Security suite for the dangerous surfer?

Discussion in 'other anti-malware software' started by ejr, Dec 9, 2006.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Let's assume that your PC is about to be exposed to some very bad habits. This time of year, with family and friends coming over and in for the holidays, this isn't a bad assumption. Maybe your teeanage nephews might try to donwload music while they are in town. They might also send instant messages to their friends. Your brother in-law might hit some porno sites while nobody is looking. And your mother might even be surfing on your computer during the holidays. So your PC could be much more at risk during the holiday season than it would be at any other time.

    Keeping in mind that none of the people that will be on your PC are computer experts, what software would you put on your PC to protect it from these bad habits? You can't use any of the advanced HIPS programs like SSM or Pro Security because the end users won't know how to use it.

    Basically, set up up a suite for really dangerous surfing habits. For bonus points keep it light on resources and inexpensive. Though this is optional.
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    1) Anti-Executable or similar, to prevent any unauthorized installation - deliberate or remote - of executables

    2) Deep Freeze or similar: system reverts to previous good state on reboot.

    Both of these programs require no action/knowledge on the part of your guests: any unauthorized activity is "default deny."

    regards,

    -rich
     
  3. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    It's not just dangerous surfing you have to worry about. What about deleting files/folders, etc. I would recommend something like FirstDefense ISR and use a 'frozen', password protected snapshot. Or protect all partitions with ShadowUser.
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    1. Take an image b4 they come & restore it after they leave.

    2. mobile/exchangeable drive racks
    Excellent if you share the computer with others. Especially when they're click happy, turn off AV & PF cause an app told them. Etc.
    So the OS is crippled. Who cares? Wait till they all leave.
    Just pop their tray out. And put in your saved&clean HDD. And when you're done. Reclone. You have 2 clean HDDs.


    Because any unsafe surfer/knucklehead can defeat any security suite.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Since his users are not computer literate, SU may not be a good choice since decisions to commit/discard must be made before reboot (if I understand it correctly).

    DF is more bullet proof for this situation, in that all changes are discarded by default upon reboot.

    AE will prevent any deleting of executables (incl. drivers) which might crash the system.

    regards,

    -rich
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Use any good imaging program - make a full image and then let them do what they want. when they have gone home restore the image and its as though nothing has happened. I use Acronis and reset the lap tops and desk machines used by my family all year round. Its easier than trying to get them to be secure.
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    depends how unsafe they are IMO.
    in some cases it might be ok to use limited account put password protection on antivirus and firewall and run IE in sandbox.
    lodore
     
  8. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
    Can't get any safer than a Linux virtual run from a CD using Firefox on your Windows box. No Windows files to infect and any junk collected goes bye-bye when you switch to your main OS.

    You just download a Linux (like Ubuntu) iso, burn it to a CD and boot your computer with the CD inserted. Usually, the BIOS has the boot menu with the CD before the hard drive. Don't install Linux, just boot the CD and voila' bullet proof surfing.
     
  9. controler

    controler Guest

    Make um use the guest account ;)
     
  10. [suave]

    [suave] Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    218
    VMWare is good. If anyone ever uses my PC it's always my virtual machine :)
     
  11. tobacco

    tobacco Frequent Poster

    Joined:
    Nov 7, 2005
    Posts:
    1,497
    Location:
    British Columbia
    Or just hide it away somewhere and tell them it's still in the shop since their last visit!:D
     
  12. Lucy

    Lucy Registered Member

    Joined:
    Apr 25, 2006
    Posts:
    401
    Location:
    France
    For a very unsafe surfing, one should have BZ or DW, or Geswall or sandboxie. These tools have been designed for this purpose. And after surfing, you can erase changes made to the system easily. Because downloaded stuff is isolated, no worries.

    It should be definitely the first line of defense. As Ilya says, you can always have an AV (or even another kind of hips like behaviour blocker) to make you feel more comfortable.
     
  13. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Other than your normal anti-malware and firewall setup, you might consider something like LinkScanner Pro and a Limited User, or better yet Guest, account. I would also restrict internet usage to a browser like Firefox or Opera. If you happen to use Prevx1 you could also set it to automatically block unknown programs (and password protect the console).
     
  14. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I agree with controler...
    Password protect your account and switch on the guest account.
    Another good suggerstion by [suave]...
    For simplicity download and install the vmplayer goto easyvmx and download the .vmx relating to your os disk, make and give them their own vm. Just delete it when they're gone.
    All are good suggestions and I think I can also add one http://www.microsoft.com/windowsxp/sharedaccess/default.mspx
    ms shared computer toolkit.
     
  15. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Kaspersky and Prevx1 have protected me during dangeous surfing, but for newbies i guess different measures (sandox or rollback software) would be more appropriate.
     
  16. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    Download Site adviser
     
  17. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    2 options -- each 99% bullet proof..

    1- DeepFreeze the drive so nothing permanent gets added/deleted/modified. NOTHING! (60-day free trial)
    OR
    2- Image-for-DOS the drive before they start, then restore the image after they leave. (30-day free trial).
     
  18. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: People tend to use public computers to do crazy tasks, just because these machines are not their own. And Adm. of these boxes put in DeepFreeze to counteract these attempts. And it works most of the time. And saves them a lot a lot of downtime. If every pc would come w/ DF installed, all the anti-malwares vendors would cry blue all the way to their banks.:)
     
  19. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I am trialing Defence wall (30 day trial), I was lurking on their forum to see what I could pickup. I saw you were there asking questions
     
  20. herbalist

    herbalist Guest

    I'd use a 2 pronged approach:
    1. Make your present security setup as tight as possible.
    2. Make a full system backup in case step 1 fails.

    For step 1, making a separate profile or account for guest users, is an excellent start.
    If you use a HIPS or similar software, make use of any password option it has that prevents access to its user interface.
    Set the HIPS to not prompt for unknowns and just block them outright.
    If your firewall has a password option, that prevents shutdown or access to the ruleset, use it.
    If your browser has a master password option, use it to keep them from using your accounts.
    Hopefully, none of these guest users are of the "geek wannabe" types that know just enough to be dangerous, ones that will try to shut down or uninstall a firewall, delete their browser history or try to add a porn program. If you have any suspicions that a potential user might qualify as one of these, try to take some additional precautions.
    1. Use an install monitoring program like Inctrl5 to take a system snapshot before the guests use the PC. Then take another after they're gone. All file system and registry changes will be documented, giving you an easier time undoing any changes they might have made. Yes, system backup would make this unnecessary, but it can be useful with young users to determine just what they've been doing, in case there's something their parents need to know about. Index.dat suite can be useful for those "guests" who think they can hide their online activities by clearing the history and cookies.
    2. Deny them access to the control panel, the add-remove programs applet, the browser security settings, etc
    3. If you have any software that can control what areas of the file system they can access, block them from your personal files, the core system folders, etc.

    For step 2, the creating a full system backup, if you have a backup program like Acronis, Image for DOS, etc, you already have the solution to whatever they can do. If you don't have good backup software, make a restore point. At a bare minimum, make a full registry backup.
    Hopefully, they'll all behave and you won't have to use any of the backups.
    Rick
     
  21. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    whilst I accept all your points isn't certainty better than hope ? - i.e just make an image, let them do what they like and then restore the image - no need to hope nor be concerned about what they have done.
     
  22. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    As others have said, set up a limited user account for their use. If you have XP Pro, activate the software restriction policy and just use the default rules. I think that would be enough.

    Plus for my bonus points, it's extremely light and is free (assuming you have XP pro not home).
     
  23. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Cheap,very secure and light for surfing wherever - Sandboxie.

    Place a shortcut to "run the default web browser under Sandboxie" on desktop, right click - rename to your browser and also change the icon to suit.

    Hide or delete any other browser shortcuts and your guest users probably won't even know they are surfing inside the sandbox.
     
  24. security_concerned

    security_concerned Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    24
    Set bios to boot from cdrom first and disable hard drive boot altogether. Password protect bios.
    Boot live linux cd and enjoy.
     
Loading...
Thread Status:
Not open for further replies.