Am I Protected Enough?

Discussion in 'other security issues & news' started by Pan, Apr 5, 2003.

Thread Status:
Not open for further replies.
  1. Pan

    Pan Guest

    Hi

    I'm just wondering if there's anymore things to install/configure on top of what I have got:

    Dr.Web
    Kaspersky 3.5 (as backup scanner)
    TrojanHunter
    Outpost Pro
    Ad-aware
    Spybot
    SpywareBlaster
    SpywareGuard
    MRU Blaster
    Eraser
    Tracks Eraser Pro
    PocoMail combined with MailWasher Pro instead of OE.
    Phoenix instead of IE (not really for security reasons though)
    Hosts Files for browser and built in popup stopper.

    I have disabled all services I don't need. I have disabled NetBIOS and closed other ports apart from 135. Also disabled Windows Media Player scripting.

    Is there much more I can do?
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    You have a very strong mix of security products there, and some very first rate tools in that list. As long as you add to that Common Sense v2.0, I think you are all set. (Tools aren't everything if the interface between the chair and keyboard messes up. ;) )

    While what you have is quite good, there are two areas I think that you might want to look into. One is an active registry key monitor. RegistryProt 2.0 (link) is a free tool from DCS that watches the Run keys and warns you when something is added. You get to either allow it to be added or block it.

    The other tool is some sort of active script monitor / controller. A basic but good(and free for that matter) product is ScriptSentry (link). Then there is Wormguard (link), which is a much more powerful commercial tool from DCS.

    Just a couple ideas, :)
    LowWaterMark
     
  3. Pan

    Pan Guest

    Thankyou for the reply. I will give all those tools a try. I take it that if I used WormGuard I wouldn't need ScriptSentry as it's more powerful or do they both provide different methods of protection ?

    Also are these tools bloaty at all? Last thing, what software do you run if you don't mind me asking.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    These tools are very, very light on the system and very powerful. Wormguard and ScriptSentry don't run as processes. I believe they are both just hooks that intercept certain file associations so that when you run a file of one of those types, they scan the file first for potential problems and alert you as needed. (There may be more to Wormguard than that, but I'm not sure as I don't use it. Plenty of people here do and they may well comment further.) If you get Wormguard I doubt you'd need to use ScriptSentry.

    RegProt is a process, but an incredible small and efficient one. You won't even notice it. (At this moment it's only 124K on my system and it's used less than 1 second of CPU time and my system has been up 12 hours.)

    What security software do I use? Sure you can ask. Here they are:

    Tiny Trojan Trap (Sandbox)*
    Zone Alarm Plus
    AVG and F-Prot for DOS
    Spybot S&D, SpywareBlaster
    ScriptSentry
    RegProt
    IE-SpyAd w/very secure IE settings
    SMartin Hosts file
    And a few XP security tweaks.

    * TTT may well be the most powerful security tool that there is, in my opinion. Here is a thread (link) about it. However, it is very complex to setup and many users find it more work than they want to put into a security tool. With it, many other security products become unnecessary.
     
  5. Pan

    Pan Guest

    What exactly does TTT do? And what sort of other security products are no longer needed if you use this. Also have you tried FileChecker from Javacool, may try this to protect security software files unless other tools already cover this.
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Tiny Trojan Trap is a sandbox application. The sandbox is a metaphor, of course. It means that in terms of interaction, a program no longer communicates with the Windows OS directly, but rather all its interactions are filtered through TTT. A program that is configured to be "restricted" in TTT "plays in the sandbox" under the controls and within the limits that you configure. You can add layers of restrictions at a very low levels to any of the accesses between the program and the OS (or other programs).

    What this means is, in TTT you can set up incredibly detailed access rights for any and every application on your system. You can control the files and directories a program can access, what registry keys it can use, as well as the system services and devices that it can call. At the very detailed level, you can control whether the program can "spawn" another process or call another program, you can control its use of the clipboard, prevent it from simulating keystrokes, allow/block it from calling a system shutdown or terminating another process, and more. Further, you can define these accesses in many ways - no access at all, read-only, modify & write, delete, or full control.

    So what does this mean on a practical level? Well, say you use IE or OE but you don't ever want them to have access to any of your personal files, or any other program on your system, TTT can limit them. (After all, IE is so heavily integrated into Windows now that it can do almost anything, right? Just look at the power of Windows Update and what it can do on your system. TTT can limit all of that. It can make IE "just a browser" again.)

    In TTT, you also have more than just the option to allow or block, you can set any of these accesses to inquire and/or log. So, for example, you could have it warn you of an attempted access, (of any of the things mentioned above), and have it pause the program and ask you what to do right at that point. I find this really useful when I want to see what a program is accessing or changing, and I want to allow or block it at the time the program is running.

    I'm not sure I do justice to the description of the product. I know what it does and how to use it very well now (after 7 months with it), but describing it is difficult, and it can be a lot more wordy than just what I've written above.

    In any case, a couple other points to make. Tiny Trojan Trap is technically no longer available as a separate product since it was fully integrated into the Tiny Personal Firewall when version 4.0 came out. (The current version of TPF is now 4.5. See the Tiny Software (link) site for information on TPF. Note also that the install kit for TPF allows you to install just the Sandbox, so that if you want "TTT" without the network packet filter (firewall), you can still have it.)

    This page (link) at the Tiny site describes the elements within the sandbox.

    What does TTT replace? Properly configured, almost everything. They called it a "Trojan Trap" because it can stop all rogue applications from running on your system. If TTT is running, any new application that comes on your system is paused the moment it is run the first time while TTT asks you what to do with it. You can stop it right there, run it under heavy restrictions or, if you want, run it wide open bypassing the sandbox.

    TTT gives you incredible control of the OS and the programs that run under it.

    Whew, ;)
    LowWaterMark
     
  7. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
  8. Pan

    Pan Guest

    Sounds very good. I have got the original one from download.com. Will try it out later, I think i'll probably find it a bit too much though.
     
  9. Pan

    Pan Guest

    Tried TTT, don't really want to put so much time into it though.

    Now using ScriptSentry and RegistryProt with the list in the first post.
     
  10. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Another great utility I swear by is Startup Monitor, any program you instal that tries to put itself in the startup it jumps in and tells you and offers an 'accept or not' warning.
    Very lite on resources and I love it, its amazing the things that try and get added!!

    http://www.mlin.net/StartupMonitor.shtml
     
  11. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Great! I think you'll be very happy with those two additional security products. As far as TTT goes, I understand fully. You have to really want to take the time to make a go of it, otherwise it'll just get in your way all the time. The last thing you want to do is to spend all your PC time working a security product rather than using it for whatever it was that you originally wanted to do. ;)
     
Loading...
Thread Status:
Not open for further replies.