Security setup for grams?

Discussion in 'other anti-malware software' started by tawd1992, May 2, 2010.

Thread Status:
Not open for further replies.
  1. tawd1992

    tawd1992 Registered Member

    Joined:
    Mar 29, 2005
    Posts:
    43
    I'm responsible for setting up & securing pc's for a lot of computer illiterate people & I've given up on the AV definition model. It doesn't matter what free or paid AV solution is installed on a pc, the rogue AV's act like they're not even there.

    What I'm looking for is something that prevents these rogues from installing, but doesn't interfere with the normal operation of the pc (Firefox updating itself, installing programs without being hassled, minimal or ideally no popups, etc.)

    So what program provides the best protection, but is also the easiest to use? It doesn't matter if it's free or not. I've been considering Sandboxie, Geswall or Defensewall.
     
  2. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    sandboxie or defensewall ... but it still needs a little interaction from the users if lets say you want to update firefox or install new programs ... but they are the best there is if I may say
     
  3. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    my own experience is defensewall and appguard choose one of this and you will be safe,they are very silent programs,note that appguard is more silent than defensewall but defensewall is more kind of a complete security package:thumb:
     
  4. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    id say use avast 5 free.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    avast is really good at detecting viruses and spyware but dont forget the most of the antiviruses are very mediocre at detecting fake/rouge programs mjust have some thing like mamutu or mbam pro;) or appguard:thumb:
     
  6. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    +1 ... in these modern age of computers, my view is that antiviruses are losing it's battle against modern malware specially 0 day malware ... sandbox and virtualization is the way to go.
     
  7. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    and the thing is that those rouges are so nasty that they inject malware sort of rootkits in the system so the user has it's system useless unable to do nothing to remove what was introduce where a hips,sandbox,behabiour blocker will save some one's bacon:D in the first place:)
    note:i am not saying that antiviruses are useless but as you said they are loosing the batle already:)
     
  8. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    Install WOT and make the default browser google chrome for example. Some possible options below.

    Option A
    Install prevx (paid) - support is A+, and if a rogue gets through, prevx can add the files to the database, and on subsequent scan, files will be removed.

    Could also install prevx alongside Avast or Panda Cloud for example.

    Option B
    Install Avast or Panda Cloud
    Install Hitman Pro to run at startup (Paid) - easy to remove files, effective against new threats and as a backup scanner.

    Option C
    Install Panda Cloud and ThreatFire. Panda Cloud is quite light, ThreatFire works well alongside it, and TF will prevent any major changes to the system. Both free. You'd have to set threatfire to 'level 5', show the user the type of alert TF gives (when opening a browser), so the user knows what to expect, then set it back to default.

    Option D
    Install ThreatFire
    Install Hitman Pro to run at startup (paid). Light setup, minimal user interaction, and solid against all types of threats.

    If user has history of a lot of problems, could also add Panda Cloud. So Option C and D become the same.

    None of the above will affect browser updates, browser extensions, windows updates, and so on.
     
    Last edited: May 2, 2010
  9. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    @saraceno
    all the software you mentioned are signature based (except threatfire) ... I doubt it would give a solid protection. And most of them you mentioned are cloud based ... you see if you are using these cloud based antimalware and then you got infected by a 0 day malware and it ruined your internet connection you are doomed.
     
  10. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    againts viruses yes but very mediocre againts rootkits and rouges/fake programs too:)
     
  11. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    hit man pro is very good scaner;) and with mamutu or threatfire is very solid set up:D
     
  12. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,191
    Location:
    USA,IA
    malwarebytes pro, works great and is a lifetime key;)


    i use panda Cloud AV and malwarebytes pro.

    AppGuard is really nice also.
     
  13. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    You have to balance user convenience and actual user behaviour. Problem with adding sandboxie, or returnil for example, users will complain they can't update their browser. User will complain document was lost.

    In Option A, prevx has behaviour analysis, and cloud analysis, so it's my first option.

    Option B has Hitman Pro as a secondary scanner, cloud scanning, doesn't stop problem installing if it gets past an AV, but at least cleans it up upon reboot. Sometimes there's nothing you can do to stop a user from installing a program, I mean, they can ignore alerts right? So best to have an effective cleanup program.

    Option C and D, ThreatFire might let something minor go through, but something which will cause the system to not bootup for example, it will quarantine. And Panda Cloud automatically quarantines threats, same with TF at times, avoiding user interaction. Once again, Hitman Pro is there as a backup.

    Could also be another option. ThreatFire and Prevx. Cloud scanning, and ThreatFire to stop anything from USB or external drives etc. Regarding internet connection, rare that internet connections are lost. Most rogues slow a system down, rather than cut off the connection. They want to connect out. Want a user to install subsequent downloads, pay for the rogue etc.

    You have to think like a 'noob'. We here go overboard on applications and forget how 'simple' your average user is. They don't care for 99 per cent of the stuff we talk about. Keep in mind, my first option is to install WOT and Chrome for all options. Kees here has demonstrated, and it is documented how effective Chrome is as a browser. And the WOT extension, I've tried it with many threats, and it blocks most. Awesome application, along with Chrome (and google's own malware alerts on malicious sites), a user will be fine. :)
     
    Last edited: May 2, 2010
  14. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Returnil might even be a good fit. When they go browsing turn it on and then when they are done...reboot and all is back to new.
     
  15. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    @saraceno
    this means that the users are the noobist of the noobs .... and classical av/am would not do them any good, they need something that would allow them to click away but still make thier system protected.
     
  16. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    maybe defensewall and the famous stop attack bottom:D
     
  17. Saraceno

    Saraceno Registered Member

    Joined:
    Mar 24, 2008
    Posts:
    2,404
    I agree, Returnil is a great option. But all depends on if you can educate all users who use the system. No use in educating the owner of the PC, if his/her kids jump on and don't know how to turn the program on/off.

    What the user is asking, something which is outside the traditional AV model, and something which prevents rogues AND is easy to use, I would straight away say sandboxie. But what the user is asking for, that perfect balance, is difficult to find.

    All depends on the user, I know some real dead-heads when it comes to computers, and they haven't got the brain power to recover files in sandboxie, or de-activate sandboxie to update their browser etc. So all depends.

    What I've suggested is not abandoning the AV model, as it does work well for say 90 per cent of the time. Adding a few extras, like Chrome + WOT + Prevx + Hitman Pro and/or ThreatFire, and I should have mentioned MBAM pro, to cover that remaining gap.

    adik1337, I don't have the magic solution, but neither does anyone else. If we had the perfect solution, it'd be a 'sticky' on the forum, and the forum would slowly die with no more posts! ;) I've hijacked this thread, so I'm outta here. lol
     
  18. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    no you didnt hijack nothing at the contrary it will help the person who ask about it and maybe decide which advise will fit in his mind to choose the correct program for his need:D
     
  19. adik1337

    adik1337 Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    199
    @saraceno
    come on man ..we are just discussing the possible options ... we are here to help others ... no harm done ;)
     
  20. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    i did test an antivirus alone and after i tested a behabiour blocker alone with same malware ?guez who did better?:D anyway antiviruses help with the virus/spyware needs;) but for the rouges has to add some thing else:D and yes this is a very positive and helpfull part of the forum;)
     
  21. EscapeVelocity

    EscapeVelocity Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    368
    guez who did better?

    Dont tease.
     
  22. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    PrevX CSI with SafeOnline...

    buy it.
     
  23. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    ofcourse the behabiour blocker:thumb:
     
  24. EscapeVelocity

    EscapeVelocity Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    368
    As I have been stumbling along, I am basically following the Saraceno plan.

    AV/AM - Panda Cloud in addition to those mentioned by Saraceno.
    PrevX SafeOnline - Highly recommended
    ThreatFire or Mamutu Behavior Blockers
    Web of Trust - But additionally other Filters/Blockers like Hostsman with hpHosts, PeerBlocker with selected BlueTack lists, OpenDNS with Filters, AdMuncher, Proxomitron/Privoxy/BFilter/Popilio
     
  25. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    First rant, don't take this personal it is a big frustation of me that even on Wilders FF is praised for its security

    Drop FireFox, how can one advise FF to computer illeterates? Even on this forum its security is overrated and parotted over and over again.
    The developers of FF are now considering to apply some form of policy sandboxing. They call it Electrolysis. Let's hope FF pick's up on security (after all 3.6 finally brought cross site scripting protection).It is unbelievable how resistant this tale of security of FF is.

    Don't mention no script. No script cripples the useability of a browser for the average user. When you want Noscript use Chrome/Chromium it has build in content blocking (cookies, images, plug-ins, extentions, javascript etc).

    Second rant (yeah I am a grumpy old guy)

    No software can compensate for user stupidity, educating them or removing the rights or remotely admninistered service is your best option.

    Cheers (no more ranting I am going to get me a beer)
     
Loading...
Thread Status:
Not open for further replies.