Security setup for grams?

I'm responsible for setting up & securing pc's for a lot of computer illiterate people & I've given up on the AV definition model. It doesn't matter what free or paid AV solution is installed on a pc, the rogue AV's act like they're not even there.

What I'm looking for is something that prevents these rogues from installing, but doesn't interfere with the normal operation of the pc (Firefox updating itself, installing programs without being hassled, minimal or ideally no popups, etc.)

So what program provides the best protection, but is also the easiest to use? It doesn't matter if it's free or not. I've been considering Sandboxie, Geswall or Defensewall.

 

sandboxie or defensewall ... but it still needs a little interaction from the users if lets say you want to update firefox or install new programs ... but they are the best there is if I may say

 

my own experience is defensewall and appguard choose one of this and you will be safe,they are very silent programs,note that appguard is more silent than defensewall but defensewall is more kind of a complete security package

 

id say use avast 5 free.

 

avast is really good at detecting viruses and spyware but dont forget the most of the antiviruses are very mediocre at detecting fake/rouge programs mjust have some thing like mamutu or mbam pro or appguard

 

+1 ... in these modern age of computers, my view is that antiviruses are losing it's battle against modern malware specially 0 day malware ... sandbox and virtualization is the way to go.

 

and the thing is that those rouges are so nasty that they inject malware sort of rootkits in the system so the user has it's system useless unable to do nothing to remove what was introduce where a hips,sandbox,behabiour blocker will save some one's bacon in the first place
note:i am not saying that antiviruses are useless but as you said they are loosing the batle already

 

Install WOT and make the default browser google chrome for example. Some possible options below.

Option A
Install prevx (paid) - support is A+, and if a rogue gets through, prevx can add the files to the database, and on subsequent scan, files will be removed.

Could also install prevx alongside Avast or Panda Cloud for example.

Option B
Install Avast or Panda Cloud
Install Hitman Pro to run at startup (Paid) - easy to remove files, effective against new threats and as a backup scanner.

Option C
Install Panda Cloud and ThreatFire. Panda Cloud is quite light, ThreatFire works well alongside it, and TF will prevent any major changes to the system. Both free. You'd have to set threatfire to 'level 5', show the user the type of alert TF gives (when opening a browser), so the user knows what to expect, then set it back to default.

Option D
Install ThreatFire
Install Hitman Pro to run at startup (paid). Light setup, minimal user interaction, and solid against all types of threats.

If user has history of a lot of problems, could also add Panda Cloud. So Option C and D become the same.

None of the above will affect browser updates, browser extensions, windows updates, and so on.

 

@saraceno
all the software you mentioned are signature based (except threatfire) ... I doubt it would give a solid protection. And most of them you mentioned are cloud based ... you see if you are using these cloud based antimalware and then you got infected by a 0 day malware and it ruined your internet connection you are doomed.

 

againts viruses yes but very mediocre againts rootkits and rouges/fake programs too

 

hit man pro is very good scaner and with mamutu or threatfire is very solid set up

 

malwarebytes pro, works great and is a lifetime key


i use panda Cloud AV and malwarebytes pro.

AppGuard is really nice also.

 

You have to balance user convenience and actual user behaviour. Problem with adding sandboxie, or returnil for example, users will complain they can't update their browser. User will complain document was lost.

In Option A, prevx has behaviour analysis, and cloud analysis, so it's my first option.

Option B has Hitman Pro as a secondary scanner, cloud scanning, doesn't stop problem installing if it gets past an AV, but at least cleans it up upon reboot. Sometimes there's nothing you can do to stop a user from installing a program, I mean, they can ignore alerts right? So best to have an effective cleanup program.

Option C and D, ThreatFire might let something minor go through, but something which will cause the system to not bootup for example, it will quarantine. And Panda Cloud automatically quarantines threats, same with TF at times, avoiding user interaction. Once again, Hitman Pro is there as a backup.

Could also be another option. ThreatFire and Prevx. Cloud scanning, and ThreatFire to stop anything from USB or external drives etc. Regarding internet connection, rare that internet connections are lost. Most rogues slow a system down, rather than cut off the connection. They want to connect out. Want a user to install subsequent downloads, pay for the rogue etc.

You have to think like a 'noob'. We here go overboard on applications and forget how 'simple' your average user is. They don't care for 99 per cent of the stuff we talk about. Keep in mind, my first option is to install WOT and Chrome for all options. Kees here has demonstrated, and it is documented how effective Chrome is as a browser. And the WOT extension, I've tried it with many threats, and it blocks most. Awesome application, along with Chrome (and google's own malware alerts on malicious sites), a user will be fine.

 

Returnil might even be a good fit. When they go browsing turn it on and then when they are done...reboot and all is back to new.

 

@saraceno

this means that the users are the noobist of the noobs .... and classical av/am would not do them any good, they need something that would allow them to click away but still make thier system protected.

 

maybe defensewall and the famous stop attack bottom

 

I agree, Returnil is a great option. But all depends on if you can educate all users who use the system. No use in educating the owner of the PC, if his/her kids jump on and don't know how to turn the program on/off.

What the user is asking, something which is outside the traditional AV model, and something which prevents rogues AND is easy to use, I would straight away say sandboxie. But what the user is asking for, that perfect balance, is difficult to find.

All depends on the user, I know some real dead-heads when it comes to computers, and they haven't got the brain power to recover files in sandboxie, or de-activate sandboxie to update their browser etc. So all depends.

What I've suggested is not abandoning the AV model, as it does work well for say 90 per cent of the time. Adding a few extras, like Chrome + WOT + Prevx + Hitman Pro and/or ThreatFire, and I should have mentioned MBAM pro, to cover that remaining gap.

adik1337, I don't have the magic solution, but neither does anyone else. If we had the perfect solution, it'd be a 'sticky' on the forum, and the forum would slowly die with no more posts! I've hijacked this thread, so I'm outta here. lol

 

no you didnt hijack nothing at the contrary it will help the person who ask about it and maybe decide which advise will fit in his mind to choose the correct program for his need

 

@saraceno
come on man ..we are just discussing the possible options ... we are here to help others ... no harm done

 

i did test an antivirus alone and after i tested a behabiour blocker alone with same malware ?guez who did better? anyway antiviruses help with the virus/spyware needs but for the rouges has to add some thing else and yes this is a very positive and helpfull part of the forum

 

guez who did better?

Dont tease.

 

PrevX CSI with SafeOnline...

buy it.

 

ofcourse the behabiour blocker

 

As I have been stumbling along, I am basically following the Saraceno plan.

AV/AM - Panda Cloud in addition to those mentioned by Saraceno.
PrevX SafeOnline - Highly recommended
ThreatFire or Mamutu Behavior Blockers
Web of Trust - But additionally other Filters/Blockers like Hostsman with hpHosts, PeerBlocker with selected BlueTack lists, OpenDNS with Filters, AdMuncher, Proxomitron/Privoxy/BFilter/Popilio

 

First rant, don't take this personal it is a big frustation of me that even on Wilders FF is praised for its security

Drop FireFox, how can one advise FF to computer illeterates? Even on this forum its security is overrated and parotted over and over again.
The developers of FF are now considering to apply some form of policy sandboxing. They call it Electrolysis. Let's hope FF pick's up on security (after all 3.6 finally brought cross site scripting protection).It is unbelievable how resistant this tale of security of FF is.

Don't mention no script. No script cripples the useability of a browser for the average user. When you want Noscript use Chrome/Chromium it has build in content blocking (cookies, images, plug-ins, extentions, javascript etc).

Second rant (yeah I am a grumpy old guy)

No software can compensate for user stupidity, educating them or removing the rights or remotely admninistered service is your best option.

Cheers (no more ranting I am going to get me a beer)