Is my setup good enough?

I hope this isnt against the rules, I read the rules and I couldnt classify this as a AvB thread soo... is my setup enough? my setup is in my sig. I was using OA's Hips with avast! but I ran into problems. Its not only me using this computer its my wife to and bless her soul but shes not computer savy at all and since i can't be here 100% of the time a HIPS app. really wouldnt fit on this system. And neither would a app. like Exe Radar either.

 

Imho any anti-exec is needed, but i'd recommend a HIPS. Btw, i run OA free with Avira and never had any problems at all. Maybe you can give Threatfire a test to add a little more security, but i think i've read it's discontinued soon.

As a first line of defense, i'd recommend Sandboxie and/or something like NoScript for Chrome ? (if it's not covered by these web shields you mentioned).

 

Good enough. I'd go with it until or unless you get a bug. I only run MSE w/Windows 7 firewall and zero infections for 3 years. Be sure you turn on all the PUP settings in Avast.

 

If a HIPS and sandboxing isn't feasible for you because of other users in your home, I'd say it's best to use a fully featured AV (like Avast), and enable all the protections/shields (except for the sandbox)... and then just use the integrated Windows Firewall, inbound only. Maybe set up some outbound rules too that won't impede your wife from doing what she needs to do. But if you're not using a HIPS as you say, no need for a 3'rd party solution there at all.

Throw EMET 3.0 in there too since it's unintrusive. I wouldn't set any applications up in it though, that could cause problems. HungryMan posted a recommended safe/stable setup for it, but I don't know where it is. I'd use that if you come across it.

Harden the browser as much as you can without breaking it for your wife. Tell her to at least be careful about what she clicks on/downloads/installs. And keep clean image(s) on hand... you have an adequate integrated imaging solution already. No need for 3'rd party software there either.

And that should be "good enough", as long as you exercise discretion as end users.

 

would winpatrol be a "alright" second option? by alright I mean not be as annoying as a HIPS can be? lol I want something for a secondary thats not a signature based solution but not as Annoying as a HIPS/Exe radar

What I'm really looking for is like a Behavior blocker (not the kind in CFW) that alerts me when something truly malicious is happening but not as chatty as a hips is.

Oh, and it has to be at the price of Free perferably I promised myself to NEVER pay for security.

 

ThreatFire...but it has reached EndofLife status.

 

thats what I mean, would winpatrol be a good alternative?

 

Does WinPatrol throw up alerts? I'm asking because I don't use it.

 

Winpatrol does alert to system changes, a light boarder line Hips IMO and one that requires a user input.Note! No downloads or changes to the system then its pretty quite otherwise scotty will bark.

I Follow luciddream suggestions,Seems that would be the best setup for a wide range of users,from the Novice on up.

 

Yes... and it barks : ) or, at least used to back when I used it, though that was some time ago I can't imagine they took that way (soo cute).

It will alert you to things like browser hijacks (homepage/search engine changed), and new startup entries... that's about it from what I recall.

There is a BB in Avast Free. I think along with all the shields in it that ought to protect you well, unintrusively. EMET also will stop said "truly malicious things", along with Avast, with no user interaction required once you set it up. That's what I'd do in your position.

See if you can't PM Hungry Man and get him to pass along his recommended EMET settings, if you can't find it. Or maybe someone that knows it can chime in...

 

Perhaps this is the one of EMET.http://www.insanitybit.com/2012/07/26/setting-up-emet-3-5-tech-preview-9-2/ From this thread post # 24 https://www.wilderssecurity.com/showthread.php?t=333016&highlight=EMET settings

 

Yes, that's it. Definitely the way I'd set my EMET up if I were using it on a post XP OS. Best compromise of security/stability/performance. You are unlikely to have any issues deploying it that way.

Thought I'd personally recommend version 3.0, not 3.5. As far as I know 3.5 is "not" a final/stable build, unless that has changed?...

I know some people that swear by 2.1 because they say it's lighter and more stable. That and it doesn't force the icon in the quick launch bar on you.

 

If you have family using the computer I would use the following:
- Avast with all shields
- MBAM Pro real time
- K9 Web protection
- EMET 3.5
- Chrome browser (safer for inexperienced users than FF + NS)
And of course make sure to uninstall Java.

 

Yeah I second Chrome being safer out of the box than Firefox (and faster), since the wife probably won't be able to deal with NoScript. Definitely uninstall Java, if it's there. And if you're willing to pay for MBAM Pro, by all means... add it to Avast Free.

 

What is actually "good enough" really depends on your needs -- your level of risk. Do you actually encounter a lot of malware? If so, how does it generally get through; through web exploits, or things that people are downloading?

If you and your wife's browsing habits are pretty conservative and you don't download risky things, then you really don't need as much. The fact that you're asking suggests that you probably don't really encounter malware. In such a case a good AV/IS suite, web filtering/link checking, and ad blocker (like AdBlock) would probably suit your needs. Keep off any browser plugins that you don't need (like Java and Reader), and install updates as soon as possible (Secunia PSI can help here if you want). If your wife can handle a Flash blocker, then use that as well. If you get much spam, then use a spam filter. If you are still not confident with your setup, then use a limited user account and consider a paid AV/IS that does well in the tests; there are some inexpensive deals out there. Most importantly, make sure that anyone using the computer can recognize and understand actions by the security software so that they know when something is going on, can use it properly/effectively, and can't be duped by fake alerts.

This is a security software enthusiast forum, and so we like to check out/play with the apps and try to fill in as many of the cracks as possible and of course you'll get a lot of those kinds of suggestions. The truth is, however, that you don't always need to go all that far to be safe unless you're really at high risk. I.e., you encounter a lot of malware.

Security is about assessing the risk and mitigating it as much as possible given your resources and usability needs. Security is going to be a trade-off with usability, so you have to find the balance that suits your needs. It sounds like you have a high need for usability, and a low need for protection. Things like HIPS can actually make things worse, even in the hands of a relatively advanced user, but at the very least it's not going to do any good for someone that doesn't understand what it is. It can even leave you less protected if everything is configured to Allow. After all, which offers more protection: the Windows Firewall set to Public Network with no exceptions, or Online Armor configured to open every port and allow every action? What does a HIPS offer in an attack when the first few actions were allowed, and the blocked actions triggered the malware's self-defense to the point that it has dug into your system and left it virtually unusable and impossible to clean (while the malware continues to operate)?

 

lol I used Noscript in firefox when I was younger (im still young im only 22 ) but im talking when I was like 18, and no, my wife couldnt deal with noscript that would be a disaster, thanks for the imput im going to take a look at emet.

 

EMET is pretty unobtrusive once you get the settings tweaked, but you should expect some app crashing until then. Crashing may return after software or extension/plugin updates as well. So you may want to be sure that that's not a big issue.

 

I am with luciddream & Dark Shadow. Actually I am using a similar set up in my desktop. Me & the family are cautious during surfing. We have been safe so far.

 

I think if he uses the settings in that link from HungryMan, and doesn't force apps (just apply the system configs), he'll be fine.

 

I understand that modern PC are too powerful but I still think such a set of security apps is pure wasting of resources!

More than one realtime monitor - why?!

If using EMET, you simply could stay with Win built-in firewall (TinyWall makes it more convenient in use) and some web filters. Replace default web-clients (browser, mailer, IM) and PDF-app with alternatives and update Windows, Flash and Java to latest.

As for me, I use K-Meleon browser with AdBlock Plus to surf, AnVir Task Manager to control autostart (and have numerous bells&whistles for control and usability in addition), K9Web Protection for filtering unwanted sites. Foxit Reader instead of Adobe Reader. Some portable e-mail client and IM (there are number of good alternatives).

That's all. No Internet Security, no antivirus, no firewall (moreover - but it isn't recommendation, just my setup - no UAC, no limited user, no EMET) - and no infection for years.

I was using number of different security apps - and some of them for years. But I've abandoned almost all of them. No sense. Just wasting my and CPU time and 'full oversetup'

 

Perhaps you didn't read his entire post, but there are reasons the approach you mentioned isn't feasible to him. If it were most of the replies here would list things like Sandboxie & Shadow Defender instead of fully featured AV's.

 

I'm sharing my PC with my wife too (and moreover - with daughter). My setup was upgraded forcedly - and K9 as added. And that's enough!

All what could be needed - use TinyWall to control applications in terms of internet connectivity.
"I guarantee it!" (c) ;-)

 

When you have a 13 year old teenager installing anything that's on the internet then you may want to get a 2nd realtime monitor.

 

Or, you might want to take control of the situation and start restricting things. Adding one more monitor or realtime app is not fixing the issue. Address the real issues if possible.

Sul.

Edit: that is to say, my 15,13 and 9 year old are not free to do as they please. And there is no need for any realtime anything. You can take control if you desire

 

I guess that depends to what degree of freedom you want them to have. On my side of the fence I want them to have as much flexibility as possible Install and experiment with whatever they want. I think it's a best way to learn computers that way. There is of course different ways to approach the subject.