What is your security setup these days?

You're fine Stijnson. Beautiful setup considering you don't download keygens/cracks or surf porn using Internet Explorer.

Maybe you could use a software firewall other than Windows one, so you can control outbound connections.

Another step up for you is a HIPS or Sandbox program of some kind.

Easy to use would be SandboxIE to protect you from zero day browser exploits.

A more difficult to use but bulletproof HIPS like ProSecurity is the next step after that.

Something that a lot of people don't know about is using a Limited User Account in Windows, and using a program such as sudown (highly recommended by me) to launch any programs that need them with admin rights.

Actually very few programs need admin rights, except on first install, and a Limited User Account has massive security benefits.

So, frankly I'd recommend:
1) Install a basic FW so that if a trojan/keylogger DOES somehow get onto your machine, it can't phone home.

2) Install sudown and run a Limited User Account.

3) Install SandboxIE (extremely easy to use, free and powerful).

4) If you still want more!! Install an uber-powerful HIPS like ProSecurity.

 

I'm far from qualified enough to really make too many comments. But in my personal opinion with your computer habits, I'd say you're doing pretty darn well with your setup. Perhaps maybe changing out AdAware for either SpywareTerminator (for real-time) or SuperAntiSpyware for On-Demand scanning? I recently dropped real-time anti-spyware myself. I'm using ThreatFire (HIPS) and DefenseWall (Sandbox/Virtualization) with Avast! Antivirus and Windows Firewall and I feel pretty good.

Sandbox/Virtualization I believe to be a really good idea (SandBoxIE is a really great place to start testing out this type of technology, so is DefenseWall). With your habits, Firefox with Adblock-Plus and Noscript should do pretty well in keeping spyware off your system and your other programs and router should keep you pretty secure IMHO. Hope I helped!

 

You are missing PREVX or Threatfire... Get rid of AdAware and replace it with the superior (in oh...so many ways) AVG Anti spyware (Still free after 30 days minus a few of the active defenses) Replace the default firewall, I would consider Comodo Firewall Pro (version 2.4.12.184 instead of 3.0 because it's much simpler to use for someone who is uncomfortable with complex configuration) Most specially if you need to customize open ports for miscellaneous reasons. I installed it and removed within half hour. (took too long to configure properly and clients calling I didn't have time to finish tweeking it. not to mention the zillions of bug screen that pop up.... I''ll give it another trial soon when I have more time but right now.. I wont recommend it until i'm comfy with it.

 

@all fellow forum members above: Thanks for all the advice so far.

@Hermescomputers: Isn't ThreatFire considered an AV product and wouldn't interfere with NOD? If not, would you recommend the paid version or is the free version sufficient (I saw on the official site that the Pro version includes on-demand scanning and AV signatures)?
Is ThreatFire easy to set-up or do I need a lot of custom rules, like I've been reading in other threads?

 

Not at all. Threatfire is not an AV. Think of it as a HIPS (I personally call these types of applications process controllers because essentially that's one of the primary tasks they perform and it is perhaps a better description than HIPS.) This being said the Free version is best in this situation. If I remember well you are using NOD32 which is a much better AV than PC tools AV. So paying for it would be a relatively poor decision on the other hand if you do not have an AV then maybe, but I would still consider investigating some of the "higher rated ones" before making a decision.

As for ease of use. Threatfire is hard to beat. The ui is clean and simple and basically fully automatic so configuration is basically unnecessary. In the few instances you may need to customize something it is usually during process detection... Some rare application may need to be put into an ignore list. Also easy to do...

Use it... It's safe and easy!

 

Hello Stephen2_Aus

I am fine with basically everything you wrote, however a "Basic" firewall will do absolutely nothing to protect against key loggers or Trojans for that matter... Infection vectors rarely include breaching the firewall these days...

By definition key loggers are not remote applications trying to connect to your computer and thus trigger the firewall into a defensive response. These application are typically installed by other programs you may have downloaded then activated , They are at that point resident on your computer, and would typically transmit themselves without any interruption through the firewall since the event is initiated within the protected environment and not from outside of it...

The only safeguard against key loggers are highly specialized driver level utilities. Even so most cant even protect adequately against the rather large number of methods one can capture keystrokes...

I would consider Keyscrambler http://www.qfxsoftware.com/ it works with web browsers... (Free)

KeyScrambler defeats keyloggers by encrypting your keystrokes at the keyboard driver level, deep within the operating system. When the encrypted keystrokes reach your browser, KeyScrambler then decrypts them so you see exactly the keys you've typed. Keyloggers can only record the encrypted keys, which are completely indecipherable.

 

Than let's hope that NOD or an AS program captures the keylogger in case it somehow lodges itself on my computer.

EDIT: What I gather from the KeyScrambler website is that the Free version only protects logins on websites (so not personal info on websites or online banking)? The Pro version protects all parts of the browser and all input and personal info (like account numbers) on websites. In this case the purchase of the Pro version is necessary?

 

Reread my post above... I edited the content with a solution for it...

 

LOL. I have editted my previous post as well. Perhaps you could comment on that as well?

 

If you want to protect account numbers, credit card numbers while still have them written down on your computer. I would then consider Roboform. This software keeps those inside encrypted notes. It also keeps track of URL's logon and passwords and it will fill forms with a single click. It is a formidable
tool and a great time saver... Keyscrambler also works with it flawlessly... so they do form a great combination.

You can get roboform here: http://www.roboform.com/php/land.php?affid=her07&frm=frame17

Also if you want my complete advise on how to setup a fully protected environment you could read a few of the security articles on my web site:
Here are some of the topics I try to cover:

1. - Secured Web Browsing
2. - Cyber Self Defence
3. - Anti Exploit Resources

http://www.hermes-computers.ca/

 

I think I misunderstood you. Let me clarify: when I bank online I have to login with a user id and key code on my bank's website. These aren't saved to the computer, nor do I keep any of this kind of information on my computer. The Free version of KeyScrambler would actually protect this kind of login as well?

 

Yes, these are exactly what key loggers are trying to acquire...

 

I downloaded the free version, installed it, rebooted and than tried logging in on my bank's website (where I have to fill in user number and generated key). KeyScrambler stays inactive unfortunately...(yellow icon). Too bad.

 

I would clean up the system first... Look for everything you can find and clean it. Then re-install Keyscrambler and try again.. I would bet a dollar to a donut, something is sitting on your pc that interferes with it...

 

I mailed tech support at QFX software and it seems only the Pro version protects this type of login page (the free version doesn't identify it as a real login page). I'll play with the free version some more and than decide if I'll buy the Pro version (which should protect that page according to the techie). I've downloaded Roboform as well. This can be used alongside KeyScrambler or should they be 'merged' in some way?
Thanks for all your help.

 

Roboform works using a master password so keyscrambler only needs to intercept and encrypt the session when you are inputing the master password as this is the only time actual keystrokes are issued, I am not sure how the transaction takes place between Roboform and Keyscrambler during the automated logon/password process after the master password is unscrambled.... However from a user perspective the process is pretty seamless between both applications...

 

There is an option with Roboform to put the master password in using the mouse
by clicking on a virtual keyboard. Have often wondered if a keylogger could pick up on this. Can also enter a 511 character master password via copy and paste from a memory stick - only physically attached to the pc for the time needed to enter the password. Again I have wondered if this 511 character password remains in memory to be copied. would the free firefox key scrambler help here ?

 

A key logger no.. A remote viewer yes...

 

so running roboform from a memory stick might be safer as presumably a remote viewer would only have the opportunity to "View" while the memory stick was physically connected ?

 

Well... from my point of view I see anything running from a USB stick as inherently insecure... However, encryption between said software and remote site may help... Also keep in mind that loosing that stick and it falling in the hands of "Mr Weekend Hacker" could cost you your passwords and much other possible tidbits if he/she figures out a crack for it... and eventually there is always a crack available for everything... The more secure it is the more of a challenge it is the more likely someone will sweat and toil over it until it is no longer so...

Keeping what needs to be secured within your pc is best as you can use multiple layers for defenses... Also you have full control over everything... but carrying your personal security around will open it up for grab.

 

take your point. It is also a pain having to plug and unplug - which is really why i haven't used it this way. Still trying to figure out a safe and easy way to enter a randomly generated 511 character master password.

 

AntiVirPersonalEditionClassic 7.06
ThreatFire 3.0
Opera 9.50 beta
D-Link 604
WSF 101

Using custom rules

 

Roboform is more than capable to issue you with the 511 or even far greater encryption... no trouble at all.

 

Sorry for my bad sense of humor - I meant I was still looking for a safe and easy way to enter a 511 character password as the master password. It is easy to generate and use for each site but I even find using a 10 character password ( which I can remember) a bit of a pain.

 

Nah... That means typing the monster unit by mental prowess alone! One heck of a character string to remember never mind the typos...
Although I read somewhere that a couple geniuses are out there able to recite pi by heart... (I'll stick to my trusty old calculator thank you!).