Security Strategy please correct me or confirm.

I decided put this post in this part of forum because I think it belong here too. Sorry if I made something wrong.

I was never infected or something even I use internet maybe from beginning of its era. (frankly so long I do not remember). Most of the time I was behind router with firewall and just having NOD32 and Outpost up to version 4. And Syware doctor. So I was thinking I am safe etc.

But now NOD32 strat with the version 3.0 and shortly speaking I lost my confidence with it. Also Outpost become problem with my system. So I start looking around.

Solcroft said about strategy and my for sure is not cleaning only. Maby I can describe my strategy and understanding what programs I need to acomplish that as follow:

1. Good inbound protection.
- router with firewall
- software firewall
- antivirus program
- HIPS (behavioural and regular rule based) - maybe fit here?
- real time AS shield - maybe fit here?

2. Good outbound protection.
- HIPS (behavioural and regular rule based)
- software firewall
- antivirus program - maybe fit here?
- real time AS shield - maybe fit here?

3. Making sure I am healthy.
- antivirus program
- ond demand AS scanners (3 of them maybe)
- HIPS (behavioural and regular rule based)
- real time AS shield - maybe fit here?

Also never using IE and Outlook. I try to be safe and download from good sources only what I really need and first read about it somewhere.

Also I do not in which of the 3 departments belong Threathfire and real time AS scanner Like ST or Spyware Doctor.

So my question is is this good strategy? If yes then I just focus on finding proper programs.

I know there are Sandboxie and Virtualization but for me It look like magic and I have to learn first. Also I do not want to much hassle and I am lazy and do not want become security guru etc. Just regular internet user with some p2p.

 

Hmm Security Philosophy.

"Also I do not in which of the 3 departments belong Threathfire and real time AS scanner Like ST or Spyware Doctor."

I don't know if your 3 "departments" make sense or if they are really a useful way of seeing things.

 

...2

...3

Yes, that would be a good starting point.

 

@feniks

I bit of overkill . A firewall , an antimalware program and common sense would be much better than 3 on-demand scanner , HIPS , antispyware , etc...

 

What is wrong in this can you elaborate some more instead making me more confused?

 

Thank you for answer and for nod making it even more complicated.

 

Antimalware is antivirus like NOD32 or Avira? Or you mean like Spyware Doctor?

Thank you for calming me down. Reading all these posts here make me think I am really way back or something.

So what you think about some setup like that:

1. Router with firewall
2. NOD32 or Avira antivirus
3. Software firewall - WDF, OA free or ESS (first two with HIPS but ESS can be with Threatfire)
4. Some AS scanner sometimes on demand.

Opera, The Bat!, downloading only trusted programs from trusted source.

Overkill already or still reasonable?

 

This obviously worked for you, so why not just revert to NOD32 ver 2.7? 3.0 is just not ready yet. As for Outpost, which version gives you problems? If it's the latest 6.0, then just revert to 4.0. You could probably ditch Spyware doctor and free up some system resources.

 

Outpost 4.0. I did not try 6.0 as my licences did finished for OF as well as for NOD32. So the another reason for my research is to try find some free replacements. So far I come out with Avira free (hope is good choice?) and can not yet decide between OA free and WDF. OA free is so good in leaktest on matousec but firewall is useless for p2p. WDF works perfect with my system and p2p and only matter with leaktest make me hard to decide to choose it over OA free.

And nobody seems to be able or want to answer my question asked even on OA forum - if I uninstall only firewall in OA will be still as good in leaktest? If not then I have not doubts that I will choose WDF where I can use DSA and firewall both of them.

 

I think you should go with what has already worked for you for years, and just find new programs to replace the ones you no longer want to use. Avira is a good choice for a free AV. There seem to be a couple of software firewalls out now that are free and popular also. I might be tempted to skip the software firewall since you already have the router, and perhaps find a HIPS program instead for watching outbound. Don't think you need much more than a router, AV and HIPS based on your past success...

 

Thank you Kerodo. So Avira stays. And I dont cross NOD32 off the list yet.

Id like some outbound control therefore software firewall but it is not so big matter. So HIPS then. Both OA and WDF have HIPS and seems I can learn them easy as I am already familiar with both. And dfference between say SSM or Threatfire is I can have firewall also. And always can install Thrathfire to all of them as it is behaviour so someway optionally can complement the other HIPS. Do I understand correct?

And Kerodo can you help with that riddle:

"And nobody seems to be able or want to answer my question asked even on OA forum - if I uninstall only firewall in OA will be still as good in leaktest? If not then I have not doubts that I will choose WDF over OA because I can use DSA and firewall both of them."

 

You could download "All leak-tests in one archive" from here and test for yourself...

 

Well, sorry feniks, but I am not familiar with OA at all, so I can't really comment on it. Perhaps somebody else here will eventually help out though. If you're determined to use a software firewall then I would guess that either one of them would be alright... it's up to you of course..

 

OA minus FW may not pass all leak tests, but WDF may not either without DSA. OA and WDF did not function well without using all their parts. I tried, and disabling either one, to be polite, made them somewhat inefficient.

 

Yes but I am afraid that I will be not able to do it correctly or interpret it correctly.

There is 3 ways of learning

- from some authority
- on own mistakes (second class inteligence)
- never learn (complete lack of inteligence)

I prefer the first way that is why I register here.

By the way I just receive answer from OA forum that OA with firewall off and rest (HIPS) on does not give any leak protection. But that was not Mike but somebody with second post posted so hm... Not yet to be sure I guess.

 

3. Threatfire, PRSC or Prevx.
4. Backup plan. This is the most important step.
5. Optional: reboot-to-restore (Deep Freeze, Returnil, etc)
Learn at your own speed.

 

Thank you for the link very good read.

What is PRSC Prevx?

ad 5. I wil check it out.

 

Primary Response SafeConnect (PRSC)
Prevx

 

Thank you. I just started to look in googles but you were faster.

So looks that they are similar in the role they play but Threatfire is free. But is also inferior in something?

 

Prevx might offer superior protection (in theory) because it also uses whitelists and a malware scanning engine (unpack, heuristics, signatures) in addition to the main behaviour blocker. In practice, I don't know.

 

The best advice would be to download and install whatever your budget allows and try it out for yourself. I trust you're not surfing unprotected right now....

 

Thank you for care. And yes I already have downloaded many things and check them. If I will have to choose based on my personal preferences, feelings and what I read here so far then it will look like that:

1. Router with firewall (linksys AG241)
2. NOD32 or Avira
3. WDF
4. Threatfire
5. On demand scanners for AS (like A2, SD etc.)
6. Optional: reboot-to-restore (Deep Freeze, Returnil, etc) - have to learn and check yet

7. and of course:
backup
Opera and The Bat!
safe surfing and downloading

If only I can solve the riddle between OA without firewall (instead windows xp firewall) and WDF full options - what will be better leak protection because the confidentiality is my priority in this security strategy.

And yes I understand that prevention is first but that is cover with first 3 and point 7 or is not?

PS. And simplicity and ease of use is important subject too. DSA not easier than OA but that is OK.

 

If I was you, I'd forget about leaktests and on-demand scanners.

 

Can you explain why please?

I know I am asking a lot but I try to understand.

 

If you use an ISR-software like Returnil, you don't need on demand scanners anymore.

An on demand scanner removes malware during each SCAN.
Returnil removes malware during each REBOOT.
There is no difference, except that Returnil will do a much better job than 10 on demand scanners, because Returnil removes any bad change (viruses, spyware, trojans, keyloggers, rootkits, ...), while on demand scanners only remove what they know and what they don't know remains on your harddisk.
How long will it take to run 10 on demand scanners and how long will it take to reboot ?
I boot-to-restore in less than 2 minuts and my ISR-software is the slowest.