Sector-by-Sector security

Discussion in 'other anti-malware software' started by AirSupremacy, Mar 11, 2012.

Thread Status:
Not open for further replies.
  1. AirSupremacy

    AirSupremacy Registered Member

    Joined:
    Mar 11, 2012
    Posts:
    8
    In order to build a comprehensive security setup, I want to add a security layer from each protection category. Add any to the list and I will update this first post.

    Firewall
    Host-based intrusion prevention (classic)
    Full Virtulization
    Imaging
    Anti-virus/Anti-spyware
    Anti-keylogging
    Sandbox
    System Hardening
    Memory guarding
    Behavior Blocker
    System integrity checking
     
    Last edited: Mar 12, 2012
  2. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    behabiour blocker
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There is a lot of overlap. HIPS/IPS covers virtualization, system hardening, memory guarding and sandboxing. The rest would fall under disaster recovery and HIDS/IDS.

    In terms of specifics you can break AVs down into file-analysis heuristics, behavioral emulation heuristics, blacklisting, cloud-based heuristics, reputation based heuristics, cloud based blacklists.

    Sandbox can be broken down a lot, you have your Sandboxie virtualized environment sandbox and your windows MIAC sandbox, you have virtual machines, jails, applets, etc.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Your collection has way too much overlap and duplication. The sandboxing and full virtualization are each good security concepts, but there's no need to use both. Firewalls often include Host-based intrusion prevention. Using an additional HIPS with such a firewall can cause all kinds of problems.

    You'll do better if you start with choosing a base security policy that best fits your skill and usage needs, such as:
    Conventional detection based.
    Virtual system.
    Sandboxed attack surface.
    Default-deny.
    Minimum permission.

    Each has it's own strengths, weaknesses, and requirements on the user and system. After you choose what best fits your needs, then choose the app(s) that are best suited for enforcing that policy.
     
  5. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe

    Quote. FW/HIPS + AV + Sandbox are all you need without redundancies that could create conflict or reduce the effectiveness of the security. An imaging program is anyway a must, for every kind of eventuality, not only security problems.

    Pay the best attention to the settings.

     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Firewall -> Firewall
    Host-based intrusion prevention -> HIPS
    Full Virtulization -> Sandbox (Some HIPS have partial virtualization or limited rights features)
    Imaging -> Imaging
    Anti-virus/Anti-spyware -> AV
    Anti-keylogging -> HIPS
    Sandbox -> Sandbox (Some HIPS have partial virtualization or limited rights features)
    System Hardening -> HIPS
    Memory guarding -> HIPS

    In summary it is like this.
    -Firewall
    -AV
    -HIPS
    -Sandbox
    -Imaging

    Then to make the setup even simpler i would take a HIPS that has a Firewall built in to reduce the amount of software running in real time.
    -AV
    -HIPS
    -Sandbox
    -Imaging
     
  7. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Depending on your Operating System version, you could actually go lighter, without reducing any security, while kind of retaining most of what you mentioned.
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Instead of trying to cover every security layer you should try to cover every attack vector. Ask where you're vulnerable - USB, DVD, running services, etc. Ask how you can mitigate those risks.
     
  9. tomazyk

    tomazyk Guest

    Encryption
    Update checking
    System integrity checking

    For internet - Proxy, encryption, script control, cookies control, active content control, IP and domain blacklisting...

    Do tell us if your system is still running if you install one of each :)
     
    Last edited by a moderator: Mar 12, 2012
  10. AirSupremacy

    AirSupremacy Registered Member

    Joined:
    Mar 11, 2012
    Posts:
    8
    Actually most security products today tend to overlap regarding the protection themes I listed. I am well aware of this fact but this thread is also for those that are considering which software to use. To them, this list would be more of a checklist. Obviously, no one expects them to have EVERY protection. Pick and choose the ones that are useful.

    Regarding sandbox and virtualization, I find these are two distinct products if you compare Defensewall and Returnil. One restricts usage of executables while other provides a full copy of the disk drive.

    I've added several suggestions. Thanks!
     
  11. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Bear in mind that when you start adding this, plus that, plus that one, plus that other one security application, then you're also increasing your very same attack vectors.

    When choosing one security application, we're always weighing the pros and cons between the offered security and the fact it's third-party code being added to the operating system, which on its own, regarless of being a security software, it will also introduce its own fair share of security vulnerabilities.

    So, if you really think that having more = more security, 99% of the time it's actually the other way around. The more you add, the more vulnerabilities you add as well.

    My honest opinion, as I have previously mentioned, is to have under consideration the operating system version you're using, and use a lot of what it has to offer security wise, and use that. Then, if you must, couple it with a third-part security application, that would protect against something you need, and that Windows won't offer on its own.

    As I mentioned above, more security software doesn't equal more security, at all.
     
  12. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    m00nbl00d well said my son:thumb: :thumb:
     
  13. AirSupremacy

    AirSupremacy Registered Member

    Joined:
    Mar 11, 2012
    Posts:
    8
    If you look at the "what's your security?" thread on this forum, you will realize people do tend to run multiple security programs on this same system. While it could lead to more vulnerabilities, the benefit they provide far outweighs the potential bug fixes that are inherent in every program ever coded. You're picking at the details and missing the whole picture.

    This thread is to close as much attack vectors as possible while eliminating the need to redundant security software.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Yes... that thread... A very special one on Wilders Security Forum. You'll see that over time practically it's just the same users all over again, but simply to show what they're using "now", what they're testing just for the "fun" of it.

    They're security software addicts, who need their daily fix. @ All, no bad mouthing intended here. ;)

    But, if you actually paid enough attention, you'll see there's a handful of users mentioning their security setup there, and practically using no security software, except this or that on-demand scanner or Sandboxie/DefenseWall/etc.

    They're included in the bunch of those who use native Windows security functionality + some third-party security application to couple with what Windows has to offer.

    Now... I'm not saying which ones are right and which ones are wrong. That's up to you... Each person needs to weigh the cons and pros. :)

    If you were selling me a painting, I'd look at the details, actually. Who cares about the whole picture, if part of it is damaged? I'd never buy the painting.

    Isn't that a paradox? Closing as much attack vectors as possible, by introducing a lot more?

    Also, don't forget that many security software will be messing with the kernel, unlike some other software.

    If I had to pick: Windows built-in security + restrict the web browser/other dangerous applications (maybe by using something like Sandboxie/DefenseWall/similar) + system image.

    But, that's me... I like the little details. ;) :D
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I think the "What's your security setup?" topic is often users just testing out software and giving input on the latest versions etc in a more informal way - it also lets other users see possible configurations and give/ get input.

    You can try to cover as many holes as you like, every time you add code you add vulnerabilities. m00n said it, you're weighing the risks every time (or you should be.)

    When you start protecting a server (the things that actually get attacked, where security is really important) the most important thing is closing ports, turning off services, and essentially decreasing your attack surface as much as possible. They don't say "****, we have an open port, install a 3rd party firewall" because that's just one (large) piece of code that the attacker can exploit.
     
Loading...
Thread Status:
Not open for further replies.