Please advice on security setup for PC novice

Dear all,

A friend of my wife asked me to advice her on the security setup for her new PC. She bought a strong PC (Intel dual core, GS7900 graphics, the works) with an external drive for backup/restore.

She wanted to put her money into hardware not software (only Windows XP home edition, plus open office). She does not need an e-mail AntiVirus, because the ADSL provider offers this as a 'free' service (They are using ClamWin).

This is what I am thinking of (all free products):
1. Antivir Free (currently the best free AV according AV comparatives)
2. CyberHawk (protects against DLL/Data injection and some Registry entries, CyberHawk passes regtest 1 and 2 for instance).
3. Spyware Terminator (gets good reviews, lower cleaning rate than some paid market leaders, but offers excellent intrusion detection and some form of application monitor, they call a HIPS).
4. FireFox plus BufferZone for firefox and McFee site Advisor for FireFox

On demand scanning: Ad-Aware, A2 Squared and Bitdefender free

Hardening SafeXP and SpywareBlaster for static defense


I doubted between SpywareTerminator and SpyCatcher free, SpyCatcher scores well recently, but is also known for some false positives. I think she will delete any scary files (because SpyCatcher says so) and won't recognise that it is a neccesary part of het PC (graphic and wireless card software parts are often recognised by SpyCatcher as malware).

I am not sure she will need any additional outbound firewall (she uses a Nat router with inbound firewall). I have thought of Comodo. It is the best free firewall according to firewallleaktest. But even then it only has a 35% stop score. At the moment I am thing why bother to install a freeware firewall (to be safer you should need to buy a paid firewall and she does not want to spend money on it).

I have not included PrevX1. Because the test of Kareldjag of the former PrevX pro was not good. Also I rather use best of breed than one who claims to be a solution for all. Regarding PrevX this is not a rational argument, so I am open for suggestions.

I would ask you to include some reference (tests or reviews for alternative options), arguments and observations have more convincing value than opinions and interpretations.

One last knock-out criteria: pop-up angry solutions or very granular solutions (where you have to know a lot of the XP OS) are not an option!
F.i. SSM and Antihook are excellent free solutions, just not for an average PC user.

Regards Kees

 

I have used Prevx1 and the former Prevx Home (Pro).
Prevx1 is much better than Prevx Pro, Prevx1 uses local and community signatures (databases)and Prevx Pro does not so I would not compare any tests between the two. I am now using Neoava Guard, not that I feel that there is anything wrong with Prevx1 (just wanted to try something different).
I used Prevx1 for the more than 8 months as my only protection and never have been infected by anything, and I tested it pretty well.
My opinion is that Prevx1 is excellent software.
I am using Acronis True Image so it would very easy for me to go back to my previous configuration (Prevx1).

Rick

 

Don't bother with Ad-Aware or Bitdefender free with that setup IMO you wouldn't need them; A-Squared is debateable. The rest looks good.

 

ClamWin is like no antivirus , anyway she should protect the computer from itself and not rely on somebody else .

Why everything free , you should encourage her to spend some money on paid software because paid always offer more

I would suggest :
1) Windows Firewall (or in case she insists on two-way , ZoneAlarm)
2) Firefox
3) AntiVir free
4) Spybot Search and Destroy , Ewido Micro scanner
5) Firefox extensions -> Site Advisor , NoScript
6) Windows fully updated

 

I hope she knows what to do when the two HIPS application's pop up with a message asking for her to make a decision "Allow/Deny". At least with Prevx1 the decision is made where it is 'Known good' or 'Known bad'. I'd use SuperAntispyware over Ad-Aware every time.

muf

 

Muf, KDM31091

BufferZone does not give pop-ups to my experience. CyberHawk only when something strange happens (rarely throws a pop-up). So for her a pop-up means delete or block.

I just added the on demand scanners, because everyone always tell PC users who are not bothered with security knowledge that the MUST use an additional scanner.

My wife's PC has DEP for all programs, DSA, CyberHawk and DefenseWall. She never get's a pop-up. She also knowns pop-ups mean bad things. For the last two or three months the weekly on-demand scans show zero mal-ware, so I think you have got a point.

Thanks for the info

Kr4eye (Rick),
I do not about PrevX1, does it with stand the dfk-threat-simulator? I only know of the test results of Kareldjag.
Thx for the info


HiTech_boy,
The Nat-router has an in-bound firewall, so windows firewall is redundant. I do not agree with ClamWin for e-mail is like no antivirus. My ADSL provider also uses ClamWin and it passed all GFI Email protection tests.
For FireFox I was also thinking of BufferZone for FireFoxwould (sandbox).

Thx for the reply

 

ClamWin is, like all, not an end-all, therefore you've got to get Comodo's free for lifetime A-V - it is strong. You need a machine AV, because USB drives, floppy insertion (yup - still around) and even reading/formatting/writing to CD's/DVD's is begging for a whopper of a hit!

www.comodo.com

 

CAV is a strong AV, when did this happen ?
Test results ?

 

I second that. Average users don't know the answers when they use classic HIPS. Or they always say "yes" or "no", because they don't know the answer and put their own computer in trouble. Isn't that obvious.

Prevx1 knows the answer already via the Community Database. So there are no wrong answers.
If the Community Database doesn't know the program or the Community Database isn't available, the program will be considered as "unknown" and then Prevx1 will act according the settings for unknown programs (Query, Allow, Block). The same for "caution" programs, but I block these anyway.
Quite a simple philosophy but sufficient enough to prevent installation of malwares.
Prevx1 is getting stronger every day, because they get good, bad and caution programs from every Prevx1-user in the world and the Community Database is managed by knowledgeable people, not housewives.
I don't even have to try Prevx1 for a long time, because I know already that it is good in theory.

 

I'd go with Comodo for a free f/w, AntiVir for a free AV and Spyware Terminator for a free AS.
Like ErikAlbert I'd strongly recommend getting PrevX1 as it takes the guess work out of what to allow on your PC for the average user and disable the HIPS in Spyware Terminator unless she is a fairly computer literate.

 

I will never ditch Prevx, just because of some failed tests or because it didn't kill some malware. That doesn't make any sense and is very unfair.
Ever seen a perfect security software ? Every member of Wilders knows that answer.

It's the philosophy, the all-in-one nature and the PREVENTION METHOD of Prevx1 that convinced me to install Prevx1, not the Prevx1-fans.
I don't need a scanner that REMOVES malware, because that is already TOO LATE.

 

Kees, I think you seem to know what you are doing.

I would say with a NAT router, and all the other firepower, and the requirement of few popups you probably don't need to add Comodo firewall or any personal firewall for that matter.

Yeah Cyberhawk seems quiet, probably because it lacks execution control.

Spyware Terminator's HIPS has execution control, but I think it scans your hard-disk for all exes and whitelists them, so you won't get any popup from that feature untill new exes are created or modified.

Prevx1 fits your requirement of few popups because of the whitelist , but it's not that free (it kind of is but not quite)...

Some other ideas.

You could do PG free and turn off execution control (which is the cause of the most popups). The aim here is to add some process protection against termination attacks on security software.

Not sure if Spyware terminator has that, even if it does I doubt it has as good as PG's.

 

I think I will be using the following (free programs) setup:

1St layer:

ADSL-provider email protection
- No extra e-mail AV, ClamWin mail passes all GFI mail tests
- For extra security I will use DropMyRights to startup OutlookExpress

Firewall: only the inbound firewall of the Nat-router (Suggestion KDM31091)
- reason: simple and the best free FireWall (Comodo) only stops 35% of the threats,
Comodo also fails the Zapas injection test (while it claims to do so).

FireFox with BufferZone 4 Firefox and McFee site advisor:
- McFee gives some risk clues before driving by a web site
- FireFox less vulnarable for internet attacks (than IE) and still a mainstream browser
- BufferZone will prevent most attacks by keeping them in the sandbox/virtual environment

2nd layer:

SpywareTerminator
- Reasonable scoring anti-spyware ap
- Good intrusion protection
- Application monitor (they call HIPS) which scans the harddisk for existing aps,
so it will not throw pop-ups when launching existing aps.
Since this will be a clean install, the white list should not contain malware.

Antivir
- Second best score in AV-comparitives (and free)

CyberHawk
- Protects against data and DLL injection (passes Zapas, ApiSpy)
- Basic directory and registry protection (passes regtest 1+2)
- Heuristic only warns when anomolies happen (simply block)

I will have a look at ProcessGuard and see whether I can disable execution control
and enable termination control without going through an extensive learning phase
(suggestion of Devil's advocate).
When possible, I will also dis-allow the nag screen of Antivir with PG (nice extra)

As for PrevX:
- I have not read new facts (does it with stand the dfk-threat-simulator),
- The Kareldjag test was not so good
- The community feature is a nice black list info collection feature, but:
- There are already two blacklist solutions (Antivir AV + Spyware Terminator)

I will drop the additional on demand scanners (suggestion KDM31091).

 

I she is safe surfer don,t bother her with HIPS except for Prevx if ever u want. Antivir, ST and BZ, DMR( though i am not sure that u need it with BZ) are OK. Router plus Comdo.
CH not needed as well( just my opinion).

 

BufferZone free is only for FireFox, DropMyRights is used with OutlookExpress

When working normal, she would not even notice CyberHawk and the SpywareTerminator HIPS.

 

Spyware Terminator HIPs are not advanced and i don,t see much adavantage of using them . If u really want soem HIPS u can use SSM free but again HIPS are not for normal users.
CH-- is ur choice then Ok but I could not let it work well on my system and also it with not differentiate legit and non-legit things, again noy for beginners.
In BZ free U can add anything like IE, FF, Oper etc all at the same time.

 

Aigle,

With advanced HIPS like SSM and Antihook you are right. Because it is from a clean installation (no malware for sure), Spywareterminator scans the hard disk and builds a whitelist of allowed applicatons. With so little extra effort you have a program monitor as bonus.

When you have the knowledge to configure SSM it is not a question which one to use (SSM or ST), for sure SSM is the stronger HIPS.

by the way: great testing you did with Sandboxie, GeSWall, BufferZone and DefenseWall

 

You are right probably. I never used it,s HIPS. They seem like application behaviour control in Kerio. Am I right?

Thnaks.

 

You can easily turn off execution control with one click. Then add the few security programs to protect, also add termination rights for them.

 

THX

 

I strongly believe that the most important level of protection is the software-level . Every other protection , level of protection , can be very good additional protection which means people should protect the computer itself (by softwares) and then protect the perimeter (by hardware or software) . Protecing the perimeter with the router is good . I also use router but also keep Windows Firewall enabled . Anyway , the choice is yours

You are welcome

 

Interesting,

What is the opinion of others. Say when you do not use an out-bound firewall, should you also enable windows firewall when you also use a Nat-router firewall?

 

I just would like to underline it was my own opinion . Theoritically if you have NAT and SPI protections of router you don't need Windows Firewall . What I mean is connected to the fact nowadays you shouldn't rely only on one protection and it doesn't hurt to have WF enabled . The software firewall protects the computer , the router protects the network (although you may have only one PC behind that router ) Don't take my advise so personally , I am just trying to help

 

If you are the only one on your network, it is redundant. However, if you share the network, it can offer nice protection from any attacks from pcs on your network.

Alphalutra1

 

Hitechboy,

No I was asking an open question and say what AlphaUltra1 just made a point. At home we are sharing a network of 3 computers. I had not realised that attacks could also come from within (on all 3 PC the firewalls are set off, because we are behind the Nat-router).

So you made a point thx