Just As Important As Firewalls And Anti-Virus Programs

Discussion in 'other anti-malware software' started by AlamoCity, May 15, 2007.

Thread Status:
Not open for further replies.
  1. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Which supplemental security programs do you consider to be just as important as your firewall and anti-virus program, that you absolutely would not do without? I'm talking about the BARE essentials -- just what you think is mandatory for your security. And which firewall and anti-virus program have you found to be the most compatible with these programs?

    Note: This thread is for people who have implemented other types of security programs for supplemental protection, because they don't want to rely solely on a firewall, anti-virus program, and Firefox to protect them. Thanks in advance for staying on-topic.
     
    Last edited: May 15, 2007
  2. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    KIS.... done.
     
  3. MaB69

    MaB69 Registered Member

    Joined:
    Dec 9, 2005
    Posts:
    540
    Location:
    Paris
    Hi all,

    One OT answer : a routeur and one answer to your question : instant recovery ( Rx Pro for example) or a sandbox (GeSwall another example)

    Regards,

    MaB
     
  4. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Note: This thread is for people who have implemented other types of security programs for supplemental protection, because they don't want to rely solely on a firewall, anti-virus program, and Firefox to protect them. Thanks in advance for staying on-topic. :D
     
  5. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Imaging software (coupled with partitioning and external HDD) is a must. A router is a good add-on.
    Realtime security software: firewall, AV, execution interception and sandbox. That's all. Don't forget about safe hex/common sense.
    You might like rollback/reboot-to-restore solutions.
     
  6. tayres

    tayres Guest

    "Limited user" accounts (LUA).

    Aaron Margosis (Microsoft Consulting Services) posted on his "Non-Admin" Weblog (6/2/06):
     
  7. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I would say PowerShadow has proven more important than a/v and firewall. In shadow-mode I have no other active security other than router. I'm not a high-risk surfer though, I just like testing a lot of s/w...(that can't be done in LUA)
     
  8. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    That's an excellent point, and often overlooked. I had forgotten about it myself. If you're going to utilize this protection strategy, doesn't XP Pro offer a lot greater security than just plain XP?

    When running as non-admin., don't you have to switch to admin. just to make a simple adjustment to the settings of a program? And don't you have to do a restart to switch to admin?

    Thanks in advance!
     
  9. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    PS is to clean up. An AV can block known malware from doing anything.

    Personally i would say SandboxIE, the one i use, or DefenseWall / GeSWall / Bufferzone etc.
    But it's really not MANDATORY. :) . It's a second wall, yes, but it really depends on the faith you have on the sites you visit, people you chat with, the browser you use, IM client, etc.
    I prefer to use it to ease my mind, because it really is supposed to be bulletproof.

    On the other hand, if you let people use your computer a lot, i would say something like Anti-Executable is nice and quite. New executables will NOT compromise your machine.
    There's no "hey buddy, something's up with your computer, it's poping up strange messages. Golly, i was only downloading this crack.exe"
    In this scenario, a sandbox is not helpful, since he can turn it off, or not use it, or simply he doesn't get it and circumvents it himself. AE is not in his reach to mess with.
     
  10. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
    Hi

    If I had to choose one - for me, Shadowsurfer. IMO it does exactly what it purports to do. Only pain is having to reboot to enable/disable.

    Others recommend similar, Sandboxie, PowerShadow etc.

    Shadowsurfer has not conflicted with any other app I've used to my knowledge inc. but not exclusive to

    Online Armor beta, PG, NOD, F-Prot LnS, A2, Prevx, Counterspy, SSM, CureIT, BitDefender Free V8, Opera, Firefox

    Hope that helps
     
  11. AlamoCity

    AlamoCity Registered Member

    Joined:
    Apr 29, 2007
    Posts:
    149
    Which is your favorite?

    Why not a second HDD inside the computer? Is there a security advantage to having it external?

    Which program do you use for "execution interception"? And which sandbox program do you like the best?

    Thanks in advance!
     
  12. tayres

    tayres Guest

    Probably. However, you can replace some of the missing functionality in XP Home with programs like Fajo Xp FSE, which gives you the capacity to change access rights in XP Home. I've used it with Ghost Security Suite to make GSS function from within a limited user account. (Keep in mind that there are also security implications when allowing more rights to a non-admin.)

    I'm using KIS6 right now and I have been able to do anything with it that I've needed to within the non-admin account. KIS6 uses a password to prevent changes, etc. If you know the password, it doesn't matter from which account you make the changes. A lot of software requires administrator rights to install, but, in my experince, little beyond that.

    No. You can either log out of the non-admin user account or fast switch back and forth without logging out of either account. I've never had any problems, but I don't use Fast User Switching (FUS) very much.
     
    Last edited by a moderator: May 16, 2007
  13. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Because if the computer has a power surge, power is lost, any damage to the computer and the stuff inside, it screws up your real data and the backups, not good.

    Having the backups external creates two places that need to be destroyed in order for your data to be lost.

    Actually, the best is to transfer all the data to a remote location to a tape backup over an encrypted tunnel like ssh, but that is pretty complex and not in the means of an ordinary user.

    Cheers,

    Alphalutra1
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    What's Firefox?;) IE7 user here. I also use CounterSpy v2 in addition to a router and my AV.
     
  15. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    AV can only block what it can detect-PS blocks ALL changes made during shadow-mode....
     
  16. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Sandboxie, have been using it for about 6 months now and would not be without it, or some similar application.
     
  17. herbalist

    herbalist Guest

    This is somewhat contradicting. If it's "essential" it can't be "supplemental".

    First of all, I don't consider an AV or any other signature based security-ware to be an essential. With a default-deny security policy, it's not necessary to identify malicious code. It's blocked from executing by default.

    IMO, these 3 are the essentials:
    1. Control over traffic in both directions.
    2. Control over running processes and their activities.
    3. Control over the content delivered by the allowed traffic.

    1, Topping my list of necessities with Windows would be a firewall, whether hardware or software. I use both. Traffic control is critical and should top the list of priorities for securing Windows. For a long time, I trusted this to Kerio 2.1.5. Recently, I've added Smoothwall for even stronger inbound control, plus it serves as a router.

    2, The next most important to me is controlling what processes can run and what they're allowed to do. I use a combination of SSM free and the system policy editor to limit the allowed processes to a whitelist of apps I use, and to control what activities or other processes these apps are allowed to perform and start. Everything else is blocked. In this setup, an AV serves a supporting role by scanning new files and downloads, not a primary defense role.

    3, The 3rd item I consider essential is filtering the content of the allowed traffic. For me, Proxomitron fills this role. In addition to filtering unwanted scripts, ads, flash, etc, it also controls what information your browser sends out. More info on this subject in this thread

    These 3, when configured properly and used with a default-deny security policy that adhered to by the user are all the real time protection that's necessary. It's only when the user violates that policy for whatever reason that this combination might not be sufficient. This makes one more application a necessity, a good system backup utility. I use Acronis for this. For me, the rescue CD is all I need.

    System backup software can save you from more than a malware infection. It can restore your system to its previous state when that new software you wanted conflicts with something else you use, or it changes file associations you didn't expect. It can save you when your hard drive fails, if you used another drive or writable media to store the backups.

    Most users, even many security conscious ones who run multiple AVs, AS, ATs, HIPS, etc, often don't have one thing that is a necessity. That's a well thought out security policy, that basic plan that spells out how different situations are responded to. The security policy is where it should begin, from the apps you choose and how you configure them to your response to an unknown. Default-deny is an example of a very secure policy, but one few users implement.
    Some good reading:
    http://en.wikipedia.org/wiki/Security_engineering
    http://en.wikipedia.org/wiki/Security_policy

    Rick
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This should be the motto at the head of every security forum!

    Great post, Rick.

    regards,

    -rich
     
  19. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    A must have for me is execution protection. On my personal computer this is taken care of with faronics anti-executable on my other systems i use appdefend.
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    1. Immediate System Recovery during reboot.
    2. Prevent the execution of malware between two reboots.
    3. Image Backup, when 1. and/or 2. failed seriously.
     
  21. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    DriveImage XML from BartPE. I also have the free Paragon (not tested yet) and I'm waiting for hardcore testing of ShadowProtect v3 desktop when it's available.
    Already answered by Alphalutra1. You could use both (internal and external), though.
    - Execution interceptor: Process Guard free at this moment.
    - Sandbox: GeSWall free.
     
  22. herbalist

    herbalist Guest

    If it's internal and connected, it's also vulnerable to malware in addition to power surges and the like. A new malware variant of killdisk, combined with a mistake by the user could kill both the system and the backups. An external drive can be disconnected or shut down during normal usage, which keeps your backups out of harms way. Most of my system and data backups are kept on an external hard drive, but I also have one set on CDRWs. I don't update these nearly as often as they'd only be needed if both my internal and external hard drives failed together. True, a power surge could do it, but the power and phone lines are underground here and I have 2 surge protectors, so that's not a major concern to me.

    System backup and imaging software are examples of apps that must work right to be of any value at all. I realize this sounds all too obvious, but if your backup software didn't make a good copy of your operating system, you may not know there's a problem until you need it and find it didn't work. When possible, backup/restore software should be given a test run. With an app like ATI for instance, a good test run is to restore the operating system to another hard drive, leaving your existing one as is. If you keep your data separate from your system files, system backups are a much more managable size and will often fit on a very small hard drive. I've picked up used hard drives in the 5-10GB range from a local computer store for around $10. That's a small price to pay to know for certain that your backup software does or doesn't work right without risking corruption of your existing system.

    Rick
     
  23. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    I use BOClean or Prevx2 to supplement my AV/FW, Im not sure which to stay with though.
     
Loading...
Thread Status:
Not open for further replies.