topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 12, 2024, 1:32 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Let's try to create our own suite for internet security.  (Read 26695 times)

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 652
    • View Profile
    • Mark's home
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #25 on: January 12, 2011, 03:59 PM »
Since I rarely have any malware, perhaps I shouldn't be so concerned, but I don't like the idea that a malware program that managed to get on my computer could send out information without my knowing it.  Thus, a firewall that works in both directions seems to me a good idea.

But, I think, that restrictions are so easy to circumvents in some way or the others that's probably not even worth trying, IMHO.
I had coded a (very!) little demonstration tool about 6 years ago, but I believe it may still be working:
http://mark0.net/soft-leakout-e.html

It just try to "smuggle" :) some stupid data, like Machine name, Windows Directory, etc. using the browser.
I'm curious to hear if it still works on some recent Win configurations.

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #26 on: January 12, 2011, 04:26 PM »
The issue with installing multiple security apps was - and still is - with having multiple *realtime* scanners active at once. This can cause problems to this day. In times past some AV apps would also sometimes detect each other as "unwanted" or quarantine bits of each other. This still happens sometimes today I believe, though I haven't seen it for a long time. Many AV apps will give you a warning if they detect other antivirus apps when they're being installed, others will outright disallow you to install before uninstalling the other. This all applies pretty much to antivirus apps, particularly those with realtime scanners. Antimalware and antispyware apps tend to play better together and are less contentious. Generally speaking, just having multiple *on-demand* AV scanners is fine.

The line between antimalware, antispyware, antitrojan, etc. is not real clear unfortunately. Personally I think it's a stupid distinction and wish we didn't need additional apps like Malwarebytes, but it seems that antivirus apps don't cover everything right now.

My personal choice of antimalware is Emsisoft, formerly A2 (I think). It seems to find things that Malwarebytes doesn't. Neither is particularly obtrusive or heavy on resources.

I also think an app like JottiQ, or use of an internet-based multi-engine on-demand scanner is useful for anyone who likes to download and play with new software.

- Oshyan

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #27 on: January 12, 2011, 04:34 PM »
Yes JJ.  All true.
that's why i think it would be helpful to establish this list here.  That way, others can have some kind of assurance that the stuff on the list plays nice with each other.  After all, it's donationcoder approved!

I might even add an extra box with some directions below the list specifiying exactly how to set up each software to play nice.  I feel like something like this can be very helpful for people.  It's not the easiest topic to get your head around.

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #28 on: January 12, 2011, 04:41 PM »
WinPatrol!
I totally forgot about it.  Definitely something to include here.  What category would that fall under?  Startup protection?  Application Nazi?  Watchdog?

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #29 on: January 12, 2011, 05:52 PM »
Just a query about your list: you've got Windows Defender listed under Hardware Firewall.

Windows Defender is a Anti-Spyware program - not a firewall.

A Hardware Firewall is something you're going to find in your router device, be it a Linux gateway, an ADSL router/modem or dedicated piece of hardware, (eg. ZyWall devices) - about the only thing you can say in this category is to turn it on, (if it exists), and ensure it's configured correctly.

On a related note, what are some recommended on-demand scanning for antivirus, malware, etc.?

How about JottiQ?

WRT on-demand scanners, can any service that won't work without an internet connection truly be called on-demand?

They should be called 'when convenient'.

The only anti-something service that can be truly called on-demand is something that will work offline as well as online.

worstje

  • Honorary Member
  • Joined in 2009
  • **
  • Posts: 588
  • The Gent with the White Hat
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #30 on: January 12, 2011, 05:56 PM »
On a related note, what are some recommended on-demand scanning for antivirus, malware, etc.?

How about JottiQ?

WRT on-demand scanners, can any service that won't work without an internet connection truly be called on-demand?

They should be called 'when convenient'.

The only anti-something service that can be truly called on-demand is something that will work offline as well as online.

JottiQ does indeed not fit the bill here. As much as it is on-demand (online aspect ignored), it is not intended to scan entire computers. It is meant for small amounts of files you specifically distrust. Nothing more, nothing less.

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #31 on: January 12, 2011, 06:04 PM »
Windows Defender is a Anti-Spyware program - not a firewall.
I know.  It was just a placeholder.  I'll clean it all up eventually.  Does Windows Defender even exist anymore?  I was under the impression that MSE superseded it.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #32 on: January 12, 2011, 06:24 PM »
Windows Defender is a Anti-Spyware program - not a firewall.
I know.  It was just a placeholder.  I'll clean it all up eventually.  Does Windows Defender even exist anymore?  I was under the impression that MSE superseded it.

Sorry  :-[

I think you could just put 'Integrated in Router/Gateway device' - just about covers all consumer stuff.  Unless you want to specifically recommend some device.

I think it still exists, at least I'm still showing definition updates for it in my Windows Update History.
« Last Edit: January 12, 2011, 06:26 PM by 4wd »

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #33 on: January 12, 2011, 07:20 PM »
I think it still exists, at least I'm still showing definition updates for it in my Windows Update History.
Duly noted.  Thanks.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #34 on: January 12, 2011, 08:29 PM »
I would add dns-services like Norton, DynDns and ClearCloud. Also K9 which is a proxy type of software but a more than boring parental control. Opposite http filters from AVs there is little to no overhead and they work. DynDns and K9 has white list feature, FPs do occur so I consider that a must-have. These services must not be mistaken for Google Dns, Opendns since they ignore malware/spyware/virus stuff or charge heavily for it.

Only screwed up routing is good reason for not using any of these. Need one anyway so might as well use one with added features. Not really possible to mess up also counts. Dns benchmarks will probably show ISP dns is faster but in real life computing I doubt difference is noticeable. Dns lookups are cached in Windows, in browsers, in some routers as well.

Norton: http://www.nortondns.com/
DynDns: http://www.dyndns.com/services/dynguide/
ClearCloud: http://clearclouddns.com/
K9: http://www1.k9webpro.../protect-my-children (Children/school part can be ignored)

Too lazy to test but right now I have a problem with this forum which I think has to do with K9. When posting it says "Bad Request. Your browser sent a request that this server could not understand." or something - but post is accepted. But nothing is perfect and I am on beta-program ;) Only problem I have noticed. They have active support, forums and what not. I just have not bothered checking this issue out.

Those who like WOT will say why not WOT then? I don't think it belongs in same category since it is only a browser plugin where the others are system wide.

If preparing for war or going to visit family members! use Sardu http://www.sarducd.it/ and Ketarin http://ketarin.canneverbe.com/ for auto-burning, auto-updating of whatever tool you can find. Take time to set up though. List of portable/on-demand system diagnostics, removal tool is very long. Even Norton now has Norton Power Eraser http://security.syma...rt/npe.asp?lcid=1033 If you also want to deal with what to do when security setup does not work so well any more these 2 are useful.

Btw, if any certified security freak see you list ComboFix as a tool to use by every random person good luck getting away with that ;) If you open up combofix.exe in 7zip or similar you will see it consist of Nirsoft tools, gigantic batchfiles, registry this and that. Basically 1 monster script you run. So when author tells combofix to delete a system file required for boot it will be done - has happened before... Most features are not documented since only to be used by "experts" on removal forums, the scripting part which take place after reading log-file. All that nobody have a clue about and why it is considered risky to recommend. I understand concerns but ask my self then why the hell put up a how-to guide! Very strange but potentially a Windows killer. Risk level can be compared to running Registry Cleaner - or something of that nature. Another thing is I don't think it supports 64bit Windows? Should be mandatory to get on any list in 2011?

Take a look at OTL for real documentation for how-to script and log stuff http://www.geekstogo...use-oldtimer-listit/ If uninteresting that could hint ComboFix should not be used.
« Last Edit: January 12, 2011, 08:31 PM by Bamse »

nosh

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,441
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #35 on: January 12, 2011, 10:57 PM »
The only possible reason I could think of for running a 3rd party inbound/outbound firewall is if you were interested in seeing what your apps were quietly getting up to internet-wise. Most will be checking for and fetching updates. But some programs will also try to do quite a bit more 'behind your back' than you'd expect.

If you're suspicious or concerned about any of that, you'll need something that monitors and reports on both directions.

+1 on monitoring (standard, API based) outbound connections using a 3rd party firewall. I have been alerted on more than one occasion by (the rather dated, but still serves its purpose) SPF about malicious activity. Another long abandoned utility that serves a similar purpose is Mike Lin's Startup Monitor.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #36 on: January 12, 2011, 11:55 PM »
Oh yeah forgot about the only firewall anyone can use, Windows 7 firewall control which also works on Vista and now apparently also XP http://www.sphinx-so...com/Vista/order.html Free version has some limitations like it does not protect or monitor system files but if that is a realistic worry there are other problems than finding a firewall which does include everything. Checks and inform about application activity or what most are interested in. Windows Firewall can also do that but painful to set up. Should be perfect for MSE users if that means less is better and no desire getting to know strange buzzwords and interfaces.

Pro version on the other hand is not for everyone from what I can tell. Complicated or advanced ;)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #37 on: January 13, 2011, 07:08 AM »
I'm under the impression that the Windows firewall was extensively improved for Windows 7 (or perhaps Vista, I'm not sure), but that it's not so good for Windows XP.  Am I mistaken?
It was introduced with XP SP2, and it was just fine back then - what you really need is incoming stuff blocked, and the XP firewall does that just fine.
Since I rarely have any malware, perhaps I shouldn't be so concerned, but I don't like the idea that a malware program that managed to get on my computer could send out information without my knowing it.  Thus, a firewall that works in both directions seems to me a good idea.
Once you have malware on your system, it's pretty much game over - if it's been able to run, it's very likely able to circumvent the firewall.
- carpe noctem

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #38 on: January 13, 2011, 02:49 PM »
Should that happen it will be comforting to know that all sensitive info is not in readable format but encrypted by ? Locking down info should be part of security "suite" ?

I do have a license to Ad Muncher but not used it since long. Pricing is not difficult to figure out - it is expensive, overpriced per computer deal https://www.admunche...er=www.admuncher.com Considering they have done a Roboform action, without too much public blame, and does not yet support GZip I feel like complaining a little ;) I just read that right now he "think" Gzip will be supported within 1 year. In August 2005 he said "The gzip engine is actually done, we just have to integrate it into the code the base of Ad Muncher." I can think of some other areas where Ad Muncher is easily a "winner" ;)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #39 on: January 13, 2011, 03:57 PM »
The on-demand scanning issue is a good one, but if something got past your defenses without triggering your antivirus the first time, it's likely to get past it again when you scan on-demand. This is why you'd want a second product just for on-demand scanning and not for real-time scanning.

So, if it gets past AntiVirus A's real-time, it would be more likely to be caught by on-demand scanning with AntiVirus B.

Yes, you can have 2 different anti-virus products installed on the same system without causing a clash, if only one if them is running in the background at all times doing real-time scanning. The 2nd one would have to have real-time deactivated, and  just leave its updater running.

I am using MSE for real-time and Avira for on-demand, but I am open to the idea of switching to something other than Avira if anyone has anything better to suggest.

I am also using Spybot Search & Destroy for it's vaccination feature and the Tea Timer, as well as something quite old called DiamondCS RegProt (original developer's site is gone but Softpedia has a copy)

There are also some essential browser plugins, depending on what browser you are using, but the most essential is some sort of NoScript, which is available for both Firefox and K-Meleon. Links to versions for other browsers will have to be supplied by someone else.

I love Ad Muncher and would never consider being on the internet without it, but it has some issues you should be aware of. The lack of gzip support that was mentioned before is one issue, the fact it turns ALL HTTP1.1 requests made from your PC into 1.0 requests is the other. Even if you white list a particular site, application, or turn off ad blocking, it will still do this for as long as Ad Muncher is still running. If a server is misconfigured and does not respond to 1.0 requests properly, it has the potential to break pages and there is no work around other than exiting Ad Muncher completely. I have run into this problem a few times, most notably on Friendfeed, where the issue caused pages not to fully load and I wasn't able to use some basic features such as "like" and commenting. This went on for a few months after Facebook bought friendfeed and they moved it to their servers. Even though I contacted friendfeed and explained what the issue was and how their server was not responding to 1.0 requests properly, I ended up having to use AdBlock Plus till they got around to fixing it. Since AdBlock Plus only works in the browser it is installed in and offers no protection for things like stand-alone desktop RSS readers and IM clients, it left me uncovered in most applications capable of displaying ads.

WOT (Web Of Trust) - I love this browser plugin for its ability to alert me to sites with less than stellar reputations. It crowd sources ratings for things like trustworthyness, vendor reliability, privacy, and child safety to its userbase. The commenting system can give you more of an idea why a site might have a bad rating, such as fraud, phishing, malware, spam, adult content, unethical practices, etc. While it's not the only thing you should rely upon to evaluate a site (it can be wrong) it can give you an idea of the past experiences of others when dealing with the same site. (I personally mark any and all spammers that hit this forum with spam links as bad sites, with a note of why) The reputation rings next to search results in the major search engines (supports the major providers) and next to links in webmail (supports the major providers) can alert you to reputation before you visit the site. (yes, even Adsense ads in Gmail get reputation rings, and oh, boy, you probably won't ever want to click one of those ads, even out of curiosity, once you see how most of them rate!)

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #40 on: January 13, 2011, 04:16 PM »
Thanks app!  Lots of helpful and valuable information there.  Let me reread it a couple times and I'll add some more things to the list in the first post.  Your method sounds very sensible and flexible, I like it a lot.  One thing I want to try on my computer is running MSE as the live scanner, and relegating Kaspersky (which is already running) to just an on-demand scanner.  I like Kaspersky for it's supposedly powerful detection abilities, but in the past couple of years, I think it's getting too sensitive.  Before, it hardly had any false positives.  Now, it's getting more.  I think Eugene Kaspersky is really getting a little too crazy with it.  He's too suspicious of everything and I think it's reflected in the program.  but that's just my feeling.

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #41 on: January 13, 2011, 04:30 PM »
By the way, I have to say something regarding adult content:
Adult content isn't necessarily malware.  yes, it tends to be found on sites that have bad stuff going on, but just because it's adult content doesn't mean it's harmful to your computer.  For example, a well designed page with some booby pictures around isn't a harmful thing.  I mean, sometimes that's why you (or I) are visiting the site!  My point is that I don't consider parental control issues in the same vein as security issues.  i don't have kids, I'm a grown man, i don't need to filter out any mature content.

I make it a point here because I don't think I intend to include parental control issues in my official list.  That's a separate topic as far as I'm concerned.  now, if it's a popup that has adult content, that's bad.  But that would be true no matter what the popup content was.  It's not the content, it's the popup that's bad.

The same goes with...er..."modified" programs.  Just because a program has been modified doesn't mean it's bad.  Yes, there's a much greater chance of it being bad vs an unmodified program, but that doesn't mean it's bad.  The scanners and security software should be able to tell the difference.

Maybe I'm wrong here, especially morally.  But this isn't about morals.  This is about filtering out harmful content and situations.  It's like saying, "There's the possibility of getting an ankle sprain playing basketball.  Therefore, I'm not going to play basketball."  A lot of you say similar things, "I never visit pron sites, so I never get any viruses.  I have never gotten a virus ever.  i don't even use an antivirus program."  OK...so what are we supposed to do with that information?  All we can do, logically speaking, is congratulate you for your accomplishment.  But it doesn't help anyone figure out how to protect against harmful things.

It reminds me of the popular message when we were in high school, "Abstinence is the best prevention for STD's."  Ok...thanks, sort of.  But you do realize that at some point, I'm going to..well...do it.  Then what?  Oh no...that's not a good message.

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #42 on: January 13, 2011, 04:52 PM »
I only mentioned adult content and child safety because they are features of the software. You can configure it to your needs and if you choose not to block sites with adult content you won't get the big warning banner on those sites.

Consider any adult content warnings as NSFW warnings and you might see the value in them a little more and understand that it's not just about protecting precious little eyes from stuff you think they are too young to see. It's about saving your own butt and job too....you wouldn't want to accidentally stumble on a site that could get you fired, would you?

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #43 on: January 13, 2011, 05:23 PM »
Ha, of course!  I never do that stuff at work, I ain't crazy!  That comment wasn't really aimed at you or to chastise anyone, sorry if it came off that way.  it just reminded me of something I wanted to clarify for the purposes of the list in the first post.

Yes, when at work, you just don't even try to go to shady sites.  That's where abstinence comes into play.  But when I'm at home, I'd like my security software setup in such a way where if I intentionally choose to explore a shady site, it will catch the harmful things happening.  That's the hard part.  We want protection during those times where we decide to cross the line.  It's like the military:  you have your defensive tactics, and your offensive tactics.  They are two different animals.

And I would never say anything negative towards you app.  Too much respect.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #44 on: January 13, 2011, 05:35 PM »
Neither me or my browsers are scared to visit any site but if you by "modified programs" and shady sites refer to warez, cracks stuff you should assume outcome is horrible for Windows - act accordingly to that doomsday/"highly not recommended" approach. Does not mean all such programs do not work, are harmful but that it is what you should expect. From my investigations I would say that porn sites are very safe in comparison :)

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,885
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #45 on: January 13, 2011, 06:13 PM »
Ha, of course!  I never do that stuff at work, I ain't crazy!  That comment wasn't really aimed at you or to chastise anyone, sorry if it came off that way.  it just reminded me of something I wanted to clarify for the purposes of the list in the first post.

Yes, when at work, you just don't even try to go to shady sites.  That's where abstinence comes into play.  But when I'm at home, I'd like my security software setup in such a way where if I intentionally choose to explore a shady site, it will catch the harmful things happening.  That's the hard part.  We want protection during those times where we decide to cross the line.  It's like the military:  you have your defensive tactics, and your offensive tactics.  They are two different animals.

And I would never say anything negative towards you app.  Too much respect.

That can be a little hard to do when you are staring at a page full of search results and you don't know which are the shady sites. The reputation rings then come in handy. If you want to be extra cautious, stick to results that show green rings and don't take a chance of the yellow, red, or sites with unknown reputation.

In addition to security, those reputation rings also help you find the sites more likely to have the info you are looking for, steering you away from the useless (and sometimes harmful) crap. It can really save you a lot of time in more ways than one.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,859
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #46 on: January 13, 2011, 06:56 PM »
At the risk of getting flamed, I'd like to add any live Linux CD to the mix for mega-safe browsing.

Very difficult to infect read-only optical media. At least last time I checked.

Pick your favorite flavor. The latest Ubuntu 10 releases finally got wireless fixed. Most NICs will now work right out if the box. It actually works with my old Belkin USB Wireless G MIMO (FD9050) - which happens to be one of the more notoriously fidgety NICs out there. It even gets fussy under Windows. No wonder Belkin abandoned it.

FWIW It performs flawlessly using Ubuntu's 10.04 32-bit live CD.

Bamse

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 410
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #47 on: January 13, 2011, 07:03 PM »
Also very difficult to infect a healthy Windows but Sardu has these Linux ideas covered, go crazy. When I have had actual need for a multi-bootable monster, cd or usb based, I have typically not been prepared because it is painful to keep updated. So now I pimp Sardu (and Ketarin) at every occasion - also that way I don't forget ;)

superboyac

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 6,347
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #48 on: January 13, 2011, 07:10 PM »
40hz is right.  I should include some sandboxing and such stuff in the list.  Those are also protective measures.  That goes along the lines of those emergency boot disks that you can use to clean a badly infected computer or something.  I think I mentioned that previously.  This is cool!  I've been meaning to put together a list like this.

Josh

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Points: 45
  • Posts: 3,411
    • View Profile
    • Donate to Member
Re: Let's try to create our own suite for internet security.
« Reply #49 on: January 13, 2011, 07:50 PM »
Saw this and had to ask...People still use anti-spam software? I haven't had more than 5 spam mails in the last 3 years (And yes, I mean that is the total received, not total missed by thunderbirds built in filters).