Yet another recommend me a setup thread.

Discussion in 'other anti-malware software' started by Konata Izumi, Aug 30, 2011.

Thread Status:
Not open for further replies.
  1. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    1. Asetup that will deny any installations/execution unless the programs are already installed and or is allowed by me.

    2. A setup that "only I" can "easily" allow something to execute/install whenever I want.

    3. those already installed should have security implementations in place so it would not be a threatgate.


    there are times that a file is really "tempting" to execute so I want to have:
    4. A setup that is quite safe and secure even after "forcefully" allowing an unknown/potentially unsafe execution.




    ***************************
    MY EXPERIMENTAL SETUP
    ***************************

    Standard User Account, maxxed UAC, disallowed SRP

    1. Deny elevation request from users via GPEDIT.msc + SRP takes care of default deny setting.
    2. SuRun makes it easily for "me" to elevate/execute/install + can remember password to automagically run specific app elevated.
    3. probably GesWall or something...
    4. I need help in this one
    probably one of these: returnil, sandboxie, cis, trusteer rapport, spyshelter, webroot secureanywhere
     
    Last edited: Aug 30, 2011
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Sandboxie or CIS for manually sandboxing suspicious files. IDK about the rest.
     
  3. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    AppGuard (may give you some issues but is excellent) + Sandboxie(BSA analyzer)

    Defensewall (only 32bit systems) + Sandboxie(BSA analyzer)

    Comodo firewall (sandbox, HIPS and firewall, including the cloud behavior blocker and the cloud av) you can add here sandboxie if you want to use BSA analyzer.

    Novirusthanks exe radar pro + Sandboxie(BSA analyzer)

    Spyshelter + Sandboxie(BSA analyzer)

    I would add to all the configs trusteer rapport just in case.
     
  4. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    konata,
    I think a combination of returnil and appguard (or maybe Faronics Anti-Executable) should give you the desired result.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Pretty much this...
     
  6. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    the most surefire way for me is returnil and rapport but they are quite heavy for my 1GB RAM PC.
    lightest would probably be webroot secureanywhere
    or CIS with the manual sandbox and rapport... (last time I tried CIS, I have problem running apps in manual sandbox)

    sandboxie is not an option for me because I don't have paid version and SuRun cannot elevate application run via Sandboxie.



    I know rapport can protect from some of those new tough trojans but is that enough? I don't think so
     
    Last edited: Aug 30, 2011
  7. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    I will go with Comodo Firewall with manual sandbox and trusteer rapport if you don't want to spend money, anyway even if you spend it you will not get anything "clearly better".

    Although maybe there will be a free version of webroot including the same features that the old Prevx Safe Online Free that it uses less RAM than trusteer rapport, and probably the final version will not fail in the MRG tests.

    Trusteer rapport protects your browser against almost any malware that need to use the browser to success, also it block, detects and clean if the computer is infected the modern banking malware like Spyeye and Zeus.
    Try to install it and look at the advanced settings to configure it properly but take into account that only protects the websites that you tell him, and also protects the browser against attacks key capture...
    http://www.trusteer.com/product/trusteer-rapport
     
    Last edited: Aug 30, 2011
  8. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    if I use rapport... I cannot use GesWall to isolate my browsers, I don't want that.

    Unless browsers have a way to BLOCK all addon/extension installations.


    EDIT: thanks for the info about rapport lordraiden but I already know about that and I have used rapport for a long time and I knew all about it's settings.

    a free rollback/image software in addition to rapport may do but still looking for other options
     
    Last edited: Aug 30, 2011
  9. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    If gesswall is not compatible with trusteer rapport probably it will not work either with Prevx safe online, (the same happens with sandboxie)

    I guess that you need to choose btw geswall and safeonline or trusteer rapport. I don't know if geswall is able to block banking malware but since sandboxie fails doing it probably geswall too.

    Since you are using a 32 bit system maybe you can go with Defensewall and forget everything else.
     
  10. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    GesWall passed MRG tests I think...
    DefenseWall is not FREE :(

    since safeonline/webroot sa/rapport can't work with GesWall... only Comodo / Spyshelter left in my options

    Spyshelter has option to auto-allow all microsoft signed and the option to auto-block suspicious behaviour is useful.
     
    Last edited: Aug 30, 2011
  11. Yanick

    Yanick Registered Member

    Joined:
    May 3, 2011
    Posts:
    269
    Consider, Ilya can arrange discount for your initial purchase. Yearly subscription is 9,95€ so it's not much :D i am very happy user, you wont be dissapointed! Lal, sorry about the marketing :D

    Put Webroot SecureAnywhere and Returnil, DefenseWall into the mix and see how light it is?
     
  12. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    lol Returnil alone can bake my PC after several hours of intense tasks, it's light but I'm aiming to do alot of tasks soon so :(

    I don't have any source of income just leeching off my parents money and living in their house so buying software is o_O

    I'd buy myself a t-shirt if instead if I could ask for money :D
     
  13. Yanick

    Yanick Registered Member

    Joined:
    May 3, 2011
    Posts:
    269
    Ow i see :( life of a student isnt easy.

    Thru net evrything is possible ;)

    Hm, so completely free setup is for you. Well try integrate Webroot SecureAnywhere into your experimental setup, as its very light and effective. If you would have Sandboxie Paid lifetime, that would be superb with forced folders etc. :thumb:
     
  14. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Light footprint, use what is built into the OS. Perhaps SuRun if you want to get a little more serious with a USER account.

    Applocker or SRP in a default deny setup, not much more you need.

    For extra measures use a sandbox so that those "what if" situations are contained.

    Or, you can use lots of other applications :D

    Sul.
     
  15. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Hahaha. I just had to laugh at this comment :D
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I agree - stick with what's in your OS whenever possible.
     
  17. powerpack

    powerpack Registered Member

    Joined:
    Mar 23, 2010
    Posts:
    42
    Location:
    Now-here or NO-WHERE
    konata,
    How about Bufferzone Pro, it is close to defensewallo_O Maybe I am wrong


    Thanks,
    HP
     
  18. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    Thats the only bad thing of Defensewall xD , with an x64 version and a lifetime license I would have buy some time ago.

    I don't remember geswall being tested by the MRG banking test (but could be) also it has change a lot, and the geswall development I think that is quite stopped.
    Do you really need geswall?
    If you use Comodo you can run the browser in the manual sandbox.
    With trusteer rapport or safe online you get the additional security, if they are compatible with Comodo sandbox (i'm not sure)
    You can also use the light version of trafficlight of bitdefender.
    The whitelist of Comodo is much bigger than the SS whitelist so you don't need to worry about that.
     
  19. tomazyk

    tomazyk Guest

    You can use Malware Defender for execution prevention. It's free and you can lock UI with password, so noone can execute anything that you haven't put on whitelist.
     
  20. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,544
    If only SuRun can elevate things executed in the sandbox. I'm done with my quest :D


    it's bypassed on MRG tests.


    I do. I always do. :D



    yes I need geswall so I can rollback changes (extensions other users might install) in my browsers
    actually I tested trusteer and geswall and found out that they work together... but Trusteer website says rapport and geswall are incompatible.o_O

    I still don't trust comodo sandboxing yet... most of the time it breaks things I don't want it to break my browser's (chrome) built-in sandboxing.
    bitdefender trafficlight? I don't like extensions in chrome.
    I prefer smaller whitelist as much as possible I want only microsoft signed applications whitelisted.


    btw Rapport does not automatic update right? + everytime I download a new installer from their site every 2-3 days, it shows a newer version.


    it's too full blown HIPS, too much for me. :D
     
    Last edited: Aug 31, 2011
  21. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    Trusteer rapport has a updates notification system included, but I have never seen it updating because I have never look at the version number, but I will do to check it.

    With Comodo you can remove all the trusted vendor except Microsoft, then using any of the options in the screenshot you can block the trusted vendor list from being updated.
    Capture.PNG

    When you said that Comodo sandbox breaks some apps you mean the manual or the automatic one? those are totally different.

    If the trusteer website says that is incompatible with geswall I wouldn't use it.
     
  22. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    I just use Kingsoft PC Doctor cause it's proactive, RoboForm, Hitman Pro running on startup and my common sense, works for me.
     
  23. tomazyk

    tomazyk Guest

    Yes, MD is really strong HIPS. But still with disabling/changing few rules you can easily "make" an app that will monitor only execution of processes :)
     
  24. lordraiden

    lordraiden Registered Member

    Joined:
    Jan 30, 2006
    Posts:
    3,068
    I remember the Kingsoft AV being quite weak when it has been tested, which part of the proactive protection that you mention (if there is any because I can't find it in the website) you think that deserve to run it?
    According to the website don't seems to be a complete av http://www.kingsoftsecurity.com/product.shtml just an anti trojan engine, and don't even seems to work on real time.
     
    Last edited: Aug 31, 2011
  25. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    12,883
    Location:
    Canada
    it does has registry protection in real time:D
     
Loading...
Thread Status:
Not open for further replies.