Suggestions to improve my security setup

Hi!

I am currently looking into beefing up my computer's current security setup, and I'm thinking of adding something in the area of HIPS/virtualisation to deal with 'zero-day' threats etc. I've heard positive things about both Cyberhawk and Sandboxie, but also that they can cause conflicts on some computers. Anyway, for what its worth here's what I currently have installed:

Anti-virus and firewall:

NIS 2005 (although I want to replace this with free alternatives when subscription expires)

Anti-spyware:

Spybot (SD Helper, Immunise, HOSTS file, TeaTimer all active)
Ad-Aware 2007 (on demand)
Spywareblaster
IE-Spyad

Anti-trojan:

AVG Anti-Spyware (on demand)
A-squared (on demand)
BOClean

Anti-rootkit:

F-Secure Blacklight
Panda Anti-rootkit
AVG anti-rootkit

Other:

CCleaner
Tweaknow RegCleaner

Any suggestions gratefully received!

 

1. When you replace NIS you could try Avira or AOL AVS for antivirus and then Comodo for firewall.

2. Get rid of Spybot and Ad-aware. Your anti-trojan apps are sufficient.

3a. Theres various HIPS to try such as Online Armor, ProSecurity, EQSecure, Prevx2, Neoava Guard etc. Prevx2 and Online Armor would be good choices if you want something easier. The others tend to have more pop-ups.

3b. As for virtualization, you can try geswall, sandboxie, or defencewall if you just want to virtualize individual apps such as browsers. And theres also Returnil which virtualizes your system iirc.

 

Here are some other freeware programs.
Antivirus-Avast Home.
Antispyware-SUPERAntispyware.

I have Spyware Blaster and that is a keeper IMO.
Same with Comodo Firewall.

I agree with WSFuser "2. Get rid of Spybot and Ad-aware. Your anti-trojan apps are sufficient."

 

Thanks for the suggestions so far. I've been hanging on to Spybot and Ad-Aware almost out of habit I suppose, although I've been aware for some time of their ever-decreasing returns in detection rates etc. I was considering keeping Spybot for its HOSTS and TeaTimer (I don't actually need the SD Helper at all, as I always browse with Firefox), but on the other hand TeaTimer does seem to have been superseded by the plethora of HIPS programs that now do everything TeaTimer did and much more besides.

WSFuser: how user-friendly are the HIPS you mention? While I'm not a novice I wouldn't call myself a computer expert either. One reason why I had been considering Cyberhawk was because I'd heard it was the easiest to use - if this isn't the case then I'll happily look at something else. Ditto for Comodo - isn't it supposed to be quite demanding in terms of pop-ups etc?

 

How about going with a nice sandbox instead? Sandboxie or DefenseWall (paid) are simple free and paid options respectively.

What type of threats are you most worried about anyway? What are your computer usage behavior like? How valuable is the information on your system?

There are zero day threats out there, but most people will probably encounter them while surfing the net, or maybe with IM, email, P2P etc.

Sandboxing these apps will not stop the zero day per se from happening, but it should (in theory anyway) prevent them from hurting you when it starts to do its dirty work.

Detecting zero days directly is hard, but linkscanner pro proactively looks for zero day exploits through honeypots and creates "signatures" to detect them. That's the marketing anyway, who knows really if they protect users beyond what is already publicly announced (but not patched yet).

Honestly I wouldn't go with one of those fancy HIPS, they do way too much stuff anyway that ordinary users like you and me barely understand.

Might be worthwhile though to get something basic that just does process execution, warning you of new processes starting. It's a bit "noisy" but fairly easy to understand , at least once you figured out what windows processes are. If you can tolerate that, it should give you some additional protection beyond just loading up on signature scanners or relying on cyberhawk's guessing.

 

Cyberhawk was very easy to use and protects well without any tweaking, although someone with some expertise can make additional rules for more protection. Prevx is also very easy to use and you can even make a few changes without being an expert, but these are just minor changes that are more like preferences to how many and what kind of alerts you want. The free version that Cyberhawk will turn into after 15 day should do you well for a HIPS program, and it runs well with Comodo Firewall, Avast Home, Avira PE, AVS, and of course AVG Free.

 

Prevx2 (in ABC mode) is very quiet and easy to use like Cyberhawk. OA is fairly easy to use as well.

Plus OA version 2 now has a firewall; just something to consider since you plan to get rid of NIS.

Comodo can be configured to be quieter (although at the cost of security). The majority of the pop-ups are caused by its anti-leak features (called Application Behavior Analyzer) so disabling it will cut down on the pop-ups.

 

Thanks again everybody for the input - plenty of food for thought! I'll definitely give Comodo a go for my replacement firewall when the time comes (everyone seems v. positive about it), and maybe see how I get on with Sandboxie. I'll probably cut down on the number of scanners I've got as well - isn't it easy to accumulate them these days, especially now that more and more of them are free? As long as I've got something that keeps my computer clean but doesn't require a degree in computer science to understand I'm happy at the end of the day!

 

Hello,
Since you use Firefox, most of the security is really pretty much redundant regarding everyday web experience. Choose any anti-virus and firewall you find most convenient and enjoy.
Mrk