Ended up reformating.. figure its time for a security overhaul.

Discussion in 'other software & services' started by shinysecure, Dec 12, 2009.

Thread Status:
Not open for further replies.
  1. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Ended up reformating.. figure its time for a security overhaul. (64bit)

    Well due to some problems I was unable to fix I decided it would simply be easier to reformat.

    I was previously using

    avast av
    comodo fw
    spywareblaster
    spybot
    Malwarebytes
    firefox with adblock+ and noscript

    VERY recently tried out threatfire (had problems right around that time but I really don't think they are related.)

    Some of these things have seemed to have died out(spybot) and I have a feeling reading these forums that there have been quite a few changes to recommended security setups.

    Can anyone provide me with a more modern setup.
    Basically I am looking for rather strong protection, there is a good possibly of unrestricted web access and possibly of questionable files being ran(could use a sandbox enviroment for that correct?)

    Really appreciate the help.
     
    Last edited: Dec 13, 2009
  2. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    1. AV of your choice (I would say MSE, but there are reports that there is an issue with Defensewall)
    2. Sandboxie
    3. Defensewall (Free if you get it before 2 p.m. PST on December 13)

    https://www.wilderssecurity.com/showthread.php?t=260313

    4. Online Armor Free (Reported to work fine with Defensewall and Sandboxie)
    5. WOT (Web of Trust) Website Ratings
    6. Linkscanner Free (Website Ratings + Known Threat Blocker)
    7. Routine System Partition Imaging to a "Secure" Hard Drive and/or DVD(s)
    8. Malwarebytes Free (Manual Scans)
    9. SuperAntispyware Free (Manual Scans)
    10. Firefox with adblock+ and noscript
    11. Spywareblaster

    I would say that 2, 3, and 7 are the most important.
     
  4. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    Drive backup/imaging......go for shadow protect desktop/ paragon/acronis etc
     
  5. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    If your mean others may be using the machine then a light virutualization app may help. You could turn on the protection and whatever changes they do would be gone after a reboot.

    You could also setup different accounts for you and the others so whatever damage they may cause would be limited to their account which could be deleted. It would also limit what they could do. Set them up with a limited or guest account. Just protect the account/s that you use with a strong password.

    The sandbox apps are also good idea. Also, as kasperking and Thekid7 mentioned, a clean image after you get everything setup would save you from having to reinstall in the event that the machine becomes infected or borked.
     
  6. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Thanks for all the suggestions so far and awesome link for defensewall.

    How well linked is the trusted and untrusted concepts with HIPS.
    For example if some program downloads a file to the desktop is that linked to the origional programs setting and then anything that program does is also untrusted? etc?
    How is defensewall vs geswall free ver.? I know the promo is free but I would probably eventually buy the program for updates(if it is as amazing as people seem to make it sound), however if geswall is comparable I could learn to use that now.

    How does HIPS differ from sandboxie(can't use it as I am using 64bit)
    (edit: been reading a lot and seeing people seem to brush aside defensewall and geswall by saying they have 64bit windows.. any explanation would be welcomed)
    Are there "maintained program states"? For example, I download a program and run it.. It works but is untrusted.. Will it then work in the same state from the last time I ran it? Sorry kinda hard to explain what I mean. Kinda like for the duration a program is on my computer it is in its own "sandbox".

    Doing an image sounds like a great idea, I would love to restore/reformat more then I do but I end up putting it off, if its a couple clicks I would do it much more often.



    Really appreciate the input.


    Rather important edit: seems like the system being 64bit is very important, I am trying to read up on uac and the like. Any guidance would be great.
     
    Last edited: Dec 13, 2009
  7. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
  8. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Reading those links.. sounds like it ends up being quite a bit more complex.

    Thanks for the info... back to being overwhelmed.
     
  9. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Returnil RVS 2010 would be a good choice for a 64-bit system.

    Edit: I forgot to mention Prevx 3.0 (paid version). Prevx 3.0 can be used to supplement an existing AV or as a replacement for AV. Prevx 3.0 is available for 64-bit systems, but the SafeOnline browser security extension for Prevx currently only works on 32-bit systems. SafeOnline 64-bit compatibility is about to be released and will be available very shortly.
     
    Last edited: Dec 13, 2009
  10. jonyjoe81

    jonyjoe81 Registered Member

    Joined:
    May 1, 2007
    Posts:
    829
    That is too much security software, you need to keep it as lite as possible to be able to have fast speed on the internet. All antispyware software will slowdown the internet.

    This is my simple setup that hasn't been compromised in over 2 years.
    1. zone alarm firewall pro (not the suite)
    2. avira free antivirus
    3. firefox 3.5 browser
    4. returnil free version(enabled when ever I'm on the internet)

    Antispyware is not required as long as you have returnil running while on the internet. If you do get some sort of spyware/antivirus a simple reboot will remove all traces of it. Some people say that "returnil" is suscepible to spyware/malware etc, but I have never encountered anything that has been able to defeat it.
    I also keep a weekly image backup as a precaution, but have never had to use it.
     
  11. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    In terms of protecting the system from malware that's true, but what about identity theft, password and data stealing, etc. while the malware is running in the virtual environment?

    I agree that AntiVir is one of the best AV's, but relying on any AV to identify and prevent zero-day threats is at best a gamble (some security analysts are saying that AV's are getting less and less effective over time, and are now only around 45% effective against the newest threats).

    That's why Returnil is evolving from it's origins as an ISR utility to gradually include more and more security features. As the saying goes: You can image your system but you can't image your life if you're unlucky enough to suffer identity theft or a thief gets hold of your credit card or online banking credentials.

    As far as firewalls go, the Comodo and PC Tools firewalls are likely to be a better bet. They are both available for 64-bit systems, less likely to cause trouble than Zone Alarm, and they perform better in the Matousec leak tests. They are also free.
     
    Last edited: Dec 13, 2009
  12. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Faronics DeepFreeze (virtualizer) and Anti-Executable make a very tight security. Shadow Defender lately has launched a x64 version of their program, which IMO is more versatile than DeepFreeze.

    Shadow Defender and Anti-Executable work very well together.
     
  13. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Alright then for my firewall I am going to stick with comodo, been using it for awhile and have become really comfortable with it.

    Antivirus will be either avast(again comfortable with it and it seems to still be ranked well), avira(dont know such much but seems to get a bit more praise then avas) or MSE(kinda simple interface is a bit of a turn off to me).

    Firefox will be my browser with adblock+ noscript

    Will also run spyware blaster

    malwarebytes will also be making a return
    I will however add superantispyware



    -Still confused here-

    Threatfire I dont know exactly what this fits in under..

    Returnil again i dont really know exactly what this is.. according to their site its a bit of everything...

    Anything I should do special with user accounts? The whole uac srp lua stuff is rather confusing to me as I can only find bits and pieces of suggestions with it.
    Just finished windows updating the comp.. Should I create a non administrator account now?
    This time I am also going to leave UAC on and use norton UAC tool.



    thanks for the responses... looking at deep freeze and anti-exec now
     
    Last edited: Dec 13, 2009
  14. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    That looks like a good alternative to Returnil RVS 2010 if the OP doesn't mind paying for two apps.
     
  15. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    Re: Ended up reformating.. figure its time for a security overhaul. (64bit)

    well btw what were the problems that made you format....?
     
  16. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    ThreatFire is an intelligent behaviour blocker. It works well for some people but can slow systems down and has been known to cause conflicts on some systems. You've mentioned Comodo. If you are using Defense+ then you definitely don't need ThreatFire as well. If your main threat gate is web browsing then the addition of an anti-execute type application is probably all you need to prevent drive-by downloads, which is the main risk, especially as you are planning to use the NoScript add-on for Firefox.

    Returnil RVS 2010 is primarily a lightweight virtualisation application that will virtualise the entire system partition. Think of it as a bit like Sandboxie except that the whole of the C Drive is sandboxed when the virtual mode is enabled, not just an individual application. RVS 2010 also has an anti-execute function that can be used when the virtual mode is enabled, but it won't be as powerful as what you would get in a separate application like Faronics Anti-Executable. There is also an AV and a file protection feature, which if turned on provide protection irrespective of whether the virtual mode is enabled or not.

    The best thing is to try out for yourself the different recommendations that you are getting and see which you feel most comfortable with. The vendors websites are a good source of information as to what the various products do.

    Regards
     
    Last edited: Dec 13, 2009
  17. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Re: Ended up reformating.. figure its time for a security overhaul. (64bit)

    Flash player was not working with firefox. Sounds dumb but I messed around with it for a couple hours then decided I felt like reformatting.
    I tried reinstalling firefox and flash player using the uninstall tool.
    Removed all addons / shut down firewall/av
    Deleted all settings and registry files for those programs.
    Added about:config command to firefox to ignore windows internet security settings.

    And it still didn't work.. in my state of frustration I decided I would fix the problem with brute force.


    I would really prefer avoiding if other programs can be just as good, at least in a home environment.


    Thank you very much.

    I have mixed feelings on defense+ I understand the concept and it being rather powerful but it drove me nuts.

    Seems like returnil could be useful but not entirely convenient.

    Yea I have been checking a lot of websites tonight while some sites provide great amount of detail others seem to just have vague bullet points. So I really do appreciate the time to answer my questions even if the answers can be found.
     
    Last edited: Dec 13, 2009
  18. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    Re: Ended up reformating.. figure its time for a security overhaul. (64bit)

    You're welcome. :)
     
  19. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    Re: Ended up reformating.. figure its time for a security overhaul. (64bit)

    :eek: :eek: :eek: honestly i think you should definitely give a serious thought about using rollback/imaging/backup programmes.
     
  20. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    I kind of thought it would have been nice as well. First problem that I have had that I can remember that a couple hours of googling had no fixed. :(

    reformatting to me is rather painless so I really don't mind.. All my important info is backed up.
     
  21. Hugger

    Hugger Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    1,003
    Location:
    Hackensack, USA
    NIS 2010 and Shadow Defender.
    Easy and effective.
     
  22. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    One more question before I settle.. at least for now.
    I am kinda confused on the difference between say

    Comodo Time machine
    Returnil
    Shadow Defender
    Defensewall

    I see people using two of those in conjunction and I thought they were fairly similar.

    Also I have heard that shadow defender doesn't handle a 64bit environment as well as it should. Is that more of a case of great but not perfect rather then not good at all?
     
  23. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
  24. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    Thanks again pegr, both links were exactly the information i was looking for, especially your own post in the thread.
     
  25. shinysecure

    shinysecure Registered Member

    Joined:
    Dec 12, 2009
    Posts:
    18
    after reading those links seems like I am going to settle on either returnil or comodo time machine.

    Reason for this is from what I can see is they would handle the situation below the best.

    Downloading files that are to be installed and verifying them to be working/real/safe using them and then reverting back to an older image and removing any changes those installs may have caused.

    Sorry one more quick question(just trying to avoid installing and removing programs on a clean install)

    A fresh system after every restart is something I want to avoid.

    Does either option, or another one have the ability to work in a different state for multiple restarts/days and then have a list of various images to go to?
    Is there a way to transfer files between images?

    Thanks again.
    That should be the end of my questions :D
     
    Last edited: Dec 13, 2009
Loading...
Thread Status:
Not open for further replies.