Confused...

Hello Wilders community. My name is Crystal & I'm new to your community. I'm afriad I don't have much to offer in the way of knowledge, hence my seeking out your help. However I am exceedingly grateful I found this forum and am hopeful that someone here can help me.

I have been reading the forums here for a couple of days and I must say, I am no closer to a solution now than when I first began researching how to most effectively secure my PC.

As I understand it, a "layered" security system is the most preferred. I also understand that there should be a minimum of three layers:

1. Prevention
2. Detection
3. Recover/Cure

I understand these layers to mean:

1. A HIPS or Virtual program
2. An AV/AM/AS program w/ realtime scanning
3. A specific tool for removing specific problems or an AV/AM/AS program. I am however confused a bit, if the AV/AM/AS program is used for detection, then fails to protect and I do get an infection, how then would these programs erradicate a problem it failed to detect?

Please forgive me as I am so lost as to what to do. Like I said, I have been reading over forums and websites for days (Wilders being my primary source for now), and it's not that the information here is not helpful. I think I am just lost in the abundance of information provided here.

What I am hoping to gain by this post, though I'm sure my ignorance is going to be highly pronounced now, is to have someone just tell me what programs to use ie: sandboxie/defensewall/avira. I do realize that security set ups are highly individualized based on each person's preferences, habits, etc... I will give a brief summary of my PC usage behavior and hope that will help any willing party guide me.

For the most part my PC usage is very bland: Facebook, Youtube, research, email, flash games (pogo etc). However on occasion my usage is classified as "high risk" via P2P, media playback etc...

If at all possible having two viable options being 1. paid 2. free to choose from would be ideal and greatly appreciated. My only program restriction request being that the options provided be reliable and realitively lightweight. Thank you in advance for any help you can provide. I do hope that my ignorance has not offended anyone here

 

Before we can help, we need to know exactly which OS you are running.

 

I think 3. means a disk imaging or snapshot program.

 

My apologies, I am currently running Windows Vista Home Premium 32bit OS (fresh install as of yesterday, so still doing windows updates & security packs etc...) If you need any more info please let me know

Trying to setup an adequate, reliable security system before I proceed with reinstalling all my programs/music/documents/etc...

Ahhh, something like Acronis True Image I take it? Thank you J_L for that clarification

 

Yes, that's what I mean. Your welcome.

 

Do you not have access to the 64 bit version? Typically you will get better security with a 64 bit OS.

The best advice I can give if you must run a 32 bit OS is to create a limited user account and use it for day to day activities. I would also say use Chrome as your browser due to its sandboxing features.

 

Install and configure everything as you like it, install all of the security software you feel comfortable with and is difficult to attack first, create an image, then connect to the internet and update. It is important to build your protection first before ever connecting to the world, which includes imaging, making sure you have a clean beginning.
You should think in terms of paths into your computer and protecting those areas as best you can. The browser is probably the Megiddo in the war for access to your system, so protecting that with a reboot to restore app, a rollback app, or a sandboxing app is extremely beneficial by providing an undo for unnoticed malicious changes.
The router is the most overlooked device in your security scheme. It is a computer that exists outside the protection envelope but within your network, an untrusted system you connect to that is susceptible to attack. It can provide a BOO for attackers to infiltrate your network.

Yes, I said your router is an untrusted computer you connect to.
If you don't pwn it, someone else will.

 

Thank you JRViejo, I have downloaded the file and am currently reading it again. I did read it before posting here but will visit the document again as I probably missed something and of course, repetition is never a bad thing when doing research is it LOL.

Unfortunately chronomatic, I do not have access to a 64bit version. My hardware as I understand it cannot run a 64bit version and I'm not sure if could that there is an alternate version on my Vista install disk.

In reference to using Chrome...I was under the impression that Firefox (which I currently use) is equally secure with its no scripting option. Is this incorrect or is it that even with the no scripting it still falls short of security compared to Chrome?

I completely agree with setting up security before making yourself vulnerable via internet connection. However, it's too late for that hence my being able to visit this great forum LOL. However I am confident that thus far, all is good as my only actions have related to research on this topic, not even email.

I agree with your point on router security as well, I currently run a wireless home network and the router is unsecured right now only because I haven't yet learned how to configure it. That is on my list of things to do.

________________________________

Another question I would like to ask, and I have read differing opinions on this note as I'm sure will be the case again, but I would like your feedback. Would it be prudent to run an "app" virtual software or a complete virtual environment? Can I run both? Just because of my already overwhelmed state right now I'm leaning towards a virtual/sandbox type of "prevention" vs a HIPS. My reason is because, and please correct me if I'm wrong, A HIPS software application would be more difficult to configure and would be terribly intrusive with the many security pop ups to be expected.

If it would lend support for any willing party who doesn't mind providing me with guidance on this point I can try to figure out how to post my full system specs.

Thank you again, I really do appreciate any and all feedback. I also would like to apologize once again if my obtuseness is frustrating to anyone.

 

My system specs are available in the attached .txt file :O) Hope this lends more information to you in your efforts to help me

 

There are a few options with virtualization, most are simple to use. Geswall and Defensewall are good and easy to use.
This may be helpful: [thread]276210[/thread]

Personally I treat the router like an angry cat. (You'd be surprised how difficult it is to remove the ethernet cable with welders gloves. ) Accessing it via a LiveCD to set passwords and configure the settings, making it impossible for an infected system to harvest your passwords to the device.
If the router is ever compromised it will be very difficult to notice the modification, everything appearing just the same as before the compromise, providing seamless MITM.

 

Wow, okay so I must say, you have really confused me with this post. I'm sure my ignorance is painfully obvious now but I fail to comprehend the comparison of a router to an angry cat, although I must say it's quite funny. I also don't understand what you mean by the router being compromised but not knowing it's been compromised and what does MITM stand for LOL. I'm sorry, I mean no disrespect, but I'm really lost now!!

 

Certain malware (a very small percentage) tries not to compromise your computer but instead tries to get control of your router.

The easiest way to protect your router is by changing the default password.
Make sure to read your router manual on how to change this router password.

About your OS, for security purposes, it is recommended to use an administrator account for updating/installing/uninstalling etc and a user account for your daily/routine usage; Youtube, email etc.
This is because, most malware, if it might bypass your security layers, will mess up only your user space; not the entire OS/admin space.

Regarding security software; this is perhaps the most difficult one to answer, especially here on WildersSecurity.
Let's compare malware (viri, trojans, rootkits etc) with burglars.
Most burglars are the run-of-the-mill type; they might try to steal your belongings but if your house has decent security measures e.g. locks/bars etc, they usually will try to steal from your neighbour who has less locks, no bars.
Here on Wilders, you can often read about very sophisticated/the newest sorts of malware, perhaps comparable with high-tech burglars.
The kind that can crack a bank vault.
While it is interesting to discuss these high-tech burglars and their techniques, they seldomly (perhaps never?) use those techniques to steal stuff from an average house.

I've used the above (poor) metaphor to try to explain that you could secure your house as if it was a bank vault but imao you will only need to make sure you have very decent 'house security measures', not necessarily 'bank vault security measures'.

So, back to your first post;
1 Prevention;
- Make a separate user account.
- Keep your OS and programs up-to-date. For this (your programs) I recommend the program Secunia PSI, it can show you which (most common) programs are not up-to-date and it can automatically offer you the needed software to update the lot.
- Install an AV (I'd recommend either MSE, Avira or Avast for free and Norton AV if you don't mind paying).
- Use an ad blocker for your browser. A lot of drive-by malware, the kind that tries to infect you while you surf the web, is due to hacked/compromised ad servers. Therefore I recommend the Firefox add-on AdBlockPlus.
- If you are wary about using a HIPS, don't use it unless you are willing to learn and invest some time.
- Prepare on using Sandboxie, this is an incredibly strong security program while rather simple to use. Of course, it also has a learning curve but you can find excellent advice here on Wilders on how to set it up.
One might argue on why learn about Sandboxie and not about a HIPS but there is a plethora of HIPS, all with their own specifications. Sandboxie is unique and therefore (again, imao) more user-friendly.

2 Detection;
- The AV mentioned above is meant for protection and detection. In my book they fall in the same category as in, they detect and prevent.
You can add an extra detection layer e.g. extra on-demand scanner for downloaded files. Try MalwareBytes'AntiMalware and/or HitmanPro 3. Be aware though, that on-demand means that you'll have to scan downloaded files/programs yourself.
(The paid-for version of MBAM scans/detects in real-time, just like the mentioned AV's).

3 Recover/Cure
- As you wrote yourself, imaging is the way to go.
For this purpose, I always make a separate partition for OS+programs and a separate one for data e.g. pics, docs, music, movies etc.
If the OS partition gets infected, I can easily restore to a clean state within minutes.

As you'll understand, all the above is just my pov so be prepared for completely opposite opinions, addendums etc.

 

Wow Baserk, you have been more than helpful and I thank you profusely!! I absolutely get the "burglar" metaphor LOL. What I decided to go with was

1. Bufferzone
2. Avast 6
3. Acronis (I've had this for awhile LOL) / plus all important data is backed up twice on two separate externals. Better safe than sorry when it comes to my pics/home vids.

I also did download Secunia PSI and installed the Adblock Plus to Firefox Only thing left to do is create a non-administrator account on my PC...I think LOL.

I see you endorse Sandboxie...would you recommend that over Bufferzone or are they pretty comparable to one another? I kind of shy'd away from Sandboxie because I was unsure of the learning curve involved LOL.

Any opinions on the set up I decided on is also welcomed!! Thank you all so much for your help, you have no idea how much I appreciate it!!!

Smile - Me

 

MITM = Man In The Middle
80% require local access, local = a computer in your network.
If you have 3 computers only 1 needs to be compromised to have access to all of the data transmitted.
A LiveCD (like Ubuntu) is an OS that runs off of a CD, existing only in RAM, nothing gets installed, helping to provide isolation from a compromised system.
If a computer in your network becomes compromised, it may happen, and you access your router while compromised you could be giving access to the attacker also.
Isolate the router from all threats (internet, wifi, and other computers) before servicing, configure then reconnect.

I guess that depends on the statistics your minimizing by.
Zeus and TDL are two that I know that attack routers, I wonder if they are in the top ten of infectors? What market share does Zeus and TDL have?

True. But doing this from a LiveCD can provide isolation within a compromised network and limit an attackers ability to gain access to the device by harvesting the username and password.

IMO, for noobs, (noobs = limited or inexperienced computer user) the best security is Imaging and Wiping, then learning why and how infections happen.
I have the Imaging and Wiping down, now I'm learning why and how.

Baserk's 1,2,3 summation is good in a nutshell, if it were in a Dodge it would be rambling.

Code:

msf > use exploit/multi/handler
msf exploit(handler) > set PAYLOAD windows/meterpreter/humor_inject
PAYLOAD => windows/meterpreter/humor_inject
msf exploit(handler) > set LHOST 65.175.38.194
LHOST => 65.175.38.194
msf exploit(handler) > set LPORT 17008
LPORT => 17008
msf exploit(handler) > exploit

[*] Handler may be binding to LHOST 0.0.0.0

It's seems to be hanging, am I using the right payload?

 

Pff, I'm a noob myself, zero'ing a drive and restoring an image, is something I have 'mastered'.
Everything beyond that is still a part my learning curve (where I'm still close to X=0, Y=0, Z=0).
Metasploit is beyond my horizon...Perhaps 'irony_inject'? Or 'sarcasm_...