Best security setup without any needed updates ?

Discussion in 'other anti-malware software' started by Metting, Aug 27, 2008.

Thread Status:
Not open for further replies.
  1. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Hi friends

    I need your opinions in setting up XP PC at max security but without using any security app which needs frequent updates, i.e no AV, AT, AS or any other application which uses blacklist or white list database in order to avoid updating.

    I have nothing in mind to do the job except installing a good classical HIPS like SSM or similar, also some sandbox app and may be an imaging software.

    Is this enough ?
    And in case of yes what HIPS, Sandbox, and imaging software which are playing nice together? do you recommend any certain apps ?

    Is there any dangerous uncovered area in this setup ?

    Do you have any better idea ?

    Thanks in advance.
     
  2. Dogbiscuit

    Dogbiscuit Guest

    Here's one suggestion.

    Assuming you always keep your OS and application software updated (this really is necessary for most of us), then run in a limited user account (LUA), use a software restriction policy (SRP), and make a few auto-start registry modifications. I do this and use Acronis TI.

    If you're interested, there are threads here that detail exactly how this is setup.

    It's not difficult, it doesn't add any performance loss that I can discern, and is free (even Acronis has a free version for some disk drives).
     
  3. Metting

    Metting Registered Member

    Joined:
    Aug 3, 2006
    Posts:
    100
    Many thanks Dogbiscuit,

    Any links available ?
     
  4. Dogbiscuit

    Dogbiscuit Guest

  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    My own no updates setup:
    Sandboxie+Returnil
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I think so. Dogbiscuit's approach is excellent because you can really minimize security applications on your computer although some people might feel uncomfortable with those settings.

    A sandbox approach (I would include virtualization) is also IMO very safe (I'd say 99% against 90% for good antivirus). It will really keep your system clean most of the time. HIPS might detect keyloggers if you are worried about privacy.

    I think Wilders has a lot of threads about sandbox/virtualization/imaging software. Trialling applications to check for conflicts, not only is necessary but it could also be fun.

    I've personally adopted this approach for 3 years, and my system is not only always clean but holding the original configuration.
     
    Last edited: Aug 28, 2008
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Same here, along with Ghost Images. :thumb:

    People say that nothing is 100% secure.

    All I can say is that I have deliberately downloaded/installed heaps of malware and my Sandboxie/Returnil combo has been 100% secure so far.

    In fact, if I remember right, Sandboxie has withstood everything on it's own merits.:cool:
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It is a great approach, only requires XP Pro [EDIT: did not know of that trick TLU mentions :thumb: :thumb: :thumb: ]
     
  9. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    my setup will be SandBoxie with AppRanger or DEfenseWall Hips with AppRanger:thumb:
     
  10. jdd58

    jdd58 Registered Member

    Joined:
    Jan 30, 2008
    Posts:
    525
    Location:
    Arizona
    Another vote for the Returnil & SandboxIE combo.

    Super light and probably as secure as you will ever need.
     
  11. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    Sanboxie and a backup image on both desktop and laptop, along with SAS. Superantispyware has a pretty easy job. Nothing's gotten past Sandboxie.
     
  12. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe

    Quote, plus an HIPS. ( But really you don't use also an av ? )
     
  13. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    I've been using Geswall for net-related apps (virtualization), a HIPS and Winpatrol Plus to have a controll over my system.
     
  14. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I use a combination of a rule based firewall, classic HIPS, and a web content filter. Each is configured to allow only the traffic, activity, and content I want while blocking everything else. Combined, they enforce a default deny policy that prevents any changes to my system. I've used this combination on several PCs with different versions of Windows for the last 3-4 years with no problems. Haven't used a resident AV on any of them in that time.
     
  15. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Re the Sandboxie + Returnil (or some other imager) combo...

    Whether you use a sandbox or not, there will eventually be SOME downloads that you will want to keep permanently & use every so often. Does a sandbox guarantee that those downloads will not be infectious? No.

    By the same token, restoring an image made prior to such downloads will surely prevent infections by subsequent downloads, but it will also prevent adding/using anything new. Thus, at some point in time, he will not be able to restore an image IF he ever wants to add anything new to what is on that image, right? Right.

    In other words, at SOME point in time, someone who actually USES his computer for something more than gadding around on the internet will eventually have to accept an UN-sandboxed, UN-imaged download of some sort into his previously pristine computer, won't he? Yes, he will.

    With only SBIE & Returnil, how will he ever know if the stuff he adds to his set-up is infected or not? Will he learn of an infection only when his computer slows to a crawl or locks up altogether?

    Bottom Line- somewhere along the line, I believe that a user will need SOMETHING whereby he can assess the "friend or foe" nature of a download he wants to keep.

    A HIPS or blacklist-based-app &/or whitelist-based-app or behavior blocker -- whatever floats his boat -- but SOMETHING!
     
  16. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Whilst the OP should set up his machine however he sees fit, it seems to me that since I have been here at Wilders fashion has gone full circle. When I first arrived it seemed to be the fashion to cram as many security programs as possible onto your machine, now the fashion seems to be to use as few as possible. Personally I think there can be a happy medium for me this is Returnil, Sandboxie and an AV, backed up (no pun intended) by a good backup regime.
     
  17. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I would vote for shadow defender in preference to SB and Returnil. All drives or partitions can be protected. If something has to be saved then it can be but for general surfing its just set the protection and reboot when done.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,633
    Location:
    U.S.A. (South)
    Returnil + SandboxIE is definitely one combo that draws a concensus, but to echo Bellgamin's overview, if he was to add something NEW in a program, text, what-have-you, it would need be best to also add that app to your image.

    I suppose then that depends on your imaging app. I use the little image program DriveSnapshot personally to re-image by merely overwriting the "clean" image (.sna) i keep stored and add to that image any apps deemed worthy enough to preserve & restore with the overall image.

    EASTER
     
  19. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    In real world terms/experiences combo Returnil/SBIE is hard to beat by anything. I use this setup now for 9 mnd and my system is fast and clean,i dare even to say that one or the other is already sufficient. :thumb:
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I agree that at the very least an AV and AS app should be used, free on-demand ones are just fine, to scan any files you intend to keep before opening them and/or allowing them outside of the virtual system/sandbox. HIPS, behavior blockers, all of that is optional stuff and totally dependent on individual need. SandboxIE alone has proven over and over again to be resistant to even the baddest of the bad boys (that I'm aware of so far), so it's not too crazy to consider it and a couple of good virus/spyware scanners to be one hell of a fortress. I completely understand the reasoning behind the behavior analysis and HIPS recommendations, but am I that far off the mark when I think that if a file comes up clean after a scan or two from trusted scanners, that it's not likely to have any bad behavior to analyze?
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    That's where you upload to Virus Total or Jotti's malware scan which isn't 100% effective either.

    The last installer I uploaded to Virus Total was of the rogue Wista Antivirus 2009 which had been morphed so as not to be detected by any scan engine.

    Installing through Sandboxie showed me it was a classic example of a rogue app.
    Malwarebyte's Forum
     
  22. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Regarding the SBIE+Returnil and potentially infected files:

    SBIE+Returnil are my only real-time protection. For checking files, I use virustotal. For large untrusted files (>10MB), that can't be uploaded to VirusTotal, I use on demand scanners: CureIt, AVP Tool, SAS, MBAM.

    I don't install much programs, my system has been fairly stable for months, except for the classic security software trial. Most changes are only on the data partition and 90% of the files saved are created by me or fully trusted. For the other 10%, as I said, VirusTotal.

    I used a HIPS for a short period of time, but my laptop is a tool to get things done, not to answer prompts.
     
  23. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Running SBIE + Returnil or my prefered option Shadow Defender means that for all practical purposes you are NOT going to get infected. bellgamin has quite correctly asked how you protect against things you download. My answer is that I use my machines for real world work and am not a compulsive downloader of every bit of crap that I see. when I do download it is from known reputable sources. Of course these reputable sources may be compromised but I can live with real probabilities and see no need to be paranoid. To those who are concerned about contamination between reboots I would suggest encrypted data for passwords, credit cards etc. The best security setup without any needed updates is simply to have the right attitude and not to see yet another program as the solution. As always if anyone wants to suggest a program that I can use to check any one of my machines I am quite happy to do so in the almost certian knowledge that nothing will show up.
     
  24. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    I find that a combo of Defensewall & Returnil works good too. Actually, most of the time my preferred setup is Defensewall / Sandboxie / Returnil with Avira Premium just there to say it ran into something.
     
  25. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Image software.
    Drive Snapshot
    DriveImageXML
    Install OS, update, (don't know how your going to get around not updating the OS) tweak how you want, then create image.
    Add SBIE
    Create image.
    Returnil
    Create an image.
    Hips
    Create image.
    PCLogger
    Create image.

    Returnil is what I use to play poker online, not for money of course. I download the software inside a session, install, play. When I'm done playing poker, reboot and it's gone.
     
    Last edited: Sep 3, 2008
Loading...
Thread Status:
Not open for further replies.