Best security setup which doesn't need much interaction?

Discussion in 'other anti-malware software' started by Juha L, Apr 19, 2008.

Thread Status:
Not open for further replies.
  1. Juha L

    Juha L Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    48
    What would be as good as possible security setup, which needs as little input from a (newbie) user as possible.
    Computer is a Vista machine which is behind a NAT router.

    Currently there's Avira Premium with Webguard, Boclean, Comodo firewall with D+ disabled, Spywareblaster and KeyScrambler.

    D+ or other HIPS are in my opinion almost useless for a newbie user who clicks "ok" what ever happens, because he/she has no better idea. Pretty much the same thing happens with firewall alerts, so I was thinking about ditching Comodo from that setup and just use Vista firewall for these situations.

    Is there something else or better for this situation which you would suggest, other than Avira Premium with WebGuard, Boclean, SpywareBlaster, KeyScrambler and Vista Firewall? On-demand there's SuperAntiSpyware, A-Squared and Secunia PSI.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Personally out every thing you listed I would keep Avira,key scrambler,vista firewall,SuperAntiSpy for on demand scans and add sanboxie or safespace.I do not feel the need for multiple or triple spyware programs just seems like a overkill a waste of space and resources.just my 2 cents though.
     
  3. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Totally agree. Avira and Sandboxie and you really dont need much of anything else.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I really wonder what would be the outcome If multiple scanners detected something with In the same time frame,one thing comes to mind for me Is a frozen unoperatable machine.
     
  5. Juha L

    Juha L Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    48
    I don't know. I've just read reports that Boclean has catched some malwares which didnt activate any reaction out of Avira. And Boclean is free and updated often, so I don't see the downside..

    Sandboxie would be otherwise good, but in this situation it's undesirable that there's still user interaction needed for the sandbox recovery for legitimate files and stuff.
     
  6. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I agree, for a newbie Sandboxie will be confusing and eventually cause issues. The current set up is very good plus you're running Vista with UAC and IE in protected mode, so this should work well for a newbie.

    The only change I would make, since it's a newbie, is to use the Vista firewall in place of Comodo. Once again back to the point of the newbie just always clicking OK (so what good is Comodo going to do them if they always click OK, plus the Vista firewall is pretty good).
     
  7. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    Hi,

    Against zero-day threats (Boclean) you can also use ThreatFire (free) or Norton Antibot, both are quiet programs.

    Instead of Sandboxie you might try GeSWall, the free version is basically configured for web browsers.
    GeSWall would be interesting, if you want to turn off Avira's Webguard.

    Because of the firewall you can take a look at Online Armor free, disable all HIPS features and activate "Automatically allow trusted programs to access the internet". With this setting you will only see a single popup for every unknown program.

    Cheers
     
  8. bman412

    bman412 Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    261
    How about Avira free and Returnil with protection status set always on except during weekly computer maintenance to get av/software updates.
     
  9. Juha L

    Juha L Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    48
    Just wonder how a newbie handles the fact that every change in system partition will be gone, meaning My Documents, Desktop etc. You have to be always aware what changes of every program affect system partition and are not permament, and which are permanent when saved to a non-system partition. Could be a bit too complicated for a newbie imo.
     
  10. Juha L

    Juha L Registered Member

    Joined:
    Dec 25, 2007
    Posts:
    48
    I think I will check ThreatFire cause I never tested it before.

    One thing which is unclear to me is, wheter it's signature based or behaviour based, or both. I thought before it's only behaviour based, but remember reading somewhere that it's infact signature based.. o_O
     
  11. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Terve!

    Just put all important data to the other partition. Of course you can exit shadow mode or use commit now.

    EDIT: You should test DefenseWall too. It's so easy to use and protection level is very high.
     
  12. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Maybe something like IE-SPYAD if you use Internet Explorer http://www.spywarewarrior.com/uiuc/resource.htm or MVPS Hosts file
    http://www.mvps.org/winhelp2002/hosts.htm I use both MVPS and hpHosts file with HostsXpert http://www.funkytoad.com/content/view/13/ to manage/merge the lists. I also use Web of Trust (WOT) with Firefox http://www.mywot.com/
     
  13. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    ThreatFire would be a great addition to your setup. Per your ThreatFire whitelist question, please see http://www.threatfire.com/faqs/.

    Returnil is also a fine addition if you have separate system and data partitions, or are willing to use a Returnil virtual partition for data, and don't need to change your system partition too often (i.e. you don't install programs often, don't change program settings often, etc).

    If you don't want firewall alerts, then I agree also to ditch Comodo Firewall.

    You can have as many on-demand scanners as you wish on your system. It's probably a good idea to have several anti-spyware on-demand scanners, for greater coverage.
     
  14. subset

    subset Registered Member

    Joined:
    Nov 17, 2007
    Posts:
    825
    Location:
    Austria
    As far as I know is Threatfire Free only behaviour based, but it uses a Whitelist and a Blacklist.
    The Blacklist is a database of known threats, the alert prompt for such known threats is red, for unknown threats yellow and for Adware grey.
    Only Threatfire Pro uses an signature based AV engine.

    Cheers
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    DefenseWall, absolutely the easiests HIPS, combine it with Vista LUA (in quiete mode at the minimum, see TweakUAC), free VistafireWall control and with Avira you will secured all the way.

    Job done
     
  16. ooooo

    ooooo Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    33
    Windows Firewall + Threatfire + BOClean
    no antivirus no antispyware no hips no sandboxes
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    00000,

    Policy containment or rights/authorisation management is with antivirus the easiest and straightforward form of protection (lua or soft sandbox)

    Next easiest to uses are threat mitigation (staying ot out dangeroous places), e.g. linkscanner, AVG webshield, HauteSecure and other block list programs, with some form of hardening against threats.

    ThreaftFire is behavior based, behavior based HIPS are the next easiest to use HIPS (TF, Norton Antibot, PRSC, Mamutu)
     
  18. ooooo

    ooooo Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    33
    I removed Antivir and Avast and installed BOclean faster and easiest no usage required
     
  19. SamSpade

    SamSpade Registered Member

    Joined:
    Oct 22, 2006
    Posts:
    415
    I have been using Online Armor with AV+ (the Kaspersky anti-virus engine included with the OA firewall and HIPS) for about two months, and I am very pleased with it. Before that I used OA full (firewall and HIPS) without the AV+ module, but with my nod32 antivirus (which, of course, I do not use with AV+). I find the OA AV+ suite delivers what I need, and it runs lighter, my computer runs quicker, downloads are faster, browsing is better. There are some pop-ups whenever opening or installing new things, but that is common with all HIPS; that's what they do: check with you to see if what you are about to install or run for the first time is what you really want to do.

    It's true I ran my nod32 with very tight filtering; I had used Blackspear's settings, which seemed as protective as possible, maxing out the capabilities of nod32. I think this then slowed my system down a bit; not a lot but more than if the settings had been less restrictive or all-encompassing.

    With OA AV+ I feel I have the protection I need in as light a package as possible. I do not surf the underbelly of the web; I use primarily Firefox with NoScript, and I have not had any serious infections for many years.

    Hope this helps.

    SamSpade

    |||
     
Loading...
Thread Status:
Not open for further replies.