Looking for a light and save setup on Vista32

Discussion in 'other security issues & news' started by Newby, Sep 6, 2007.

Thread Status:
Not open for further replies.
  1. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hi,

    This week my new PC has arrived (with Vista32 home premium). It is fast and I want to keep it that way. Also I have spend my pecunnia on the PC. So my first looks is on freeware.

    I have a router with build in firewall.

    My selection so far:

    Antivirus
    Avast Free home. Reason for choosing. Only free AV which offers same functionality of paid version. I know it has lesser protection rates than Antivir, but I hate the Antivir Nag screen and dislike the low availability of its servers for updates. Avast has modules to check inward streams which I will be needing E-mail, P2P, Internet. It also covers quite a range of spy-ware. Compared to AVG it is the better choice. Compared to Antivir it is hassle free.

    HIPS
    I think I will choose ThreatFire free. When I enable DEP it covers me from most threats. I think I will add the custom rules for the registry explained in Wilders https://www.wilderssecurity.com/showthread.php?t=183020
    I have a preference for a behavioral blocker because I do not have the knowledge to configure an Anti Executable properly (parent - chils?). I also like to try new software (freeware), so the pop-ups of an AE will only irritate me.

    FireWall
    I will use the WindowsFirewall, with outbound initiation protection enabled with the freebie VistaFireWall Control. I know it is weak outbound protection, but that is the reason I am using a HIPS. Other reason is that I have not got in depth knowledge of protocols et cetera to configure a decent software firewall.

    Anti-Malware
    Comodo's Boclean seems to be the choice, it is light and scans memory. This will give me a different kind of protection.

    UAC
    I think I will keep using TweakUAC to run in silent mode. This will still give me IE in protected mode and some virtualisation when running old XP aps. I am not sure on how this protects me against malware. I know programs start in limited righst mode, but are allowed to elevate automitically. Does thi smean that a program running can access the area's limited to admin rights in a sneaky way (e.g. malware installing a driver), or does this only applies on program installations?

    Surfing
    I need to use IE (a few favoured sites require activeX), so I am thinking of using Returnil free for risky surfing. I have 4GB of memory and made two partitions, so I think this will do.

    Image recovery
    I have an old Maxtor external drive. Problem is I now have my disks configured as RAID. Which software works okay with RAIDs and Vista? Please also advice paid software.

    Other
    Tried SpywareTerminator. I like it really much, but it felt somewhat slow. Was this an exception or is it slower on Vista than on XP

    WinPatrol, and Arrovax shield seem very light, are they any use in the above configuration?

    Spyware Express/Spyware Doctor starter edition, anyone experience under vista?


    On demand
    I will check downloaded files with Bitdefender free, AVG Anti-spyware free and Super Anti Syware free


    Please advice

    Thanks
     
    Last edited: Sep 6, 2007
  2. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
    Just a thought on Avira; yes, they do have update delays for the free version, when there is a huge software update out. Other than that, I have mine set to update 5 times a day; never any delay. The nag screen - IT"S FREE..........who cares, AND, if it's that big of a deal, it can be turned off.

    HTTP/email/p2p scanning - do a search here. Avira will detect stuff coming through those pipelines without some bothersome additional crummy HTTP scanner etc. to slow you down.

    Even though Avira free doesn't have spyware/adware in the database, from some of the tests people have done, with the heuristic on high and all the security threats enabled in the configuration, it still beats most antivirus products that have adware/spyware in the signatures. Even when it's tested strictly against these threats! Heck, in one test I saw, it faired even with, and beat some antispyware products!

    And for really nasty trojan type malware, it's unsurpassed.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    You can save some resources by only running one anti-malware, either BOClean or ThreatFire.

    For browsing Id consider running Firefox and using IEtab for those few sites that need activex.

    And lastly, you dont need WinPatrol or Arovax Shield. You have plenty already.
     
  4. Drew99GT

    Drew99GT Registered Member

    Joined:
    Jun 27, 2006
    Posts:
    338
    Location:
    Colorado Springs
  5. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    WSFUser,

    Thanx only they are so different a blacklist memory scanner (boclean) and a behavioral HIPS, that I thought it would not overlap (protection from different angles in stead of more of the same).
     
  6. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Yep, you made me doubt, but . . .what about Boclean it is so freaking effective. I will stop the Webscanner of Avast.
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    the avast webscanner is ment to be the best webscanner and i havent really heard any reporting it slowing them down.
    so might as well have it on for extra protection.
    lodore
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    That is correct and if you want to run both that is fine. The title says youre looking for a light setup so I suggested you run just one.

    Also if youre gonna run avast, Id keep the web scanner enabled. It doesnt slowdown web surfing (from my experience).
     
  9. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Iodore, WSFUser,

    Thanks, I will put avast webscanner on gain.

    WSFUser, you are right about the light setup question. I did not intended to question your suggestion. I experienced that Boclean warned on a few (like DFK threatsimulator) which were not picked up by Avast. Also Boclean seems to be light (it only reads a lot of data at startupo_O), so it would provide additional protection from a different angle.

    Avast = at program startup and when files are changed (have unselected the check at read) with black list
    ThreatFire = sort of black box approach looking at the behavior
    Boclean = memory scanner, with pieces of code (fingerprints) black list

    Thanks for the replies both of you
     
  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Newby,

    You are the maser of your own PC, but I think adding Boclean to your setup provides little extra protection, because:

    1. Boclean provides on execution protection, meaning the malware has already landed on your computer. ThreatFire will catch it a little later (when it starts to behave bad), but neither will protect it to enter your PC.

    2. CyberHawk (predecesssor ofThreatFire) cheats a little as behavior blocker, because it also has sniplets of code to fingerprint malware (sort of mini-blacklist) which is hard to catch with user friendly behavioral blocking. So in a way its on execution protection mini-blacklist overlaps with Boclean (catching real nasty Malware like Trojans etc). There is a fair chance Avast's on execution blocking will tackle the others.

    3. Running in IE protected mode all the time (with Avast webshield and ThreatFire as backup) and for real dangereous surfing Returnil, would minimise the chance of being infected. Average PC is not protected against zero day threats. Most of the heavy posting Wilders Members are protected against 95% of the real baddies. Those 5% which would bring our security down, will problably also pass Boclean, so I think WSFUser makes a point.

    Reagards
     
Loading...
Thread Status:
Not open for further replies.