Setting up a secure environment

We currently have 3 laptops that access the web that also have access to a server which stores files such as documents, images, etc. We use the laptops to browse the web, access emails, conducting e-commerce transactions, banking, etc. The laptops run Windows 7. They currently
have the following security applications installed.

Antivirus
AVAST 5.0 Free Edition

Antimalware
Spybot Search and Destroy

We just installed Microsoft Security Essentials. My question is considering we bank online, putchase products online, etc what should a base system have installed. I generally update the laptops with the latest patches as well as ensure to scan them on a regular basis. My concern is that should one of the kids be browsing an untrusting website all the other laptops and server may also get infected.

Appreciate any advise.

 

You can try sandboxie and IMO replace spybot with Hitman pro ondemand scanner

 

For your internet needs PrevX SOL would be a good option.
Or you can try other programs such as Online Armor (This one has a banking feature), Spyshelter, Zemana and many others. (Be warned that they are HIPS which will give you lots of pop ups)

SpyBot S&D has been quite slow in the recent years, i think it's not necessary but it's your decision

 

I would consider using the free Facebook version of Prevx Safeonline. It's solid protection for online transactions. It's very user friendly too. Not much a kid can screw up on it either. For paid apps I prefer Appguard. It's Avast friendly, quiet, and very effective. Either way you're good to go. You really should read about any suggested program, trial it, and then see which one(s) fit your family's needs the best.

 

Is there a free alternative to Hitman Pro? As with Sandboxie, is it advisable to run every application under it e.g. Word, Internet Explorer, Firefox, etc?

 

Hitman Pro is the only easy to use cloud multi engine scanner out there i think.

BTW, don't miss PrevX SOL it's free with their Facebook promotion, and it's very good

About Sandboxie, it's not necessary to run everything in it.
The most recommended things are running your browsers there and IM software (Windows Live Messenger, ICQ, Yahoo Messenger etc.).
Since most infections/malware nowadays comes from the internet through downloads or exploits etc.

 

There is no free alternative to Hitman pro but I know a software that works very good you can give it a spin.. -http://www.avertsoftware.com/- (The author is very active here and willing to help with issues) as for sandboxie it is good to run your browser, IM sandboxed and also outlook if you using it...

 

AVERT is good for emergency situations, for everyday usage it would be useless (Long time scanning, downloading all the BootCD's).
Unless you have time and scan it every once, it's not really suited for everyday usage.

 

The first security measure to apply in a Windows environment is setting up one or several standard user accounts:
-malwares have therefore no access to the system. Integrity is kept.
- user malwares can only "damage" or "steal" information from the user. Efficient for kids accounts which are not supposed to save any banking info.

A simple and free antivirus is then sufficient to guard the computer (on top of windows firewall).

Simple, easy, efficient.

 

There's a current giveaway of zemana antilogger..you can try it
-http://www.wilderssecurity.com/showthread.php?t=292061-

 

+1.
Depending on the age of the kids, Sandboxie can be very useful in order to contain "mad browsing".
In that case I'd sandbox all internet facing apps as IE, FF, IM programs etc.

If you'd like the assurance of an extra scan/2nd opinion, HitmanPro (free version) is excellent.
Very fast (even while it uses multiple scan engines) and a very high detection rate.
Malwarebytes'Antimalware is also an excellent (free; on-demand) AM program.

Also make sure to check out what Win7 offers through build-in 'Parental Controls'. link

(For consideration, make images of clean&updated new laptops and keep important stuff also on a separate backup (HDD).
With those 2, you can always securely restore a completely botched system with relative ease).

 

As user Lucy mentioned:

You mention this:

My advise would be:

1 standard user account for general purposes;
1 standard user account only for the kids;
1 standard user account for web browsing;
1 standard user account for e-mail
1 standard user account e-commerce transactions.
1 standard user account for banking*

You decide if you need any other.

* Use two web browsers. One for general web browsing, which would only be used in the standard user account meant for web browsing. The other one for accessing your bank account.
I'd personally use Internet Explorer to access bank account and restrict Windows Firewall to only allow Internet Explorer access the bank website IPs.
Then, I'd personally use Chrome for general web browsing.

-Edit-

I don't know how you'd like it, but I would prefer to make use of a different Chrome profile to use for the e-commerce transactions, and leave IE alone for accessing the bank account, restricting IE to access only the bank website IP(s).

-End of edit-

Do you use an e-mail client to access e-mail, or use web browser? If so, I'd also use Chrome, obviously.

Obviously, if using a separate account to access e-mail, I find it easier to have a secondary browser profile (hence I rather use Chrome), in the same account, to use only for accessing links from e-mails under Sandboxie protection.

If you store your passwords in a passwords manager, I'd create a secondary Administrator account, which would only be used to elevate the password manager to have this account privileges, and create a privilege isolation from other processes also running with administrator rights from the main administrator account (the one created by default by Windows).

 

Thanks m00nbl00d. So are you suggesting that we use a different account for each action e.g. one account for banking and another one for browsing? Assuming that one profile is infected by malware, a virus, trojan, etc would this restrict its access to that specific account or is it able to propagate through the other accounts?

We have tried Chrome but despite using the latest version, it has issues connecting to websites that use SSL. We faced this problem when attempting to access GMail. Hence we are using Firefox.

I am curious as to why you are suggesting we use IE for banking?

Now application can I use to scan if any of the machines have been infected with viruses, malware, trojans?

Some suggest MalwareBytes however I have come across posts that suggest that its database is not as comprehensive.

 

Thanks. Is HitManPro (free version) available for the life of the product or is it only a 30 day trial? Also as for MalwareBytes, does it have a comprehensive database? I read somewhere that its database is limited.

 

Thanks. Any suggestions as to what I can use to confirm if laptops are currently infected in any form and shape?

 

What are your thoughts about Microsoft Security Essentials? Does it conflict with other applications?

 

Yes, assuming that no malware gets Administrator privileges, meaning the infection would only happen within standard user account, then it would not propagate to other standard user accounts.

Interesting, because I personally use Chromium (the open source project which Chrome is based on... basically Chrome without Google brand behind it.), and I find no issue with it regarding SSL. Odd.

OK. I guess you can make your way with Firefox, then. Does it allow for different profiles? I must confess not knowing about it.

The suggestion had more to do with any compatibility issues than anything else really.

Only you could tell for sure if any incompatibilities may exist. But, do use two different web browsers, being one only to access the bank account.

As for that, rather than having on-demand, I have installed MSE (Microsoft Security Essentials) to relatives, based on pretty much the same setup as I suggested to you.

I just coupled it with Prevx SafeOnline, Facebook version (full SafeOnline version). They wanted something to protect against keyloggers and some other stuff, and considering their banks were not suggesting anything for that, I installed them Prevx SafeOnline, which also serves as an Intrusion Detection System.

Then, Malwarebytes Anti-Malware. Most of all, common sense... allied to sandboxing.

I think that with the suggestions provided by others you can see a larger scenario of what may be out there for you to achieve a safer experience.

 

MSE is very good if paired with some kinda HIPS..IMO

 

Which HIPs application would you recommend?

 

HIPS software bring LOTS OF POP UPS, and you gotta be prepared. (Most people here hate them, even guys with experience)

I would recommend, Comodo D+ plus the firewall.
Killer combo

 

All the accounts have been set up with Administrator access. I suppose I should change that first. My only concern is that if the laptops have been infected. Not much common sense there as these laptops were set up a while back.

As for Chrome, we seem to be having the same issue with Opera when attempting to access websites using SSL. As for multiple profiles, I believe Firefox does support it. I'll have to investigate.

 

I take it is because they are free. Cool. Will have a look at Comodo D+.

 

I wouldn't go that root, personally. People using the systems would need to have some understanding of what any possible alert is all about. It would be easy getting themselves locked out of their own system.

I'd like to add to my suggestions something I forgot: Microsoft EMET. It's a threats mitigation tool. It has been talked about in this forum. Nothing easier than this.

My rule is that security does not have to be something hard to achieve and to deal with.

 

Good choice!
I would recommend only installing it on your main accounts (Banking etc.)
Not recommended for kids, it would be unusable for them (Since they've to understand all those alerts).

 

You do mention a keyword there, IMO: concern. You're concerned something may have infected the laptops. One thing I can say, and this is just something more than known, you can scan your system(s) with every existing antimalware application and none of them will find everything, hence the most important step is prevention.

This would be something that I would personally do if I had the time and the possibility to do it so: Clean the machines, install Windows 7 fresh, set up standard user accounts.

Obviously, you're the one who has to decide whether or not the the concern is big enough to do such.

But, if I had to access my bank account, and I had concerns about my system being or not infected, that's what I'd do.

I would use something like DBAN, to make a deep format.

Again, I have no intentions of scaring you lol, but you did mention a concern. When I'm dealing with bank accounts scenarios, I don't like to kid around; I always do that to any close relative, whether they like it or not lol, and if they hadn't previously required my help obviously.