What is really sensible in terms of PC security?

Discussion in 'other security issues & news' started by q1aqza, Jul 29, 2004.

Thread Status:
Not open for further replies.
  1. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Let me explain a bit about my PC security history first. I was new to broadband (512K) September last year. I bought a wireless ADSL Router/Firewall (Netgear DG824) and I had NAV2003 (then upgraded to 2004). Right up until June this year I thought having a hardware firewall was the dogs dinner and also having NAV2004 I thought I was was indestructible!!. None of this messing around with resource hungry software firewalls and unheard of antivirus software and anti-trojan software and anti spyware software and etc, etc... I am also PC hardware and software literate but I must confess I am or rather was but still sort of, PC security naive.

    Before I continue, I don't believe I have ever had a virus. I haven't made the non techie mistake of opening email attachments that I don't know, recognize or requested and I alwatys check virus definition update and scan any downloads before I open them.

    Anyway, last month after a good internet surfing / education session I realised that even having a hardware firewall I still (ideally) needed a good software firewall to protect outgoing. So I have been using ZA but now in the process of evaluating / switching to Outpost Pro. I also learned that other AV programs were better and less resource hungry than NAV (namely NOD32).

    Now you are bored and wondering what is the point of my post. Well, since I have been looking into PC security I have been learning that in addition to a good software firewall and AV program (been trialling NOD32 with a view to replace resource hungry NAV2004) I also need a trojan scanner / realtime protector, an anti-spyware scanner and real time protector, a worm guard etc. etc.

    I'm just really confused as to what is total paranoia and needing to try to defend against everything or whether a hardware firewall (which I have) a software firewall for outgoing (Outpost which I'm learning more about each day and I think is brilliant) and an AV program (trialling NOD32 and will likely switch to it when my NAV2004 subsciption expires).

    As I am quite sensible, do I really need to run what seems like ten additional memory resident programs such as anti trojan / worm / spyware programs ?

    It seems some people on ths forum have about ten security programs running. I'm not criticising I would just like to know if these people are over doing it or whether I need to consider doing the same?

    As I see it, the only flaw in my security is that I use P2P occasionally (eMule).

    Just some good practical advice that doesn't need to me to spend a fortune on sofware is all I need.

    Thanks a lot.
     
  2. f123

    f123 Guest

    Avoid P2P if possible. Been using free AVs since 2000 (AVG, Avast Home). Turned-off the AV's full-time automatic protection. Manually checked for virus definition twice a week. Disabled windows explorer and internet explorer from ZA's program control list. I only use IE if Firefox cannot render poorly coded webpages.

    The e-mail scanner and Zone Alarm Pro 4.5 are loaded automatically during PC boot.

    Have never been hit by PC gremlins. Common sense and good PC housekeeping are your best defense against nasties. Also have a magic rabbit in the hat...it's called a working image file.
     
  3. I think you could get by ok with Outpost Pro and NOD32, but i would do as F123 suggests and switch your browser to Firefox, it's far safer than IE.

    Some other useful additions might be (especially if you keep using IE) SpywareBlaster (free), IE-Spyad (free), Spybot (free), Ad-Aware (free), A Squared (free), Regprot (free), and perhaps a good anti-trojan like TDS-3, Boclean, or TrojanHunter. Maybe a second (free) anti-virus, for backup on-demand scans only, would be good too. Hth.
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    With the amount of people walking in to my 2 shops with Viruses, Spyware and Browser Hijack related problems, I don't think it is paranoia having good security, it is just common sense.

    I use the following:

    1. Nod32 - Anti-virus
    2. Zone Alarm (free) - Visual outgoing alerts
    3. Spyware Blaster (free)
    4. Spyware Guard (free) - Browser Hijack prevention
    5. Spybot Search and Destroy (free) - if running the above 2 programs, should remain fairly clean
    6. Adaware (free) - same as above
    7. Script Defender (free) - Script protection
    8. System Safety Monitor (free) - Registry change warning
    9. File Checker (free) - Monitors important ".exe" files of various programs
    10. Mozilla Firefox (free) - Safer Web Browser - try some of the exploit tests in the "Polls" section
    11. Proxomitron (free)
    12. Ewido (free) - anti-trojan
    13. For email - Mozilla Thunderbird (free) - I don't use it because I only have Hotmail.

    This will give you a fairly tight system. Ultimately it comes down to safe practices, still, it is always best to practice and think of safety, otherwise it will remind you and it won’t hold back in doing so... it's a bit like gravity, very unforgiving...

    Hope this helps...

    Cheers :D
     
  5. q1aqza

    q1aqza Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    312
    Thanks for the replies. I do have clean ghost images available on an external USB2 hardrive which only gets powered on when I need to retrieve anything stored on it.

    I hadn't heard of Firefox until I joined this forum I'll give it a look. I did forget to mention that I have used Spybot Search and Destroy for quite sometime now.

    Blackspear, I'm ditching ZA and NAV to get away from resource hungry programs and really wanted to avoid having lots of other programs running and using up system resources. All those programs you mention, are they all memory resident and what sort of impact do they have on system performance?
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I have a fairly powerful system, so not really thought about it, however here is a shot of my task manager.

    Hope this helps...

    Cheers :D
     

    Attached Files:

  7. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I don't think it would be paranoid to add a few programs for security reasons.
    Switching to Firefox and using a good antitrojan program are good ideas IMO.
    I always use two spyware scanners.Spybot and Adaware work good.What one misses the other may catch.

    Better safe than sorry. ;)
     
  8. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Indeed, getting some of the free programs certainly won't hurt. Ewido and a squared are a couple of free anti-trojan programs (non resident), spybot s&d has some resident protection that might be good to run (minimal footprint, never noticed a slowdown), getting Ad-Aware and running it once in a while is certainly a good move, and Spyware Blaster (free, non resident) is a life saver. If you really don't have much of a problem with malware, you can probably get by without running any other resident protection. It's really up to you and what you need.
     
  9. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
  10. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia
    Well, as I am concerned, firewall is the one and only trully important thing. I like minimalism, so you bet, I don't like to run too much processes. I also disabled all useless services (uhm, like 20 of them, see below, I posted a complete list) to lower resources consumption. I also think more processes running, more chances for conflicts between them. Here I posted few points I cut from my posts from Wilders and other forums ...



    1. I also started using Firefox few weeks ago, though, on the other hand, I already made IE preety safe with disabling many options in Internet Options -- Advanced, various security related modifications in gpedit.msc, and various additional registry hacks (additional policies restrictions and others), disabled more than 20 useless, and few of them quite dangerous NT-services (I know what I am doing, using single-user PC, on dial-up ...), see below ...


    And beside Firefox (as safer browser), I use many security related applications.

    -- a.) xp-Antispy app (also commandline version available), and especially small, compact (all these pages contains many different apps, and also most of them are "non-setups"), like famous Merijin's apps, Roadkil's apps, apps from Pertinax - Securitysoftware.cc, there are just too many to be listed here.


    -- b.) And additionally others, which "patch" many security holes, for example to also list some of them, I just need to mention mostly 10-30 KB, coded in assembler apps, from GibsonResearchCorporation, especially the most important are XPdite, UnPnP, DCOMbob, NoShare, Socketlock, ShoottheMessenger, etc.

    /EDIT: Though, I always disable Messenger service already from services.msc, beside other useless NT-services, actually quite many of them possibly dangerous, here is the list I made for this occasion:
    Alterer, ClipBook, Indexing Service, Distributed Link Tracking Client, IPSEC Services, Remote Registry Service, Messenger, Remote Desktop Help Session Manager, Secondary Logon, Smart Card, Smart Card Helper, Themes, Wireless Zero Configuration, Automatic Updates, Fast User Switching Compatibility, Error Reporting Service, IMAPI CD-Burning COM Service, Print Spooler, System Restore Service, Volume Shadow Copy, Remote Access Auto Connection Manager, Human Interface Device Access, SSDP Discovery Service


    -- c.) And finally as the most important, I am using SpywareBlaster, and ZoneAlarm Pro firewall (version 4.0.146.029, for me the best and surely one of last non-bloated, and "resources fiendly" versions)

    Uh yeah, and that "futile" (joke) thing called antivirus too (one that suites me the best is CA EZ eTrust Antivirus, version 6.1.7.0, but slowly moving towards actually not using antivirus at all, but that's for another topic maybe ...)


    If maybe you are interested, please, see my debate with users on Winforums, about using Microsoft's pathes or not (well, if it is neccessary for my particular case, i.e., dial-up connection, home-user, with quite good understanding of all this security related stuff)



    Here is a link (my nick there is satyr):

    Do we really need software updates?




    2. About all that anti-spyware (not "cleaner-oriented", like Ad-aware, or Spybot), but those "real-time" oriented (program execution, and other file-access monitoring), like for instance Spysweeper, or SpywareGuard, that I used and run for some period - they are completely useless, at least in my case.

    I ran Spysweeper in past as mentioned (cause of its real-time monitoring thing), also SpywareGuard and all, but in the end (running for more than few months), I noticed - in all that time, they didn't prevent ANYTHING ...

    Because Spysweeper - is not needed at all, cause of both, my firewall (cookies filtering) and my antivirus (worm/trojan execution), SpywareGuard - also not needed, cause of antivirus (worm/trojan execution - my "powerful" CA EZ eTrust Antivirus, see above)




    3. As far as Ad-aware and Spybot S&D sotware:

    I used (and huh, installed previously) both for occasional scanning on my previous Windows installations, but I actually do not use them anymore, at least I haven't installed it yet, on this Windows installation. Why ??
    CAUSE IN THE END, THEY DIDN'T FIND ANYTHING ALMOUST ONE YEAR (uhm, exept few "spyware cookies, I can simply manually delete those)




    4. I consider myself kind of "amateur-computing-professional", so belive me, I know very well what is running, what is installed, what is set to run at startup, etc., etc.

    I use various tools from www.sysinternals.com (from Mark Russinovich, all "non-setups", no installation required, just .exe, the "form" of programs I prefer) ...

    For example, with TCPview I can monitor and close process, connection (by process which established it) so by separate connection line/entry in its UI (each process usually has manny opened for you to imagine what I mean), so each two endpints, don't know. And there are also TDImon (monitors: activity at the Transport Driver Interface (TDI) level of networking operations in the operating system kernel), Tokenmon (monitors: Logon/logoff, Enabling/disabling privileges, Impersonation, Process creation/exit), and especially Regmon and Filemon, and many, many others.


    Not to mention Mark's command-line programs, though they are not so "security related", rather system in general)




    5. Further, as I already mention I am actually seriously considering not to use AV at all (since "great" developement of my knowledge I hadn't any virus any trojan/worm (only those I saved from e-mail attachments to encrypted folder for "personal archive"), or whatever malware thing - ZA java/ActiveX, MIME, and other cookie/mobilecode and adds control prevents all). Though CA eTrust antivirus is preety stron antivirus software. It is enough browing through directory containing virus or worm, and it catches, it, and alerts me (I set it to deny access, and not to clean/desifect, or delete it), so no need for actual execution of that particular malicious file.



    That's my point of view, for my particular situation, cheers





    PROCESSES CURRENTLY RUNNING (screenshot from TaskInfo2003):

    http://users.volja.net/tayiper/TaskInfo2003



    /EDIT: For some reason the screenshot disappeared. For admins to moderate it, I think the size wasn't the problem, cause one other use posted pic aprox. same size ...
     

    Attached Files:

    Last edited: Aug 5, 2004
  11. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Curious, how did you manage to open two separate processes of Firefox ??



    I trully miss this "option" from IE (since in case of browser crash, not all instances would be terminated).

    In case of IE, if you executed new instance from inside one IE window, new thread was created in that particular process, so each IE window was one thread with text from IE caption inside, or better part of that process). But if you executed process from its shortcut or directly from its dir with iexplore.exe executable, then new process was created.


    In Firefox's case (at least in my case), there is always only one process with only one thread showing text (in windows title) and only from that window (instance) that has currently focus on it, nomather if open it from existing Firefox window, or if you open it "fresh" as mentioned with shortcut, or original executable.



    /EDIT: Well, in last case new process is surely created, but exits in 1/2 second, and that new window is somehow "injected" into existing process (again, not as new thread, but invisible, till you focus on it)



    Cheers all
     
    Last edited: Aug 1, 2004
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
  13. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Wow, Blackspear. That's an impressive list. :eek: A couple of questions, if you don't mind.

    1. I've heard a lot of good stuff about Script Defender. :), but I'm not that familar with it. Not sure if your familar with DCS's Wormguard product, but it offers protection from scripts. Since I use Wormguard, do you know if Script Defender would offer any additional protection for me?
    2. Never heard of FileChecker. Do you have a link? I would like to check it out. :) I'm wondering if by "Monitors important '.exe' files of various programs" you mean it monitors the checksum of these files. If so, I've already got that base covered with DCS' Process Guard.
    Thanks!
     
  14. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    @ stalker, WOW! After reading your "MASSIVE" first post in this thread, I like your purist approach to security, much like mine, though more than one friend of mine. Ageed, few but choice is the way for me, and obviously what others are comfortable with. Your mentioned choices, small size, non-installed, and do what they say are good practice (those GRC apps."R" tiny).

    Bare-Bones minimum would describe a friend of mine. He's been around since "pong" was on the drawing board, DOS versed, and extremely versatile. His "ONLY" app, Norton AV, "PERIOD!" Just gets on a non-updated XP (NO UPDATES) and off he goes, not a care in the world. I've observed this behavior for over a year now (I'm sure there's some stuff on the system) and am still amazed.

    Which leads me to a silent conclusion. I sense within him a confidence that no matter the problem, it "WILL" be resolved. I know the command prompt is something most of us have gotten away from, but I frequently see him executing something on the command line.

    Does anyone here use the "command prompt" for security or recovery?
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    http://www.javacoolsoftware.com/downloads.html
     
  16. stalker

    stalker Registered Member

    Joined:
    Jan 19, 2004
    Posts:
    152
    Location:
    Ljubljana, Slovenia


    Well, me. A lot. Many, many "sorts" of cmdline-utils. I am kindda obsessed with them, lol ...


    Though, more for security, rather than recovery. I didn't have need to urgently recover anything, cause of "smart" backups, I make in reasonable sequences, and all ...


    P.S., If you wish, I will post links to favorites somewhere on this forums in few days, if someone else beside you is also interested, but also see my home page (a bit outdated)



    For recovery, I would deeply recommend these applications:


    1. One of the best "undelete apps", from www.sysinternals.com (which basically catches deleted files):

    FREEWARE - FunDelete Bin (it works on all NT-based systems, so only on NT/2k/XP/2k3), from:

    www.sysinternals.com/ntw2k/source/fundelete.shtml.
    Fundelete Bin, as mentioned simply plays the same role as one of Norton Systemworks 2002 Utilities, called Norton Recycle, but much more powerful, cause it catches files DELETED FROM INSIDE programs, meaning those deleted by user-request, and various .tmp, temp, .cache_01 and other files, created and deleted during some operation/processing (of course you can exclude those), and as the most important - it is the only program that catches files DELETED FROM COMMAND-LINE PROMPT.

    The author is Mark Russinovich, one of Windows OSs experts (especially NT-systems related stuff), great software coder, his tools are also available on Microsoft Knowledge Base articles (look at

    www.sysinternals.com/ntw2k/information.shtml, but I am sure he , and few good books (like Inside Windows 2000, 3rd Edition, and many others)

    So, anyway I simply trust his software the most.




    2. But for "real recovery" you should rather try:

    FREEWARE - HandlyRecovery from www.handyrecovery.com
    It works different. It rather scans the drives and find also partially deleted, recover from free-space, etc. It is also very relable. You can belive how many things are "left-behind" !!

    You can get it at:

    http://www.handyrecovery.com/index.shtml



    3. SHAREWARE, Filerestore app, note that this site is somehow related to Sysnternals, only that it offers mainly shareware apps.:

    http://www.winternals.com/products/repairandrecovery/filerestore.asp



    Greetings
     
    Last edited: Aug 1, 2004
  17. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I think the list should cover most things for my system :D

    Script Defender found here:

    http://www.analogx.com/contents/download/system/sdefend.htm

    Script Defender will intercept any request to execute the most common scripting types used in virus attacks, such as Visual Basic Scripting (.VBS), Java Script (.JS), etc

    File Checker - more info here:

    http://www.javacoolsoftware.com/filechecker.html

    I think your Diamond CS products will protect you as well if not better ;)

    Cheers :D
     
  18. Dazed_and_Confused

    Dazed_and_Confused Registered Member

    Joined:
    Mar 4, 2004
    Posts:
    1,831
    Location:
    USA
    Oh. That FileChecker. I admit that I don't get over to the JavaCool forum as often as I should. :rolleyes:



    As I suspected. Thanks!
     
  19. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Didn't mean to take you off topic stalker (though pick-ed up on that command line thing of yours). ;)

    Again, most of your security apps. of choice seem to be encircled around that "Bare Bones" approach I spoke of, as you mention possibily a "PRO" reduction (PRO here meaning protection). Sounds good. I recall reading about software hype & bloat being pitched around (also recall my friend telling me "Their in the business of selling") as to what this and that will do. But hey, that's no problem, goes back to what people will feel secure with.

    Well now, not to sure bout that. Is security the wall around the city, with hapless victims inside, or can the configuration of the system be employed to deal with weaknesses and faults of the "WALL?" (Your objective?)

    Tell me stalker, are you a man of "The Batch? (Got a funny feeling you could share some neat things here). :blink:
    I would like to ask a question of you at this point: Can ActiveX or Java be directed by "Batch", and if so, do you utilize such functions?

    I'm a trusting soul stalker, but do you know anything about "The Sandbox?"
     
  20. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    @ Blackspear, if you had to knock that list down to three items (Not counting your scan only utilities), what would YOU consider the most important?

    Don't know much about proxomitron other than what I've read, seems to be rather adjustable. If you could have more options for this one, what would you like to see added?
     
  21. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    1. Nod32 Anti-virus
    2. Zone Alarm
    3. Spyware Blaster
    4. Spyware Guard
    5. Spybot Search and Destroy with Tea Timer activated
    6. Mozilla Firefox
    7. Proxomitron with Filters, I'm using Kye-U's found here:

    http://www.kye-u.com/proxo/forums/index.php?showtopic=131&st=0#

    This would be my minimum setup if I had no choice, which I can't see why I would be in that situation, as money would not be a factor (only paid item is Nod32).

    Cheers :D
     
  22. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    @ Blackspear , I was looking for your point of view on defence priority, not money matters. Earlier you mentioned people with problems coming into your two shops and figure you've been around long enough to have gained some good experience. Just curious.

    Say, that Prox/forum link you dropped had runs to some resources kye-u used for his filters, and one was here at Wilders.

    "YIKES!" Had no idea. Quite the adrenaline "HIT!"

    Thanks for the feed ...
     
  23. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    My pleasure GF, like I said I run all of the above, and it works really well, I like a stable system, and don't want to go over the top...

    Cheers :D
     
  24. Ronin

    Ronin Guest

    Regardless of who you are, how knowledgable you are and what you are currently using ,can anyone really disagree that the correct answer to the question "What is really sensible in terms of PC security?" isn't "More than what you have now!"

    :)
     
  25. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    @ Ronin , that could certainly be said. I look at this thread topic merely as a cross-reference and to hear the opinions of others, with more or less experience.

    Not more than you think you need, I suppose will do.

    To quote Blackspear, this is a viable opinion as any (and works for me also).
     
Loading...
Thread Status:
Not open for further replies.