If you don't use an AV please post your Security Setup

Or can't do if using LUA and SRP.

Hmmm, PC-protect.exe huh. Haven't seen a PC Protect as yet and wouldn't mind a look.
PC_protect.exe received on 2009.07.29
Result: 19/40 (47.50%)
File size: 1489254 bytes

Well whadya know it's actually an installer for:



Grab droppers and upload/report to blacklists not hitting it. So damn easy and secure in a full blown admin mode.

 

I'm not entirely convinced the inability to run most malware executables is a bad thing.

Sure, limited user accounts and SRP are not intended to be tools for malware analysis. Most people don't want to play malware analyst, though, so that would not be a problem.

 

A slight paradox...

The 90% of people that would benefit most from LUA - ie as Sully says, those people who use their machines to do things (users) rather than those who do things to their machines (admins, & not forgetting malware testers) - are probably also those who would actually find LUA the easiest to live with, simply because there is less need to be continually changing or elevating to admin..

Hence, it is likely to be the more knowledgeable of you posting on here that may well find it most irritating (or even impossible) to use. But - it is those same people here who are best placed to provide guidance and leadership to "the great unwashed" on these kind of issues, and to encourage them - and not just children or house guests - into simple and safer practices, even though those same experts may find those same practices most difficult to adapt to, and hence difficult personally to recommend.. Some of your own finely tweaked and impregnable set-ups on here could never be achieved or understood by most, whereas simple, easy to use and effective concepts and killer apps very much could.

Peter

 

good post Peter and very true. That is why I will always be one of the, "have-nots," so I can practically use my computer.

 

Well said.

The needs of the average user are not complicated. They want to be able to browse, use email and IM, use their office sofware and play some games - simple stuff like this. It isn't complicated. They also hope to be malware free, so they don't get their browser hijacked or their bank or PayPal accounts emptied, but they don't know anything about security and don't know how to do it, so they need advice.

What the average user neither wants to do or needs to do is stuff like playing around in the registry to find hidden settings in Windows, or installing and uninstalling software constantly, or trying to tweak their Windows installation to use minimal resources, shutting down services and removing components. And most certainly the average user does not want to play a malware tester! Malware is precisely what they're trying to avoid. They don't want to intentionally download it and then execute it, only to see what it does and then report it to some blacklisting company.

So, when making recommendations on security setups the more experienced, advanced users might want to consider the needs of the average user instead of their own needs. The average user will benefit the most from a set-and-forget type of setup that does not need constant tweaking or updates, that doesn't ask questions all the time and most importantly doesn't rely on the user to make the decision to block or allow - because the uneducated user will most often give the wrong answer when asked a cryptic question (like "Allow rundll32.exe to load a DLL into svchost.exe?"). LUA and SRP is a pretty excellent free solution that needs no extra software and no definition updates. Whereas a HIPS product for example tends to be far too much for any average user, unless they have a great interest in it and lots of time to spend.

Again, that's not to say that LUA and SRP would be perfect for everyone. Clearly it's not, since nothing is. But, I try to help people run securely without having them rely on sheer luck and blacklisting products like AVs, and for the average user LUA and SRP is the best solution that I've so far found. And for someone not so average, such as myself, LUA is a nice, simple, effective free security measure that doesn't slow down my systems or bother me with false positives.

Whatever one thinks of the least privilege principle, it is a critically important part of security.

I think I found what you're referring to.

https://www.wilderssecurity.com/showpost.php?p=1494301&postcount=4

 

i personaly use the "red dot" av solution

 

"He who gives up freedom for safety deserves neither"

As for my own highly professional and completely unbiased assessment -> "What a load of utter shite"

 

I guess my whole point on most everything I speak of is based on the assumption that peeps, erm peoples here are probably aware enough for the most part of what to install, and what not to install. When we talk here of how to do this or how to do that, I don't imagine most are ignorant of such things.

It serves two purposes to have these kinds of threads. First, and my favorite, is as I have said, other viewpoints if looked at with an open mind, can often spur new lines of thought. I greatly enjoy that, as with so many different viewpoints presented here, how can I not think about things with new angles? Second, and as valuable is that others who may not know as much, those 'lurkers' who probably don't post because they don't want to feel stupid, they hopefully can pick something up in way of knowledge from these topics.

I am always thinking of how to use something that is easy and secure for me, but that hopefully can also be used by my kids, my wife, my family, my friends and all those others who call me to help them fix thier problems.

It has been pointed out that LUA is probably very useful for a large majority of average users. How they don't want malware and this would be of great benefit to them. As I have stated, it is also these types of users who will likely download the objects Franklin has just mentioned, the rogue applications. I don't have an issue knowing what to install. Most of you here probably don't. As Windchild points out, a digitally signed application from Microsoft is probably trustworthy. But the very ones who are probably to benefit the most from LUA are the very ones who would be apt to download and install some nice new program. And when they try in LUA, they will be denied. If they understand LUA, they will know to elevate privelages to install what they want. As I said, it is game over at that point.

If these average users are not educated enough to really know what they are about to install, then HIPS won't help them. Many here myself included could use a HIPS in 'uber-chatty' mode to find everything they wanted to know about an installation. Or use SBIE or vmWare, lots of methods. But it is the basic everyday user who has no last line of defense. They must elevate to install, and they lack the knowledge to know what not to install. I have seen it over and over again. Just when they get saavy enought to understand what an executable is, they get saavy enough to grant it admin rights to install, and they suddenly realize they need someone who is more saavy than themselves to undo the situation they just brought on themselves.

The only good thing about an AV like Avira is that if they are about to install some application, and the virii defs are current and the stars are aligned, it will bark at them, causeing them to probably stop what they are doing.

This feels like a sinking ship more and more. The answer lies in either imaging IMO or user education, which I try my part to do but it is a very slow go. The only other hope I see is forums like this, where peeps can google up something they are wondering and possibly stumble into here and begin to see things they had no idea of before.

Sul.

 

I really don't think imaging software or rollback software is any solution. They don't prevent actual infection - they just prevent it being permanent, which may not always be good enough.

User education is really the only way to go for real results, but then, extensive user education appears to be impossible in real life scenarios. Many security measures like LUA/SRP will prevent the user from getting casually infected from drive-by downloads, but that leaves the larger problem of social engineering attacks.

A partial solution to that is just strongly advising the user to not install random stuff and leaving out more complicated instructions on checking here and there for whether the software is safe. Quite often, I find, such simple advice works. They no longer install stuff just because a "friend" (ie. someone they don't know but is a fan of the same actor or musician on some social website like Facebook) tells them "Heres a cool app, try it!!11!" And where it does not work, probably almost nothing does.

 

You know that we are talking about computers here, we are not giving up any freedom we have at the moment.
With a LUA you might have to click some more at the worst.