What is your security setup these days?

Hi, Osaban

I am nearly the same as you, I have all the above, but am trying out Tiny FW on XP x64.

So mine would be:-
ShadowUser [will not work with x64]
NOD32x64
Tiny Firewall 2005 x64

So it just two:-
NOD32 x64
Tiny firewall 2005 x64 [but this might be said to be to many very strong tools in one App] when I have learned how to use it to if full strength.

Take Care,
TheQuest

 

Only 3?

Outpost 3.0 Pro FW
Defensewall HIPS 1.53
Antivir 7 PEC (free)

And thats safe!

Best Regards

 

My setup below. If only three, I would remove Ad-Aware.

 

Hey yahoo are you going to upgrade to KAV 2006 or not? In my opinion , its much better on resources, but the only drawback is the little annoyance on loosing a bit on the browsing speed due to the new web scanner.

dja2k

 

Most likely, I will. It seems that they have not made a final/official release of the 6.0 version yet. So I am going to wait for a while.

 

Yeah agree, but it should be improved when MP1 comes out.

 

Personally I think KAV/KIS 2006 is not good enough yet, the HIPS definitely still needs some work. At the moment it can´t even properly prevent a driver/rootkit from loading, plus the pop up alerts need to be changed, they are IMO not clear enough. I will probably also have to dump ZA Pro, the biggest problem is that you can´t fine tune the HIPS and it´s also giving me problems with VMware Workstation.

 

F-Secure IS2006
BOClean 4.21
ewido full on demand only

laptop:
NOD32
Kerio 4.2
Online Armor

 

I got a question for you guys...

If I want to setup a computer with good security, but not harden it that much cause he doesn't like things not to work normal like IE, what would you install. I know he is one of those that uses the web with no regulations and might go to bad and explicit sites, but he doesn't want to harden his system cause he doesn't know what to do if something doesn't work right. He doesn't like HIPS either, he gets annoyed with the popups; I know he is weird and wants to be safe even without that. If I do install HIPS, he is one of those that would click allow to all.

I was thinking as a minumum

Antivirus (kav or nod)
Antitrojan (boclean or ewido)
Firewall (look n stop or outpost)

If I was to install an antispyware to be active, which one? (spyware doctor, windows defender, etc ?) Memory usage for him is no problem, he has enough RAM.

What else you think I can install to protect him without annoying him?

dja2k

 

dja2k,

Don't think of your first throw down (AV/AT/firewall) as a minimum configuration, it's not. For many users, that should be a maximum.

If you don't want to annoy him, I'd probably suggest (KAV or NOD32 - doesn't matter in my book)/BOClean/LnS. If you/he really wants AS coverage (that should really be taken care of by the AV/AT), I'd probably lean to Outpost as the firewall since the current does have an AS module in it. Although that would be my personal recommendation, all permutations for the three product classes you list are absolutely fine - I use/have used all six at various times

Blue

 

Now that I think of it, wouldn't Looknstop and Outpost be hard for a casual user to learn with all the popups. See this is what happens when I am used to something and then try to put it in others, they just don't feel the same as I do.

What do you think of just putting a dedicated AT and just one of those Internet Security Suites? Maybe Bitdefender's or F-Secures? I would install KIS 2006 without the extra modules , but its not final yet.

dja2k

 

looknstop would have less popups than outpost, but it is also more troublesome to setup p2p, games, and apps needing rules.

why not use ZA free? its easy to use for newbies and it doesnt include the OSFirewall included in paid versions.

i think F-Secure IS would be enough. having the KAV engine, it already has strong trojan detection.

 

Yeah I know about the different firewalls and I agree with that about the popups. I too have used zonealarm and its great for beginners as they only have to answer one popup per app. Looknstop and Outpost are different though as I would think they will never know how to setup the rules in them like we do.

I think I will make him purchase F-Secure Internet Suite as it also has some Antispyare Protection backup by KAV engine. I don't know on this one though, but I don't really think that adding Harden-it to his setup can hurt as it is tranparent hardening. I am not for sure adding any of secure-it, samurai, safe-xp, etc., as that is too much hardeing for his taste.

I am pretty sure he will be just fine with F-Secure Internet Suite. Never used it though, but other people here say its good.

dja2k

 

I have LnS on a number of machines in application filtering mode only. Pop-ups are dealt with on a "do you want this application speaking to the outside world - yes or no" basis. No need to delve into the details of the communication protocol, etc. I realize a number of folks will view this as fraught with risk. I view it as denying only the "known to be an exception" (which would be an unknown application)

Actually, this is more difficult to answer than it should be. The newer suites are adding various implimentations of proactive defenses, HIPS-like functionality for lack of a better terminology. The primary issue with behavioral approaches in general is that, in contrast to current AV's or AT's where a false positive is clearly an exceptional and infrequent event, most activities flagged by these modules are benign operations that could be used for nefarious purposes if the originating process were malware, but that is generally not the case. In that sense, the alert world is turned upside down - most alerts are basically "false positives", while a few are genuine issues.

So..., if critical goal is minimizing annoying alerts (as opposed to ones that are actual problems), I'd be rather cautious in the selection of a suite. As functionality is added, not only does the program get larger, but the volume of alerts often do as well. KAV/KIS 6.0 is rather nice due to the granular install procedure. Modules do not need to be installed if not desired by the user - don't want the Proactive defense? Don't install that module. I've not used BD or F-Secure so I can't comment directly on those products.

With respect to dedicated AT, top tier AV's, which includes all the options you mention, handle trojans rather well these days. I don't use an AT because I feel my AV is necessarily wanting in AT coverage per se. Rather, I continue to use BOClean due to its implimentation as a memory scanner, which is basically a complementary detection mode that is useful in some circumstances. It doesn't hurt that it is about as set-it-and-forget-it as possible, so to a user it is extremely transparent.

My test partition is currently configured with KIS WS 6.0 (latest build) with the Proactive Defense module not installed and BOClean. It is a fairly quiet pair that do get along well. I still need to tweak KIS's settings for performance, I hope I can, it does lag in some circumstances.

Blue

 

I agree with you blue 100%, but I know they said that KIS built 299 is somewhat final, do you think it is enough and safe for my friend. Knowing him, with the popups of the antihacker, he will probably allow all activity, which would not be safe right? For us its different as we would probably implement rules.

Reading around on F-Secure, yes I think it has too many modules installed by defualt that would maybe block installations for him I think.

dja2k

 

dja2k, heres a thought. what of u used a sandbox on his browser? iirc, sandboxie (paid) can automatically sandbox said browser and u can configure automatic cleanup of the sandbox. bufferzone is another alternative. download.com has various versions of bufferzone that work only on specific apps.

as for f-secure, maybe u can try ZA + some AV like KAV or G-DATA AVK instead.

 

Well, there is always that beta proviso, but I've not seen any issues myself even from the first builds I looked at starting from June 2005. So yes, I'd say it's likely safe.

Practically speaking, I've not found this to be a problem for the vast majority of users. Keep in mind, while many dwell on malware to the point that it may seem to be an immediate threat that dynamically shifts for us on an hourly basis, that's really not the case. For a user prone to a default-allow ethic, they're basically relying on the detection/heuristic performance of the AV to work well, which is often good enough with a top-tier AV.

Blue

 

I will install KIS without the extra stuff, just KAV + Antihacker and go from there. If he wants more protection, I will make him buy boclean too. Thanks Blue and WSFuser for the replies. People these days aren't easy to convince on what software what is good\safe and what is not. For me, I don't care, I use betas without a problem and I love HIPS as an extra protection. I always love using new software to see what it offers and if it goes wrong, then there is always my retore backups.

dja2k

 

Okay now that is that... As for hardeing without much impact on him, what do you think? I still want to do harden-it, what do you think? He is a reckless internet freak with no security knowledge. He uses a lot of p2p like shareaza, limewire, and bittorrent cliets. I don't want to install secure-it nor samurai. Maybe a good idea would be to just turn off unused services and that is it. I of course have more hardeing and some of it is an impact on features, so definately not for him.

dja2k

 

I generally don't recommend manually turning off "unused" services since, in some instances, a supposedly unused service is expected to be available by some programs and reversing things can get complicated unless good notes were taken and saved. If you want to go that route, use an approach which is readily available to track and undo was has been changed, for example, by using the configurators mentioned by Notok, say SafeXp or SecureIt.

Blue

 

this is the way I would like to work behind my router. I don't have this option with Outpost but if I installed LnS is it as simple as 'disable Internet filtering' only enabling Apps. from the outset?

 

yes, disabling internet filtering is as easy as unchecking a box.

 

Thank you this is very a useful feature and something else for me to consider now

 

dja2k: If you really want to do some hardening, you could probably use Harden-It and WWDC without any problems. If he uses File and Printer sharing across a local network you'll want to pay attention to the prompts in WWDC, but otherwise it should pose any problems. Harden-It is definitely a good idea for someone that's going to use P2P.

Robyn: I still think it's worth using the ruleset in LnS with a router. The router won't actually filter any traffic the way LnS will. In the event that you have to create a rule (which isn't very often if you're doing normal stuff) then you can look to see what was blocked in the log, right click on the entry and "Create Rule". There are also plenty availabe on the website that you can simply import. I really haven't had to create very many rules, though, even with Phant0m's ruleset.

 

Thanks Blue and Notok! Yeah blue I will be real careful in what services I turn off for him and Notok I was definately be installing Harden-it on his machine plus WWDC. He doesn't have a network for sharing, so closing those common ports are okay.

I just remembered something I needed to ask you guys. Not complaining about the power of KAV 2006, but why doesn't its web scanner act the same as Nod32's or Antivir Personal Classic 7 where if he goes to one of those explicit sites, he would get notified of a virus being a trojan dropper or somthing else. I know Nod32 has that big red "page has been blocked" dialog. Never seen any sort of dialog form KAV saying it has block that kind of stuff. I will still definately customize the defualt settings in KIS to block all access, disinfect, and delete to all scanners if a virus is found by KAV.

dja2k