Ended up reformating.. figure its time for a security overhaul.

[shinysecure]

Well due to some problems I was unable to fix I decided it would simply be easier to reformat.

I was previously using

avast av
comodo fw
spywareblaster
spybot
Malwarebytes
firefox with adblock+ and noscript

VERY recently tried out threatfire (had problems right around that time but I really don't think they are related.)

Some of these things have seemed to have died out(spybot) and I have a feeling reading these forums that there have been quite a few changes to recommended security setups.

Can anyone provide me with a more modern setup.
Basically I am looking for rather strong protection, there is a good possibly of unrestricted web access and possibly of questionable files being ran(could use a sandbox enviroment for that correct?)

Really appreciate the help.

[acr1965]

Since you mentioned sandboxes I would suggest you grab the DefenseWall promo that is available for only a little longer.

http://www.wilderssecurity.com/showthread.php?t=260313

[TheKid7]

Quote:

Originally Posted by shinysecure

I was previously using

avast av
comodo fw
spywareblaster
spybot
Malwarebytes
firefox with adblock+ and noscript

1. AV of your choice (I would say MSE, but there are reports that there is an issue with Defensewall)
2. Sandboxie
3. Defensewall (Free if you get it before 2 p.m. PST on December 13)

http://www.wilderssecurity.com/showthread.php?t=260313

4. Online Armor Free (Reported to work fine with Defensewall and Sandboxie)
5. WOT (Web of Trust) Website Ratings
6. Linkscanner Free (Website Ratings + Known Threat Blocker)
7. Routine System Partition Imaging to a "Secure" Hard Drive and/or DVD(s)
8. Malwarebytes Free (Manual Scans)
9. SuperAntispyware Free (Manual Scans)
10. Firefox with adblock+ and noscript
11. Spywareblaster

I would say that 2, 3, and 7 are the most important.

[kasperking]

Drive backup/imaging......go for shadow protect desktop/ paragon/acronis etc

[innerpeace]

Quote:

Basically I am looking for rather strong protection, there is a good possibly of unrestricted web access and possibly of questionable files being ran(could use a sandbox enviroment for that correct?)

If your mean others may be using the machine then a light virutualization app may help. You could turn on the protection and whatever changes they do would be gone after a reboot.

You could also setup different accounts for you and the others so whatever damage they may cause would be limited to their account which could be deleted. It would also limit what they could do. Set them up with a limited or guest account. Just protect the account/s that you use with a strong password.

The sandbox apps are also good idea. Also, as kasperking and Thekid7 mentioned, a clean image after you get everything setup would save you from having to reinstall in the event that the machine becomes infected or borked.

[shinysecure]

Thanks for all the suggestions so far and awesome link for defensewall.

How well linked is the trusted and untrusted concepts with HIPS.
For example if some program downloads a file to the desktop is that linked to the origional programs setting and then anything that program does is also untrusted? etc?
How is defensewall vs geswall free ver.? I know the promo is free but I would probably eventually buy the program for updates(if it is as amazing as people seem to make it sound), however if geswall is comparable I could learn to use that now.

How does HIPS differ from sandboxie(can't use it as I am using 64bit)
(edit: been reading a lot and seeing people seem to brush aside defensewall and geswall by saying they have 64bit windows.. any explanation would be welcomed)
Are there "maintained program states"? For example, I download a program and run it.. It works but is untrusted.. Will it then work in the same state from the last time I ran it? Sorry kinda hard to explain what I mean. Kinda like for the duration a program is on my computer it is in its own "sandbox".

Doing an image sounds like a great idea, I would love to restore/reformat more then I do but I end up putting it off, if its a couple clicks I would do it much more often.



Really appreciate the input.


Rather important edit: seems like the system being 64bit is very important, I am trying to read up on uac and the like. Any guidance would be great.

[kasperking]

Quote:

can't use it as I am using 64bit

well no Defensewall, GeSWall, Sandboxie on 64-bit systems for starters read here.......http://www.wilderssecurity.com/showthread.php?t=248698

[shinysecure]

Reading those links.. sounds like it ends up being quite a bit more complex.

Thanks for the info... back to being overwhelmed.

[pegr]

Returnil RVS 2010 would be a good choice for a 64-bit system.

Edit: I forgot to mention Prevx 3.0 (paid version). Prevx 3.0 can be used to supplement an existing AV or as a replacement for AV. Prevx 3.0 is available for 64-bit systems, but the SafeOnline browser security extension for Prevx currently only works on 32-bit systems. SafeOnline 64-bit compatibility is about to be released and will be available very shortly.

[jonyjoe81]

That is too much security software, you need to keep it as lite as possible to be able to have fast speed on the internet. All antispyware software will slowdown the internet.

This is my simple setup that hasn't been compromised in over 2 years.
1. zone alarm firewall pro (not the suite)
2. avira free antivirus
3. firefox 3.5 browser
4. returnil free version(enabled when ever I'm on the internet)

Antispyware is not required as long as you have returnil running while on the internet. If you do get some sort of spyware/antivirus a simple reboot will remove all traces of it. Some people say that "returnil" is suscepible to spyware/malware etc, but I have never encountered anything that has been able to defeat it.
I also keep a weekly image backup as a precaution, but have never had to use it.

[pegr]

Quote:

Originally Posted by jonyjoe81

Antispyware is not required as long as you have returnil running while on the internet. If you do get some sort of spyware/antivirus a simple reboot will remove all traces of it.

In terms of protecting the system from malware that's true, but what about identity theft, password and data stealing, etc. while the malware is running in the virtual environment?

I agree that AntiVir is one of the best AV's, but relying on any AV to identify and prevent zero-day threats is at best a gamble (some security analysts are saying that AV's are getting less and less effective over time, and are now only around 45% effective against the newest threats).

That's why Returnil is evolving from it's origins as an ISR utility to gradually include more and more security features. As the saying goes: You can image your system but you can't image your life if you're unlucky enough to suffer identity theft or a thief gets hold of your credit card or online banking credentials.

As far as firewalls go, the Comodo and PC Tools firewalls are likely to be a better bet. They are both available for 64-bit systems, less likely to cause trouble than Zone Alarm, and they perform better in the Matousec leak tests. They are also free.

[Osaban]

Quote:

Originally Posted by kasperking

well no Defensewall, GeSWall, Sandboxie on 64-bit systems for starters read here.......http://www.wilderssecurity.com/showthread.php?t=248698

Faronics DeepFreeze (virtualizer) and Anti-Executable make a very tight security. Shadow Defender lately has launched a x64 version of their program, which IMO is more versatile than DeepFreeze.

Shadow Defender and Anti-Executable work very well together.

[shinysecure]

Alright then for my firewall I am going to stick with comodo, been using it for awhile and have become really comfortable with it.

Antivirus will be either avast(again comfortable with it and it seems to still be ranked well), avira(dont know such much but seems to get a bit more praise then avas) or MSE(kinda simple interface is a bit of a turn off to me).

Firefox will be my browser with adblock+ noscript

Will also run spyware blaster

malwarebytes will also be making a return
I will however add superantispyware



-Still confused here-

Threatfire I dont know exactly what this fits in under..

Returnil again i dont really know exactly what this is.. according to their site its a bit of everything...

Anything I should do special with user accounts? The whole uac srp lua stuff is rather confusing to me as I can only find bits and pieces of suggestions with it.
Just finished windows updating the comp.. Should I create a non administrator account now?
This time I am also going to leave UAC on and use norton UAC tool.



thanks for the responses... looking at deep freeze and anti-exec now

[pegr]

Quote:

Originally Posted by Osaban

Shadow Defender and Anti-Executable work very well together.

That looks like a good alternative to Returnil RVS 2010 if the OP doesn't mind paying for two apps.

[kasperking]

Quote:

Originally Posted by shinysecure

Well due to some problems I was unable to fix

well btw what were the problems that made you format....?

[pegr]

Quote:

Originally Posted by shinysecure

Threatfire I dont know exactly what this fits in under..

Returnil again i dont really know exactly what this is.. according to their site its a bit of everything

ThreatFire is an intelligent behaviour blocker. It works well for some people but can slow systems down and has been known to cause conflicts on some systems. You've mentioned Comodo. If you are using Defense+ then you definitely don't need ThreatFire as well. If your main threat gate is web browsing then the addition of an anti-execute type application is probably all you need to prevent drive-by downloads, which is the main risk, especially as you are planning to use the NoScript add-on for Firefox.

Returnil RVS 2010 is primarily a lightweight virtualisation application that will virtualise the entire system partition. Think of it as a bit like Sandboxie except that the whole of the C Drive is sandboxed when the virtual mode is enabled, not just an individual application. RVS 2010 also has an anti-execute function that can be used when the virtual mode is enabled, but it won't be as powerful as what you would get in a separate application like Faronics Anti-Executable. There is also an AV and a file protection feature, which if turned on provide protection irrespective of whether the virtual mode is enabled or not.

The best thing is to try out for yourself the different recommendations that you are getting and see which you feel most comfortable with. The vendors websites are a good source of information as to what the various products do.

Regards

[shinysecure]

Quote:

Originally Posted by kasperking

well btw what were the problems that made you format....?

Flash player was not working with firefox. Sounds dumb but I messed around with it for a couple hours then decided I felt like reformatting.
I tried reinstalling firefox and flash player using the uninstall tool.
Removed all addons / shut down firewall/av
Deleted all settings and registry files for those programs.
Added about:config command to firefox to ignore windows internet security settings.

And it still didn't work.. in my state of frustration I decided I would fix the problem with brute force.

Quote:

Originally Posted by pegr

That looks like a good alternative to Returnil RVS 2010 if the OP doesn't mind paying for two apps.

I would really prefer avoiding if other programs can be just as good, at least in a home environment.

Quote:

Originally Posted by pegr

ThreatFire is...
...Regards

Thank you very much.

I have mixed feelings on defense+ I understand the concept and it being rather powerful but it drove me nuts.

Seems like returnil could be useful but not entirely convenient.

Yea I have been checking a lot of websites tonight while some sites provide great amount of detail others seem to just have vague bullet points. So I really do appreciate the time to answer my questions even if the answers can be found.

[pegr]

Quote:

Originally Posted by shinysecure

Thank you very much.

You're welcome.

[kasperking]

Quote:

Originally Posted by shinysecure

Flash player was not working with firefox. Sounds dumb but I messed around with it for a couple hours then decided I felt like reformatting.

honestly i think you should definitely give a serious thought about using rollback/imaging/backup programmes.

[shinysecure]

I kind of thought it would have been nice as well. First problem that I have had that I can remember that a couple hours of googling had no fixed.

reformatting to me is rather painless so I really don't mind.. All my important info is backed up.

[Hugger]

NIS 2010 and Shadow Defender.
Easy and effective.

[shinysecure]

One more question before I settle.. at least for now.
I am kinda confused on the difference between say

Comodo Time machine
Returnil
Shadow Defender
Defensewall

I see people using two of those in conjunction and I thought they were fairly similar.

Also I have heard that shadow defender doesn't handle a 64bit environment as well as it should. Is that more of a case of great but not perfect rather then not good at all?

[pegr]

There is a very good discussion relating to Comodo Time Machine in the following thread. Pay particular attention to the posts by BlueZanetti and Peter2150 to get an understanding of how this technology works, and its pros and cons:

http://www.wilderssecurity.com/showt...o+time+machine

Returnil, Shadow Defender, and DefenseWall are all currently being discussed in this thread:

http://www.wilderssecurity.com/showt...40#post1590140

[shinysecure]

Thanks again pegr, both links were exactly the information i was looking for, especially your own post in the thread.

[shinysecure]

after reading those links seems like I am going to settle on either returnil or comodo time machine.

Reason for this is from what I can see is they would handle the situation below the best.

Downloading files that are to be installed and verifying them to be working/real/safe using them and then reverting back to an older image and removing any changes those installs may have caused.

Sorry one more quick question(just trying to avoid installing and removing programs on a clean install)

A fresh system after every restart is something I want to avoid.

Does either option, or another one have the ability to work in a different state for multiple restarts/days and then have a list of various images to go to?
Is there a way to transfer files between images?

Thanks again.
That should be the end of my questions