Anti-drive by software suggestion

Need some suggestions for my brother just got nailed with the rogue software antivirus 2008

He's pretty much a noob when it comes to this kind of stuff happening also.

 

Nice n Easy: http://www.youtube.com/watch?v=AAx6Y2MW_uA&feature=channel_page

 

I should also point out,if possible offering a free software alternative

 

Any sandbox will be OK. GesWall free wil do the job.

 

Use Firefox with the NoScript add-on extension

 

Prolly end up installing GesWall for him along with Returnil free.

He's using Explorer for the browser,wish he would switch,but you know how that goes...

 

You are forgetting "look down" NoScript is not for newbies.

Avast Free, + BoClean, And Maybe WOT - WebOfTrust.

Thats your best and most easy option.

 

If Sandboxing is not your taste, IMO you should try PCTool's BrowserDefender. Its kinda like SiteAdvisor, as it checks if the site you are about to visit is known to be malicious. Also it has a real-time engine, which checks every site as you browse and effectively detects many browser exploit pages as it loads. Hence preventing drive-by downloads.

See here for details:
http://www.browserdefender.com/help/#how

 

agreed, browserdefender is great, been using it for months now.

 

I like it also but, it doesn't work with firefox 3.1 beta which I really like.

Ice

 

hmm, guess its good thing im using the stable release of firefox and not the beta

 

The best thing you can do it keep your system up-to-date. It will prevent most drive-by downloads.
My advice is to use something like sandboxie/defensewall or geswall. Then consider blocking out bad sites. WOT and sitehound are al right, but blocking sites with your hostfiles also helps. If you really want a easy application go with defensewall. Firefox or Opera are preferable, but IE is al right too. Remember you can use WOT and sitehound with it.
Just tell him to use a LUA if he can or use UAC with Vista and don't accept anything if you didn't chose too. Best thing to do is not to download anything and try everything.

 

It's actually very stable and quick I might add. I use WOT along side it and CIS takes care of the rest.

Ice

 

Simple. Sandboxie. Non registered is free, but will show some nag screen now and then. It will cover browsing.

 

White listing, blacklisting etc will not work against it, IMO. Best option is a Sandbox or Virtual system(( Returnil for example) for him.

 

there is a new program called AppGuard this one will protect you in real time againts drive by attacks

 

It,s very new so can,t be suggested for a new user.

 

It really isnt that hard.

 

Not to an experienced user but to be fair some sites generate 6 or 7 blocked items,so a degree of knowledge is required to know what to unblock if you require specific content to run,on a streaming video site for example.

 

Hi Aigle,

Why do you believe whitelisting will not work?

 

White list will fail when a trusted site is compromised. We see it often.

 

And you tell me what the probability is a common used trusted site is compromised.

 

Not uncommon my dear.

 

wasn't half a year ago that the f-secure forum got a big fat exploit embedded actually..and more since then

 

thats where a hips and sandbox program come to the rescue