What is the best security setup?

Discussion in 'other security issues & news' started by Macguyver, Sep 5, 2006.

Thread Status:
Not open for further replies.
  1. Macguyver

    Macguyver Registered Member

    Joined:
    Sep 4, 2006
    Posts:
    5
    Hi guys I was wanting opinions about the best and most effective programs and combinations of programs that provide the most secure computer possible at the present time without too much resource use or expert knowledge needed.

    I'm a pretty average computer user myself but from what I've read please include(if needed):

    *Firewall
    *Antivirus
    *Antimalware
    *HIPS
    *Proxies
    *System hardeners
    *Any other programs required for maximum security

    I'm looking for the optimal setup and I bet some of the pros in this forum can formulate a lethal combination to knock out the security threats that linger in the darkness.
     
  2. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    Firewall: Router (Zyxel P334) + Software fw (there are numerous free ones. I'm using Sygate until a find a replacement).

    AV: Avast

    Antimalware?: You mean antispyware. Ewido

    HIPS: Don't use it

    Proxies: Proxomitron (don't use it because of Sygate)

    System hardener: HostsMan, Spywareblaster, ID-Blaster Plus & Windows Worms Doors Cleaner

    Any other: Run a limited account when accessing the Internet, Sandboxie, Browser - Firefox with numerous extensions (adblock plus, no-script, user-agent switcher, Dr-Web anti-virus link checker, no referrer, etc., etc.) & common sense.
     
    Last edited: Sep 5, 2006
  3. herbalist

    herbalist Guest

    There is no single best setup. The best security package is one that matches your skill level and is compatible with your OS and software.
    As for your list, A firewall is a necessity. It's one of the most important parts of a security package, IMO more so than an AV. If you ask which is best, the replies will name most of the better ones. I'm partial to Kerio 2.1.5, an older rule based firewall that's very light.
    HIPS applications are one of the best security developments around for Windows. Long overdue, real security that doesn't rely on constantly outdated signature or reference files. I like System Safety Monitor, a very powerful and highly configurable application. Proxomitron is well worth looking into, but not the easiest program to work with. Properly configured, it can serve as a script blocker, popup blocker, ad blocker, and much more. There are packaged configuration files available for it that are pretty effective. The more you learn about how it functions, the more you can do with it.
    Regarding anti-malware and anti-spyware apps, a well configured HIPS can make these unnecessary. I'm also convinced that HIPS can replace a resident AV, provided the user configures it well and makes informed decisions as to what is allowed to run. That said, HIPS is not a replacement for an AV scanner. While a HIPS app may prevent a virus or malware infected file from attacking your system, it doesn't stop you from sending it to someone else, such as an infected e-mail attachment. Depending on the HIPS application you choose, you might also want something to protect your registry. System Safety Monitor does this as well. Proxies are more for enhanced privacy than security. I use one occasionally but not for normal usage. System hardening is always desirable. Other items you might want to look at are file integrity checkers and file system monitoring apps. A secure file deletion app like eraser is also very useful for keeping temp files, the browser cache, etc cleaned out. Something to control what scripts are allowed to do is also useful. I like Script Sentry for this purpose. If keeping your files private and unavailable to others is important, you may also want to look into encryption software, both for your file system and for e-mail.
    It isn't hard to go overboard with security applications. Anti-spyware and anti-malware apps are the ones this most often happens with, since none of them detect everything. All of them together don't detect everything.
    The best way to start a security package is to begin with your core software. I consider the firewall, HIPS software, and Proxomitron to be the most important parts of my package, with the rest having supporting roles. A lot of people also consider the AV as part of their core system. HIPS controls what is allowed to run, and depending on which HIPS you choose, it can also control what each executable file is allowed to do and what else it can start. System infections are either running processes or are installed by a running process. If an infecting process can't run, it can't infect you, which is why I consider HIPS to be part of my core security. Other people don't consider HIPS to be that important. You'll have to decide on that for yourself.
    Rick
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    very good post herbalist :thumb:

    anyways heres what i use:

    Firewall - looknstop

    Antivirus - nod32

    Antimalware - ewido

    HIPS - prevx1

    Proxies - proxomitron

    System hardeners - windows worms doors cleaner, harden-it, bugoff

    Any other programs required for maximum security - nlite, peergaurdian, extensions for firefox (javascript options, permit cookies and siteadvisor)

    in addition, i also disable any unnecessary windows services
     
  5. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I'll suggest a few programs that I have experience with and hold in high regard.I won't say that any of them are the "best".Opinions can vary with different individual users.

    AntiVirus
    Avira(AntiVir)is a free a/v program.They have a Premium version that may be very good too.

    Firewall
    I like Comodo.It's easy to use and gets "Tru Stealth" at Shield's Up.

    Antimalware
    BoClean:thumb: Worth the $.
    Free scanners like Ewido,A-Squared,and SUPER Antispyware are good options.
    Spyware Terminator is fairly new and free.It has a scanner plus real-time monitoring.
     
  6. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    I'd stay away from this application. It is linked to spyware.

    I actually had pop-ups via IE in the start menu linking to Sniff'em (another product promoted in the page where I downloaded Harden-it) which kept on coming back even though I got rid of H-it. I ended up uninstalling IE and now everything seems fine.

    Here's McAffe SiteAdvisor analysis:

    http://images6.theimagehosting.com/0.f4f.th.png


    http://images6.theimagehosting.com/1.751.th.png


     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the product itself has given me no problems, so ill stay with it. i dont care about the website.

    as for bugoff, i may consider just keeping it on my dads computer since he does use IE.
     
  8. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    First and foremost...get behind a router. I flat out will not support any home users PC that is not behind NAT.

    If a PC is plugged directly into a broadband modem that is in pure bridged mode..that PC will have a public IP address. And be subject to all the bad "noise" from the internet...all the bad stuff out there.

    Do not leave your Administrator account with a blank empty password.

    Run all Windows updates.

    Run a top quality antivirus program. Now..here's where all the opinions turn more into who favors what, "fanboy" stuff, where most people figure what they're running..is what's best. Several good options here. Similar to anti-spy and anti-malware programs, and which browser to use.
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    so u recommend even users of a standalone computer shell out for a router (with firewall) even if they dont need a router?
     
  10. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    A router is the foremost layer of defence against external intrusion. Compare it as the bricks of the house.

    A single home user in here, and you still need it.

    Know some users who don't even have a software firewall, others just the built-in Windows one. If I wasn't a P2P user I'd completely prescind of one.

    Regards.
     
    Last edited: Sep 5, 2006
  11. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    YeOldeStoneCat,

    So,you recommend a router for single home pc on dialup?
    I thought that was not neccessary.
     
  12. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Router: D-Link DI-624

    PC firewall: Usually Outpost Pro 3.51, but trialing Comodo 2.3.4.45

    HIPS: System Safety Monitor free

    Antivirus: NOD32 with antispyware detection on

    Pop-up/ad blocker: Ad Muncher

    Browser: Firefox 95% of time

    Also using Ad-aware for on-demand scanning.
     
  13. aroon7651

    aroon7651 Registered Member

    Joined:
    Aug 30, 2006
    Posts:
    4
    {firewall} {Anti Virus} Kaspersky internet security 6.0.0.303e

    {Anti Spyware / malware/} Spyware Doctor 4.0 / Ad-Aware plus/eTrust PestPatrol
     
  14. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    For dialup, no since you don't have an always on connection, and it is difficult since most cheap grade routers only have ethernet ports ;)

    Cheers,

    Alphalutra1
     
  15. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    If you always run as admin on Windows XP, what is the protection benefit against online, not local, attackers?
     
  16. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Yes...I don't like any end user PCs that have a public IP address. A NAT router takes away sooooooooooooooooooooo much of the garbage that flies around the internet. It shields a computer from all the noise out there...without it..your PC is bombarded within seconds of being online..if it has a public IP address.

    Those of you on this forum who, like me, work on computers for a living...I'd wager a few pints of Guinness...that would notice a trend...PCs that happen to be plugged directly into a broadband modem, having a public IP address, seem to always be infested to a greater degree. Oh sure there are a couple here who will disagree just for the sake of disagreeing..but I'd wager the silent majority are nodding in agreement.

    This is not to say that you cannot have a computer on a public IP address..and be safe. Sure you can. But it takes quite a bit more work..that machine has to be 100% locked up tighter than a nuns butt the second it's plugged in. And it requires more frequent attention..because you're relying on software to protect you. And software can break. Software can have vulnerabilities. Software can be more easily defeated.

    A router, by default, it's a brick wall. You can take your brand new PC...plug it in...and safely begin your windows updates, installing your AV, other precautions..and begin to use it rather worry free.

    They're dirt cheap these days...picked up for practically pocket change. It's such a reliable first line of defense...stopping the majority of problems at the front door. Stopping all the attacks on the PC(s) that the user is not in charge of. The rest of the PCs health..is in the hands of the user. Needs the user to intentionally do something now to infect it. IE visit bad websites, use P2P file/warez trading software, inappropriate e-mail handling, etc.
     
  17. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    A lot of problems can hit your PC assuming the Administrator password is left <blank>. I'm separating this from local user permissions..that's a whole separate issue that boils down to end user awareness. From some worms, to the most amateur script kiddie...take a PC..leave the Administrator password blank..and go plug it directly into a broadband modem, or stick it in the DMZ of your router. Wait a little while. After a short period of time..check out that PC...I'd love a penny for every person that had full access to c$ and remote registry service and during that time period.....I'll go by myself a nice new BMW Z8.
     
  18. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks YeOldeStonecat.
    If you take that same PC (with no router or hardware/software firewall) and instead put an admin password on it, it will still get infected, only not as fast?

    If computer is in DMZ do you recommend running as LUA (Limited User Account)?

    What is the best (bang for the buck) NAT router that you've seen with a dial up modem fall back that would be good for average home users with dial up now who might later get broadband?
    Or do you not recommend using these routers on the fallback dial-up as primary connection (maybe because the fallback doesn't work well)?

    Here's one example:
    http://www.b2net.co.uk/multitech/multitech_routefinder_dialup_router.htm
    tech specs:
    http://www.superwarehouse.com/ROUTEFINDER_4PT_10_100_SWCH_2PT_RS233_WAN/RF102S/p/51135

    I haven't seen any strictly dialup routers since the old WebRamp.
    Are there still dial up only NAT routers made?
     
  19. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Here the the best setup with the smallest hit to system resources.

    1. Nat routing of your internet connection with all ports ghosted and firewalled.

    2. Browsers / Outlook sandboxed (sandboxie)

    3. Web based AV to check downloaded files/ weekly check (trendmicro is good)

    4. Antispyware scanner to clean you system after excepting necessary cookies for gmail, ect.

    I know people on this board will go craZY telling me you need outboand protection via a software firewall. Firewalls have a variety of ways to be circumvented.

    1-4 will provide more then enough protection, and at no cost to system resources. The sandbox will also kill the need for realtime spyware/AV.

    The best Security = 1 - 3 + Process control. A bit more obtrusive, but in my opinion worth it. Ghost Security is what I use and Appdefend has network control. Other good process guards are process guard and SafeNSecure.
     
  20. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  21. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    This is only preferences....just my preferences as to what I want to support.

    Honestly..technically being on dial up, you're still at risk from many of the things out there. IMO, it's not a matter of how long you're on a certain IP address. The hackers out there run a scan and pick you up..doesn't matter of you were on a different IP 5 hours ago, or you'll be on a different IP yet again tomorrow..the fact is..you're on a public IP RIGHT NOW..and picked up. Now..dial up, painfully slow access to a PC, they'll move onto easier targets..most likely. But the other part, actually a big part, of my point is...when there's stuff spreading like wildfire across the internet..some new worm that exploits a new vulnerability in Windows for example. Some DCOM or RPC exploit. PCs with public IP addresses are potential targets.

    Someone will say "But I have a software firewall...that protects me, right?" Yes...they do. But..IMO...it's software you're relying on, potentially it can stop as a service, potentially it can be exploited by something (Symantecs has had a few exploits that drop it)...it's not 100% worry free. IMO..a router is, by default, must more 100% steel door blocking everything. I prefer NAT.

    Dial up routers...yeah I remember those WebRamps...I've setup a half dozen or so of those years ago...had some models that supported 3x modems 'n stuff..Multi-Link or Colt style. 3COM also makes similar ones, naturally using their own modems internally, I've setup a few of those. OfficeConnect LAN modem or something it was called..dunno if you can still purchase them new, bet you can find some onf Fleabay. There is a wireless dial up router also, WiFlyer...currently in production.

    Broadband routers with dial up for backup...last one I saw was an SMC model, which I can't stand anyways...so I don't have any rec's there.

    Admin vs Limited user account...this will perpetually be up for debate. It has nothing to do with securing your PC from outside attacks if you're on a public IP or even on a large LAN (such as a college network). If you're logged into a PC with an LU account, and you leave your PC with a blank admin password...and if I can get to your IP address..and you don't have a software firewall...your PC is mine. The LU account only cuts down on the potential damage that current user can do to that PC during their logged in session. IMO good from keeping the little kid from hosing a PC as fast as he can...but not good for much else, I don't practice it...and since I support SMB networks for a living..all of them are networks that have users with local accounts that are in the local admin group out of necessity..but I have the PCs comfortably protected IMO and maintained..and I don't get issues.
     
  22. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,699
    Hello,
    Windows-wise:
    Best security setup - adapted to your needs.
    That said, you just need a nice firewall and Firefox (with some magic dust added). Everything else is perks.
    Mrk
     
  23. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thank you for the answers and explanations YeOldeStonecat! :)
     
  24. tlu

    tlu Guest

    Sorry for sounding rude - but this is ridiculous. Everybody interested in this topic should read what Microsoft is saying about this including the links therein, especially Aaraon Margosis' Blog with his MakeMeAdmin approach.
     
  25. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    Simple.

    NAT route your internet connection w/ all ports ghosted

    Use firefox for surfing with Javascripting turned off

    Some sort of process control (ghost security, ect)

    Sandbox your browser (sandboxie, greenborder, ect)

    Run Browser/ Outlook as a limited user, using DropMyRights

    Sandbox your POP mail and set mail viewing preference for Rich text (not HTML)

    Dont download "free software"

    Use Online virus scanning like trendmicro to do weekly scans.

    Keep patches up to date.

    The security setup I have described I have been using for over a year, w/o getting even 1 virus/ trojan/ ect. I do use a couple of spyware scanners, but all they usually come up with are tracking cookies which I have now taken care of with the sandbox. This setup will have a fractional impact on your system in terms of memory/ cpu time.

    Dont believe the hype that you need a high impact firewall/ AV/ realtime spyware scanner to remain safe. Just a scare tactic to to sell product.
     
    Last edited: Sep 22, 2006
Loading...
Thread Status:
Not open for further replies.