Securing a new Win7 laptop

Discussion in 'other anti-malware software' started by The GLoW, Sep 9, 2012.

Thread Status:
Not open for further replies.
  1. The GLoW

    The GLoW Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    22
    Location:
    USA
    Last month, I lost my XP SP3 primary laptop---that I rarely used for surfing---to a stunning attack from a rogue, rootkit, malware, keylogger, and who knows what else. Now, I've gained an education beyond "simple" antiviruses. I also have a brand new Win7 Pro SP1 system that needs protection.

    I had Panda IS and SAS Pro on the old system. PIS rarely found anything while SAS always did its job. The same is true for my secondary laptop. Though paid up, I have removed Panda IS from it as it's firewall was often not working yet it did not even notify about this.

    My main concern has been finding the right anti-virus for the brand new system as I am new to Win7. I am not even sure this post is in the correct thread because I also need anti-malware. Unlike years ago, it seems to me that more than one product is needed to safeguard a system.

    Whatever security I choose, it should be compatible with the Win7 Firewall as it appears to have improved over XP.

    Researching my options, I am faced with many choices but am not sure what's best for the new OS. Reading many illuminating threads on this site, I have concluded to include Sandboxie in my arsenal. But what else?

    Also, is the Win7 image backup useful or do others use another product?
     
  2. DX2

    DX2 Guest

    My choice would be either Avast! or KingSoft AV. Both good AV's, plus light on system resources. As for imaging, I don't use it. I just keep certain files on a separate drive or online storage.
     
  3. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Sandboxie and maybe WOT
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Standard user account.
    UAC on recommended or higher.
    windows firewall minimum.
    Disable remote access if you do not need it.
    Disable some windows services like remote registry.
    Keep all program applications and OS updated.


    Third party security applications I recommend.
    Sandboxie.
    Malwarebytes on demand or real time.
    Hitman Pro.
    Antivirus maybe Avast or Avg or Kingsoft.
     
  5. tomazyk

    tomazyk Guest

    I would also recommend you to add Sandboxie. For anti malware I would go with Avast (if you want free) or with Nod32 or Nav, if you don't mind paying.
    You can also add EMET mitigations to all "dangerous" applications. Also consider using Standard User Account instead of Administrator one.

    Try to learn more about computer security and always practise safe computing. This alone can make other security software unnecessary.
     
  6. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492

    Before deciding what AV you should use, I'd highly recommend implementing "Software restriction policy" via Group Policy (if you have at least W7 Professional) or Parenteral Controls if you're on W7 Premium. The latter will give you a crude Software Restriction Policy settings, where executables are only allowed in your Program Files and Windows directory.
    If you're running W7 Pro, take a look at this one:

    -http://www.mechbgon.com/srp/

    This gives you a good protection against drive-by-downloads or family members wanting to download and execute or install unsolicited software without your permission.

    Dark Shadow has already recommended the security basics such as regular user account, UAC on max etc.
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    First use your Pro version to the max by hardening your system through the group policy editor. See picture for Computer settings (which also apply system wide, including the admin).
     

    Attached Files:

  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Same for user settings, which apply for standard user or programs running medium level integrity, see pic
     

    Attached Files:

  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Next install Chrome as your browser. Go for the altenate installer for all user acounts which installs in normal Program Files directory for easy use of Software Restriction Policies. Link http://support.google.com/installer/bin/answer.py?hl=en&answer=126299

    Chrome has the advantage of having internal sandboxes: LOW intergrity level shared processes (which can't touch medium level processes) and Untrusted integrity level renderer (for browsing webpages) which can't intrude LOW level integrity processes and higher, see pic. Also PPAPI flash and PDF are contained in sandboxes (so it is very unlikely flash or pdf exploits can break out).

    see pic
     

    Attached Files:

  10. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Set UAC to max, install EMET and set it ro protect your internet facing software

    See pic
     

    Attached Files:

  11. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    Yes, it'very useful and recommened to backup your system when you have it setup satifactorily with latest updates on O/S and installed software.

    I like Kees' recommendations in addition to those who recommeneded Standard user account, EMET and UAC at maximum. One day you might want to try SRP: -http://www.mechbgon.com/srp/
     
  12. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Next apply software restriction policies, the easy way, meaning newly downloaded programs will be denied execution (when started normally through Windows Explorer).

    When you want to install a program, just choose right click "run as admin" option

    See pictures
     

    Attached Files:

  13. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Last edited: Sep 9, 2012
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Off course running standard user is better/safe, but this setup give you the freedom to install programs in the same profile as administrator.

    It is my lazy Admin setup :cool:
     
  15. arsenaloyal

    arsenaloyal Registered Member

    Joined:
    Nov 1, 2009
    Posts:
    507
    Great that you include sandboxie,thats would have been the first software i would have recommended as well.

    as far as IS goes you can chose any IS if you have got sandboxie.

    if you are looking for a lightweight suite i would recommend Eset Smart security.

    Or you can use MBAM Pro realtime as well.

    and yes using standard user account does mitigate a lot of threats.
     
  16. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    I just setup a new laptop for a non-techie person with:

    Sandboxie (anything can run or use internet)
    Malwarebytes Pro
    Kingsoft Cloud AV

    Quite a lot of layers in that, and both security programs work acceptably with Sandboxie. Not ideal to use Sandboxie without default deny - but at worst it'll give the AV and AM time to get a definition while Sandboxie contains it in the sandbox.

    My first choice would have been Panda Cloud AV since I still have a pro key spare, but it's not clear whether or not they've fixed up the performance issues yet.
     
  17. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    Kees or anyone:

    IE9 shows low integrity in Process Explorer, while Chrome is medium. Are you saying Chrome is medium and all extensions are low and that is why it is more secure? I understand it has a sandbox, my focus here is on the actual tokens or privileged of the browser.

    Regardless, Chrome is still considered #1 for browser security right? Then IE then FF?

    I have Windows Firewall w/ Advanced Security, anyway to get notifications of blocked outbound connections w/o using 3rd party software? I guess I could read firewall logs but that seems like a hassle.

    For OP:

    http://www.mechbgon.com/build/security2.html

    + SANDBOXIE
     
  18. The GLoW

    The GLoW Registered Member

    Joined:
    Sep 9, 2012
    Posts:
    22
    Location:
    USA
    Thanks so much for viewing my post and for the many wise recommendations.

    Glad to read so many confirmations about Sandboxie. Too bad choosing an AV/AM inn't as clear-cut, no?

    Dark Shadow,
    Very sound advice that I will apply. Definitely will go with Malwarebytes. Do you think this with SAS Pro is overkill? Not sure what Win firewall 'minimum' means, though.

    To new2security, thanks for pointing out Group policy settings as I've not come across this aspect of the OS yet. VIP to know for this OS, I think.

    Kees1958, many helpful posts that will make sense to me in time, but I think WF Notifier is what I've been looking for...will check this out. Other firewalls may be better but this can help me stay in a MS environment for the time being.

    RJK3, I'm hearing that KAV is growing resource heavy with time. Are you noticing this? And Panda was also my first choice, the AV I've wanted to like but it just doesn't want to play nice.

    There is much to digest here...no doubt leading to the right combo in time. Still not sure about AV/AM, though. Seems I've tried them all!

    With respect...
     
  19. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    MBAM Pro and a good performing AV will be better than most setups. I wouldn't waste time with SAS Pro, just see the MRG tests for proof of that. MBAM Pro is the best of the realtime AMs.

    Then slowly learn Sandboxie - and don't feel bad if it takes weeks to get the most out of it.

    I've not noticed any greater resource usages with KAV - but if it's just memory, then no biggie. The only thing that matters is if it slows things down and affects performance - but any new Windows 7 laptop is bound to have more than enough RAM.
     
  20. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    IE9 also has one medium and a number of Low instances running. Difference between Chrome and IE9:
    - Chrome also sandboxes flash and pdf (PPAPI)
    - Besides LOW Chrome has Untrusted renderer processes (is lower than LOW :)
    - Chrome also applies job token and alternate desktop to further contain the renderer processes.
     
  21. adrenaline7

    adrenaline7 Registered Member

    Joined:
    Apr 27, 2011
    Posts:
    128
    Interesting thanks Kees. I'm actually using Comodo Dragon built on Chrome and works well with about 6 various security/privacy add ons I have. Its a keeper :)
     
  22. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    What I meant is at least a windows firewall should suffice,include a router firewall even better.
     
  23. new2security

    new2security Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    492
    Folks may disagree with me but in my opinion, real-time AV and antimalware software not only need access to the sensitive OS's kernel that alone will introduce a weakness, but one also has to decide what to do with all the pop-up messages /warnings. In my experience, that can be a pain and time-consuming.

    Also, antimalwares and AV's will never be able to keep up with the new threats that are constantly released into the wild.
    That's why many AV/antimalware suites also come with a behavioral scanning and detection feature. The warning messages that this feature produce are even more cryptic than AV warnings IMO.

    I prefer a system-wide protection using the built-in features that can be set once and (almost) forgotten.

    By using a Standard Account, UAC max, implementing Software Restriction Policy, hardened group policy, a secure browser (Chrome), updating your software, using a router or firewall - will give you a very good protection. Not to mention, you'll notice your system is still very snappy.

    As for AV /antimalware, you may look into on-demand scanning only, say once a week or so. I know about the feeling: "Man, I'm missing something important (read=realtime protection)", it's a feeling that I still struggle with, but I haven't had any virus/malware infection for the past couple of years since I've used a similar setup that is in my signature (this setup is used in a small office environment too).

    Also, minimizing the attack surface is important; install only the software that you really need. Avoid any "I-might-need-it-in-future" software.
     
  24. dansorin

    dansorin Registered Member

    Joined:
    Feb 27, 2009
    Posts:
    233
    Location:
    EU
    image backup is a must these days. i recommend using EaseUS Todo Backup or Macrium Reflect, both are free and much better than the image tool included in Windows.
    as for the AV/AM, if you have Sandboxie, you can use any AV that has a decent detection ratio (see av-comparatives.org for that). you can also keep PandaIS (have you upgraded to the 2013 version?), as no AV is bulletproof and you can get in trouble regardless of the AV you use.
     
  25. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Sandboxie is a must.:)
     
Loading...
Thread Status:
Not open for further replies.