Where're the gaps?

So I've done some reading on here and elsewhere. I've bugged you guys and now I think I'm pretty much sorted.

I've sorted out a system partition (for system files and applictions) and a data partition.

I'm running:

• Firefox (with Noscript and Adblock, with the easylist filters)
• Sandboxie (unregistered)
• Online Armor (free)
• AVG 8 (Free) (always on)
• Spyware Terminator (on demand)
• Returnil (free) (only occassionally for extra security)

I feel like this is quite a comprehensive setup offering a good level of security.

Have I missed anything?

 

Are you using online armor's firewall?

 

Yaarrr. I've mentioned it in my list. Do they offer other free security goodies?

 

Not that i'm aware, but online armor free is a generous offering, it's a pretty solid, well rounded tool.

Sounds as though you've got all the bases covered to me. I don't know how the hueristics of the avg free engine are, but if you wanted, you could always supplement with a malware ids like mamatu, if you felt it warranted.

You could use peer guardian for network security/privacy.

And of course regular data backups and system imaging, for data security.

And that more or less covers the major areas of concern

 

Ah yes - forgot to mention I'm backing up the Data partition with Karen's Replicator.

I keep meaning to sort out backing up the System Partition. I'm thinking DriveImage XML sounds like a good choice - free and windows-based.

 

Scoobs,
I don't see any gaps, but I don't see any gaps in my security either due to my lack of knowledge.

So I assume there are gaps in my security setup, at least theoretically, which means that malware can penetrate through my security setup.
My boot-to-restore doesn't accept any change and penetrating malware is considered as a change and therefore removed during reboot. So this is my anti-gap solution.

Of course, when I read this :

I don't see any anti-gap solution anymore. Your frozen state is occassionally, while mine is permanent.

 

Yes, I appreciate your point. But I have to install things from time to time.

Is there any software that can backup from inside windows (like DriveImage XML) but which can do incremental backup updates?

I mean something that makes one "base" backup of (in this case) the system partition, and then can be scheduled to make "what's changed" backups at regular intervals, so you can step back to previous states of the partition until you get to one that was working fine?

 

I think your setup is very solid. Maybe a behav. blocker in case avg misses something.

Have you disabled autoplay for removable media? Last time I got infected that way. At that time I was using SBIE free, and NOD32 didn't noticed anything. As sandboxie free don't force folder into the sandbox, you should do that. Use TweakUI.

BTW, be careful with returnil, don't just trust it because is there: you must get the habit of actually turning it on when doing something out of the usual. A couple of times I found myself doing something and then thinking "oops, I should have done this with returnil turned on"

 

Thanks HURST. I think you're right. I need to get into the hang of using Returnil, and first I need to read more about it.

 

Read this thread regarding backup, nothing but freewares :
https://www.wilderssecurity.com/showthread.php?t=207615
Backup is very important, it's your last chance in case of the worst scenarios.

 

Scoobs,
Returnil is a simple boot-to-restore solution with no other possibilities, than frozen mode or thawed mode and simplicity is in case of ISR-softwares more a disadvantage than an advantage.
You can rollback to only ONE previous state and that doesn't give you much room for playing.
Softwares that require a reboot during the installation can't be tested in Returnil.
That's why it is difficult to keep the frozen state permanently. So forget my remark, I think too much as a FDISR-user.

 

Erik, which remark should I forget. Is FDISR a better solution? Where can I read a brief overview of what it does?

 

Scoobs.

FD-ISR the way Erik and others use it, is discontinued.

 

Thanks HURST

 

Scoobs,
Lots of user like to try new software on their computer. There is nothing wrong with it, but it creates junk on your computer, because most softwares have a bad uninstaller and this creates leftovers and that grows and grows like weeds in a garden.

"Using" a software creates also junk and that junk isn't always removed by the software and cleaning softwares don't always remove it, because they don't know what to remove. The better cleaning softwares have usually a SHORT list of popular applications and those applications are also cleaned, but that's not enough.
An application like VideoStudio isn't cleaned. Each time I use this software, it creates minimum 10gb junk. This is an extreme example, but almost every software creates junk, because they need that junk to do their job. Sometimes it is cleaned by the software itself, sometimes it is cleaned by a cleaning software, sometimes it isn't cleaned at all.

Where are these junk objects ? What is the name of these junk objects ? Is it really a junk object and is it SAFE to remove ? Those are difficult questions for an average user.
Oh, but I use "CCleaner" to clean my computer. Well CCleaner doesn't remove the junk of "DVD Shrink" and "VideoStudio" and how many other softwares aren't cleaned by CCleaner.
So I didn't even have the right clean software to clean ALL the mess and after some thinking, I came to the conclusion that such cleaning software doesn't exist at all and will never exist. There are just too many softwares world-wide. So I couldn't solve this problem in a classical way.

In September 2007 an accidental combination of events happened on my computer, that gave me an idea.
1. I noticed that "DVD Shrink" analyses each new DVD, before you can do anything else.
2. I also noticed that "DVD Shrink" didn't analyze a DVD, that was already analyzed, which means it "remembers".
3. Something went wrong while I was working and I refreshed my off-line snapshot with an archive.
4. So I re-used my already analyzed DVD and I noticed that "DVD Shrink" analyzed the DVD again and that was VERY strange.
Why didn't remember "DVD Shrink" that this DVD was already analyzed 5 minutes ago. What made this happen ?
The answer was simple : by refreshing my off-line snapshot "DVD Shrink" was back in an "unused" state and that's why it didn't remember any analyzed DVD anymore and that forced me to think a little further.
If ALL my softwares are in an "unused" state, I have the most thorough cleaning method, I can think of.
Not only for some softwares, like CCleaner, but for all softwares world-wide.
This idea was so simple, I was embarrassed and ashamed, I didn't get this idea sooner.

I re-installed my computer from scratch, configured it and created an image and an archive, that contained an "unused" system partition.
Each time I reboot my "used" system partition is refreshed with an "unused" system partition and that means :
- no leftovers of installed softwares
- no junk files of any software
- no history of any software
- any superfluous object is removed
It all happens automatically without knowing anything, without doing anything, it's fast and very SAFE.

Is the very same possible with RETURNIL ?
It's upto you to find out, it won't be that easy as with FDISR.
Switching from thawed mode to frozen mode can put your system partition in an "used" state.
So you have to be more carefully with Returnil to keep the "unused" state.
I don't have to be carefully, because I can rollback to an unused state at any time.

Don't underestimate this problem, because I know from the past that my computer was a big mess after using it 6 months.

 

Very good post Erik and very, very true.

 

Wow, thanks Erik.

From what I understand about Returnil and what I've read in your post, it is possible to replicate your security setup with Returnil, and I'm thinking I'm going to have a go. It'll mean another reinstall and a session of downloading all my software again, but I'm thinking it's worth it, for the (eventual) simplicity and conceptual thoroughness of your solution.

 

The main problem with Returnil is that it can't handle softwares that require a reboot during the installation.
1. Returnil is in frozen mode.
2. You install a new software, because you are curious.
3. The software asks you to reboot your computer to finish the installation.
4. You reboot
5. The software is gone, because Returnil was in frozen mode.
That is the problem.

 

Ah, I see what you mean. Yeah, that is a shame. It only applies to software you want to test of course- if you're happy to install it, you can turn off Returnil. I guess the long workaround is a Drive Image prior to installing...

 

1. Backup your system partition
2. Returnil = OFF
3. Install the software and reboot to finish the installation.
4. Restore your system partition, if you want to get rid of it completely.
This is a very safe and cheap workaround.

 

... or you can make a system restore point prior to new software installation.

 

See here