Security for internet activity only?

Pardon this noob question and lunky explanation but here goes:
it occurred to me the other day that the only thing i need security for is internet surfing; my pc is clean so why do i need an av or uac to monitor / scan ever file / activity?
What I'm looking for is something to monitor and control internet activity only - something like uac that will stop something from the net from executing without my permission. It seems to my that it should be pretty easy to monitor network activity and pop up a message saying "Hey, this program from the internet is trying to execute on your pc, allow/deny?"
Or is it not that easy?

 

Your hunch is basically correct. If your PC is clean now , then an infection can only come from a few external sources. Some people here call them "threat gates".
So you have internet , USB keys , and CD/DVDs.

Internet is obviously the big one. Read up about it and come to your own conclusions as to how to prevent an infection from there.

For my own part I use a system which is based on the computer security theory known as "Default-Deny".
It means that any program, not currently on my system, can run.
So I download a new program , try and run it , I get a pop-up saying its block. All that pop-up has is a "Ok" button.

The reason I decided on this scheme was three-fold.
1. Currently all viruses try and create what is called an "executable file" on your PC. This is what they use to contact the internet , scan your PC , etc.
The default-deny protects against all this.

2. The second is that it protects me against myself. If there is a video I want to see , and say download abc to play this. Now this could contain a virus and I know this so normally I'd say "deny".
But
a). If I was impatient I could easily click "allow".
b). the download could be triggered by any key press , so my "deny", might actually trigger it !
The default-deny protects against all this

3) The third is that it gives me a good sense of control of my PC. If I decide to turn my security off , and run a new program , then I have mentally accepted the risk of that , as I had to do a few things to turn my security off. The flip-side is that I never need to concern myself about new varients of viruses , or browser exploits etc.

Anyways keep reading up on how people become infected and your on the way to preventing it happening to yourself.
The community here is very good , and plenty of good threads around.

Cheers
J

 

Joeythedude -
thanks for your response - so how much of a pain is D-D for you on a day to day basis? I gave up on uac because it seems ridiculous for microsoft to ask if im sure i really want to run/install a microsoft app...
Btw - anyone have thoughts on how well Vista's uac does on stopping drive-by downloads?

Or maybe i should.........
http://movies.apple.com/movies/us/apple/getamac/apple-getamac-security_480x376.mov

 

what operating system do you use?

 

It was a bit annoying to start with , and means I have to think more about what I actually want to run on my PC.
So whats happened was that I've downloaded a load of stuff I wanted to try.
But I never actually did run them , and now don't remember what they were meant to do !

But I'm very used to it now , and its just part of my routine.
The only real hassle is that if I install something big ( 1GB & 2GB ) , then it takes a minute or 2 while for my security program (AE) , to update and it freezes the whole PC. But a small program takes a second or so.

As for Windows stuff , I update that when I feel like it. D-D gives great protection against windows exploits too.

 

OS: vista soon to be 7.
i dont run any security on vista other than spybot and ms defender. [i can hear the gasps now]
I just use a windows xp virtual machine on this box when i want to go looking for trouble (and it comes in handy when kids use my pc!).
Sandboxie made my xp vm blue screen btw - but 1: i was trying pretty hard to infect the vm and 2: i have no idea if you can (properly) run a virtual box within a virtual environment.

ot: does anyone know how to change the key combination to maximize / minimize a Virtual PC vm ?

 

stumpedone, why you don't think to an HIPS ?

 

How about WinSonar, EITHER RegRun Supreme OR System Safety Monitor OR DSA BUT NOT ALL THREE OF THESE, AVZ (Kernel Driver Installed with Guard ACTIVE, WinPatrol, and AnVir Task Manager Free, Opera 10, MyPopupKiller AND Proxomitron with JD5000 and Sidiki. The entire setup runs about 1 Meg on my XP 3

Dave

PS BitDefender has a free version for on-demand for XP as a scheduled scanner only or go ClamWin with Clam Sentinel.

 

Why do these threads always degenerate too, " I run Dr. DoDad's ... and I've never been infected (except that one time when my cat walked on my keyboard and . . . .)

To answer the original question

1. You should have every entry point to your PC checked in real time. Yes, this includes internet traffic, but also USB, CD/DVD and other ports.

2. Surfing is risky. Malicious code is often embedded in web pages (it happened to the New York Times a few weeks back). So you want a to turn off script processing (perhaps use noscript with firefox) and you want something that hooks into your browser and checks for embedded code before your browser processes the page. In case that fails, you also want a good antivirus scanner to hook into the OS so that all file accesses are scanned for malware. Actually, what you should have is layers of security including:

Outside the PC:
Security in the router
Encrypted wireless

In the box
Search security - mark up search results so you don't accidentally go to infected/malicious web sites.
Phishing protection - identify and block phishing sites - and do it better than the weak protection offered by IE or Firefox (this can be a thread unto itself)
Browser security - analyze the code in the page before the browser renders it. The better security suites do this.
IPS - look at network traffic for signatures of attacks on known vulnerabilities - so look for traffic that targets the latest Adobe or Apple or other 3rd party vulnerability instead of looking for signatures of exploits
Firewall (intelligent, 2-way, doesn't ask the user to make security decisions without giving them the info to do so)
Vulnerability assessment - (are we all patched?)
Password protection (maybe . . . maybe just a convienience feature)
Tamper protection - ensure the security settings of both the OS and the security software aren't changed by malware/intruder
Effective malware scanning
The force (just in case)

 

sigh - im beginning to feel like the "im getting tired" poster - i appreciate the responses but the more i read the more paranoid i get. I know it's easier said than done but why cant an operating system be designed that is smart enough to not let malicious software run on it...



just had a thought - THIS should be microsoft's new ad:
http://www.youtube.com/watch?v=9W5Am-a_xWw

 

Mac/Linux - targeted much less than windows.

To be more secure in Windows:
1) Make sure your operating system and software are fully patched, run this scanner: http://secunia.com/vulnerability_scanning/online/
2) Use more secure browser like Firefox (with WOT and NoScript add-ons)
3) Use bidirectional firewall (Outpost, Online Armor, Comodo, etc.)
4) Use an anti-virus for upfront protection (add some free scanners for double checking such as SUPERAntispyware, Malwarebytes Anti-Malware, etc.)
5) use a sandbox (Sandboxie, DefenseWall) as AV's do not catch 100%

This or in combination with some of the other suggestions in this thread should keep you safe.

 

The last part of your post describes a classic HIPS.
If that is easy for you,than anything else will be a cake walk.
(of course the HIPS will pop up anytimes you intend to instal software,and not
just on line.)

These threads devolve in this manner because we are all inherently partisan to our choice of security.

Being only human,I say System virtualization with Returnil Premium,and Browser sandboxing with Sandboxie,and a few on-demands of your choice is best in terms of usability and resource use.

If no one else agrees,I am not at all shocked.

 

ssj100:

I stand corrected!

 

The problem is that everything is integrated together on Windows. Internet Explorer is part of the operating system, in spite of Microsofts recent attempts to isolate it from the rest of the system. Internet activity includes much more than the browser. Websites use Flash content and Java. Both are separate installs of 3rd party software, but when a website uses them, the content is still displayed in the browser. PDF files are similar. They can be displayed in the browser or in a freestanding application. There's other web content that uses media player components.

Because of this integration, all of these and others can potentially open infected or malicious internet content. They're all part of the attack surface that's targetable from the web. Defending against internet threats means protecting all of these and more.

Stumpedone, How would you describe or rate your level of knowledge and skill with Windows? In order to properly implement a default-deny security policy, you'll need more than just a casual knowledge of Windows. Conventional security apps like AVs use a default-permit approach (anything not identified as bad or malicious is allowed) and the user relies on the AV to catch everything that's undesirable. With default-deny, only the applications identified as good can run. Unknowns can't execute. With default-permit, the burden of catching the undesirable is primarily on the AV vendor. With default-deny, the burden of identifying what should be allowed is on the user. Default-deny is best suited for PCs that don't change much. If you're one who tries out a lot of software or is regularly changing your setup, default-deny will be an ongoing hassle. It's also difficult to implement if you don't know what the different applications and executables are for and don't understand what they do. The more you understand your system, the better default-deny will work for you. When implemented well, it's no hassle, but if you're trying to make decisions regarding allowing or blocking things you don't understand, it can be a nightmare, especially if you use a classic HIPS as the primary enforcement tool.

In this thread, there's a link to security advice wizard that's being developed and tested. It's not thorough by any means but it has some good suggestions and can help to identify your level of knowledge and skill. More than anything else, a security package has to match the abilities of the user.

 

noone_particular

The Default-deny quandry is exactly why we built Quorum as the back-end into our 2010 products. It maintains a dynamic whitelist - it has over 64 million unique file hashes in it with security ratings on each file based on both local client info and on meta data (frequency of the file, how it correlates with known attack vectors . . . .). Most threats we see today only show up on only a handful of computers. This turns the very uniqueness of those polymorphic and metamorphic threats against tehm and it allow us to have a far more intelligent approach than a straight blacklist.

For all those recommending building a best case security solution with a firewall from one place, sandbox from a 2nd, IPS and AV from 3rd and 4rth vendors - you smoking something. That is a disaster waiting to happen. The products are going to conflict, your not going to know who to call - or you won't have anyone to call since most free products offer no support - and you will still be doing security on faith since you have no real idea how effective most of those components are (do you know anyone who tests IPS? )

This is why you should be installing a good security suite. I know, paying for security sucks - but it sure beats getting "own3d".

For the guy with the head ache reading all the advice earlier in this thread. Look security suites from

Norton (hey that's my company!)
BidDefender
G-Data
Kaspersky

Possibly Avira, Avast and ESET should be on your short list too. Read the reviews, pay the $60 and move on.

Dan
Symantec

 

Spoken like a true salesman. I wouldn't expect a security suite vendor to say anything else. After the experiences I've had with security suites, NIS (Norton Internet Security) to be specific, there's no way I'd ever suggest them to someone else. My PC has been both virus infected and hacked while being defended by NIS. My encryption software prevented that hacking from becoming a much bigger problem. I dumped Norton less than 6 months after paying for it.

You've got this backwards. Anyone who believes that a single vendors product will do everything better than single purpose apps designed for one purpose is the one smoking something. When intelligently selected and configured to enforce a default-deny security policy, single purpose apps combine into some of the strongest packages available. It's when casual or novice users start piling apps together with no real strategy or plan that single purpose apps can become a problem, especially when those apps function at a kernel level. When properly selected, there's no conflict. Your statement is a major exaggeration.

The majority of the software I've tried, free and paid, gave better support than I got from Norton. Several of the vendors are right here in this forum. They often answer support requests in a few minutes or hours, not several days later with a form message.

Security suites may be an acceptable option for the casual user, but many of the users here can assemble better packages that are at least as effective while being lighter and cheaper. A strong default-deny package costs little or nothing to build and doesn't need an AV or access to 64 million file hashes.

That's an assumption, and a bad one at that. Yes, I have faith in the security package and policy I use because I spent better than a year testing it with malicious sites, zero-day exploits, penetration testing, and live malware, about 80MB worth. When it proved its ability to keep my system unaltered, I stopped wasting disk space and resources on AVs. The results has been a faster and more responsive system that's more secure now than it ever was with an AV based package. There's no way I'd bog down my system with Norton or another suite again.

 

But, looks like, that recommendations works. Because the point here is not to provide as much different vendor's products, but to be safe. Or, maybe, Symantec has a sandbox or any reliable firewalll?

 

huh and get billed automatically next year....well ideally read the reviews,keep $60 in your pocket,choose fee avira/avast and move on

 

Stumpedone,
Referring to your statement,

If you are certain that your PC is completely clean, now is the time to make a full system backup. Double check your system with an online AV like HouseCall to be sure. There's several threads here that cover the different options available. If you're going to consider different security setups, it's also a good idea to have a backup as a restore point you can easily go back to instead of depending on the security apps uninstaller. Some of them leave a lot behind that can interfere or clash with other software. Security suites are especially bad for this.