Security setup - some questions/ideas please?

Hello.

First things first - I do have an idea that there have been quite a vast number of similar posts, but on the other hand the landscape of security software is changing really fast, so I decided to make some changes in my current setup and ask here for opinion.

The status for now is as follows: Avira free, CPF w D+, Threatfire 4, BOClean, Returnil and SandboxIE. On demand scanners are: SAS, MBAM, A2, Prevx. Not to mention hardening tools like WWDC, SecureXP as well sporadic use of rootkit detectors.

Out of pure curiosity I am just looking for some alternatives for the specific software that I am using and maybe an alternative to a security concept itself. So here it goes:

1.
Any free alternative to Avira with better detection ratio and the same system usage? (I've experienced some problems with update servers recently that's why I'm asking).

2.
Free alternative to CPF w D+? Maybe I should try Comodo's Internet Security? Or use HIPS from OA? Or maybe better stick with Comodo?

3.
Should I consider adding anything to on-demand scanners list? AVZ or whatever?

4.
What about specialized rootkit detectors (like RKU, Root Repeal, IceSword etc.) and their comparison with built-in rootkit detection in AV (like Avira) and Anti-Malware/Anti-WhateverWare software (like on-demand scanners lited above)? Even more peculiar software like Hypersight comes to my mind. Is it worth the trouble? Especially in the light of the fact that most of security software have rootkit detection already implemented nowadays?
What about DiamondCS products like DSE?

5.
Web-browsing and the Internet-facing applications vulnerability - currently I am sandboxing all P2P applications (precisely: uTorrent, eMule and StrongDC++) and on some occasions Firefox (with: NoScript, AdBlock, Secure Login, WOT etc.) - wouldn't it be logical to Sandbox IM (Miranda) and maybe even more (like Foobar2000)?
What is the chance of being infected while browsing legitimate (according to WOT) website with Firefox, having NoScript turned on and the above resident protection also on, but without sandboxing of Firefox?

6.
Scripts - do I need an additional script protection (agains *.VBS) for the above setup? (If so, is there a software that would block executing all scripts by default but allow for a whitelisting? Could this possibly be done with one of the HIPS software that I am using or maybe use something like Script Defender instead?)

7.
What about Secunia PSI - anyone here uses it? Any opinions?

Thank you and best regards,
Swordfish

 

1/ No, not really... And for the 17845th time - set your updates to "invisible" mode, use the avnotify.exe workaround to hide their fugly nagscreen and move on.

2/ CIS has a newer and a lot less noisy firewall/D+. Worth a try.

7/ Yeah, nice free tool which does exactly what it claims. (BTW, 0.9.0.5 is out)

P.S. Really no need to run Threatfire 4 with Comodo's D+, they vastly overlap and may cause quite a couple of conflicts.

 

Make your setup lighter

Avira with Comodo/D+ (when you know what is going on inside your OS) or Avira with ThreatFire plus outbound custom rule (for all other type of users)

Run your internet facing programs with StripMyRights (lighter than SBIE, less secure than SBIE but with either D+ or TF not much can happen). Consider running IRON ( a Google chromium clone with latest webkit release), is really light and secure.

For very dodgy browsing use Returnil (the easy way) or Sandboxie (Iron's sandbox does not work with SBIE). Use this extra's as a kind of ad hoc browsing protection.

Regards

 

Everything said here is very good advice. More applications does not (hardly ever) equate to better security. Be smart in your choice; both in what you do and what you do not do and also what products you chose to use.

For me the (essential) cherry on top would be an imaging program and a complete system backup.

 

One of my set ups is running limited user, group policy/software restriction policies (whitelisting) and AVZGuard to stop any other executables.

 

I agree with the above, especially about overlapping...would also add the following.

1) in place of avira personal classic, maybe try avast home edition? their detection has been steadily improving (av-comparatives tests the paid version, but both use the same engine). i use avast on most of the machines i clean up, and i hardly hear any complaints. comodo's av in cis isnt quite up to snuff with the best (yet).

2) for security while browsing, consider a hosts file, such as MVPS or HPguru's. a hosts file blocks ads, third party cookies and counters, hijackers, and browser trackers. you might have to tweak it a little, but its a nice additional layer of security.

*edit*
3) I would also add spywareblaster. adds restricted sites to IE and firefox and doesnt run resident, so its like its not there.

otherwise you seem to have a handle on things, IMHO.

 

I would not suggest this. Avira is better than Avast in every way, minus the stupid "firewalker" thing.

Well, okay. The host file is a good idea as long as you stick to one; MVPS or HP. Anything beyond that you might want to consider AdMuncher or Proxomitron.

No need. There would be repetative protection here between the host file and/or AM or Proxo.


P.S. Sweet avatar tmaertin.

 

Avira Premium I would agree with here (heck, I use it!) I thinks its well worth the 26.95 to buy a 1 year license. OP was looking for a free alternative, the next best one is Avast. Avast doesnt seem to have the same issues with updates and it has been steadily improving for about 2 years now. The resident protection is very good.

Agreed - only use one hosts file - would recommend Winpatrol to lock it down as well

I disagree - the type of protection offered between these is different - hosts file blocks the sites out by redirecting the request, spywareblaster simply creates a restricted site list in browser. using the example of mvps versus spywareblaster, each has some sites the other does not. Neither runs anything on the system, and even if both had the same site listed it would hit the hosts file first, so they would not conflict. I would view this as more of a layered defense. Also the OP is not currently using AM or Proxo, so the conflict would only exist if they decided to go that route.

Thanks - I appreciate that!