Firewall for not-tech-savvy users?

Discussion in 'other firewalls' started by java dude, Jul 29, 2014.

  1. java dude

    java dude Registered Member

    Joined:
    Aug 5, 2011
    Posts:
    75
    Hi all! A question for you... what's a decent firewall for users that are not exactly tech-savvy?

    I've been fixing folks' PCs for years, and I'm a firm believer that a good HIPS used correctly can go a long way to keeping a Windows system protected. I've always gone the COMODO route because it's trusted, free, fairly lightweight and has extensive options. But I recently had to look at a PC which was "just running slow" - I remember working on this PC maybe 2-2.5 years ago, cleaned it, installed the usual security products (AV, firewall/HIPS, Secunia), and left detailed instructions (an illustrated PDF) on keeping it "clean". What I got back was riddled with Java exploits, droppers, and a slew of questionable "cleaner" and "optimizer" products. It's as if there were no AV or HIPS protecting the PC at all! I was very disappointed. And then the owner told me that she did exactly what I told her to: "I just click 'allow' whenever it pops up. Sometimes it keeps popping up and I get annoyed so I just keep clicking 'allow'." Yes, those were her words.:'(

    So either a) HIPS doesn't work; or b) She just let all of those baddies in.

    I'm at an impasse now. Do I continue installing HIPS on people's PCs in hopes of keeping them safe? Or are my words of advice just falling on deaf ears? If folks really rageclick the HIPS alerts, what's the point? Is there a better solution?
     
  2. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    If the browser is the major source of exploits fix the browser by installing adblock with all filters you can. If programs they install is the source, this is a bit though. I would suggest to teach them to use only Softpedia to download their programs. Teach them that if they don't find them there, they shouldn't install them and if they find the programs there to read carefully if Softpedia marks the program as adware and again not install them.
     
  3. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    HIPS software is not suitable for end users. It provides no protection against the user being tricked. (An AV at least might warn you before you deliberately install a nasty.)

    Actually I take that back. Most HIPS software is not suitable for anyone, because it queries the user as a matter of course, even if you set it up as a strict policy sandbox.

    I wish I had more advice on protecting users from themselves, but yeah, putting the user in charge of realtime security decisions is a bad idea, especially when the user doesn't know computers.
     
  4. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,298
    Location:
    England
    One of the things I tell friends and relatives is to choose 'custom install'(advanced) instead of express install (recommended) when installing a downloaded program.

    Quite often inexperienced users think the custom install will be too hard for them.

    In reality quite often a custom install is where the ''offers'' are made for extras such as PC optomizers etc.
     
  5. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    It is very difficult to recommend a HIPs solution for the novice user.
    If you wish you could try online armor or the paid outpost firewall in learning mode and tell them to switch learning mode on when they install something.
    It will not protect against optimisers but should do against browser exploits.
     
  6. Keter

    Keter Registered Member

    Joined:
    Nov 5, 2013
    Posts:
    12
    Location:
    USA
    If a user is going to approve every single pop-up, there's no software in the world that can save them...
     
  7. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,126
    to install a HIPS on a regular user's machine is sheer nonsense
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    I have to disagree, if you´re an experienced or so called "expert user" it does make sense to use a HIPS. :)

    For normal users I would recommend tools like: MBAE, Sandboxie (with some extra configuration) + free AV.
     
    Last edited: Sep 2, 2014
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Do not even bother with it and just leave Windows Firewall with an outbound protection off. The perfect security for common users has to be as non intrusive as possible. Use a free cloud AV (Bitdefender Free) with no renew subscription and set it to delete viruses silently. Install a browser, Chrome with sanboxed extensions and automatically updated flash is a great choice. Pre-install any free software, that they might possible need, like a media player, picture viewer, PDF viewer (anything but Adobe) and so on. Definitelly install some trustworthy optimizers like CCleaner and at least one more of your choice and tell them to use it regularly, if you do not, they will get something questionable for sure.
     
  10. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,274
    Free AV that silently removes viruses might be a problem when one day the AV issues a wrong bunch of instructions that delete svchost, or explorer ... there have been those silent computer-destroying instances in the past. It may happen again.
     
  11. guest

    guest Guest

    *placing my palm on my head*

    Although I understand your point, the Windows' firewall outbound protection shouldn't be intrusive. Why not leaving it to its default state?
     
  12. aztony

    aztony Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    547
    Location:
    USA Southwest
    Sounds like the Firewall did its job, it alerted. And the user did as she was told, and clicked 'allow.' From my perspective the user is the weak link in the chain. Since she is your client, how do you solve/address that?
     
  13. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,522
    Location:
    USA - Back in a real State in time for a real Pres
    Imaging & external data backups are the only options I have a 100% clear conscious in recommending. First it's what I implement & if done with multiple time varied copies is as close to 100% dependable as I know of. Second & this is the part I hate & love about this solution. Almost nobody I've consulted with has ever followed up & done this. So once again (this is an increasing theme as I age) my conscious is clear.

    Whenever I've recommended or installed certain software eventually the user will screw up. I am certain 95%+ people use their computers like toasters & fridges. So there is no hope for the average user, they are doomed. I stopped actively soliciting my pc repair & consulting services a long time ago because I found myself feeling like a car salesman. If I charged by the hour to fix rather than clean install for sure it's cheaper for them to buy new. So now I fix, upgrade & fine tune older laptops that others would junk. And pass them on to be used again.
     
  14. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    I meant to leave it at default and by default it is off. The default state is to allow all outbound with no notifications, so basically it is off.
    http://sekharpadikkal.wordpress.com/2013/04/12/making-windows-firewall-complete-block-outgoing-connections-and-get-notified/

    I would be actually a good idea to add something like Windows Firewall Control to control outbound, but users would allow everything anyway, so why bother.
     
    Last edited by a moderator: Sep 3, 2014
  15. guest

    guest Guest

    Oh, right right. Sorry for that, It's been so long since the last time I looked at the firewall settings. I thought there was a switch to disable all outbound protection completely.

    Anyway, it'd be hard to recommend anything to allow-all mode users. Policy restriction HIPS perhaps can substitute Comodo's CHIPS. Might as well to throw her into LUA. In>out protection is not relevant in this case, so outbound FWs and the likes shouldn't be included into the consideration.
     
  16. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    I do a lot of home user support too. Currently what I'm recommending is a subscription to MBAM because it is one of the few that will block and alert on PUPs (it doesn't ask for user interaction). I show the user how to scan with it and how to "Quarantine Everything". That's about as much interaction as the average user can deal with - forget about expecting them to evaluate HIPS notifications :thumbd:

    I have not found an AV that effectively either prevents or removes PUPs, so if cost is a concern I suggest they use a free AV and pay for MBAM instead. Note that Hitman Pro is also very good at removing PUPs.
     
Loading...