Security setup for an antique computer

Okay, not really an antique... It's a heavily modified Dell XPS R350 which I mentioned in another thread.

I've got Windows 2000 set up on it (it's just too slow for my copy of XP), and has a Pentium 3 (450 MHz) processor, 384 MB of RAM, and twin 30 GB hard drives. Originally I was going to set up a limited user account with SuRun; however, I discovered to my extreme vexation that Windows Update doesn't run properly unless you log in as an administrator. So it looks like a more typical security setup is the way to go.

What I've already done:

- Disabled autorun on removable drives
- Updated everything to the latest version
- Installed and run SafeXP and Seconfig

What I'm looking for in security applications:

- Must be light and fast, ideally using 10 MB of RAM or less. Every megabyte and CPU cycle counts on this machine.

- Must be capable of running on Win2k, because XP is simply too slow and piggish for this machine.

- Must be easy to use (once configured anyway). My mom, who I'm setting up this computer for, is not an advanced user. She knows for instance that clicking on a .exe in an email is dumb, but wouldn't know how to use Sandboxie or GesWall.

- Must not interfere with normal computer usage, e.g. saving files, updating applications, etc. (Returnil is unfortunately right out.)

- Freeware would be nice, but if necessary I'll pay for something (though I'd prefer it not to be horribly expensive).

- Should be maintained by someone.

- Should have been updated within the past year or so.

Mostly I'm looking at standalone HIPS and HIPS with firewalls, but if some antivirus is light enough to run on this machine I'll take a look. Also, I'm thinking a software firewall won't be strictly necessary, since the computer will always be behind a NAT router.

Anyway... Thoughts? Advice?

 

I thank Eset Nod-32 2.7 is a great start.
my firewall choice,Kerio 2.1.5 would not meet your requirement for a currently developed product.(understatement of the year.)

Maybe a look through services can turn up some dead wood to disable,and free up some resource.

 

Hi, i'm surprised it won't update in normal user acc ? Is this a 2000 specific thing ?

I can highly recommend these for starters.

" Winsonar 2008 is a program specifically designed for process monitoring and system protection from unknown processes.

http://digilander.libero.it/zancart/winsonar.html

This program has been tested and works under Windows 98, 2000\XP. "


Once you've run all the usual Apps for her and allowed them, any other unknown will be blocked, unless you choose to include it.

-

Avira

http://www.free-av.com or paid of course.

Windows 2K / XP / Vista

 

Why not just use a light AV like AntiVir or Avast?

 

What about System Safety Monitor? It's light and works on Win2k (as well as Win98, XP, ME). Freeware version can be found here.

The only thing is that's it's "noisy" (not it's fault really its' a HIPS). Maybe a more knowledgeable user knows how to set up SSM in "silent mode" (ie it autoblocks all unknown exes from running but allows anything already on the machine to run). That would be the perfect setup, you probably wouldn't even need an antivirus.

EDIT : You may want to look into Spyware Terminator too. Its an antimalware scanner with HIPS and works on Win2k. The only thing is, I don't know how "lite" it is.

 

Both SSM free and Kerio 2 are very light. I'm running them on 2K with hardware older than yours. 366MHZ Celeron, 160MB RAM. These 2 and Proxomitron are my default security package, but your mom would never be able to handle Proxomitron. They work very well, but don't meet your other requirements. Neither is supported, but on 2K they don't need it. Your mom would probably not be able to set them up, but if you did all the initial setup work, she may be able to handle it from there, especially if she doesn't install software. If you did a full default-deny setup with them and disconnect the UI so that she's not prompted, she'd be able to run without an AV , which would help keep the speed up. Configured in this manner, it would prevent auto-updating though.

 

Windows firewall + surun.
Mrk

 

Thanks guys... I eventually settled on SuRun again, just with the admin account still enabled so that Windows Update could work with a relogin. Bit of a kludge, but it does work. MBAM and HJT provide security backup and Opera is the browser, since Firefox is too bloated for old machines (and really, too bloated for new ones too).

(Out of curiosity though, does anyone know how to get Windows Update to work using only SuRun? When I've tried it using SuRun or RunAs to elevate privileges, it starts properly but all the updates fail... )

 

It worked properly in my case ... Check my tutorial ...
Mrk

 

Why Returnil is the answer. **Featuring a Returnil start script.

An antique computer can run a very limited number of apps in a limited number of configurations. In short, an antique computer might be routinely used for only a handful of tasks. This limitation ought to define your security policy.

Make sure it does those (limited) tasks well, and does them securely. For example: mine ran the latest office (with acrobat), the latest browsers (with plugins), the latest media players (with codecs) and that was IT!

Once it runs smoothly, efficiently, and effectively, put the computer on lockdown. Use Returnil, it costs nothing. After it is enabled, the Returnil GUI can be closed. Consequently your RAM usage will be close to ZERO, as will your processor usage!

It's somewhat of a kiosk mode, that handles most practical applications. To maintain, restart regularly. Don't worry about staying up to date all-the-time. Just go in and update every three months, or as is required. Otherwise leave auto-update off.

It simply doesn't get any lighter. I've used this setup personally on a machine running 1ghz/256RAM. It was reliable as my primary machine during my college years.

If you'd like NOT to restart as often, use sandboxie (in addition to Returnil). Sandboxie's GUI and process can also be terminated (with full protection intact) -- next to zero RAM and neglible Processor sacrificed. Sandboxie can be set to clear all changes when a browser or app is closed.

I ran this on my own internet connection, and could not afford a router at the time. Add a router, and you're actually QUITE solid.

***Restart (flush the system) before doing any online banking. Preferably online banking should be done from a secure removable drive with a secured browser. The (flash) drive should be used for no other purposes.

***Keep your important docs on removable devices -- accessing them ONLY when the machine has been restarted (after all changes good or bad have been rolled back). Removable devices are key to this -- ideally use one media for each security scenario. Should there every be an infection, you will be able to LIMIT collatoral damage.

***Disable your internet connection with a right-click, and leave that as the default. Never enabled internet without Returnil running.

Download ANY virus scan(ners) and scan on-demand only. If you ensure everything is clean before you "freeze your system" (enable Returnil), you should have a resonable assurance that everything will be the same when you restart in the future. I never had any postives when running an assortment of scanners. Occasionally the machine would suffer performance-wise, but I would restart IMMEDIATELY. It was always good-as-new when I restarted.

I would also use these removable devices on the best of the university's machines -- where I could scan them using its server cluster -- never had any positives.

IF in a shared network environment at home, then restrict or disable networking -- for the antique machine.




I set this script to run at startup:

==Begin bat file==

pause
returnil.exe /sessionlock
pskill returnil.exe

:: by Reco
:: pskill.exe is a freeware from systinernals
:: posted at WildersSecurity.com
:: run the Returnil shortcut to make changes

==End bat file==

This batch-file makes it possible to "button-up any changes" you've been meaning to make, prior to starting Returnil (the pause command waits for you to hit enter). It also exits the GUI (pskill) for maximum memory savings.





The catch: you will need to EITHER: >>partition your drive OR >>use removable media(s) to store changes, download updates (to be installed next restart), and for general unfrozen storage needs.


That old computer still runs just fine today. It is a guest computer now. Many comment on being surprised by the speed of the (broadband) internet. I don't update it anymore as it is mostly OFF. It really doesn't take much to run basic apps reliably, for one quick session.

Oddly, I've used many professionaly-managed machines that do not run as well, do not have software as recent, nor the proper updates, STILL!

Now that Chrome is out, it is the perfect lightweight browser for such a setup. It also has built-in sandboxing. A little-bit of computer can actually do quite-a-lot.

 

Didn't read the "no Returnil" clause.

It's one to reconsider, though. A review of the rules I outlined above:

***Save only to removable media, RESTART if performance degrades, RESTART to make changes (should seldom ever be neccessary), and RESTART before doing any online banking.

Returnil is used in many public places where users of very limited experience are able to accomplish everything they need to do.

***Save to removables, and restart often. That's it!