Best security setup which doesn't need much interaction?

What would be as good as possible security setup, which needs as little input from a (newbie) user as possible.
Computer is a Vista machine which is behind a NAT router.

Currently there's Avira Premium with Webguard, Boclean, Comodo firewall with D+ disabled, Spywareblaster and KeyScrambler.

D+ or other HIPS are in my opinion almost useless for a newbie user who clicks "ok" what ever happens, because he/she has no better idea. Pretty much the same thing happens with firewall alerts, so I was thinking about ditching Comodo from that setup and just use Vista firewall for these situations.

Is there something else or better for this situation which you would suggest, other than Avira Premium with WebGuard, Boclean, SpywareBlaster, KeyScrambler and Vista Firewall? On-demand there's SuperAntiSpyware, A-Squared and Secunia PSI.

 

Personally out every thing you listed I would keep Avira,key scrambler,vista firewall,SuperAntiSpy for on demand scans and add sanboxie or safespace.I do not feel the need for multiple or triple spyware programs just seems like a overkill a waste of space and resources.just my 2 cents though.

 

Totally agree. Avira and Sandboxie and you really dont need much of anything else.

 

I really wonder what would be the outcome If multiple scanners detected something with In the same time frame,one thing comes to mind for me Is a frozen unoperatable machine.

 

I don't know. I've just read reports that Boclean has catched some malwares which didnt activate any reaction out of Avira. And Boclean is free and updated often, so I don't see the downside..

Sandboxie would be otherwise good, but in this situation it's undesirable that there's still user interaction needed for the sandbox recovery for legitimate files and stuff.

 

I agree, for a newbie Sandboxie will be confusing and eventually cause issues. The current set up is very good plus you're running Vista with UAC and IE in protected mode, so this should work well for a newbie.

The only change I would make, since it's a newbie, is to use the Vista firewall in place of Comodo. Once again back to the point of the newbie just always clicking OK (so what good is Comodo going to do them if they always click OK, plus the Vista firewall is pretty good).

 

Hi,

Against zero-day threats (Boclean) you can also use ThreatFire (free) or Norton Antibot, both are quiet programs.

Instead of Sandboxie you might try GeSWall, the free version is basically configured for web browsers.
GeSWall would be interesting, if you want to turn off Avira's Webguard.

Because of the firewall you can take a look at Online Armor free, disable all HIPS features and activate "Automatically allow trusted programs to access the internet". With this setting you will only see a single popup for every unknown program.

Cheers

 

How about Avira free and Returnil with protection status set always on except during weekly computer maintenance to get av/software updates.

 

Just wonder how a newbie handles the fact that every change in system partition will be gone, meaning My Documents, Desktop etc. You have to be always aware what changes of every program affect system partition and are not permament, and which are permanent when saved to a non-system partition. Could be a bit too complicated for a newbie imo.

 

I think I will check ThreatFire cause I never tested it before.

One thing which is unclear to me is, wheter it's signature based or behaviour based, or both. I thought before it's only behaviour based, but remember reading somewhere that it's infact signature based..

 

Terve!

Just put all important data to the other partition. Of course you can exit shadow mode or use commit now.

EDIT: You should test DefenseWall too. It's so easy to use and protection level is very high.

 

Maybe something like IE-SPYAD if you use Internet Explorer http://www.spywarewarrior.com/uiuc/resource.htm or MVPS Hosts file
http://www.mvps.org/winhelp2002/hosts.htm I use both MVPS and hpHosts file with HostsXpert http://www.funkytoad.com/content/view/13/ to manage/merge the lists. I also use Web of Trust (WOT) with Firefox http://www.mywot.com/

 

ThreatFire would be a great addition to your setup. Per your ThreatFire whitelist question, please see http://www.threatfire.com/faqs/.

Returnil is also a fine addition if you have separate system and data partitions, or are willing to use a Returnil virtual partition for data, and don't need to change your system partition too often (i.e. you don't install programs often, don't change program settings often, etc).

If you don't want firewall alerts, then I agree also to ditch Comodo Firewall.

You can have as many on-demand scanners as you wish on your system. It's probably a good idea to have several anti-spyware on-demand scanners, for greater coverage.

 

As far as I know is Threatfire Free only behaviour based, but it uses a Whitelist and a Blacklist.
The Blacklist is a database of known threats, the alert prompt for such known threats is red, for unknown threats yellow and for Adware grey.
Only Threatfire Pro uses an signature based AV engine.

Cheers

 

DefenseWall, absolutely the easiests HIPS, combine it with Vista LUA (in quiete mode at the minimum, see TweakUAC), free VistafireWall control and with Avira you will secured all the way.

Job done

 

Windows Firewall + Threatfire + BOClean
no antivirus no antispyware no hips no sandboxes

 

00000,

Policy containment or rights/authorisation management is with antivirus the easiest and straightforward form of protection (lua or soft sandbox)

Next easiest to uses are threat mitigation (staying ot out dangeroous places), e.g. linkscanner, AVG webshield, HauteSecure and other block list programs, with some form of hardening against threats.

ThreaftFire is behavior based, behavior based HIPS are the next easiest to use HIPS (TF, Norton Antibot, PRSC, Mamutu)

 

I removed Antivir and Avast and installed BOclean faster and easiest no usage required

 

I have been using Online Armor with AV+ (the Kaspersky anti-virus engine included with the OA firewall and HIPS) for about two months, and I am very pleased with it. Before that I used OA full (firewall and HIPS) without the AV+ module, but with my nod32 antivirus (which, of course, I do not use with AV+). I find the OA AV+ suite delivers what I need, and it runs lighter, my computer runs quicker, downloads are faster, browsing is better. There are some pop-ups whenever opening or installing new things, but that is common with all HIPS; that's what they do: check with you to see if what you are about to install or run for the first time is what you really want to do.

It's true I ran my nod32 with very tight filtering; I had used Blackspear's settings, which seemed as protective as possible, maxing out the capabilities of nod32. I think this then slowed my system down a bit; not a lot but more than if the settings had been less restrictive or all-encompassing.

With OA AV+ I feel I have the protection I need in as light a package as possible. I do not surf the underbelly of the web; I use primarily Firefox with NoScript, and I have not had any serious infections for many years.

Hope this helps.

SamSpade

|||