High Risk User

A little background on myself, I use the internet quite liberally. Rapidshare, Megaupload, BitTorrent, and mIRC are used on any given day to get all kinds of software, movies, music, etc. My hard drive is constantly getting new content and deleting old stuff too. Because of such, I defrag often and consider getting PerfectDisk. I visit websites that I probably shouldn't be going to and do a bit of gaming on the side. If there is a brand new virus/trojan going around, I'll likely be one of the first people to be infected.

Based on my profile and subsequent discovery of this forum, I feel I need better protection for my computer. There is just an overload of available software and as a newbie, I have a tough time picking out which to get. There is a huge topic on everyone's computer setup but that left me more confused than enlightened. Furthermore, installing too many security software could do as much harm as the malware themselves.

The following are on my computer:

Powershadow
Kaspersky Anti-Virus
Comodo Firewall
SuperAntiSpyware (free)
Asquared (free)

I plan to re-format my hard drive and start from scratch. Speaking of which, whenever I re-format, I see a small partition on my hard drive that can't be touched. Is this normal or something I should look into further?

One software I'm not getting for sure is FD-ISR. In its place, I plan to use ERUNT and Bart's PE along with a backup image stored on a USB drive.

 

You have all your basics covered. Only addition I'd suggest is perhaps "LinkScanner" from: http://linkscanner.com/ With this you may be alerted prior to getting infected when you visit a bad website.

If you have a box from one of the big boys: Dell, HP / Compaq... It's probably a restore partition.

hth,

...screamer

 

Hello.

It's normal. When you fresh-install XP it automatically creates a small FAT32 partition (7-8- megs approx.) which is used for storing XP's bootloader. The bootloader then determines which partition is bootable.

It's a phase. It will pass in a year or so....

Cheers.

 

I download all my files to a download folder and then scan them with no less than three scanners. For example right now my context menu has Avast, A-squared and AVG AS. AVG never works to scan an individual file for me, but I scan the whole folder anyway. Sometimes I use SuperAntiSpyware also, and if I'm really not sure of the source of the file I will upload it to VirusTotal and or Jotti. They only scan files up to a certain size. When I did P2P I downloaded to a music file and scanned all files like above before previewing them.

It would also be a good idea to run regular online scans from the different vendors. You also may want to check out a sandbox type of program. It basically contains all the files and folders used when running your browser, email, etc. and when your done with that session you can delete the contents. Sorta like PowerShadow, but you can save some of the files that you want to keep. They also don't need a reboot to turn off or end a session. At least that's the way Sandboxie works. I'm not sure as to how or if it would slow down a p2p application. Oh, and run as a limited user or use a program that lowers the rights to "risky" internet facing programs. I'm using dropmyrights for FF2, IE7 and WinAmp. I hope this helps a little.

Edit: here's a link to some online scanners. http://wiki.castlecops.com/Online_antivirus_scans

 

Hi,

Do you have Kaperski with Proactive Defense Module?

Easy to use additional extra defense
- PrevX1/2
- DefenseWall (I thought DW had an issue with KIS, but I am not sure)

Cheap easy to use additions would be:
- Samoerai (when not familiar with the items listed, choose only rootkit defense by giving a pop-up when I driver wants to load)
- WinPooch (see post here at wilders for download of rule set
https://www.wilderssecurity.com/showthread.php?t=175814 ), rule set contains startup registry protection of Toni Klein (copied from the RegDefend rules set, so WinPooch offers the same as Regdefend for free) and protection of critical XP files and directories (filter set that is the name WinPooch uses forits rule set). ANd some basic netconnect (outbound protection). All is configured to ask + block (when no answer received).
- Script Defender (or another script start up guard)
- Spywareblaster for cookies and Active X protection (does not cost any CPU power, achieved via the XP settings).
- SafeXP for some hardening (unselecting windows options home users do not need)
- in case you do not have PDM with KAV, and you do not try PrevX1/2 try-out CyberHawk (try to get the slim and fast old version 1.2.039 with community warning and update off).

 

Try Linux.
Or if you are Windozing, use non-MS programs like Firefox, OpeOffice, eMule etc.
Mrk

 

some replies....

to Kees1958: Kaspersky Antivirus only. I see where you are going there with your suggestions. A good HIPS program is sorely needed, I totally agree with that. I have plenty of free time so I don't mind fiddling with complicated HIPS at all if they are the best at what they do. I aim for maximum protection. If I may pick your brains a little further, how does System Safety Monitor (paid version) (which I see most of the hardcore members use) compare to Cyberhawk and EQSecure? Just want to say that paying for software is also no problem with me.

to screamer: How does linkscanner compared to having a virtualized sandbox? I may want to visit websites with bad reputations.

to seer: If it's a phase, it's one that's been going on for 10+ years.

to innerpeace: I also scan with different programs religiously after downloading files off of rapidshare/BitTorrent. You mentioned Sandboxie and I'm considering running it with Powershadow. What you do you think about running them both at the same time?

to Mrkvonic: I would if more software runs on Linux

 

LinkScanner will block the site until you turn it off (LinkScanner)

I've used Green Border at times but it was a bit of a PITA.

I visit the seedy side of town on a regular basis and I do so confidently. If SSM misses it, I feel that NOD will catch it. Then again, I also run several on-demand scanners on occasion. e.g. SAS, a-squared & AVG.

...screamer

 

To be honest with you, I haven't tried running both together yet, but have read others doing so. I have been wondering which would be best to start first or even if the starting order would matter . I would like to visit the dark side, but until I get my backup system going (my cd/dvd isn't burning reliably) I'm afraid to take to many risks.

 

Honestly Kaspersky Antivirus 6 and some good firewall should be enough for anything.

 

SSM Pro versus EQSecure
+ SSM = outbound traffic connection
+ SSM = decent clear build up of rules
- SSM = none really

EQSecure
+ EQS = protection of files/folders (vulnarable OS for instance)
+ EQS = wildcards for registry protection
+ EQS = faster than the old SSM-free
- EQS = you need to understand the rules flow and check every rule generated by EQS after an PROMPT for redundancy, also there is a little annoying bug that by default the initial system ruleset is allocated to a new rule.

So why did I drop my SSM-Pro lisence for EQS freeware?
EQS can be configurated as an Anti Executable and as a Behavioral Blocker. My experience is that both my Son on his PC and my Wife on her PC, simply disable the AE when they want to try a new program (!). This reduces the effectiveness of an AE to practically zero. The BB will allow them to run a new program, it only starts to scream (pop up) at anomolies. I can not eliminate the user therefore we degraded defense from AE to BB.

The combi AE + Sandbox or BB + Sandbox works great (so consider buying DefenseWall or GeSWall).

regards K

 

As good as they come. Use Firefox or Opera. If FF, then get NoScript, RefControl and CookieSafe extensions. Don't open unknown attachments, or the whole unknown message to begin with. Using P2P, download files with plenty of sources only and avoid exe's etc., unles you're sure where they come from (ex. Bittorrent when downloading a file indicated in a trustworthy site etc.). Think. This is the most important.

You could add something that locks your computer, like Anti-Executable or SSM free (the latter use it only to learn your system, then to block unknown executables).
SSM more tricky, you won't get it the first time, but free. Tons of pop-ups if you don't have the patience to use learning mode and review the executables "learned".
AE is straightforward, but paid and not flexible (then again, flexibility isn't always what you'd want).

Alternatively, a sandbox as SandboxIE, GeSWall or DefenseWall.

Your call though, your programs are good, using non MS programs to begin with.