Trouble deciding on security setup

Discussion in 'other anti-malware software' started by SafetyShoe, Oct 26, 2007.

Thread Status:
Not open for further replies.
  1. SafetyShoe

    SafetyShoe Registered Member

    Joined:
    May 15, 2007
    Posts:
    4
    Location:
    Canada
    I am preparing to get a new security setup as my McAfee Security Suite will expire.

    I'm looking into a free setup.
    I already have the following in mind (which I am actually using on an older comp):
    AviraPE
    Comodo Firewall
    Winpatrol

    I am also considering:
    Sandboxie
    Returnil

    ----------

    I have downloaded and installed Returnil on my system but I'm confused as to how it works.
    I have turned on system protection.
    It says that changes made to my system partition will be deleted once i exit windows.

    Does this mean that if there are any registry changes or if i install something that requires it to modify registry, the program changes wont stay and then the program will not function properly?

    I am also confused as to what the session lock function does.

    ----------

    With Sandboxie, i noticed that my changes in firefox such as history, current tabs, downloads, wont be saved once i clear the sandbox.
    Do most users install the add-ons of their choice before using firefox in a sandbox to preserve their settings/preferences?

    ----------

    I also need some suggestions for HIPS/anti-spyware.
    I don't want anything too bothersome for HIPS.

    I will have SAS free on-demand for antispyware.

    How is OA Free firewall compared to Comodo FW?
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Not only that, the program itself will be entirely gone like it was never there. Everything that happens after you turn on protection will be completely gone after you reboot. Poof.

    So if you need to make any permanent change to your computer, do it first, THEN turn on protection.

    It turns on Returnil's protection. If you don't set Returnil to automatically turn on protection upon startup, you may do it by hand any time by clicking on Session Lock.

    Yes.

    Another option you could do is to tell Sandboxie to allow Firefox to bypass protection and write directly to the real history/tabs/downloads etc records on the HD. This requires some editing of .ini files. Post back if you need further help per this.

    HIPS are designed to be bothersome. The more bothersome they are, the better they are at their job; that's just how they work. You're probably looking for a behavior blocker instead.
     
  3. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Both are good firewalls and passed the Shields Up stealth scan at grc.com.
    I switched from Comodo to OA free when it was offered.It boils down to preference,I prefer OA free.
    Keep in mind that Comodo version 3.0 is in beta and also shows a lot of promise.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi SafetyShoe. AviraPE, Comodo and Winpatrol are ok. If you decide to go with OA free, that may eliminate the need for Winpatrol and Comodo. One of the HIPS experts would have to confirm or deny this. Also, OA is both a firewall and HIPS.

    For now, worry about getting comfortable with either Sandboxie or Returnil. I personally would get acquainted with Sandboxie first. Check out their site and Help and FAQs. Especially the Getting Started and FAQs.

    I've changed my Sandboxie a little, but it asks if I want to recover a file when I exit. Sandboxie can also be configured to delete all contents when closing your browser or whatever your running in the sandbox. If you want to exclude something so that it's not delelted, Open Sandboxies Main Window - click Configuration - scroll to 'Sandbox Settings' then click 'Set auto-matic cleanup options'. Then on the right side check which options you want to keep and if you want them Recovered immediately, check the box at the bottom. I can't remember what the default settings are.

    With Returnil, Session Lock is just like an on switch. It turns on the system protection or virtualization. If you install a program or surf or whatever while protection is on, a reboot will delete all changes that occurred during the protected session. You only need to reboot to turn off protection or clear changes in the case of running protection all the time. Their help file should help explain how everything works.

    You can install anything when Returnil's protection is on. When you reboot, all the changes will be gone. If you want to install a program that needs a reboot to finish installing (firewalls, AVs, some Windows updates), it won't work because the reboot clears the changes. You will need a different program to install such programs. I however have installed browsers, extensions, a little media player while protected and when done playing with them, I rebooted and they where gone. It's good for testing/trying things like that.

    Also keep in mind that Sandboxie only protects whatever program runs in it such as your browsers, media player, email programs, instant messangers. Returnil protects whatever is run, installed or changed in your whole system partition. Only you can decide which one your like or need. For now, I use Sandboxie daily when browsing and when I feel like I need extra protection or when I visit an unsafe site, I turn on Returnil via Session Lock. Your needs may vary.

    This is just my opinion, but if you decided on Avira PE, OA free and Sandboxie for your internet facing programs. That's pretty good protection. Just make sure what programs you download are scanned by good free scanners and if your unfamiliar with the programs you can upload them to VirusTotal or Jotti.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    SafetyShoe (how did you invent this nickname),

    AntivirPE plus OA-free is a good combination. OA practically is as good a firewall as Comodo with practically no pop-ups (and lighter CPU use).

    To make OA pop-up quiet you apply the following.

    1. Unselect the warn me when an unknown program starts option. OA will still watch some malicious behavior (like DLL injection, etc.) to contain the integrity of your system.

    2. Browse the programs list (unselect hide trusted aps) and select the run safer option for all your threatgates programs like webbrowser (e.g. Opera, Firefox), mail (e.g. outlook express), P2P (e.g. LimeWire), Windows Media Player, chat, messenger, downloadmaagers etc.
    They will turn up light blue in the list. Now these programs and the programs started by these progorams run with limited user rights. Note when you want to install a program, you first have to save it on disk (because choosing for instance run from within your browser will not allow the installer to change certain registry settings and installing a driver).

    3. Check from time to time your program list. Unknown programs will appear in grey. When it is a trusted program, allow it with the OA.

    People liking a classical HIPS will not agree with the above, but because you did not use an AntiExecutabel before, it will provide you with a faster FW and some additional limited user protection of your threatgates programs. With this settting you won't need Returnil.

    So you will not use OA optimally, but compared to your previous security set it is safer (and user friendlier because OA is a bit easier to use as a FW than Comodo). Also Comodo won't protect you against DLL injection and OA will. So all considered you will be having a stronger setup.

    When you have an older PC, you could check your BIOS manual. It might have a Master Boot Protection option or "protect against virus"option. Switching this on is a good extra with no performance loss. Also check whether your Processor has DEP capabilities. If so switch DEP on for all programs in XP. You could also harden your system a bit with SafeXP. First safe your settings to file, then press the press the recommended settings. When your system works okay (problably will), you add some as shown in the attachement.

    Another good idea is to use Opera. It is fast and it can be skinned to look just as Firefox or IE (see pic).

    Regards Kees
     

    Attached Files:

    Last edited: Oct 27, 2007
  6. StevieE9

    StevieE9 Registered Member

    Joined:
    Jan 16, 2007
    Posts:
    139
    1. Your initial suggested free setup is excellent.
    2. Comodo BO Clean is my best suggestion for a combined definitions/behavioural anti-spyware active onguard program.
    3. Comodo Pro is far and away better, in my usage opinion of both, than Outpost Free
     
  7. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    OnlineArmor compared to Comodo is a matter of personal preference. The choice should maybe be based on other things, like support-forums, logging abilities, ease of use, etc. Visiting both forums would give you a good idea as to which will suit your needs better. Both score very well in leak tests, and the difference being that OA does have a pay-version.
     
  8. SafetyShoe

    SafetyShoe Registered Member

    Joined:
    May 15, 2007
    Posts:
    4
    Location:
    Canada
    Thank you all for your help! Greatly appreciated.
    --------
    Firstly, regarding returnil,

    i have system protection from startup, this probably explains why my session lock is greyed out :D

    So basically, if I don't want to have the protection on from startup (say if i were to install programs), i should have the protection off from start up, install things and then turn on session lock to protect me for the rest of the time?

    does returnil prevent firefox from saving tabs/bookmarks/downloads/history when i reboot the computer?
    --------

    Sandboxie sound like a lot of configuration will be required.
    Would GesWall be easier to manage and offer similiar protection?

    --------

    I will probably try OA-Free first, and if i don't like it, i'll go to comodo.
    How is Outpost Firewall PRO (it is available free with TrailPay)?

    So it looks like the setup will be:
    AviraPE
    OA Free/Comodo
    BOClean
    Winpatrol (if Comodo)
    Returnil
    Sandboxie

    + Other on demand

    --------
    Random:
    My normal nickname is Shoe, and since this forum is about security, i though SafetyShoe, which is also like a steeltip shoe for safety in construction working etc. ;)
     
  9. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Yes

    Yes, unless you move your Firefox profile to another partition or to the Virtual Partition. Returnil only protects the system partition so that means you can save your data to another partition, VP or elsewhere.

    It's not that hard at all and once you have it setup/configured, all you need to do is click a shortcut. Sandboxies forum is also very helpful. GesWall is similar, but different, it's really up to you as to which you like. I will see if I can post a screen shot as to the Sandboxie setup box.

    :thumb: I don't think Winpatrol is as strong as OA free as far as HIPS go or it's self protection. It all depends on your habits and wants. If you try OA, give it some time. Actually, get used to Sandboxie and Returnil for now. After your comfortable and understand them, then give OA a try.

    If you uninstall Comodo, make sure you follow their instructions. It should be posted at their forums. I think they also have a tool to remove it in case of problems.

    In the picture I attached, you can clearly see the things you can choose to recover within Sandboxie. You can check the 'Firefox Profiles' and then check 'Enable Immediate Recovery for these folders'. That should solve your problems using SBIE and Firefox. Please note that my settings pictured are different as I want to pick and choose what I restore. You will need to select the appropriate boxes. The instructions to get to this setting should be in my other post. At least it does in version 3.01.

    innerpeace
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.