Simple firewall + Threatfire enough?

I don't see a problem with ThreatFire and windows firewall for an 'intelligent' user.

That is, someone who is content with paying for programs, only downloading free programs from trusted sources ( eg. www.portableapps.com ), and visits forums like wilders, watches the odd video on youtube.com etc.

I think it all depends on the user.

 

I couldn't agree more - it most certainly depends as much on the user as on the security tools one is using.

With Threatfire, one can add a simple rule for monitoring/trapping "untrusted" processes that are listening for (i.e. monitoring) network connections. This, coupled with the default rule for controlling actual network connections, will essentially create an application/process permission control and monitoring system - not perfectly, but then again, IMHO, one is dealing with issues of "probability" not "possibility". Thus, making an outbound firewall somewhat redundant....depending on your tolerance of risk aversion...

From the perspective of "lightweight" and small "footprint", one cannot get much lighter than TF + Windows Firewall and still maintain a competent security perimeter against the most "probable" attacks.

It is worth noting that this is an approach that is more skewed toward "prevention" and "detection" - and, that adequate "removal" tools should still be "onboard". But, again IMHO, such tools do not need to be real-time tools that are degrading the everyday system performance. Further, one should employ a simple drive/partition imaging tool - such as Drive Snapshot - and maintain a clean up to date image before engaging in, shall we say, dubious activities...

galileo

 

Add the registry startup protection mentioned here https://www.wilderssecurity.com/showthread.php?t=235984

Also add a rule to warn you when IE is executed, allow Explorer. This way you will get notified when IE is spawned also.

 

@Kees

Yes indeed - there has been an ongoing discussion over in the TF forum (both online and offline with Daniel) regarding other default or inbuilt rules. I have seen you over there as well discussing the same and similar topics regarding TF's "rules".

One of the issues surrounding additional and generally more sophisticated rules, is that the average user is somewhat intimidated by the potential entry of many registry keys and/or folder/file paths. And, more importantly, is likely to make either errors of omission or errors of entry due to the more complex rule strings. Either will likely result in not achieving the security intended by the rules or creating a malfuntioning system. Hence, and I believe that you would agree......the average user will be intimidated into simply not building the rules or not using the product. There has been considerable commentary over there regarding import/export capability for the rules - which would/could address the issue of adding more rules and in particular more sophisticated rules. Hopefully the devs will address that sooner rather than later.

Like everything surrounding security issues, probability, IMHO, should be the driver for what and how sophisticated one employs security software. If one "believes" - and that is the issue - that the "prevention" capability of a given tool is adequate, at least for one's risk tolerance, then one could make the case that rules regarding system changes are not necessary - because - the prevention capability will block any malware activity from initially occurring and thus, installing anything that would change the system. That is a philosophy that perhaps requires "kryptonite cahones" but, nonetheless can be benchmarked on an ongoing basis in terms of performance and adequacy.

If one truly wants to breach a typical system, it is always "possible". However, if one has reasonable security measures in place, even if they are minimal, and an up-to-date patched system, then the "probability" of a transient breach is quite low. As can be evidenced by the relatively few true transient malware events that are observed in this forum across the many differing types of anti-malware tools that are investigated and tested here. Even among the Wilders' "veterans", breaching a typical system generally requires forcing a piece of malware (usually from warez sources) upon a given security tool rather than casual browsing or legitimate downloading.

Philosophically, if one is approaching security "for" the typical user, the choice of tools must be simple and must avoid complex warnings for which the typical user will have no real guidance as to what or why to take a particular action. No matter how tight a security perimeter one can create, one must return to the average user's perspective and ask if such a system can be maintained or even used adequately...much less understood.

For the opening post in this thread, IMHO, "yep" the simple firewall and TF (with some rule additions) are adequate for you given that you are not visiting "these"......or "those"......sites...

galileo