Good Advice?

Hi All

A while ago I wrote a guide for my website entitled How Did My PC Get Infected?

Aimed mostly for giving home users with little or no security experience a little insight in PC Protection.

I don't profess to be an expert in security, far from it.

So could some of the more experienced / advanced forum users check the guide for accurracy, detail, ease of use etc?

Info greatly appreciated

 

Okay, first, that's a really nice section you have there. You gave some really good advice, and you, for the most part, applied the KISS principle. I do have some thoughts, however.

Under the AV/Spyware protection, put a note in that SpywareBlaster is only needed if using Firefox or IE. Also, be careful recommending Threatfire. As a behavior blocker, it is prone to asking questions, and, it will ask the user. Newer people to computing/those who don't have much knowledge of an OS and how it works, might find themselves utterly confused as soon as a program like this starts talking. And, a wrong answer can lead to big trouble. My advice is to put a note describing what it is, the caveats of using it, and linking either the support forum of the program or an FAQ.


Under Temp Files, I'd personally recommend people using built in OS tools to do any file cleaning. Obviously there are different situations concerning file cleaning, where a program like CCleaner comes in handy. But for temp file only, stick with the disk cleanup tool. Deleting things a program tells you are no longer used or otherwise obsolete, is a good way to hose things (see registry cleaners).

Under websites, though you mean well, I'd leave telling people what websites not to visit out. Content decisions should never be anyone elses' decision but the end user. The same thing goes for the P2P section. The risks are widely known, but in the end, it is the user who must decide whether that risk is worth it. Under web content filtering, the same applies. However, the links in my opinion, should stay. If the user is a parent, those content filters may very well be desired.

Under Browser Protection, you could also add Chrome as an optional browser. So far, it is quite safe, and lessens the need for such things like NoScript, which, actually, could end up annoying the user more than protecting them. I would add, in my own personal opinion, a suggestion for ad-blocking. Ad-blocking can be important as many malicious drive-by downloads are acquired through ads on a website. http://www.fanboy.co.nz/ie.html is a good place to find the new IE9 TPL lists (tracking protection lists), and both Firefox and Chrome both have very good ad-blocking extensions. Under this same section, I would take out IESpyAd, as it is a rather outdated program. Also, if you're suggesting SiteAdvisor, why not go ahead and suggest WOT as well?

Under System Restore, in my opinion, I would not suggest a user use anything but the built in system restore function for maintaining/creating restore points. Other than all these suggestions, I'd say you have a nice start there

 

Hi There

First of all thank you very much for the positive comments and sound advice.

Much appreciated.

Yeah I have been debating with myself over ThreatFire due to the questions and occassional prompting to install other software such as spyware doctor. I feel the same with Comodo Firewall software as well.

So I might look at alternatives for these.

Completely overlooked Chrome.

Very interesting point regarding website content / P2P programs.

Once again thanks very much.

 

@dw426

Updated my guide according to your advice.

A quick question.

Do you know of a decent alternative to ThreatFire?

Info appreciated

 

Nice to see a fellow Lanarkshire boy (or girl?) on the forums.

Does it have to be free? If not Mamutu from Emsisoft http://www.emsisoft.com/en/software/mamutu/ . Also built into their excellent anti-malware suite

It is the best of the BB's IMO but they will all ask questions at some point (Mamutu has different alert levels and 'paranoid mode' is safest but will pop-up regularly in the early days) so if it is not confusing the user you are looking for perhaps BB's won't be the answer.

Have you thought about Defensewall for 32 bit clients? Policy restriction on potentially dodgy stuff that is almost silent. http://www.softsphere.com/ , Geswall works similarly but a bit more user intervention required IMO anyway http://www.gentlesecurity.com/ .

Cheers

 

Hey a Lanarkshire person - Brilliant. Where in Lanarkshire are you from?

No I haven't looked at the items you mentioned but will check them out.

Regards

 

Check you PM's for location. Good luck with your searches and good on you for trying to prevent infection for your customers as well as cleaning up the mess.

Cheers

 

Replied to PM

Thanks

 

Perhaps add Paragon and Macrium in the the Free Backup section and maybe mention that Windows 7 has it's own imaging.

 

Hi There

Thanks for the comments.

Didn't realise Paragon did a FREE imaging solution.

Regards

 

here:
-http://www.paragon-software.com/home/br-free/index.html-

 

Thanks

Added it to my guide.

Love Paragon Software -Had Hard Drive Manager Tech License for a while now.

Regards

 

Hi there, Lanark Well, here's the thing. All of these BBs/HIPS, as stated, are going to make some noise. Your page seems (perhaps I'm wrong, please correct me if so) to be targeted towards the "everyday user". It's my opinion that there are no good options for them regarding these types of applications. There are certainly good ones out there, Online Armor (firewall+HIPS), Comodo, Threatfire. But they all require learning, and, especially, paying attention. The problem with these types of applications is that clicking "block" or "no", when "allow" or "yes" should have been picked, can lead to application and OS failures.

If a user doesn't understand why such and such is wanting to connect out, or is trying to inject code (which can both be malicious and legit..don't you love computers?), human nature will take over and they'll end up clicking the pop-ups in an effort to shut them up. At that point, you've either allowed malware, or something stops working.

 

Yep I understand

Thanks again.

 

Hi Guys

Updated my guide to reflect on the superb advice given on this forum as well as Limited User Access / Drop My Rights info.

Thanks again for the very informative info.

Regards