start!!

Thanks, Zorak!

I guess I should give LUA and SRP a second hard look. I haveing worked on that aspect and checked out the programs yet. That seems to be a recurring point, so I better not dismiss it lightly.

I tried that Hitman Pro, and really liked it! Ill probably keep that in the toolbox as on demand scanner, as I cant afford that high of yearly subscription fee.

I need to check out Prevx, Returnil, and Shadow Defender which are programs I am less familar with the names, but they seem to be well regarded around here.

Im trying to be methodical and learn as I go, and poke around and search for terms and stuff that come up that I dont know. Eventually Ill get it down pretty good. Ive already got a good gist of it. Need to poke around the available well regarded programs and see what fits me and User2.

Keep the tips and answers coming and Ill keep the updates rolling.

EV

Here I am working on a list....been editing it down and refining what goes where (which is kindof hard because of multi-fuctionality of many of the programs). This is in the OP, and Ive been revising that one too, moving it to page 2. Some programs have already been removed from the list.

-{ Quote: "Blue items are currently loaded. Brown have previously been loaded but now removed, but havent been discarded from final cut. Bold are keepers.

Suites: Kaspersky, Comodo, Online Armor
AntiVirus: Kaspersky, Vipre, Microsoft Security Essentials, AVG, Avast, Avira
Virtualization & Sandboxes: Geswall, SandboxIE, Returnil, Shadow Defender, VirtualBox
Firewalls: PrivateFirewall, PCTools, Online Armor, Outpost, Comodo, DriveSentry
HIPS & Behavior Blockers: DefenseWall, Spyware Terminator, Theatfire, Mamutu, Immunet, Malware Defender, WinPatrol, ProcessGuard, AppGuard, AppRanger, PrevRX
Spyware Scanners & Removers: Spyware Blaster, Malware Bytes, SuperAntiSpyware, Hitman Pro, Spybot S&D, A Squared, Malware Defender
Roll Back: Time Machine, Rollback
Backup and Drive Imagers: Macrium Reflect
System Hardening & Rights Management: LUC, SRP, DEP, Drop My Rights, SuRun, Pretty Good Security
Password Managers: Lastpass, Roboform, Weave
Hosts Files: Hostsman with MVPS & HPHosts, OpenDNS
Reports: HiJack This
Information: Process Explorer
Tools: AutoRuns

" }-


I realize that I will probably have too many keepers and need to wittle down some more, but this format serves my purposes.

Added AVG Linkscanner to the Slow Desktop. I had this with the AVG Free that I was using on it before. I didnt know it was a standalone product as well.

Anybody know exactly how it works?

Dr. Web CureIt! ditched. I couldnt get it to load into the Program Files directory with a Start Menu icon. Does this provide cures, and not just scans? Is there a way to put it into the Program Files folder and listed in the Start Menu Program Files menu? If the answer to these 2 questions is yes, then Ill probably bring it back and keep it as a backup scanner/remover.

Im really liking Mamutu, havent heard a peep out of it. Just checked its goings on and process monitoring.

Anybody use this?

I like it better than Threatfire which I am assuming is somewhat similar, though I didnt dislike Threatfire.

Edit: Just installed ProcessGuard. Both Mamutu and Winpatrol gave dual warnings for Start Up and Services Reg. Mamutu was a bit faster, but not by much.

Read at Wilders Security Virtualization thread...

-{ Quote: "In the end, all the strategies seem similar with:
- Imaging: for the disaster scenario.
- Light virtualization/shadow softwares: regular cleaning (at reboot).
- On-demand scanning ("weak"), integrity checking/forensic analysis: is my strategy really working?
- Real-time AV/AM ("weak"), anti-exec, behav. blocker, HIPS, sandbox, LUA: daily battle with untrusted objects.
- Safe surfing/computing: brain-based content filtering (what should/shouldn't I run/accept/open/launch)
- Router: isolate your private LAN from the Internet.
Optional:
- Virustotal/Jotti/Threat Expert/Norman Sandbox: expert analysis of new objects (requires good discipline)
- Network access control (i.e personal firewall): only allow the necessary network comms and deny the rest (requires some network knowledge)
- Hardening: limiting/closing the entry points of malware and/or a failsafe measure to other security layers (excessive/incorrect hardening may cause that some functions/processes stop working properly)" }-

-{ Quote: "Wouldnt mind trying an earlier version of Acronis True Image, but Macrium Reflect worked good...and I might purchase it, if it gives me differential backup." }-

The free version of Paragon Backup and Recovery features differential backup.

Thanks, I read that somewhere too. Im not averse to paying for something that works for me though. I like Macrium. Ill give Paragon a look, but its download size is huge.

Checking out some older programs from the massive What is your security setup these days? thread.

Look n Stop
Safe n Secure

Appdefender/Regdefender

BOClean
UnHackMe

Samurai
Seconfig
Computer Security Tool
XP AntiSpy
Security & Privacy Complete

System Safety Monitor

SnapShot

IceSword
Blacklight

JV16 PowerTools

SnoopFree

Regrun

TCPView

FirelogXP

Windows Worms Doors Cleaners

-{ Quote: "Checking out some older programs from the massive What is your security setup these days? thread.
" }-

Maybe also look at Probably the Best Free Security List in the World (http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm).

i like samurai hips:)

Thanks Brian, for the tip. I have perused that list before. Gizmo's is a nice site.

Thanks for the heads up jmonge.

Im going to try out Samarai, now. Do you have any tips or recommendations for its settings/

Faronics Anti Executable
Dynamic Security Agent

Faronics DeepFreeze

Here is a discussion on System Hardening...with comment from Sully highlighted.

Harden XP system - how and with what (http://www.wilderssecurity.com/showthread.php?t=252569)

-{ Quote: "It may be that you don't desire much configuration or interaction with your security. Again, LUA would probably be best. If you are knowledgable, wish to learn, or just plain want to know everything that is happening, some sort of HIPS would be your approach. You can definately lock your system down if you so desire. It all depends on what you think your threats come from and how much energy you wish to devote to the process.

Security itself is only an abstract as you can never achieve absolute. You must decide what you are willing to pay for it. Some pay much in clicking many options from thier HIPS and are happy. Others pay little by using imaging. Some pay partially by using LUA with SRP and/or SuRun. It really does take digging a little into the differing philosophies and thier ramifications to decide which scheme will best suite you.

For myself, imaging alone would probably be enough. It is easy enough to do. But I feel I am knowledgable enough to know when I am compromised without relying on too many other tools. But I have paid the price of years of learning. Not everyone wants to go that route. Although around here, I daresay many are happy to pay the price of learning HIPS and Firewalls because it lets them eventually not have to use as much because of the knowledge gained." }-

Here is a description of some of the Hardening Programs...from Malware.org

Freeware, Open source and Commercial Windows Hardening Tools download (http://www.malwarehelp.org/windows_hardening_tools_download.html)

Here is a list of some Hardening Progs from Gizmo...

-{ Quote: "
SafeXP
XPantispy
xpy
Security & Privacy Complete
Seconfig XP
" }-

System Safety Monitor too much for me, passing on that one.

Also Samurai, passing on that one, though it was alright. I would like to use one of the other hardeners, without the hooks and very limited HIPS that Samurai has.

Windows Worms Doors Cleaners aka WWDC also a pass, some of the other hardeners do the same thing, but you cant see open doors on them. So WWDC has that feature. Maybe something else will have that feature. Ill keep it in mind just to look for open doors, it runs as an exe, and doesnt load onto your system so.

Still looking at these hardeners....

SafeXP
XPantispy
xpy
Security & Privacy Complete
Seconfig XP

Im trying out Malware Defender now. Decided to quit piddling around with the old stuff, but now I find that Malware Defender is no longer supported!

Searched Comments Roundup

-{ Quote: "ProcessGuard has been eclipsed by more recent SSM, ProSecurity (Realtime Defender), releases, et al.
Yet there are many here who still find it adequate for their HIPs requirements.
A search here for Process Guard in the title will yield hundreds of results.
MHO: If you are security aware / a safe surfer, your WinPatrol may be
adequate." }-

-{ Quote: "There is a new version of ProcessGuard (3.500). And it will pass every termination methods used by Advanced Process Termination v4.2 , but you have to enable "Secure Message Handling" (available only in Paid version) to pass killing methods "WM_Close", "WM_QUIT" and "WM_SYSCOMMAND". I don't use PG on my main machine but think it's one the simpliest HIPS available though I prefer something like SSM, EQSecure or ProSecurity" }-

-{ Quote: "Processguard is an evergreen, it doesn't require any signature updates.
I use Anti-Executable + DefenseWall, because I'm too stupid for ProcessGuard, SSM, EQS, ..." }-

-{ Quote: "I had used it for a couple of years but am now using AppDefend. ProcessGuard was still working though, but decided to go over to Ghost Security. Besides ProcessGuard you may want to consider something to protect your Registry." }-

-{ Quote: "That's exactly the reason I stop using ProcessGuard. I did not want having another application to protect my registry. I first used SSM and now quite happy with EQSecure." }-

-{ Quote: "Used it before and it worked well,but IMO Online Armor's program guard as part of the firewall is just as good,plus you get a great firewall." }-

CyberHawk
FD-ISR

I found this thread really informative...

Are answering prompts in hips really that obvious? (http://www.wilderssecurity.com/showthread.php?t=197717&highlight=ssm+processguard)

Suites: Kaspersky, Comodo
AntiVirus: Kaspersky, Vipre, Microsoft Security Essentials, AVG, Avast, Avira
Virtualization/Sandboxes/RollBack: Geswall, SandboxIE, Returnil, Shadow Defender, VirtualBox, Time Machine, Rollback
Firewalls: PrivateFirewall, PCTools, Online Armor, Outpost, Comodo, DriveSentry, Look n Stop, Safe n Secure
HIPS/Behavior Blockers/Anti Executables: DefenseWall, Spyware Terminator, Theatfire, Mamutu, Immunet, Malware Defender, WinPatrol, ProcessGuard, PrevX, Anti Executable, System Safety Monitor, Malware Defender, AppGuard, AppDefend/RegDefend, AppRanger
Spyware Scanners & Removers: Spyware Blaster, Malware Bytes, SuperAntiSpyware, HitMan Pro, A Squared,
Backup and Drive Imagers: Macrium Reflect, First Defense ISR
Rights Management: LUC, SRP, DEP, Drop My Rights, SuRun, Pretty Good Security
System Hardening: SafeXP, XPantispy, xpy, Security & Privacy Complete, Seconfig XP, The Computer Security Tool
Password Managers: Lastpass, Roboform, Weave
Hosts Files & IP Blockers: Hostsman with MVPS & HPHosts, OpenDNS, Proxomitron, PearGuardian2, BlueTack
Reports: HiJack This
Information: Process Explorer, System Explorer, Autoruns, ProcessExplorer, ProcessHacker, What'sRunning, EndTaskPro, A2 HijackFree

BOClean
UnHackMe
IceSword
SnoopFree
SnapShot
Regrun
JV16 PowerTools
CyberHawk
Winsonar

Kees1958 said...

-{ Quote: "Guys it is much easier:

XP Home
+ Surun (http://kay-bruns.de/wp/software/surun/) gives XP elevation pop-ups equivalent to Win7 usability or Vista UAC with Norton's UAC tool

+ PGS (ask Sully, this page does not load anymore http://mrwoojoo.com/PGS/PGS_index.htm) gives XP Home the SRP functionality of XP Pro plus more

+ XP FSE (http://www.fajo.de/portal/index.php?...w&id=6&Itemid=) gives XP Home the Security tab of XP Pro

+ RunAs (http://www.microsoft.com/resources/d....mspx?mfr=true or Psexec http://technet.microsoft.com/nl-nl/s...53(en-us).aspx) to run an webbrowser (e.g. Iron for speed and safety) as a Special LUA user who is not allowed to change the user space registry entries, because the right to change them is removed. Do the same for your data directories, so Iron is only allowed to write to its specified download directory (on which you have a deny execute policy implemented with PGS). With this you create a double policy management containment around a browser (Iron's own, plus your extra constrained LUA run as).


And the best of all: the free build in HIPS does not slow down your PC:
- run Admin in a convienant way (with Surun)
- run all internet facing software as limited user (with PGS) and apply default deny execute in C:\Documents and Settings
- run Iron 2x sandboxed: allready having its own sandbox plus run as a LUA user and take away write rights (XP FSE) to all directories except the Download directory specified in Iron and some autostart entries in HKEY_CURRENT_USER (see http://www.wilderssecurity.com/showp...52&postcount=5 for a list ).

Add a fast free nononse AV (like Avast/Avira) and you are well protected on XP Home " }-

Regards Kees

For the record, the PGS page loads here just fine. Other than that, I can completely agree with the post. As a little experiment, I did something similar on XP computers in a small office setup without telling anyone. LUA/SRP/SuRun. They use XP Pro, so no need for PGS, configured via the MS management console. Haven't had a single phone call about that from those folks, it's been two weeks for far. Which proves: They didn't need to run as admin at all in that environment, and it's perfectly usable setup.

-{ Quote: "For the record, the PGS page loads here just fine. Other than that, I can completely agree with the post. As a little experiment, I did something similar on XP computers in a small office setup without telling anyone. LUA/SRP/SuRun. They use XP Pro, so no need for PGS, configured via the MS management console. Haven't had a single phone call about that from those folks, it's been two weeks for far. Which proves: They didn't need to run as admin at all in that environment, and it's perfectly usable setup." }-

:thumb:

XP does not even has the protection mechanisme of Vista/Windows7 where lower rights objects are NOT allowed to manipulate higher right sobjects.

To overcome this (partly) I use Trusteer Rapport Free (protects IE8, FF, Chrome, not Chromium), which protects the browser process itself (so making sure source is protected).

Chrome (use Chrome Privacy Protector and set local state file to read only) with Site Advisor Free for chrome, using Google as search engine (also has some bad URL filtering capacity) and OpenDNS through the router/fw provides enough clous to stay out of risky places

Regards Kees

Tips for setting up Threatfire....some are specific to the integrated system with the other softwares though...

A light best of freeware breed HIPS do it yourself setup (http://www.wilderssecurity.com/showthread.php?t=234443&highlight=kees1958+threatfire)

Konata said..
-{ Quote: "
PrevX CSI 3.0= Cloud Malware Database detection. (Also guarantees 100% malware removal on its paid users)

Mamutu = full HIPS with community database which helps by giving you percentage data on how people answer prompts.

Threatfire = Behavior blocker with community database for contributing for its malware defs. and automated response on alerts.

PrevX Safeonline free for facebook users. = Protects browser from keyloggers,isolate browser from other processes,screen grabbing and more it also contains cloud based malware (detection only) because of the built-in evaluation version of PrevX CSI" }-

AntiVirus: Kaspersky, Microsoft Security Essentials, AVG, Avast, Avira, Hitman Pro

Firewalls: Online Armor, Outpost, Zone Alarm Pro, DefenseWall, PrivateFirewall (Dynamic Security Agent), Safe'n'Sec, DriveSentry

HIPS/Behavior Blockers/Anti Executables: PC Tools Theatfire(CyberHawk), A-Squared Mamutu, WinPatrol, System Safety Monitor, Malware Defender, AppRanger, Winsonar, ProcessGuard, Faronics Anti Executable, Trust-no-exe

Spyware Scanners & Removers: Malware Bytes, SuperAntiSpyware, A Squared, Windows Defender, SpyWare Blaster, SpyWare Terminator, Spyware Doctor, Spy Sweeper

Trojan Specialist: EmsiSoft A-Squared (Broad Malware Coverage), TrojanHunter

Rootkit Specialist: F Secure Blacklight, Sophos Anti-Rootkit

Anti Keylogger Specialist: Zemana, SpyShelter, KeyScrambler

Financial Specialist: PrevX SafeOnline (Big 3 + Opera), Trusteer Rapport(Big 3 + Safari), Trust Defender, Safe Central (Identity Theft)

Virtualization/Sandboxes/RollBack: Geswall, SandboxIE, Returnil, Shadow Defender, VirtualBox, Time Machine, Wondershare Time Freeze, First Defense ISR, BufferZone

Backup and Drive Imagers: Macrium Reflect

Rights Management: LUA, SRP, DEP, Drop My Rights, SuRun, Pretty Good Security

System Hardening: SafeXP, XPantispy, xpy, Security & Privacy Complete, Seconfig XP, The Computer Security Tool

Password Managers: Lastpass, Roboform, Weave, Neo SafeKeys

Hosts Files, Web Filters, & IP Blockers: Hostsman with MVPS & HPHosts (OS Hosts File), OpenDNS (DNS Filtering), Proxomitron or Privoxy or BFilter(Web Proxy Servers - Advanced User), PearGuardian2 or PeerBlock, BlueTack, AdMuncher(dll)

Reports: HiJack This

Information: Process Explorer, System Explorer, Autoruns, ProcessExplorer, ProcessHacker, What'sRunning, EndTaskPro, A2 HijackFree, SIW, TinyWatcher

Encryption: KeyScrambler, TrueCrypt

Wifi: Hotspot Shield

Anti Spam: Cloudmark

Software Updates: SuMo, Secunia

Erase: Eraser, BleachBit

SpyWare Blaster seems to be geared especially towards Internet Explorer (but also Firefox).

-{ Quote: "SpyWare Blaster seems to be geared especially towards Internet Explorer (but also Firefox)." }-

If things are the same, which I believe they're, it only blocks cookies for FF, so no use.

Yeah, from what I was reading its especially tuned to the ActiveX stuff.

Found on the web...

Johnny2Bad said...

-{ Quote: "MBAM is a decent tool. It is quick as long as you have dumped all the temp files on the system. It is not necessarily very good at handling some variants of the Vundo virus however, nor is it particularly useful when some rootkits are present that will identify MBAM in memory and kill the process. For cleanups of these completely retarded and unoriginal rogue a/v programs that seem to be freakin EVERYWHERE it works mostly fine. SAS is an excellent tool that is exceptional against vundo but again a little weak on some of the rootkits, unless it is ran on UBCD4WIN where it can’t hide itself. It tends to take about 40-50% longer to scan than MBAM which is the biggest downside to it. If I am on the road with someone breathing over my shoulder I am more inclined to use MBAM but is does not necessarily mean I prefer it, it is just quicker for most jobs. I did try the standalone SAS just today and was very pleased with it. I am going to run a time trial on one of my honeypots and see how it does vs MBAM. The thing that must be remembered is over time the mice (i.e. the malicious software) will always be a step ahead of the mousetraps (i.e. your mbam SAS spybot S&D etc.) I am sure there will be another tool that will come out sooner rather than later that could possibly even make us forget about either one. I think in general it is foolish to become emotionally attached to any particular software program. Frankly I am shocked to see anyone even use spybot or adaware anymore because both have become mostly useless againt the new generation of malware. I will always install Threatfire over SS&D’s teatimer anyday. It uses less memory and is awesome for zero day threats.

Combofix is an excellent utility however it is not perfect. More often than not I find the log file combofix creates much more useful than the “cleanup” the program does. Combofix also was bricking xp machines back around Christmas and so blindly trusting that software is not particularly wise. sUBs who created and maintains combofix has made a very nice tool, and he should be commended for his hard work on releasing something so useful and free to the public. However he is human and if you wax your machine because of a little bit of buggy code on the latest update maybe it is time for you to actually learn to clean a virus manually. There are multiple warnings that Combofix is not guaranteed and should not be run unless you are elite or told to do so by a malware forum moderator. That is not to say that you shouldn’t use it but if something goes wrong you will almost certainly need UBCD4Win to save your ass.
Hijack this is an excellent tool and it is ALWAYS the first thing I run on a machine I suspect is infected. Often you can disable a good chunk of the malicious software with Hijackthis before you even attempt to run a scan. Some of these lamer rogues will pop up and say “HijackThis.exe is infected and cannot run” All you have to do is rename the file to iexplore.exe (for hopefully an obvious reason) and boom your in business.

Educating clients….lmfao Stupid is as stupid does. It is a noble idea but difficult to implement. Too many people that still think computers are like magic. Setting up a good protection package is the best thing you can do. There is no one correct answer as far what is the best, and nothing is 100% effective. Generally it depends on the customer, their surfing habits, their technical expertise(or lack therefore of), how easily annoyed by warnings/possible false detects they are etc. etc. Comodo, and threatfire are two of my personal free favorites for proactive defense(But not both on the same machine!) Couple that with whatever A/V you want none of them are really worth a damn anymore IMHO anyway." }-

Ad Muncher
Bleach Bit
GMER
RootRepeal
Sophos Blacklight
CloudMark (Spam Filter for Outlook)
The Cleaner (Trojan)
Bit Defender (AV)

I know Im annoying. I have been using the search function.

Im very throrough.

I help people everyday with their TV Reception problems, all of which has been discussed before in depth. That is just the way it is, some things will never change.

I wonder what an elegant scheme looks like. I guess I am working on a Fort Knox scheme. Hack-n-whack, must be virtualization, sandboxing, image/snapshot restore.

Sully said...

-{ Quote: "Those here who have a desire to learn and play, are much safer than the casual user. They can create elegant schemes, hack-n-whack schemes, Fort Knox schemes, ultra light schemes, and it does not matter per se, because of the level of knowledge that needs to be present. Seeing an attachement with an executable inside, heck, even knowing what an executable is, will prevent so many problems from arising.

All the testing that goes on here, is fun, and can teach you a lot, but is IMHO basically useless for the masses. We can all agree that this is secure or that is secure, but if we put most of our methods onto a casual users computer, they will still get infected.

It all boils down to knowledge. Computers are not complex to me, but they are to many I know. Figuring out my taxes is an exercise in frustration to me, but not to a few that I know.

I think perhaps the best to do anymore is just teach them some imaging, some safe hex regarding online transactions, and how to do a proper backup of critical data, and call it good. I don't see any real way to 'cure' thier bad habits and lack of desire to understand." }-

Firewalls: Online Armor (HIPS can be turned off), Outpost (HIPS can be turned off), Zone Alarm Pro, DefenseWall, PrivateFirewall (Dynamic Security Agent), DriveSentry, Safe'n'Sec

HIPS/Behavior Blockers/Anti Executables: PC Tools Theatfire(CyberHawk), A-Squared Mamutu, WinPatrol, Malware Defender, AppRanger, Faronics Anti Executable

AntiVirus: Kaspersky, Microsoft Security Essentials, AVG, Avast, Avira, Hitman Pro, Panda Cloud (All Broad Spectrum)

Spyware Scanners & Removers: Malware Bytes, SuperAntiSpyware, A Squared, Windows Defender, SpyWare Blaster, SpyWare Terminator, Spyware Doctor, Spy Sweeper

Trojan Specialist: EmsiSoft A-Squared (Broad Malware/Virus Coverage), TrojanHunter

Rootkit Specialist: F Secure Blacklight, Sophos Anti-Rootkit

Anti Keylogger Specialist: Zemana, SpyShelter, KeyScrambler

Financial Specialist: PrevX SafeOnline (Big 3 + Opera), Trusteer Rapport(Big 3 + Safari), Trust Defender, Safe Central (Identity Theft)

Virtualization/Sandboxes/RollBack: Geswall, SandboxIE, Returnil, Shadow Defender, VirtualBox, Time Machine, Wondershare Time Freeze, First Defense ISR, BufferZone

Backup and Drive Imagers: Macrium Reflect

Rights Management: LUA, SRP, Drop My Rights, SuRun, Pretty Good Security

System Hardening: SafeXP, XPantispy, xpy, Security & Privacy Complete, Seconfig XP, The Computer Security Tool

Password Managers: Lastpass, Roboform, Weave, Neo SafeKeys

Hosts Files, Web Filters, & IP Blockers: Hostsman with MVPS & HPHosts (OS Hosts File), OpenDNS (DNS Filtering), Proxomitron or Privoxy or BFilter(Web Proxy Servers - Advanced User), PearGuardian2 or PeerBlock with BlueTack, AdMuncher(dll)

Reports: HiJack This

Information: Process Explorer, System Explorer, Autoruns, ProcessExplorer, ProcessHacker, What'sRunning, EndTaskPro, A2 HijackFree, SIW, TinyWatcher

Encryption: KeyScrambler, TrueCrypt

Wifi: Hotspot Shield

Anti Spam: Cloudmark

Software Updates: SuMo, Secunia

Erase: Eraser, BleachBit, CCleaner

Oldies But Goldies: Winsonar, ProcessGuard, System Safety Monitor, Trust-no-exe, Proxomitron, Sunbelt Kiero Personal Firewall

Don't forget FileHippo Update Checker for software updates - that's what I and many others use. :)

I tried that, and its lightning fast. However SuMo is more thorough, though you dont have automated downloads, and Secunia is security minded. They are just for on demand use.

My list is being whittled down as I test software and learn more and more from reading here and studying.

Tried Panda Cloud, nice light and fast, beautiful GUI. However I prefer HitMan Pro for similar functionality and better performance.

GMER, Icesword, and RootRepeal are all too advanced for me, but seem like great tools for getting under the hood. F Secure Blacklight and Sophos Anti-Rootkit are more my speed.

UnHackMe/RegRun Reanimator are a bit busy and confusing, they didnt suit me.

VirusTotal Uploader wasnt my cup of tea either, I like the Avast Web Shield instead. Though I see the merit in VirusTotal.

Look n Stop firewall seems very nice and I like that it is a dedicated firewall without a HIPS or other busy-ness. Look n Stop seemed a bit too complicated for less knowlegable people, but probably great in the hands of an advanced user who can craft rules.

I tried Sunbelt Kiero Personal Firewall as well, and liked it too....and it seemed a bit easier for a less advanced user. But I didnt like the ad on ad filters and stuff, that seemed superfluous to the main firewall purpose. However Im keeping it on the list for now. Also dont like that it is no longer currently supported. I remember this was Tiny Personal Firewall back in the day.

-{ Quote: "Tried Panda Cloud, nice light and fast, beautiful GUI. However I prefer HitMan Pro for similar functionality and better performance.

GMER, Icesword, and RootRepeal are all too advanced for me, but seem like great tools for getting under the hood. F Secure Blacklight and Sophos Anti-Rootkit are more my speed.

UnHackMe/RegRun Reanimator are a bit busy and confusing, they didnt suit me.

VirusTotal Uploader wasnt my cup of tea either, I like the Avast Web Shield instead. Though I see the merit in VirusTotal.

Look n Stop firewall seems very nice and I like that it is a dedicated firewall without a HIPS or other busy-ness. Look n Stop seemed a bit too complicated for less knowlegable people, but probably great in the hands of an advanced user who can craft rules.

I tried Sunbelt Kiero Personal Firewall as well, and liked it too....and it seemed a bit easier for a less advanced user. But I didnt like the ad on ad filters and stuff, that seemed superfluous to the main firewall purpose. However Im keeping it on the list for now. Also dont like that it is no longer currently supported. I remember this was Tiny Personal Firewall back in the day." }-You can't compare Panda Cloud Antivirus and Hitman Pro, and you can't compare VirusTotal Uploader and avast! Web Shield.

Thanks. You are probably right. Just doing my best here. I am just an average joe, and I tried the programs out, and am using the ones that I like and feel comfortable to me. Learning lots as I go along. VirusTotal Uploader may be something for me to consider in the future.

Trying Outpost 7, and really digging it.

Gizmo's Freeware said...

-{ Quote: "Some products rely of lists of known safe applications (all) or safe vendors (Comodo, Privatefirewall) or valid digital signatures (PC Tools), some products can optionally give safe or trusted status to all your current files (Comodo, Online Armor), some have training or installation modes (all but PC Tools), and some have lesser configurations to reduce monitoring (esp. Outpost).

These techniques reduce popup alerts and user intervention to varying degrees, but they also reduce protection to some extent. " }-

Second Look at VirusTotal Uploader. Im liking it much better, after overcoming my ignorance in using it.

Not overly excited about Winsonar. Bit dated, I dont know how much that matters in programs like that. I did like looking at the open ports though. I wonder if some other programs allow that, like some of the firewalls.

Beanie on the web said...

-{ Quote: "Classical HIPS (eg Defense+, Malware Defender) - more secure than BB, but suited more to the advanced user. Some, like D+, incorporate a whitelist to help identify safe programs, therefore reducing alerts, which can be very intimidating otherwise.

Behaviour Blocker (eg ThreatFire, Mamutu) - not as secure as Classical HIPS, but does a good job, and is more suitable to the novice user.

But there is more than one type of HIPS...

Policy Restriction HIPS (eg DefenseWall, GesWall) - as secure as Classical HIPS, yet (most of the time) as easy to use as a BB." }-

Firewalls: Online Armor (HIPS can be turned off), Outpost (HIPS can be turned off), Zone Alarm Pro, Ghostwall

Classical HIPS: WinPatrol

Policy Restriction HIPS: Defensewall(Firewall), Geswall

Behavior Blockers: Emsisoft A-Squared Mamutu, PC Tools Theatfire(CyberHawk)

AntiVirus: Kaspersky, Avast, Avira, AVG, Microsoft Security Essentials, HitMan Pro, Panda Cloud, ClamAV-Immunet, VirusTotal Uploader

Malware Scanners & Removers: EmsiSoft A-Squared (Trojan Specialist + Ikarus AntiVirus), Malware Bytes, SuperAntiSpyware, Windows Defender, SpyWare Blaster (IE & ActiveX focussed), SpyWare Terminator( & HIPS with Shields), Spyware Doctor, Spy Sweeper

Anti Keylogger Specialist: Zemana, SpyShelter, KeyScrambler

Financial Specialist: PrevX SafeOnline(Big 3 + Opera), Trusteer Rapport(Big 3 + Safari), Trust Defender, Safe Central (Identity Theft)

Virtualization/Sandboxes/RollBack: VirtualBox, SandboxIE, BufferZone, Shadow Defender, Returnil, Comodo Time Machine, Wondershare Time Freeze, First Defense ISR, Faronics DeepFreeze

Backup and Drive Imagers: Macrium Reflect

System Hardening: SafeXP, XPantispy, xpy, Security & Privacy Complete, Seconfig XP, The Computer Security Tool

Password Managers: Lastpass, Roboform, Weave, Neo SafeKeys

Hosts Files, Web Filters, & IP Blockers: PearGuardian2 or PeerBlock with BlueTack(IP Blockers), Hostsman with MVPS & HPHosts (OS Hosts File), AdMuncher(dll), OpenDNS (DNS Filtering), Proxomitron or Privoxy or BFilter(Web Proxy Servers - Advanced User)

Reports: HiJack This

Information: Process Explorer, System Explorer, Autoruns, ProcessExplorer, ProcessHacker, What'sRunning, EndTaskPro, A2 HijackFree, SIW, TinyWatcher

Encryption: KeyScrambler, TrueCrypt

WiFi: Hotspot Shield

Anti Spam: Cloudmark, MailWasher

Software Updates: SuMo, Secunia

Erase: Eraser, BleachBit, CCleaner

Oldies But Goldies: Winsonar, ProcessGuard, System Safety Monitor, Trust-no-exe, Proxomitron, PeerGuardian2, Sunbelt Kiero Personal Firewall, Samurai, Dynamic Security Agent, ProSecurity(Real Time Defender), Malware Defender, EQSecure, WWDG

Honorable Mention: Comodo Firewall, PC Tools Firewall, Safe'n'Sec, DriveSentry, PrivateFireWall(Dynamic Security Agent)

Not Gonna Use

Anti Executables: AppRanger, Faronics Anti Executable, PE Guard

Rights Management: LUA, SuRun, SRP, Pretty Good Security, Drop My Rights

Ive been trialing the firewalls of late. I like the Online Armor Premium, Outpost 7, ZoneAlarm Pro, and DefenseWall better than the PrivateFireWall, Look'n'Stop, Sunbelt Keiro. Havent tried Comodo or PC Tools. Though any of them would be fine, its great to have so many top notch programs to choose from, many of them free or low cost.

Good easy to understand article.

-{ Quote: "The Importance of the Limited User, Revisited - Washington Post
(http://voices.washingtonpost.com/securityfix/2006/05/the_importance_of_the_limited.html)
For people using XP Home or older versions of the operating system, however, there is no simple way to modify the permissions of a program on this type of one-off basis. My advice for users of those operating systems is to either consider using the DropMyRights program to lower the system privileges of key applications like the Web browser and media players, and/or to search out alternative programs that do not demand administrative rights to function properly." }-

Thinking of going with DefenseWall and/or Threatfire/Mamutu on the older desktop and a comprehensive Firewall/Hips like Online Armor, ZoneAlarm Pro, Outpost on the Lappy.

Need to check out the Financial Specialists, Anti Keylogger Specialists, and Sandbox/Virtualization/Rollback programs. Plus Password Managers and perhaps System Hardening.

Not pursuing LUA/Surun/PGS, and DropMyRights.

Still toying with Proxomitron/Privoxy/BFilter/Popilio.

Older Desktop - 2GHz Celeron 2gb RAM - Unsophisticated User, Online Banking, Low Risk Surfer

Westell Router Firewall

Updated XP Home SP3 - Admin Rights

Avira Premium - Resident AV/AM with Web Guard & Email Scanner
DefenseWall Personal Firewall - System Wide Software Policy Restriction HIPS - Whitelisting plus Outbound Protection
ThreatFire or Mamutu - System Wide Behavior Blocker HIPS
PrevX SafeOnline - Browser Centric Financial Specialist

Filters - Stay Away from known bad sites

PeerBlock with selected BlueTack lists
HostsMan with MVPS/hpHosts/Malware Domains
OpenDNS with Filters
Admuncher

Firefox 3.6 with AdBlock Plus (EasyList & EasyPrivacy)
Opera 10.53
Chrome
IE8

On Demand

Macrium Reflect - Backup Image just in case, fallback position.

2nd Opinion Scanners & Removers

MBAM
SAS
EmsiSoft A-Squared
Hitman Pro
Panda Cloud

Really liked these posts...

-{ Quote: "Install WOT (http://www.mywot.com/) and make the default browser google chrome for example. Some possible options below.

Option A
Install prevx (paid) - support is A+, and if a rogue gets through, prevx can add the files to the database, and on subsequent scan, files will be removed.

Could also install prevx alongside Avast or Panda Cloud for example.

Option B
Install Avast or Panda Cloud
Install Hitman Pro to run at startup (Paid) - easy to remove files, effective against new threats and as a backup scanner.

Option C
Install Panda Cloud and ThreatFire. Panda Cloud is quite light, ThreatFire works well alongside it, and TF will prevent any major changes to the system. Both free. You'd have to set threatfire to 'level 5', show the user the type of alert TF gives (when opening a browser), so the user knows what to expect, then set it back to default.

Option D
Install ThreatFire
Install Hitman Pro to run at startup (paid). Light setup, minimal user interaction, and solid against all types of threats.

If user has history of a lot of problems, could also add Panda Cloud. So Option C and D become the same.

None of the above will affect browser updates, browser extensions, windows updates, and so on." }-

-{ Quote: "You have to balance user convenience and actual user behaviour. Problem with adding sandboxie, or returnil for example, users will complain they can't update their browser. User will complain document was lost.

In Option A, prevx has behaviour analysis, and cloud analysis, so it's my first option.

Option B has Hitman Pro as a secondary scanner, cloud scanning, doesn't stop problem installing if it gets past an AV, but at least cleans it up upon reboot. Sometimes there's nothing you can do to stop a user from installing a program, I mean, they can ignore alerts right? So best to have an effective cleanup program.

Option C and D, ThreatFire might let something minor go through, but something which will cause the system to not bootup for example, it will quarantine. And Panda Cloud automatically quarantines threats, same with TF at times, avoiding user interaction. Once again, Hitman Pro is there as a backup.

Could also be another option. ThreatFire and Prevx. Cloud scanning, and ThreatFire to stop anything from USB or external drives etc. Regarding internet connection, rare that internet connections are lost. Most rogues slow a system down, rather than cut off the connection. They want to connect out. Want a user to install subsequent downloads, pay for the rogue etc.

You have to think like a 'noob'. We here go overboard on applications and forget how 'simple' your average user is. They don't care for 99 per cent of the stuff we talk about. Keep in mind, my first option is to install WOT and Chrome for all options. Kees here has demonstrated, and it is documented how effective Chrome is as a browser. And the WOT extension, I've tried it with many threats, and it blocks most. Awesome application, along with Chrome (and google's own malware alerts on malicious sites), a user will be fine. :)" }-

-{ Quote: "I agree, Returnil is a great option. But all depends on if you can educate all users who use the system. No use in educating the owner of the PC, if his/her kids jump on and don't know how to turn the program on/off.

What the user is asking, something which is outside the traditional AV model, and something which prevents rogues AND is easy to use, I would straight away say sandboxie. But what the user is asking for, that perfect balance, is difficult to find.

All depends on the user, I know some real dead-heads when it comes to computers, and they haven't got the brain power to recover files in sandboxie, or de-activate sandboxie to update their browser etc. So all depends.

What I've suggested is not abandoning the AV model, as it does work well for say 90 per cent of the time. Adding a few extras, like Chrome + WOT + Prevx + Hitman Pro and/or ThreatFire, and I should have mentioned MBAM pro, to cover that remaining gap.

" }-

What are your Firefox security extensions? (http://www.wilderssecurity.com/showthread.php?t=249429&highlight=TACO)

Firewalls: Online Armor(HIPS can be turned off), Outpost(HIPS can be turned off)

Classical HIPS: WinPatrol

Policy Restriction HIPS: Defensewall(Firewall), Geswall

Behavior Blockers: Emsisoft A-Squared Mamutu, PC Tools Theatfire(CyberHawk)

AntiVirus: Avast, Avira, HitMan Pro, Panda Cloud, AVG, Microsoft Security Essentials, VirusTotal Uploader

Malware Scanners & Removers: EmsiSoft A-Squared(Trojan Specialist + Ikarus AntiVirus), Malware Bytes, SuperAntiSpyware, Windows Defender, SpyWare Blaster (IE & ActiveX focussed), SpyWare Terminator( & HIPS with Shields), Spyware Doctor, Spy Sweeper

Anti Keylogger Specialist: Zemana, SpyShelter, KeyScrambler

Financial Specialist: PrevX SafeOnline(Big 3 + Opera), Trusteer Rapport(Big 3 + Safari)

Virtualization/Sandboxes/RollBack: VirtualBox, SandboxIE, BufferZone, Shadow Defender, Returnil, Comodo Time Machine, Wondershare Time Freeze, First Defense ISR, Faronics DeepFreeze

Backup and Drive Imagers: Macrium Reflect

System Hardening: SafeXP, XPantispy, xpy, Security & Privacy Complete, Seconfig XP, The Computer Security Tool

Password Managers: Lastpass, Roboform, Weave, Neo SafeKeys

Hosts Files, Web Filters, & IP Blockers: PearGuardian2 or PeerBlock with BlueTack(IP Blockers), Hostsman with MVPS & HPHosts(OS Hosts File), AdMuncher(dll), OpenDNS(DNS Filtering), Proxomitron or Privoxy or BFilter(Web Proxy Servers - Advanced User)

Reports: HiJack This

Information: Process Explorer, System Explorer, Autoruns, ProcessExplorer, ProcessHacker, What'sRunning, EndTaskPro, A2 HijackFree, SIW, TinyWatcher

Encryption: TrueCrypt

WiFi: Hotspot Shield

Anti Spam: Cloudmark, MailWasher

Software Updates: SuMo, Secunia

Erase: Eraser, BleachBit, CCleaner

Oldies But Goldies: Winsonar, ProcessGuard, System Safety Monitor, Trust-no-exe, Proxomitron, PeerGuardian2, Sunbelt Kiero Personal Firewall, Samurai, Dynamic Security Agent, ProSecurity(Real Time Defender), Malware Defender, EQSecure, WWDG

Honorable Mention: Comodo Firewall, PC Tools Firewall, Safe'n'Sec Suite, DriveSentry, PrivateFireWall(Dynamic Security Agent), Ghostwall, SafeCentral, ClamAV-Immunet

Not Gonna Use

Anti Executables: AppRanger, Faronics Anti Executable, PE Guard

Rights Management: LUA, SuRun, SRP, Pretty Good Security, Drop My Rights

Encountering instability with Outpost. Online Armor is the champion for Firewall on the Lappy. DefenseWall is also a champion being run on the Desktop....however I dont know if I want to use the new one with the Firewall or the classic DefenseWall HIPS. I really liked Outpost, but its stability issues were the deciding factor. Purchasing both DefenseWall (which one I dont know) and Online Armor Premium. Also ditching Winpatrol in favor of more sophisticated HIPS of Online Armor - DefenseWall/Mamutu. Plus Online Armor uses BlueTack IP Blocklists, so will be ditching Peerblock on the Lappy.

SafeCentral is an interesting product, a browser itself used for online banking....reverse Sandboxing. And interesting product, with lots of partners. Makes Honorable Mention.

Trusteer Rapport also good, but doesnt support Opera like PrevX SafeOnline....so PrevX wins. Ill probably go all in with a lisence for Removal with PrevX with SafeOnline.

Online Armor Premium offers Web and Mail Shields, so Ill probably move Avast Free to the Desktop and use Avira or Panda or Hitman Pro on the Lappy.

EDIT: Giving Outpost one more look!

Lappy

Westell Router FireWall

XP Home SP3 - Admin Rights

Online Armor Premium
Avira Free
PrevX SafeOnline
KeyScrambler Premium

Macrium Reflect

OpenDNS with Filters
AdMuncher



Desktop

Westell Router Firewall

XP Home SP3 - Admin Rights

DefenseWall Personal Firewall
Avast Free
PrevX SafeOnline
Mamutu

Macrium Reflect

OpenDNS with Filters
Hostsman with MVPS, hpHosts, Malware Domains
PeerBlock with BlueTack lists

Tiny Watcher
Sentinel

Hey, great thread. I've learned a lot from following along your process; I had already read a lot of bits you cover elsewhere on the forum, but this kinda brought it all together for me.

I noticed it's been a while since your last post and in your sig. you're using OA/Avast/PrevX. You find that a good combo? Do you have HIPS enabled in OA? Which version, Premium or Free? I'm thinking of going with OA myself. Once configured do you get a lot of Firewall/HIPS prompts?

Have you tried Emsisoft AM 5 yet? It rolls Mamutu in with Ikarus and their AM.

And overall what's your feeling on user savvyness with your choices? I'm looking for securing systems for non-tech users and don't want to spend a lot of time teaching them how to use all sorts of fancy steps because I know they will not (a) remember; or (b) want to bother. -- up/downgrade rights, run safer, virtualize, click here, save that, exclude, accept/deny, on and on. My goal is simplicity: in setup, in maintenance and support. I have to think "how will they continue to use the security products I choose for them, if I'm not around to help".

I've been thinking: OA Premium (their whitelisting should reduce prompts) and EAM5 (to cover AV/AM and behavior blocking). But now I've been thinking of looking at PrevX SafeOnline. I figure this combo should be configurable both for me (who likes control and to see/know what's going on) and for them (who don't care, they just want to surf safely).

I also appreciate your "found this" tips. I've been ignoring Chrome all this time, but from your quote from Saraceno I'll be looking more into it (and Kees' posts). I've done a lot of forum searching myself, but with the bewildering amount of information here (nevermind other forums or sites) a person can search all week long and still not find. ;D

TR