A Simpler Security Set Up

Many people on Wilders including myself use a slightly excessive security set up which would probably drive most regular computer users mad. What I want to know is that is if you were to recommend a security set up for a non tech person (or say you wanted to simplify your own set up), what do you think you would recommend and think they'd be generally safe with?

I'd probably say: MSE, Windows in built firewall, Sandboxie free and Ad Muncher (ABP if they weren't willing to pay).

Edit: Oh and MBAM on demand.

Second Edit: The idea of helping a non tech savvy person isn't really working so maybe people could post what they'd feel comfortable reducing their own security to and still feeling safe.

 

Appguard and you're done!

 

Add SRP and it's good enough for most people. Personally though, I don't consider Sandboxie to be user friendly for non tech savvy people. DefenseWall fits better if the user is on 32bit. Or change their browser to a chromium-based which has a built-in sandbox.

 

I probably wasn't clear enough in my first post but I meant both whether you were thinking of a non tech savvy person or if you wanted to simplify your own set up.

 

Recommend a security setup for a non-tech? I don't bother. I've also stopped trying to teach or explain anything. Even the bare basics. Mostly it falls on deaf ears and it's just a waste of time.

At most, I just make sure the browser (whichever one they prefer...I can't force it upon them) to have some sort of ad-blocking. In addition, if they really want it (which most do), just throw in an AV for familiarity and convenience. Windows Update set to Auto.

NO AE, SRP/Applocker, HIPS, Policy-based programs, Sandboxing, Light Virtualization, Instant System Restore, alternative DNS servers, Hosts file blocking, etc etc. Too much for the average Joe and Jane that I know of. Sounds unbelievable? I'm living in a strange part of the world I guess.

 

I hear what you're saying Safeguy. I installed ABP on a relatives computer and he removed after while saying it was slowing down his computer

If you were to simplify or reduce your own set up, what would you leave yourself with?

 

Thats exactly what I have my friends use when they listen but without the ad blocker. Some people might think that Sandboxie is too difficult for first time users but I know is not so as long as the new user knows how to recover files and how Sandboxie and the AV interacts with each other. Other than that, setting the sandbox to delete on closing and setting bookmarks to be saved out of the sandbox is all thats required. I like MSE because it doesnt kill computers with bad updates as all other antiviruses do sometimes and I usually find it working, not disabled as I have found other antiviruses when they are not taken care of.

Bo

 

I know you are asking Safeguy but I ll tell you about my setup. I use Sandboxie and NoScript. For me, thats proved to be plenty security but I dont share my computers with anyone, not even the wife and my system is static, I dont add new programs. Also, I sandbox all programs and files that I run in my computers. Doing it like that has been great as I dont get infected and dont have to update or upgrade´programs all the time.

Bo

 

Bo, I'm very happy to hear about your set up. I know from other posts that you get massive value from SBIE and use it to pretty much its highest potential. What I am interested in is how you use Firefox and seperate general surfing with things that involve your finances.

 

I would also install MSE and ensure Windows Updates/Firewall are switched on and automatic.

MSE's detection rates leave a lot to be desired, and though I would expect this setup to eventually fail, it's possibly the only compromise between 'invisible, newbie-friendly' and offering at least some level of protection. This is mostly owing to MSE's pretty much 'set and forget' philosophy.

 

I avoid as much as I can using computers for banking, I prefer to do things the old fashion way of going there in person, sending someone else or using the phone. If I have to use the PC, then I ll do it on a fresh browsing session, getting in and getting out immediately after finishing up. Using a credit card don't worry me as they have a limit.

If I was doing banking everyday using a computer and Firefox, I ll probably would do the same as above but would do it in a separate sandbox where only Firefox was allowed to connect and run. Perhaps using a different profile without addons.

Bo

 

Any basic AV like MSE or Avira free.

OS built-in security.

 

Not meant contrarian but I'd say most important is easy recovery and thus a separate user-data partition.
Having an image of the separate 'OS & programs' partition, allows for easy reinstall/reimaging within a 15-30 minutes time frame.
Guaranteed clean and often faster than an AV scan of the full drive.
And +1 on SBIE and Noscript for those willing to learn.

Like mentioned by safeguy, lots of non-tech folks won't or can't use security programs, for all those I'd set imaging as a requirement before agreeing to upkeep a friends/relative computer.

 

I separate system and data partitions, use an imaging program for quick disaster recovery and a limited user account as the basis of my security. I tweak file permissions and policy settings a bit to make the limited user account a bit more limited but not nearly as limited as the user accounts in the computers in a public library. I only log onto the administrator account for maintenance and to install software. To this is added a firewall and antivirus and a couple of adblockers. That's about it for security software.

The greatest source of my security is myself, the user. I carefully vet software before it is installed and used regularly, first in a virtual machine and then in a spare PC. I just tested ten or so programs. Only two made the grade. The best software in the world can't compensate for a careless and ignorant user.

 

For the average Joe ?

Unless they are willing to accept a static system, a suite.

Plus imaging if they are able and willing to learn.

They have to learn how to use the internet. There is no substitute for that, unless they don't have admin/sys access.

The MVPS hosts file will block a lot of junk. It never caused me any kind of problem.

The average user probably cannot be safe on the internet. Solution: do not connect machine to the internet.

A router may provide a basic firewall, but sometimes that's more of a burden than a solution (e.g. backdoored routers, routers that can be accessed from the internet/receive unwanted firmware updates (Cisco)).

All I need is a good firewall.

 

I don't have any reason to simplify mine, that may be more work in itself.

As for others, I try to educate them and focus on (real-time/on-demand/online) scanners, browser (extensions, settings), and a bit of system (updates, backup, blacklists) Won't push them beyond their understanding though.

 

I feel adequately protected with Windows firewall, 360 Internet Security, UAC turned off, and MBAM for very occasional on demand quick scans.

I am using 360 Internet Security simply because I have found it to be exceptionally light - unlike most so called light security software, but this could be replaced with any security software really.

For others, I would recommend leaving UAC enabled. I am all for not having an excessive security setup - I like to keep things simple.

 

I wonder at times with my own security set up whether I think I'm more secure by giving myself more work or making things more difficult for myself.

 

Well I would say that you are more secure, but also giving yourself more work and making things more difficult.

My own security setup is somewhat lacking, and is far from ideal. But, I'm happy with it because it requires minimal user input. 360 Internet Security does monitor some system changes, and will prompt to deny or allow them, but this does not happen enough to be an annoyance. Also it always is extremely light - not mostly light - but light 100% of the time - I never causes any slowdowns.

I could add to my security setup to give me more security, but I really like a security setup which requires as little user interaction as possible. I have lots of experience with dealing with infections, so in the very rare cases something gets through, I know I will be able to deal with it quickly. Maybe I'm too trusting, but once I clean up from an infection, I presume my system is clean, rather than some people who feel the need to do a clean install or restore from an image when they get infected to be sure their system is completely clean.

 

Hahaha, I think most of us here ever had that feeling at some point. At first we just used a free AV, but after reading lots of horror stories then we started to bloat the PC with more tools, often with paid products into the mix. After some time then we got tired to maintain all of these and questioned ourselves: are these all necessary? Then we ended in trimming our security setup to minimum and just using one or two tools that we deem as the most effective.

After tried so many setups, I can see the value of system drive imaging in your arsenal.

 

Windows Hardening as the pizza base. Everything else is just toppings.

 

Roger_m, I've got a friend that uses 360 and that's all he's ever used. He can't understand my obsession with security and thinks that if he ever has a problem with his pc he can just restore from a back up.

GrafZepp, I think I'm going in a similar direction myself to see what I can get rid of and still be quite solid. I think you're right in pointing out the main thing I was missing was a back up program.

Safeguy, lol great pizza analogy

 

I used to be a bit overboard - Vista 32 bit - ZoneAlarm Internet Security Suite, Malwarebytes,Spybot.

Since moving to W7 64 bit, I decided to streamline ops - I now use Kaspersky Suite 2013 and that's it ! Apart from Nirsoft's CurrentPorts which doesn't really count...