Best Security Setup For Non-Geeks

Discussion in 'other anti-malware software' started by TheKid7, Jun 11, 2008.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    From time to time people who have a very low knowledge of computers and computer security ask me for Security Software Recommendations. I have difficulty making recommendations to them since most of them want install/forget type security.

    What Security Software (Free and/or Paid) would you recommend for these types of people?

    Thank you.
     
  2. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    For a similar problem, look for the recent thread "Security setup for girlfriend".

    That said, I would say:
    -OS Hardening
    -AV
    -AS
    -DefenseWall

    If the system doesn't change much (install of new apps), LUA is a great way to go.
    Also consider separated partitions for system and data.
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    What are some examples of OS Hardening?

    Thank you.
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I am going to use following set up for dummies, pretty fool proof. It is intended for some of my friends who format their PC almost every month due to kids.

    1- Returnil with protection for C drive/ partition.
    2- EQS in silent mode with few block rules only( block autorun.inf creation, block drivers install, physical memory access, debug and disk access)- zero pop ups.
    3- TF with autoreply for all pop ups. One custom rule for it to work as an outbound FW with auto action/ reply as well( allow rules for browsers, messengers etc).


    This will have zero pop ups and almost fool prooof protection.


    For a non-static( dynamic) PC I will use:

    Antivir &
    ThreatFire

    Windows FW is present ofcourse in both these set up.
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    OS Hardening refers to closing some security gaps in windows, in a preventive way.
    It can mostly be done manually, but there are some apps that can do this in an easy way. Most of those apps need to be run just once.
    The hardening includes disabling some vulnerable services, closing ports, etc.
     
  6. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  7. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    Hello,
    For non-geeks: Firewall + AV + Firefox
    Usually, firewall: ZA or sygate, AV: AVG (until recently) or AntiVir ...
    That's it, no more, no less.
    Mrk
     
  8. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    extremely useful add-ons to FF to extend security.
    NoScript
    AdBlocker
    Customise Google
    :)
     
  9. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I have found for what I term as 'non-geeks', any security application that shows more than a handful of prompts, will promptly be ignored by said 'non-geek' with a quick 'allow' and 'remember my decision' ticked. lol.

    If the peep just wants to surf etc., I don't install anything which will require the 'non-geek' to make a decision about. If he knew the answer to those prompts, he probably would not be having someone else secure the computer for him/her.

    I say simple AV and properly configured OS are enough. I spend more time going over the importance of using hotmail or yahoo instead of the isp mail account, and what not to do etc. Same goes for browsing. Ditch IE and go gecko or opera. Do not use OE. Do not click on anything online. Ever. Everything for free is a gimick. Always save your data to cd or other hdd.

    Lately I have been recommending TF, and most seem to like it so far as they don't have to interface with it. Honestly, I would say that having them save thier data is the best thing I ever did. Now I just go in and say to them

    'Problems eh? Installed too many demo's have you? lol. Want it to run like it did the last time I rebuilt it? Yeah? Did you back up your stuff like I have been telling you? All your email online? Pictures? Cool. Should take about an hour or so. Yeah, I would like a brewsky. Thanks.'

    lol. An ounce of prevention.... and a good ghost image of thier system just the way they like it. Now if only I could remember to have them use subst more...

    Sul.
     
  10. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I just set my non-geek family/friends up with a simple security suite. I don't have any preferences to which one because personally i find that teaching them the basics of staying safe online is far more important than which brand of av to use. Having recently taught my sister this she gets by just fine with a simple AV and vista firewall.
     
  11. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi,

    See post https://www.wilderssecurity.com/showthread.php?p=1255262#post1255262 and https://www.wilderssecurity.com/showpost.php?p=1253331&postcount=15

    I would prefer DefenseWall paid over GeSWall paid at the moment. Whe it has to be cheap use GeSWall free for only one internet facing application (the browser).

    So DefenseWall + TF would be my choice

    TF: auto respond to grey alerts (known Potentially Unwanted Applications, PUA's) and red alerts (Known malware), pop-up for unknown with the instruction to click "learn more of this threat". Also set TF for making a restore point before quarantaining something

    DW; out of the box

    regards
     
  12. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    I would fall under the category of "non-geek" and there is no way I could use EQS, that program is far from being created for a newbie/non-geek/beginner/ which = me.
    Block autorun.inf creation o_O :doubt:
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    You are right but I am going to configure it for my friends and after that they eill not get even a single pop up.

    Autorun.inf file creation is to be blocked to stop worms that run here n there via USB flash sticks.
     
  14. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hi , Windows Firewall , Avira AntiVir Personal , Comodo BOClean , SpywareBlaster , Seconfig XP , MBAM ( Malwarebytes Anti-Malware ) , ESET SysInspector . Hardener ONE- CLICK : Advanced WindowsCare Personal ( of Iobit ) - all-in-one free tool PROTECTING , repairing and speeding your PC . ALL FREE tools ...:cool:
     
  15. Beavenburt

    Beavenburt Registered Member

    Joined:
    Dec 17, 2006
    Posts:
    566
    Windows Firewall
    One of either Avast, AVG or Avira free versions.
    Alternative browser

    Job done. You could also use a couple of hardening tools to disable un-needed services.
     
  16. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    you forgot mwav, spyware detection is paranoid...:D
    hklm\software\ole flagged as ircbot, lol
     
  17. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,702
    The emphasis was on NON-geeks ....
    Mrk
     
  18. QQ2595

    QQ2595 Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    159
    AE + PowerShadow/DeepFreeze/Returnil/RollbackEX
     
  19. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    O.k I understand what you're saying now.
    Now that you are helping your friends configure EQS thats a whole different story :D
    Without help on a program such as EQS someone like me would be completely LOST. :(

    Although I have no intentions of using EQS thanks for explaining the blocking of Autorun.inf.
    Things like this help people such as myself in the long run.
     
  20. Dogbiscuit

    Dogbiscuit Guest

    1. *Keep ALL your software fully updated*. Set Windows or programs like Adobe Reader to automatically update. If this can't be done with every program, install something like the Secunia Personal Software Inspector to alert you to updates for commonly used software.
    2. Run from within a limited user account (LUA). Use the admin account only for installing/maintaining your system. This will protect your OS files (but not the user account itself) from silent or 'drive-by' downloads if your system is not always updated, or also in the case of many zero-day exploits. You can protect the user account with a simple software restriction policy (SRP), though this might not always be convenient.
    3. Use a packet filter (Windows Firewall), software firewall, or router. This will protect your system from the internet in case Windows is not always updated, or from interent-based attacks targeting zero-day flaws in the OS.
    4. Have a backup. This can save you time in case disaster strikes.
    5. Use anti-virus software. This can provide some protection (like an expert consultant) to shield you from malware in downloaded files, some security in extra time with a newly discovered but not yet patched zero-day vulnerability, etc.
    6. Consider using an alternative browser. While other browsers may arguably not be that much more secure than IE anymore, they are still targeted less often. This can be important if your system isn't always updated.
    7. Use common sense. The suggestions above will only go so far if a user still insists on downloading software known to harbor malware, clicks on links or attachments in unexpected emails, opens SPAM, etc.

    FWIW, I just setup a new computer for a relative and covered steps 3, 4, and 5 by using Norton 360. Definitely install/forget, very good protection, and simple with an intuitive user-interface.
     
  21. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,221
    Whatever I am, I am sure a non-geek. It appears that too many here are geeks, and assume that we, non-geeks, can use many of the same applications the geeks use.

    I have never seen the need for me to use anything except an AV, Firewall, and Firefox. I have added a couple of applications, but find that they do not find anything, and if they do anything it is just ask questions that an average non-geek would find confusing.

    Accordingly, I would not even think of things such as Sandboxie. If one is not careless in opening email, and not a "risky surfer" I remain convinced that an AV such as any of the freebies that will run well on the system, Windows Firewall, and Firefox are all that are needed. A free SAS for periodic scans can be useful for the geek friend to run.

    If one wants a little more, I also think that F-Secure IS is the least troublesome "install and forget" internet security application I have found. I have not tried them all, but FSIS just worked without problems for me.

    The various AS/AT applications have never found a single thing, with the exception of a few harmless tracking cookies.

    Don't make it more complicated than it has to be. I do not even think about such things as limited user accounts either.
    Most just want to use the computer for email, and a few sites that are connected with hobbies.
    I have owned computers since 1999 without an infection, and without a bunch of security applications confusing me and loading my computer down.

    Regards,
    Jerry (A true non-geek)
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  23. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Yes for us non-geeks observing the the KISS rule is paramount. :D
     
  24. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm not a non-geek. I'm a newbie. I want to bie new : new approach, new procedures, ... and a new security setup. :)
     
  25. wat0114

    wat0114 Guest

    For a non-geek firewall, use a router instead of a software firewall. This way there's no alerts to answer, no additional load on resources and no worries about it going haywire (inexplicably blocking Internet, freezing, failing to start, etc...) for some reason.
     
Loading...
Thread Status:
Not open for further replies.