Recommend free layered security solution

[Kernelwars]

Hi Guys,
I invite all the security experts here at wilders to recommend a layered protection suite (preferably free softwares) that can be used to fight zero day threats and provide a solid protection for not so savvy computer users...
Thanks,
Kernel

[jmonge]

GesWall Free or BufferZone Free

[Boost]

Quote:

Originally Posted by jmonge

Sandboxie Free GesWall Free or BufferZone Free

Fixed

[bellgamin]

I am not a security expert but here goes anyway . . . .

+ Avast-free (antivirus with integral behavior blocker)
+ Private Firewall (firewall with Stateful Packet Inspection plus HIPS)
+ Macrium Reflect (image your system disk at least weekly & retain at least 4 most recent images)

[eugene91]

I'd add on Prevx SafeOnline 3.0 which is currently given away free via www.prevx.com/facebook

[lordraiden]

Quote:

Originally Posted by Kernelwars

Hi Guys,
I invite all the security experts here at wilders to recommend a layered protection suite (preferably free softwares) that can be used to fight zero day threats and provide a solid protection for not so savvy computer users...
Thanks,
Kernel

Comodo IS (without the AV) Firewall + HIPS + Sandbox
Avast Free / Avira / MSE
Safe Online "Free" (facebook)
Peerblock if you use p2p
Immunet (Optional)
Some software for doing backups

[blacknight]

- firewall router ( sorry, not free )
- HIPS: Comodo or Online Armor free
- av ( Avira, Avast )
- GesWAll
- a disk image software ( Macrium ? I have not experience, I use Acronis True Image buy )

[tlu]

LUA + SRP/Applocker.

If you have a Windows version that doesn't support SRP, use Sully's PGS. An alternative for Windows 7 (although inferior to a LUA/Applocker combo) is described here.

[ExtremeGamerBR]

Firewall + HIPS + Sandbox: Comodo Internet Security 4.1 (Without the AV)
Antivirus: Avast! - File Guard and Behavior Blocker
Windows: UAC + LUA + SRP
Ohers: PrevX SafeOnline (Facebook)

[pling_man]

Set DEP (NX/XD) protection to OptOut - protect against zero-day vulnerability exploits.

[Kernelwars]

Thanks guys.. It would also be helpful if ya'll can suggest some thing to lock or somehow get alerted when the hosts file gets modified.. Thanks in advance.

[sg09]

Quote:

Originally Posted by Kernelwars

Thanks guys.. It would also be helpful if ya'll can suggest some thing to lock or somehow get alerted when the hosts file gets modified.. Thanks in advance.

Winpatrol does that....

[Kees1958]

Quote:

Originally Posted by tlu

LUA + SRP/Applocker.

If you have a Windows version that doesn't support SRP, use Sully's PGS. An alternative for Windows 7 (although inferior to a LUA/Applocker combo) is described here.

Thomas,

Thanks for the reference. Only the 1806 trick or Attachment Execution Service protection included in XP since service pack 2 only has 2 known issues

Please read http://www.heise.de/security/artikel...P2-270548.html

As the author states

Quote:

Originally Posted by Jürgen Schmidt

There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.

ISSUE 1 (CMD.EXE)
Exploitation of this issue reqeuires some user interaction -- at least as long as nobody comes up with a way to execute cmd.exe with parameters from within Outlook Express or Internet Explorer.


ISUUE 2 (CACHING of Zone-ID's)
Exploiting this issue requires the ability to overwrite existing files which have a trusted or non-existant ZoneID. Right now there is no known way to achieve this in an attack mounted from the Internet.

The countermeasures
ISSUE 1
The countermeasure of the first issue (social engineering) is tackled two times
a) removing the installer detection & allowing UAC elevation only from safe area's
b) removing the execute right in download and mail directories through ACL

ISSUE2
Allthough issue 2 is a theoretical one, Countermeasure b above would deal with Explorer's theoretical flaw.

Request
So please stop addressing the SAFE admin as inferior as it is a very effective way of providing solid policy protection layer in a ADMIN/UAC environment. The term inferior is not based on field testing nor on reported intrusions in the white and black hat community. For someone propogating policy management LUA/Applocker is the best, next LUA/SRP. I agree on this, so be a sport and communicate on facts.

Applocker (signature issue, see Avast blog), SRP (2 theoretical evasion, see Didier Stevens Blog, also Run as:"Unrestricted"), Attachement Execution Service without other SAFE Admin precautions (1 user 'shoot in the foot' and 1 theoretical evasion), there are bigger fish in the ocean to worry about . . . like running Admin ( )

Thx

[tlu]

Quote:

Originally Posted by Kees1958

For someone propogating policy management LUA/Applocker is the best, next LUA/SRP. I agree on this,

Kees, that's all I wanted to say - in other words, though. I did not intend to belittle the SAFE admin approach. If you feel offended I apologize.

[Sully]

Quote:

Originally Posted by Kernelwars

Hi Guys,
I invite all the security experts here at wilders to recommend a layered protection suite (preferably free softwares) that can be used to fight zero day threats and provide a solid protection for not so savvy computer users...
Thanks,
Kernel

Be a member of the User group, not the Admin group. Learn to elevate something (such as a program installation) to Admin level only when needed. This is the easiest approach. If you must remain a member of the Admin group for daily use, protection for the not so savvy user is going to require learning something, IMHO.

Devise a scheme with which to use Macrium or any disc imaging software to the fullest potential with the least amount of effort. Weekly imaging is, for me, out of the question. Get an external drive, buy another internal drive, use USB thumbdrives, whatever you want. Put the data that you don't EVER want to go bye-bye on one of these 'other' areas for storage. Commit yourself to always putting your data there.. always. You reap the rewards then. Once your data is on a safe location, anywhere but the OS drive, you can create an image of a new fresh OS install. When you make major changes to the OS install, restore the image, do nothing but make your changes, then make a new image. This new image is the one you will use until you need to 'update' it. That may be months or more. When your system is borked or running slow, whatever, you know your data is somewhere other than the OS drive, so you can safely restore your image. No data lost, not much time lost in preparing to restore. Maybe some bookmarks or other mundane things that you might want to keep before a restore.

There are a great many tools and methods you might employ. Not one of them can be declared the best because not one of the users are exactly the same. The way in which our minds are wired differ from person to person. This is so noticable in software. One software that makes complete sense to me does not to you. In the end, you will have to choose the one that you understand and can control that also offers you the protection in the areas you feel you need.

It is a tricky question you ask. It normally requires a lot of experimenting with all the suggestions before you come up with what will work for you. But the good news is that there are many here who love to experiment and are happy to share. One of Wilders greatest assets IMO.

Sul.

[031]

avast free

prevx safe online ( free on facebook)

Malware defender

i use this setup on xp sp3 and it never slows me down.

[gery]

Comodo Firewall +sandbox
AVG antivirus free
Prevx Safeonline facebook edition
Macrium reflect

[Kees1958]

Quote:

Originally Posted by tlu

Kees, that's all I wanted to say - in other words, though. I did not intend to belittle the SAFE admin approach. If you feel offended I apologize.

No worries, you are a big promotor of LUA/SRP and have contributed to it on Wilders a lot. So your opinion has impact IMO. I have done quiet some research and extensive field testing with my manual tweaks. SAFE-admin will be very close to running LUA/SRP security wise. So when people are not willing to run LUA, SAFE admin will be a good alternative.

I am talking of will be, because the manual tweaks will go over most people's head. Sully is trying to create a program which make it easy and available for everyone running Vista/Windows7, also 64 bits.

Regards Kees

Quote:

Originally Posted by gery

Comodo Firewall +sandbox
AVG antivirus free
Prevx Safeonline facebook edition
Macrium reflect

Please use another firewall or router

[lordraiden]

Quote:

Originally Posted by progress

Please use another firewall or router

Yes, I'm sure the router will sandbox the apps and the HIPS integrated will protect you at the same lvl... \ironic

[Dundertaker]

Hi;

(realtime)
Prevx (one from facebook) or Avast free
Online Armor free/PrivateFirewall freeware
GesWall free

(on-demand)
MBAM
HitmanPro

(imaging/backup)
for Seagate hdd - DiscWizard (BartPE embedded)
for WD hdd - ATI-WD (BartPE embedded)
other hdd - Macrium free (you'll have to download BartPE seperately)

[MrBrian]

Quote:

Originally Posted by tlu

LUA + SRP/Applocker.

If you have a Windows version that doesn't support SRP, use Sully's PGS.

Another alternative to SRP/AppLocker is using Comodo Internet Security as an anti-executable.

[Osaban]

I'm not an expert, from practical experience I'd say:

1) Sandboxie free

2) Returnil free

3) Macrium Reflect free (I haven't tried it, but I trust Wilders' members feedback)

A couple of good scanners on demand (also free, e.g. Avira & Malwarebytes Anti-Malware) to check suspicious downloads.

[atomomega]

Web Browser
Google Chrome or Firefox
-WOT (available for both)
-AdBlock (available for both)

Resident protection:
Panda Cloud Free
Immunet Protect Free
Outpost Firewall Free

Virtualization:
Returnil Free

On-Demand:
Hitman Pro
MBAM Free

I wouldn't add any system hardening like LUA/SEHOP/SRP/DEP/UAC keeping in mind that basic users would have to download, install, update, run... different apps during their regular tasks. IMHO

That being said, I'm not a computer expert nor advisor. I don't even consider myself a high-profile computer user. Just a computer enthusiast!

[atomomega]

Quote:

Originally Posted by Sully

One software that makes complete sense to me does not to you. In the end, you will have to choose the one that you understand and can control that also offers you the protection in the areas you feel you need.

It is a tricky question you ask. It normally requires a lot of experimenting with all the suggestions before you come up with what will work for you. But the good news is that there are many here who love to experiment and are happy to share. One of Wilders greatest assets IMO.

Sul.

Strongly agree!!!