A different approach in security.

Discussion in 'other anti-malware software' started by Konata Izumi, Mar 25, 2010.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    this is not a tutorial, not an article... i want to ask for your suggestion.

    I want to have a different approach in securing my pc...
    since I think I am experienced in surfing the web... I don't think I need an antivirus. (I don't want antivirus it slows my system down.)

    my current security programs:
    PrevX SafeOnline FREE
    Firewall (finding one at the moment. maybe OnlineArmor FREE)
    Virtualization (Returnil FREE / Deepfreeze)

    my virtualization software virtualizes only my system drive (C:/)

    my problem is how can I defend my other drives (not virtualized) from malware that comes thru USB and CD-ROM?

    of course without the help of antivirus... maybe something that blocks autorun?

    or how about a software that protects my un-virtualized non-system harddrives from getting infected by USB/CDs?



    It's been how many years and I only get malware thru my friends USB sticks....... thats how I came up with this IDEA.
    less bloat and just the right security for me.
     
    Last edited: Mar 25, 2010
  2. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Shadow Defender allows you to virtualise other drives, including your external drives. Quite a few people here use it.
    www.shadowdefender.com
     
  3. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    one word - I M A G E
     
  4. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Welcome to the dark side my young apprentice..

    Your journey to the dark side will be complete when you cease to care about what 'might' get out of your system, and thus en"light"en yourself by forever forgetting about hips and application firewalls.

    You must trust your insticts, how to setup your system, what programs to use, what to watch for. Let go of your feelings.. for your OS, and embrace the rollback/imaging that comes from within.

    Only when you do not fear... will you not fear.

    Seriously though, only you can be the judge of whether your habits are squeeky clean enough to offer you the protection you desire. I would say rollback/imaging is your best friend, followed by a thorough understanding of what your OS provides to help you in the solution.

    Apps like Shadow Defender are great, and I would also add Sandboxie to that list. Everyone knows about alternative browsers, and using an online virus scanner if you are not sure about something. If you are LUA (skip that, LUA is ambiguous, lets just say if you are only a USER) then much is already satisfactory. If however you are Admin, it takes more thought on what you do and where your weak spots might be. I personally like to use tools like DropMyRights (or whatever variant of that you like) to start "questionable" items in.

    Virtualization is the ultimate in most of these cases where you run 'naked', but not mandatory.

    A well laid out plan to complement your knowledge (think disaster recovery) is really all you need.

    AFAIK most things a knowledgable user will come up against (malware etc) will not normally attack other drives, but seek to claim your keys/codes/passwords or simply cause havoc in the OS one way or another. I use Panda USB vaccine (or some form thereof) to make sure flash drives don't do anything 'nasty', but I don't worry about my other drives.

    I personally take the road that says, "if data you don't want to lose is only on a hdd, consider it lost already". I place my data on optical or flash that I cannot lose. Hdds fail/corrupt, even in a machine that is exposed to nothing. Not where I want to have my important stuff sitting. Mitigation, mitigation, mitigation, always mitigation...

    But then, the mitichlorian count in some is not as high as others, so you must take your own path ;)

    May the force be with you...

    Sul.
     
  5. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    I've gone a different but similar way recently.

    I'm trying geswall and have ZA Forcefield running. I've also got Panda Cloud and MBAM. So far, after a week of hopping around to different sites, I'm not sure I need MBAM (free on demand only) or Panda.

    Twice, on what used to be absolutely safe forums that I've visited for years, I've gotten hit by a couple of variations of Antispyware Vista and that rogue antivirus. Neither got to my HD. Panda never did a thing and MBAM is the free version. Nothing got through anyway.

    I'll probably keep MBAM but not sure Panda is worth the effort. It never registered anything when the pests started.
     
  6. wat0114

    wat0114 Guest

    Forgot where I read it, but a good site on how to properly backup your data stated: back up to two separate physical locations. IMO they can be h/drives optical, USB, or a mix, doesn't really matter. If one fails (good chance) you have the other one as a safety net (slim to none chance of them both failing simultaneously). Also, just disable autorun for USB and optical media to address your concern with them.
     
  7. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    LMAO Sul.. but I've taken every bit of your word into my soul. :-*

    #1 Question: How do I run that LUA thing? Do I just simply create a limited user account in Windows XP and log on to that?
    If not, can somebody give me a very humane tutorial :)

    I'm a poor kid. I only have 2 internal HDD... too poor to even buy discs. yes.
    #2 Question: any solution? I don't want to lose data from my secondary drive.. which I also prefer not to Virtualize because I am transferring lots of file there every now and then.


    #3 I also got the feeling that IE is somewhat safer than any other popular browsers. (Firefox,Chrome,Opera)... I can't debate on that though.
     
    Last edited: Mar 26, 2010
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I'll let Sully answer your questions young Jedi, but I'd recommend Chrome based on discussions here recently which reveal Chrome in a basic sense, much more secure. See here and here.

    Also, by running the WOT extension, I've noticed only recently, I must be slow or something, but many many malicious sites are being blocked automatically by WOT, as people are reporting malicious links as soon as they go live on the popular malware testing sites and forums (I've been busy reporting them as well, feel like I'm doing my two cents worth for society). See extension for chrome here.
     
  9. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I use Returnil to virtualize my "C" drive and Defensewall to protect my "D" drive. Simple and effective.
     
  10. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Depending on what you read, LUA is described differently, but basically it means you are logged in as a member of the Users group. M$ has predefined this group to be able to modify etc only certain areas, such as thier own profile. System areas are off limits. One needs only to create what is called a "standard user", or more easily understood, you create an account that only has membership in the Users group.

    Then, yes, you just log into that account. As a User, you must now either log into an Admin account to install/change things, or you can use the "secondary logon" feature. This feature allows you to start something AS the admin, without logging off from the User account. You will see RunAs if you right click things. In Vista/7 you have the RunAsAdministrator instead typically. Programs like SuRun (and others) are designed to help you log in as a User, but more efficiently do things AS an admin.


    If you cannot buy optical media, then I presume flash drives are also out of the question. There is not much you can do really with your data other than keep it on hdd. Optical is the cheapest route IMO. You might look at simply creating a gmail account, which has ample storage for documents, pictures, etc. There are other websites that are storage houses that allow you to upload larger items. I don't imagine there is much more certainty there, as you never know when someplace like that might go offline.

    Another option, and one I do employ, is using Raid 1 with two hdds. You do lose the space, but you gain the data on both disks (mirrored). This way you would have to lose both drives for absolute loss.

    You might look at finding some older tape drives. Second had stores, pawn shops, ebay, etc, usually have older ones very cheap. The media is magnetic, but offers decent storage life if kept in a safe environment.


    IMHO this is not an issue of which is "more safe", but an issue of how safe you are WITH them. Any browser can be safe in the right hands.

    Sul.
     
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    A combination of virtualisation and policy restriction is a good way to go. You already have system partition virtualisation applications so you're covered there.

    Policy restriction applications that you could consider adding are: AppGuard, DefenseWall, and GeSWall. Any of these can protect against USB/CD-ROM autoruns and a whole lot more besides. They can also help to secure sensitive data held on the hard disk against unauthorised access.

    Sandboxie for web browsing is a good idea. One of the biggest strengths of Sandboxie is that it combines virtualisation and policy restriction features within a single program. Sandboxie works on a per application basis though, whereas the policy restriction applications mentioned above provide system-wide protection.

    You didn't say whether you have a 32-bit or 64-bit system. At present, AppGuard, DefenseWall, and GeSWall are only available for 32-bit systems, but 64-bit versions of AppGuard and GeSWall are planned and should become available soon.
     
  12. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Windows Skydrive offers 25gb for free. Can't argue with that. I've used it before, and it's a definite option for you Konata.

    I don't see Microsoft pulling the plug on this anytime soon, it's been around for quite awhile.

    http://skydrive.live.com/
     
  13. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    I'm now running under SuRun and i think I'm getting used to it.
    looks like SuRun pretty much cover everything...

    together with the ff:
    PrevX SafeOnline Facebook Edition FREE (antikeylog/heuristic malware detection only)
    Panda USB Vaccine (will take care of the autoruns)
    Peerblock for my P2P habits.
    Windows XP Firewall. (ah. can't pick a free firewall yet)
    Privoxy (adblocker)
    Deepfreeze (for system virtualization)
    Macrium Reflect Free for disk image backup.
    Chrome for browsing (I picked it coz its light on resources)

    Q: I think I dont need sandboxing software (ie. sanboxie,GW,DW,Bufferzone etc.) anymore right?


    I'm thinking of having Avast (file shield on, with on-execution scan only. Based on Kees tutorial "Making Avast lowest OVERHEAD AV Available")
    https://www.wilderssecurity.com/showthread.php?t=263940

    and this Avast feature looks just right for me. http://i42.tinypic.com/5lx8nn.jpg

    Q: Did I missed something?

    One last thing... I need a very light firewall-like protection without HIPS, coz I'm sharing this computer with my cousins and they don't know how to answer the prompts.
     
    Last edited: Mar 26, 2010
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dear Konata Izumi,

    Master Sully-San has spoken, he has. You will get the puzzle Sully-san pictures. Allow me to help you with some pieces of the freedom om mind puzzle.

    1 Reducing the attack surface
    I understand you are on XP. First thing is to find out what level of surface reduction you are comfertable with, in terms of daily operations.

    1a) Breaking the LUA box with password encyption Run As Admin
    For this you will need a freebie like Steel Run as (1.2 is freeware) http://www.freewarefiles.com/Steel-Run-As_program_26832.html
    What is does: it creates an executable (sort of short link) with encrypted Admin password and CRC hash of program to run with elevated credentials. It offers to add an ico (icon) file to overwrite the steel run as icon.

    For visual purposes I use the freebie icofx ( http://icofx.ro/ ) to extract tyhe original icon of the target application and use the created ico file with Steel when it generates the executable.

    Advantage: user and admin profile are kept seperate. Steel uses existing Run-As mechanismens, no big infringement of your system


    1b) Shrinkwarappping the Admin box
    For this you will need Surun, of which Mrkvonic has an excellent tutorial. Surin works the other way around, it even has UAC like antenna's to intercept elevation requests of programs needing Admin right in XP

    Advantage: Elevated LUA and LUA user are using the same profile. This way you never need to log-in to your admin account to move a program icon from the Admin programs menu to the All users program menu.


    2) Using Software Restriction Policies/ACL
    Download PGS (of Sully) for SRP in XP and Download FajoXPSE to get the Vista/Windows7 security tab and set access rights to on files/folders. With regedit you can set access rights to registry.

    Have a read on the web, I have to go (rugby training with my Son)

    Cheers
     
  15. Lebowsky

    Lebowsky Registered Member

    Joined:
    Dec 3, 2004
    Posts:
    161
    I have just the right software for you, i have used it for over a year, and used it to actually clean infected USB's, while all the time my laptop would remain safe and virus free.
    So, i would insert the pendrives into my laptop, knowing fully well that they had autorun.inf folders which would execute viruses immediately.
    lol, this software caught, qurantined and deleted every one of those viruses, all the while my laptop remained untouched, because this software itself created autorun.inf folders in all the drives, and makes these folders undeleteable.
    This software impressed my friends so much, they bought it, or searched online for illegally cracked copies of it.
    IT WORKS!
    The name of this software is USB Disk Security, and its a real life-saver.
    http://www.zbshareware.com/download.html
    http://chisinau.ch/_ld/69/41578273.jpg
    http://fr.brothersoft.com/screenshots/src/342/04419342.4e6f8c8c5fcfa7bb3ed3d2b93d8183cb.jpg
     
  16. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Today I had a frightening experience. Nice whether, sunday rugby play with my son. He is a flanker,I am the old number 8. After a line out an opponent did not receive the ball correctly. I went in but got knocked over. Laying on the ground i could not move my right arm and did not feel my feet. After 5 hours in a neck brace, a CT and MRI scan the feeling came back. I am writing this from the hospital. Maybe I will need an operation to widen a neck vertibrae.

    I was so happy to walk with stiff legs of a 70 year old outsidre and smoke a sigarette with my wife. Love and health are two things you take for granted. I am not recovering to the full 100 percent, no more motor racing, no more rugby, but I can walk and feel you know what. Guess what: I am happy and very thankfull.

    take care

    Note: I promised myself to stop smoking also.
     
  17. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    OMG!

    We wish you well, Kees
     
  18. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I shall faithfully keep you in my prayers.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    As to the topic of this thread "A different approach in security") . . .

    Do you want merely a "different" approach"? Or do you want the "best approach"? In any event, I shall provide the latter...

    Real-time: Malware Defender, Prevx-free, SPI/NAT-capable router

    Fail-safe: 2X weekly images using ImageForDos
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I definitely have the answers, provided that no one asks me any questions. :shifty:
     
  19. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Life is very fragile. Alot of people take that for granted. Good luck in your recovery.
     
  20. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293

    Glad to hear your on the mend :thumb: Far as quiting smoking,it's a good thing to do also :thumb:
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Hoping you are OK Kees. :)

    Damn smoking, got hypnotized last week and still smoking here. :mad:
     
  22. MICRO

    MICRO Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    1,020
    Accidents and milli-seconds, dreadful experience you copped Kees, hope the
    improve continues enough for you to bypass the need for any Op.
    Must have been terribly frightening for your son.

    To you and Franklin I say for 30 years I was under stress in my business
    and chain smoking to such an extent that some of the guys would tell
    me I had 3 cigs going at once, two in ashtrays and one in my lips.

    Then one day 18 years ago I pulled the last packet of two cartons I kept under my car seat at all times and said to the packet,
    'When you are gone you little C there will be no more of you ruling my daily life'.
    I smoked the packet, screwed it up, and that was the end for them and forever since, pangs for 3 months but then easy - The worst part, self inflicted,
    and 10 years later the onset of the worst Emphysema imaginable, $175 per month for medication and the knowledge that it is killing me much sooner than later.

    Kind Regards.
     
  23. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    Kees,
    Never give up.
    I'm praying for you.
    Hugger
     
  24. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    get better kees:thumb:
     
  25. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    omg!

    kees get well soon!
    and please stop smoking... ><
    my mom's condition is really baaaad because of smoking.
     
Loading...
Thread Status:
Not open for further replies.