Question on minimum security

Discussion in 'other security issues & news' started by Kees1958, Dec 28, 2007.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi all,

    Because I tried some malwares on different PC's, I have some licenses of different security aps. Based on my malware testing my security preference is a router with build in NAT/.SPI firewall, sandbox or runnning LUA and a behavioral IDS/HIPS as aecond line of defense.

    On the XP box I had ThreatFire with lots of custom rules for added protection as a second line of defense and DefenseWall as a frirst line of defense. I have been a policy sandbox user for the last four years (first GeSWall, later DefenseWall).

    In these las four years I first dropped my software firewall, then the AniSpyware, follwed bu the AntiVirus. Now I have changed TreathFire for Mamuto (have got lisences for both). I had TF running with lots of custom rules and known (from testing) TF is stronger than Mamuto. Only Mamuto is a bit faster/less CPU constraining.

    Fact is that a Policy Sandbox (like DW) is such a strong HIPS, I could consider it to be my only defense. So the question is:

    Are there any Members which are either running as Limited USer with no additional security or members with only running a policy sandbox.

    DW kept our PC clean for over 3 years now. Other security aps did not find a thing/never popped a warning which was not a false positive.
    Regards K
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    As you know, I'm running GeSWall as my main real-time security app. I haven't dropped the SW firewall, because I've grown with them and there are plenty of good (i.e. lightweight, speedy packet filtering, rule-based, SPI etc) firewalls like Jetico, Kerio 2, etc. I'm considering LUA as a second line of defense.
    I don't do on-demand scanning (excepting for newly downloaed files) and I do integrity checking (Tiny Watcher, RunScanner, FileCRC, RkU, IceSword)
     
  3. Minimax2000

    Minimax2000 Registered Member

    Joined:
    Jun 11, 2006
    Posts:
    204
    Location:
    Switzerland
    Hello

    I am also a proponent of policy based hips such as Defensewall. It acts as my first level of protection. Next in chain of command is SSM, should anything malicious come through. And if anything tries to phone home without my consent my firewall will gladly interfere.:D Any anti spyware or antivirus software has been abandoned long ago (> one year) due to false positives and ineffectiveness against zero-day threats.

    But I think surfing the net only with Defensewall is a bit risky. I would therefore not rely on a single program but use a layered approach instead.

    Frank
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I use now :
    - Firewall + router
    - Anti-Executable
    - Sandboxie.
    - boot-to-restore = fresh installed unused system partition.
     
  5. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    If Returnil or DeepFreeze qualify as sandbox types products then put me down for minimum security. My e-mail service does claim to remove spam and other nasties. For years I tried different av, as, software firewalls, Hips etc and was unable to find anything that wasn't a false positive. Now I have a hardware firewall and I reboot before paying by credit card. who knows, I may be clean, I may not but I have yet to find a security program that can identify the invisible nasties on my machines.
     
  6. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Returnil or DeepFreeze qualify as reboot-to-restore solutions or "shadow" software or "light virtualization".
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    what !!!! so I have no protection ?
     
  8. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    When I surf on the internet, my data partition is LOCKED.
    This means that every malware is isolated in a sandbox, but also isolated in my system partition. Losing my system partition is not a disaster and peanuts to recover.
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You have recovery, not security, unless you have security softwares/hardwares.
     
  10. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Not in the form of real-time, running security software. This doesn't mean that you're unprotected or going to be infected, as your experience has already shown you.
     
  11. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    This extract is from my imaging software on hiding/unhiding partitions. Do you use the same type of method to lock your data partition? This is new territory for me and very interesting. So I'm probably missing some basic point!

     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    When I open Firefox and start surfing, Sandboxie locks my data partition automatically (you can configure Sandboxie to do that).
    Locking = no access, no reading, no writing, no stealing and that is a very good protection for your data partition.
    If you don't have a data partition, you can lock your data folders also.

    Watch out for locking softwares, because I had a bad one : PC Security, which still allowed writing, although my data partition was locked.
    I didn't know this, but Peter has tested this and I ditched PC Security immediately and replaced it with Sandboxie, which does a good locking.
    DefenseWall does also a good locking.

    However, I still would like to have a locking software, but one that works. :)
     
  13. steely

    steely Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    12
    On my system:
    Basic User restriction for all apps accessing the Internet, coupled with a strict ACL.
    Execution restriction of all unknown apps by SRP.
    No HIPS as they seem to interfere with System Restore.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Okay guys, thx for the posts
     
  15. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,

    On Windows:

    External threats - firewall.
    Web-based threats - Firefox.
    Document based threats - don't execute / execute in non-MS software.
    Software-based threats - non-MS / simple logic.
    Email-based theats - trivial.

    That's it, I think.

    Mrk
     
Loading...
Thread Status:
Not open for further replies.