OS: Windows XP Home Edition (No security patches or service packs except for Blaster and Sasser)
Firewall: Kerio Personal Firewall 4
AV: AVG Anti-Virus 6 Free Edition
AS: Ad-Aware SE 1.03
Web Browser: Mozilla Firefox 0.9.3

Other: Abtrusion Protector, DiamondCS RegProt and Autostart Viewer
Turned off unncessary services with services.msc, Am careful before downloading anything (don't download from inreputable sites), Uninstalled some services and left TCP/IP only... Turned off Windows Scripting Host and check Task manager to see if there are any more processes then the normal

Am I dial-up so IP Adress changes randomly each dial-up
Is a Home computer...

Am I SECURE Enough ?

I am aiming for simplicity then a whole bunch of security applications that I may not need or use. I've never had a problem with this current security setup even if I've only download 2 security patches... It works for me... but I'm asking to see if it adequete enough for the future.

Get to windows update and get those updates and patches, they are important in keeping your computer secure and safe.

bigc

Unfortunately, I use dial-up Internet... and there are some 50 or 60 critical updates... If Microsoft offered a free SP2 CD it would might be a major helping hand...

I don't think that crackers are going to target this computer out of the millions that use the internet though and further more, some of the patches are for computers that use Internet Explorer, and I don't use Internet Explorer... so it would be a burden to download and apply some patches that I don't need

I absolutely reiterate bigc's comment.. unless you "really really" know what you are doing, do the Windows Updates of critical patches/packs [maybe not SP2 yet].

Your AV may be a good one, but for "backup only" IMO, you do need to get a recognised better one, as to which, I will only say search for "best av" and you are bound to be flooded by threads, this issue is rehashed over and over as a lot of new people invariably ask that question. ;)

The fact you are on dial up [like I am] will only help in prevention of "hacking" [not that that is high on the agenda], your main concern is still 'drive-by' ActiveX, etc.

Honestly, I also recommend SpywareBlaster or some other form of an RTM of browsing help as in Spybot's TeaTimer or AdWatch [only in AdAware PLUS/PRO paid].

But the best bet is the free SpywareBlaster and SpywareGuard.... SWB blocks against ActiveX baddies and bad cookies, and SG blocks again browser hijacking.

Just my opinion.

You have a firewall, good
Also, get a good HOSTS file, do search for that. Stops you being directed to bad sites.

There would be more I would do, but those are a minimum as you wanted.

Certainly would not do any harm to even download a good anti-trojan program as an OnDemand only, just to do manual scan every now and then... or at very least, do an online scan of your system each month, whatever.

Cheers, TAS

G'Day,

Thanks for you replies... I might considering getting SpywareBlaster... but the HOSTS files is a problem... I tried it once and it would take 1 minutes before any internet connection would come through... I had tried ewido and a2 but I don't think they are reputable enough for me to use and they are pretty useless IMO because they are not realtime. And I think I really really know what I am doing when I download a program.

As for viruses, when I used Opera - i still managed to get a virus, in which Norton (a OEM verson, I used at the time) alerted me. So it is POSSIBLE to get a javascript virus even if a person uses a browser other from Internet Explorer or a Internet Explorer shell.

Would it be advisable to REPLACE Ad-Aware wtih SpywareBlaster ?, as currently I don't find any spyware with Firefox apart from tracking cookies - in which I can clear regularly. And plus Ad-aware has not found a think since I have used Gecko based browsers and I know what is a spyware program and is not a spyware program. Firefox does not readily support ActiveX by default, so I am pretty alright with spyware.

So to simply this down I want to

Ad-Aware REPLACED by Spyware Blaster
and with Abtrusion Protector as backup - which takes a snapshot of programs and prevents any programs from being installed without user intervention.

?

Nope, keep AdAware.

SpywareBlaster is NOT a scanner... you install it, update, then "enable protection' which means it sets "killbits" for ActiveX in the Registry.

This prevents installation of said bad ActiveX in the first place behind your back. It's more of a "set and forget" kind of thing, apart from updating.
Updating is done thru the program and is 'manual' but if you donate and register it, there is an automatic update feature in it.

Spybot Search and Destroy, that's very similar to AdAware, they compliment each other. It's a scanner but it also protects your registry as it can take a snaphot, etc.

It also will do a Registry back up upon installing, so just to alert you to that fact when you install it. You will need to go thru it a bit, with settings, etc.

As to an AT... I personally use TDS3. Now that is not free, but, you can download, get the latest updates manually, and it still functions as normal with scanning, etc.

The 2 differences being:
1: No Real Time Protection [but it's worth getting for that IMO]
2: Cannot do updates thru the program, you have to go to site and grab the latest 'radius.td3' file which is the database, you can rename the current one to say 'radius.tds.bak' and then drop the new one into the folder [or simply overwrite it with the new one] and restart TDS so it's current with its updates.

Cheers, TAS

edit to add: re your HOSTS file trouble... how many entries were in the lists. there could be a delay if you have several 10's thousands some report. Mine is a basic one of around 8000 sites. I am on dial up... have no delay at all. I have seen some people using as many as 200k +... man... lol.

This SpywareBlaster thing sounds like some good quality software from Javacool (I use MRU-Blaster, and it's excellent with a nice no-frills interface). I've tried Spybot but it is kind of wierd IMO, with a bad interface, freezes, the works.

For the ActiveX problems, I've disabled Windows Script Host in XP, so they'll take care of ActiveX, VBScripts etc. that may be executed with Abtrusion Protector as back-up.

Hackers, Intrusions > Kerio
Viruses, Trojans > AVG
Spyware > Firefox set to deny 3rd party cookies, planning to get spyware, ad-aware

System > Regular System Restore backups, abtrusion protector and regprot to protect install directory, registry from any changes and boot protection...

So except for the lack of a high-quality antivirus (I use AVG) and not applying almost all the patches... I'll say I'm doing just fine. I try to use Open Source products so'll that'll help too...

Hi squash,

Just a few things.
Get a good reliable imaging backup program that can make bootable CDs or DVDs and use it. You spent a long time tweaking, configuring, and tuning your security. It would be such a waste to lose all that time when a new type of worm (perhaps able to penetrate the firewall) takes it all away. Even the most security concious people can slip up. All it takes is one click.

I assume you properly configured each component of your security? Like tightening up the rules in KPF. Password protect KPF (if that is possible).
Configure Firefox (uncheck auto install plugins, uncheck java, etc.)
(sidenote, while on FF, get Adblock extension. Why waste dial up time dl ads?)

SWB is good. So is SG.
I would keep Adaware SE too.
I would spend the time and get the critical updates also.
You could also consider HTAStop2003, DSOstop2, WWDC, GRC.com: Xpdite, etc. especially if you are going to leave your windows vulnerable by not patching.
For registry protection RegProt was problematic. Tea Timer was better. If you want better (more configurable), check out the thread on Registry Monitor Comparison.

HTH

Yes, I already use Firefox with Adblock already, and I've configured it to disabled Java, but keep Javascripted enabled because many sites use this type of technology.

As for backup software, This computer doesn't have a CD-RW (CD Burner) or the equvalent, so I'll have to rely on System Restore and use my knowledge not to something stupid.

I've already used the various GRC.COM, HTAStop2003, DSOstop2 and a program called SafeXP... too...

Yes, you are right, it's what runs well on your system that counts the most Squash. No matter how good a product is, if it keeps screwing up on your particular configuration then it's no good to you.

If you got your PC set up how you like it, with basic protection, then that is all that matters. :)

You seem to know what's what, so apart from maybe getting a more protected database/detection AV, then you are fine.

Although plenty of people are quite happy with AVG by itself, but there certainly is room for improvement in it as compared to Kaspersky, McAfee, F-Prot, etc. etc.

Anyhow, happy surfing. :)

Cheers, TAS

THANKS alot to all people who replied.
I knew that I had enough protection... and I just wanted some assurance from people who have had experience in the field of security... Of which I read from various security websites I have gained some very valuable experience.

The Internet can be a safe place, but it can be a dangerous place. Every thing has its pros and cons, and so is this type of technology.

Anyway, concerning AVG not being a high-detection rate anti-virus, I would HAVE tried and possibly used Avast! except for the reason the form asks me to provide my home address to them in the registration for the free home registration... thing... oh well...

I've never tried Avast!, but AVG works for me... it may not have the best interface, but at least it's not buggy and freezes at times like Spybot... :-)

-{ Quote: "...I would HAVE tried and possibly used Avast! except for the reason the form asks me to provide my home address to them in the registration for the free home registration... thing... oh well..." }-
squash,
I don't understand this part. You can't trust this security company to protect your home address info and yet if they did not require it, you would trust them with protecting your computer?

Yes.
I don't see why a company like Avast! would need someone's home address... unlike AVG Registration which only requires a name and e-mail address...

Anyway, I tried SpywareBlaster and I am very impressed with it, nice simple yet effective user interface with a very nice range of useful options such as saving the HOST File and protection for the web browser I use (Firefox).

Very nice software, Javacool

I don't see how people don't apply patches and get hacked...
There are many people who can't be bothered or don't know what a security patch is... and I don't think they have ever been hacked by crackers exploiting their computer through that way... for the exception for the other threats like viruses, trojans etc.

What IF... a cracker tries to crack a person by a security hole, I mean with Kerio Personal Firewall with IDS (Intrusion Detection) should do as the name suggests... I think that viruses, trojans, keyloggers and spyware are the biggest threats....

Who have you seen has been hacked who has a Firewall and Antivirus at least, and not apply a security patch and get hacked because of not applying a security patch ?!...

The only instance that computers I used were cracked were due to:

1. When I was newer to computers, I opened some supposedly 'fun' program and did not have an antivirus > Trojan

2. The WMI (A service in Windows XP) didn't work, and i couldn't enable the built in XP firewall to temporary use it and download Kerio... and by the time i could even download Kerio... some cracker used an ftp.exe (that Windows XP has) and the cracker uploaded some trojan with that ftp.exe > I deleted ftp.exe by disabling Windows File Protection... and cleaned the trojan with AVG - but I had to reinstall because I thought I would be better off... and there might be hidden traces of the anti-trojan ... aw well

Now I am heaps heaps better... I havn't got a trojan, virus, spyware, dialer or keylogger in months... :-)

-{ Quote: "

Who have you seen has been hacked who has a Firewall and Antivirus at least, and not apply a security patch and get hacked because of not applying a security patch ?!...
" }-

Yes, I have lots of times. Most are using Internet explorer though.

-{ Quote: "
Now I am heaps heaps better... I havn't got a trojan, virus, spyware, dialer or keylogger in months... :-)" }-

Good to hear, but it's much better to close a security hole with a patch compared to covering it up with a firewall.

-{ Quote: "Yes, I have lots of times. Most are using Internet explorer though.

Good to hear, but it's much better to close a security hole with a patch compared to covering it up with a firewall." }-

Yes, that is mostly when a person uses Internet Explorer... but what I meant was AV+Firewall+Browser other then IE with a person who knows what they are really doing...

With a firewall with IDS (Intrusion Detection System) or something, if it works for me... then yes :-) ... I don't see how some patch would make any difference, since if I use a firewall that stealths the hackers wouldn't know I'm online anyway... and all the other security vulnerabilities I would need to care about is mainly in the browser... but I use Mozilla Firefox, so I don't need to really care THAT much... except I wish that mozilla firefox had a security patches section instead of making people upgrade each time...

AVG is a very good AV, especially for free. No particular need for another as it will cause problems and confusion.

In regards to updates. GET THEM!! Especially the critical ones. As already stated, better to fix the problem, then just cover it up.

Also, you can order SP2, on cd, for free. Get it!! Then disable security center, firewall, and auto updates, provided you have enough sense to manually check for updates.

Spywareblaster, Adaware, and Spybot are all almost necessities now a days.

Squash,

I'm going to sound a discordant note here - but if you are running a (properly configured) firewall and avoid using any Microsoft applications then there is little need to apply most Windows patches. Many are for specific applications (e.g. Internet Explorer, Outlook Express) so if you never use these applications (and block them with your firewall to make sure they don't get invoked by other software) then no updates for them should be necessary.

IE does require a little extra care though - it is mandatory for Windows Update so I would suggest disabling Windows Update and checking the Microsoft Security Bulletins (http://www.microsoft.com/technet/security/CurrentDL.aspx) page for critical updates instead (this also avoids having your system information recorded by Windows Update should you wish to keep it private). Also be aware that other applications may use IE code (e.g. Stardock Central (http://www.stardock.com/products/sdcentral/)) so I would advise limiting their access as much as possible (i.e. allow access to necessary domains only).

As for Windows itself, a properly configured (I have to stress this here) firewall should block any Windows remote-access exploit since the firewall should receive and filter incoming network packets before they reach Windows' own network subsystem (avoiding the need to patch any remote-access exploits). At this point, you should only need to pay attention to those applications permitted network access (your browser and email client at the minimum - these may need patching if vulnerabilities are discovered). If you share your computer with others however, you will need to address local exploits (e.g. ones that allow a normal user to gain Administrator access) via the appropriate Windows patches.

Spyware and browser hijacking is pretty much a non-issue with Firefox. While all those recommending anti-spyware software doubtless mean well (and the suggestions make sense with IE), I would suggest that you would be better served with a general web filter (some firewalls like Kerio Pro and Outpost include these - but a specialised one like Proxomitron (www.proxomitron.info) can offer far more flexibility) configured to strip out all active content (ActiveX, Java, Javascript, etc) except for sites you trust. This should protect you against all past, current and future web exploits. Make sure that any active content in email is also covered (and consider blocking any web access by your email software to stop it from trying to access spam web bugs or phishing exploits).

Furthermore you have a second line of defense in your use of Abtrusion Protector and RegProt. Further security applications may give you greater control and understanding of your system, but should not be regarded as a necessity at this stage.

I should also stress the importance of "download hygiene" - if you download files from questionable or anonymous sources (P2P networks, Internet Relay Chat, Usenet or "warez" websites) then you should consider running specialised anti-trojan software.

Thanks Paranoid2000 for your educational read,

I tried a web content filters - not proxomitron because I don't trust it - seeing that the author sadly passed away ? thats what i heard on proxomiton.info anyway and there would be no better updates and the GUI looks like a tor shop... but I had tried WebWasher which is similar and I think (at time of writing) the classic version is free for non-commercial, home use but it made some problems with websites I've encountered including forums which use the same vBulletin as this one, which does NOT correctly render properly in Firefox until I have turned it off... I have found a suitable replacement which is the AdBlock extension for firefox and it seems to block almost all the major ads from advertising without the glitches of creative websites incorrectly and the background resource....

And I do NOT download from any questionable websites such as P2P, Warez, Underground websites or IRC... They mostly contain illegal software or futhermore the program might contain a trojan, virus or may even be hacked and reverse engineered to have hidden code from it... I use FREE alternatives instead such as the GIMP instead of Adobe Photoshop and OpenOffice.org instead of Microsoft Word for my needs without having to resort to these type of misbehaviour... With open source, free alternatives even that I won't be bothered to view the source code, I can be assured that the repuability of the software is from more then just one author with the source code as assurance that the code doesn't contain any viruses. However, it should be with caution that I don't go to sites that claim to be open source but in fact contains bad code and tricks a person... Some of the websites that host opensource software isn't what you call a domain name but sub-domain or hosted on sourceforge... but I make sure that the software is known by visitng a opensource directory to see if the software is listed...

And I try to only limit the websites from which I download and check to see if the authors website or companys website has a postal address (AT LEAST)... instead of just a bunch of e-mail addresses.

If it has a postal address, location address, telephone numbers and e-mail address then I would think that the company what be reptuable enough. But it would be also be wise to check the website design to see if it modern... if it looks like it is made in frontpage... a person can check the source code of the website - and see if there is a frontpage heading code... then I wouldn't really trust it at all...

Just to keep an update:

OS: Windows XP Home Edition

Web Browser: Mozilla Firefox 0.9.3 (with AdBlock Extension) - Default and Primary Web browser also configured to deny referrers and deny Third party cookies

FW: Kerio Personal Firewall 4 - Limited Free Edition
AV: Grisoft AVG 6 Free Edition with boot protection
AS: Lavasoft Ad-aware SE 1.03 and Javacool Spyware Blaster 3.2

Intrusion: Abtrusion Protector (Protects install directory, registry and boot protection) and Kerio Firewall's IDS

Registry: Abtusion Protector registry protect setting and also DiamondCS RegProt

Backup: Windows XP System Restore

Windows XP Updates: 2 - The Blaster and Sasser ones

Other: I've got Eraser which has Gutman 35 pass deletion capability and DiamondCS AutoStart Viewer and I check the XP task manager for the number of processes and I'll know if there is even 1 additional process...

I also hardly ever use any Microsoft products except for Windows Media Player and sometimes MSN Messenger, I've replaced with others instead like open source and freeware ones and I rarely use - if ever Internet Explorer...

Cleared registry with registry cleaners, and only installed programs that I need.

Tweaked services.msc, deleted some services left only TCP/IP... Also used various GRC.COM utilities like DCOMBulator etc. and others such as HTASTOP and SafeXP...

I am very very very careful not to do something bad like open trojans, viruses etc. I DO NOT never ever ever download from IRC, P2P, Underground sites or other anonymous places...

When I download a program... but I now try to limit to the current set of programs on that computer... I would:

1. Look at the site design, to see if it looks reputable and not frontpage made - even viewed source code

2. Read the features and see what it does

3. Look the authors of companys postal, location address, telephone number and e-mails and if possible the names and a picture of the author.

4. Search on Google to see if any people have used the program is popular and if there nay conflicts

5. Check if it is widely used

6. If I decide to download, I'll scan with AVG, Ad-aware

I've also disabled Windows file protection then deleted the ftp.exe program or something that is in windows xp... due to from my experience... a hacker downloaded a trojan with that program... after that i turned back the WFP...

This is a home computer... and I'm the only user
The computer is password protected including the administator account by going into safe mode... if others use the computer i try and make sure i'm there to see what they are doing... I don't trust them to use the computer on their own :p

I HOPE am I secure ENOUGH...!!! :-)

You still need the windows updates to be secure with windows, sp2 prefered it has all the critical updates included.

-{ Quote: "You still need the windows updates to be secure with windows, sp2 prefered it has all the critical updates included." }-
Totally agree, I have personally experienced customers who have bee continuously infected and reinfected by viruses, yes the AV would pick it up, however as soon as they connected to the internet, it would return, Opaserv springs to mind...

You need those Windows updates, take them a few at a time, like eating a apple, if you try to swallow it whole you'll choke, however, one bite at a time it is easily eaten ;)

Cheers ;D

-{ Quote: "You still need the windows updates to be secure with windows, sp2 prefered it has all the critical updates included." }-

I used to use GNU/Linux Mandrake distribution before coming back to the Windows world... I still think I'm alright for everything without the patches but it shouldn't matter because as long hackers don't see me online (stealth) I'll be alright. And the majority of attacks are blocked by the firewall... I've got the lastest version of Firefox so that is what matters...

It is easier for a person who has wide access to broadband to say to get the lastest Windows update just like that. But here in Australia, dial-up is still a popular choose and it would as I said a burden to download these patches 60 or 70 of them - which equvalates to around a couple of hundred megabytes...

The Windows XP SP2 CD-ROM is not available to Australian people for FREE yet so... it is virtually an impossible task for me...

Looks pretty impressive.

I don't have SafeXP so it may do everything that WWDC does. But, WWDC was able to close 2 things even after I was fully patched(everything but SP2) and ran the full GRC suite.

See if your motherboard has some form of BIOS protection (like CIH 4 way protection). It is usually a setting in BIOS that requires the use of special BIOS Flash utility so malware can't mess with your BIOS.

Get the SP2 CD when available.

Windows restore is all right, but you might consider an imaging program to back up to another HD. Or at the very least, to the same hard drive.

Alternatively, you could try a image/system retoration utility like First Defense/ISR, or GoBack.

Anyway, looking good! ;D

-{ Quote: "Totally agree, I have personally experienced customers who have bee continuously infected and reinfected by viruses, yes the AV would pick it up, however as soon as they connected to the internet, it would return, Opaserv springs to mind...

You need those Windows updates, take them a few at a time, like eating a apple, if you try to swallow it whole you'll choke, however, one bite at a time it is easily eaten ;)

Cheers ;D" }-

That is because those customers don't have a firewall... that it would return...

-{ Quote: "Looks pretty impressive.

I don't have SafeXP so it may do everything that WWDC does. But, WWDC was able to close 2 things even after I was fully patched(everything but SP2) and ran the full GRC suite.

See if your motherboard has some form of BIOS protection (like CIH 4 way protection). It is usually a setting in BIOS that requires the use of special BIOS Flash utility so malware can't mess with your BIOS.

Get the SP2 CD when available.

Windows restore is all right, but you might consider an imaging program to back up to another HD. Or at the very least, to the same hard drive.

Alternatively, you could try a image/system retoration utility like First Defense/ISR, or GoBack.

Anyway, looking good! ;D" }-


Backup to another hard drive ? ... a different hard drive... or a partition on the same computer... I don't have a different hard drive though so not the previous.

Would backing up to a partition be as simple as creating a partition then copy and pasting everything from C:\ to a partition ?

-{ Quote: "Backup to another hard drive ? ... a different hard drive... or a partition on the same computer... I don't have a different hard drive though so not the previous.

Would backing up to a partition be as simple as creating a partition then copy and pasting everything from C:\ to a partition ?" }-
No. OS will prevent proper copying due to file locks, page file, etc.
You need a real backup program.

-{ Quote: "...It is easier for a person who has wide access to broadband to say to get the lastest Windows update just like that. But here in Australia, dial-up is still a popular choose and it would as I said a burden to download these patches 60 or 70 of them - which equvalates to around a couple of hundred megabytes..." }-
Have you worked out how much your dialup Internet is costing?

Try these simple average sums:

1. Internet access = $30.00 per month

2. Local calls every time a connection to the internet is made;
25c per call x 4 calls per day x 30 days = $30.00 per month

Total = $60.00 per month

Broadband is the same price or cheaper:

1 You no longer require your Internet Service Provider (ISP), you will be going with a Broadband ISP.

2 Calls to the internet are NOT made anymore – Broadband ADSL piggy-backs an existing line. Broadband Cable is brought in from the street. Both methods do NOT use any form of phone call to make their connection to the internet.

Broadband as an example - Internode www.internode.on.net have this plan:

PADSL-256-Unlimited-Red $49.95 256k/64k 12 GB

Should you go over your limit, Internode “Shape” (slow down) your connection speed until the end of the month you are in.

And this is but one of the many hundreds of providers out there…

Cheers ;D

I don't think imaging a hard drive on a partition would work... because what about the registry entries ?... If i copy and pasted wouldn't the new pasted contents of the drives depend on the registry..

I would say three things on this issue........

1. It is this very thing that makes drive imaging software a security tool. If you have a "good" image with Windows tweaked the way you want it, etc. You can just - at anytime - take the hour that it takes to put the system back in its "perfect" state. You would have your firewall, all of your other security products, the latest patches (I image once a week), etc. all on the system and protecting you from the first second of connectivity.

Otherwise,

2. Software firewall as priority one.

3. Even if you don't have multiple computers using your internet connection - get a router! The router/firewall will serve you well and allow you greater security with it's various configurations. But, even in default status, you're doing fine to get on the internet without attacks that may be directed at you and your IP personally. Routers are still dropping in price - a used one on eBay can be had for as little as $10-$15. A new router can be as little as $25 with rebates.

I posted this in another thread about a similar issue. With one of these three things, a combination, or all three of these - there is no longer a problem from the moment you are on the net.

For replicating files and other bombardments that need emergency first aid - I posted this thread (http://www.wilderssecurity.com/showpost.php?p=240003&postcount=9) that might help.

John
Luv2BSecure

.

-{ Quote: "Have you worked out how much your dialup Internet is costing?

Try these simple average sums:

1. Internet access = $30.00 per month

2. Local calls every time a connection to the internet is made;
25c per call x 4 calls per day x 30 days = $30.00 per month

Total = $60.00 per month

" }-

Heres approx.

1. Internet Access is around $20 per month (iPrimus)
2. On the plain, get around 50 or someting free calls a month

So around less then $10 a month ... and theres unlimited time and downloads too :-) I think

-{ Quote: "I don't think imaging a hard drive on a partition would work... because what about the registry entries ?... If i copy and pasted wouldn't the new pasted contents of the drives depend on the registry.." }-

A clean image restores your system back to a "perfect" state by replacing everything on the drive - bit by bit, byte by byte, everything is as it was when you made your clean "perfect system" image - registry included.

John
Luv2BSecure

.

-{ Quote: "I don't think imaging a hard drive on a partition would work... because what about the registry entries ?... If i copy and pasted wouldn't the new pasted contents of the drives depend on the registry.." }-
Yes it would. With Ghost 2003, you can do exactly that: image one partition to another even if it is on the same drive. Although you do not get the hard drive crash protection that you would if you imaged it to another HD.

-{ Quote: "I would say three things on this issue........

1. It is this very thing that makes drive imaging software a security tool. If you have a "good" image with Windows tweaked the way you want it, etc. You can just - at anytime - take the hour that it takes to put the system back in its "perfect" state. You would have your firewall, all of your other security products, the latest patches (I image once a week), etc. all on the system and protecting you from the first second of connectivity.

Otherwise,

2. Software firewall as priority one.

3. Even if you don't have multiple computers using your internet connection - get a router! The router/firewall will serve you well and allow you greater security with it's various configurations. But, even in default status, you're doing fine to get on the internet without attacks that may be directed at you and your IP personally. Routers are still dropping in price - a used one on eBay can be had for as little as $10-$15. A new router can be as little as $25 with rebates.

I posted this in another thread about a similar issue. With one of these three things, a combination, or all three of these - there is no longer a problem from the moment you are on the net.

For replicating files and other bombardments that need emergency first aid - I posted this thread (http://www.wilderssecurity.com/showpost.php?p=240003&postcount=9) that might help.

John
Luv2BSecure

." }-

What if i limit the time I use the computer and Internet in particular altogether, I won't think that these would be really necessary :-)

-{ Quote: "Yes it would. With Ghost 2003, you can do exactly that: image one partition to another even if it is on the same drive. Although you do not get the hard drive crash protection that you would if you imaged it to another HD." }-

System Restore may not be the best, but it's good enough as long as I don't do anything drastic... These Ghost program thing they cost $$$ ... if only there were some free program...

-{ Quote: "What if i limit the time I use the computer and Internet in particular altogether, I won't think that these would be really necessary :-)" }-

Not sure what you mean. You can be attacked within seconds of being on the internet. A study recently showed that the average time before infection on an "open" computer - without protection - is twenty minutes.

on edit: Gambling like that is called Russian Roulette.

John
Luv2BSecure

.

-{ Quote: "Heres approx.

1. Internet Access is around $20 per month (iPrimus)
2. On the plain, get around 50 or someting free calls a month

So around less then $10 a month ... and theres unlimited time and downloads too :-) I think" }-
I did say average ;)

I had someone in my shop last week that was above average (with teenagers) and had just ordered a 2nd phone line, so her costs were well over $100 per month...

You may want to check out what your current provider has in the way of Broadband plans, or you can take a look here:

http://bc.whirlpool.net.au/

for all ISP Broadband Providers and the plans available...

Cheers ;D

-{ Quote: "What if i limit the time I use the computer and Internet in particular altogether, I won't think that these would be really necessary :-)" }-
Security or lack thereof has nothing whatsoever to do with time and placing a limit on such...

Cheers ;D

-{ Quote: "Not sure what you mean. You can be attacked within seconds of being on the internet. A study recently showed that the average time before infection on an "open" computer - without protection - is twenty minutes.

John
Luv2BSecure

." }-

Yes I agree with the seconds of being attacked, it happened to me, when I was download Kerio Firewall, by the time i even downloaded a small firewall like look n' stop to temporary stop attacks in order to download a better firewall... computer got cracked and had to reinstall from the computer manufacturer's restore cds which not only reinstalls the O/S but other useless programs and stuff, to factory condition and it took a long time for that... and i had to reconfigure EVERYTHING and download and install EVERYTHING again...

I wonder if that 20 minutes is 20 minutes without protection of any kind (AV, FW etc.) or 20 minutes without any security patches... and if the later - how come i've only got 2 (almost nothing) and after months of using (with the adequete protection) have not get hacked, not a single additional process or something :p

I did some browsing and came along a list of freeware system backup utilities and are any of them comparable to Norton Ghost... like some of them says they can backup to the same HD... so why is it pay for Norton Ghost when there are free alternatives :-)

http://www.snapfiles.com/freeware/system/fwbackup.html

-{ Quote: "System Restore may not be the best, but it's good enough as long as I don't do anything drastic... These Ghost program thing they cost $$$ ... if only there were some free program..." }-
It really depends on how important security is to YOU.
Your hard drive WILL fail no matter what security practices you do. It is merely a matter of time. If you backup to the same drive, you will not be protected from hard drive failure. But you will be able to recover from some types of infection.
To have a top notch security setup, you are going to have to spend some $$$. You can get away here and there with some free things, but some things just cost.
That said, don't buy Ghost by it$elf. Buy Norton SystemWorks Pro 2003 it is just $11 here (http://search.store.yahoo.com/cgi-bin/nsearch?catalog=directron&query=systemworks+pro+2003&.autodone=http%3A%2F%2Fwww.directron.com%2F) (note: I am an independent user and have no affiliation with the company). It includes Ghost 2003 and can be found cheaper then Ghost by itself. Only install Ghost not the rest of the Symantec Riff Raff! For a little more $$$, about $35, you can get the 2004 edition which includes GoBack as well.
Other options would be Bootit NG (http://) and Drive Snapshot.

I looked briefly at all those freeware shareware utilities. They are little more than a glorified Windows Back Up.

Here is the difference between a backup utility and a real hard drive imaging program:
Let's say you get hit with a destructive worm (I know it won't happen in your case, but a false sense of security is the biggest security weakness :P).
The worm wipes out your boot partition including system restore.
Fortunately, you had just used the Windows Backup (or one of the other free utils you mentioned) and saved the backup file to another unharmed partition.
The util only works in windows, so to restore, you will have to reinstall windows completely (with no security apps), and run the restore. What a waste of time.

Using a real imaging program in the same situation (boot partition wiped out) would be like this:
Insert Ghost boot floppy and reboot.
restore image from good partition.
Back in business.

A real imaging program doesn't cost that much if you know where to shop.
Yes you could use those freebie backup utils, I have in the past (windows backup) and it wasn't worth it (even being free).
I agree with John, backup should be #2 or #3 after firewall in importance.

If you are interested, here is info on the 20 minute worm issue (http://www.wilderssecurity.com/showthread.php?t=45207&highlight=minute+worms).

I wish you the best of luck, and a good security solution that works for you.

Thanks Devinco for your reply,

I was downloading some backup program, but after viewing your post I found out it would be essentially useless because windows might fail as with the boot thing... I already have AVG boot protection and abtrusion boot protection it now takes for Windows XP to move the loading bar twice (yes, twice i tweaked windows xp) to now around twice and a half but it's worth it. I would just use system restore.

This is a disadvantage of windows, there are programs that i use and are required to be download but in linux, nearly all the programs are included on the cd, and if it fails i can just use the cd and installing would only take a few minutes and i don't have to reconfigure EVERYTHING and INSTALL everything again...

I used WWDC after a suggestion in this forum, and it found 2 things... the RPC Locator and the Netbios not being completely disabled... to my suprise, i thought i was secure enough... i guess there is room for some improvement...

I THINK i'll order the windows xp SP2 cd, if it is FREE with no strings attached... there are already a Windows XP SP2 Express which is around 80mb or something which is the same thing as SP2 without the use corporate stuff that people may not need, but it is still large.

http://www.flexbeta.net/main/modules.php?modid=8&action=show&id=128

-{ Quote: "Thanks Devinco for your reply," }-
You're welcome. Anytime. :)
-{ Quote: "to my suprise, i thought i was secure enough... i guess there is room for some improvement..." }-
That's the spirit! :)
I am just starting to learn about security and one of the most important things I learned is that security is an ongoing process. It is not a program, a set of programs, or a specific configuration. It is everything put together, constantly improving and changing.

OK, I found that my current security setup > see post 24 of this thread is good enough and further it works for me, all the programs are stable and works pefectly... It is strong but with only a small setup of programs so i still get a strong defense but don't have to worry about updating a whole bunch of programs... It works for me... I DO NOT think i'll want to add a bunch of other programs... If it ain't broke why should I fix it ?... i've been using it for months without ANY problems whatsoever...!!

Thanks to all who have replied
It is much appreciated...

squash

-{ Quote: "...not proxomitron because I don't trust it - seeing that the author sadly passed away ? thats what i heard on proxomiton.info anyway and there would be no better updates and the GUI looks like a tor shop." }-While it is true that Proxomitron's author Scott Lemmon did sadly pass away (see this ComputerCops thread (http://computercops.biz/article-5228-nested-0-0.html) for more details) I fail to see why this should affect how much someone should "trust" Proxomitron. Although development was halted previously (at version 4.5), it is the filters which provide the real power and not only can these be freely edited but new ones are being offered by sites like JD5000.net (http://jd5000.net/) and the Kye-U forums (http://www.kye-u.com/proxo/forums/index.php). As for the GUI, if you don't like the colours or bitmaps you can disable them (Config/Visuals - check the "Don't use textures" box) to get a more "standard" look. There's also ProxoPatcher (http://www.xs4all.nl/~vsetten/prox/) which makes significant UI changes. The biggest difficulty with Proxomitron is learning the filter language (based on regular expressions) and HTML - which you only need if you want to create your own filters.

However if open-source is your main criteria then Privoxy (http://www.privoxy.org/) (based on the Junkbusters filter) may be a more attractive option. See this Proxomitron vs Privoxy (http://m2.overseasky.net/forum_posts.asp?TID=23335&PN=1&get=last) thread for some discussion on this.-{ Quote: "I HOPE am I secure ENOUGH...!!! :-)" }-The only thing not addressed is online privacy - your Internet traffic and the URLs you visit can be recorded and viewed by your ISP and many countries are making this a legal requirement. The only way to avoid this is to use an anonymising proxy (that encrypts the data between your PC and a proxy server) and the one I would recommend is JAP (http://anon.inf.tu-dresden.de/index_en.html).

I have posted on this often in the past so a forum search should turn up lots of information but the key points are that it is open source (so attempts to backdoor it can, and have, been discovered), cross-platform and browser independent (it uses Java) as well as currently being free (though you can make a donation).-{ Quote: "... but you might consider an imaging program to back up to another HD. Or at the very least, to the same hard drive." }-I would certainly agree with the wisdom of having a full image backup - trying to reinstall Windows, all your programs and reconfiguring everything can take days if not weeks. Hard drives will fail at some point though so you should store images on a separate disk (these are pretty cheap nowadays).

I would suggest Drive Snapshot (http://www.drivesnapshot.de/en/) or Acronis TrueImage (http://www.acronis.com/products/trueimage/) rather than Norton Ghost though - Ghost requires you to shut down your system while it does a backup while Snapshot and TrueImage allow you to continue working on your system while the backup is running. Also Symantec have been adding product activation to many of their products (see their Activation FAQ (http://service1.symantec.com/SUPPORT/custserv.nsf/docid/2003011611281446?OpenDocument&ExpandSection=4) for the full list) which, in my view, is a good reason to avoid them completely.

Check the TrueImage forums here for more details on Acronis (there do appear to be issues with the latest version 8 though). Drive Snapshot is more minimalist (the program is only 140K in size!) and is available as a trial download (with limited backup and unlimited restore capability) which means (if you are a real cheapskate :P) that you could just download a new copy every month to avoid having to buy a licence.

Paranoid2000,

The privoxy thing is only for Linux, i checked the sites and and there are only RPMS... and last web filter I used was WebWasher classic ... but made forums render incorrectly in firefox until i turned it off...

I might consider using an online anomymising website thing, but it might slow down my web browsing, some sites might not work correctly and the anonmising website thing itself might contains ads...

As for ISPs recording websites a person goes to, isn't that invading a persons' privacy. I think that the ISPs shouldn't record what people visit and stuff... As for the sites a person goes to, if a ISP can record what websites a person goes to, who knows they might even record what a person sends and receives... :-| credit cards numbers, personal info, chat convos... the works!!!

I checked out JAP, and it wasn't good... I tried the-cloak and it seemed pretty good, but it's limited...

So are there any other anonymous surfing things out there that are reputable, ad-free and FREE ?

And just how SAFE is it to use anonymous browsing websites, will it be possible for them for record what a person sends and receives like passwords etc. ?

-{ Quote: "Yes, that is mostly when a person uses Internet Explorer... but what I meant was AV+Firewall+Browser other then IE with a person who knows what they are really doing...

" }-

Well if you already know what you are doing, perhaps you don't need to come here :)

-{ Quote: "
With a firewall with IDS (Intrusion Detection System) or something, if it works for me... then yes :-) ... I don't see how some patch would make any difference, since if I use a firewall that stealths the hackers wouldn't know I'm online anyway...

" }-

Hmm Hackers don't need to know you are online to attack you, not at the start anyway. And I don't buy into the stealth myth anyway. There are other easier ways to know if you are online.

As Paranoid mentions while in theory a properly configured firewall (difficult to do sometimes) is sufficient to block most windows based exploits, I still feel it's more secure to avoid as many weaknesses as possible instead of relying on a firewall. This is espically so if you use only a software firewal..........








and all the other security vulnerabilities I would need to care about is mainly in the browser... but I use Mozilla Firefox, so I don't need to really care THAT much... except I wish that mozilla firefox had a security patches section instead of making people upgrade each time..." }-

I'm just not gonna be bothered to use some 'proxy' i don't it to slow my web browsing speed... and to load some page each time and type into a small box for an address... and when i click a link nstead of typing in THEIR box... the proxy address thing is gone... :-|

-{ Quote: "I'm just not gonna be bothered to use some 'proxy' i don't it to slow my web browsing speed... and to load some page each time and type into a small box for an address... and when i click a link nstead of typing in THEIR box... the proxy address thing is gone... :-|" }-
You don't do this with Proxomitron... You browse like normal ;)

Cheers ;D

But I can't hide my IP Address with proxmomitron or others like Web Washer, proxies are the only way...

There is a program called Smartfix that i tried and it can hide your ip address effectively among other things. Here's the link. http://www.majorgeeks.com/download.php?det=4054

Forgot to add that Smartfix is free, and really only works with IE.

-{ Quote: "The privoxy thing is only for Linux, i checked the sites and and there are only RPMS... " }-Privoxy is available for Windows, AmigaOS, OS/2, Mac OSX and Solaris/BSD as well as Linux. All the versions are available on their download (http://sourceforge.net/project/showfiles.php?group_id=11118) page (Windows executables are at the bottom).-{ Quote: "I might consider using an online anomymising website thing, but it might slow down my web browsing, some sites might not work correctly and the anonmising website thing itself might contains ads..." }-Of course these may happen - the question is do you value your privacy enough to consider these tolerable?-{ Quote: "As for ISPs recording websites a person goes to, isn't that invading a persons' privacy. I think that the ISPs shouldn't record what people visit and stuff... As for the sites a person goes to, if a ISP can record what websites a person goes to, who knows they might even record what a person sends and receives... :-| credit cards numbers, personal info, chat convos... the works!!!" }-Welcome to the New World (TM). ISPs can see every data packet your PC sends or receives so you should consider anything that isn't encrypted as open to public view. As for recording data, this depends on the legal situation in your country - many have however imposed requirements on ISPs to log and retain this information (in the UK this is covered by Part 11 (Anti-terrorism, Crime and Security Act 2001) of the Anti-terrorism, Crime and Security Act 2001 (http://www.hmso.gov.uk/acts/acts2001/20010024.htm)).-{ Quote: "I'm just not gonna be bothered to use some 'proxy' i don't it to slow my web browsing speed... and to load some page each time and type into a small box for an address... and when i click a link nstead of typing in THEIR box... the proxy address thing is gone... :-|" }-This is where JAP scores - you just configure your browser to use it (proxy address 127.0.0.1 port 4001) and browse as normal. Speed can be slow but there are multiple mixes available so if you take the time to learn the interface, you should find it perfectly tolerable (I've had speeds of up to 30KB/s - but this tends to apply to larger webpages only).-{ Quote: "There is a program called Smartfix that i tried and it can hide your ip address effectively among other things." }-Does this just route traffic through a public proxy server? If so, then it will hide your IP address from websites you visit, but will do nothing to prevent an ISP from recording your activities.

Update I've replaced spywareblaster with spywareguard to my setup see post number 24 of this thread...

-{ Quote: "Update I've replaced spywareblaster with spywareguard to my setup see post number 24 of this thread..." }-
You need both:

Spyware Guard is a real-time scanner for your browser homepage.

http://www.javacoolsoftware.com/spywareguard.html

1. Fast Real-Time Scanning engine - catch and block spyware before it is executed (EXE and CAB files supported) with signature-based scanning for known spyware and heuristic/generic detection capabilities to catch new/mutated spyware

2. Download Protection - prevent spyware from being downloaded in Internet Explorer

3. Browser Hijacking Protection - stop browser hijacking activity in real-time


Spyware Blaster places keys in the registry which prevent spyware from loading:

http://www.javacoolsoftware.com/spywareblaster.html

1. Prevent the installation of ActiveX-based spyware, adware, browser hijackers, diallers, and other potentially unwanted pests.

2. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.

3. Restrict the actions of potentially dangerous sites in Internet Explorer.


You seem to be wavering in regards to security and what to have and what not to, here is a link to what I have installed on my system, and they all play together nicely ;D

http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25

Hope this helps...

Cheers ;D

Your setup is definitely an OVERKILL!!
I wouldn't think you would need that much...

Remember, I'm trying to aim for the less amount of programs with the most protection, not something that I will hardly use, ever need or does basically not that much...

How would I need SpywareBlaster also, If i have both SpywareGuard AND Ad-aware... and I use Mozilla Firefox which DOES NOT have ActiveX technology...

Update:

Mozilla Firefox

Resident Programs:
AVG AntiVirus
Kerio Personal Firewall
SpywareGuard
Abtrusion Protector

Non Resident:
Ad-aware

Squash, i liken your security setup to that of a house with a steel door and steel bars over the windows, so no crook can enter, but then forgetting to put locks on the doors. Blackspears security setup is a very good one and is definitely not overkill. You say you know so much about what you're doing, but it does not appear that way to a casual observer.





Paranoid, I think you are probably right about the proxy in Smartfix. I seriously doubt it encrypts the data from your isp.

-{ Quote: "Your setup is definitely an OVERKILL!!

...How would I need SpywareBlaster also, If i have both SpywareGuard AND Ad-aware..." }-
My systems are set up very tight, I have a few others in the household who are a bit "Click Happy" and try to put the security through its paces, so it needs to be secure. I try not to have programs overlap in their functions...

Did you go to the Javacool links that I provided and read about what each products function is, Javacool does not put out 2 different programs for nothing if one could have done the job...

I would use Spybot Search and Destroy, before I would use AdAware, as it has a registry monitor called Tea Timer...

Hope this helps...

Cheers ;D

-{ Quote: "
by Senior Paranoid2000 : Welcome to the New World (TM)." }-
-{ Quote: "
by Major Blackspear : Did you go to the Javacool links that I provided and read about what each products function is, Javacool does not put out 2 different programs for nothing if one could have done the job..." }-
-{ Quote: "
by guest 1234 : You say you know so much about what you're doing, but it does not appear that way to a casual observer." }-
Casual observer drops in, reads thread, retains information (It does seem squash you could really benefit from the experienced advise of participants in this thread. These people have written {members} very informative threads covering many important issues, many which I have read to inform myself. You could try to investigate some of their options, which will involve a little effort on your part. They offer their time and assistance...),
exits...

GF

I think I know that I am secure enough... but I wanted to see if it IS really secure enough and see what people have to say...

Just because I am a so-called 'guest' poster does not mean I am a newbie and lack any security information...

Anyway, I now have both SpywareBlaster AND SpywareGuard

That Smartfix thing does not seem to hides a person IP Address, i read the info on majorgeeks and doubt a 1.4 mb program or something can do that... I think the only way is by proxy - which itself that can be security risk especially those ip number ones with no hostname.

Actually Squash, Smartfix does use a proxy to hide your ip address, the program just provides a quick route to it. But, i couldn't get it to work with Firefox, not to say it wouldn't work with FF, i just don't have the time to figure it out. It is still a good program and worth checking out IMO. And the price is definitely not bad either (free). If you do decide to try the program you can test the proxy here http://www.electronicprivacy.com or here http://www.whatismyipaddress.net and you will see it does indeed hide your true ip address. Don't forget to try these sites without the proxy on too. :)

I have just installed smartfix and it does work. The only thing that I don't like is that you have to type in the address of the page you want to visit in the address bar. If you just click on a link, it doesn't work.All in all. smartfix does what it says.

-{ Quote: "I think I know that I am secure enough...." }-
Have you tried the exploit tests here:

http://www.wilderssecurity.com/showthread.php?t=11975

Let us know how you go ;)


-{ Quote: "…I now have both SpywareBlaster AND SpywareGuard" }-
Good to see…


-{ Quote: "…That Smartfix thing does not seem to hides a person IP Address, i read the info on majorgeeks and doubt a 1.4 mb program or something can do that... I think the only way is by proxy - which itself that can be security risk especially those ip number ones with no hostname." }-
The size of the program has no relevance to its function…

Cheers ;D

-{ Quote: "I think I know that I am secure enough... but I wanted to see if it IS really secure enough and see what people have to say...

Just because I am a so-called 'guest' poster does not mean I am a newbie and lack any security information...

" }-

While I have the impression some guests posting here are hacker level, I must agree with others that you give me the impression you don't quite know what you are doing. You obviously know s more than the typical newbie who doesn't care for security of course, but you do seem to be below the level of the more advanced wilders members.

If it was possible, and I could afford:

A so-called 'advanced' person would

1. Buy a router
2. Buy a firewall like Kerio or ZoneAlarm Pro, Use Kaspersky or Nod32 as their AV, TDS-3 as their AT... and ad-aware and spybot plus almost the whole number of softwares offered by javacool

in addition to applying all security patches and service packes... are careful in what they are doing, use opera or a gecko-based browser or other browser. use regprot, backup up their computer regularly...

plus a whole heap of security programs...

But am I... only choosing the software that is free, that works for me, i use or need and that is actually a necessity for me - not a necessity for others or what others may think... I'm not interested in overkilling

and how can you say, I don't know what an advanced person does, I do... but I CHOOSE not to follow that advanced way.

I'm trying to get a smalla mount of security apps to do the most amount that it possibly can...

Update:

Mozilla Firefox with adblock, deny 3rd party cookies and deny refferers
Kerio Personal Firewall
AVG AntiVirus
Abtrusion Protector
Lavasoft Ad-aware

and DiamondCS
plus my very very carefulness...

I don't think a realtime spywareguard or such is really necessary because i hardly ever use IE or any programs which use the IE engine and mozilla firefox is virtually immune to all spyware IF, a person does NOT download and execute it themselves... it does not autodownload spyware without asking...

And plus how many of you people with lots of security applications use the apps on a regular basis... I think that some of you just keep the apps on your computer to say you have a high amount of protection that is not necessary...

The comments some of us are making as nothing to do with what you are using, but more with how you are answering. Eg

-{ Quote: "That Smartfix thing does not seem to hides a person IP Address, i read the info on majorgeeks and doubt a 1.4 mb program or something can do that..." }-


-{ Quote: "Who have you seen has been hacked who has a Firewall and Antivirus at least, and not apply a security patch and get hacked because of not applying a security patch ?!..." }-

There are always tradeoffs for free software, if you want further consolidation with the same level of protection, you will have to actually pay for the software. Spyware Stopper , for example, has resident blocking (as it comes in through your internet connection) of spyware and also containes the kill bits like Spyware Blaster.. it's up to you if the inconvenience of having 2 different apps is worth the money (although to be fair, Spyware Stopper does have some additional protection that Spyware Guard does not.)

IMO it's really not that hard to have one additional program that you only have to run about once a month, plus it gives you some tools for your hosts file, BHOs, etc. It also really wouldn't hurt to install Spybot Search and Destroy just to do scheduled scans, Spybot and AdAware both catch things that the other doesnt. Take 5 mins to go through the options and set things up correctly, then you can just forget about it. Again, for consolidation, you can check out Spysweeper, it's a spyware scanner that also has resident protection, and MAY suit all of your needs for spyware protection in one app. Again it costs money, trade-offs.

What you really probably want to do is download everything and run what you call "overkill" for a little while just to see what programs work best for you.

You may also want to check out the thread "what is really sensible in terms of security" if you haven't already:
http://www.wilderssecurity.com/showthread.php?t=43117

It should be noted that things didn't get real bad, in terms of security, until just this year. The threats aren't just coming from script kiddies and the like anymore, there is big money behind these threats now, and they are doing everything they can to subvert common protection models. If you choose only to use one spyware scanner, what are you going to do if/when you get something that targets and disables that scanner? This kind of threat is cropping up more and more all the time. The solution? Use a few different apps and make it easier on yourself by automating it as much as possible. It's not too hard to do, and once it's done you can forget about it and just pay attention to your one on demand scanner.

There is currently some very good innovation in the works, but it will probably take some time before some very solid blanket protection can be had with a minimum of applications. Until then, you will need to run several applications to get decent protection against the widest spread of threats. I'm sure that everyone would like to be able to just get a small hand full of programs that will do as much as all of the security apps talked about on this forum, unfortunately it just doesn't work that way, at least not yet. The multitude of applications brought up may seem like "overkill" to someone that hasn't kept up with the mounting threats that have emerged this year, but you have to take into consideration that just about all of these applications are very specialized in what they do, and made by smaller businesses and even individuals. That balance between simplicity, effectivness, and cost can be difficult to achieve, but if you'll put all criticisms aside long enough to shop around and try things out, you will eventually find it. There just aren't any catch-alls.

Yes Notok,

I've already tried a couple of free software apps, and still come back to my usual set of free security apps because they work for me, not what is necessary what works for others.

Anyway, I might considering adding ewido to my collection when it inmproves...

-{ Quote: "I think I know that I am secure enough...." }-
Have you tried the exploit tests here:

http://www.wilderssecurity.com/showthread.php?t=11975

These are just some of what's out there and the list continues to grow...

Let us know how you go ;)

No, because i don't wanna wreck anything due to those tests or stuff up my web browser...

Would using IRC (Just to chat, not to download ANYTHING from it)... downgrade a person security defenses dramatically ? ... seeing that a user can see the persons ip address or host name through their irc client and how does this differ from say visitng a whole bunch of websites... ?

Is an anti-trojan a 'must-need' like a software firewall or would i be alright if i have an anti-virus... i don't go to questionable websites or download from inreputable sources...

short answer needed not a long answer...
preferably a yes or no answer.

you should try prevx, it is free and is one of the last layers of protection in internet security, doesn't need signatures and works flawlessly

prevx is beta and is only for people over 18 years of age (see their terms and conditions)

-{ Quote: "prevx is beta and is only for people over 18 years of age (see their terms and conditions)" }-

Hmm you under 18?

-{ Quote: "Is an anti-trojan a 'must-need' like a software firewall or would i be alright if i have an anti-virus... i don't go to questionable websites or download from inreputable sources...

short answer needed not a long answer...
preferably a yes or no answer." }-
You might be able to get by with just KAV, but yes, you need an Anti-trojan. The nastier trojans can hide from most AV.

-{ Quote: "short answer needed not a long answer...
preferably a yes or no answer." }-Here's a short answer - READ YOUR OWN !#$£&%! THREAD!!. There have been several posts mentioning this already - if you're now going to forget or ignore previous replies then there is no point in anyone else wasting their time in posting further.

Fine...

I agree that thereare a lot of very knowledgeable posters here.
I have a lot of security programs plus everything updated including patches. Some might call it serious overkill I call it overlapping protection giving me some peace of mind.
Paranoid you mention using JAP along with Proxomitron ( which I have already ) will this significantly impair my browsing? You also mention disabling Javascript and other options. I have tried that but it meant that I could not browse properly at all. I appreciate my privacy without a doubt. At the moment with Firefox I have Java enabled and yet with so many security software and configuration changes I still have difficulty surfing the net.
An example is when two webpages are loading together they both be able to load and the error proxomitron page comes up. Another example is when one page is loading and I press on another link on another page to load it won't do so and again comes the error proxomitron page.
Privacy Vs Functionality.
However I still will try this JAP if it means that my ISP cannot see which pages I visit. And see how it goes.

-{ Quote: "Paranoid you mention using JAP along with Proxomitron ( which I have already ) will this significantly impair my browsing?" }-There are two issues with JAP - availability and download speed. It is a research project so does not have the 24/365 uptime you may expect from an ISP - and there can (and have been) network problems preventing access even when JAP itself is OK. When you use any proxy, you are adding an extra potential point of failure in your Internet connection and this will make troubleshooting problems a little more time-consuming.

With page download speeds, when using JAP you are sharing limited network bandwidth. The best speed I have seen with JAP has been 30-35KB/s on large web pages during off-peak hours (large files seem to get better throughput, likely due to the connection overheads being lower) while the worst case has been 2-3KB/s (slower than dialup) during peak times. If you are used to multi-megabit broadband access then you may consider this unacceptable.

However there are (usually) multiple mixes available and checking availability and current usage via the JAP client periodically to switch to a less busy one is a good idea.-{ Quote: "You also mention disabling Javascript and other options. I have tried that but it meant that I could not browse properly at all. I appreciate my privacy without a doubt. At the moment with Firefox I have Java enabled and yet with so many security software and configuration changes I still have difficulty surfing the net." }-I disable everything by default - if a page does not work, I have a quick peek at the HTML to see if the problem is Java or Javascript related and allow it for that site if needed. The main security problem seems to be links to third party sites triggering scripting exploits - so disabling active content by default avoids this. Creating a filter in Proxomitron to disable content for such external links should be possible (although tricky given the number of techniques available for spawning popups) and should suffice in most cases - but beware of links in spam emails (I had one purpoting to be an order invoice, the link included went to a page that tried an MS-ITS (http://www.securityfocus.com/bid/9658/exploit) exploit - the domain registrar acted responsibly however and shut the domain down within a hour).

You may however find disabling Javascript with your browser a more usable option since this will set the <noscript> flag used by many web pages to check for (and provide) a fallback if Javascript is not available - this is a browser setting so cannot be handled by external filters like Proxomitron.-{ Quote: "An example is when two webpages are loading together they both be able to load and the error proxomitron page comes up. Another example is when one page is loading and I press on another link on another page to load it won't do so and again comes the error proxomitron page." }-That sounds like you have something limiting the number of simultaneous network connections. Your firewall's logs may provide more detail here (was anything blocked?). If the firewall has connection limits (I understand that Look'n'Stop for example has a limit of 100 connections if stateful inspection is enabled) then this may be the cause since using a local proxy will double the number of connections needed to load a web page (browser to proxy - proxy to website) and JAP will add a couple more (it only needs 2 external connections). In such a case, shutting down other programs (like P2P) or using another firewall may be necessary.

I would also advise that you install the OpenSSL libraries to allow Proxomitron to filter HTTPS content as detailed in The dangers of HTTPS (http://www.wilderssecurity.com/showthread.php?t=31087).-{ Quote: "However I still will try this JAP if it means that my ISP cannot see which pages I visit. And see how it goes." }-There are other options, but JAP does seem the best compromise between usability and security for now.

-{ Quote: "...using JAP along with Proxomitron ( which I have already )..." }-
Are you using filters with Proxomitron? Such as Kye-U's filters found here:

http://www.wilderssecurity.com/showthread.php?t=11975&page=4

See postnumber 79

Hope this helps...

Cheers ;D

I think that a firewall (software or hardware) is the most important security application, a person can have. I tried surfing without a firewall for a few minutes then someone FTPed a trojan with an inbuilt FTP program in windows xp... i had to reformat...

I think that a persons security levels are way better if they have a firewall...

List of must have: Firewall and AV with a browser other then IE and it's third party shells... combined with pretty good security practices is maybe the most minimal security setup... there is for pretty good protection.

I think the forum posters with high amount of posts on this forum have "overkill" security set-ups, after all this IS a security forum. Many people around the world, only know of an antivirus and firewall and havn't really heard of any other programs like anti trojan and IDS... so the posters have other not 'must-have' security applications... and doesn't that mean... programs that you don't need...

I thought it is good to only have the programs you USE... not the ones you MAY need or rarely use, or don't need...

Even though they are security applications, who would want to have a bunch of security programs which are not needed especially when it comes to the time to update the software or update the definitions...

-{ Quote: "Even though they are security applications, who would want to have a bunch of security programs which are not needed especially when it comes to the time to update the software or update the definitions..." }-
You DID read that link I posted earlier in this thread, right? All of it?

-{ Quote: "Many people around the world, only know of an antivirus and firewall and haven't really heard of any other programs like anti trojan and IDS... so the posters have other not 'must-have' security applications... and doesn't that mean... programs that you don't need..." }-
One night a burglar found a house with a simple lock and picked it. He was in very fast, got him a bag full of goodies and walked out very quietly with a wallet full of credit cards, $200 cash, etc.

The same burglar found another house the next night. It was a better lock, but still, he managed to pick it and he was in. As soon as he stepped into the living area a siren went off and a man rushes into the living room, sees the burglar just as he pulls a long knife - and blows him away with his shotgun.

Now, most people just have locks. Some good, some better than others. But most people rely on solid locks to keep the bad guys out. However, there are a few who go over and beyond because their security means a lot to them. They have a motion detector inside to scan the front area in case someone makes it through the lock. If the siren goes off, some burglars are unfortunate enough that the homeowner not only scans for motion, but has another layer of security (the shotgun) to kill it dead.

It all depends on how important whatever kind of security is to you. I don't rely solely on solid doors and quality locks.

John
Luv2BSecure

.

Notok: Yes, I THINK I have read what you have wrote... but maybe I just asked the same question again... whoops... looks like I'm running out of questions on this topic... (Am I SECURE enough)

Luv2bsecure: That is more like it... an answer in real-life terms... even though I think I know what am doing... Being simplfied makes it more simple to understand...

I think i'll choose the minimal, basic "lock" instead of a high-tech lock with the security devices inside...

At the end of the day it's up to you what level of security you desire. Even though you have not taken away much from the knowledge posted on this thread many others will and that is what matters.
To Paranoid I have a Dial Up Modem. Which may mean using JAP becomes unusable. However I am willing to give it a go to see what it is like. What I'm thinking of is switching between using JAP and just using Proxomitron. Is there an easy way of switching between using JAP and not using it without having to change the port number on Proxomitron every time?

TIA

I'm back... 5 months later for the update. And I registered for those who didn't notice :)
Note: My first post on Wilders Security Forums

Squash's Security Setup
(DEFINITIVE)

General

Operating System: Windows XP Home Edition SP2 (The CD is ordered). I run as a limited account for everyday use (But I still have the "safe mode" in-built administrator account and a "Owner" account for when i need to install programs). Automatic updates is going to be on when I install SP2. Windows File Protection is ON.
Anti-Virus: AVG AntiVirus 7.0 with latest updates
Firewall: Kerio Firewall 4.1.2
Anti Trojan: Ewido 3 with latest updates
Anti Spyware: Ad-Aware SE Personal with lastest updates, SpywareBlaster and SpywareGuard with latest updates for prevention
Web Browser: Mozilla Firefox 1.0.1 (with Adblock Extension and 4KB Adblock filter) Default and Primary Web browser also configured to deny referrers and deny Third party cookies
Hosts files: A 1MB Hosts file
IDS: Process Guard, Prevx Home with all updates, Abtrusion Protector (Protects install directory, registry and boot protection) and Kerio Firewall's in-built IDS
Registry Protect: Prevx Home, Abtrusion Protector and Limited XP account (can't write to most of registry with that alone)
Other: Eraser (Gutman 35 pass), Auto Start Viewer (from DiamondCS), Hijack This!, Rootkit Revealer, Safe XP, Regseeker (Registry Cleaner).
Backup: System Restore is on for all drives and the whole computer is imaged/backuped.

Tweaking

Tweaked services.msc, deleted some services left only TCP/IP... Also used various GRC.COM utilities like DCOMBulator etc. and others such as HTASTOP. I turned off Windows Scripting Host (.vb, .vbs) with Symantec's Noscript.exe. And I did all the things mentioned in http://www.markusjansson.net/exp.html from Notok's signature.

Programs

I also hardly ever use any Microsoft products except for Windows Media Player, I've replaced with others instead like open source and freeware ones and I rarely use - if ever Internet Explorer...

Alternative OS

I used Linux before coming back to Windows, only because of hardware compatbility issues, but I am still going to use Linux though only as LiveCD for OpenOffice.org (don't want to download) and for going to websites like online shopping etc. I have Fedora CDs (install only) and Ubuntu (install and live CD) I choose to use Ubuntu Live CD.

Services

Turned off unncessary services with services.msc, Am careful before downloading anything (don't download from inreputable sites), Uninstalled some services and left TCP/IP only (I uninstall NETBIOS/Netbuei) Turned off Windows Scripting Host and check Task manager to see if there are any more processes then the normal

ISP

Am I dial-up so IP Address changes randomly each dial-up
This is a Home computer not a server. So I shut down all the server things.

Physical security

All accounts (including safe mode admin account) are all passworded with a combination of letters of numbers. and I BIOS passworded the computer.

I also keep all my sensitive files on a flash USB not on the hard disk.

Computer Knowledge

And last but not last, I absolutely know what I am doing. I am not a computer newbie, nor am I intermediate. I consider myself to upper-intermediate.

Conclusion

Nothing is secure, but this is fairly adequete for a home computer. And best of all, it all works for me

Good to see you back with us, and you now have a nice setup, well done.

Do you still use SpywareBlaster for prevention?

Cheers ;D

-{ Quote: "Good to see you back with us, and you now have a nice setup, well done.

Do you still use SpywareBlaster for prevention?

Cheers ;D" }-

Thanks Blackspear

Yes I use SpywareBlaster for prevention, too. I'll edit the previous post and put that in. Unfortunately I had to uninstall regprot, as every time i login as limited user (primary account) it keeps on alerting me and i press yes for everything, after i log out and login or reboot and starts alerting me again. Maybe it is because the limited account doesn't allow write access to registry. So I'll just use the registry protect setting in Abtrusion Protector for now, until DiamondCS fixes the problem or there is something better.

-{ Quote: "Thanks Blackspear

Yes I use SpywareBlaster for prevention, too. I'll edit the previous post and put that in. Unfortunately I had to uninstall regprot, as every time i login as limited user (primary account) it keeps on alerting me and i press yes for everything, after i log out and login or reboot and starts alerting me again. Maybe it is because the limited account doesn't allow write access to registry. So I'll just use the registry protect setting in Abtrusion Protector for now, until DiamondCS fixes the problem or there is something better." }-

Frankly given the setup you have (abtrusion protector,prevx etc), regprot is far more limited to be worth running and is probably redudant anyway.

Your setup is reasonable, though I would personally add MSAS to beef up adware detection capabilities, and a backup AV on demand scanner (or online scanner) or two wont hurt.

-{ Quote: "Frankly given the setup you have (abtrusion protector,prevx etc), regprot is far more limited to be worth running and is probably redudant anyway.

Your setup is reasonable, though I would personally add MSAS to beef up adware detection capabilities, and a backup AV on demand scanner (or online scanner) or two wont hurt." }-

Thanks for replying upper-intermediate. About Microsoft AntiSpyware, it is currently in free beta and I don't know if it will be free when the final version comes out. And I think my adware prevention capabilities are adequete as I use Mozilla Firefox (blocks like all ActiveX spyware and effectively all, if i'm not stupid enough to click install on every XPI i see) and with that alone I don't get any spyware but I have Lavasoft Ad-Aware and Spyware Blaster for prevention just in case. Spyware should be the lesser of my worries.

All these security resident things is already bogging down this computer, but I rather sacriface a little of usability for more security.

Regarding a second on-demand scanner, that is redundant in a way, because I once I setup a security setup and programs I rarely add anymore software. I always use the usual Irfanview, Notetab, 7-Zip, Mozilla Firefox, TV tuner app, RealPlayer and Windows Media Player and thats basically the software on this computer apart from all the security apps. AVG fulfils my requirements, I do not want to go into the burden of having another program to update. So far I have AVG, Ad-aware, Ewido, PrevX to update. Unless someone convinces me other whise, an on-demand scanner is a waste of effort. Some may agree whilst some may not.

-{ Quote: "Thanks for replying upper-intermediate. About Microsoft AntiSpyware, it is currently in free beta and I don't know if it will be free when the final version comes out.

" }-

It will be free. Announced already some time ago.


-{ Quote: "
And I think my adware prevention capabilities are adequete as I use Mozilla Firefox (blocks like all ActiveX spyware and effectively all, if i'm not stupid enough to click install on every XPI i see) and with that alone I don't get any spyware
" }-

I would say firefox is immune to all Activex installed spyware, unless you install the plugin for activex. XPI, JAVA etc is another matter.

-{ Quote: "
but I have Lavasoft Ad-Aware and Spyware Blaster for prevention just in case. Spyware should be the lesser of my worries.
" }-

I'm thinking more about local installation of "freeware" (which might actually be spyware).

-{ Quote: "
All these security resident things is already bogging down this computer, but I rather sacriface a little of usability for more security.
" }-

Any upper-intermediate user should have no problems using MSAS as an on-demand scanner.

-{ Quote: "
Regarding a second on-demand scanner, that is redundant in a way, because I once I setup a security setup and programs I rarely add anymore software.
" }-

I don't get your logic here. If your logic holds, wouldnt you argue that you need no antivirus at all? Besides there are many other vectors of infection other than merely by user installation.

AVG is known to be pretty weak in detection rates, though I agree, that if you dont download and install new programs often it helps a lot.


-{ Quote: "
AVG fulfils my requirements, I do not want to go into the burden of having another program to update. So far I have AVG, Ad-aware, Ewido, PrevX to update. Unless someone convinces me other whise, an on-demand scanner is a waste of effort. Some may agree whilst some may not." }-

Well I don't really need to convince another guy who considers himself upper-intermediate, what you choose to use is what to you.

From what I have seen from your setup , it built around more behaviour based software monitoring and prevention (PrevX, limited account, Abtrusion Protector) rather than via signatures anyway.

That shifts the burden to the user side though I'm sure you can handle it.

Yes, indeed I can handle it.

At least I'm safer then people who only run a firewall, AV and AS which is the bare minimum entry into security. Thanks to everyone in this thread who took the time to answer my posts. I have now learnt a great deal about security. As for my security setup, it all works for me and that is what is best. 8)

You're right, squash, that you do have a good setup and spyware should be the least of your worries. However, I think you may be overestimating current anti-spyware scanners. Here's an article that you might take a look at:
http://windowssecrets.com/050127/#story1

You might also throw in the eScan antivirus toolkit, even if you don't use it much. There's no install, so no worries about compatiblity issues, and if you throw it in c:\Bases (or any drive letter, for that matter) then you can use kavupd.exe to update it. It uses the Kaspersky extended bases, so it has a pretty wide range of detection. Although I don't think it's a replacement for any/all other scanners, it's just a good way to fill in a lot of gaps, IMO. It kind of allows you to have the best of all worlds :)

Nice link Notok!!

yes the escan toolkit is a nice supplement for on demand scanning :)

-{ Quote: "You're right, squash, that you do have a good setup and spyware should be the least of your worries. However, I think you may be overestimating current anti-spyware scanners. Here's an article that you might take a look at:
http://windowssecrets.com/050127/#story1

You might also throw in the eScan antivirus toolkit, even if you don't use it much. There's no install, so no worries about compatiblity issues, and if you throw it in c:\Bases (or any drive letter, for that matter) then you can use kavupd.exe to update it. It uses the Kaspersky extended bases, so it has a pretty wide range of detection. Although I don't think it's a replacement for any/all other scanners, it's just a good way to fill in a lot of gaps, IMO. It kind of allows you to have the best of all worlds :)" }-

Notok, go to the results page for that spyware test... http://spywarewarrior.com/asw-test-guide.htm then scroll to the bottom, if you comapare Ad-aware, Spybot and GIANT (Now Microsoft) AntiSpyware, they detected the same and also missed the same things! I don't know how a second spyware can help me in that case, as they are all redundant. The study is shocking, and I initially reading that I wanted to add another spyware scanner, but after reading the results page... you get the idea ???

I am happy at my current setup, I don't need more apps... Especially since I can't fit any more apps as backups of installers on my flash 128MB USB drive (I already imaged the hard drive, but I also like to keep the installers).

Belarc Software summary of installed security programs (Edited by me):

Computer Profile Summary
Computer Name: <Removed>
Profile Date: Monday, 28 March 2005 7:36:34 AM
Advisor Version: 6.1f
Windows Logon: <Removed>

Software Versions:
Abtrusion Protector Version 1.1.0.103 *
CCleaner Version 1.17.0094 *
DiamondCS Autostart Viewer Version 1.00.0001 *
Eraser Version 5.7 *
ewido security suite Version 3, 0, 0, 101 *
GRISOFT, s.r.o. - AVG 7.0 Anti-Virus System Version 7.1.0.285 *
Kerio Personal Firewall 4 Version 4.1.2 *
Lavasoft Ad-Aware SE VI.Second Edition *
Mozilla - Firefox Version 1.7.6: 2005022518 *
MRU-Blaster v1.5 Version 1.05.0009 *
Prevx Home Version 2.3.0.0 *
RegSeeker *
Safe XP Version 1.0 *
Soeperman Enterprises Ltd. - HijackThis Version 1.99.0001 *
SpywareBlaster Version 3.03 *
Sysinternals Rootkitrevealer Version 1.31 *

Ad-Aware alone caught 47%, but Ad-Aware plus GIANT caught 69%, which is a pretty good jump IMO (those figures are based on the same test as you referenced.) I keep both around, along with SpyBot for it's autoscans and various tools, but I don't do a lot of manual scans with them as my sentiment does echo yours. I do, however, like to automate things as much as possible. I like to set a night that my system will run several scans automatically, clean temp files etc, defrag, and backup. After that I do a scan with MSAS once every month or so.. if you want more info on that, just let me know.

BitDefender is a good choice, too. I don't run it just because of the install and the memory it takes up, although I've thought about using it when I get some more memory. Look through your email client, download manager, etc, to see if you can integrate it with those programs.. will even save you from needing to do much context menu scanning.

The bottom line for me is that it's better to have some of those things on hand and not need them then the other way around. I'm not going to try to hard to convince you, I just wanted to throw those out there for you to consider. The new version of Prevx (beta due out within the next couple weeks) will have some scanning functionality as well, apparently, which has kept me from checking out any other scanners until I have a better idea of what it's going to be like.

-{ Quote: "The bottom line for me is that it's better to have some of those things on hand and not need them then the other way around. I'm not going to try to hard to convince you, I just wanted to throw those out there for you to consider. The new version of Prevx (beta due out within the next couple weeks) will have some scanning functionality as well, apparently, which has kept me from checking out any other scanners until I have a better idea of what it's going to be like." }-Agreed, and that will be nice if Prevx does so...

Cheers ;D

Very interesting thread... I've learned a lot.

Security here:

1) User awareness
2) Don't use IE or OE
3) WordViewer for *.doc attachments
3) Firewall - Kerio 2.1.5
4) Deep Freeze

Thank you,

Rmus

Hi Rmus, welcome to Wilders.

You may want to take a look HERE (http://www.wilderssecurity.com/showthread.php?t=62972). As well there are discussions HERE (http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25) and even more HERE (http://www.wilderssecurity.com/showthread.php?t=43117).

Hope this helps...

Let us know how you go.

Cheers ;D

-{ Quote: "Hi Rmus, welcome to Wilders.

You may want to take a look HERE (http://www.wilderssecurity.com/showthread.php?t=62972). As well there are discussions HERE (http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25) and even more HERE (http://www.wilderssecurity.com/showthread.php?t=43117).

Hope this helps...

Let us know how you go.

Cheers ;D" }-
Wow - I can't believe people use all of that stuff. Having to worry about running those programs and keeping them updated would take all of the fun out of computing.

Thank you,

Rmus

-{ Quote: "Wow - I can't believe people use all of that stuff. Having to worry about running those programs and keeping them updated would take all of the fun out of computing." }-So, have you tried the exploit tests HERE? (http://www.wilderssecurity.com/showthread.php?t=11975)

Cheers ;D

I am NOT trying this _ever_ again... :o :o :o

I had my security setup right, until I installed bitdefender (for on-demand AV) and microsoft antispyware (for second AS) then windows xp crashed, not just crash but came up with a Blue screen of Death and dumped the memory into the physical disk even after multiple restarts, it stills killed windows xp. I restored to an earlier time using system restore, still problem persists. Luckily I had imaged this hard drive 1 or 2 days ago and I had my original working computer in only 20 minutes.

Thats what I get for trying to make a secure computer, even if the computer didn't die I would have uninstalled bitdefender and microsoft antispyware anyway.

Bitdefender = Updates do not work, I updated and it keeps on failing
Microsoft AntiSpyware = Promising, but it's still beta... and may be the cause of the problem

-{ Quote: "So, have you tried the exploit tests HERE? (http://www.wilderssecurity.com/showthread.php?t=11975)

Cheers ;D" }-
No.

Thank you,

Rmus

Update to my setup:

Replace Abtrusion Protector with Process Guard. Because AP is redundant with Prevx Home and slows down this machine considerably.

Thinking or/will replace Lavasoft Ad-aware with Microsoft Antispyware because the later detects more things.

-{ Quote: "Thinking or/will replace Lavasoft Ad-aware with Microsoft Antispyware because the later detects more things." }-Combine both and the detection rates go higher still ;) ;D

Cheers ;D

-{ Quote: "Combine both and the detection rates go higher still ;) ;D

Cheers ;D" }-

I switched from Kerio to ZA
From Ad-aware to MSAS
and removed Abtrusion because redundant with Prevx and PG.

It works for me...

Hello, this is not exactly a security tool, but I found ERUNT to be a lot more reliable than System Restore. ERUNT is mainly registry-backup, I can't say I know greatly what System Restore actually takes a snapshot of (I am assuming it is registry hives and possibly system critical files). I have never had a problem with restoration but System Restore has failed roughly 4/5 times for me, I have also found it can be quite a space-consumer. There is a section in the manual about problems with boot-up and restore. IIRC, it mentions using the Recovery Console to restore one of the backups and makes this process easier by storing snapshots in the %SYSTEMROOT% location. As for drive imaging software, I can honestly say I have not encountered any reasonable freeware alternatives, the one I did find (DrvImagerXP) had bad compression value which made a 40GB drive stored at around 0.8:1 ratio.

Hope this helps. :)

You can check out ERUNT here:
http://www.larshederer.homepage.t-online.de/erunt/