Firewall and Hardening Systems

I was just thinking, Arup mentioned that Samurai will pop up and ask if you want to allow/deny any drivers to be installed. Will samurai give an actual description of the driver, such as "Nastiedogs.exe" is trying to start?

Since permissions are taken over by Samurai, when running ProcessGuard, wouldn't you have to take permissions away from ProcessGuard to install any type of drivers? Therefor, the two progies would clash in that respect? If so, how would you go about that?

Thanks as always!

 

I think Arup meant that Antihook would popup and ask about any driver installations. Samurai isn't something that is resident and running. Samurai is similar to Harden-It in that it is a friendly interface for making changes to your system and registry. Neither Samurai or Harden-It will be running on your PC though.

 

Hi Kerodo,

What is Antihook? I may be misunderstanding, but he specified Samurai as popping up with permissions for drivers.

I don't know Kerodo, I guess we'll see.

 

Here is a link to AntiHook, it's very good:

http://www.infoprocess.com.au/

Perhaps I am wrong, but I don't think Samurai is a resident program so it wouldn't be able to popup with anything.

But I am sure Arup will clarify later tonight...

 

actually u have the option to let samurai run at startup and it does prompt for driver installation.

 

Ok, I thought that option was only for if you wanted to make sure the settings were reapplied after each bootup. Don't know what it would do in the way of driver prompts, and what if a piece of malware wanted to install a driver later? Or does it check for new drivers at every boot? I must be missing something..

 

Kerodo you are right, Arup did say they weren't resident programs (Samurai and Harden-It) that run on your computer. But, the impression I got, Samurai ends up allow/denying permissions for drivers some how.

Thanks for the link for Antihook. Looks like a great little progie.

Call me paranoid, I don't know whether I'm going overboard or what, but I've had so many hardware issues (thanks to the manufacturer) and malware issues. I will give you a list of security apps I have, and believe it or not, all these progies have never made it on the system all at one given time together. I have had a lot of software issues as well, you know how it is when your first learning a new program, you make some mistakes as you go a long, well may be you guys haven't, but I have.

Nod32 (will be purchased in next few days)
Look'nStop (will be purchased in next few days)
BOClean
Online Armor
Attack Shield Worm Suppression
Worm Guard
RegDefend
ProcessGuard
Port Explorer
TDS-3
Microsoft Anti Spy
Spyware Doctor
Spysweeper
Pest Patrol
Spycatcher
Adaware SE Pro
Benign
Mailwasher Pro

I was hoping by learning some different/better techniques to harden system, so I could eliminate some of these programs.

 

If you ask me, you could eliminate all of those, except:

Nod32
LookNStop

and then add AntiHook as well. That would cover you. AntiHook will catch almost everything else.

Could also apply Harden-It and Samurai for good measure.

If you do use AntiHook, you really ought to start with a clean system, which means it'd be best to reformat and reinstall to make sure you've got no known malware/spyware on it from the start.

 

Kerodo take a look at post # 32 in this thread.

 

Yes, I know.. Did see that already. We will have to wait for Arup's comments on it I guess..

 

Five of those progies I don't use anymore. I'm definitely going to apply Samurai and Harden-It before I even put any software on.

I just hope I don't have a hard time setting up my router to work with Look'nStop. I understand everything up to a certain point and then I get lost.

 

Do you have full versions of all of those, or are you trialing some to see which you want to buy? If you have the full version of PG, for example, there's no point is getting Anti-Hook with the other stuff you have. Also Online Armor 1.2 will cover a LOT more when it comes out, and will even let you trim down on some of the stuff you already have. It's not too far away, either, so I would wait before getting much else. Other than that it looks like a good setup You could probably keep your paid spyware scanners and cut out the free ones, if you wanted to.

You may not have to do anything, I didn't.

 

Hey, how could both of us have the same time zone when you're in LA and I'm in Ohio?

I'm sorry this was mean't for Kerodo, but Notok beat me to punch.

 

Yes Notok those are all full versions, no trials.

Mike is adding some more real nice features for Online Armor I hear.

And your right, I said no more.

 

Notok I just spotted what you said about the router and LNS. I'm sorry forgive me, I'm blind as a bat sometimes.

You didn't have to do any configuration from Patrice's Sticky for your Router?

 

Hi Rilla .
Online Armor is very good as it is now . And Samurai works as is . No need to reconfigure . Set it up and it goes . As for the popups , I never get any . I am confused as to why others would get pop ups from Samurai . I would certainly keep Online Armour , along with Nod and the firewall you chose . As Notok mentioned , PG is not worth disissing if it is the pay version .
Hope that helps

 

Lol, np.. happens to everyone from time to time, I think Nope, I didn't have to configure anything for the router at all. I use Phant0m's ruleset, so I did put in my DNS server addresses, and imported the rule for FTP clients becuase some download sites use FTP, but that was about it. Your router may work differently, however, so I can't guarantee that you won't need it, but there is a chance you won't.

Yup, and if you've got PG full there's no reason to use Samurai's driver blocker anyway.

 

Thanks to both of you fellas for your replies.

Notok, the problem is I haven't had PG installed for a while, so I need to re-learn the program. I also discovered I was giving a lot of permissions that were wrong in PG.

So as an extra layer of defense that's why I wanted to use Samurai and Harden-It.

@Hollywood

Online Armor is an excellent progie, but I had to uninstall it because it kept looking for an internet connection everytime I would restart, so that was interfering with my installs of progies and also, I couldn't finish that last snapshot for my uninstaller program that I used for all my installs of programs. Mike said this would be resolved in v1.2 in about six weeks.

 

I would use Harden-It anyway, nothing else is going to cover that stuff. But for PG, just turn execution protection off and set it in learning mode for a while and you should be good. There's nothing wrong with Samurai, PG is a lot more fine tuned at this point. I mainly recommend Samurai for experienced users, moreso than PG, until it becomes a more 'mature' program.

This can also be resolved by changing the auto-update to manual only. Just remember to check for updates once in a while.

 

Ya know what's really funny, I was going through some posts to PG and discovered that your browser should not have global hooks, access physical memory, and there were some other stuff but I don't remember off hand what they were. After reading all this, this was the same set up I had.

The person that posted said PG was in learning mode and these were the permissions that were set by being in learning mode, not the user. Then you have the moderators stepping in saying these settings/permissions were wrong. According to them these permissions that were given would allow anything to by pass AV,FW and any other security apps you have. My mouth hit the floor because that the same permissions I had for PG.

I have a copy of the post because I subscribed to it. That's why I'm a bit confused about PG now.

So you think Samurai may be a bit to much? I know I'm not as experienced as you guys, no where close, but I'm the type of person that's game for anything the first time around, and if I find it isn't for me I will 86 it. For all I know it could be so complex I would never understand it.

And thanks for the tip for OA. Thanks for the chat Notok!

 

Rilla,

I am behind a router so my inbound is protected and also being an eternal leach, always look for quality freebies and believe it or not, good quality ones do exist,just have to look for them, so all I use is Antihook and Samurai with Tea Timer from Spybot and for anti-virus, I use free Avast. When I was on dial up, I used the wonderful CHX for inbound protection. Both my PCs are dual CPU, one is a dual P-III with 1GB memory, other a dual Athlon 64 with 2GB memory and even then, I try to keep the application load as light as possible so that I can have the full potential for these PCs for their intended work.

 

I fully agree with you, it's just I was never brave enough before to do that. Since coming to Wilders I have found a lot of really nice free progies with no junkware, thanks to all the members suggestions. Hey, I'm a late bloomer!

Arup can you comment on post # 51?

Thanks so much!

 

Samurai checks for particular Rootkit behaviour so if you are installing any kind of drivers, it will pop up and ask.

 

That's exactly what I thought. Kerodo was unsure.

Thanks Arup

 

Hi guys, This thread has been really interesting to read through. I have used Safe XP and Harden IT and they both seem to be working well on my system, but I tend to set to the default setting and adjust to suite my needs. One thing i wanted to ask is does Samuri detect any setting that have already taken place while using SafeXP and harden It? Also are there any users who would give a few screen shots of Samuri if possible.

Thanks Tom