Help non-expert develop system and toolchest for 2 computers...

I think Im running into trouble because many of these programs overlap in functionality.

 

Ive noticed that Trojan Hunter seems to be more popular than A-Squared on the What security are you running thread. What is the reason?

 

Baby steps can sometimes teach you to walk with more confidence than sprinting

Lets examine some aspects here. First, DNS is a caching service essentially. If you have it turned on, you will cache ip addresses locally. Theory goes something like if you visit msn.com a lot, when you type it in, your local cache can return the actual ip address much faster than your ISPs dns server will. You gain, what, 150 milliseconds? Is it worth it? It can be. But, it will also cache dns values that return as non-resolvable. The cache flushes these out periodically. There used to be some tweaks I had somewhere that would change this time. Problem arises when you visit abc.com, and it is offline. You need to access it, so you try again every minute or two. But, the local cache is still telling you it is not online. Not until after the cache is cleared of negative values does it go back to the ISP dns to do the lookup. I have experienced this a few times, but normally it is not a worry.

Hosts files, I used to play with them. I feel like a large one (the useful kinds) put a lag on the experience. I have not tried them in some years, so maybe newer machines don't experience this. I do use a few hosts entries, but they are custom ones. I think OpenDNS would be a better solution personally, as it seems to be kept updated.

If you have a static ip, you need not worry. If you have a router, it is all good. If you don't have a router, then you are a potential target with assigned ip or static. All static does is give you a static address that hackers can return to over and over to try and exploit. A router pretty much solves any worries there might be. I have had a static ip for a very long time now.

When you speak of proxy servers (and you may know this) it is just a server that is the go-between for you. Many of them are designed for anonymity. Theory is you type in cbs.com, your computer goes to proxy, proxy goes to cbs.com, then returns web pages to you. If cbs.com was looking to see who visited, they would see the proxy did, but not you specifically. In the case of OpenDNS, it is your go-between for DNS. I don't think it is what you would typically refer to as a proxy server.

Concerning virtualization/sandboxing, you will probably have to try them to see both which runs best on your hardware, and maybe more importantly which you prefer to manage. Geswall is nice, but IMHO a bit more to understand/configure than Sandboxie is (for example). Once you get them dialed in though, it is pretty much set and forget from there on out.

Concerning ShieldsUp, there has been a great debate on whether that means anything for years. Essentially, with a router, you should not have any ports open really. If you have no router, then it becomes a bit more of an issue. If you are wondering about what I just said, it works something like this. Suppose you have Remote Desktop enabled right now (it is a service). Your computer would be holding a port, or a window to the outside world via the network, open. Your computer will answer to another computer who asks "hey, is window #3939 open" by saying "yes, port 3939 is open". Then the other computer will say "can I come in via that window?". Your computer should respond "no, you don't have permission". An exploit then can be made, where the other computer says "but I have pie!". Since this is an exploit, your computer will say "you have pie? I like pie! come on in".

ShieldsUp tries to test your ports, your openings to the outside world. It does not just see if they are open. It tries to tell you if they are closed as well. And if they are open, they try to see if the will reply to other computers. "hello, anyone at port 80?". "Yes, I am here, but you may not come in". They say you want to be stealthed, like "hello, anyone at port 80?". No reply. You do have port 80 open, but your firewall is saying "hee hee, you keep on knocking, but I am ignoring you".

Now your router in this case, he is saying "look bub, I told you before, the boss didn't ask for you to come knocking on his door today, so you ain't gonna do no knocking.. now beat it". In a router then you make exceptions. You tell the router it is OK for anyone to knock on a specific port.

Now, when you speak of AntiVirus, how much weight do you put on scan times versus what they term "real time"? I rarely ever scanned my drives. I would use an AV that was fast at watching anything being written, in real time. It made more sense to me that if my AV was good and fast (light) at watching what was new, why would I need to keep scanning old items that have already been scanned. I think being vigilant about what you add to your system is a better approach than what is already there (presuming it checks out ok).

The advice to run in LUA, as a User only, is very good advice. I dont' use it, but I do advocate it. Programs like SuRun can make it much more convenient to be a User instead of Admin. But you need to realize that just because you are User, does not mean much if you will allow everything Admin rights anyway with SuRun or similar.

LUA and SRP, it can be very effective. It can also be very restrictive. If you have your set programs you use and everything repeats over and over, it is great. However, if you are always in a state of change, it can be a lot of work to always be making exceptions. Of course the same goes with a firewall or HIPS too.

That is all I got for now. Hopefully I explained it in a way that you understand. No disrespect if you know some of that already.

Sul.

 

Thanks for the detailed explanations. I had researched some of the stuff and already figured some of it out, but it is really good to hear someone explain it, and you did explain about the local DNS cache, that I did not understand. Thanks for the explaination of the Shields Up, Router Hardware Firewalls, and such.

Is the Host File and the DNS filtering that something like OpenDNS does essentially the same, or are they different? They are different in how they work arent they, but you end up with similar results.

Hostsman has a button to clear the DNS cache, which I have done, but I didnt disable DNS at the startup and I dont see a button for that operation on the Hostsman program. But I will look into disabling the local DNS cache.

That makes a lot of sense. Any recommendations on that? I can use on demand scanners to check behind the system I set up, until I feel secure. How often should I scan my system with Avast and Avira scheduling? Should I use the Quick Scan or the Deep Scan or the Complete System Scan?

Im gonna play around with LUA and SRP, SuRun, and DropMyRights on the Fast Lappy. Check it out, see how it works. However, Im not leaning this direction....though I appreciat Johns informative links and suggestions(and yours). I havent had major problems in the past flying pretty ignorant and just using AVG Free and Spybot S&D. I will have backups in case of disaster. And I will be tightening things up a bit. Trying to learn what programs do what, since most are not in clear cut categories anymore.

 

ThreatFire seems to be agreeable. Set to level 4, one above default level 3, out of 5. Ran with Winpatrol. Was quieter than Winpatrol, but did have 2 pop ups that Winpatrol didnt pop up on, one was Opera connecting to the internet, which as set and remember and the other was Uninstall.exe of the program Launchy.

I will try Mamutu next, then Immunet.


Tried to run Acronis True Image Trial, but it failed to one click partition and backup. Then crashed the system. So I uninstalled and have settled on Macrium Reflect, which I have used on the Slower Desktop already. (On a side note: Didnt care for the Vista/7 look of Acronis True Image 10.) Wouldnt mind trying an earlier version of Acronis True Image, but Macrium Reflect worked good...and I might purchase it, if it gives me differential backup.

 

Hi EscapeVelocity.

I'm not even close to being in the same league as Sully and others here, but would like to share my thoughts with you. I have an XP Home desktop with half the CPU speed and a quarter of the RAM as you, so keeping things light is vital for me. I also have two teenagers in the house and their idea of safe surfing probably only extends as far as not hitting their heads on the monitor. As far as real world security is concerned I don't think there can be a better test than letting teenagers loose on the internet!

I have only ever let them run as Limited Users, and with the help of Sully's Pretty Good Security, have recently set up a Software Restriction Policy as well. I feel this secures me from the overwhelming majority of nasties out there, but as an additional security layer I use the paid version of Prevx 3 (including the free version of SafeOnline). It is very light to run and almost completely unobtrusive. Apart from the occasional on-demand scan with Hitman Pro, I run no other real-time security software, but I am behind a basic NAT router. In case the unthinkable does ever happen I also have disk images to fall back on.

It is fun and even educational to tinker around with security software (indeed any software), and I would never suggest anyone stops doing that; if that's why they are doing it. But especially if you have a slower PC, real security can be had for very few CPU cycles if you are willing to learn the concepts involved - and lurking on Wilders is a great place to start!!

 

Thanks, Zorak!

I guess I should give LUA and SRP a second hard look. I haveing worked on that aspect and checked out the programs yet. That seems to be a recurring point, so I better not dismiss it lightly.

I tried that Hitman Pro, and really liked it! Ill probably keep that in the toolbox as on demand scanner, as I cant afford that high of yearly subscription fee.

I need to check out Prevx, Returnil, and Shadow Defender which are programs I am less familar with the names, but they seem to be well regarded around here.

Im trying to be methodical and learn as I go, and poke around and search for terms and stuff that come up that I dont know. Eventually Ill get it down pretty good. Ive already got a good gist of it. Need to poke around the available well regarded programs and see what fits me and User2.

Keep the tips and answers coming and Ill keep the updates rolling.

EV

 

Here I am working on a list....been editing it down and refining what goes where (which is kindof hard because of multi-fuctionality of many of the programs). This is in the OP, and Ive been revising that one too, moving it to page 2. Some programs have already been removed from the list.

I realize that I will probably have too many keepers and need to wittle down some more, but this format serves my purposes.

 

Added AVG Linkscanner to the Slow Desktop. I had this with the AVG Free that I was using on it before. I didnt know it was a standalone product as well.

Anybody know exactly how it works?

 

Dr. Web CureIt! ditched. I couldnt get it to load into the Program Files directory with a Start Menu icon. Does this provide cures, and not just scans? Is there a way to put it into the Program Files folder and listed in the Start Menu Program Files menu? If the answer to these 2 questions is yes, then Ill probably bring it back and keep it as a backup scanner/remover.

 

Im really liking Mamutu, havent heard a peep out of it. Just checked its goings on and process monitoring.

Anybody use this?

I like it better than Threatfire which I am assuming is somewhat similar, though I didnt dislike Threatfire.

Edit: Just installed ProcessGuard. Both Mamutu and Winpatrol gave dual warnings for Start Up and Services Reg. Mamutu was a bit faster, but not by much.

 

Read at Wilders Security Virtualization thread...

 

The free version of Paragon Backup and Recovery features differential backup.

 

Thanks, I read that somewhere too. Im not averse to paying for something that works for me though. I like Macrium. Ill give Paragon a look, but its download size is huge.

 

Checking out some older programs from the massive What is your security setup these days? thread.

Look n Stop
Safe n Secure

Appdefender/Regdefender

BOClean
UnHackMe

Samurai
Seconfig
Computer Security Tool
XP AntiSpy
Security & Privacy Complete

System Safety Monitor

SnapShot

IceSword
Blacklight

JV16 PowerTools

SnoopFree

Regrun

TCPView

FirelogXP

Windows Worms Doors Cleaners

 

Maybe also look at Probably the Best Free Security List in the World.

 

i like samurai hips

 

Thanks Brian, for the tip. I have perused that list before. Gizmo's is a nice site.

Thanks for the heads up jmonge.

Im going to try out Samarai, now. Do you have any tips or recommendations for its settings/

 

Faronics Anti Executable
Dynamic Security Agent

Faronics DeepFreeze

 

Here is a discussion on System Hardening...with comment from Sully highlighted.

Harden XP system - how and with what

Here is a description of some of the Hardening Programs...from Malware.org

Freeware, Open source and Commercial Windows Hardening Tools download

Here is a list of some Hardening Progs from Gizmo...

 

System Safety Monitor too much for me, passing on that one.

Also Samurai, passing on that one, though it was alright. I would like to use one of the other hardeners, without the hooks and very limited HIPS that Samurai has.

Windows Worms Doors Cleaners aka WWDC also a pass, some of the other hardeners do the same thing, but you cant see open doors on them. So WWDC has that feature. Maybe something else will have that feature. Ill keep it in mind just to look for open doors, it runs as an exe, and doesnt load onto your system so.

Still looking at these hardeners....

SafeXP
XPantispy
xpy
Security & Privacy Complete
Seconfig XP

 

Im trying out Malware Defender now. Decided to quit piddling around with the old stuff, but now I find that Malware Defender is no longer supported!

 

Searched Comments Roundup

 

CyberHawk
FD-ISR

 

I found this thread really informative...

Are answering prompts in hips really that obvious?