Advice on security setup.

Discussion in 'other anti-malware software' started by Frozer, Sep 24, 2008.

Thread Status:
Not open for further replies.
  1. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    I have recently become rather concerned about my computers security, and are therefore looking for a new security setup.

    The one I'm currently considering is this one, all programs are newest version:
    Router
    NOD32
    Outpost Firewall Pro
    SUPERAntiSpyware
    Firefox v. Noscript, Keyscrambler, Adblock Plus

    I'm running Vista with SP1.

    Should I change any of the programs or maybe add some ?

    Also what would be the best solution for creating snapshots of my system at various times, and recover them if the need should arise?
     
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    you are very protected:thumb: is the SUPERAntispyware free or paid version?
     
  3. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    I'm testing the paid version and will buy it when I have finished testing it.
     
  4. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    SUPERAntispyware and keyscramble are my 2 top recomendation here in your set up,they are two good apps that i testify they do their job:thumb:
     
  5. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    My advice, ditch nod32 and use either Avira Antivir Free or Premium version instead. Aside from that, it is an excellent setup.

    Id also recommend Drive Snapshot as your snapshot software. Its extremely reliable in my experience.
     
  6. virtumonde

    virtumonde Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    501
    It's great setup.U don't need to ditch or add anything.Outpost pro & router you really cut possible malware traffic.
    Also you can use outpost ip blocklist
    For snapshot you can do a search on the forum for rollback rx,eaz fix.Paragon drive back up also has excelent back-up restore capabilities.
     
  7. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I agree that it's a good, strong setup.

    It's just personal preference but I prefer and have more confidence in Malware Bytes AntiMalware (MBAM) than SuperAntiSpyware.
     
  8. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    IMO I wouldn't ditch anything but If you still feel as your not secure enough you can use sandboxie for internet facing apps and properly configured would be hard to find a more secure set up.
     
  9. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    I have seen MBAM mentioned quite a bit here so I'm going to test that one as well.

    As to imaging/snapshot programs, I am currently looking at Paragon Drive Backup and ShadowProtect. They seem to be getting equally good reviews, so I must test those as well.
     
  10. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Here is one you can have free by paragonhttp://www.paragon-software.com/home/db-express/download.html
     
  11. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
  12. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Actually even though MBAM is my fav of the 2, they complement each other really well - especially on heavily infected systems. I dont think they go after the same malware but instead can't really be compared.
     
  13. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    I also would use Kaspersky, or Avira, or some other av than Nod. To have a multilayer defense I would install an HIPS and a sandboxing sw. And It would be better to have a snapshot or a disk imaging software.
     
  14. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    I'm experimenting with Sandboxie at the moment, what HIPS would you recommend ?
     
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    1.Windows Defender Real time on vista under Tools, Join Advanced microsoft Spynet = Hips
    2.MD Malware Defender HIPS,Vista support
    3.RTD Real Time Defender HIP,Vista support Not sure
     
    Last edited: Sep 25, 2008
  16. TVH

    TVH Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    227
    Outpost Pro already has a fantastic HIPS incorporated into it. SandboxIE would also be a fantastic addition.
     
  17. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    I have been fooling around quite abit with Sandboxie and have tried to create a config file:

    I have a Sandbox called Firefox where I want to allow Firefox and a pdf reader to execute and access the internet.
    The Banking sandbox doesn't allow me to login to my bank it says invalid password, even though it's the correct password.
    Defaultbox isn't being used.

    Code:
    [GlobalSettings]
    
    ProcessGroup=<RunAccess_Banking>,iexplore.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,SandboxieCrypto.exe
    ProcessGroup=<InternetAccess_Banking>,iexplore.exe
    ProcessGroup=<InternetAccess_Firefox>,firefox.exe,foxit reader.exe
    ProcessGroup=<ProcessAccess_Firefox>,firefox.exe,PDFXCview.exe,sandboxiedcomlaunch.exe,sandboxierpcss.exe,start.exe,foxit reader.exe
    
    [DefaultBox]
    
    ConfigLevel=4
    AutoRecover=y
    AutoRecoverIgnore=.jc!
    AutoRecoverIgnore=.part
    RecoverFolder=%Personal%
    RecoverFolder=%Favorites%
    RecoverFolder=%Desktop%
    LingerProcess=trustedinstaller.exe
    LingerProcess=wuauclt.exe
    LingerProcess=devldr32.exe
    LingerProcess=syncor.exe
    LingerProcess=jusched.exe
    LingerProcess=acrord32.exe
    Enabled=y
    
    [Firefox]
    
    OpenPipePath=firefox.exe,\Device\NamedPipe\KSTIPipe*
    ClosedIpcPath=!<ProcessAccess_Firefox>,*
    Enabled=y
    ConfigLevel=4
    AutoRecover=y
    AutoRecoverIgnore=.jc!
    AutoRecoverIgnore=.part
    RecoverFolder=%Personal%
    RecoverFolder=%Desktop%
    LingerProcess=trustedinstaller.exe
    LingerProcess=wuauclt.exe
    LingerProcess=devldr32.exe
    LingerProcess=syncor.exe
    LingerProcess=jusched.exe
    LingerProcess=acrord32.exe
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\RawIp6
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Udp6
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Tcp6
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Ip6
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Udp
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Tcp
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Ip
    ClosedFilePath=!<InternetAccess_Firefox>,\Device\Afd*
    AutoDelete=y
    NeverDelete=n
    OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\places*
    OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*\bookmark*
    OpenFilePath=firefox.exe,*\sessionstore.js
    OpenFilePath=firefox.exe,*\prefs.js
    OpenFilePath=firefox.exe,*\bookmark*
    OpenFilePath=firefox.exe,*\patterns*
    OpenFilePath=firefox.exe,*\persdict.dat
    OpenFilePath=firefox.exe,*\pasteemailplus.dat
    
    [UserSettings_12140299]
    
    SbieCtrl_UserName=frozer
    SbieCtrl_ShowWelcome=N
    SbieCtrl_NextUpdateCheck=1223182866
    SbieCtrl_UpdateCheckNotify=N
    SbieCtrl_HideWindowNotify=N
    SbieCtrl_WindowLeft=200
    SbieCtrl_WindowTop=150
    SbieCtrl_WindowWidth=660
    SbieCtrl_WindowHeight=450
    SbieCtrl_Hidden=Y
    SbieCtrl_ActiveView=40021
    SbieCtrl_BoxExpandedView_DefaultBox=Y
    SbieCtrl_ColWidthProcName=250
    SbieCtrl_ColWidthProcId=70
    SbieCtrl_ColWidthProcTitle=310
    SbieCtrl_AutoApplySettings=N
    SbieCtrl_SettingChangeNotify=N
    SbieCtrl_BoxExpandedView_Banking=Y
    SbieCtrl_ReloadConfNotify=N
    
    [Banking]
    
    OpenPipePath=iexplore.exe,\Device\NamedPipe\KSTIPipe*
    ClosedIpcPath=!<RunAccess_Banking>,*
    ClosedFilePath=!<InternetAccess_Banking>,\Device\RawIp
    ClosedFilePath=!<InternetAccess_Banking>,\Device\Ip*
    ClosedFilePath=!<InternetAccess_Banking>,\Device\Tcp*
    ClosedFilePath=!<InternetAccess_Banking>,\Device\Afd*
    ClosedFilePath=!<InternetAccess_Banking>,\Device\RawIP6
    ClosedFilePath=!<InternetAccess_Banking>,\Device\Udp
    ClosedFilePath=!<InternetAccess_Banking>,\Device\Udp6
    Enabled=y
    ConfigLevel=4
    AutoRecover=y
    AutoRecoverIgnore=.jc!
    AutoRecoverIgnore=.part
    RecoverFolder=%Personal%
    RecoverFolder=%Desktop%
    LingerProcess=trustedinstaller.exe
    LingerProcess=wuauclt.exe
    LingerProcess=devldr32.exe
    LingerProcess=syncor.exe
    LingerProcess=jusched.exe
    LingerProcess=acrord32.exe
    AutoDelete=y
    NeverDelete=n
    
    I have allowed Firefox to access quite a bit of files to allow my sessions to be saved, does this sacrifice too much security ?

    Anyone have any idea why my banking sandbox prevents me from logging into my netbank?
     
  18. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Banks often use a https connection. While people may think that means safety, that's only partly true.

    In principle https should offer a safe connection between you and what's on the other end, protecting you from third parties, but the 'other end' (your bank ?) can basically do on your computer whatever it wants. More info about that in the privacy section.

    I have no idea if that's related.
     
  19. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    You have a strong setup as is.

    But I'm not sure if you have a HIPS tool as part of Outpost not being familar with it?

    On backup I have paragon drive backup. I put programs and windows os in C drive and user data in partition F. It means I can back up F daily quickly but I only image C weekly unless I'm installing new software.
     
  20. Frozer

    Frozer Registered Member

    Joined:
    Sep 24, 2008
    Posts:
    7
    Okay now I have experimented a bit and I have settled with this setup:
    Router
    Outpost
    NOD32
    SUPERAntiSpyware
    Threatfire
    Windows Defender v. Advanced membership of Spynet
    Sandboxie running Firefox v. Noscript, Keyscrambler, Adblock Plus

    For backup Paragon Drive Backup Personal

    The only thing I'm wondering now is if Threatfire is needed or if the other programs cover it.
     
Loading...
Thread Status:
Not open for further replies.