Overall Strategy

Discussion in 'other anti-malware software' started by RootAccess, Aug 4, 2007.

Thread Status:
Not open for further replies.
  1. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    There's just too many security software out there and frankly it can get a bit confusing. I feel I can browse this forum for months and I'm trying to find a better way instead.

    To be blunt, I'm looking to implement the strategy of "default: deny". Rather than keeping an eye out for bad software, I want to have a "white" list of software that I do allow full access and any software that isn't on the list should be denied from running.

    Secondly, I need something that prevents these trusted program files from being modified by any rogue softwares.

    Third, a software that tracks and monitors every new program that gets installed on my computer and allows me to add them easily to the whitelist.

    That's the overall goal for my computer security setup. What particular software programs would meet my 3 goals the best?
     
  2. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
  3. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Anti-Executable fulfils your needs fully. On the downside, your strategy offers you no protection when you do need to introduce software from external sources onto your computer (i.e. software installation), where the best you can do is pray that the new software is indeed clean.
     
  4. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Faronics anti-executable is a good solution, its very secure in what it does and can be a little restrictive as a result. Anything not on its whitelist is automatically denied. When set to high security it can protect you against dll/driver installations and also gives you copy/delete protection. To add new programs you simply disable anti executable run the new programs then enable anti executable again. One solution to help protect you when installing new software is use an on demand scanner to check the software first.

    If you are wanting a free solution then something like system safety monitor free or pro security free can be configured to meet your 3 goals.
     
  5. herbalist

    herbalist Guest

    My PC is secured by a default-deny security policy. The application whitelist is primarily enforced by System Safety Monitor, which is ideally suited for such a role.
    This task is also handled by SSM. Other classic HIPS can perform this as well. The initial default-deny policy prevents malicious code that could modify system files from running in the first place. Apps like SSM also check the integrity of the executables and block/alert if they change.

    Regarding the whitelist, your best option is to make your own. It should contain only those system files necessary for your normal usage and the executables of the software you use. Any whitelist or whitelisting software you obtain elsewhere will be much broader in what it allows.

    For an install monitor, check out Inctrl5.

    I'm short on time right now. Will try to give you more detailed info this evening.
    Rick
     
  6. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    SSM is okay and provides good RD+AD

    But I personally feel it is quite lacking in FD unlike say PS or EQSecure.
     
  7. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    As far as free HIPS go, EQSecure is the most powerful product available right now, which rivals and even exceeds the abilities of other paid products. SSM comes second, and the free version of ProSecurity is so crippled that it's good for enforcing application execution control, but not much besides.
     
  8. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    EQSecure is nice, but I find it very hard to understand and use. It's quite different from the rest.
     
  9. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    The basic principles and usage of all HIPS programs are essentially the same; the only thing that varies is how each program puts those principles into practice. Generally speaking, there's a set of application-specific rules, and a set of global rules which are consulted if no application-specific rules match a given event (the priority of which one is consulted first may vary). With that said, I don't see why EQSecure is necessarily more difficult to use than, say, SSM - EQSecure's Learning Mode even automatically makes rules for the file and registry defense modules.
     
  10. LUSHER

    LUSHER Registered Member

    Joined:
    Feb 28, 2007
    Posts:
    440
    It's probably me. I'm just stupid. It just keeps working differently from what i expect. Maybe I use SSM or PS too long.
     
  11. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    You can create a separate thread with what problems you're having, and I'll see if I can help.
     
  12. Blue Ring

    Blue Ring Registered Member

    Joined:
    Apr 13, 2007
    Posts:
    100


    That's why I still have over a dozen different scanners AV, AS, AT etc.. as well as the online scanners, to scan any apps before I install them. While I know this isn't anywhere near the perfect solution, it does help. I don't see HIPS as the final answer or the scanners, but both combined, I feel my chances have increased to prevent malware from infiltrating my system.
     
  13. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    I was going to suggest Abtrusion Protector as I think it will do all of what you want also, and it's free. However, I noticed that the web site is virtually barren, and not sure what's going on there anymore. You can however probably find it for download on other sites if you Google for it. It may be what you're looking for...
     
Thread Status:
Not open for further replies.