Setting up a secure environment

Completely safe to download it from Major Geeks

 

I don't seem to be able to find the chart on Malwarebytes site that is comparing Free VS Paid, I guess they have removed it

 

Hi, My suggestion is:

Base:

Admin account password Protected
One Standart Account for Banking
One Standart Account for You/Wife (common Web Browsing)
One Standart Account for Kids
UAC at Max

For Free:

Prevx Safeonline Facebook (You can use the Safeonline to protect online banking and the free scanner to audit what you have in the computer with the cloud - Each scanned file have a flag - G,GP,U...- So you can see if for example, you system files are G/GP ---> Originals and Whitelisted).

Returnil Free - With Password protect, to drop changes and to deny execution of new files - You can enable virtualization for the system when web browsing and for your kids - With the option to already boot Windows virtualized.

For AV, Keep Avast (When version 6 come out of beta will be a very complete solution) or use Avira - This is really a question of taste. Remembering that you can use one as real-time protection and the other as on demand without problems (And shedule updates/scans with the two without problems.)

There is Malwarebytes, Hitman Pro and Emsisoft Emergency Kit too for on demand scanners. All nice solutions. Again question of Taste.

Macrium reflect free for backups (there is Paragon free and Clonezilla as options).

For paid setup, Base + Defensewall + Prevx Safe online Paid. Security by isolation with different standart accounts + Defensewall isolating and containing untrusted softwares (without any need of manual configuration) + Prevx safeonline to scan/Clean and Protect online banking. A free backup software and that's it.

 

Thanks. I take it the antivirus and anti-malware software should be installed at the Administrator level. Also do applications such as MBAM help protect against trojans and key loggers, etc? If they do not which applications do?

 

for the most trojans MBAM will successfull remove but in order to stop them getting installed at the first place you need some kinda HIPS ..you can try spyshelter free or even theres a current giveaway of Zemana antilogger

 

Remember he wants a simple setup
So probably HIPS are not suited for his needs

 

but at the same time I thought security was the main concern

 

In the setup I suggested, malwarebytes is the free version, so it not help you in realtime, but you can use to scan files Before execute.
In the free setup, against keylogger you have safeonline (browser only) and Returnil (if you have sure your PC is already clean) because after enable protection as I suggested it will deny execution to all new files created AFTER you enable the virtualization. So, let's say, if your kids are browsing the web and got hit by a drive-by, how it's not present in the true System, Returnil will deny execution and after restart/shutdown, the "leftovers" are gone.

In the paid one, Defensewall and Safeonline will cover you against most keylog techniques, and for what i know, the 2 are full compatible.

As mentioned, there is a giveaway for Zemana Antilogger, which is a nice product too (in x86 Windows), but will give some prompts I think as Spyshelter.

Another option to add to the setup is change your DNS client to Clearcloud or Norton DNS, which will add another layer for free and without use resources to filter bad sites.

Which version of windows 7 are you using? Depending of the Windows version, you can use Local Policies to restrict some things, or you can PM Sully/Kees and ask for suggestions in how "Pretty Good Security" or SAFE-ADMIN can play here.

Hope this helps.

 

Thanks Kernelwars. I just ran MBAM and MSE and got a clean bill of health. I have AVAST running on access and regularly scan the laptops. So would you recommend anything else?

True, I do want a simple setup but wouldn't mind learning about securing and hardening the systems further.

Thanks S23. I have been reading http://www.mechbgon.com/build/security2.html so will look at some local policies to restrict the systems. Will change the DNS clients to point to ClearCloud as soon as I post this message.

 

You can try a HIPS if you want (That's how i learnt a year ago, i knew NOTHING about HIPS, firewalls, av's etc.)

At the beginning it might look confusing but it's easy once you get it. (You just might be annoyed by the amount of pop ups depending on what you install )