How good would this setup be?

Discussion in 'other security issues & news' started by Hipgnosis, Mar 8, 2007.

Thread Status:
Not open for further replies.
  1. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    This question covers multiple security apps so I'm not really sure which forum would be the best. If the moderator feels it should be elsewhere, please move it where appropriate.

    My question is, how good of a security setup would this be?

    Firewall/HIPS/IDS: Blink Neighborhood Watch
    Antivirus: AOL Active Virus Shield
    Spyware protection: Spyware Terminator, SpywareBlaster & K9 Web Protection

    Would there be any need or benefit for anything else? If so, what and why?

    edit: This system would be behind a hardware router/firewall with SPI.
     
  2. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Looks fine to me. Surf safely and with common sense and you'll be fine.
    Heck, lately i've been testing out some apps and purposely trying to get infected and i tell ya its a lot harder than i thought.
     
  3. EASTER.2010

    EASTER.2010 Guest

    Ghost Security Suite would compliment nicely other hIPS to better alert for some potential malicious intrusions. My findings bear that out.
     
  4. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    :thumb: :thumb: :thumb: Add CyberHawk for procesmodification and data injection protection, plus enable DEP for all programs in XP (you could also use SafeXP and Seconfig for some hardening). Everything else is covered nice setup.

    Do you have HIPS enabled in SpywareTerminator? Is Blink satisfactory (I like the concept) and running fine?
     
  5. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Kees1958,

    I haven't put this in place yet. I have been investigating the potential setup and wanted to get some feedback from others before moving forward.

    Here is my thinking around the setup I want:

    1. Free
    2. Secure
    3. Relatively user friendly for non-techie users, therefore it can't be overly "talkative" after initial training
    4. Reliable
    5. Resonable memory footprint
    6. Resonable CPU usage
    7. Not overly difficult to learn and use
    8. Good GUI interfaces (well laid out and intuitive)

    I know this setup will be "heavier" than the configuration it will replace but I believe it will be much more secure and therefore worth the extra weight.

    My one area of concern right now is with Spyware Terminator. I very much like the idea of, and want, real time protection but after reading about the former spyware connection for the parent company (Crawler) I do have some reservations about this app.
     
    Last edited: Mar 9, 2007
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
  7. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    Ok, I have set this system up based on my initial configuration with one exception, which was to leave off Spyware Terminator...at least for now. What I did was replace the following:

    Arovax Shield
    Avast Antivirus (free)
    Kerio 2.1.5


    with:

    Blink Neighborhood Watch
    AOL Active Virus Shield


    Additionally, I was running WinPatrol, SpywareBlaster & K9 Web Protection before and continue to use those.

    According to Task Manager I am using around 7-9 MB more RAM for these new programs. The best things I have noticed however is that I am seeing no system slowdowns, unless you want to count an approximate 2 to 3 second longer boot time. An even better thing is that I do feel like I am more secure now based on these initial responses:

    Blink alerted me to some websites with this message (which may or may not be a bad thing):

    Event ID: BLINK-BAM-5016
    Severity: Medium
    Description: Request contains a header with an invalid format
    Action: Terminated

    It also stopped my POP3 email checking program on some spam emails with this message:

    Event ID: BLINK-BAM-16001
    Severity: High
    Description: Potential buffer overflow
    Action: Terminated

    In the above case it was because the "TO:" field was too long. The spammer had listed many, many email addresses.

    One thing I was surprised about was that prior to installing the AOL Active Virus Shield I had installed the trial version of NOD32, performed a complete system scan and it found nothing. After that I removed NOD32, installed the AOL-AVS and again did a complete system scan and surprisingly it found this in my deleted mail folder.

    Trojan program Trojan-Spy.HTML.Fraud.gen (modification) Mail body: XXXXXXXXXXXXX\Local Folders\Deleted Items\[From:"PayPal" <service@paypal.com>][Subject:New email address added to your PayPal account][Time:2007/01/25 15:46:59]\text/plain\text/html/UNNAMED/Edit

    I remember receiving this email and forwarding it to Paypal for review. They confirmed my suspicions and verified that it was bogus so I deleted it, but forgot to delete it from the "Deleted Items" folder.

    So anyway, I said all that to say this, thus far I have a good feeling about this setup and am willing to sacrifice the additional memory for what certainly appears to be better security; especially in light of me feeling that with Avast I was secure (and recommending it to others) :(

    I have included a screen capture from the Blink Event Log regarding the alerts. (the "Service started" line was a reboot)

    edited for spelling...and to add that I am still looking at Cyberhawk and some other programs as possible add-ons. Thanks for the suggestions
     

    Attached Files:

    Last edited: Mar 9, 2007
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Thanks,

    Why change Antivir free for AOL. Antivir has got better heuristics than the liteware version of AOL. Detenction rates are more or less teh same.
     
  9. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    It was Avast that I replaced, not Antivir. I did consider replacing Avast with Antivir but unless I'm mistaken, Antivir doesn't actively scan email.

    Also, after the system scan by AOL-AVS found something that NOD32 missed I decided it was worth a try.
     
  10. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    Stay with AVS, it will offer you excellent virus detection. :thumb:
     
  11. GS2

    GS2 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    42
    Sounds like a linux distro is needed - ticks all those boxes and more :) No need for all those anti-spyware apps, setup iptables correctly, install a AV if you wish to protect any Windows systems you share files with. Add rkhunter, and you are good to go :)
     
Loading...
Thread Status:
Not open for further replies.