How much security is enough?

I have been following this forum for the past few weeks and have found it most informative and interesting. However, trying to assess all the comments and information and apply these to my particular requirements, has me rather confused. Like many on this forum, I enjoy trying a variety of programs, but what do I really need?

My first question is how real are these “threats” of spyware, malware, trojans, vuruses, etc.? I read posts, articles in various publications, but am I just lucky? I have had broadband for more than six years, and I have installed and tried numerous programs to detect threats, and to this point, I have never found any of these threats on my computer. Spybot has occasionally found a potential tracking cookie, NOD32 has informed me a trojan was attempting to install an applet, but other than these very infrequent occurrences – nothing. I have tried Kaspersky, Nod32, ewido, Spybot, Avast (and others) and done many complete scans of my computer – nothing.

Recently, I have installed (from suggestions on this forum) Kerio 2.15 and it seems excellent - low cpu overhead, low ram useage, it informs me when an app wants to go out on the internet, stealths my computer – seems all I need, especially as I have added a router/firewall recently, and the router appears to have stealthed my computer, as well. What more do I need? I read some comments that Kerio is “old” and limited, but it seems to do the job. Are complex and multiple programs really necessary?

 

I think it depends on how you use your computer. If you install stuff like Kazaa and download lots of dubious programs and install them, then you might just need all kinds of protection software. If not, then you may need a lot less.

 

You may want to take a look at ProcessGuard, a nice review here.This program is interesting since it protects all your applications from terminating.

http://www.commontology.de/andreas/win_secure_pg3.html

 

andie,

That's a simple question with a rather complicated answer. There are some basic points:

• Unlike evolutionary malware threats, the basic communication protocols are constant. That is why a relatively old rules based firewall can be as effective as one just released. What has changed is the information provided to a user, how it is organized, some of the flexibility in set-up, and the emergence of application based approaches. Although it is easy to develop application-envy, mature firewalls such as Kerio are fine if they suit your needs. More modern free firewalls are also more than adequate for most home use needs.
• Whether you get exposed to spyware depends on the collection of sites you visit and the precautions you take in the course of these excursions. There appear to be a couple of extremes. When my nieces and nephews visit, they can get into a click happy mode that seems to place a couple of hundred spyware entries on my PC per hour (yes - that's a real number based on experience). That's one extreme. I would guess my mother would yield zero entries per hour even while surfing since a very limited range of sites interest her. I'm in-between. I stick to mainstream sites, but search engine results sometimes lead me down unfortunate paths. So there's a whole range of possibilities with respect to exposure.
• With respect to spyware, one set of test results obtained by Eric Howes has been re-examined by Brian Livingston. The punchlines are that no single antispyware application is very good at removing spyware, nor are the gaps completely filled by using multiple programs. Mutliple programs are better, but the point of diminishing returns is very quickly reached.
• My personal experience is that genuine virus/trojan/other threats hit me every few years. I'm generally cautious, but I'd say that this is a typical result. The problems are so heavily reported in the mass media that one might surmise that breeching of your system should be a daily event. Nothing could be further from the truth. It will generally be a rather infrequent event. However, depending on the nature of the attack and what you use your PC for, the stakes could range from inconsequential to severe. That fact that you haven't experienced a problem is good, however past history is no guarantee of future performance.
• Your history seems to suggest a low-risk profile. The router and firewall are good additions. I'd keep some of the free antispyware applications installed on your PC (e.g. MS Antispyware beta, Spybot S&D, AdAware SE) but use them as infrequent demand scanners once a month or so, maybe less frequently. I wouldn't have any of the realtime components active since you're not seeing significant exposures. That is something I'd periodically revisit. I'd also have an anti-trojan installed. Again, since you're low risk, go for the free flavor of Ewido. If you have NOD32 installed, I'd keep it current and use it as my sole realtime coverage as long as you do not use your PC for financial transactions (banking or purchasing) and sensitive personal information is not maintained on your PC.
• If you do use your PC for activities such as banking, or if your PC contains material which could be used to assist an identity theft, I would add a bit of additional coverage, not a lot. I'd probably hold it at a realtime AT application such as BOClean, TDS-3, or the full version of Ewido.
• If additionally you had to guard against downtime due to a PC outage arising from compromise of the OS or applications employed, I'd either add components such as ProcessGuard and RegDefend or make sure I maintained a reasonably current image backup of the machine. The latter is a good practice in any event.

Anyway, that's how I would approach it. Depending on where you currently fall, there's either no change in what you do now to perhaps adding a selected piece here or there.

Blue

 

I'm in the same boat as you Andie. I really don't know what I need to run. I'm currently running the trial version of Outpost Pro and I love it, however ZA Free seemed to be fine for me. I'm just worried that it's not enough... and when I worry I end up purchasing it just to have ease of mind.

I've never really had any problems, but I just don't want to risk it.

I run TDS3, Outpost Pro, Nod32, Process Guard, MS Anti-Spyware, Adaware, Spybot, and PocoMail with Mailwasher.

 

To Blue .
There you go again . Great answer as always . ( Seems i like this Blue guy ) .
Tyler .
I would suggest Outpost Pro for two reasons for YOU . The first being that , as time goes by , you may want more " tools " to configure . OP has this . It will also give you peace of mind as you already feel free may not be up to snuff . Zone Alarm is SOOOO easy to use but , IMHO , not as strong as many other firewalls . You use much of what I do . You look good . Very good . Top notch AV and AT . PG is probably the best of all . And Outpost is at the top as well . MS AS is good thus far . I think you are good to go my friend . And just pick up new programs if you want a new playtoy . As a side note , I find Arcavir an excellent backup to NOD . Some may prefer it over NOD . Just a thought .

Hope this helped and good luck

 

One more thought..

In the various security forums you often see ordinary folks with home computers acting like they have the exposure of a major financial institution. Well, they don't. One has to apply a filter of sorts to these discussions. What is theoretically possible may be the result of a custom attack at a likely valuable target. That it is not someone who might have $5,000 to clean out of his checking account.

Application envy, I just love that one.

 

Very nicely put

 

Hollywood,

Have you ever had NOD32 fail at detecting a virus that ArcaVir detected? Also I am able to use Norton Anti Virus for free (through work), what are your thoughts about running that with Nod32? I can pretty much guess what you are going to write though...

Personally, I hated Norton but it is free.

I looked at Arcavir and it's only 29 bucks, which isn't bad. I know both will detect viruses, but how badly do you think Norton would run along with Nod32?

Also... Do you work in the film industry at all? I work in lighting and was just curious from your name.

 

If you like Norton and it will work on the same machine with NOD , I see no problem . Just do not have both scan in real time at the same time . Use one as an on demand to back up the other . As for your first question . No . But , that does not mean it will not happen . NOD is top notch . That is why I chose to run it . I have now found Arcavir to be very good as well . And the support with Arcavir is very good . Not trying to confuse . Sorry . If Norton will run with NOD and you like it , go for it . Hope that helped and Happy Easter my friend !

 

hi Hollywood well lets c.sum chains round my tower with a huge padlock..then attached to that an alarm sensor lol..the monitor a steel cable? rofl..then perhaps a cam hoooked up to see if anyone goes near the pc..hahahah !! I know goes on and on and on..personally i settle for just a good AV and good AT!!! and browse with firefox..that's bout it 4 me!! really the way i c it is its just a bit of machinery sure we have data on it but if u back up regluarly!! no big deal right ive reloaded windows 4x in the last yr no hassle..and 2 be honest ive had more hardware trouble then software... Regards mD

 

Thanks for the input.

I hate Norton, but it is free...

However I think I will run the trial of ArcaVir and see how it goes. If I like it, I'll buy it. It's only 30 bucks... small investment for protection in my eyes.

 

And MD has a GREAT back up tool now ! Right ? lol

 

Tyler
I do not like Norton as it never could clean things it found . I did not want to say that though because it sounded like you might like Norton . Did not want to push you in a direction I felt you should go . I like to deal with what people ask and not push my own agenda on them . Any problems with ArcaVir , please , contact them and tell them I sent ya . lol . I have nothing to do with them . I just have found this AV to be very good . The registry monitor is great to have too . The interface is not pretty to look at but , I like the program . See what you think and please let me know .

 

Diver,

It's a little more complicated than that, but not a whole lot. The financial exposure is generally relatively minor, much less than the $5k you mention. While the bank account clean-out is possible, I'd also say that it's a minor thing. The more likely issue is credit card and identity theft. Here also, personal financial exposure is modest, but the grief in dealing with the cleanup can be well worth the modest cost of preventative measures. As anyone who has dealt with theft or fraud of this type can attest to, even if the personal dollar loss is zero, paying for some upfront insurance to eliminate the personal disruption can be worthwhile. Note - these don't have to be directed attacks.

You're basic message - that home users really don't have to employ the same computer security measures as NORAD or Citibank - is well worth keeping in mind in these discussions. Now, if they have a pair of ready-to-go tacticial nukes in the basement, or a handful of ATM machines on the patio, I'd moderate my comments accordingly.

Blue

 

Enough protection is, as others have said, is dependent on what you do online. I have a good firewall (Visnetic 2.2.6) and Antivir PE and Clamwin for backup on my computer.

Since Visnetic firewall only monitors incoming, I have Winsonar on board, and set it to kill unknown processes while online and also Winpatrol. I don't visit Kazaa sites, gaming sites, porn sites, or anything like those, so think my protection is adequate.

Nobody can ever say yet that they're 100% protected unless turn off their computer. If you use a computer and load software, even store bought software, there's a chance of getting a bug.

 

Duke-

Fresh out of nukes here, shucks.

ID theft? Of all the ID theft that I know about, none of it is from a home PC getting infected with something. The usual causes are phishing, access to printed records, especially medical and most lately, access to corporate data bases.

All the process guards, firewalls and leak tests in the world do not help there.

I am starting to think that password safe is a good answer to a lot of this crap. Don't type the password, and the keylogger does not get it.

 

Haha. All I know is that I have become a lot more paranoid after reading the forums here.

The great thing is, I did learn a lot more about pc security (I hope) in one year than I did owning/using a pc for the past 10 years.

 

Good to see JayTee, I am from the same boat...

Cheers

 

Great comments, as usual. More to consider.

As JayTee wrote, I too have become much more paranoid in the past year, with all I have read. But then when I stop and think about things, I wonder how much of this really does affect me - hence the reason for my original post.

I do have my system backed up on an image file, so I am not greatly worried about having to restore, but I do use online banking. Recently, I have (as Diver mentioned) been thinking about using password safe and not typing passwords.

But all of these personal security measures are not going to help when data is stolen from a corporate database.

 

Can someone explain to me a little more about this Password Safe?

 

Andie,

If you have locked down your browser settings (and are using a web-filter like Proxomitron to remove "active content" like ActiveX, Java or Javascript), then the only likely danger of spyware infection is through file downloads. Certain applications are notorious for these (and "anonymous" download sources like P2P, IRC and Usenet are certainly risky), but it is possible (though far less likely) for a download from a mainstream site to harbour some nasties.

As BlueZannetti has said (excellent post!), it is best to assess your risk and only apply proportionate countermeasures, though it is better to be over- than under-protected. However since there are multiple facets to security, multiple programs will always be necessary.

A firewall is the first step since it blocks unsolicited incoming traffic (much of which will be probes or spam popups) and allows you to control which applications can have network access. Each application that is allowed Internet access should then be assessed to see what dangers it can pose - with email you have the possibility of virus-laden attachments so an AV scanner is an appropriate defense. For browsers, web-filtering (possibly backed-up with a spyware scanner/blocker) is a good choice. For file downloads, a check with an anti-virus (and possibly an anti-trojan) scanner should suffice.

Second/third line security software (program protection/control/monitoring, registry access control) should not be necessary at this point but can provide extra insight (and control) over what goes on in your system.

As for corporate data theft, the only "defence" against this is to limit what data you supply and use fictitious data where appropriate (yea, my mother's maiden name is really "xyzzy"). If you supply each company with unique data (a different "maiden name" and a separate email address - see SpamGourmet for an excellent and free alias service) then you have a better chance of identifying if data on yourself is passed around and of identifying the company responsible. It is far more likely that companies will sell data on you without your consent than have it stolen anyway, especially if you live in a country lacking strong data protection laws.

 

yes hollywood that piece of software is brilliant..definatly a quitehorse..MD

 

Password safe is a free open source program. You put your passwords in there and they are stored in an encrypted file. Open it with a master password and use the clipboard to transfer the password to the login box. The only gets typed that one time at setup. After that, no typing of the password. The idea is even if your system has a keylogger on it, the keylogger will never be able to intercept the password from the keyboard. I suppose you could put other personal information in dummy passwords, like credit card numbers and such.

If there is something wrong with this idea, someone let me know. But, it looks a lot better to me than trying to use a firewall to keep the trojan from sending the personal data out. Especially considering all of the ways outbound blocking can be defeated, and how much effort it takes to implement these things.

 

Er how can you be sure that the first time you are entering the password into password safe there isnt a keylogger already running?