Hi wilders Expert Expert Advice Please

Hi wilders please advise
Hi wilders Expert Expert Advice Please

Now I m just a Average user in secruity Department and the anti virus and anti malware department and getting to grips with the software I have installed comodo CIS 3.9 great seems to be doing fine. But still dont understand Half the things on there

Installed (CIS 3.9 Defense + safe mode, Virus statefull Mode ,Firewall safe mode ) Proactive Mode

Malware Bytes ,
Super Anti spyware
CCleaner
Avg Link Scanner
Spyware Blaster

Now is this setup fine for the best proctection As it is very very confusing and very very difficult as what to do and what not to do for a normal user like me that is not as experienced as wilders Members

I have got such a big headache from reading here and reading there and it seems to have been like a pandoras box to be honest for me there is suggestions for examples like install

Comodo Vengine
Sandboxie
Geswall
Defense Wall
App Block
Firefox with no script and ad block
and the list goes on..............

then theres things like theres clickjacking and how videos contain javascript so you can get clickjacked and how you can no longer go and watch youtube videos and google videos or anything else for that matter and stuff like how Microsoft Netframe will cause firefox to have malware installed so now this means i can no longer install firefox because now its vulurble to malware and to unistall the netframe if you want to and so on and so please do not think i am bieng rude this is way too much to take in where do i start yes i do want protection but this is like its never ending and then theres ula i dont even know what ula is or even SRP is or there was a few things sully reply thread metioning to do to make things safer i dont even know how to even start doing them please btw sully i am not having a go at you thread reply i want to understand but it seems so difficult theres so much to do and all i want is to surf but its not ending lol but i would indeed like to implement your advice


Extract from sullys post

I created LUA ?
Put on SuRun ??
SRP ?

locked down firefox to BU,?
locked down MediaPlayer to BU?
All thier programs that they used daily were put into BU with SRP.? I created a folder for thier downloading. I set thier browsers to not ask where to download to, and not to run etc, but to save to that downloads folder. Fortunately these peeps know what an executable and file system is, so they quickly understood that things went to the downloads folder, and you execute it from there. They understood that the downloads folder and thier programs (certain ones) were being 'restricted'. They understood if they started an install from the downloads folder it would not have success because every .exe in it was restricted. They understood to install they must move to different directory, then run it. They could handle this. Almost everyone I help, that scenario is repeated. No one wants LUA. But most can grasp the concept of restricting certain programs and how it effects what they do.

End from sullys post

please wilders i need help its confusing geswall is isolation comodo is hips sandboxie is isolation defense wall is hips firefox is good firefox gets malware etc spyware blaster is good app guard is good geswall is good lol too many apps too confusing

PLEASE PLEASE HELP AND THANKS IN ADVANCE AND SORRY FOR LONG POST

I THINK YOUR ADVICE WILL HELP MANY OTHERS IN THE SAME SITUATION AS ME THANKS

 

Hi kamy,

Do you use your computer for anything other than browsing the web? If so - what? Do you keep any documents of any type, such as Microsoft Office files, .pdf files, etc?

 

Hi brian Thanks for replying

yes most of the above pdf files work documents microsoft office works projects Study documents Favorites Budget sheets etc etc

Thanks

 

Theres a lot of information floating around and especially everyone here seems to have an opinion about their favorite setup, I'll try to categorise these products in a neutral way:

Blacklist scanners (Anti-Viruses)
This is the 'traditional' security that most people have. AVs assume all programs are safe except for the ones it can determine to be bad. eg Avira, ESET, Kaspersky, Norton, Mcafee

Classical Behavior Blockers
These programs install deep into your system and intercept what other programs do before the operating system has a chance to execute those commands. Because they dont actually determine what is bad or good, but instead just intercept and alert you to system activity, they tend to be very noisey. eg Comodo Firewall with Defence +

Smart Behavior Blockers
These programs also install deep in the system but instead of intercepting everything, they try to determine what is bad or good. They only alert you to the bad ones. They tend to be less noisey. eg Threatfire, Mamatu

Sandboxes
These programs create a protected area where programs run. They intercept everything but instead of writing the changes to your computer, they write into the sandbox or protected area. They dont alert you to anything or help you determine if anything is bad. eg Sandboxie, Defencewall

There are a few more and I'll come back another time to finish the list. Hope that helps clear a few things up for you. You have to decide what programs you want to use to protect yourself depending on your usage patterns.

 

Hi huangker

Hi thanks for a excellent informative reply im understanding now

SO can you please suggest a setup for someone like me please so far i have

Installed (CIS 3.9 Defense + safe mode, Virus statefull Mode ,Firewall safe mode ) Proactive Mode is this good for a newbie like me and will the Alerts be too much to handle ?? So far strangerly i havent had much alerts if alerts only if you install things or maybe i just havent been to ay bad sites

i also got these installed are they overkill for a newbie ?

Malware Bytes ,
Super Anti spyware
CCleaner
Avg Link Scanner
Spyware Blaster

and do i need a sandbox type thing one you can recomeneded for newbie i like geswall reason it isolates everything where sandbox i have to chosse whats good or bad its confusing

And can you help with with this firefox installtion and the Microsoft Netframe problem do i have to still unistall or have they made a patch? Can i use portable firefox instead or is this not safe to do so?

And also once i do install firefox how to learn to use noscript for a newbie firefox addon because i find it diffcult to use what to block what to not block do you block on google sites and youtube etc

and click jacking has this stoped my means of websites like youtube or google video or even flash videos and where can i learn about it more do i need to worry too much?

And finally i would like to learn some of the secruity measure that sully has metioned in previous post

Extract from sullys post

I created LUA ?
Put on SuRun ??
SRP ?

locked down firefox to BU,?
locked down MediaPlayer to BU?
All thier programs that they used daily were put into BU with SRP.? I created a folder for thier downloading. I set thier browsers to not ask where to download to, and not to run etc, but to save to that downloads folder. Fortunately these peeps know what an executable and file system is, so they quickly understood that things went to the downloads folder, and you execute it from there. They understood that the downloads folder and thier programs (certain ones) were being 'restricted'. They understood if they started an install from the downloads folder it would not have success because every .exe in it was restricted. They understood to install they must move to different directory, then run it. They could handle this. Almost everyone I help, that scenario is repeated. No one wants LUA. But most can grasp the concept of restricting certain programs and how it effects what they do.

End from sullys post

Thanks any tutorials or learning stuff please advice wilders im willing to learn because i want to have the best measures in place thankyou

Ps forgive if some things i have not stated right i am a newbie finding my way around thnks ps im running vista

 

lol, acronyms.

LUA stands for Limited User Account

SRP stands for Software Restriction Policy

BU stands for Basic User

Things go something like this.

Most windows machines have a certain number of default 'groups'. You belong to a group of some kind. The basic ones are Admin, User, Power User and System. System is not so much a group you can belong to, but it is still a group.

Anywho, the 3 main groups each have a certain set of 'rights or permissions'. When you are a member of a group, you 'inherit' those permissions typically. When you install for instance XP, you are a member of the Administrators group.

The Administrators group is the most powerful. This group has pretty much full permissions to create, modify or delete just about anything.

The Power Users group is also fairly powerful, being able to modify many things. Most home users don't use a power user account.

And finally there is the Users group. Members of this group are allowed to create, modify or delete items in thier 'user space', that is, thier profile directories. You might know these directories as the 'My Documents' and 'Desktop' areas. Users are given read and execute rights only in Program Files and Windows directories. Users can normally create new folders and objects within folders in thier profile or c: itself. They may not modify or delete anything on c: itself though. That is, anything on c: by default you cannot modify/delete, but you can create/modify/delete custom made directories.

A LUA is a way of saying a User account. When peeps refer to this they mean that thier account is a member of the Users group, and they are restricted. They cannot install any programs that want to install to c:\Program Files because a User does not have that right.

Most home users are members of the Admin group. The problem with this is that if you get a bug or virii, it can use your account to do things. Since your account is Admin, it can do about anything it wants. The proponents of a LUA account bank on the fact that if you contract the same bug, your account does not have the same type of rights as an Admin would, so damage is limited.

Most home users don't want to be bothered with being a User only, because it means they need to logoff and then logon as a member of the Admin group to install something, the logoff and logon as thier normal User account.

There is a feature in Windows called Secondary Logon. You can right click on something and you should see the option to 'RunAs'. This feature lets you logon as a User, and when you want to install a program, you 'run it as' an Admin. Meaning, you start the program as the Admin account you have. You put in your Admin username and password. Then the program starts with the same rights as an Admin and it installs.

SuRun stands for Super User Run. It is a very nice 'shell' for the Secondary Logon / RunAs feature. It can remember programs and start them as Admin for you quickly among other features. Many people who use a LUA account here also use SuRun because it makes it easier.

SRP is used to Allow or Deny programs from running usually. If you are an Admin, you can use it to stop notepad.exe from running. If you are in LUA, you can use it to create what is called a default-deny scenario. Basically this means you deny everything from running except specific directories or files. This is a populare concept because it ensures nothing runs but what you say can.

SRP can also be used from an Administrators account with another option not normally seen. By changing one value, you will get 3 options for an item in SRP. Allow, Deny or Basic User. Basic User should just be called 'restrict'. What it does, if you use it, is start a specific executable or any executable in a specific folder as a Basic User. To say, even if you are Admin, with full rights, you can start Firefox.exe as a User. So when firefox runs, it 'inherits' the same rights a User would have, which is pretty limited. The idea in this instance is to make anything you might use over the internet start as a User, so that it is restricted. Starting firefox and media player are examples of programs that can be compromised. However, if they are started as a User, and they are compromised, there are really good odds that they will cause no harm.

There is obviously much more to it than what I have written. But you might start to get the idea, that Windows has certain features that those who wish to take advantage of certainly can.

So your journey begins..

Sul.

 

edit so unfair i can not setup srp in vista home

Wow thankyou sully now im seeing the whole idea you know i knew some of this lol but not the full concept but thankyou for explaining im getting the idea

I can not believe that most peeps cant be bothered i think its a excellent way to go about it yes why not if it proctects you then its fine i dont know why some peeps are lazy it just takes two secs to log off install then log back on and continue as normal i am going to use this


So the idea is always use user account right settings less damage and can this be setup vista users is this better than the user account control thing in vista

and i understand now why using a user account will not execute anything on user account but lets say if you was to use on admin main account will

things like geswall and user account control on vista not achieve the same thing? where they just simply isolate ? or are we saying the files that would leak past geswall ?

Sully can you help me with this part of my post please

what setup would you recomeded for you please at the moment im running

SO can you please suggest a setup for someone like me please so far i have

Installed (CIS 3.9 Defense + safe mode, Virus statefull Mode ,Firewall safe mode ) Proactive Mode is this good for a newbie like me and will the Alerts be too much to handle ?? So far strangerly i havent had much alerts if alerts only if you install things or maybe i just havent been to ay bad sites

i also got these installed are they overkill for a newbie ?

Malware Bytes ,
Super Anti spyware
CCleaner
Avg Link Scanner
Spyware Blaster

and do i need a sandbox type thing one you can recomeneded for newbie i like geswall reason it isolates everything where sandbox i have to chosse whats good or bad its confusing

And can you help with with this firefox installtion and the Microsoft Netframe problem do i have to still unistall or have they made a patch? Can i use portable firefox instead or is this not safe to do so?

And also once i do install firefox how to learn to use noscript for a newbie firefox addon because i find it diffcult to use what to block what to not block do you block on google sites and youtube etc

and click jacking has this stoped my means of websites like youtube or google video or even flash videos and where can i learn about it more do i need to worry too much? can i go on youtubeand still watch videos even though javascript video i dont know what to allow in noscript its hard to use lol

 

You should focus on thing at a time.

First, you should create a user account. Then you should try using RunAs (right click on things) or installing SuRun. Then just do things. You either read some documents to understand what a Users rights are, or you play around and see for yourself. You need to decide if you go LUA, how you want to help yourself. Logoff/logon, use RunAs or SuRun, or other methods, there are a few more out there.

If you are not bothered by being a User, then you should read up on these threads. They have a wealth of information that you might be able to learn more from.
https://www.wilderssecurity.com/showthread.php?t=196737
https://www.wilderssecurity.com/showthread.php?t=200772
https://www.wilderssecurity.com/showthread.php?t=232857

Pay special attention to 2 issues. One, if you demote your current admin account to a User, it can have residual effects because it was an admin. Two, there are some issues with a LUA, such as autostart areas, that you might want to also address.

I think though that you would be wise to start developing your scheme of security. If your goal is to have as few programs running that either user resources, cause popups, involve intense configuration or could provoke you to provide in improper answer and thus compromise your security, then develop yoru scheme.

Maybe you like programs and tools like scanners etc to help you 'feel' protected. Nothing wrong with that if it makes you feel good.

Bottom line is, at some point you will need to decide you much or how many tools you need. You need to decide what attack surfaces you feel you will be exposed to. If it is just a browser you worry about, then mabye Sandboxie is a good fit. If you don't download and install much you might go a different route. Maybe you worry about email borne issues. Maybe you worry about a USB stick being inserted that could be infected.

Think about it. If you really feel comfortable fixing issues, maybe you don't need a lot of insurance. If you aren't that good at that, you may want an over-abundance to save you some time and $$ in the case you are compromised.

Certainly, learning about LUA and it's implications if you decide to go that route is a huge step to limiting exposure. But many are also capable of being an admin without LUA and few tools to help them, but still stay perfectly safe.

As far as peeps being lazy to not use LUA, I don't think that is the case. I don't typically use it because I do a lot of stuff daily that SuRun works OK on, but not really my best option. I prefer Admin myself, but then I don't really care if I get hit with something. I know how to handle it, in many ways. No, I think most 'average' users are not lazy, they just have better things to do in life than learn about a stupid machine they get entertainment from. Thier interests lie elsewhere.Cannot say that I blame them, computers certainly do take a lot of my time that could be spent somewhere else. I personally think it is the tinkering around with hardware and software that attracts so many to it. It is the ultimate puzzle, the ultimate erect-a-set.

Sul.

 

As far as browsers go, I think an easy way to start would be to look at some of Rmus's postings on using Opera. He allows certain sites only to perform scripting and other things that might pose problems. In his method then, it is sort of like default-deny. He allows Wilders website to do most anything because he trusts it. But not others unless he specifically states they should. This is a very safe approach, although it does take some manipulation if you want a new site to work properly the way it was designed.

You could also use Chrome, which has some type of virtualization. I did not care for it, but many here do.

Also for now you could just use Sandboxie with any browser, and empty the contents when you close it. At least until you get a feel for what your security should look like.

Sul.

 

I would recommend, for now at least, that you not use any security products that require you to make too many decisions.

I recommend to use a good antivirus program such as Avira or Avast instead of doing scans with the first two on your list. The first two on your list might come in handy for their cleaning abilities though.

In Tools->Add-ons, disable extension 'Microsoft .NET Framework Assistant' and also plugin 'Windows Presentation Foundation'.

I recommend to keep using NoScript, but with setting 'Allow Scripts Globally' turned on. Even with this setting turned on, NoScript offers protection against clickjacking and some other bad things. Or, you could use Opera in the manner that Sully suggests.

Finally, but not least, keep your software up to date, using Microsoft Update and Secunia PSI.

 

Thanks sully and brian for guiding me through this setup

so brian do you recomend that i should ditch comodo 3.9 defense plus free edition and move on to avira?

I havent had that many alerts with comodo defense + or comodo firewall it has been very quiet hardly noticed it but do you still think change it

Also how do i unistall it after going threw the whole setup process in setting it up in the first place is avira better? does it included firewall will i not lose the hips in defense +?? thanks

 

I'd keep the firewall part of CIS, ditch the antivirus part, and ditch or tone down the Defense+ part. I personally do use Defense+, but I toned it down recently as described at https://www.wilderssecurity.com/showthread.php?t=236744.

Avira is a top-notch antivirus product.

I recently switched from Opera to Firefox. The security and/or privacy-related add-ons I use with Firefox are NoScript, BetterPrivacy, KeyScrambler, LastPass, Web of Trust, LinkExtend (with only the context menu options enabled, to give a 2nd, 3rd, 4th, etc. opinion of a link), and Perspectives.

If you're using XP and running as admin (as I do), I also recommend to use 'Basic User' Software Restriction Policy with browsers, media players, and anything else that might interact with dangerous content. If further interested in this, let me know.

 

Virtual Machines
These programs called virtual machines pretend to be computer hardware so you can run another separate operation system in them. Your original computer is called the host. Your computer inside the virtual machine is called the guest. Nothing in your guest affect your host. You can think of these as a super sandbox. They are more 'secure' than a sandbox but can really affect performance esp on older hardware. eg. Vmware, Virtualbox

System Virtualisation
These programs intercept everything new programs do and instead of writing it to you computer, they write to ram. When you restart your computer, any changes made when system virtualisation on will be flushed away. eg Returnil, Deep Freeze

White Listing
These programs stop new programs from are the opposite of black list scanners. They assume all new executables are bad and nothing can run unless you explicitly allow them to. It is a good technique in a corprate environment. eg Anti-Executable (for executables obviously) and NoScript Addon for Firefox (for scripts obviously)


As for your setup, I recommend you start with something simple. Comodo Defence + is a classical HIPS and not that easy to use because it will give you many popups and you will have to make decisions. Limited User can be diffcult to set up so if you want to look at that, best bet is to upgrade to Vista which has UAC built in.

I suggest you use a good AV like Avira or KAV. Have a good smart behavior blocker like Threatfile, and use firefox with the No Script addon for Firefox. I would still suggest you have scripts disabled globally and allow each site as you like. What MrBrian suggests is easier though. Also second him on the PSI and keeping everything update.

 

I agree also, that for those that are capable and willing to use NoScript with scripts enabled only for those domains desired, that this is the safer option, and is the way I use NoScript. For those who are either not capable or willing to do so, NoScript with scripts allowed globally still provides some protection vs. not using NoScript at all.

 

Thankyou to the both of you in fact all of you very sound advice and i will certainly follow advice im setting all this up as of now and will be moving to kav or avira and will be adding the add ons metioned by Mr brian and updtes once again thankyou for the expert help kind sirs