Security Setup for girlfriend

Discussion in 'other anti-malware software' started by HURST, Jun 4, 2008.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi

    I'm going to reformat my girlfriend's laptop and I want to build a security setup from scratch.
    Currently I've set her up with NOD32, BOClean, SAS on-demand, firefox with adblockplus and SpywareBlaster. NOD32 license is expiring soon.

    She has managed to stay relatively clean. Just one or 2 infections in over a year (for a person who doesn't know anything about security, that's a good record).

    So, what I'm looking for is:
    -Strong protection (I don't wanna waste my time cleaning her computer)
    -ZERO to VERY FEW popups
    -I don't mind that much about resource usage (as long as it's not a resource hog), but lightest is better.
    -Free if possible, but I'm OK with paid when there's no better option

    Her computer habits are:
    -checking mail
    -downloading music and movies
    -university work (MS office mainly)
    -general internet browsing
    -youtube
    -facebook

    She DOES NOT:
    -browse porn
    -online banking
    -gambling sites
    -download cracks, keygens, etc

    She is not what I would consider a happy-clicker, but she does download things without checking them with a second opinion AV or virustotal. I have tought her not to click yes on every popup, and read first, but I don't know how well she learned this.

    Sometimes other people use her laptop.

    So I had considered something like this:
    -free AV (had thought avira or avast)
    -policy based sandbox for browser
    -SAS
    -OS hardening

    Not sure yet:
    -Sandboxie instead of policy sandbox (mainly for also sandboxing the media player, I found one of those fake mp3's on her computer last week)
    -NoScript
    -ThreatFire
    -Returnil for system partition

    Any suggestions are kindly appreciated
     
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    -Anti-Executable, paid but only once. Main advantages are that it just works, and it's easy to understand how it works and what's at stake.
    -Antivir or Avast!
    -Limited user account.
     
  3. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    AntiVir/Avast <- Just choose
    DefenseWall <- It's easiest to use

    Firefox with Adblock Plus

    That's it :D IMO NoScript is too hard for "novice". I have tested it with my wife with bad results.
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Yes I've thought about AE. I'm tryaling myself and I'm liking it a lot. But I'm still not sure if it will be right for her.

    As for LUA, could be...I've never used it, I know it's safer, but I'm not sure in the regards of usability. Maybe I'll try it out myself first.
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Since emails are a big source of malware, tell her
    1. to ignore/delete any email from an unknown source without even opening them, if possible.
    2. never to open email-attachments, not even from friends.
    3. always read emails in text mode, if she reads emails in HTML-mode, don't click anywhere, just read and look (the same counts for websites, which isn't always easy of course)
    4. never reply to spam-emals, not even as a joke or any other emotional outburst.
    5. Reading .doc's with MS Wordpad is alot safer than with MS Word, because it can execute macro's.

    The other big source of malware is her BROWSER.
     
    Last edited: Jun 4, 2008
  6. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    She uses web-based email (gmail, hotmail), no local email client.
    She gets a lot of pdf and doc attachments at her university account (also web-based).
    On her personal account she hardly gets attachments.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    Sandboxie would be great. She can recover the doc's,pdf's etc and open them sandboxed to make sure they are okay.
     
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Indeed. If a sandbox is considered, the choice is SBIE, DW or GW. Each has its distinct advantages and disadvantages.
    Also, make her change to Firefox or Opera. Although you mention FF, you also mentioned Hotmail. I stopped using it because i could only access it with IE.
     
  9. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hotmail opens fine in FF.
    When I used Opera 1 year ago, Hotmail wouldn't open in it.

    I personally use SBIE, because when I started changing my approach (putting my faith more on other solutions and less in an AV), I could better understand how SBIE works. I tried GesWall but didn't understand it well. Now I do, but I've becomed used to SBIE.

    I was considering a policy sandbox for her, since everything downloaded under it's supervision would be untrusted. With sandboxie, there is a popup (recover downloaded file) that I would like to avoid.
    Besides, I know her: if she recovers it, she won't bother to run it sandboxed, so the file can do harm.
     
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I fully agree with a sandbox, browsers are the biggest source of malware and she can LOCK data folders automatically, while she is surfing on the internet, no reading, no writing, no stealing possible by anything or anybody on the internet.
     
  11. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    I might have a rant about this.

    I've set my girlfriend up (and other friends) with AVG. Anything is just too much apparently. Clicking on the sandboxie icon and using that solution is just too troublesome. vmware player just takes too long.

    GF stays clean because she just emails and checks the regular round of sites. Mate browses too much porn and ends up with spyware.
     
  12. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    IMO,I think Sandboxie and or Returnil Free would be great.I think If you showed her How to use returnil protection on, She can play with the software as much as she wants Providing the software does not require a reboot for installation.If she decides that she wants to keep something she can reboot protection returnil off and the run the program sanboxie for a while and when she ready to keep just recover it and Install.No decision making pop ups just one to keep or not.Sandboxie would be great choice with your teaching here How to recover and configure the settings with returnil just In Case somthing crawled out.
     
  13. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i would go with a simple approatch. just get f-secure.
    it has strong antivirus and firewall along with a HIPS that doesnt ask annoying questions. or if the laptop will be behind a firewalled router and isnt used on public networks just buy the AV. along with SAS on demand and your set.
    havent tryed programs like sandboxie myself they seem like to much fuss to setup.
     
  14. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Way to heavy and to difficult.

    Question
    All the female pc users I know buy music for their telephone/Mp3 player via the web, Digital Rights will be thrown away with the sandbox. They also buy a lot on-line. When she is not visiting dodgy sites why put together a disk and application virtualisation solution (makes no sense). You are putting together a Geeks's solution.

    Option 1
    Avira Premium (recently rewarded for best price/performance in a Dutch IT-magazine), she will be supporting a the Auerbach foundation also with Avira (top class AV+AS, cheap with a good story for her friends) and TF

    Option 2
    ThreatFire with a policy sandbox (DefenseWall or GesWall). Downloaded MP3 are treated as untrusted files, so do not worry. DefenseWall works out of the box when buying music, for GeSWall you have to contact Brian to adjust a setting.
    Why cripple down her browser, just sandbox it in a policy application.

    Option 3
    Iodore's suggestion or any other main market suite with few pop-ups

    Set ThreatFire to quarantaine red and grey warnings, make set TF to create a restore point before quarantaining. DW's go banking/shopping is ideal for safe on-line shopping.
     
    Last edited: Jun 4, 2008
  15. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    @lodore,actual I think public network Is safer then private network even for home use.Public Disables Network discovery,File and printer sharing and allows not to be Seen by others computers on the same network.I Have a Single pc on my Network and its to my understanding Its actual Safer to use public then private.
     
  16. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
     
  17. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ah ok, my bad sorry misunderstood.and agree with you
     
  18. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I have not used sanboxie for a while now,do to some lag on the browser openning but If I remember correctly, Sanboxie does not through away unless It Is check to delete on Browser close. If not the sanboxies retains what is In side until you force deletion.Then you can recover it and pull it outside the box for the Install.
     
  19. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks guys for all the answers.

    So I'm begining to see the future setup:

    -Separate data from system partition
    -Firefox with AdBlockPlus and NoScript (set to allow scripts globally, just to protect from XSS)
    -DefenseWall for browser and downloaded mp3's and data partition locked (will have to try DefenseWall for a few days, I've never used it)
    -Avast with only standart and p2p shield

    I think this would be a solid non-intrusive setup.

    Some possible other scenarios I might think about:
    -Avira instead of avast (I have never used avira, so I'll try it for a few days)
    -Returnil for system partition (but I think this might be overkill since she is a safe surfer and doesn't play with malware):D
     
  20. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    This means that she will need an AV scanner (the expert assesment as Blue likes to name it) to check those files.
     
  21. james246

    james246 Registered Member

    Joined:
    Nov 5, 2005
    Posts:
    80
    Just get her KIS 2009
     
  22. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I agree with this. BUT is one AV scanner enough to keep your data files clean ?
    Many users like to believe it is true, but is it really true ?
    Scanning downloaded data files with VirusTotal/Jotti/... would be unpractical. It's a problem and remains a problem, especially when you download and/or receive alot of data files.
     
  23. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hurst has it covered he mentioned Avast.:thumb:
     
  24. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Erik, this is for a normal user, who doesn't read Wilders. So yes, an AV is useful.
     
  25. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    :thumb:

    But because I do read Wilders, and I will end up doing the cleaning, is that I want to harden the setup with something else.

    ATM I'm tryaling the Avira+DW setup on another computer, to see if it fits my needs.
     
Loading...
Thread Status:
Not open for further replies.