Suggestions for better security - is my setup enough?

Discussion in 'other anti-malware software' started by ssecure, May 29, 2009.

Thread Status:
Not open for further replies.
  1. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Hi people. I may need to use my computer for sensitive tasks such as online banking so I was wondering if my system is secury enough.

    I plan to do a clean install with win xp sp3 and add these programs...

    Latest eset smart security 4

    Malwarebytes antimalware (free so no real time protection)

    Winpatrol (also free so small delay not realtime)

    Firefox browser may have to use v2 here...is that big secutiry risk?
    security extensions adblock and noscript

    My questions...are eset and winpatrol enough as kind of HIPS software?
    Also is this setup enoguh or would you recommend extra software specifically for keyloggers anti-trojans or rootkits etc...

    After I get everything installed I plan to run in limited account most of the time, how does that help with infections? If I get infected and virus/malware is in the limited account doesnt that mean that it can still steal my login data for example? The thing that it prevents is compomising the whole system...is this correct? Also will the security software work with the same privilages in such an account so it doesnt have issues blocking traffic or cleaning threats for example?

    Another sub question. I may have to use internet explorer or programs that utilise it in some form...I've stopped using that thing years ago when I got major infection...How to secure it properly? What version to use...addons...etc...

    I hear ppl swear by sandboxie...How does it work exactly? If you get infection in the box arent you still comprimised to a certain degree if you're still surfing online with the same box? Sure it cant spread but your current session will be comprimised, true? Also if your have keyloggers,malware etc, that will still compromise the session in the sandbox becos it just protects you from the browser not other way round?

    Also would you recommened sandboxing all the browsers right after clean install? How will that affect the browser performance becos it still needs to call up stuff from outside like java,flash etc... For example would those special flash cookies work in the sandbox?

    Thanks looking forward to your suggestions.
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    No need for any additional software. Why FF only v2? You should move to ver3 if possible. On occasion you will have use admin account for maintenance and installing software that does not like limited account. Install IE8 and keep you box up to date with patches.
     
  3. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    Tnx, any good tutorials/guides on how to configure the lua? I basically just make a lua and use it as is, is that enough?
     
  4. demonon

    demonon Guest

  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I just read through the thread on setting up XP LUA's and I just find it sad that XP users have to basically use third-party scripts and hacks in order to do obtain just a fraction of the permissions controls that Unix/Linux can do out of the box. Maybe this has changed with Vista and Win7? Let us hope so.
     
  6. Someone

    Someone Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    1,106
    Personally I would replace WinPatrol with Prevx or ThreatFire.

    As others have said keeping your apps up to date is very important, you can Secunia Personal Software Inspectorto do this.

    You can read more about Sandboxie on its website.
     
  7. ssecure

    ssecure Registered Member

    Joined:
    May 29, 2009
    Posts:
    23
    I dont that I would replace it because threatfire is a different category then winpatrol. Winpatrol monitors things like major changes in browsers (mostly IE) startup programs, adding of windows services....but its not 100% effective and has delay.

    So its kind of basic hips I guess while Threafire seems to flag all possible malicious software. But thanks for the link, I'll look into adding it, I needed smth to defend againt possible keyloggers and this seems to do that. I dont know would I need to add smth against keyloggers considering my current setup though.

    Actually I may have to use admistrative account because some programs I use may need it...If thats true I may have to use admistrative most of the time. How would that change the security setup? Would I need to add some extra applications or configure the account in some way to better security? Is there a way to grant certain applications admistrator status while you're in LUA?
     
  8. demonon

    demonon Guest

    Yes, I too found the Unix/Linux model way better.
    In Windows there are allot of programs that won't run appropriately in a LUA and you have to elevate their rights to run them.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    In a limited account, malware can still steal or mess with your data.

    Security software can run in a different account than the user account you are using. Look at task manager at the 'user name' column.

    KeyScrambler Personal works with Firefox. You could also consider using a live cd to do your online banking.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Please see https://www.wilderssecurity.com/showthread.php?t=196737.
     
  11. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm assuming you are the sole user of the computer.

    Most arguments for setting up as a Limited user start from this premise:

    Applying the Principle of Least Privilege to User Accounts on Windows XP
    http://technet.microsoft.com/en-us/library/bb456992.aspx
    However, using a firewall/router and a browser properly configured, you are pretty much immune from the compromised web site attacks. If your eset suite or other product in your security setup includes something that blocks malicious software as mentioned above, from installing w/o your permission, then you are protected against the unexpected.

    I've been running as Administrator since beginning with Win9x and have never had problem. Another poster at Wilders uses Software Restriction Policies and also runs as Administrator. (maybe he will post a comment).

    I'm not advising that you do this, because security first and foremost must insure your own peace of mind, so you have to do what makes you most comfortable.

    But since you say that you may have to "use admistrative most of the time" this is just to point out that it is possible to be secure when running as Administrator, when set up with proper protection.

    regards,

    rich
     
    Last edited: May 31, 2009
  12. Dogbiscuit

    Dogbiscuit Guest

Loading...
Thread Status:
Not open for further replies.