Please advice on security setup for PC novice

Discussion in 'other anti-malware software' started by Kees1958, Oct 22, 2006.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Dear all,

    A friend of my wife asked me to advice her on the security setup for her new PC. She bought a strong PC (Intel dual core, GS7900 graphics, the works) with an external drive for backup/restore.

    She wanted to put her money into hardware not software (only Windows XP home edition, plus open office). She does not need an e-mail AntiVirus, because the ADSL provider offers this as a 'free' service (They are using ClamWin).

    This is what I am thinking of (all free products):
    1. Antivir Free (currently the best free AV according AV comparatives)
    2. CyberHawk (protects against DLL/Data injection and some Registry entries, CyberHawk passes regtest 1 and 2 for instance).
    3. Spyware Terminator (gets good reviews, lower cleaning rate than some paid market leaders, but offers excellent intrusion detection and some form of application monitor, they call a HIPS).
    4. FireFox plus BufferZone for firefox and McFee site Advisor for FireFox

    On demand scanning: Ad-Aware, A2 Squared and Bitdefender free

    Hardening SafeXP and SpywareBlaster for static defense


    I doubted between SpywareTerminator and SpyCatcher free, SpyCatcher scores well recently, but is also known for some false positives. I think she will delete any scary files (because SpyCatcher says so) and won't recognise that it is a neccesary part of het PC (graphic and wireless card software parts are often recognised by SpyCatcher as malware).

    I am not sure she will need any additional outbound firewall (she uses a Nat router with inbound firewall). I have thought of Comodo. It is the best free firewall according to firewallleaktest. But even then it only has a 35% stop score. At the moment I am thing why bother to install a freeware firewall (to be safer you should need to buy a paid firewall and she does not want to spend money on it).

    I have not included PrevX1. Because the test of Kareldjag of the former PrevX pro was not good. Also I rather use best of breed than one who claims to be a solution for all. Regarding PrevX this is not a rational argument, so I am open for suggestions.

    I would ask you to include some reference (tests or reviews for alternative options), arguments and observations have more convincing value than opinions and interpretations.

    One last knock-out criteria: pop-up angry solutions or very granular solutions (where you have to know a lot of the XP OS) are not an option!
    F.i. SSM and Antihook are excellent free solutions, just not for an average PC user.

    Regards Kees
     
    Last edited: Oct 22, 2006
  2. kr4ey

    kr4ey Registered Member

    Joined:
    Aug 13, 2006
    Posts:
    187
    Location:
    Florida USA
    I have used Prevx1 and the former Prevx Home (Pro).
    Prevx1 is much better than Prevx Pro, Prevx1 uses local and community signatures (databases)and Prevx Pro does not so I would not compare any tests between the two. I am now using Neoava Guard, not that I feel that there is anything wrong with Prevx1 (just wanted to try something different).
    I used Prevx1 for the more than 8 months as my only protection and never have been infected by anything, and I tested it pretty well.
    My opinion is that Prevx1 is excellent software.
    I am using Acronis True Image so it would very easy for me to go back to my previous configuration (Prevx1).

    Rick
     
  3. kdm31091

    kdm31091 Registered Member

    Joined:
    Jul 18, 2006
    Posts:
    365
    Don't bother with Ad-Aware or Bitdefender free with that setup IMO you wouldn't need them; A-Squared is debateable. The rest looks good.
     
  4. ASpace

    ASpace Guest


    ClamWin is like no antivirus , anyway she should protect the computer from itself and not rely on somebody else .

    Why everything free , you should encourage her to spend some money on paid software because paid always offer more

    I would suggest :
    1) Windows Firewall (or in case she insists on two-way , ZoneAlarm)
    2) Firefox
    3) AntiVir free
    4) Spybot Search and Destroy , Ewido Micro scanner
    5) Firefox extensions -> Site Advisor , NoScript
    6) Windows fully updated
     
  5. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I hope she knows what to do when the two HIPS application's pop up with a message asking for her to make a decision "Allow/Deny". At least with Prevx1 the decision is made where it is 'Known good' or 'Known bad'. I'd use SuperAntispyware over Ad-Aware every time.

    muf
     
  6. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Muf, KDM31091

    BufferZone does not give pop-ups to my experience. CyberHawk only when something strange happens (rarely throws a pop-up). So for her a pop-up means delete or block.

    I just added the on demand scanners, because everyone always tell PC users who are not bothered with security knowledge that the MUST use an additional scanner.

    My wife's PC has DEP for all programs, DSA, CyberHawk and DefenseWall. She never get's a pop-up. She also knowns pop-ups mean bad things. For the last two or three months the weekly on-demand scans show zero mal-ware, so I think you have got a point.

    Thanks for the info

    Kr4eye (Rick),
    I do not about PrevX1, does it with stand the dfk-threat-simulator? I only know of the test results of Kareldjag.
    Thx for the info


    HiTech_boy,
    The Nat-router has an in-bound firewall, so windows firewall is redundant. I do not agree with ClamWin for e-mail is like no antivirus. My ADSL provider also uses ClamWin and it passed all GFI Email protection tests.
    For FireFox I was also thinking of BufferZone for FireFoxwould (sandbox).

    Thx for the reply
     
    Last edited: Oct 22, 2006
  7. toasale

    toasale Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    86
    Location:
    Alabama
    ClamWin is, like all, not an end-all, therefore you've got to get Comodo's free for lifetime A-V - it is strong. You need a machine AV, because USB drives, floppy insertion (yup - still around) and even reading/formatting/writing to CD's/DVD's is begging for a whopper of a hit!

    www.comodo.com

    :D :) ;)
     
  8. CJsDad

    CJsDad Registered Member

    Joined:
    Jan 22, 2006
    Posts:
    618
    CAV is a strong AV, when did this happen ?
    Test results ?
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I second that. Average users don't know the answers when they use classic HIPS. Or they always say "yes" or "no", because they don't know the answer and put their own computer in trouble. Isn't that obvious.

    Prevx1 knows the answer already via the Community Database. So there are no wrong answers.
    If the Community Database doesn't know the program or the Community Database isn't available, the program will be considered as "unknown" and then Prevx1 will act according the settings for unknown programs (Query, Allow, Block). The same for "caution" programs, but I block these anyway.
    Quite a simple philosophy but sufficient enough to prevent installation of malwares.
    Prevx1 is getting stronger every day, because they get good, bad and caution programs from every Prevx1-user in the world and the Community Database is managed by knowledgeable people, not housewives.
    I don't even have to try Prevx1 for a long time, because I know already that it is good in theory.
     
  10. L Bainbridge

    L Bainbridge Registered Member

    Joined:
    May 15, 2006
    Posts:
    173
    Location:
    London,U.K.
    I'd go with Comodo for a free f/w, AntiVir for a free AV and Spyware Terminator for a free AS.
    Like ErikAlbert I'd strongly recommend getting PrevX1 as it takes the guess work out of what to allow on your PC for the average user and disable the HIPS in Spyware Terminator unless she is a fairly computer literate.
     
  11. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I will never ditch Prevx, just because of some failed tests or because it didn't kill some malware. That doesn't make any sense and is very unfair.
    Ever seen a perfect security software ? Every member of Wilders knows that answer.

    It's the philosophy, the all-in-one nature and the PREVENTION METHOD of Prevx1 that convinced me to install Prevx1, not the Prevx1-fans.
    I don't need a scanner that REMOVES malware, because that is already TOO LATE.
     
  12. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Kees, I think you seem to know what you are doing.

    I would say with a NAT router, and all the other firepower, and the requirement of few popups you probably don't need to add Comodo firewall or any personal firewall for that matter.

    Yeah Cyberhawk seems quiet, probably because it lacks execution control.

    Spyware Terminator's HIPS has execution control, but I think it scans your hard-disk for all exes and whitelists them, so you won't get any popup from that feature untill new exes are created or modified.

    Prevx1 fits your requirement of few popups because of the whitelist , but it's not that free (it kind of is but not quite)...

    Some other ideas.

    You could do PG free and turn off execution control (which is the cause of the most popups). The aim here is to add some process protection against termination attacks on security software.

    Not sure if Spyware terminator has that, even if it does I doubt it has as good as PG's.
     
    Last edited: Oct 22, 2006
  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    I think I will be using the following (free programs) setup:

    1St layer:

    ADSL-provider email protection
    - No extra e-mail AV, ClamWin mail passes all GFI mail tests
    - For extra security I will use DropMyRights to startup OutlookExpress

    Firewall: only the inbound firewall of the Nat-router (Suggestion KDM31091)
    - reason: simple and the best free FireWall (Comodo) only stops 35% of the threats,
    Comodo also fails the Zapas injection test (while it claims to do so).

    FireFox with BufferZone 4 Firefox and McFee site advisor:
    - McFee gives some risk clues before driving by a web site
    - FireFox less vulnarable for internet attacks (than IE) and still a mainstream browser
    - BufferZone will prevent most attacks by keeping them in the sandbox/virtual environment

    2nd layer:

    SpywareTerminator
    - Reasonable scoring anti-spyware ap
    - Good intrusion protection
    - Application monitor (they call HIPS) which scans the harddisk for existing aps,
    so it will not throw pop-ups when launching existing aps.
    Since this will be a clean install, the white list should not contain malware.

    Antivir
    - Second best score in AV-comparitives (and free)

    CyberHawk
    - Protects against data and DLL injection (passes Zapas, ApiSpy)
    - Basic directory and registry protection (passes regtest 1+2)
    - Heuristic only warns when anomolies happen (simply block)

    I will have a look at ProcessGuard and see whether I can disable execution control
    and enable termination control without going through an extensive learning phase
    (suggestion of Devil's advocate).
    When possible, I will also dis-allow the nag screen of Antivir with PG (nice extra)

    As for PrevX:
    - I have not read new facts (does it with stand the dfk-threat-simulator),
    - The Kareldjag test was not so good
    - The community feature is a nice black list info collection feature, but:
    - There are already two blacklist solutions (Antivir AV + Spyware Terminator)

    I will drop the additional on demand scanners (suggestion KDM31091).
     
    Last edited: Oct 23, 2006
  14. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I she is safe surfer don,t bother her with HIPS except for Prevx if ever u want. Antivir, ST and BZ, DMR( though i am not sure that u need it with BZ) are OK. Router plus Comdo.
    CH not needed as well( just my opinion).
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    BufferZone free is only for FireFox, DropMyRights is used with OutlookExpress

    When working normal, she would not even notice CyberHawk and the SpywareTerminator HIPS.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Spyware Terminator HIPs are not advanced and i don,t see much adavantage of using them . If u really want soem HIPS u can use SSM free but again HIPS are not for normal users.
    CH-- is ur choice then Ok but I could not let it work well on my system and also it with not differentiate legit and non-legit things, again noy for beginners.
    In BZ free U can add anything like IE, FF, Oper etc all at the same time.
     
  17. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Aigle,

    With advanced HIPS like SSM and Antihook you are right. Because it is from a clean installation (no malware for sure), Spywareterminator scans the hard disk and builds a whitelist of allowed applicatons. With so little extra effort you have a program monitor as bonus.

    When you have the knowledge to configure SSM it is not a question which one to use (SSM or ST), for sure SSM is the stronger HIPS.

    by the way: great testing you did with Sandboxie, GeSWall, BufferZone and DefenseWall
     
  18. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    You are right probably. I never used it,s HIPS. They seem like application behaviour control in Kerio. Am I right?
    Thnaks.
     
  19. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    You can easily turn off execution control with one click. Then add the few security programs to protect, also add termination rights for them.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
  21. ASpace

    ASpace Guest

    I strongly believe that the most important level of protection is the software-level . Every other protection , level of protection , can be very good additional protection which means people should protect the computer itself (by softwares) and then protect the perimeter (by hardware or software) . Protecing the perimeter with the router is good . I also use router but also keep Windows Firewall enabled . Anyway , the choice is yours :thumb:

    You are welcome ;)
     
  22. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Interesting,

    What is the opinion of others. Say when you do not use an out-bound firewall, should you also enable windows firewall when you also use a Nat-router firewall?
     
  23. ASpace

    ASpace Guest


    I just would like to underline it was my own opinion :) . Theoritically if you have NAT and SPI protections of router you don't need Windows Firewall . What I mean is connected to the fact nowadays you shouldn't rely only on one protection and it doesn't hurt to have WF enabled . The software firewall protects the computer , the router protects the network (although you may have only one PC behind that router ) :thumb: :thumb: :thumb: Don't take my advise so personally , I am just trying to help :D :D
     
  24. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    If you are the only one on your network, it is redundant. However, if you share the network, it can offer nice protection from any attacks from pcs on your network.

    Alphalutra1
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hitechboy,

    No I was asking an open question and say what AlphaUltra1 just made a point. At home we are sharing a network of 3 computers. I had not realised that attacks could also come from within (on all 3 PC the firewalls are set off, because we are behind the Nat-router).

    So you made a point thx
     
Loading...
Thread Status:
Not open for further replies.