Just As Important As Firewalls And Anti-Virus Programs

Which supplemental security programs do you consider to be just as important as your firewall and anti-virus program, that you absolutely would not do without? I'm talking about the BARE essentials -- just what you think is mandatory for your security. And which firewall and anti-virus program have you found to be the most compatible with these programs?

Note: This thread is for people who have implemented other types of security programs for supplemental protection, because they don't want to rely solely on a firewall, anti-virus program, and Firefox to protect them. Thanks in advance for staying on-topic.

 

KIS.... done.

 

Hi all,

One OT answer : a routeur and one answer to your question : instant recovery ( Rx Pro for example) or a sandbox (GeSwall another example)

Regards,

MaB

 

Note: This thread is for people who have implemented other types of security programs for supplemental protection, because they don't want to rely solely on a firewall, anti-virus program, and Firefox to protect them. Thanks in advance for staying on-topic.

 

Imaging software (coupled with partitioning and external HDD) is a must. A router is a good add-on.
Realtime security software: firewall, AV, execution interception and sandbox. That's all. Don't forget about safe hex/common sense.
You might like rollback/reboot-to-restore solutions.

 

"Limited user" accounts (LUA).

Aaron Margosis (Microsoft Consulting Services) posted on his "Non-Admin" Weblog (6/2/06):

 

I would say PowerShadow has proven more important than a/v and firewall. In shadow-mode I have no other active security other than router. I'm not a high-risk surfer though, I just like testing a lot of s/w...(that can't be done in LUA)

 

That's an excellent point, and often overlooked. I had forgotten about it myself. If you're going to utilize this protection strategy, doesn't XP Pro offer a lot greater security than just plain XP?

When running as non-admin., don't you have to switch to admin. just to make a simple adjustment to the settings of a program? And don't you have to do a restart to switch to admin?

Thanks in advance!

 

PS is to clean up. An AV can block known malware from doing anything.

Personally i would say SandboxIE, the one i use, or DefenseWall / GeSWall / Bufferzone etc.
But it's really not MANDATORY. . It's a second wall, yes, but it really depends on the faith you have on the sites you visit, people you chat with, the browser you use, IM client, etc.
I prefer to use it to ease my mind, because it really is supposed to be bulletproof.

On the other hand, if you let people use your computer a lot, i would say something like Anti-Executable is nice and quite. New executables will NOT compromise your machine.
There's no "hey buddy, something's up with your computer, it's poping up strange messages. Golly, i was only downloading this crack.exe"
In this scenario, a sandbox is not helpful, since he can turn it off, or not use it, or simply he doesn't get it and circumvents it himself. AE is not in his reach to mess with.

 

Hi

If I had to choose one - for me, Shadowsurfer. IMO it does exactly what it purports to do. Only pain is having to reboot to enable/disable.

Others recommend similar, Sandboxie, PowerShadow etc.

Shadowsurfer has not conflicted with any other app I've used to my knowledge inc. but not exclusive to

Online Armor beta, PG, NOD, F-Prot LnS, A2, Prevx, Counterspy, SSM, CureIT, BitDefender Free V8, Opera, Firefox

Hope that helps

 

Which is your favorite?

Why not a second HDD inside the computer? Is there a security advantage to having it external?

Which program do you use for "execution interception"? And which sandbox program do you like the best?

Thanks in advance!

 

Probably. However, you can replace some of the missing functionality in XP Home with programs like Fajo Xp FSE, which gives you the capacity to change access rights in XP Home. I've used it with Ghost Security Suite to make GSS function from within a limited user account. (Keep in mind that there are also security implications when allowing more rights to a non-admin.)

I'm using KIS6 right now and I have been able to do anything with it that I've needed to within the non-admin account. KIS6 uses a password to prevent changes, etc. If you know the password, it doesn't matter from which account you make the changes. A lot of software requires administrator rights to install, but, in my experince, little beyond that.

No. You can either log out of the non-admin user account or fast switch back and forth without logging out of either account. I've never had any problems, but I don't use Fast User Switching (FUS) very much.

 

Because if the computer has a power surge, power is lost, any damage to the computer and the stuff inside, it screws up your real data and the backups, not good.

Having the backups external creates two places that need to be destroyed in order for your data to be lost.

Actually, the best is to transfer all the data to a remote location to a tape backup over an encrypted tunnel like ssh, but that is pretty complex and not in the means of an ordinary user.

Cheers,

Alphalutra1

 

What's Firefox? IE7 user here. I also use CounterSpy v2 in addition to a router and my AV.

 

AV can only block what it can detect-PS blocks ALL changes made during shadow-mode....

 

Sandboxie, have been using it for about 6 months now and would not be without it, or some similar application.

 

This is somewhat contradicting. If it's "essential" it can't be "supplemental".

First of all, I don't consider an AV or any other signature based security-ware to be an essential. With a default-deny security policy, it's not necessary to identify malicious code. It's blocked from executing by default.

IMO, these 3 are the essentials:

1. Control over traffic in both directions.
2. Control over running processes and their activities.
3. Control over the content delivered by the allowed traffic.

1, Topping my list of necessities with Windows would be a firewall, whether hardware or software. I use both. Traffic control is critical and should top the list of priorities for securing Windows. For a long time, I trusted this to Kerio 2.1.5. Recently, I've added Smoothwall for even stronger inbound control, plus it serves as a router.

2, The next most important to me is controlling what processes can run and what they're allowed to do. I use a combination of SSM free and the system policy editor to limit the allowed processes to a whitelist of apps I use, and to control what activities or other processes these apps are allowed to perform and start. Everything else is blocked. In this setup, an AV serves a supporting role by scanning new files and downloads, not a primary defense role.

3, The 3rd item I consider essential is filtering the content of the allowed traffic. For me, Proxomitron fills this role. In addition to filtering unwanted scripts, ads, flash, etc, it also controls what information your browser sends out. More info on this subject in this thread

These 3, when configured properly and used with a default-deny security policy that adhered to by the user are all the real time protection that's necessary. It's only when the user violates that policy for whatever reason that this combination might not be sufficient. This makes one more application a necessity, a good system backup utility. I use Acronis for this. For me, the rescue CD is all I need.

System backup software can save you from more than a malware infection. It can restore your system to its previous state when that new software you wanted conflicts with something else you use, or it changes file associations you didn't expect. It can save you when your hard drive fails, if you used another drive or writable media to store the backups.

Most users, even many security conscious ones who run multiple AVs, AS, ATs, HIPS, etc, often don't have one thing that is a necessity. That's a well thought out security policy, that basic plan that spells out how different situations are responded to. The security policy is where it should begin, from the apps you choose and how you configure them to your response to an unknown. Default-deny is an example of a very secure policy, but one few users implement.
Some good reading:
http://en.wikipedia.org/wiki/Security_engineering
http://en.wikipedia.org/wiki/Security_policy

Rick

 

This should be the motto at the head of every security forum!

Great post, Rick.

regards,

-rich

 

A must have for me is execution protection. On my personal computer this is taken care of with faronics anti-executable on my other systems i use appdefend.

 

1. Immediate System Recovery during reboot.
2. Prevent the execution of malware between two reboots.
3. Image Backup, when 1. and/or 2. failed seriously.

 

DriveImage XML from BartPE. I also have the free Paragon (not tested yet) and I'm waiting for hardcore testing of ShadowProtect v3 desktop when it's available.

Already answered by Alphalutra1. You could use both (internal and external), though.

- Execution interceptor: Process Guard free at this moment.
- Sandbox: GeSWall free.

 

If it's internal and connected, it's also vulnerable to malware in addition to power surges and the like. A new malware variant of killdisk, combined with a mistake by the user could kill both the system and the backups. An external drive can be disconnected or shut down during normal usage, which keeps your backups out of harms way. Most of my system and data backups are kept on an external hard drive, but I also have one set on CDRWs. I don't update these nearly as often as they'd only be needed if both my internal and external hard drives failed together. True, a power surge could do it, but the power and phone lines are underground here and I have 2 surge protectors, so that's not a major concern to me.

System backup and imaging software are examples of apps that must work right to be of any value at all. I realize this sounds all too obvious, but if your backup software didn't make a good copy of your operating system, you may not know there's a problem until you need it and find it didn't work. When possible, backup/restore software should be given a test run. With an app like ATI for instance, a good test run is to restore the operating system to another hard drive, leaving your existing one as is. If you keep your data separate from your system files, system backups are a much more managable size and will often fit on a very small hard drive. I've picked up used hard drives in the 5-10GB range from a local computer store for around $10. That's a small price to pay to know for certain that your backup software does or doesn't work right without risking corruption of your existing system.

Rick

 

I use BOClean or Prevx2 to supplement my AV/FW, Im not sure which to stay with though.