Hi Guys,
It will be great if ya'll can suggest a complete setup that can be achieved without relying on signature based malware products.. please keep in mind about the not so savvy computer users who might get headaches if they were made to think to much by the apps. So please suggest some really good setup for those folks.(please provide some reasons why the setup you think can be useful against the unknown) Thanks,
Kernel

Returnil Virtual System 2010 = System Virtualization
Prevx SafeOnline = to keep you safe online even if your virtual system got infected.

I would say... (considering a regular environment on an admin acc)

ShadowDefender / Deep Freeze (you'd have to teach the user how to use it)
Immunet Protect (rely on the community)
Outpost Firewall Free (easy-to-setup, easy-to-use)

IMHO...

-{ Quote: "Hi Guys,
It will be great if ya'll can suggest a complete setup that can be achieved without relying on signature based malware products.. please keep in mind about the not so savvy computer users who might get headaches if they were made to think to much by the apps. So please suggest some really good setup for those folks.(please provide some reasons why the setup you think can be useful against the unknown) Thanks,
Kernel" }-

What you have now and DefenseWall. Link in my signature. The firewall will not conflict with other firewalls and its HIPS (sandbox) is excellent.

Returnil Home free with Anti Virus enabled (also x64)

DefenseWall Personal FireWall HIPS (paid, x32 only)

Why: when you are not that tech savvy prevent: "Houston we got a problem" posts

I would also recommend Mamutu (http://www.mamutu.com/en/software/mamutu/), which is a behavior based malware protection. It does not use a fingerprint to recognize dangerous software but rather on the basis of the behavior of the software. This allows Mamutu to recognize new Malware long before the signature databases have been updated.

-{ Quote: "Returnil Home free with Anti Virus enabled (also x64)

DefenseWall Personal FireWall HIPS (paid, x32 only)

Why: when you are not that tech savvy prevent: "Houston we got a problem" posts" }-
Agree with Kees, but if you really don't want software based-on signatures in your security setup - disable AV in Returnil, or use other suggested above ShadowDefender.

mamutu, threatfire, comodo`s defense+, defensewall, sandboxie etc. all of them can be used without the need of signatures.

System hardening setup using built in OS features, limited user account for internet browsing + software restiction policies (see my sig)

My preferances are:

Use a good antivirus (decide yourself after research and reviews) with behavior block + generic/heuristics protection and keep OS updated/patched.

For Windows XP: Use Software Restriction Policies (SRP) along with seperate Limited User Account (LUA) with disabled autorun. Also, harden your browser with add-ons (ABP, NoScript). Sandboxing is good idea too if you do not want to download anything during that session.

For Windows Vista: I cannot comment about it, as I have not used it.

For Windows 7: Do not disable UAC (default is good for most) as it will help you execute programs with low integrity (just like LUA). Use Software Restriction Policies (SRP) and harden your browser. SRP will not let you even run/merge a .reg file. With UAC + SRP enabled, only programs you allow can run/change/install. If you want to install something, just right click and Run as administrator. Nothing else can execute on your system.

-{ Quote: "My preferances are:

Use a good antivirus (decide yourself after research and reviews) with behavior block + generic/heuristics protection and keep OS updated/patched.

For Windows XP: Use Software Restriction Policies (SRP) along with seperate Limited User Account (LUA) with disabled autorun. Also, harden your browser with add-ons (ABP, NoScript). Sandboxing is good idea too if you do not want to download anything during that session.

For Windows Vista: I cannot comment about it, as I have not used it.

For Windows 7: Do not disable UAC (default is good for most) as it will help you execute programs with low integrity (just like LUA). Use Software Restriction Policies (SRP) and harden your browser. SRP will not let you even run/merge a .reg file. With UAC + SRP enabled, only programs you allow can run/change/install. If you want to install something, just right click and Run as administrator. Nothing else can execute on your system." }-

We have the same security preferences ;D
1) I would just make two modifications: Sandboxing is usefule even when you want to download (the desired download can be reovered from the snadbox)
2)If you haave windows 7 ultimate, use applocker.

Thanks.
1. I am suggesting settings for novice users. Advance users can add too much in above setup (adjusting services.msc, gpdit.msc, secpol.msc, removing un-needed default OS programs, strict password policies, and keeping records of events for diagnostic purpose).
2. I am running Windows 7 Ultimate x64. I have tested Applocker, but I like flexibility of SRP. Also my other security setup is very strong.

-{ Quote: "...suggest a complete setup that can be achieved without relying on signature based malware products" }-
Kernelwars, to help me understand, what is the basis of your requirement to avoid the use of signatures in the detection of malware?

- DefenseWall /Sandboxie

(+)

- Boot-to-Restore: Returnil /Deep Freeze /Shadow Defender.

OR

- Instant System Recovery: Rollback Rx /EAZ-FIX /AyRecovery.

-{ Quote: "Kernelwars, to help me understand, what is the basis of your requirement to avoid the use of signatures in the detection of malware?" }-
A good firewall to prevent any unwanted connections with application control, a easy to use HIPS with built in whitelist and also a cleaner that gets the work done better than ccleaner maybe?..:thumb:
Kernel

IMO DefenseWall would not be a good asset for basic users as it displays a lot of "learning" pop-ups. Again, IMO.

-{ Quote: "A good firewall to prevent any unwanted connections with application control" }-

Outpost Firewall Free

-{ Quote: "a easy to use HIPS with built in whitelist" }-

a classical/pure HIPS would still be hard to understand and configure (therefore causing malfunctions, system instability and unwanted behaviour) for a basic user. I would rather go with a pure BB like ThreatFire (new Beta version coming) or Emsi's Mamutu.

-{ Quote: "and also a cleaner that gets the work done better than ccleaner maybe?" }-

I personally use IObit's Advanced SystemCare Pro. (I know this may trigger some comment's about IObit's shady past).

-{ Quote: "IMO DefenseWall would not be a good asset for basic users as it displays a lot of "learning" pop-ups. Again, IMO." }-

Should change the IMO to IME (in my experience), because with all respect, DefenseWall hardly gives an pop-up

1. DefenseWall Firewall
2. SandboxIE
3. Returnil Multi-Snapshot (http://www.returnilvirtualsystem.com/returnil-labs) + Returnil Virtual System 2011 lite "Anti-Execute turned on"

For system clean-up I would suggest PerfectDisk PC Optimizer (http://perfectdisk.raxco.com/products/home-perfectspeed/learn-more).

-{ Quote: "IMO DefenseWall would not be a good asset for basic users as it displays a lot of "learning" pop-ups. Again, IMO." }- ::)

My dad knows nothing about computers and uses DefenseWall. He has never had a pop-up since he started using it.

-{ Quote: "IMO DefenseWall would not be a good asset for basic users as it displays a lot of "learning" pop-ups. Again, IMO." }-
DefenseWall installation already places all sensitive areas under protection.
Applications, like Browser, Media Player, Messengers etc. are considered Untrusted
and therefore, are protected accordingly.
The same happens with critical Windows Directories and Registry Hives.

Therefore, DefenseWall in the Basic -Not Expert- Mode is ideal to inexperienced users,
as it requires no advanced configuration.

I'm sorry, I'll take back my comment. he thing is that i tested it on my PC, since I don't a have a VM I just overlapped it on top of my current setup. That must have been the reason why I noticed so many popups. Also, I was talking about DefenseWall HIPS, not the FW one.

Anyway, the posters above are light years above in expertise. :thumb: