Security that doesnt need an internet connection

Discussion in 'other anti-malware software' started by trott3r, Jul 4, 2015.

  1. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Hello,
    I have a thinkpad laptop that i take into college for my course and I want to revamp my security on it as the college blocks AV updates so cloud scanning is not possible.

    I found SuRun too invasive and obstructive and MCshield seems to use the cloud.

    So what security can I use that will not require cloud analysis?

    Does malwarebytes and hitmanpro use the cloud?
    I know voodoo shield uses the cloud to scan with x number of AV engines online and so is unsuitable in my situation.

    I can update at home but obviously tend to forget to do so before i go into college :(

    thanks for your time

    Martin
     
  2. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,770
    Location:
    Nicaragua
    Sandboxie is perfect for college. It doesn't need internet or constant updates. In college, sharing information via flash drives is common. By using SBIE, you can set/force USB drives to open up sandboxed automatically whenever a flash drive gets plugged to the laptop. Anything that runs, runs sandboxed.

    Bo
     
  3. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    What you're really asking is how can you secure an XP machine in someone else's LAN. You can find some examples in this thread of what other Wilders users are doing:
    https://www.wilderssecurity.com/threads/are-you-still-using-windows-xp.374090/

    Some questions:
    1. Can you use a VPN at your uni?
    2. What mechanisms of infection most concern you? Local LAN users? Web exploits? Trojans via USB?
    3. What information is most at risk on the laptop?
    4. When is the last time your security setup was challenged? i.e. has there been a time where a real-time AV/AM was the only thing preventing an infection?

    My XP setup has remained the same, although I'd probably add MBAE to it as well next time I have access to it:
    - rationalised which services could run;
    - used hardening tools (e.g. xpy/xp-antispy/SafeXP/SeconfigXP etc) (effectively this had disabled all ports when I tested later);
    - turned off any unnecessary networking;
    - use Simple Software Restriction Policy (http://iwrconsultancy.co.uk/softwarepolicy) + using the inbuilt StripMyRights extensively on programs to run as limited users;
    - use portable apps like SumatraPDF;
    - Rollback XP to restore the system partition;
    - browser with ublock, whitelist only for plugins, NoScript.

    I was quite paranoid when I trialled that setup initially, monitoring for dropped PEs, but I haven't had a single challenge to the system. The most effective elements are probably the HW firewall; limiting LAN networking; and limiting the attack surface of the browser. The software policy is more of a backup plan which prevents anything running that you haven't installed, and will also effectively protect against USB threats. I've had to clean all the PCs of everyone I live with, but haven't run it in a large LAN yet and so I don't personally bother with anything but the default firewall. You have Kerio, so just decide for yourself if the rules you use are sufficient to protect against other LAN users.
     
  4. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    Its been a long time since i used sandboxie and it seems when reading other members posts that it is fairly involved setting it up and getting it to work with other new programs.

    thanks for the suggestion
     
  5. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    1) I have not tried a VPN and will be setting it up outside of college before i take it in.
    I dont use a VPN at home so the extra setup doesnt seem to justify the ends.

    2) I dont know what would be the most risky but i imagine local LAN and USB are the bigger threats.
    I could handle web exploits with MBAE or hitmanpro.alert.

    3) Its not my main computer ie no banking stuff at risk.
    Thus Usual web sites passwords and college work.

    4) Its not been challenged but i could have been prevented since i dont check logs unless something popped up.
    Also i dont tend to scan with the lack of definition updates.

    I am doing technical courses which need me to delve into windows which was very difficult with SuRun set up so hardening with SRP and getting rid of services is a no no for me.
    Why would portable apps be any better to use?
    unless you are just thinking avoid default apps like adobe acrobat for pdf etc.

    Rollback would be a good idea.
    The web browser hardenig i dont think is very necessary apart from flash block and exploit protect with hmpa or mbae.

    LAN threats could be interesting, I havent got much recent experience with kerio and could put outpost pro and harden using that.
    I originally used kerio as its lighter than OP.
     
  6. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
    The only reason I mentioned VPN is to consider the option to run updates even while at college. Personally I don't see AM/AV as a vital component to security, so it shouldn't matter greatly.

    Yes, I use things like SumatraPDF because they're more difficult to exploit, and not just through obscurity - SumatraPDF doesn't accept scripts for instance. The fact that it loads instantly doesn't hurt either. Portable apps are just my personal preference, but they do make life easier if I ever had to recover post-infection.

    I don't blame you for not enjoying SuRun. Personally I prefer to run as a full admin since I trust myself, and running specific programs as untrusted/limited. The setup for that is a simple as adding a program to the .ini file, and never thinking about it again.


    USB:
    If USB is a main threat, then SRP could theoretically be setup solely to prevent file execution from USB drives - which takes out one of the main mechanisms of infection. Using SSRP mentioned previously, would just involve whitelisting the entire system drive and DVD so that only USB drives are blocked. Pretty sure you're aware of Bouncer, so that's another option. USB specific programs like Panda USB Autorun Vaccine I suppose might be useful.

    Web:
    I don't even think Flashblock is necessary for the web browser, I just use "Ask to activate" and the built-in whitelisting to control browser plugins.

    LAN:
    That's fair enough if you're unable to rationalise services. You might still consider which network protocols and ports you need to keep open though, as the system operates perfectly fine with these disabled - and it'll reduce the risk from LAN. There are users here with a good level of knowledge for using Kerio, so worth holding onto if that's lighter.


    There's no one perfect setup, so let us know what you eventually go with :)

     
  7. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,016
    Imaging (i.e. a backup solution) and Sandboxie. ;)
     
  8. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK

    Sorry for the delay work got in the way =)

    Okay i understand your rationale for using portable apps and i do it myself for similiar reasons ie restoring the os.
    Running a VPN is likely to be against college policy and could get me in trouble so i think i will give that a miss.

    re:USB flash drives
    I do not know what bouncer is.
    Not sure if i have come across panda usb vaccine or not so i will have to look into that.

    While there are users with good knowledge of kerio they may not be willing to help out as it is an abandoned/sold on program.
     
  9. RJK3

    RJK3 Registered Member

    Joined:
    Apr 4, 2011
    Posts:
    855
  10. trott3r

    trott3r Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    830
    Location:
    UK
    ah.
    it was not for xp at the time which is why i didnt subscribe to that thread and so forgot about it.
     
Loading...