Top Security Software

Discussion in 'other software & services' started by kman1, Nov 8, 2006.

Thread Status:
Not open for further replies.
  1. kman1

    kman1 Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    3
    I'm in the market for the top Security software around. I've been searching the web for about 4-5 hours and I have some ideas but can you all help me list the top COMMERCIAL software for the following securtiy categories. Thanks!
    firewalll-
    HIPS-
    anti-trojan-
    NIPS software-
    bufferzone-
    keylogger-
    sandboxing application-
    virtual machine-
    program checker-
    external firewall-
    router with good hosts file (whatever that means o_O) -
    registry backup-
    image backup-
    registry monitoring-

    Right now I use Kaspersky's Internet Suite as my anti-virus/firewall. I also have SystemMechanic Pro, Lavasoft's Ad-Aware Pro, and Advanced System Optimiser Pro.

    These are the programs that I was thinking of buying online in the near future:

    Sunbelt CounterSpy
    SecureIT
    VMWare
    Panda TruePrevent
    IceSword
    RunSafe
    Jetico
    Safe'n'Sec Plus
    PrevX
    -Anti-Executables
    Invircible
    DefenseWall
    virtual sandbox
    Helios
    SocketShield
    BufferShield
    DeviceWall

    Ok that's it for now. Please let me know what suggestions or whatever you have. Any and ALL advice welcomed. I'd like my laptop/PC to be as secure as possible! Thanks!!

    P.S. - what do you all think about Tor, Proxomitron, and Privoxy?? Someone just recently advised me to download and use all three of them at all times. (to keep myself safe) I was wondering what the experts here thought about that before I start using them.
     
    Last edited: Nov 8, 2006
  2. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Kman1,

    Assuming you are behind a NAT router, save your money, time, sanity, system, etc. KIS is probably all you need, especially if you practice safe hex and keep your system updated.

    The only thing you might want to look at is Sandboxie. It's good, free and will be of help when you want to surf to more dangerous areas on the net.

    Also look at using Firefox (with noscript and site advisor extensions) or Opera.

    Good luck.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I fully agree with this advice. If u really want to waste money go ahead.
    OR if u still insist, read posts here at wilders for few months so that u can be aware of what u actually need. I see so many software in ur list with exactly same function. U can,t run two similar software together.
     
  4. Old Monk

    Old Monk Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    633
    Location:
    Sheffield, UK
     
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I was looking for info about "InVircible" (I thought it was InVincible) and I stumbled on this website :
    http://www.wizlife.co.za/content/index.cfm?navID=9&itemID=30

    And this website is complaining about my Firefox :
    I find that funny, because Wilders taught me the opposite.
    You can use this website to test your browser. :D
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    KIS is excellent. Two other combinations that will provide broad spectrum protection are...

    1- Prevx, and AntiVir, and Kerio 2.1.5

    2- Online Armor AV+, and Kerio 2.1.5

    NOTE a- AntiVir and Kerio 2.1.5 are free.

    NOTE b- Online Armor AV+ includes an integral antivirus (Kaspersky) as well as a HIPS, anti-keylogger, HOSTS protection, surfing protection, email guard, & other protective modules.

    NOTE c- In the near future, Online Armor AV+ will add an integral firewall module, at no additional cost. When that occurs you won't need Kerio 2.1.5 any longer. Online Armor AV+ will function quite well on its own with no other apps.
     
  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Some observations concerning your list:

    Ice Sword is free,so is GMER.Both are good rootkit scanners.
    Helios is an alpha,very rough around the edges according to user feedback.
    Sunbelt CounterSpy is working on a beta for version 2.0 that is an improvement over the old version.I'd definitely have this program on the short list.
     
  8. kman1

    kman1 Registered Member

    Joined:
    Nov 8, 2006
    Posts:
    3
    so it seems that with my current setup (Kaspersky's Internet Suite anti-virus/firewall, SystemMechanic Pro, Lavasoft's Ad-Aware Pro, and Advanced System Optimiser Pro), all I need is Prevx, AntiVir, Kerio 2.1.5, and KIS?? (and an NAT router also)

    Agreed?? sounds good to me and a lot cheaper as well. I just wanted to see what experts would have to say about it. By the way:

    1. anything else that I just MUST have?? Just wondering.. (since I don't mind spending money on my laptop's safety :) )

    2. What do you think of my current set-up? Is there anything you see that's redundant or that does the same job as another program I have? (or whatever)??

    Thanks!
     
    Last edited: Nov 10, 2006
  9. yahoo

    yahoo Registered Member

    Joined:
    Feb 23, 2004
    Posts:
    290
    Location:
    nowhere
    You probably need some patience and do some self-learning by reading the posts at the sub-forums titled "other firewalls", "other anti-virus software", and "other anti-malware software". By doing so, you will probably get a better general idea on what computer security is about and what good security applications are available. And then you would be able to ask more specific questions on computer security which would be more helpful to you. IMHO, the most important thing in computer security is to get a good understanding on what computer security is really about. The more one understands it, the fewer security applications are really needed to keep a clean computer. Otherwise, it will not help much even with all the security applications available installed on you computer.

    KIS = Kaspersky's Internet Suite. You do not need to install a second copy of it, as you already have one copy installed. AntiVir is another anti-virus software. If you do not want to get rid of KIS, AntiVir is redundant. If you can configure the firewall of KIS properly, Kerio 2.1.5 is not a must either. My guess, according to the question you asked, is that you probably would have problem in configuring Kerio 2.1.5 at this time. If you can not configure some software properly, there is no point to have it. It also seems to me that Advanced System Optimiser Pro is a maintenance tool, and has nothing to do with computer security.
     
    Last edited: Nov 10, 2006
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I hope you have also an image backup/restore solution :

    Clean Images
    You only can create CLEAN images during an OFF-LINE installation from scratch.

    1. First Clean Image = winXPproSP2 + Drivers
    The freeware "nLite" allows you to create a new "WinXPproSP2 Installation CD" that contains most of the security patches, which means you don't have to be on-line to install these security patches.
    The only weak point is the ACTIVATION of winXPproSP2, which requires a very short internet connection.
    All the rest is installed OFF-LINE (= without internet connection).

    2. Second Clean Image = First Clean Image + all your softwares, EXCEPT
    - application softwares that can't work without internet, like browsers, email-softwares, ...
    - security softwares, like firewalls, scanners, HIPS, ...

    These softwares don't need internet and can be installed off-line without problems.
    Configure each software as much you can BEFORE taking the "Second Clean Image".

    3. Third Clean Image = Second Clean Image + all softwares that need internet, EXCEPT
    security softwares, like firewalls, scanners, HIPS, ...

    These softwares are NOT security softwares, but they are useless without an internet connection, like internet browsers, email-softwares, ...
    Configure each software as much you can BEFORE taking the "Third Clean Image"

    4. Fourth Clean Image = Third Clean Image + all security softwares.
    Some security softwares don't require an internet connection during installation and you install these softwares OFF-LINE, but don't update them yet.
    Configure each software as much you can BEFORE taking the "Fourth Clean Image"

    Some security softwares require an internet connection during installation (Windows Defender, A2, ...).
    Install these softwares AFTER creating the "Fourth Clean Image".
    If you don't have such softwares, the better.

    Rules for all clean images
    1. The timing of taking these clean images is very important and requires preparation on paper.
    2. Never overwrite these clean images and don't use them for backup anymore.
    3. Store these clean images in a separate folder on your external harddisk, because they don't belong to your daily backup folders.
    4. Only use these clean images for restoration on a formatted or a safely erased harddisk.

    Purpose of all clean images
    The bottom line is that you need these clean images to start all over again from scratch, but without doing it manually and without any infection.
    You most probably will need only one of the four images and that depends on from where you want to start the restoration.
    For instance : if you have a total new security setup in mind and want a clean computer, you might restore the "Third Clean Image" instead of the "Fourth Clean Image".

    Daily Images
    AFTER the "Fourth Clean Image" you can connect to the internet and update all your softwares and take your first "Daily Image" and so on.

    Separating your personal data
    You might consider to separate your personal files from your system files by creating two partitions : system partition [C:] and data partition [D:], but that is entirely up to you.
    I've done this since I have my new computer without any regrets.
    It's very reassuring, when you don't have to worry anymore about your personal files, when your system partition is in serious trouble.

    Immediate System Recovery
    You might consider softwares, like FirstDefense-ISR, RollbackRx, ...
    These softwares allow you to create snapshots of your system partition, which can be used for
    - immediate system recovery (rollback snapshot)
    - cleaning snapshots (frozen snapshot)
    - creating different work environments
    - creating different test environments
    - having second backup solution (only possible in FirstDefense-ISR)

    If you don't need all that, forget my post, it doesn't matter. :)
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Hi Eric, I can hardly believe that a new commer can digest this stuff all in all!
    Let him swallow bit by bit.
     
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    A solid firewall and Firefox, for starters.
    Imaging software for main course.
    Linux for dessert.
    Mrk
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Well he only has to read it, which doesn't mean he has to do it now, he can do it one year later.
    He said "Any and ALL advice is welcome", so I gave him a piece of my advice.

    He can start with a simple daily full backup and find the right image backup software for his total system to do the job properly. :)
     
  14. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    OK. I will try my very best to answer your question. If ask me any further questions here (or by PM if I forget to answer you). It is noted that all my comments regarding to the performance of the products are mainly based on my objective observations, reading on test reports. There is no personal perference is involved when picking a security product.

    I assume you are not very technically knowledgeable, so I will recommend programs which are suitable for beginners to use. It seems you are willing to pay too, so I will suggest both free and commercial products.

    First, there are many duplicating efforts in your categories. I will try to regroup your categories.

    This is the security category:
    This is the backup category:
    By the way, you may view my signature. It has my recommendations about different security products (anti-virus, software firewall, antispyware)
     
    Last edited: Nov 10, 2006
  15. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Note: I am by no means an expert. All the following are intended to be a reference only!

    Security
    There are the main categories:
    - antivirus (also antitrojan, antikeylogger)
    - hardware and software firewall
    - antispyware
    - classic HIPS
    - virtualization/sandboxing

    Antivirus (AV)
    Although it is called antivirus (which is a misnomer), it is meant to detect more than just virus. A typical anti-virus usually detects viruses, trojans, keyloggers, backdoors, macros etc.

    Free:
    Avira AntiVir (highly recommend! :thumb: ) -- excellent detection on both known and unknown malware, but have far many false alarms of detection (eg AntiVir has 20+ while most have only about 3-6)
    Avast -- much worse than AntiVir, but better than AVG: above-average detection on known malware, above-average on unknown malware, few false positives
    AVG (not recommend!) -- the worst of the above 3: in contrast to quite many public memebers which recommend this product, I discourage it. Only so-so detection rate on known malware, miserable detection rate on unknown malware, few false positives. "Free" is not a good reason of picking that AV since there are 2 better alternatives.

    Commercial:
    Kaspersky (highly recommend! :thumb: ) -- excellent detection on known malware. It has been at the top-notch level for 3 years or more. Above-average in unknown malware, few false positives. It has also good self-protection.
    BitDefender -- good detection on both known and unknown malware, few false positives
    NOD32 -- It is light and use less system resources. Good detection on both known and unknown malware. I know quite many praise it highly. However some tests and observations (one performed by me) that it may be a bit overrated. I found that it seems to be weak at detecting malware in archives correctly. It seems it is worse in detecting trojans/keyloggers which concerns me most. That makes me not too comfortable when using it. Few false positives.
    McAfee -- It used to be a very good AV. It tends to decline bit by bit every ear. Now it has good to above-average detection on known malware, above-average detection on unknown malware. It has good quality controls on signatures, so it generates very few false positives. Some may feel it is bulky.
    Norton -- It used to be so-so in detection rates. Now it has good detection on known malware, but still poor in unknown malware detection. It has good quality controls on signatures, so it generates very few false positives. Some may feel it is bulky.

    Note:
    - AV Comparatives (http://www.av-comparatives.org/ ) has already listed a large number of good anti-virus programs. An AV program has to meet its entrance criteria before it is tested under AV Comparatives. Don't pick any other anti-virus programs which are not listed here. Chances are that they are worse than any of the listed one, or they are rogue software or scum software, or the vendors refuse to let the general public know its true performance results
    - Forget about Panda and Panda TruePrevent. Its AV scores badly in the independent reviews. Panda refuses to continue participating in the independent review of AV Comparatives because it is dissatified with the results shown in the website. I would say if the company does not wish to let their product tested in the independent website, the chances are the company does not wish general public to know its true performance results. Guess why?
    - Since there are many peer products available and their performance are proved by independent reviews, don't choose a product with unknown quality. Don't believe the hypes mentioned in the author's website!

    AVs with multiple scanners:
    - F-Secure
    - Gdata AVK (German products. English support is limited)
    - TrustPort
    These are the AVs which uses more than 1 scanners from other companies. The performance is more or less (but not necessarily the same as) the combination of the scanners. It sounds like a better alternatives. But it appears they tend to be more bulky, tend to cause more instability problems. It scans longer since it uses more than 1 engine. But you can always download and try before purchase, so you can see how well they can run on your computer.


    AV reviews
    Here's the places where I base my comments on the performances of different AV:
    http://www.av-comparatives.org/ (highly recommended! :thumb: )
    http://www.av-test.org/ (recommended!)
    http://www.virus.gr/english/fullxml/default.asp (it tests so many AV, some AT/AS products, good for some basic references on their performances, but not a definitive guide)
    http://agn-www.informatik.uni-hamburg.de/vtc/ (good but outdated)
    http://www.virusbtn.com/
    http://www.icsalabs.com/

    Excellent sources of anti-virus comparison reports!!
    http://www.abxzone.com/forums/showthread.php?t=86202
     
    Last edited: Nov 10, 2006
  16. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Firewall

    Hardware vs Software Firewall
    http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp
    http://www.smallbusinesscomputing.com/webmaster/article.php/3103431

    Hardware Firewall
    A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. If you have a set of preset rules, it will determine whether the packet is to be forwarded or dropped. A router is what you need. Like other hardware, it is a standalone tangible product. You can buy in the store.

    Software Firewall
    In addition to the hardware firewall, you can also install software firewall to further improve your network security. Here is the recommendations:

    Free
    Jetico -- this is a good firewall. However it is just for the experienced users. It has excellent rates of leakage protection. Although this firewall can be attacked by different kill methods, no kill method can completely disable its rpotection, so you are still safe.
    Comodo -- so-so leakage protection but excellent kill protection.

    Free but not recommended
    ZoneAlarm Free (not recommend!) -- it is too weak and has limited functions although it is free. Use better free alternatives.
    Outpost Free (not recommend!) -- Performance-wise, this is not more or less the same as the good Outpost Pro. Please see problem1 and problem2. Outpost Free was released before Windows XP and has not been updated for it. It lags behind. Feature-wise, here's the differences between Pro VS Free versions. Here's the link for free product!!.


    Commercial
    Outpost Pro (recommend) -- It has good leakage protection. It has excellent kill protection. Only a few killtest can partially break its protection, but you are still safe since no one can completely disable it. It is a support forum which provides different rules for different programs for you to download and import to your firewall, according to your needs.
    Kaspersky Internet Security -- It has above-average leakage protection. It has excellent kill protection. Again only a few killtest can partially break its protection, but you are still safe since no one can completely disable it.
    ZoneAlarm Pro -- It has good leakage protection, and above-average kill protection. However there is an incident that it may be involved in spying for years. The case is ZoneAlarm still send encrypted data to 4 of its servers even if the user tells it not to do. Do your own diligence and judge yourself on this issue.
    Norton Internet Security -- It has good leakage protection, and above-average kill protection. It is easy for beginners to use. It has a feature which can set rules automatically for the programs it knows about. However this may pose some security problems since it may misset some of the rules which you don't notice.

    The following products are not recommended since they can be terminated easily (there is no point to use them even if there is a product which has perfect leakage protection but too easy to be terminated):
    Product==========Failures in Kill-test
    Sunbelt Kerio============16
    Netveda===============22
    Look'n'Stop=============31
    Filseclab Pro============34

    Firewall Tests
    There is only 1 firewall test which I find it good and useful. It is from www.firewallleaktester.com . It has 2 types of tests:
    Leak-tests: http://www.firewallleaktester.com/tests_overview.php
    Kill-tests: http://www.firewallleaktester.com/termination_overview.php

    Leak-tests are tests to see how good a firewall is to prevent the malware from bypassing its protection and transmitting information to the bad guy. Note that one can always tighten their firewalls by configuring the rulesets in order to pass the leaktests.

    Kill-tests are tests to see how good a firewall is to prevent itself from being terminated or nullified by the malware.
     
    Last edited: Nov 10, 2006
  17. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Questions:
    Do I need anti-trojan to detect trojans?
    Is anti-trojan necessarily better than anti-virus in detecting trojans?
    Is anti-trojan realy necessary?
    (Similar questions can be applied to anti-keyloggers)


    Short answer:
    No. Go for HIPS and sandbox solutions. It offers a more extensive protection and protect you in different aspects.

    Strange but true, anti-virus(AV) performed much better than anti-trojans(AT) in on-demand tests (eg the top AV can detect over 90% trojans, but most AT cannot even achieve 50%), although there are some minor things AT might be better than AV. If you feel you need an anti-trojan, use the free ones. Don't waste your money on paid ones. Similar logic can be applied to anti-keyloggers.

    For free and good anti-trojans, you may try Ewido (it is called AVG anti-spyware now). It has far more signatures than the rest of the antit-trojans (so it can detect more trojans and other malware). It has only on-demand scanners (ie scan on user requests). It has no real-time protection, but that doesn't matter since your anti-virus program will take care of them too.

    For details on the reasons and alternatives security products to protect you against these risks, see:

    Is a dedicated anti-trojan program really needed?
    https://www.wilderssecurity.com/showpost.php?p=855828&postcount=13

    Anti-trojan tests - you can do your own dilgence :)
    https://www.wilderssecurity.com/showthread.php?t=150192

    --------------------------------------------------------------------------------------------------

    Questions:
    Are more security products = better protection of my computer?
    Should I install as many security products as possible?
    Should I install more than 1 resident anti-virus, 1 firewall, 1 anti-spyware?


    Short answer:
    No. "More security products" is not equal to safer. You may actually make it worse for the following reasons:
    - overkill since a lot of security aspects are overlapping with one another
    - possible instability, crashes and conflicts
    - compatibility issues which may cause you more headache as a beginner
    - you may be wasting money and time for no practical benefits (or additional headaches/problems)

    Also don't install more than 1 resident anti-virus, 1 firewall, 1 anti-spyware. It is going to ask for trouble.
    However you may run 1 resident program supported by many on-demand scanners.
    For details, see https://www.wilderssecurity.com/showthread.php?t=147096
     
    Last edited: Nov 10, 2006
  18. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Anti-spyware

    If you would like to know how your anti-spyware performs, there is a good review website http://malware-test.com/antispyware.html

    Please read the following table (result present as a table for easy reading and comparing purpose) and do your own diligence:
    http://www.malware-test.com/images/total11.png

    (higher number means higher detection rates)
    red color = 1st rank
    yellow = 2nd rank
    green = 3rd rank

    If you wonder why the result from 11th round is very different from other previous rounds, it is because the samples are collected from Honeynet (simply speaking, places for real malware collection and research) in this round.
    This should somewhat represent the real situations on how well your anti-spyware can protect you against adware/spyware emerging every day on the Internet.

    If you wonder why anti-spyware performs much worse in real world situations, it is because malware writers will keep using new malware to infect your system. While old malware will keep circulating, they will keep using the latest hackology to crack/infect your computer. I may make an educated guess that anti-spyware can manage to get 10-30% of ad/spyware detection rates, while anti-virus can manage to get 30-50% in real world situations.

    How well anti-virus possibly perfrom in real world situations:
    https://www.wilderssecurity.com/showpost.php?p=839371&postcount=33
     
    Last edited: Nov 10, 2006
  19. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    HIPS / Sandbox

    Info about HIPS
    HIPS = Host-based Intrusion Prevention System

    There are many ways to classic different types of HIPS.
    To simplify the matters, here's the types of HIPS according to my classification:
    - behaviour blockers (ie the ones which will prompt based on the behaviour of the program. The decision is made by you or the HIPS or a mix, depending on the programs. Different HIPS may offer different coverage of porteciton against potentially malicious behaviours)
    - sandbox / virtualisation (ie instead of distinguish between good or bad behaviours, they try to isolate any untrusted programs. Any changes made by that program will be isolated. Thus the changes made within the isolated areas will not affect your actualt/real system)

    HIPS FAQ
    http://wiki.castlecops.com/HIPS_FAQ

    Discussions about types of HIPS
    https://www.wilderssecurity.com/showthread.php?t=152694

    ======================================================================================

    There are so many HIPS available in the market and there is no test which largely test the performances of these products, so it is rather hard to pick a product of this kind. It seems we need to pick a product based on our own (subjective) experiences or feeling.

    Behaviour Blocker
    They are the complementary to your existing antivirus/firewall/anti-spyware software.

    However as a beginner user, try to avoid any HIPS which requires much security knowledge to use. This would include HIPS which prompt you (without advice) for a decision on a behaviour/action made by a program (eg System Safety Monitor), since it is very likely you will make decisions casually or make wrong decisions, or are being cheated by a malicious program to allow its actions.

    You should choose an HIPS product which will help you make decisions (eg offering online databases, learning modes, prompts with advice etc.) You may try the following products:

    Newbie chocies
    - Prevx1 (it has an online community database to make decisions and protect you against malware)
    - Online Armour (it also has an online community database)
    - GesWall (this one is completely free, but it works a bit different. It makes use of access policy to control how a program access to the resources. You can set a specific program to run as "trusted (isolated)". It will pose more restrictions on this kind of program. Many changes will not be saved by this program)

    Require some learning
    - ProcessGuard (you need to run it in learning mode first in order to let the program to learn your system, or you will have many prompts)

    Not tried yet, but may be worth a trial
    - Kaspersky 6 - PDM component (Haven't tried, may be a good combination with its antivirus / firewall, but it requires you to make the right decision)
    - Safe 'n' Sec (it has "Intelligent Decision Make". Haven't tried. Seems to be suitable for beginners too)

    Only for advanced users
    - GhostSecurity, including Appdefend and Regdefend

    Some indepedent reviews on HIPS:
    - https://www.wilderssecurity.com/showthread.php?t=153910
    - AV Comparatives did some tests on HIPS too (the report is called "Comparative of various protection tools")
    - http://kareldjag.over-blog.com/0-categorie-69553.html
    - http://security.over-blog.com/

    ======================================================================================

    Sandbox / Virtualisation - HIPS for newbies
    Run all try to isolate any untrusted programs. Any changes made by that program will be isolated. Thus the changes made within the isolated areas will not affect your actualt/real system

    Free
    - Sandboxie (recommend!) (this is free restricted version. Some advanced features are locked unless paid. However most of the basic features are available, and you can use it as long as you can. The free version is still great. Remember you should terminate the sandbox / all untrusted programs before doing anything which require safety [eg online banking])
    - Bufferzone SAE (not good: it has several versions. Each is designed for a particular product only. Limited use. It is better to stick with sandboxie which can be used by all executable programs)

    Commercial
    - Bufferzone Pro (yes, this one is similar to sandboxie which can work with all executable programs)
    - DefenseWall

    Os-level sandboxing / virtualisation (safer than aplication-level sandboxing)
    - VMWare
    - Altiris Virtualization
    Note: There are more to do than merely safety issues.
     
    Last edited: Nov 10, 2006
  20. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Wai wai I must disagree with you on several points.
    But the major one is the firewall termination issue.

    When you run a program ... locally ... with admin privileges - it's over. Firewalls are supposed to protect from external threats. Not from your own folly. You could as well say boot from a floppy and erase the hard disk. Why not? Where is the protection there? One you do something locally - game over.

    Firewalls should be valued by their ability to filter traffic. That's all. Everything else is fancy, including nips, hips, chips, web annoyance etc. And the ability to be configured safely with minimum effort so that even noobs will be able to use them efficiently.

    Jetico is a great firewall, but being adequate for about 0.000000001% of users, it is a bad firewall. Good for Wilders hardcore hobbyists, bad for someone who thinks computers are magic.

    If you get infected and something kills your firewall - unplug the line. Very simple. Nothing gets through.

    Mrk
     
  21. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    Other questions answered

    OK. Try to answer questions asked for specific products.

    > Sunbelt CounterSpy
    This anti-spyware is good, better than your ad-aware. You may try.
    but it may be a bit bulky. Doesn't matter if you have fast/good hardware.

    > SecureIT
    Hey, this is not for you. :cool:
    SecureIT helps organizations assess their vulnerability to a broad spectrum of technological and other risks.


    > VMWare
    This is OS virtualisation.
    You may use it for safety purpose, but there are many other purposes too (eg testing applications, avoid dll conflicts)

    > Panda TruePrevent
    Forget this one. Performance is bad. Refuse to participate in independent review of AV Comparatives.

    > IceSword
    Can be used to analyse rootkits.
    Forget it. Not for beginners.

    > RunSafe
    Run program as limited account (restricted).
    In Windows XP, you can be a limited user, power user, adminsitrator etc.
    Limited user has the least rights, defined by Windows XP.
    You may change the rules, if you know how to.
    Another alternative: DropMyRights (completely free).

    > Jetico
    Explained in firewall section.
    Not for beginners.

    > Safe'n'Sec Plus
    > PrevX
    > DefenseWall
    > virtual sandbox <-- not good in my opinion
    See HIPS section for details

    > Anti-Executables
    Simple program.
    Only run programs which have been trusted.
    Any program which is not in that list will not be able to run.

    > Invircible
    Forget it.
    Stick with the reputable or top-notch AV.
    Avoid unknown AV program. May be rogue.

    > Helios
    What is it?

    > SocketShield
    > BufferShield
    Forget it.
    Stick with the choices recommended in my HIPS sections.

    > DeviceWall
    Are you afraid of someone who will plugin a (movable) device and steal your data?
    If not, save it.


    Tor and Privoxy will run together.
    This is called proxy surfing. It is more to do with anonymity/privacy, not security. However there are many implications about proxy surfing and anonymity. It will also slow down your browsing.
    Forget it if you do not have specific needs for that.

    Proxomitron is to control how website can display.
    It filters codes before a website is displayed.
    It is multi-purpose, including security ones.
    You may run it, but you need to learn how to use it. Not for beginners.

    Alternatively you may try McAfee SiteAdvisor. It will tell you which website is good, cautious, or dangerous. It has an analysis page for each website, so you can know more details in case you wish to know.

    Final word on choices of security products (Please read!)
    Don't try every security product which sounds great or wonderful, or which just come across you. They may be after all hype. There are many rubbish security products on the Internet. Some even produce scum-typed or rogue security products to rip your money off, or install additional malware to your system.
    Only pick your choice from the most reputable ones (eg the ones in my abovementioned posts).



    Hope all the above helps.
    Please spend some time to read through all of them.
    It should help you much in security.
    Tell me what you feel.
    See you. :)
     
    Last edited: Nov 10, 2006
  22. Wai_Wai

    Wai_Wai Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    556
    That's fine.
    Beware that since the above posts are intended to be read by a newbie/beginner (or the questioner), and it is never intended to be complete, I may leave out many details or don't explain something in depth.


    That's why it is dangeorus to run as an administrator account - too many (bad) rights. However it is also an annoyance to run as a limited-user account.

    I think every security program (not just firewall) should try to protect itself form being modification/termination/hijacking etc. What's the point of having the best protection if your protection can easily be disabled? It is equal to installing many locks on the door but you leave the keys under the door-carpet.

    Plus it is still not 100% fool-proof that the security program will never be modified or terminated if you run in a limited-user account. There is always a vulnerability in the operating system.
     
  23. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Secure-It (notice the hyphen) on the other hand, can be used for tightening Windows/Internet Explorer settings. supposedly it may break some things tho.

    btw keep up teh informative posts Wai_Wai :thumb:
     
  24. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    I side with Mrkvonic here. A firewall is meant to filter packets and that is it. All of this application control and other stuff is add ons that go beyond the original purpose of a firewall. An av is for detecting viruses and other malware based on signatures and heuristics. A HIPS like Process Guard, SSM, etc. is for protecting processes, allowing a user to control which executables run, etc. It is pretty worthless for every single program to try and protect its own termination, when one application can do the job that all of your security apps are trying to do simultaneously.

    Secondly, I don't think you should include outpost free as a viable option. See here and here :doubt:

    Thirdly, AVG bashing isn't the best thing to do. The av is continually improving and the detection really isn't that bad. However heuristics on the other hand need a little bit of work.

    Fourthly, Comodo probably has the best leak detection out there along with Outpost. I don't know why you call it so-so :doubt:

    Fifthly, I use Secure-it and it is nice for hardening the TCP/IP Stack in case your firewall gets knocked out of permission. Required, no, but helpful in case something happens, yes

    Sixthly, virus.gr is pretty bad at testing, so I don't think it is a real valid link to be giving to people, especially beginners who take one test a little to far ;) .

    Just some pointers though...
    --------------------------------------

    To the original poster:

    I would stick with the basics for security. You will need a good firewall like ZoneAlarm, Comodo, Ghostwall, CHX-I, or even Windows SP2 firewall, a solid av like KAV, NOD32, Antivir, and maybe a HIPS like System Safety Monitor or Process Guard if you feel ready for them. This will be sufficient for your security. Also, I always recommend browsers other than IE because of the fact I like them more :D . Opera is always an excellent choice. Remember to play around with some of the choices given by users here and find what you personally like and what fits your system the best.

    Cheers,

    Alphalutra1
     
  25. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    isnt that what harden-it does? iirc secure-it is for hardening IE.
     
Loading...
Thread Status:
Not open for further replies.