Safety Without Bloat ?

I am so tired of continuous updating of security, antivirus and antimalware software, seems like it's all I get done.

I am thinking about:

a.) "Returnil" or other virtulization product.

b.) "Anti-executable"

c.) "Sandboxie"

d.) "ATI" or other Drive Imaging product.

e.) "Opera" or "Firefox and Thunderbird" for Browser / Mail Programs...

First

Setup windows XP SP2 per my liking then locking it down with a combination of the above.

Use the drive image for the worst case scenario.

I am talking about no antivirus software "Norton" , no antimalware "Spybot S&D" and use only windows built-in firewall no "Zonealarm".

Note: names of products used for example only.

Can it be done ?

Would it be safe for web surfing ?

What's the consensus here ?

rrrh1 (arch1)

 

For surfing, I use Opera forced in Sandboxie (only Opera and Foxit Reader can start).

For banking etc., I run an Opera Sandboxie session with nothing else allowed.

For any unusual installs, I dummy in Returnil and scan with Prevx Edge after install ("cloud" driven so no sig updates + very light footprint) and if it's a keeper I install again with protection off.

I always make a fresh image before doing this with Macrium.

I don't visit the sewers and never click on any attachments I'm not expecting.

That's it really.

I only worry that something already lurking on my box may be piggy-backing Opera when I'm banking.

Maybe I'm sailing too close...

philby

 

A) MS VPC ... Free ... light; 10 mb download ... effective.
B) ThreatFire; Vista UAC
C) Sandboxie
D) ISO Recorder; http://isorecorder.alexfeinman.com/v1.htm
E) Firefox for browsing; Webmail for e-mail or Thunderbird ... I prefer webmail ... in the cloud ... remote and secure ...

 

Hmm. I too have found myself becoming tired of endless array of 'needed' apps, or training periods, or schemes that are indeed secure, yet become more of an annoyance than anything.

So here is what I do right now.

1. Format and do a clean install ( I use an unattended DVD, tweaked to my likings)
2. Install Macrium PE. Make baseline image onto 2nd hdd.
3. Built ramdisks for both liveXP and bartPE. liveXP is my choise for most things I may need to do, while bartPE is for Macrium image restores. Make a baseline image of this after it is working.
4. Install all my little things that I want on always. Make another image.
5. I use a reg setting to get a 'Basic User' into SRP, and then set all my internet apps to start as a 'Basic User' via SRP. Opera, Kmeleon, Outlook Express, Bitcomet, IE, Teamspeak. Pretty much anything that I will use routinely that connects online.
6. I use Avira Free, Cyberhawk 1.1.1.3, TinyWatcher (on demand) and Startup Monitor. Windows Firewall and adding some ipSec policies/rules in for default stuff too.
7. Sandboxie with enforcing of certain apps like browsers etc. I don't like to 'recover', so I have made a download folder in my profile path, and I allow direct access for Sandboxie to that folder. That takes care of recovering anything because my browsers also don't ask where to downlaod to, the put things in that folder. For extra security, I also force contents of that download folder to start in a sandbox that has no outgoing net access.

This leaves me with the ability to restore an image in about 3 minute when booting from the bartPE ramdisk. The actual image restoration takes under 1 minute. With the ramdisk boot options built into the restore image now, it is very nice. All is done basically.

As for security, I am banking on the SRP holding up for most things, with Avira and Cyberhawk hopefully catching anything that might escape. Sandboxie pretty much takes care of most else. Another bonus to using Sandboxie, is that when a browser for instance starts as a Basic User, you don't notice the restrictions imposed when running within the sandbox. When outside the sandbox, which I sometimes do, I have noticed nothign out of the ordinary except I cannot install things from the browser. I have to actually go to the folder the setup.exe lives in, and install it from there. There are a few tricks around that, but overall I am very happy with both the level of security and most importantly, being built into XP, pretty quiet.

Sul.

 

Never had a problem running the combo in my signature.

Common sense plays a role as well

 

Can it be done ? oh yes

FF+ Noscript + hardware firewall - for me that is really enough. Other things like Shadow Defender, Shadow Protect, SuRun, Roboform, Secunia PSI.... have benefits but are not strictly speaking necessary. They do however make life easier - which you may find a pleasant change after A/V and A/S programs.

 

Any virtualization program + AntiExecutable is IMO impenetrable. Your a,b,c,d,e is an ideal modern setup. The reason I don't use AntiExecutable myself (although I do have a license) is that it doesn't allow FirstDefense PC Rescue to work properly, and with Vista it still has a quirky behaviour.

I also find that running some vitualizers and sandboxie together verges on overkill.

 

Two thumbs up. Way up !

 

These days i just run linux with firefox + noscript behind a hardware firewall. I keep the OS and apps up to date and use a bit of common sense and i'm fine. Everything runs lightning fast.

 

You are free. Run out of fingers, but they are way way up !

 

I am going to throw a small wrinkle into this thread...

Can you have good safety with only freeware programs ?

Which ones ?

"Returnil" is available as freeware lite version...

"Anti-executable" is not...

"Sandboxie" is available as freeware lite version...

"ATI" is not but there is freeware for the same job...

Opera" or "Firefox and Thunderbird" are both freeware...

rrrh1 (arch1)

 

Definitely yes. It may sound boring in the midst of all the super security softwares that are recommended here.

Antivir Free
Online Armor Free

Vmware Player

That´s it, in my opinion, besides the Firefox/NoScript thingy.

 

That is a very interesting approach. Let me think more about it.