How safe is this... ?

Greetings all,

Been away from this forum for a while, but I'd like to get up to date.

I'd like to know from your professional opinions what you think of my current security set-up:

- D-Link 604 broadband ethernet router
- Eset NOD32 ver. 2.70.39 (recently updated to the x.39 manually)
- Jetico 1.0.1.61 FW
- SSM free (2.08.584)
- since uninstalling resource hog Spy-Sweeper 5.5, I do on-demand scans with SAS, AVG-AntiSpy, A-Squared Free-AntiSpy, SpyBot S+D with Immunization, and Ad-Aware SE Personal
- occassional online scans w/ Kaspersky and Symantec
- FireFox w/NoScript and T-bird

I haven't had any infections in the past 8 months, but I'd like to stay ahead of the game.

Recently I've been considering going to either Jetico 2 or Online Armor, the latter for both a firewall and HIPS. I've tried Comodo in the past but found it a bit heavy. I tried Kaspersky IS (6.x) but found it to be very tight and also a large weight. I'm willing to pay for a better set-up if it will be an appreciable improvement (more effective with minimal hit on resources). My rig is a thinkpad T60p (core duo 2ghz, w 2gb ram).


Comments, suggestions, thoughts... ?


Sam


//

 

You setup seems good, though personally, Id use less antispyware. SAS alone is enough for me.

 

Yeah, it looks kind of paranoid with all those anti-spy apps. I had one bad episode about a year ago, and since I removed Spy Sweeper I have wanted to be covered. In reality I only use them on occassion -- once every few weeks -- and always on demand.

So you don't see a major need to go up to Jetico 2 or OA??



.

 

You might want to check out a MVPS Host File. Uses no resources and acts like a blocklist for bad sites. It updates 1-2X per month. You will need a program to mange it and for loading updates. I use HostsXpert. All are available here:

http://www.mvps.org/winhelp2002/hosts.htm

Other than that you have hardware/software firewalls, AV, HIPS and scanners and using Firefox. Looks like you are all set.

 

Need? No. But you certainly can if you want.

OA is capable of replacing Jetico and SSM.

 

Endorse that, or when liking freeware have a look at EQSecure 3.4 to replace SSM free.

Regards Kees

 

I saw some good news re OA on the firewall leaktest sites, but one said that OA "cheated" a bit in its last test. Any further news on that?


/

 

Well Matousec considered using userhooks as cheating thus Online Armor had to be retested and consequently lost some points.

Tallemu is testing a new version of OA with no userhooks and hopefully it should become number one

 

What advantages of EQSecure 3.4 over SSM free?



//

 

I'd be interested in knowing that myself...

 

In brief: file protection, superior application and registry protection, keylogger protection, low-level disk access protection, defense against kernel unhooking, the ability to terminate an offending process right from the prompt window, can create more fine-grained rules, better task manager (detects hidden processes) etc. I'm sure I must've missed a few.

 

Thanks solcroft. Definitely something for me to look into.

 

You had me sold after the first 2 things. Hardware based firewalling and a good AV along with safe browsing habits can render everything else on that list a pretty moot point. If you want a dedicated HIPS however I'd recommend getting the pro version of SSM, or if you want an adequate freeware HIPS I concur with Solcroft on EQSecure. As long as you're only using your AS programs for on demand scanning, go ahead and get as many as you want since it's not sucking away precious resources. You may want to add AVG antispyware Free & Spyware Blaster while you're at it. Also there's a new version of AdAware (2007) Free, you should uninstall the old one and get the new.

 

I would consider an image/restore program with your setup.
That way if something go's horribly wrong, a snapshot/image restore would be a lifesaver.

 

Sounds good. Thanks for the heads up! How about using resources?


//

 

Thanks for the idea. I'll look into it. I read some stuff on hosts files a few years ago. I use Spybot S&D, and he puts a hosts file into my machine. I take it your suggestion does the same?



//

 

Yes

 

OK, I made the change: I took out Jetico 1 and SSM (free), and put in OA2 (w/ firewall). So far what I've noticed is:

-- OA actually takes up a few more MB of ram than did my Jetico+SSM setup did.

-- the interface is neater, integrated, as to be expected; the FW portion reminds me of Comodo FW; instead of two different (and very cryptic) dialogue boxes, OA gives a more user-friendly explanation in its dialogue.

-- that's about it so far; it's only been a couple of hours, so nothing big has happened; speed seems the same as the Jetico+SSM rig.


So... What might be the advantages of going with OA2 w/ Firewall over going back to Jetico 1 + SSM (or EQSecure) ??



//

 

any idea on how to load this on a limited user account machine ? If I log on as an administrator will the hosts file still work on a LUA ?

 

Thanks for your comments, luciddream. If the router and nod32 are all that's needed -- along with "safe browsing" -- then why get SSM full?? Sounds like wasted money! How about a compromise: EQSecure? Btw, how is EQSecure on resources relative to SSM free ??

I'm trialing Online Armor 2 and it seems nice, uses a bit more resources than my jetico+SSM free did, but the main thing is that, again, it's $40 to 50. Needed?? Seems not.

One last question: the router -- does it protect me because its IP address is totally different than the one my machine is using? Or for some other reason?

Oh, and I forgot to say earlier that I also have AVG-antispyware (free) installed, used on demand. I'll check out the new Ad-Aware.


/

 

I would not waste my time with the new ad-aware. Just my opinion. But if you are concerned about resource usage I believe ad-aware runs some sort of program in the background in its free version- kind of like how avg as runs its guard in the free version after the 30 days trial is up. Although the background program in ad-aware cannot be shut down, even in the free version, if I remember correctly.

One advantage of Online Armor 2 is that there is an active forum for users where you can get some quick feedback/support in case you run into any issues.

 

Thanks, acr1965. With all the other measures against spyware/malware, I probably don't need to burden my machine with yet more running processes! You're right on that.

As for the OA2 board, that's good to know. Right now I'm leaning toward going back to Jetico 1 + either EQSecure or SSM (free). Seems my setup is pretty secure as it is. OA's nice, but a bit pricey for something not totally necessary. If I can get the same effect for less, then ... why not?


/

 

That's a good idea. One question on that: do you recommend keeping the backup image as a condensed version of system files and documents only? Or a total copy of the image of the entire hard drive? The first would be a lot smaller than the latter, of course; latter would be 20Gb (uncompressed) for me.


/

 

I recommend the use of partitions so that C: contains windows and programs and F: contains documents.

My C: when imaged is approximately 3.5 gig. If or should I say when I do something foolish I can restore my system in about 7 minutes.

As to how safe is this.... ? I only use a hardware firewall with no realtime software firewall, no anti-virus, no anti-spyware, no hips and experience no problems.

I do however use deepfreeze6 on some machines and Returnil on others. Basically this means that C: is frozen and at reboot any bad things that did get on would be gone.

I run as a limited user rather than an admin user. Any malware getting on a machine would have very limited rights to do any harm.

In 11 years of surfing I have never actually seen a real live virus, nor downloaded any spyware. With a bit of common sense I don't think things are quite as dangerous as some seem to believe - certainly not dangerous enough to load my poor machines down with copious security programs many of which are of dubious value.

 

How safe a setup is depends mostly on how one uses the machine I think.. Some people like to be heavily armed, others run very light. If you're expecting to run into lots of nasties, then by all means, run your HIPS and whatever else you want. I prefer to run on the lighter side, and have experienced little to no viruses or malware here in over 12 years of internet use. So again, it really depends on your level of "education" and how you use the PC..