Non-signature based antimalware setup/questions

Fly,
The best I can come up with that would fit your requirements would be:

1. A full system backup program such as Acronis or similar, which you have.
2. A router or hardware firewall in front. Leave the Windows firewall running.
3. A light resident AV such as Avira.
4. Sandboxie.

Clean your system as best you can. Empty temp files, delete the trash. Throw out anything that's not needed. Use several of the online AVs to make certain that your system is clean. Before you install anything or do anything else online, make a full system backup and verify that it works. This way, if you don't like the AV or another installed application, or if one of them conflicts with your system, you have an easy way to get back to where you started from. Install the AV and Sandboxie. If everything is working right, launch IE7 in the sandbox. Have Sandboxie make a new desktop shortcut for launching IE7 in a sandbox. If everything works, make a new system backup. Save this as a restore point in case you have future problems. In the future, any files or programs obtained from the web or other sources should be opened in the sandbox.

I can't speak for Avira and how much it or another AV may load an older system. Haven't used an AV in years. Sandboxie is very light and shouldn't be a problem. I'm running it on a Win2K testbox using much older hardware with no problems or slowdowns.Just be careful when recovering items from the sandbox. Sandboxie will not protect you from anything once it's removed from the sandboxed folders.

This would be the simplest package I can recommend. You mentioned that you didn't want to switch to FireFox. You might consider looking at some of the other browsers. K-Meleon is good. So is SeaMonkey. Try them out by running/installing them in a sandbox. K-Meleon also comes as a zip file. You can just unzip it and run it from its folder. On older hardware especially, I've always found the alternate browsers like SeaMonkey and K-Meleon to be much faster and lighter than IE6 or IE7. Since all the alternate browsers are used less than Internet Explorer, they're targeted by malicious code much less often.

 

what is LUA and SRP ?

 

Info here:
https://www.wilderssecurity.com/showthread.php?t=200772

and here:
https://www.wilderssecurity.com/showthread.php?t=232857

basically, LUA stands for limited user (or least privilege) account and SRP stands for software restriction policy and is part of the windows group policy.

 

I don't mean to take the focus off Windows, but you would be a prime candidate for Linux. If you're tired of the malware/virus risks in Win, and tired of looking for solutions, Linux IS free of all that, and as close to 100% as you can get. I don't know if this is a possibility for you, but it's worth consideration. Many are moving in this direction nowadays.....

 

I'm not ignoring your question. Posts #23 and 24 covered the answer very well.

You've been given very good advice so far. Many of us use the programs or methods daily and are well protected. I was in the same situation as you 3 years ago. I had 512MB of RAM and Norton IS 2006 (very slow). I also didn't think I could handle a program like Sandboxie or Returnil but I'm glad I tried and I haven't looked back. If you need to, try one of the suggestions at a time until you find something you like, understand and feel safe with.

 

Seems good and simple advice, I'll consider it.

 

Sorry, I just don't have the time learn all that. I'm sure it makes sense.

 

I also prefer full system virtualization. No system can be 100% safe (first big danger is physical theft of the machine, if it is not encrypted you're done). If you want to virtualize everything, Returnil is not suitable. A good AV + firewall + virtualization will give you 99% security.

Banking online is too dangerous, and one should limit it to accounts with very little money and restrictions about operations. I still use my credit cards with some precautions: First I do my searches for whatever I'm interested, always virtualized. Once I'm about to purchase whatever, I reboot the system, do my purchase online as quickly as possible, and reboot the system for the second time (every reboot wipes out any info from the previous session).

I don't claim that this method is 100% safe, but admittedly for someone to hack your system at that particular moment or even for automatic malware to transmit data, time and rebooting might just make the spying operation very difficult to succeed.

Let's not forget that credit cards companies won't charge you if you manage to prove that your card number was illegally used (It is a hassle though when it happens)

 

For financial transaction security, you may find the advice in this post helpful.

 

Just a few questions about Sandboxie: I've read reports about incompatability between Firefox version three and Sandboxie. I haven't done extensive research, but is this fixed ?

Anyway, I'm not eager to switch to Firefox. But if I were to combine Sandboxie and IE 7, would that be safe, since IE 7 is in essence part of the Windows OS ? (Currently I use IE 7 with above average security settings)

 

I never experienced any incompatibility between sandboxie and firefox before. And now i am still using sandboxie and FF together.


Criss.

 

Given a choice between the two, I'd prefer to sandbox or virtualize just the attack surface applications. Except for the testing of new software and operating systems, I don't see any advantages to running 2 operating systems at one time on one PC. Even with a virtual guest system, the host system still needs to be secured.

Malicious code has reached the point that it can detect when it's in a virtual environment. I wholly expect to see it escape from containment software and successfully infect the host system. Sandboxing and virtualization software are excellent tools, worthy additions to many security packages, but IMO they are not total solutions on their own and shouldn't be expected to stand alone.

 

Sbie and FF3 run fine together. If you use many extensions, you may need to open a file path so that data can be saved to the real system. For example, I have an open file path so my AdBlockPlus patterns will be saved.

You should be fine with IE7 in a sandboxed environment. Sbie was originally made for IE.

 

If you keep IE updated, it should be as protected from known vulnerabilities as any other updated browser.

If it's doing its job, the sandbox should keep malware inside of it, regardless of whether IE accesses the local file system ("is in essence part of the Windows OS" ) or not. In other words, if you run IE inside the sandbox it cannot break through anymore than malware can. Any changes made to the local file system by IE would be discarded when the sandbox is emptied.