Is my setup good enough?

Discussion in 'other anti-malware software' started by Antimalware18, Feb 19, 2013.

Thread Status:
Not open for further replies.
  1. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    I hope this isnt against the rules, I read the rules and I couldnt classify this as a AvB thread soo... is my setup enough? my setup is in my sig. I was using OA's Hips with avast! but I ran into problems. Its not only me using this computer its my wife to and bless her soul but shes not computer savy at all and since i can't be here 100% of the time a HIPS app. really wouldnt fit on this system. And neither would a app. like Exe Radar either.
     
  2. gambla

    gambla Registered Member

    Joined:
    Sep 4, 2007
    Posts:
    161
    Location:
    Frankfurt, Germany
    Imho any anti-exec is needed, but i'd recommend a HIPS. Btw, i run OA free with Avira and never had any problems at all. Maybe you can give Threatfire a test to add a little more security, but i think i've read it's discontinued soon.

    As a first line of defense, i'd recommend Sandboxie and/or something like NoScript for Chrome ? (if it's not covered by these web shields you mentioned).
     
  3. DrBenGolfing

    DrBenGolfing Registered Member

    Joined:
    Nov 29, 2012
    Posts:
    251
    Location:
    Hometown of Van Cliburn
    Good enough. I'd go with it until or unless you get a bug. I only run MSE w/Windows 7 firewall and zero infections for 3 years. Be sure you turn on all the PUP settings in Avast.
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    If a HIPS and sandboxing isn't feasible for you because of other users in your home, I'd say it's best to use a fully featured AV (like Avast), and enable all the protections/shields (except for the sandbox)... and then just use the integrated Windows Firewall, inbound only. Maybe set up some outbound rules too that won't impede your wife from doing what she needs to do. But if you're not using a HIPS as you say, no need for a 3'rd party solution there at all.

    Throw EMET 3.0 in there too since it's unintrusive. I wouldn't set any applications up in it though, that could cause problems. HungryMan posted a recommended safe/stable setup for it, but I don't know where it is. I'd use that if you come across it.

    Harden the browser as much as you can without breaking it for your wife. Tell her to at least be careful about what she clicks on/downloads/installs. And keep clean image(s) on hand... you have an adequate integrated imaging solution already. No need for 3'rd party software there either.

    And that should be "good enough", as long as you exercise discretion as end users.
     
  5. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    would winpatrol be a "alright" second option? by alright I mean not be as annoying as a HIPS can be? lol I want something for a secondary thats not a signature based solution but not as Annoying as a HIPS/Exe radar

    What I'm really looking for is like a Behavior blocker (not the kind in CFW) that alerts me when something truly malicious is happening but not as chatty as a hips is.

    Oh, and it has to be at the price of Free perferably ;) I promised myself to NEVER pay for security.
     
    Last edited: Feb 19, 2013
  6. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,694
    Location:
    Zagreb, Croatia
    ThreatFire...but it has reached EndofLife status.
     
  7. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    thats what I mean, would winpatrol be a good alternative?
     
  8. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Does WinPatrol throw up alerts? I'm asking because I don't use it.
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Winpatrol does alert to system changes, a light boarder line Hips IMO and one that requires a user input.Note! No downloads or changes to the system then its pretty quite otherwise scotty will bark.

    I Follow luciddream suggestions,Seems that would be the best setup for a wide range of users,from the Novice on up.
     
    Last edited: Feb 19, 2013
  10. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yes... and it barks : ) or, at least used to back when I used it, though that was some time ago I can't imagine they took that way (soo cute).

    It will alert you to things like browser hijacks (homepage/search engine changed), and new startup entries... that's about it from what I recall.

    There is a BB in Avast Free. I think along with all the shields in it that ought to protect you well, unintrusively. EMET also will stop said "truly malicious things", along with Avast, with no user interaction required once you set it up. That's what I'd do in your position.

    See if you can't PM Hungry Man and get him to pass along his recommended EMET settings, if you can't find it. Or maybe someone that knows it can chime in...
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
  12. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yes, that's it. Definitely the way I'd set my EMET up if I were using it on a post XP OS. Best compromise of security/stability/performance. You are unlikely to have any issues deploying it that way.

    Thought I'd personally recommend version 3.0, not 3.5. As far as I know 3.5 is "not" a final/stable build, unless that has changed?...

    I know some people that swear by 2.1 because they say it's lighter and more stable. That and it doesn't force the icon in the quick launch bar on you.
     
  13. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    If you have family using the computer I would use the following:
    - Avast with all shields
    - MBAM Pro real time
    - K9 Web protection
    - EMET 3.5
    - Chrome browser (safer for inexperienced users than FF + NS)
    And of course make sure to uninstall Java.
     
  14. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Yeah I second Chrome being safer out of the box than Firefox (and faster), since the wife probably won't be able to deal with NoScript. Definitely uninstall Java, if it's there. And if you're willing to pay for MBAM Pro, by all means... add it to Avast Free.
     
    Last edited: Feb 20, 2013
  15. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    What is actually "good enough" really depends on your needs -- your level of risk. Do you actually encounter a lot of malware? If so, how does it generally get through; through web exploits, or things that people are downloading?

    If you and your wife's browsing habits are pretty conservative and you don't download risky things, then you really don't need as much. The fact that you're asking suggests that you probably don't really encounter malware. In such a case a good AV/IS suite, web filtering/link checking, and ad blocker (like AdBlock) would probably suit your needs. Keep off any browser plugins that you don't need (like Java and Reader), and install updates as soon as possible (Secunia PSI can help here if you want). If your wife can handle a Flash blocker, then use that as well. If you get much spam, then use a spam filter. If you are still not confident with your setup, then use a limited user account and consider a paid AV/IS that does well in the tests; there are some inexpensive deals out there. Most importantly, make sure that anyone using the computer can recognize and understand actions by the security software so that they know when something is going on, can use it properly/effectively, and can't be duped by fake alerts.

    This is a security software enthusiast forum, and so we like to check out/play with the apps and try to fill in as many of the cracks as possible and of course you'll get a lot of those kinds of suggestions. The truth is, however, that you don't always need to go all that far to be safe unless you're really at high risk. I.e., you encounter a lot of malware.

    Security is about assessing the risk and mitigating it as much as possible given your resources and usability needs. Security is going to be a trade-off with usability, so you have to find the balance that suits your needs. It sounds like you have a high need for usability, and a low need for protection. Things like HIPS can actually make things worse, even in the hands of a relatively advanced user, but at the very least it's not going to do any good for someone that doesn't understand what it is. It can even leave you less protected if everything is configured to Allow. After all, which offers more protection: the Windows Firewall set to Public Network with no exceptions, or Online Armor configured to open every port and allow every action? What does a HIPS offer in an attack when the first few actions were allowed, and the blocked actions triggered the malware's self-defense to the point that it has dug into your system and left it virtually unusable and impossible to clean (while the malware continues to operate)?
     
  16. Antimalware18

    Antimalware18 Registered Member

    Joined:
    Dec 12, 2008
    Posts:
    417
    lol I used Noscript in firefox when I was younger (im still young im only 22 :D ) but im talking when I was like 18, and no, my wife couldnt deal with noscript that would be a disaster, thanks for the imput im going to take a look at emet.
     
  17. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    EMET is pretty unobtrusive once you get the settings tweaked, but you should expect some app crashing until then. Crashing may return after software or extension/plugin updates as well. So you may want to be sure that that's not a big issue.
     
  18. century

    century Registered Member

    Joined:
    Oct 13, 2007
    Posts:
    92
    I am with luciddream & Dark Shadow. Actually I am using a similar set up in my desktop. Me & the family are cautious during surfing. We have been safe so far.
     
  19. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I think if he uses the settings in that link from HungryMan, and doesn't force apps (just apply the system configs), he'll be fine.
     
  20. rodocop

    rodocop Registered Member

    Joined:
    May 1, 2010
    Posts:
    67
    I understand that modern PC are too powerful :D but I still think such a set of security apps is pure wasting of resources!

    More than one realtime monitor - why?!

    If using EMET, you simply could stay with Win built-in firewall (TinyWall makes it more convenient in use) and some web filters. Replace default web-clients (browser, mailer, IM) and PDF-app with alternatives and update Windows, Flash and Java to latest.

    As for me, I use K-Meleon browser with AdBlock Plus to surf, AnVir Task Manager to control autostart (and have numerous bells&whistles for control and usability in addition), K9Web Protection for filtering unwanted sites. Foxit Reader instead of Adobe Reader. Some portable e-mail client and IM (there are number of good alternatives).

    That's all. No Internet Security, no antivirus, no firewall (moreover - but it isn't recommendation, just my setup - no UAC, no limited user, no EMET) - and no infection for years.

    I was using number of different security apps - and some of them for years. But I've abandoned almost all of them. No sense. Just wasting my and CPU time and 'full oversetup' o_O
     
  21. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Perhaps you didn't read his entire post, but there are reasons the approach you mentioned isn't feasible to him. If it were most of the replies here would list things like Sandboxie & Shadow Defender instead of fully featured AV's.
     
  22. rodocop

    rodocop Registered Member

    Joined:
    May 1, 2010
    Posts:
    67
    I'm sharing my PC with my wife too (and moreover - with daughter). My setup was upgraded forcedly - and K9 as added. And that's enough!

    All what could be needed - use TinyWall to control applications in terms of internet connectivity.
    "I guarantee it!" (c) ;-)
     
  23. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    When you have a 13 year old teenager installing anything that's on the internet then you may want to get a 2nd realtime monitor.
     
  24. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Or, you might want to take control of the situation and start restricting things. Adding one more monitor or realtime app is not fixing the issue. Address the real issues if possible.

    Sul.

    Edit: that is to say, my 15,13 and 9 year old are not free to do as they please. And there is no need for any realtime anything. You can take control if you desire :)
     
  25. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I guess that depends to what degree of freedom you want them to have. On my side of the fence I want them to have as much flexibility as possible Install and experiment with whatever they want. I think it's a best way to learn computers that way. There is of course different ways to approach the subject.
     
Loading...
Thread Status:
Not open for further replies.