Non-signature based antimalware setup/questions

Discussion in 'other anti-malware software' started by Fly, Feb 24, 2009.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I'm aware of the limitations of signature-based antimalware programs. Especially since the volume of the signatures is rising quickly, and real-time software such as McAfee can be real resource hogs. Usually not while surfing (CPU usage), but at startup, updates and at times when it seems to communicate with, for example, McAfee.

    Please keep in mind that I have a 5 year old computer,
    processor AMD Athlon(tm) XP 2800+ CPU plus 512 MB RAM. One core, probably 32 bit ! I know RAM is cheap, but I'd rather not add any RAM to this old computer (there can be BIOS/mainboard/chips issues). Windows XP Home Edition SP2. I also have a wireless connection that uses firmware, it's not set up by some Windows wizard. For example, it can't work in safe mode, and it can have issues with security software. I also use IE 7, and I'd prefer not to switch to Firefox.

    I don't plan to renew my current security software, and as the title suggests I'm considering other approaches. Something plain, simple, stable and secure.

    I'm thinking about rollback/virtualization systems. A probably ideal approach would be starting a session and closing it without allowing any malware (or other changes) to get on my computer. For example, I would close a session, start a new one, pay by credit card, close the session without my credit card data being present afterwards.

    I don't want to try all software ...

    I'm not sure about the differences between rollback and virtualization software. I know many like Sandboxie, but it may not be secure enough. I want something with 100% security, without loopholes, and it doesn't have to be free.

    I've read about Returnil, but it claims to be a third layer and complimentary layer as a security approach, or something like that. Aside from keeping a firewall, why would I need more security software ? I'm not in the habit of downloading software from the internet, just emailing, surfing, reading a PDF and such.

    One thing that occured to me, would I need some complimentary software (signature based?), for when I make a payment, in case the website is infected, or for email ?

    Please keep in mind the limitations of my computer.

    What programs would be worth considering ? Suggestions are appreciated.
     
  2. progress

    progress Guest

    Switch off your machine ... :shifty:
     
  3. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    If Those are your internet habbits,Then LUA+ SRP are more than enough...if you do not take your chances or are a happy clicker then its more than enough..Note,that you might see viruses if you use a scanner,but they will be inactive,since they cannot execute/write things.i tell you that,so that you do not get the wrong feeling that you are insecure.will also immunise you vs usb threats which seem to be highly in fashion these days.
     
  4. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    If plain, simple, stable, and secure are the criteria, then Sandboxie + a decent AV (Avira) + an on-demand anti-spyware (SAS or MBAM) would be my recommendation. I'm a little surprised by your statement that Sandboxie "...may not be secure enough". There are some of us (perhaps many of us) who consider Sandboxie to be their Big Gun when it comes to protection. And it's fairly easy to configure a separate, highly tightened sandbox used just for banking and/or transaction activity.
     
  5. demonon

    demonon Guest

    I second that. Try SuRun and some hardening applications.
    Some sort of sandbox like Geswall, DefenseWall or Sandboxie can compliment every security setup.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Actually, I intended to not use approaches like LUA, SRP, HARDENEN-IT, ANTI-EXECUTABLE and other such technical approaches. I'm really not an expert, and that, say, 80 % of all malware will not run with such a setup is not good enough IMO. And with hackers getting more sophisticated I'd have to keep an eye on both threaths to circumvent this type of protection, and the protection itself. Not my preference.

    GESWALL seems to be an intrusion prevention system, somewhat like a HIPS.

    What about Returnil and other rollback software ? Can something like this be done without a signature based antivirus/antispyware program ?

    I was also thinking in particular about making a credit card payment at a website. Typically there will be a http and a https connection. Would something like Returnil be enough ? Or would I need something else, like a signature based antimalware program, or ??

    Would anyone recommend Returnil, or some other kind of rollback software ?

    Thanks for the replies.
     
  7. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    LUA+SRP go far,far,far beyond 80% and you can not find anything faster,which is a big plus for an aged system..GesWall is good,but not perfect itself..virtualisers like returnil,do avoid destructive type of malware,but are vulnerable vs spying type of malware...My best bet for your situation would be sandboxie,but it still needs some care from u.
    Im sorry,but the 100% you are seeking and without any knowledge requirements and in all the rest conditions,does not and will not exist..not even NSA has a such.have a nice day..
     
  8. Dogbiscuit

    Dogbiscuit Guest

    If you ever find such a thing, please let me know. This isn't meant to be entirely sarcastic. But in the few years I've been a member here, every new security solution is hailed as the end of malware, until sometime later someone discovers it has weaknesses like everything that's come before it.
     
  9. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    I think if you're going to ask for advice and then immediately state that it's not good, there's no reason to ask in the first place. And nothing provides 100% security.

    Anyway I agree that LUA + SRP is very powerful. Sandboxie can also complement that.
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There are no 100% secure options. The most effective options we have do require some input or knowledge from the user. None of them do it all for you. The closest thing you're going to find to total security without a lot of configuring or decisions on the users part would be a Linux Live CD.
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I suppose virtualizers like Returnil don't protect against the spying type of malware, since an infected website could capture confidential data like credit card data. If I chose something like Returnil, what ('non-elite') software would offer near 100 % protection against that ? I virtually never get infected, so I'm hesitant to switch to another approach, especially if I don't understand it. (Motivation for changing : current McAfee plus Spy Sweeper 5.5.7 are resource hogs, the latter is a 'has been', money, privacy, security).

    I've read about malware jumping out of Sandboxie, of course that might be about an older version or a case of incorrect configuration/user mistakes.
    Besides, Sandboxie is very popular, it would seem that it would/will attract the attention of hackers.

    I just seem to prefer system virtualization above virtualizing the browser.

    Of course I understand that many people have their favorites, for whatever reason.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    you can consider keyscrambler if you like it and if it does not give you problems why not,heard good coments on this one even if it gave problems with some online games:D
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
  14. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I agree a live cd is as close to 100% as you'll get.But then again running a sandboxed browser within a Returnil protected system you'd have to be extraordinarily unlucky to encounter a malware capable of breaching that,if indeed one even exists.:doubt: If you're ultra ultra wary then stick on Mamutu and have it watching over Sandboxie against malicious manipulation.
    Of course if you're certifiably cautious then ensure the sandboxed browser is Firefox with Noscript enabled.
     
    Last edited: Feb 26, 2009
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's quite a few ways you can set up and equip a PC to be safe against 99%+ of the malicious code in existence, but most of them don't don't meet the original posters requirements of being simple and non-technical. Most of the "easy to use" solutions are vulnerable to certain types of malicious code. Even Sandboxie can get a user in trouble if they choose to recover a malicious file. Sandboxie is good but it's not foolproof.

    I'm currently trying Sandboxie on my Win 2K box to see how well it does at isolating the attack surface but the OS is still protected by my usual package (SSM, Kerio, Proxomitron).
    By limiting your choices to security products that don't require much learning and/or configuring, you're eliminating the best options and settling for a compromise solution. No single security app is going to protect you from every type of malware or 99%, or 90% of it. Security packages made from apps chosen to complement, protect, and support each other can begin to approach that 100% mark but won't quite reach it. In any such package, a big part of that percentage comes from understanding the security apps you're using and their limitations. There is no substitute for knowledge. You don't have to be a programmer or a security app hobbyist but some knowledge of the system you're using goes a long way. The time spent learning about computer security can more than pay for itself. You could secure your PC using inexpensive or free software instead of paying for apps that configure themselves or require yearly fees to function.
     
  16. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Sandboxie has to be in the setup if simplicity and non-technical setup is a requirement.It offers extremely high protection with virtually no effort (pardon the pun).;)
    A good imaging program is worth it's weight in gold too IMO and these don't tend to receive the priority they should.Something free like Macrium Reflect will image a system in minutes and almost certainly will prevent a major headache at some stage.
     
    Last edited: Feb 26, 2009
  17. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Sandboxie won't protect me if I try to enter me credit card details at an infected website, right ?

    Maybe I ask for too much.

    Currently I use McAfee VirusscanPlus and Spy Sweeper 5.5.7, some browser and system tweaks, plus a 'gut feeling' about potentially dangerous websites.
    I virtually never get infected.

    Aside from zero day threats, most AV's protect against about 99 % of malware according to av-comparatives' on-demand tests (which according to a fellow Wilders member is about equivalent to real-time protection).

    I would not want to move to a 'tech' setup which I would at best superficially understand, and have to keep track of the 'tech' changes and the changing approaches of hackers.

    I am interested in computer security, but it's not my hobby.

    Btw, I already use an imaging program, Acronis version 8.
     
  18. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Are you talking about a fake phishing site? If so, no it won't help. Only knowledge will help you in that situation or perhaps a browser with phishing protection.

    If you talking about going to your banking site and it tries to install a keylogger then Sandboxie can be easily setup to only allow your browser and pdf reader to run and/or allow it internet access in the sandbox. It can also be easily setup to block access to personal files/folders/partitions for whatever is running in the sandbox. In other words, not only can the keylogger not execute, it can't have internet access or see your personal info stored on your computer.

    Returnil's new release has some sort of anti-executable that you may look into, but it's new and hasn't been tested against malware AFAIK.

    IMHO, a hardware firewall, Firefox with NoScript and Adblock Plus, Sandboxie and an updated system is a good basic combo if you understand it's limitations. Adding Returnil is another possibility just in case something would happen to slip out of the sandbox.

    I hope this helps and do yourself a favor and get a compatible 1GB stick of RAM for your machine. Trust me, you'll be impressed ;).
     
  19. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Yes considering the current low price of RAM (in the UK at least) it's the best way to give your pc a new lease of life.With regards to compatibility you're best sticking with the branded ones such as crucial and kingston.If you post your motherboard model number here I'll check for compatibility for you.
     
  20. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, I can't seem to find that info on my computer, although I've seen it in the past. But on paper it says:
    M7NCD. Not to be confused with M7NCD PRO or something like that. It's old.

    But I've had some issues with motherboard vs. RAM, and I needed to switch spf (or something like that) to automatic in the BIOS to prevent errors at startup. I just don't want any problems, I had to figure that out on my own, or else I'd had to buy a new motherboard plus RAM, or in other words, a new computer. From what I recall, the visual layout in the manual is not exactly the same as what is in my computer, but it has been a long time since I opened it.
     
    Last edited: Feb 27, 2009
  21. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    (partial quote above)

    What if a legitimate website has been infected, http and https connections at the website, drive-by-downloads ?
     
  22. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    It appears that your board is manufactured by Biostar which I'm not familiar with as I don't think they have a UK presence(UK site under construction),but according to the site it supports up to 2gb and you should be fine with Kingston RAM.

    http://www.biostar-usa.com/compatibleram.asp
     
  23. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    Any malicious scripts will be contained within the sandbox and be unable to interract with any part of your system.
     
  24. Dogbiscuit

    Dogbiscuit Guest

    If you have given your credit card number to a website and hackers break into the website and steal that information, it seems that this is beyond your control (other than you not using your credit card on the web).

    If your concern is about visiting a 'legitimate', but temporarily compromised website, keeping all your software updated will protect you (unless YOU deliberately download and install something yourself).

    The only other possibility from the web would be if a zero-day vulnerability exists on your system that would allow a drive-by (remote code execution), such as the current Adobe Reader vulnerability. This is what you may need some added protection against, from time to time, in my view.

    A router or firewall will protect you from worms on the internet exploiting a zero-day vulnerability in your OS (if there are running services exposed to the internet). Running as a restricted user will protect your OS from most other zero-day exploits, but that still leaves the restricted user account itself open to attack. To protect the restricted user account, some people might suggest using a sandbox, or anti-virus software, others might prefer Firefox/NoScript, a HIPS, SRP, etc.

    Some people choose to use nothing (or even run as admin) and don't get compromised because of their habits. What you might choose depends on you - your habits, your expertise, etc. For example, if you don't have the time or desire to learn about security, an AV might be a good choice. If you like to control your browsing 'experience', using NoScript w/Firefox could provide the added protection you need, etc.
     
  25. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thanks for all the replies, I'll give it some thought.
     
Loading...
Thread Status:
Not open for further replies.