Help. I need some perspective with my pc security approach.

I apologize, in advance, if my question is ridiculous and silly. My problem is as follows and I really need some wisdom and perspective.

I want to feel confident about my security setup but it seems most everyone has given me different and even conflicting advice. I've spoken with friends, pros and buried myself in online forums, attempting to inform and educate myself. I'm somewhere between a novice and lower intermediate user.

I try to be very careful while online, rarely surfing, and to my knowledge, have never been infected. But, of course, I may have missed something and was not aware.

I have a 32 Bit PC, presently using Internet Explorer 9 Browser with Tracking List and Filtering settings enabled.
MSE 2.x, Windows 7 Firewall, Standard account, DEP enabled for all programs and Sandboxie with a few tweaks.
I use On Demand Malwarebytes Antimalware, HitmanPro and Norton Power Eraser.
I'm also utilizing Norton DNS Beta with custom settings.
I always keep a System Image close by in case the worst happens.

I've really tried to think this thru, but to be honest, I've lost confidence in my ability to make suitable choices. For example, yesterday, a Best Buy Geek said he felt my setup was adequate based upon my the way I use my PC, but while he was talking another Geek entered the conversation and said my setup was "really screwed up". This has happened on more than one ocassion. Another customer overheard the discussion and told me the Geeks didn't know what they were saying and proceeded to tell my his approach.

I'm REALLY TRYING to educate myself and be safe, but at this point, my HEAD IS EXPLODING. I apologize for my ignorance and would appreciate help in regaining some confidence and perspective. What the heck am I missing in all this mismash? A pal suggested that I post my concerns on "Wilders" and allowed me to use his account. He rates this site quite highly.

 

Looks perfectly fine to me. If someone tells you "really screwed up" then ask what is screwed up and why.

 

Hello

You will be fine with the above setup.
You really don't need Malwarebytes, HitmanPro and NPE. I would replace them with PSI from Secunia. This program will make sure that all your third- party applications (Adobe Reader, Java, Flash) are up to date.

PSI link
http://secunia.com/vulnerability_scanning/personal/

So to sum up:

1. Update your OS and applications (e.g. use PSI)
2. Use Built-in firewall
3. Use a freeware and light AV
4. Backup
5. Commen sense (don't be scared by all the horror stories

/Jesper

 

Based on the facts as you have presented them, I have two words for you...
Trust yourself.

 

The fact that you are willing to investigate and learn is going to both give you answers, and often create problems. It is sort of one of those "the more you know, the worse you are" type of things. Once you know what problems may arise, you wonder whether you have properly taken care of the problems. Once you get software to take care of the problems, things can become complicated and you sigh in disgust. It seems to be a never ending circle.

Best buy geek squad, from my experiences, are mostly full of people who know a little, and regurgitate a lot of what they hear and read. There are some snappy cats among them, but honestly not as many as there should be. I normally get a good laugh out of most of them becuase they are quite simply wrong.

So what do you need? I personally try to refrain from saying "program X is all you need" or "it looks like you will be fine with that". The reason is simple though, I don't think there is a magic bullet one-stop-shop fix-all solution.

Instead, first build your philosophy, if you are able. Do you understand where your threats come from? You don't have to understand how the threats work, only that the things you do could pose risk. Think about your habits and actions. If you don't visit port and warez sites, don't use torrentz or the sickly kazaa stuff, where do you think your risks are? Do you visit the same sites over and over, and are they reputable? (that doesn't always mean safe mind you).

Do you install software? Download a lot of files. Do you let other people use your computer? Do you know what admin is, do you run as admin or user? Do you know what UAC is and how to use it?

All of these questions and thier answers can help you to discover where your threats come from. Once you know where they come from you can target how you want to stop or mitigate them. Maybe a scanner is part of your arsenal. Maybe you use MBAM. Maybe you think Sandboxie or Geswall would help. Maybe you want to use Chrome, or Firefox with some add-ons. Do you really need an firewall? Do you need Zemana anti keylogger?

You see, it is so hard to say what is best for you because only you really know what you do or don't do that could cause issues. If you take the time to learn where threats come from, you can then try out lots of different tools. Lord knows there is enough information here on what people are currently playing with that you can find something that works for you.

Perhaps though (IMHO) the most important factor is your personal tastes. Lots of guys (and gals) use one program and love it. Others hate it. One tool might be super effective but a PITA to use, another maybe less effective but manageable. There are many tools you could use, and not all of them will you WANT to use.

My best advice would be to (and you have some of it covered already):
use some imaging of some kind for fail-safe
learn and devise your backup strategy for your critical data
devise some scheme for how you will handle sensitive things like online transactions
consider virtualization of some form
use scanners and stuff of that nature as a supplement, not as primary protection

Finally, while you are looking at all of this, finding more about what you might be threatened with, what tools are available to stop the threats, etc, don't dismiss what they call "security by obscurity". Some things are just so non-mainstream that for now, it might offer you what you want.

And the #1 thing you can do (if you can do it) is to stop running as an admin and start running as a user. This one step, even without default-denying things to run, will likely give you the largest gains in security. It is not for everyone, it all depends on what you do day to day.

This probably hasn't helped much, but I have seen a lot of posts like this, and a lot of canned answers "just use what is in my signature", and I don't believe that is the best answer -- it might be for some, but is it for you?

Sul.

 

+1

1- apply security policy
2- keep up to date your programs (windows through win update and other programs)
3- back up data
4- back up system
5- anti-malware tool

You got #1 with standard account (SUA). On top of it you use sandboxie, but really, it is not so necessary.
You need to get #2: the PSI advice is good. Keeping by default microsoft programs greatly simplifies the maintenance...
You have #4, but you definitely need to ensure you have #3. I advise you to use microsoft synctoy, and back up your data (my documents or other folders in which you save your personal data) on an external hard disk.
Concerning #5, one is really more than enough.

Your setup is very wise and well-balanced in regards to your habits. Keep it as it is. Do not listen to anybody telling you otherwise and be confident in your choice. Do not ask yourself further questions as you have enough on the security side.

 

Thanks for all the good advice and suggestions. And, especially, the encouragement. I will proceed accordingly.

I'm not a "spring chicken" any longer so I'm trying to play catchup with ya all. Again, thanks.

 

@ravnen: Bad advice, I suggest nobody to follow it.
Secunia does not replace anti-malware scanners. Once you're infected with something that isn't detected by MSE, how do you expect to remove it? Sure, you can restore from a clean image, but how will you know that you're infected?

Therefore, make sure you keep those scanners Bugsy48. Just add EMET, and you're all set.

 

+1

 

Bugsy,
There's no such thing as a best way to secure a PC. There's several methods, each with their strengths and tradeoffs, which can be used individually or combined. By the time you get all of the different methods and opinions here, your head might be spinning a lot worse.

The best approach is the one that matches your abilities and the way your PC is used. It's also true that your security software is only as good as the security policy it's enforcing. It's important that your security software, operating system, and user apps all be configured with that security policy in mind. This might sound obvious, but most people don't start with a basic, thought out security policy. The security policy is like a roadmap. Many start with choosing what they believe (or are told) are the "best" security apps, which in itself is flawed. Apps that are the best for one type of security policy are often weak when used with another. Classic HIPS for instance are ideal for enforcing a default-deny security policy. They are not as effective when the base policy is containment. Sandboxie is good for policies based on containment provided your user apps are configured to use the sandboxes. Sandboxie won't help if malicious code is executed outside of the sandbox.

On my PCs, I rely on a default-deny security policy. In its simplest terms, default deny means that nothing except what I've specifically allowed can run. It's strength is that it protects against known and unknown malware/exploits. It's weakness is that it puts the decision on the user. The user has to know what should and shouldn't be allowed.

I see that you have Sandboxie, didn't say if it was paid or a trial. It's good. Just make sure that the rest of your system is configured to use the sandboxes. Also consider using software restriction policies to prevent execution outside of the sandboxes.

 

Bugsy48, you call yourself a novice ... you send like a pro to me. Half of the people selling computers in those stores should not even be allowed to be anywhere near a computer.

Acadia

 

Hi There

Yes I wondered why it was advised to replace MBAM with PSI.

Had me confused there.

Thanks for your input.

Regards

 

Count a vote of support for everything Lucy suggests

 

Sorry, if you misunderstood me. All im saying is, that we should keep it simple and focus on prevention instead of detection.
That why it's more importent to keep your system up-to-date instead of installing product xyz.
If you follow the 5 bullet points l listed before, the risk of being hit by malware is very low.

/Jesper

 

I'm perusing all comments very carefully. Kudos.

I find Sandboxie with its intricacies interesting. I'm currently using "free" version but am considering "paid" version. I hadn't realized the extensive nature of Sandboxies controls.

I can see where HIPS would be an interesting tool to learn what is happening inside the "box" but I'm sure much care is necessary when responding to accept/deny/etc. requests.

I had never considered veiwing computer security as a "philosophical" matter. Exellent approach.

 

@Bugsy48: I'd suggest you to add PSI as well, or SUMo, but don't replace any of your on-demand scanners with it.

@ravnen: I see, but there is still a risk of being hit by malware.

 

By the way, if I read the OP's initial posting correctly, we are not responding to Bugsy48.

Maybe Bugsy48's pal will register here and we'll all get to meet the person behind the post!

 

I agree with J_L. You are recommending replacing excellent antimalware scanners with a tool designed to detect vulnerable and out-dated programs. That tool is terrific in itself, but infections still occur in updated systems, and that is when your advice is lacking. Once infected, what should the OP do, run Secunia again?

 

No problem. Understood. I will create my own account as suggested. It only makes sense. I'm new to forum environment.

 

Instead of listing specific security apps, I'll try to give you some background on the different security policies the different types of apps use and a few of the pros and cons of each.

AVs, antispyware, antimalware, etc use a default-permit approach or policy. In its simplest terms, default-permit means that anything not identified as malicious or harmful will be allowed. There's a lot of variance in this group but they basically rely on identifying malicious code and/or detecting known malicious activity. Most all scanners will fall into this category. They are generally the easiest to set up and require less interaction and knowledge from the user. Most are self updating. They're at their best against known threats. Their downside is that they are weak against new malware and/or exploits. All of them miss things, some a lot more than others. They are very dependent on updates in order to remain effective. The resident or real time AVs are often quite demanding on a systems resources when compared to other types of security apps.

SandBoxie, VirtualPC, VMWare and others are examples of apps that use a policy of containment. Sandboxie create virtual equivalents of real operating system components for the "sandboxed" applications to use and interact with, keeping the real ones out of harms way. Apps like VirtualPC, VMWare, and VirtualBox take this concept farther and create entire virtual operating systems that can be used like a normal system. Both of these require more user interaction than the default-permit category apps, especially during the initial setup. With Sandboxie, the user apps need to be made to run in the sandboxes. The user may want to have 2 or more sandboxes and assign certain apps to run in a specific one, based on what permissions that box will have. With 2 sandboxes for instance, one might be allowed internet access, the other would not. All kinds of combinations are possible. With the VirtualPC type apps, the user has to build or install an entire guest operating system, then equip it with the apps you use.
The idea behind these is that any malicious code or activity takes place in a sandbox or virtual environment, not on the actual system. With Sandboxie, the user shuts down the sandboxed apps and empties the sandboxes, which gets rid of the malware. With Virtual PC type apps, the user just restarts the virtual "guest" system, discarding any changes. The downside to these is that they do require more user skill, especially to get the maximum protection from them. They can get to be a load on your system, especially the full system virtualization apps. With these apps, you are for all purposes, running 2 operating systems on your hardware. Another negative is that some apps (and malware) are virtual environment aware. Some user apps don't work right in a sandbox. Some malware won't show its true nature while running in a virtual environment. It "behaves" until the user put it on a real system. It's also possible (but not common at this time) for malware to break out of a sandbox or virtual environment. Should it happen, the user most likely won't become aware of it until well after the fact. For that reason, I believe that these should not be treated as stand-alone solutions. The un-sandboxed or host system should have additional protection against unwanted execution.

Default-deny is literally the opposite of the conventional default-permit policy used by conventional AVs. With default-deny, only the known good can run. Everything else is denied. When compared to a default-permit policy, the most obvious difference is with unknowns. If an unknown doesn't show any known malicious behaviors, default-permit will allow it. Default-deny will not. This behavior makes default-deny based policies very strong against new and unknown malware. Default-deny can be as simple as a list of allowed processes/executables or as complex as specifying what each of those allowed processes/executables is allowed to do, what other processes each can launch (parent process) or be launched by (child process), which can set system hooks, inject code, have internet access, etc. Configuring can be as easy as a whitelist of user apps or a large, complex ruleset. It completely depends on how you choose to enforce that policy. Security apps based on a default-deny policy are often the lightest loads on the system. It takes far less disk space, memory, etc to keep tract of a few hundred or so known good applications or files that it does to identify somewhere around a half million pieces of malicious code. Default-deny has some very significant downsides as well. Whether it's done by the software or the user, default-deny requires a list of the apps/executables it will allow. With classic HIPS software for example, the user has to specify what the allowed processes are. It's somewhat similar to setting up software restriction policies but with a lot more options and more control over system executables. That in itself can be a 2-edged sword. Setting up a comprehensive default-deny policy and configuring apps like classic HIPS to enforce it will require more user input and knowledge than any other security setup. Default-deny can conflict with updating, depending on how it's enforced. With classic HIPS enforcement, updating or installing software often becomes an administrator only task. It treats installers for new versions and individual Windows updates as unknowns and prevents their execution. Depending on your preferences, this can be good or bad. In this respect, default-deny can be viewed as anti-change.

Another example of anti-change are "reboot to restore" apps. Returnil is one example. These apps prevent malicious code from permanently compromising your system. I haven't used any security apps from this category so I can't comment on any details regarding them or how one compares to another. There should be lots of threads here regarding apps that fit this category. These apps are good for insuring that your system is clean and unaltered every time you start it. On the downside, apps of this type don't offer any real time protection. If you get infected by a trojan or keylogger, it will not be removed until you reboot. This makes these types of apps a strong second layer of defense. They're best when used with another app that's more suited to real time protection. They would be a good 2nd layer for systems with default-permit policies.

To complicate the matter a little more, all of these policies and the apps that enforce them can be combined to form hybrid packages. Sandboxing and virtualization can be combined with default-deny. Example, on some classic HIPS, you can make rules for folders that will apply to everything in them. This way, you could allow most anything to execute in the sandbox folders while applying default-deny to the rest of the system. The same could be done on the host system of a virtual environment. If something does manage to break out of the sandbox or virtual system, it lands in an environment where it can't do anything.

Hopefully this will show you some of the options you have available, and help you to choose what path you might want to follow. Once you do that, then you can choose apps that best fit what you want to do.

 

Thanks for help. I'll consider this thread finished and will create my own account.