Medium Level Security -- for beginners.

Members of Wilders, please post your 'Security Scheme' here that meets the following criteria:

• As free as possible
• As silent as possible
• As easy as possible
• As lightweight as possible
• As configurable as possible

This should be a list of MEDIUM LEVEL security. You decide what medium is. No ultra-light or ultra-tight setups please. The intent here is to have a thread that beginners can find in a search engine, that offers good, possibly free security that performs well without bogging down resources and no confusing pop-ups or super intensive configurations. There are plenty of other threads to use for that purpose. My hope is that members here can put forth some different schemes that beginners can play with, and possibly understand and incorporate.

I will go first.

For the beginner who wishes some security, but also wants to continue to be an Administrator instead of a User, this is what I would do.

• Use a router if possible to control incoming network issues
• Use of firewalls should be carefully considered depending on your knowledge. Improper use can lead to false security or confusion and possibly connectivity problems
  1. Use the Windows firewall if you are concerned about local network traffic or want a lightweight extra layer, knowledge level is fairly low.
  2. Use an 'Application Aware' firewall only if you feel you understand what it does, knowledge level is fairly high.
• Use an Antivirus that you trust. Antivir and Avast both seem fairly lightweight and are free.
• Keep programs updated. This will usually alleviate many issues, but there are exceptions.

That is a pretty easy start. Next, I would encourage beginners to learn what NOT to do when online. Understanding how an infection etc would take place is critical. Normally you will either be tricked into clicking on something in an email or on a website. It is best to use a simple rule. If you did not request it, it is not legitimate. Companies and Vendors do NOT send you notices that you need to download or click on to activate. They may send you notices that you need to check for current updates though. But as a rule, assume the worst and do NOT believe anything you see about your state of security.

The next common method is by you doing it to yourself, by downloading and executing (running) new programs, movies, pictures, music, etc. A good common rule is if you don't explicitly trust the source, then think twice. An Antivirus program is NO GUARANTEE that you will not be infected. A good Anitvirus IS good at detecting and warning of things it knows about. It could be said the most dangerous are the newest ones, unknown to your Antivirus program until after the fact. For a beginner though, it is a good idea to still use an Antivirus.

That leaves us with a rather typical situation. The beginner who does not really know what site to explicitly trust. Or recieving an email that they must open. Or feels a video to watch is going to be safe. It is going to happen. At this point, there are many programs available to help minimize any possible damage that could incur. Generally these are called HIPS or Behaviour blockers. Many can be designed to be easy to configure with few pop-ups, but certainly not all. Deciding on these types of programs will be on a per user basis, as undoubtedly they will cause the most confusion of any type of protection available. I will leave that to others to chime in on this thread as to what they feel is medium level with easy configuration.

I would like to propose though a simple and free method for beginners that might be somewhat easy to understand. It is called SRP, short for Software Restriction Policy. In every XP,Vista and 7 OS it works. There are more than one way to use SRP, so I will focus on what I feel most beginners want, which is to stay an Administrator instead of being a restricted User. With that in mind, I would do this.

First, identify the programs you use that go online. Browsers, email programs, chat programs, p2p/torrent programs, media players. Pretty much anything you use online. As a beginner, you do need to know a few things to use SRP. You need to know what a file and a directory are. You need to know what a file type is. Such as what a text file versus an executable is. If you do, then you can use SRP.

Next, I think it is important that you develop a strategy to conform to, that will put a set of laws into place that you are aware of, and that you can understand. These are simple. I would suggest that you create a directory for downloading things into. Maybe you create something on your c: drive like this

c:\My_Downloads

The idea is that anything you download goes to one spot. A special spot. Personally, I set the options in my browsers not to even ask me where to download to, but always download to my special spot. This way I know where to look for everything. Now, you may be asking, why do this. A good question, and here is why.

As an Administrator, anything you execute has rights to delete or modify pretty much anything, with some exceptions. This is not good. It gives malware or virii a huge door to your system. On the other end of the spectrum is the User account. This account has rights to create custom new folders, and create/delete/modify items in your 'My Documents' directory. It does not allow create/modify/delete actions in

c:\
c:\Program Files
c:\Windows
some registry locations

This means, that while being a User is more secure, it also can be a hinderance to many. So, as an Administrator, we look for an easy method to reduce our risk. This is where SRP comes in. You can use the Local Security Policy on XP Pro machines and some higher levels of Vista. You can also use my program http://mrwoojoo.com/PGS/PGS_index.htm in these versions or XP Home and lower end Vista versions. Either way, the goal is simple. We want to either deny execution of key programs, or restrict key programs to start as a User, not Admin. This is called being a Basic User when you restrict it.

As an example, we will use Firefox. In SRP, we make a new 'Path Rule'. The path can be
c:\Program Files\mozilla\firefox.exe
or just
*firefox*.exe

either will let SRP know you mean the program Firefox. When we make this SRP Path Rule, we must choose a level. We don't want to Deny our browser, so we will choose Basic User. This means then, that Firefox will start 'as a User', with all the restrictions that go along with it. And further, ANYTHING that Firefox starts, will also be 'treated as a User'. This means Firefox or offspring programs from it, will not be able to install programs or manipulate with many system objects. This is good. But it can also pose some problems.

The primary problem is that you might want to actually install something you use, such as an Adobe Flash or Acrobat update. Security is not perfect, and most all schemes of security force some sort of compromise. My compromise is pretty simple. It is my philosophy that if I download something, it goes to one place only. But I also want that one special spot to have some security. So I make an SRP Path Rule like this

c:\My_Downloads -- level of 'Basic User'

This way, the very folder that I download things to, anything that starts from within it, is automatically demoted to being a Basic User. If I am opening a text document, it starts as a User. If I open an .mp3, the player starts as a User. Anything I can run, that does not require and install first, is restricted to a User. Some things may not work. Some things might. I can open a .pdf in that special folder, and not really worry about it. If it tries to modify some critical file, it will be restricted the same as a User.

But, I think I am pretty safe with installing that Adobe Acrobat update. But how if that folder is protected? Simple. Just move it to a different folder. Then run the installer. Now it installs because you are both running it outside the browser which is restricted, as well as the special download folder which is restricted. You still have to trust that the program is legit though.

I go one step further and use Sandboxie to install things into, just to make sure before I expose my real system to it, that it is Ok.

At some point, beginners need to decide what security means to them, and how much time they want to spend keeping track of thier security. I like this setup because, while not entirely fool-proof, it does offer free protection with minimal pop-ups and what I would call a pretty low level of knowledge required to configure. Of course there are other means to do this, perhaps such as purchase the program AppGuard or DefenseWall. There are more robust ways to ensure what you run will not bork your system.

I believe a beginner has to start somewhere though. And I believe SRP is a great place to do that. Going from a firewall and an antivirus, to having your internet applications starting as a restricted user is a pretty big step. At least, it starts the ideas and maybe some learning.

Sul.

 

Interesting thread! Personally I like the idea of:

• Windows Firewall
• Automatic Updates enabled at Automatic
• Using alternate apps, such as Firefox with AdblockPlus, Foxit, VLC - to reduce the chance of vulnerabilities
• DEP on for all programs and services
• Panda USB and AutoRun Vaccine - to disable AutoRun
• OpenDNS
• AVG LinkScanner and WOT
• Avast - automatically updates and removes threats
• ThreatFire - automatically remove threats

This is probably slightly less secure than the setup you laid out but IMHO might confuse users a bit less.

 

I got fed up continually cleaning my parents computer and so decided to make the security protection as easy, and effective, as possible. The main problem was my nephews using the computer when they visit. Downloading screensavers, using youtube, obviously clicking links on facebook, myspace, etc. It was a pain in the arse.

So here's what I did: XP sp3

1) Created 2 LUA accounts: 1. Parents, 2. Kids - nephews have no idea they can only instal programs on admin account. They think the computer is broke

2) Sandboxie ... The basic instruction I gave: if you want to save, a photo, pdf document, file, etc ... remember to click Recovery! or its gone forever. Other than enabling auto delete sandbox when closed its standard out of the box config.

3) Avira AV - Med heuristics, Read + Write protection ... auto update + schedule scans twice a week

4) Windows Firewall + behind a router with firewall

5) Firefox default for all browsing. I removed all browser icons from desktop and just left Sandboxie default browser icon. Kinda forcing them to use Sandboxie lol.

6) Added Spywareblaster - no resource using site blocker, small degree of hi-jack, cookie protection.

7) Foxit Reader, I just do not trust adobe's version

8 ) DEP - control panel/System/Advanced/Settings/Data Execution Prevention/ ticked for all programs and services. Exceptions I added disk defrag.

9) SuperAntiSpyware + Malwarebytes - though waste of time as parents never remember to scan. But they are there incase.

10) Keyscrambler for both IE + Firefox. Freeware encryption of your keystrokes

11) The most important feature IMO, Windows Update is enabled.

Yet to find anything on the drive with this set up. I scan for them when I visit and make sure, for my own peace of mind, that there are no problems. Seems to work.

 

'As free as possible
As silent as possible
As easy as possible
As lightweight as possible
As configurable as possible'

I see some conflicts. Easy, light, free, configurable (but not too complicated) ? I've been trying to find a firewall that meets those requirements. I didn't succeed. Webroot's and Pctools' products had issues, and I don't trust the vendors. LnStop is supposedly a pure firewall, but not free (I think that a firewall should cover application control, not just basic packet filtering). Sygate and Zonealarm ? Outdated, although I'm not sure to what extent that matters. Then there is Comodo and OA, but these are more complicated products, not really for beginners. Unless you disable all HIPS elements.

It's a bit the same for other software.

'I believe a beginner has to start somewhere though. And I believe SRP is a great place to do that. Going from a firewall and an antivirus, to having your internet applications starting as a restricted user is a pretty big step. At least, it starts the ideas and maybe some learning'

To be honest, most people don't want to learn. And should they ? Some people here are IT professionals, for many IT is a hobby, for me it's a topic of interest. For most people it's not even that. They want to deal as little as possible with computer security. Let's compare it to automobiles: Do you really know how your engine works, do you understand the complicated electronics that are in most modern cars ?

Learning about the social engineering part, not clicking on ads, banners, knowing how to deal with spam, being careful about what they download is a different matter.

Having people start with SRP is fine, if they are willing to commit.

I really think that for most people a suite is the best approach, in addition to know what to do and not to do on the internet (social engineering etc.)
The Avira security suite, KIS 2009 and a few others are very light on this 5 years old computer. (I trialled Avast, and it was somewhat sluggish on MY computer) And how much does it cost ? About 40 euros (not sure about USD) for the Avira suite, and Eset NOD32 and KIS 2009 aren't expensive either for strong security software for one year. Compare it to other things you spend your money on.

But I wish you success with your project. Good luck.

 

Um, thanks for the input, but I was really thinking that perhaps there are peeps such as ourselves who are just starting thier journey, not yet ready for the more advanced software/settings. Maybe a thread of what I call 'Medium Level' security can help them get started. I should like to think so anyway.

Sul.

 

I think a LUA + SRP is the best way to go. Easy to setup and configure and almost bulletproof protection-wise (plus it's free).

But for those who don't have Win XP Pro/Media Center Ed or Windows Vista Ultimate/Pro, you can get a similar setup to SRP using Comodo firewall. There are instructions here :
http://forums.comodo.com/feedbackco...ximum_security_with_zero_alerts-t37233.0.html

Its free, and easy to setup and configure. No pop-ups and it allows trusted applications to update themselves without needing to disable/enable protection.

 

Just a (minor?) point: I've read that on the Windows XP Home Edition (unlike the Pro edition) LUA+SRP does not work, at least not without difficulties.
I also seem to remember that someone came up with something that would solve the above problem. I don't know what it is, but if it exists, it might be worth posting.

 

lol, yes Lucy originally posted the registry items for doing this in Vista (or was it Tlu first?, regardless), which also works in XP Home. I made a tool for it, located in this forum, called PGS. It makes it simple to get SRP working in both XP Home and Vista versions. As far as it not working, that is not correct. The values placed into the registry work because during certain calls (ie. CreateProcess), all versions of xp and vista check the SAFER reg keys for any SRP rules. It only works on Home and Vista because of this feature. They have changed it in 7 though. It looks like in 7, you must use the Group Policy to create the rules in order for them to work correctly. Unfortunately.

Sul.

 

Dear Sully:
At $25.00 per year,Returnil Premium is not free,but I once heard it said a drunk cockroach can pretty well figure it out,and I thank it is great security.
sandboxie default is as simple as using its icon on start your browser,and as
the other poster said to remember to save what you want to save.(Also to understand that this is where you can run into trouble.).
Firefox with ad-blocker pro and KeyScrambler is simple and easy.
No-Script is good but I just cant hang with it,and I am sure many at my lower skill will feel the same way.
I like A-Square free because it is possible to update signatures,and save them via my computer+program files+a-squared,without booting out of Returnil.
I use Kerio 2.1.5,and block calling out of IE7,Media players,and Foxit reader.
When I want updates i check for them.(I have a router as well)
I use secunia to check for Flash,Java,etc,and have Windows Updates set to notify.
I also do not use a email client,and rely on gmail only.
I have a backup program,but really having DVD-R copies of my books,pictures,and music is my most trusted method.
Not having any real time,is a weakness for online shopping,banking etc,but I do not do them.
However I do use Prevx Fee,and if i am alerted of an infection,I can reboot,and hopefully Returnil will clean the slate.
All in all,my system seems pretty secure,is very light,and costs $25.00 a year.