How light can you go?

Discussion in 'other anti-malware software' started by Kees1958, Jun 6, 2009.

Thread Status:
Not open for further replies.
  1. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Exactly and that's why two of the best ever security apps ever in being Sandboxie and Returnil have supplanted any useless MS bloatware that they try to class as security.

    Scaremongering is a very apt description when it comes to securing a pc as well.

    Nothing like tearing a system to pieces to see how it works and of course those ghost images and clones can come in handy on occassion.

    It seems to me that some of the fellas that hang around here and use a million different security apps or settings only post just to bignote themselves?

    There's a real world out there where the vast majority ain't Wilder's members and what are you doing to help those people.
     
    Last edited: Jun 7, 2009
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I can't say anything about Returnil, as I don't use it. But, I agree with Sandboxie. Still, it only great as long as you run all inside of it. Once you take something out... Sandboxie won't be of any good, now will it?

    You seriously can't expect 100% of users to do tear down their systems, for the sake of being more knowledgeable in what comes to security.

    If someone wants to see how some malware works, etc... Go ahead, but even for that you need to have some background information. Do you really think that everyone has time to waste with this sort of thing, considering they already have busy lives? Their minds are near the edge by the end of the day... Lets not expect them to be experts at everything.

    Would it be really worth for my family to have no security measures implemented by me, and have their systems down, losing their work, having, who knows, given access to their bank accounts... just for the sake of learning?

    I have a different opinion from yours.

    Most of them, yes.

    I can tell you that I do all I can to help my family and friends... And, everyone else I do business with.

    I can also tell you that, you too live in fear and have lack of confidence. Otherwise, you wouldn't be using Sandboxie, Returnil, Ghost Images. You use them, because you're aware that something bad may happen, and those, in your own perception, are the tools that will help you out.

    Just like Kees pointed the setup for his son. Maybe others consider is good and will give it a try, if for some reason theirs considered security setups tough to deal with.

    If you don't like, don't implement his suggestions. He's not forcing anyone to use anything. He's only showing what he has set up for his son.

    The same way you say you use Sandboxie, Return and Ghost Images. Not everyone feels fine with the same setup as others.

    I could tell you I'm only running LUA + UAC + SRP + Other restrictions. This is all I need. Others may not feel the same. Does this make my setup wrong? Theirs better? Worse? No. Only different.
     
  3. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Definitely true. What makes it even worse is that those people often combine their ignorant posturing with blatantly terrible advice as well.
     
  4. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    The several archives of malware samples I've downloaded and tested inside of Sandboxie then uploading to various blacklist security vendors have certainly come in handy in getting signatures updated and helping real worlders stay that little bit safer.

    So you are completely wrong in saying once I take anything out of the sandbox it's of no use.

    Real worlders = AV and Windows default security.
     
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Tell me about it!

    Some are just too frightened to learn and resort to vilifying those that at least have a go.
     
  6. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    Yes, let's all have a go at ignorant posturing, dispensing incredibly bad advice, and protest when we get called out for it.

    Let's tell people it's perfectly okay to leave our doors wide open as long as we have a state-of-the-art burglar alarm, or to walk through crime-infested areas alone at night as long as we're carrying guns ourselves. Let's dismiss common-sense preventive measures as "useless" and "bloated" and restrictive of our freedoms, and ridicule those who advocate them as scare-mongerors.

    The ignorance and self-delusion of some people here are simply amazing. While I have no objection against them doing whatever they want to themselves, I do feel the need to post some form of caution for inexperienced users who might otherwise believe these swaggering idiots and their irresponsible claims.
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That's not what I said. I said that as soon as you take something out of Sandboxie, and for example, install something, in the real system, without any effect of sand boxing, then Sandboxie is as good as nothing. Sandboxie will only protect you as long as you keep things inside of it.

    That's what I said.

    And, sandboxie won't tell you, by iself, that something is bad or not. That's not the purpose of that tool.

    For personally experience, I've seen quite a huge % of "real worlders" using the user account which is Windows default account - power user account, commonly confused as an administrator account. No UAC enabled. No software restriction policies applied, because users aren't even aware of such, and who ever they buy their systems to, don't even let them know about it.

    Most of those very same system come with trial versions of antiviruses, due to agreements beetween manufacturers and the security vendors. Then, these users wonder how come their system became infected in the first place.

    1st - They thought they had a full antivirus version, or even a free version installed. They see something saying is an antivirus, and they won't even care about what it is.

    2nd - The antivirus no longer updating, and in some cases no longer working, won't be of any good.

    3rd - Power user account.

    5th - No UAC.

    6th - Lets do the math.

    This is the general scenario I always come across with.

    So, sorry if I disagree that the protections already provided by Windows are useless.

    And, even a concerned user using LUA + UAC + SRP + Other restrictions, is less paroined than someone using XYZ antimalware tools, XYZ sandboxing tools, XYZ HIPS tools, etc.

    I actually never understood what all the complainings are about, regarding this setup by Kees, or any other user who wants to share how they protect their systems. If they want to share, I believe it won't go against forum policies. They're free to do it so.

    Everyone's free to protect their systems the way they know best. Just like I said, all I need is LUA + SRP + UAC. All my documents are saved to my USB drive. I've been using this setup for a very long time, and so far, I've been doing just fine, without backup tools, rollback tools, etc.

    I really don't believe that these sort of comments bring any useful informations to others, other than saying we use this or that, and that we're against the way others protect themselves.

    Now, advicing users not to use LUA, etc. I find that ridiculous, considering that not everyone is capabable of understand each action occuring in the operating system.

    And, even you, as I already said, have a lack of trust in your knowledge. Otherwise you wouldn't be using Sandboxie and the other tools you use.

    Lets all go crazy... I'm going to tell my family that from this point on, no more LUA, no more SRP, no more firewall, no more nothing, and tell them is the best way for them to learn about security.
     
  8. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Since when common sense is ridiculous? Who, in this thread, at least, said that?

    Common sense, in what comes to security says:

    - Don't download and install pirated software, games, etc

    - Don't open e-mail messages you don't know who comes from, and always ask your contacts if they were the ones sending you some executable, etc. you didn't ask for.

    - other things

    Common sense doesn't say:

    - You should know all about everything (every action, what it means, what is it for) what's happening in your system.

    That's not common sense.
     
  9. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    How many real worlders use or have even heard of LUA or SRP?

    I've said it before and I'll say it again - a combo of a hardware firewall, Sandboxie and Returnil will keep you much safer than anything else espoused in this thread with way less resource usage.

    Kees states to use an av so how long does a scan take and how many resources does it use during the scan.

    Well it takes no time or resources here as I don't use an av.

    So just on that single aspect who's setup is lighter?
    Let's keep telling people to keep windows updated as it will keep you from getting infected.

    What a flippin joke.

    Your obtuness borders on a brainwashed dill pickle.
     
  10. Eice

    Eice Registered Member

    Joined:
    Jan 22, 2009
    Posts:
    1,413
    There are some individuals here that call basic, common-sense security practices advocated by Microsoft and many professionals as "useless bloatware", in favor of their security setup of third-party software. Whether these individuals are trying to show off with macho swaggering at the expense of common sense, paid shills for the products they're advertising, just plain uneducated regarding computer security, or all three, is anyone's guess.

    When called out on their questionable claims, it appears that the response of these individuals is to boast harder. The practice of running a restricted rights environment was already rubbished, and now it seems that they are resorting to the claim of dismissing Windows updates as well.
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Is it possible to download malware samples then install and harvest any droppers in your so called ms restricted environment.

    Come on "Mr Educated" security dill pickle, tell me how.

    Windows Updates goes well with zero day Wednesdays huh?
     
  12. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    "sc delete" command will get rid of it. LOL ;)
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Exactly! And, from those, who have even heard of Sandboxies, etc, unless they were told by someone else, the same way I mention them LUA and SRP?

    The thing is, unless someone tells these people what options are out there, and show them the different scenarios, they won't know they exist. Even less, know what is happening in their O.S. behind the scenes.

    Nor did I say otherwise. Nor did I say that Kees setup is shameful, at all. As I mentioned, one deploys what one knows best and feels more comfortable dealing with, and in this case his son. Is his son who is going to the system. Not you.
    I believe all Kees wanted to do was to show the setup in his son's system, and who knows, may others would think its worth to try it as well.

    And, you mentioned Sandboxie. Couldn't I just mention DefenseWall HIPS? I mean, it comes down to what he like to work with better.

    So, this is a mine is bigger than yours? Or, in this case, mine is lighter than yours?

    What are you advising? People not to update their systems?

    Of course, an updated system will prevent some attacks, which could enter Windows, by taking advantage of vulnerabilities. But, that's not the only possible scenario for infections. Now, is it?

    I don't think, unless I missed it, that no one in this thread has said that an updated system will keep you out of every infection.

    But, does it mean that, by not preventing all non-exploiting vulnerabilities threats, users should not update their systems?

    Should users not update all their other applications, specially those Internet-facing applications?

    Lets all stop updating our systems and our applications.
     
  14. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    You could say that and besides I like having a bit of a biff with Kees.

    He threw the bait out and I took it with pleasure. ;)

    As for for Windows updates if you feel you need them then use them.

    Here I delete the Windows update service as it can offer me nothing in extra security or performance.
     
  15. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    I am of the Franklin set. I firmly believe that the more elements added to an equation, the higher the likelihood of error. That is why whatever comes on my disc is what I am dancing with. If I want Windows updates, I'll buy a new disc with a more recent OS. Anything used as a security program or a replacement browser has to be so unbelieveably superiour or effective or cutting edge technology. Firefox doesn't cut it, Opera doesn't cut it, no AV alive cuts it. Sandboxie does, and Returnil also - Defense Wall? Sorry, doesn't cut it. Every argument for DW stresses ease of use, but all I see is a silent HIPS/LUA program - hardly cutting edge.
     
  16. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    This is a great thread. Myself, I run in admin, and don't really care for LUA. However, I imagine that if the 'average' joe could figure out how to run in LUA many problems that exist would be alleviated. We can face the facts, peeps like Franklin and many many others here probably know enough not to get infected in the first place, and secondly can fix the issue if they do.

    Not so with 'average' joe. So suggesting doing hardly anything to them does not make sense, as they will become a member of a bot network in due time. Is LUA the answer? It is constrictive, but for those less knowledgeable, it does strike a pretty good means to stop much.

    But I do agree, the less apps the better. Is no AV the answer? Probably not for most. Is a complicated setup with AV/Firewall/Hips/AS/Antimalware the answer? For those that really want to 'own' thier system, yes. For 'average' joe? I dont' think so.

    Is Sandboxie? or Returnil? SB, maybe, IF they can get the concept of a file system and restoring data from sandbox to real file system. Not all can do that. Or want to.

    Is SRP? If the 'average' joe is LUA, what does it give them really? AppGuard could do as much without the knowledge needed. But, if the user is an Admin, it can easily be used to reduce the rights of specific programs like a browser. Is it easier to unerstand than SB or AppGuard. Maybe. Is it safe? I think so. Until the POC attacks on SRP become common, why worry anyway.

    The point here is not whether you should run with very little or very much. Those here who are knowledgable can run what they like. I have often ran with nothing other than Avira. No problems. I do not tell the 'average' joe that, or they will certainly be in trouble. I have fixed too many problems to think otherwise. But they get into 'security or popup overload' very quickly. For them they don't think about reinstalling the OS. They pay people to. They don't think about saving documents because they might reinstall (for whatever reason). They lose everything because the Geek Squad deletes it with reinstalling. They might even put in thier DEll restore CD, only to realize too late that all data is now gone.

    No, we knowledgable users dont' need help. But it is the 'average' joe who does. It is very hard to find the balance of good security without complications/price/sluggishness/popups to give 'average' joe. If it were already existing, these sort of threads would not be needed. It does not exist. So peeps like myself who support 'average' joe are continually looking to find that golden bullet. The method that does not require them to learn very much at all, does not require them to answer questions (wrongly usually), does not slow thier machine now and most importantly to 'average' joe, protects them considerably without them really feeling it. They can still do most of what they want, although we more 'knowledgable' still try to emphasize proper protocol about downloading, installing, attachements etc etc.

    I agree with all sides as silly as that sounds. For myself, I think SRP holds a lot of promise towards all the peeps I know. Far more than SB or returnil type of thing. At least for 'average' joe.

    Sul.
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Why bother with Sandboxie or Returnil, go back to a saved image, less elements, less errors. Free tip: go for a Linux distro, you won't have to buy a new disk. Why don't you make your life a lot easier?
     
    Last edited: Jun 7, 2009
  18. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Just out of curiosity, what service pack are you running on what OS?


    Sorry I won't be posting light configuration threads anymore, as I know you must be grinding your teeth while opening your browser with Sandboxie, staring at the tumbling (don't know what the correct English word is, kind of prehistoric clock, something with sand :D )
     
  19. wat0114

    wat0114 Guest

    Sandboxie causes absolutely no perceptible slowdown at all on our two machines. IMO it is a phenomenal way to secure a machine with minimal impact on resources. However, I also believe in a limited account, to some extent at least, apply critical patches and use SP2 on XP because I had problems with SP3. There is also image/restore software in use - ShadowProtect and Acronis on our machines. This latter software is indispensable, something no one should do without.

    This thread obviously proves there is no best way to secure a machine, but it's nice to look at different ideas to see what others are doing and what works well for them. One can always build their security profile based on a collection of different ideas they see in this forum. To some extent that's what I've done.
     
  20. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Often it is from someone who plays with strange mixtures that one can gain knowledge and new ideas from. One can say 'I would not do it that way' as well as 'I never thought of that, I wonder if...'.

    Great ideas can spawn from any source, even those that may seem not the way you would do it.

    Sul.
     
  21. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Dual booting vLited Vista U with extra thinning and nLited XP Pro with extra thinning on this 74 gig raptor xeon quad.

    2 x 640 gig WD's with nLited XP Pro on one and vLited Vista on the other which are plugged'unplugged as to what I feel like using.

    Several older smaller ide drives with different setups including a coupla linux distros.Don't really like the linux setups.

    Core 2 Duo (wifey's) vLited Vista U and 4 or 5 P4's with nLited XP Pro which are ready to be given away free of charge to a needy family.

    Setup.JPG
     
  22. charincol

    charincol Registered Member

    Joined:
    Nov 10, 2005
    Posts:
    113
    I just happened to come here after being away for a while. I have used my Zyxel-x550 router, Windows XP Firewall, and Firefox with noscript for over 2 years now and Shadow Defender for when I occasionally want to "install" something new before I really install it. I haven't used an anti-malware, an anti-virus, or a sandbox program much during that time. If there's something suspicious, I will run it in a virtual machine first. I also run SUPER Anti-spyware on-demand about once a year. In that time, I've picked up only one malware that I didn't know about beforehand which was pretty benign and easy to remove. Oh, and I'm one of the lucky few that has FDISR.

    I finally realized that if I'm skilled enough to run and configure all the different complicated security programs out there, then I'm skilled enough to know what's on my PC.

    I go where I want, when I want, download from where I want, including any torrent sites I want and emule(edonkey). Letting go of the ultimate computer security dream setup has given me a lot of time to watch TV shows lately - even "The Soup" can be found now.

    I don't think I can go any lighter.
     
  23. HungJuri

    HungJuri Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    104
    Location:
    USA
    If your sandboxed browser is not opening in less than 2 seconds, there is something wrong with your system, your setup, or your browser. Maybe try a lighter setup. :cool:
     
  24. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,204
    Location:
    Virginia - Appalachian Mtns
    I fall into the "I never thought of that" crowd concerning Kee's light setup. He introduced me to UAC Virtualization which I never knew existed and I am grateful for that. You got to give Kees credit for one thing...from time to time he comes up with some truly great and useful information. I always enjoy reading his threads and responses.

    BTW, Sully, in build 7201 of Win 7 they've corrected at least one of the problems I was experiencing with SRP (Enforcement>All software files versus All software files except libraries). Meaning I'm not getting locked out if I choose All software files.

    Later...

     
  25. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    I wonder, what is the purpose of security then? Is it to protect your data, be it pictures/music/banking. Is it to keep your OS clean so you don't have to re-install with all that goes with it? Is it to not be a part of a larger problem, ie. botnets. Is it because it is an invasion of personal space. Is it because it is just not right.

    What is it then?

    I asked some peeps this question this afternoon. The replies? Novice users overwhelmingly stated 'because it makes things slow and causes problems'. Three really advanced users, programmers, stated 'to maintain system stability and data integrity, especially if data includes banking or source code'. And then the gamers, theirs was 'I just want to play, so anything that slows me down is outta here'. And my grandma said 'when my dad trusted his partner in the depression he got swindled. I don't trust people'. And my wife said 'I don't want to lose my stuff'. My son said 'dad, we don't want to get owned. We should script them back'. lol, I laughed at that one.

    So what is security then. For corporate, yes, it is $$$, so it pays to take the steps to protect your assets. But for the average user, the home user, the enthusiast, the gamer, the coder, the tweaker, the surfer, the button clicker, the media freak. What is security and what does it mean? How do all these different scenarios come into play?

    I think for most it is finding what Kees1958 generally puts forth. Different ways to construct some sort of security. I have read many of his posts that really, shall we say, lock things down. And others like this one that IMO are pretty light and straight forward. I don't think the majority care enough to use returnil. Maybe Sandboxie if they really want to learn a little. Most are still looking, looking, looking. For that easy combo they don't have to understand to use but still achieve what they call 'security'.

    I wonder if the reason there are so many apps and tools and combos to achieve security is because there is no 'golden rule' as to what we are really securing.

    Sul.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.