Time For A Complete Security Overhaul

[torrenova]

Like many I guess, my security has evolved over time. Though I do not really understand what all the different words mean in the world of internet security, I "know" I have to have some !

Some have commented that I have too much going on at the same time. I don't really understand that as I know that 20 bolts on my front door stops more burglars than 1 bolt. However, I have heard this before.

In the past and currently I've run Zone Alarm, Avast, AVG, Avira Antivir and probably others. Syybot, CCleaner and a couple of other things from time to time have kept me clean and safe. At the moment, whatever I have works and it is all free.

I always liked the idea of one company taking charge of everything but I know you could never rely on M$ and Windoze. I had Norton years ago but it was crap. I hear things about Comodo now.

So imagine starting from scratch, can someone please state what is required and then maybe address the issue of complete protection.

Running Vista HP 64bit Quad core 4GB RAM. Firefox as main browser. Usually just that, Chrome as back up and Excel, Word and usual stuff as applications.

[nikster]

You don't run more than 1 AV program at a time because these programs inject themselves deep into the system and cause conflicts if you install more than 1 at a time.

You don't need an "internet firewall" from anybody - just turn on the Windows firewall and it's good enough. The rest is scareware and outright BS. I have never heard of anyone, ever who has prevented a malware attack by means of a third party firewall. You need to realize that security firms have a vested interest in scaring you to death. It's a bit like airport security - a security theater that is supposed to make you feel secure without actually doing anything.

The main issue here is that you need to inform yourself on what the actual threats are, and why you should have a particular anti-malware program.

You need a good AV program, and a good spyware remover. However, that's not all - you also should use a low profile browser. Firefox is better than IE, but Chrome is probably even better because fewer people use it. Then again it might have more bugs.

Here's how malware installs itself on your system in 2010:

- Emails. Somebody sends you an email with malware. Best defense: Gmail, or another provider that just filters out malware. Second best: Don't open attachments. Third: AV program will reliably detect malware in emails.

- Downloaded "warez" - those are almost always trojan infected. AV program should detect but best to just not download programs.

- Downloaded videos or other stuff that then needs to "download an extra codec" or something similar - basically tricks you into downloading malware. AV program might detect this or not. Don't download codecs or anything else is the best defense.

- Drive by attack via web browser. Malware hides on a website, uses a security hole in your browser to install itself in the system. AV program likely useless as the malware runs first and disables the AV program. Extra firewalls are - as always - totally useless. The only thing you can do against that is to browse safely and to use a browser that has a small attack surface. Firefox and/or Chrome should be good enough in the real world, but something more exotic like Opera is probably even safer. No-one would bother writing an exploit for Opera. Stay away from IE. It used to be good enough to stay away from shady websites but not anymore as these days perfectly proper websites could be infected and act as host without knowing it.

Spyware uses similar tactics but it's pretty harmless so scanning your system with an anti-spyware program every now and then should suffice.

Forget about Windows security settings, any attack will get around them. Leave them at default.

Edited January 7, 2010 by nikster

[thaimite]

You don't run more than 1 AV program at a time because these programs inject themselves deep into the system and cause conflicts if you install more than 1 at a time.

You don't need an "internet firewall" from anybody - just turn on the Windows firewall and it's good enough. The rest is scareware and outright BS. I have never heard of anyone, ever who has prevented a malware attack by means of a third party firewall. You need to realize that security firms have a vested interest in scaring you to death. It's a bit like airport security - a security theater that is supposed to make you feel secure without actually doing anything.

The main issue here is that you need to inform yourself on what the actual threats are, and why you should have a particular anti-malware program.

You need a good AV program, and a good spyware remover. However, that's not all - you also should use a low profile browser. Firefox is better than IE, but Chrome is probably even better because fewer people use it. Then again it might have more bugs.

Here's how malware installs itself on your system in 2010:

- Emails. Somebody sends you an email with malware. Best defense: Gmail, or another provider that just filters out malware. Second best: Don't open attachments. Third: AV program will reliably detect malware in emails.

- Downloaded "warez" - those are almost always trojan infected. AV program should detect but best to just not download programs.

- Downloaded videos or other stuff that then needs to "download an extra codec" or something similar - basically tricks you into downloading malware. AV program might detect this or not. Don't download codecs or anything else is the best defense.

- Drive by attack via web browser. Malware hides on a website, uses a security hole in your browser to install itself in the system. AV program likely useless as the malware runs first and disables the AV program. Extra firewalls are - as always - totally useless. The only thing you can do against that is to browse safely and to use a browser that has a small attack surface. Firefox and/or Chrome should be good enough in the real world, but something more exotic like Opera is probably even safer. No-one would bother writing an exploit for Opera. Stay away from IE. It used to be good enough to stay away from shady websites but not anymore as these days perfectly proper websites could be infected and act as host without knowing it.

Spyware uses similar tactics but it's pretty harmless so scanning your system with an anti-spyware program every now and then should suffice.

Forget about Windows security settings, any attack will get around them. Leave them at default.

All of the above is excellent advice.

Just one point of interest.

I run AVG (paid version on my PC, but recently I was working on a very badly infected PC that would let me install any of the standard AV software and on one of the specialist forums I came across this program http://www.malwarebytes.org/mbam.php which I had never heard of.

Not only did it remove a lot of problems from the PC I was working on, but when I ran a scan on my own PC afterwards it detected a serious trojan that AVG had missed.

It is a free download and can be run as a single scan (bearing in mind the above advice about not installing more than one AV software) so give it a try.

[torrenova]

Thanks for your reply but if I may come back with a few questions.

Why do I need a good spyware remover ? Surely it is better to have a system which cannot be breached by spyware ? If you need a specific remover, doesn't that mean your system is not secure and whatever you are using is just not up to the job ?

So what would you put in then ? What would you recommend ?

Thanks.

[Supernova]

Disable Windows "Autorun/Autoplay" (see Knowledge Base article KB967715)

Yet another useless feature that's exploited all too often. Malware from infected removable devices like USB flash disks can easily find their way on to your computer with a single click. I have Autorun disabled on ALL my client computers.

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"HonorAutoRunSetting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Disable Windows Script Host (WSH)

Although WSH is a very powerful and useful scripting engine, it's a security hazard. Malware writers often use VBS scripts (.vbs) to infect a target machines with trojans and worms. IF you're not using WSH to perform system management tasks, disable it.

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Remote"="0"
"Enabled"="0"

Use the following script to test whether or not WSH is enabled on a given machine:

 // Copy and paste code below to Notepad, save file as: myfile.vbs.

Set wshShell = Wscript.CreateObject("Wscript.Shell")
MsgBox("Windows Script Host access is enabled on this machine.")

Other steps you can take to protect your computer...

- Keep your system up-to-date by installing Windows "critical" patches when they become available;

- Install anti-virus as well as anti-malware programs;

- Use common sense.

[Obiwan]

Don't!

I've been using Windows for 20 years now and NEVER had a virus, just take the recommended precautions.

Install win7 and make an easy backup. When, (and only when you get a virus then you're back up and running in 20 minutes)

You will save so much time and money and precious computer resources

Have a separate bussiness and banking computer if you need to and use this for only this.

[powderpuff]

There's an old saying. "You get what you pay for" never more true than anti-virus software. Since I want to be out ahead of the evil-doers I subscribe to McAfee. Been a user for 10 years & very happy. I think I pay for 4 machines. Catch them on the promotion - usually get SIGNIFIGANT discounts - like $30 - $40 a year.

mmmm just went to their website - 50% off. Nice.

Edited January 7, 2010 by powderpuff

[ArthurPewty]

AVG and ZoenAlarm have kept TWs computer going for years. Even in the face of all the USBs she jams in the back.

[Gary A]

I was using Norton Internet Security. It was great and I never had any problems. I like an entire package that takes care of everything.

I upgraded to Win 7 Pro and since my Norton package was due to run out decided to try Microsoft Security Essentials and the regular windows firewall. I also use Advanced System Care Pro. So far no problems.

I don't entirely trust the free stuff so every couple of weeks I do a complete on-line scan with the Dr. Web free scan and the free Norman malware cleaner. They have found absolutely nothing so my confidence with MS is growing.

[torrenova]

Whilst I am grateful for all the advice, I need to focus exclusively on what resources I have available. I am not going to buy this system or than one nor upgrate operating systems or install another hard drive or buy another computer to run banking applications.

For the purpose of this thread, can we focus on what we have available and only that.

Visat HP 64 bit Intel Quad Core 4GB RAM, 2HD (0.5TB) and (1.0.TB)

At very best, I could be convinced to ditch all the free security I have assembled and pay for a security suite. I would however rather it was free because what I have now is free and I don't see any major issues with it.

I'm a businessman and risk analyst not a computer geek so whilst I appreciate talk of malware this and anti virus that, can someone who knows it all just tell me what I need in simple language and not assume I am qualified to choose. I won't be embarrassed as I know wher my limitations are. Someone needs to dumb it down enough so that I can grasp it 100%.

Some of the issues seem to be overlapping protection. To avoid this, whilst not leaving any holes would seem to be the problem as I don't know who or what to use for whichever purpose.

[Insight]

As Gary A mentioned, MS Security Essentials has got all my requirements covered. It detects spyware, malware, viruses, trojans etc, and even detected a few minor bits of spyware AVG previously missed.

This combined with the built in firewall should be enough to cover most requirements. Price is right too.

[nikster]

Disable Windows "Autorun/Autoplay" (see Knowledge Base article KB967715)

Yet another useless feature that's exploited all too often. Malware from infected removable devices like USB flash disks can easily find their way on to your computer with a single click. I have Autorun disabled on ALL my client computers.

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"HonorAutoRunSetting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Disable Windows Script Host (WSH)

Although WSH is a very powerful and useful scripting engine, it's a security hazard. Malware writers often use VBS scripts (.vbs) to infect a target machines with trojans and worms. IF you're not using WSH to perform system management tasks, disable it.

 Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings]
"Remote"="0"
"Enabled"="0"

Use the following script to test whether or not WSH is enabled on a given machine:

 // Copy and paste code below to Notepad, save file as: myfile.vbs.

Set wshShell = Wscript.CreateObject("Wscript.Shell")
MsgBox("Windows Script Host access is enabled on this machine.")

Other steps you can take to protect your computer...

- Keep your system up-to-date by installing Windows "critical" patches when they become available;

- Install anti-virus as well as anti-malware programs;

- Use common sense.

^^ what he said. I forgot about disabling AutoPlay. That's essential!! Every second Thai computer I put my USB Flash drive in installs a virus. When AutoPlay is enabled, the virus will find its way onto your system, bypassing any AV program you might have running!

Disabling WSH is good too, though I never did that.

My windows machine runs with autoplay disabled, and by taking some precautions. I use AV software only on an on-demand basis (nothing running all the time in the background) when I get paranoid, but so far never had a virus.

The problem with "just installing a security suite that does it all" is that it will install boatloads of crap that you don't need - like the firewall - which will then consume system resources for no reason, or worse, constantly pop up alerts that are mainly designed to make you think your'e getting something for your money, rather than any actual information. Think of them as adverts. "Look how important I am, I detected 27 port scans and 598 break in attempts! Oh what would you do without me?"

I don't know of any light-weight no-bullshit AV package. Norton and McAffee are definitely _not_ it. 90% of these packages are scareware. 10% protects you.

[webfact]

I don't know of any light-weight no-bullshit AV package

Eset NO32