Usability versus Protection test result

Discussion in 'other anti-malware software' started by Kees1958, Sep 17, 2006.

Thread Status:
Not open for further replies.
  1. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Topic: Multi layered security setup research (and advice) on usability versus protection

    The IT-manager of the company I work for, always uses IT-students to do additional security research.
    Recently he asked an IT-graduate to configure a multi layered security setup for the home PC's of our employees with the following limitations:
    • use the test method Kareldjag describes in his reviews
    • available budget is 50 euro's once, with no recurring annual fee's
    • use as much freeware as possible
    • determine setups for three types of users: power user, advanced user, normal user

    Discussing security is the same as with art, religion and beauty: there are as many opinions as there are people, everyone has his/hers own preferences and priorities.

    Normal user: security illiterate, should not get pop-up messages, looks at functionality not programs, downloads music, movies and surfs the internet for information and other hobbies.
    Security layers:
    - traffic : firewall only inbound protection Microsoft firewall FREE, (note 1)
    - data : antivirus ANTIVIR FREE (note 2)
    - process : Cyberhawk FREE to protect against DLL-injection, et cetera
    - registry : PrevXHome FREE to protect the vulnerable Windows area's (note 3)
    - threat gates : DefenseWall paid version (30 US lifetime lisence) to protect the gates of your PC
    (Internet, P2P, e-mail, floppy drive, DVD/CD-Rom drives)
    - data theft : non (note 1)

    Total installation time on average 20 minutes
    Total cost 30 US dollars

    Advanced user: security aware, can interpret info on meta level (e.g. process, registry) pop-ups, occasionally improves functionality of PC by downloading new programs
    Security layers:
    - traffic : firewall only inbound protection Microsoft firewall FREE or preferably his/her Nat-router (note 4)
    - data : antivirus ANTIVIR FREE
    - process : ProcessGuard FREE to protect against DLL-injection, modification, start up
    - registry : PrevXHome FREE to protect the vulnarable WIndows area's
    - threat gates : DefenseWall paid version (30 US lifetime lisence) to protect the gates of your PC
    (Internet, P2P, e-mail, floppy drive, DVD/CDRom drives)
    - data theft : Kryptus to encrypt private folders (see note 5)

    Total installation time on average 1 hour 15 minutes (see note 6)
    Total cost 30 US dollars

    Power user: security hobbyist, can interpret info on micro level (e.g. process, registry) pop-ups, frequently improves functionality of PC by downloading new programs
    Security layers:
    - traffic : Comodo firewall FREE
    - data : antivirus ANTIVIR FREE
    - process : Antihook FREE to protect against DLL-injection, modification, mother-child related start up
    - registry : MJ Registry Watcher FREE
    - threat gates : GeSWall FREE to protect the gates of your PC
    (Internet, P2P, e-mail, floppy drive, DVD/CDRom drives)
    - data theft : covered by firewall

    Total installation time on average 3 hours
    Total cost, non all freeware

    Notes:
    1)
    In the Netherlands most banks use a token calculator besides a password user id to facilitate on-line payments. Theft of a password is useless without having the debit-card and a token calculator of that bank. Firewall protection outbound traffic are rather pop-up noisy and difficult to configure. Ashampoo firewall was considered, but slowed down the test system too much and still has some bugs. Easy setup of Ashampoo when improved would certainly qualify for normal users when improving these issues.
    2)
    Users got an instruction to disable PrevXhome when installing a known safe program (to keep the user refrained from pop-ups during install). PrevXhome has a bonus that it also protects against physical memory overflows.
    3)
    In the Netherlands most users have broadband ADSL. Nearly all service providers offer an e-mail virus scanner security, therefore ANTIVIR with its strong protection level, but without e-mail security qualified. To overcome the some times trouble some updates of ANTIVIR free, eight invisible updates are entered in the scheduler, spread across the day to guarantee updates of the engine and software
    4)
    Wireless is very popular in the Netherlands; most home users have a Nat-router. To help the advanced user, instructions were given to use WEP-encryption and Mac address control. Also service port 113 was sent into oblivion by redirecting it to a non-existent IP-address. When having a Nat-router with build-in firewall, Microsoft firewall was disabled to save processor load.
    5)
    Although ProcessGuard acts as an application firewall, advanced users were advised to use an encryption utility to store their sensitive files. Several alternatives were given, kryptus being relatively new and easy to use was advised (but this is arbitrary, because many free utilities do the job).
    6)
    Although most and very good security programs have a learning mode feature, the IT-manager decided to supply an installation script asking the user to start all safe programs once in a predefined starting order and select allow/remember and then lock learning mode. He (the IT-manager) did not like the idea of a two week learning period giving malware the opportunity to wrench itself in the allowed programs list. This arbitrary decision influenced the total installation time.

    Closing remarks
    - use IE7 was used as browser, because many music and movie download sites require internet to facilitate payment
    - use SpywareBlaster for additional bad active-X/sites protection
    - use Ad-ware FREE to occasionally check on spyware, During the testing period, ad-ware did not find spyware
    - use of a real-time anti-spyware programs was considered not necessary, due to multi layered defence
    - use a second opinion virus scanner from time to time (Bitdefender free)
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    do u have to spam that message? uve posted it several times.

    anyways heres a couple of questions:

    how were programs chosen for each group? (example: why do the normal and advanced user get defensewall and prevx home but the power users gets geswall and mjrw?)

    also, isnt prevx home discontinued?
     
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
Loading...
Thread Status:
Not open for further replies.