Companion to Webroot for Insane Click On Everything You Shouldn't Person

Discussion in 'other anti-malware software' started by SevereWX, Jan 13, 2014.

Thread Status:
Not open for further replies.
  1. SevereWX

    SevereWX Registered Member

    Joined:
    Nov 19, 2012
    Posts:
    5
    Location:
    USA
    I offer my sincerest apology if I've posted this in the wrong area, or asked a question that's been asked and answered a thousand times before.

    First a little background: I need a new security setup for my mother's computer. She is the anti-security expert. It doesn't matter how much you preach to her and try to teach her basic internet common sense. Don't blindly click "yes" on everything. Don't click on strange links in emails. She does it all anyways to the point she has to have her credit cards replaced at least a couple times every year due to credit fraud.

    I tried F-Secure on her system last year because of the banking protection feature. I explained to her how it works, but she insists on turning OFF banking protection as soon as the little drop down bar appears, and then doing her online banking with the feature turned off. She's also managed to get a couple trojans this past year that F-Secure completely missed.

    I keep reading all these wonderful things about how good Webroot Internet Security Complete is, and that it won't bog down her pc's performance. But I am hesitant in that I feel it may not be enough for her dangerous habit of clicking on everything and anything that common sense ought to dictate one shouldn't.

    So I'm thinking she might need something layered with Webroot suite, but the more I read on complimentary products, the more confused I get. I feel I need something more on there, and I was reading that both Emsisoft (either the suite or just Online Armor?) and Voodooshield are excellent products to layer with Webroot.

    Would one of these products be a good choice to put on her computer to help harden it against her insane disregard for common sense safety practices? Any and all suggestions would be very much appreciated. Thank you all in advance for your time!
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Keep it simple only webroot. With settings controlled remotely (web console) and WSA password protected in the GUI. Also setup the cloud backup in WSA so that any deletion / messing up with files and documents could be reverted.

    Finally if you are on windows 8, turn ON File History and make a system back (both windows 8 features). This will cover from major disasters.
    If your mother do not need to install anything than create an ad-hoc limited account.
     
  3. subhrobhandari

    subhrobhandari Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    708
    Well, here are my recommendations:

    1. Use HMP.Alert and Windows Firewall Control (in my signature). In WFC, use medium filtering (recommended) and disable the ability to create rules by other programs and password protect the configurations. This will help even if you get infected. Webroot is excellent, I have been using them since years (long time Prevx and WSA private build tester), just be sure to set as maximum protection and password protect the configurations and you might even try Zemana/Spyshelter.

    2. Emsisoft is excellent in my opinion but is a real resource hog, but if you (or your mum) dont use much of extensive applications, you can give it a try. I used Voodooshield in the past but I never quite liked the approach, it was just not my cup of tea.

    3. You can also use Adblock Plus with MDL subscription, or even use a hosts file to block malware domains.

    4. Finally get her a limited account and password protect your admin accounts, that should help a little. If you have some time, Use EMET and use maximum protection and add your browsers/other net facing applications.
     
    Last edited: Jan 13, 2014
  4. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    WSA + Sandboxie. An alternative would be Chromebook, which as far as I know, isn't as vulnerable to malware attacks.
     
  5. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,228
    Location:
    North Texas
    I have been using WSA Complete over a year...recently added VoodooShield and everything is very light. I probably don't take the risk your mother does but I haven't had anything get through. I doubt that you would need assistance but their forum folks are there most of the time and can help if you ever need it.
     
  6. 93036

    93036 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    87
    I also have a very click happy relative. After their laptop crashed and burned, I rebuilt it, and installed Avast 2014, MBAM [real-time], and MBAE. The husband decides to turn everything off that was blocking his cool software installs; and got re-infected again.

    This time I password protected Avast & MBAM, and have them do silent scans with mandatory removal/deletes. No more issues...yet!
     
  7. SevereWX

    SevereWX Registered Member

    Joined:
    Nov 19, 2012
    Posts:
    5
    Location:
    USA
    I do like the simplicity of just running Webroot by itself as you've suggested, Fax. I may go ahead and just put that on her machine and see how it does for a while, and if any issues arise then I can decide what steps to take next.

    Thanks for the suggestions, I am grateful for the advice everyone has offered.
     
  8. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,559
    Webroot with Comodo FW works well.
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Or you could solve it and put this to rest.
    Install something like Deep Freeze that will revert back every start up to a clean state. End of story. :ninja:
     
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Use AppGuard, set it to locked-down and disable the user-interface ;)
     
  11. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    858
    Location:
    Blue Ridge Mountains
    I was going to recommend bulky mittens...:D

    The others have given more practical advice, I suppose. :cautious:
     
  12. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,049
    The problem with all the advice is it does nothing to stop the problem which is simply bad behavior.

    Here is what I would consider. If you have access to her online banking, change the passwords or turn it off.

    If you don't, then I would prepare a document stating she is putting all her funds at risk, and then if she loses her money it will be solely her consequence to live with. Then make her go to a lawyer with you and sign it. A bit extreme and it maybe cost a few bucks, but that might drive the point home.

    Only other option would be a pair of wire cutters.

    Pete
     
  13. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Only thing I could think of would be AppGuard with locked settings.

    The careless user is the perfect test case for anti-virus failure and it's always the obviously malicious stuff, which gets through undetected. Drive-by downloads and exploit delivery becomes more and more difficult, because most products can detect that now. But it doesn't matter, just send a .pdf.exe or .mkv.exe file through e-mail and it works. The fact that there are still so many file guards out there, which don't go red alert at on double file ending, leaves me flabbergasted.
     
    Last edited: Jan 15, 2014
  14. Windows_Security

    Windows_Security Registered Member

    Joined:
    Mar 2, 2013
    Posts:
    3,082
    Location:
    Netherlands
    Step 1: as outlined by Pete: :argh: + 1 :thumb:

    Step 2: (alternative other option, like I have for my mother of 80): XP Pro running PowerUser with DefenseWall guarding all threatgates and HitmanPro hidden in the router.

    Problem is not ignorance only:
    1. Friends helping her to enhance her PC and install all sorts of crab. It is so funny to see them bite the dust:
    a) being a Power User (impersonated as Admin) :blink:
    b) running into DefenseWall, bouncing back hard :argh:
    c) the AV being out of their reach (in the router) :D

    2. Friends who she trust sending her funny emails, with click to open attachements (some with stupid movies, others with malware)

    3. Vulnaberable to social engineering (older people are probably more inclined to respect authority, being helpful to their banks), luckily a public information campaign in the Netherlands, reduced this risk
     
    Last edited: Jan 15, 2014
  15. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Oh you have clicker machines you work on as well? My younger kids are clickers, so I have some experience in this.

    One thing I can tell you for sure is Webroot alone will not do the trick.. Period, end of story. If you want proof search google with adblockers disabled for "Firefox", click on the first link. It's a trojan downloader that goes right past Webroot, and installs a bunch of crap. MalwareBytes/Chicalogic nails it, Webroot is ignorant of it. I have run into this way too many times to put full trust into most single packaged products. (Webroot or otherwise - for the record)

    Appguard is too intrusive for a clicker that doesn't have much PC knowledge in my opinion, and the whole 'click here to install' stuff doesn't work too well. Especially for kids, or really bad clickers.

    I'd go with Webroot+MBAM/Chicalogic, set Webroot Heuristics to max, and MBAM/Chicalogic PAID set to realtime file/web protection. That should solve most issues.

    If they are really bad clickers, add BotRevolt, you can find coupons for that for $9.99 unlimited PC's. Basically it's Peerblock that doesn't suck, and has better lists, well over 1.6 MILLION malware domains.

    F-Secure isn't bad, but still misses stuff with heavy clickers, so even with F-Secure I would add MBAM-Pro/Chicalogic, and BotRevolt.
     
  16. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Combination I used to use for a relative's XP computer:
    Returnil always on (except when I'd change things)
    All user documents (including bookmarks) on another partition
    Panda Cloud Antivirus
     
  17. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    You either cure the insanity or you prevent the clickings from even happening. :p

    Seriously though, perhaps consider some form of whitelisting.
     
  18. Baedric

    Baedric Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    163
    I like all of your ideas, but I would add Norton DNS in the router. Webroot and MBAM paid together is a pretty good combination in my opinion. I prefer peerblock to BotRevolt, but BotRevolt is supposed to be moving to a free version that auto-updates somewhere down the road. The problem I have with BotRevolt is that is fails to always load on startup, and you have to re-install it to update the lists.
     
  19. sm1

    sm1 Registered Member

    Joined:
    Jan 1, 2011
    Posts:
    520
    @SevereWX Replace Windows with a Linux distro. Use Norton DNS. Install chrome browser and use bitdefender trafficlight extension (it blocks lots of phishing & malware links) :)
     
  20. DoctorPC

    DoctorPC Banned

    Joined:
    Jan 9, 2014
    Posts:
    813
    Botrevolt doesn't require a re-install to update lists, and loads fine on startup. That was an early version that had issues. Also the free version of botrevolt now updates. So free is perfectly viable now if you don't want to pay the $9 - but keep in mind the free version is several versions behind the paid version (which is an entirely different installer) Also, BR tells me they have a major patch coming out in a few weeks when I asked them about some features I wanted. The biggest difference is peerblock has way too many good IP addresses it blocks. Like OperaASA, and many AV update IP's, etc. BR has a staff that manually removes bad blocks like that, and creates custom lists. BR staff removes dead IP's as well, I noticed they pulled several thousand 'dead' IP's last week alone in tracking numbers.

    So overall, it's improved, and seems to be getting better. I only run it on 'clicker' machines to be honest.
     
Loading...
Thread Status:
Not open for further replies.