Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Rootkit Scanner and Remover
- Web Browser for Android
If this sounds like you then click here for more details
Best Free Security Diet Plan
Security programs seem to get more bloated with every release. Firewalls in particular now have so many 'features' that your system files can't even cough without triggering an alert or writing a registry entry somewhere. If, like me, you already have a well protected browser and adopt safe surfing practices, then maybe you neither want or need this level of system strangulation.
Up to and including XP, Windows users had plenty of excellent freeware firewalls to choose from, but since W7, and in particular the x64 release, most of these programs are no longer compatible.
So then, what are the options?
Well, unless you want something bursting at the seams with HIPS, behavior blockers, weather reports and a built in media player... not very many! In some ways this is good because it is forcing users to confront the possibility that Windows Firewall might be just what they're looking for! OK, so we all knew about the limitations of the XP firewall but this all changed with Vista and Windows 7. There's even a freeware program from Sphinx Software which adds another layer to this process. Windows7 and Vista Firewall Control does not 'control' the Windows Firewall as it's name suggests. It is in fact designed to work in partnership with the Windows Firewall.
This is the explanation provided by the vendor to illustrate how the two firewalls interact.
"WFP is the traffic processing engine, i.e. stores the rules and matches the traffic to the rules. Windows Firewall and Windows7FirewallControl are just authoritatively equal 'clients' of the engine, they mostly can't see each other as they act at different (but priority-equal) 'spaces'. The purposes of the both are equal - the rule management, just the usability is different. The priorities are determined by WFP only. Any blocking rule (set in any 'space') blocks immediately. Any enabling rule is just a reason to iterate through the rest of the rules."
See their FAQ and forum for a more detailed explanation.
One of the main features of Windows 7 and Vista Firewall Control is that it installs no third party drivers which Sphinx Software claim provides 'unbeatable' stability and system compatibility.
Building around this combined firewall package I'm going to suggest a few other programs which together will give a lightweight but secure alternative to some of the more bloated 'final solutions'. In terms of overall resource use you might not end up saving that much, if anything, but in terms of system usability this form of layered solution nearly always 'runs lighter' and is less inclined to cause problems.
Sticking with the network for now, let's just appreciate that most infections are net born so you must connect to somewhere in order to get one. It makes logical sense therefore to restrict these connecting options. OK, so third party firewalls do this anyway by restricting ports and the applications allowed to use them, but as a lot of malware uses standard ports, blocking them altogether is not an option.
There is though another way of attacking this problem.
You can prevent connections to a whole range of bad destinations and/or allow those to safe ones without disrupting your port and program settings at all. One way of achieving this is to use a program called PeerBlock, especially if you use P2P.*
PeerBlock acts like a database for good and bad website addresses. It comes with a choice of default options which will download and update the corresponding address lists for you. Alternatively, you can add your own lists from the many variants available online, including spyware, ads and web exploits. Some of these are 'block' lists and others 'allow' so there's plenty of scope for customization. In addition, changes to individual addresses can be made from entries in the program's log. With a couple of clicks you can choose to allow or block for 15 minutes, one hour, or permanently, so a very fine degree of tuning is possible. For example, after applying my own list choices I couldn't open the BBC News website. There was first one, and then a second address listed in my blocked log after I tried the page again. I merely set both to 'allow permanently' and the page opened fine. For individual report links on the main page which wouldn't open I chose to 'allow for 15 minutes'. Of course you won't always encounter issues like this, and mostly they are soon fixed anyway.
Although the end result of running this application is simplicity itself, setting it up does require a little thought and research. Choosing the wrong list for instance might stop you connecting to a range of sources you like, need and trust. Yes, you can always adjust this manually as detailed above, but a little research beforehand can save a lot of trouble later on. You also need to take care where you obtain your lists from. Just as some P2P up-loaders are regarded as 'safe' or 'trustworthy', then so the same applies to the authors of these lists.
This is one of the best resources. *Specifically for P2P IP filter lists see this link.
They even have a Blocklist Manager to help with the sorting, and a forum so you can check to see who's recommending which list and why.
Note this very useful reminder posted there about the dangers of online software piracy.
"Today I ran into a rather interesting keygen for a Corel application. A part from being infected with a passwordstealer, this keygen actually might work perfectly. Unfortunately I could not install Paintshop Photo Pro X3 as the installer kept complaining that it could not stop the WIA service it started a few seconds before. While you're peacefully cracking PaintShop Photo Pro X3, the keygen is collecting and sending out usernames and passwords from different applications and games (see list below). The program also disables the UAC on Vista"
The torrent was actually hosted on a well known site with plenty of folks seeding the next batch of greedy suckers.
So, now we have a highly effective firewall working alongside a third party program restricting connections to bad sites. What can we now add to this mix to strengthen our overall protection?
Naturally we need an AV, and depending on your preferences for modern or traditional, then either Panda Cloud or Avast! will fit the bill nicely. Microsoft's own Security Essentials is also receiving good reviews and is another alternative for anyone wishing to stay 'in the family'.
Next up, some form of 'alternative' detection. And here you can't get much better, free or paid, than WinPatrol which displays a mountain of system information about startup items, services and other stuff. More importantly WinPatrol advises about system changes, some of which might be malware generated, and allows you to block if necessary.
See my HIPS review article for more information and a screenshot.
Last but not least, a little program which isn't a security defense in itself but will help to safeguard your system valuables in the event that it becomes compromised. My Lockbox enables you to password protect almost any folder on your computer. The protected folder (lockbox) is hidden from all users and applications on your system, including 'Administrator' and 'System' itself. It is impossible to access the lockbox without the password not only from the local computer, but also from the net. The program even has a range of skin options.
Note: Be sure to read the install instructions in full before you start this process as it requires administrator privileges.
Alternative DNS Services
In response to visitor comments I'm also adding details here about options for using an alternative DNS service. This is also covered along with some other suggestions in my other article here.
The DNS or Domain Name System is what your computer connects to every time you request a page on the internet. By default, these requests will be routed through the servers used by your ISP but there are some alternative free services which offer better security, more configuration choices and maybe faster processing speed depending on your location and proximity to the chosen DNS server.
OpenDNS is probably the best known, although recent developments mean that you only get full malware protection with their premium paid service. The content filtering and other options though still make this a worthy choice.
Comodo is also a well known name within the security industry and they too offer a free DNS service.
Symantec also provide a free service under their Norton brand.
There are others but those above offer a wide enough choice of options. The best policy is to check out the individual features for each one and then decide which best fits your own personal needs.
None of these services require the installation of additional software and the necessary changes to your system settings can be made easily and quickly by following the instructions given on the respective websites.
More DNS resources here:
http://www.techsupportalert.com/content/how-change-dns-server.htm
http://www.techsupportalert.com/content/what-dns-servers-do.htm
http://www.techsupportalert.com/content/how-find-best-dns-server.htm
Summary:
- Your system is now unshackled from the demands of a complicated third party firewall and will undoubtedly run more easily as a result.
- The variety of lists now available for PeerBlock give you a real chance of avoiding bad destinations altogether.
- WinPatrol is a hugely popular and highly effective alternative to an all out HIPS program. The author, Bill Pytlovany frequents this site on a regular basis and is always ready to advise about and support his program.
- If your system is compromised but your important data folders are stored in My Lockbox then the contents remain secure and the situation will be much easier to recover from.
- Changing to an independent DNS service will usually offer improved security and more options than using the standard service from your internet provider.
- Article type:
Printer-friendly version
Comments
About My LockBox free app. I´ve just installed it and gave it
a new P.W. to guard a personal folder. The Password I used was
confirmed and accepted. A few minutes later I tried to access it
and "Voilá" ... My PW is NO GOOD for the job.
Now I´m stucked with a folder I can´t access. The app MyLockBox
free version doesn't allowd me to ask for apply a lost PW request... Only for the PRO version.
I already tried to uninstall the program which comes with no
Uninstall package. Even from the MS System Programs (to Uninstall any program) it keeps asking for the P.W.
I´m already considering to have a System Recovery to a previous
date without this "Cute App" named My LockBox.
Any comments will be very appreciated.
Regards,
Rui Sousa
I suggest you post your system details together with what other security programs you might have installed in their forum to obtain support.
http://fspro.net/forum/viewforum.php?f=11&sid=3a624ff83fa51ab5039e4ada32...
Do you have similar slimming down options for XPsp3? I still use Norton 2010 and it is a resource hog.
Hello raritan,
As one still using XP Pro SP3 on an ancient laptop (P-4M @ 1.8 GHz; 1 GB DDR RAM @ 133MHz; 64 MB nVidia GPU), perhaps my security scheme would be useful to share.
Real-time anti-malware: Avira AntiVir Personal, with heuristics set to High, Rootkit Detection enabled and configured to update six time per day. (I do all scans manually, on-demand.)
Firewall: Comodo.
Additional Real-time security applications: WinPatrol (Plus); Secunia PSI; SpywareBlaster (Free); Firefox 4.01 (with various ad-ons); IE 8. (I also use the Belarc Advisor to make sure that all the security updates are properly installed.)
In addition, I run on-demand scans with (one or more of) Hitman Pro, Malwarebytes' Anti-Malware and SUPERAntiSpyware for additional peace of mind. With the exception of Firefox (which I began using with 4 beta), this has been the setup for nearly three years, with zero infections.
AntiVir slows boot-time by about fifteen seconds and adds three running processes; Comodo adds two (in quiescence, there are a total of thirty-nine processes running). The only real performance hits from AntiVir are during updates and scans (which I simply allow to complete). Having tried Avast, AVG and running Norton into 2006, I have been quite pleased with AntiVir, Comodo and the other applications.
Hope this is helpful.
Regards,
AJ
It's not possible to provide this kind of advice without knowing much more detail about your machine specs and what other programs you might have running in real time.
Please post this query in our computer support forum with the details requested and I'll be able to help from there.
While no security solution is foolproof, the browser Chrome uses a sandbox approach for much of its function, so the damage is reduced or eliminated for what may get through.
I also use HOSTS from
http://winhelp2002.mvps.org/hosts.htm which is updated about every 5 weeks. Don't be put off by the URL name; it works for XP, Vista, and Windows 7. SpywareBlaster
http://www.javacoolsoftware.com/spywareblaster.html provides a convenient way to make and manage HOSTS backup copies.
Greetings MC,
Thanks for another fine article. How would you and Gizmo feel about a possible future article to discuss using the HOSTS file as an added layer of security - either through direct editing, or utilizing a HOSTS file from, say, MVPs.org or hpHosts? (Of course, I realize that this could open a HUGE can of worms...)
Two other useful features of WinPatrol: under Options, one can choose to Lock File Types, which can provide an additional security enhancement. It is also able to conveniently display the HOSTS File.
Lastly, I did not notice SpywareBlaster mentioned here or in your "Best Free Intrusion" article; do you not consider it a useful addition (especially for the less technical)? (One does need to remember to update its database, then click Enable All Protection, every couple of weeks or so.)
Cordial regards,
AJ
I'm pleased you enjoyed the article.
We already mention some Hosts related items here and always try not to have too much duplication on the site.
http://www.techsupportalert.com/content/how-block-bad-websites.htm
This is also a bad area for the majority of our users to dabble in as you do need an understanding of what you might be doing to avoid problems.
What we could really do with is someone to write a separate article explaining the Hosts file, what it is, what it does and then expanding more on the programs that are available to help manage it. Fancy taking that on for us? :)
Although I appreciate the benefits of Spywareblaster for IE and IE based browsers, it does have it's issues with Firefox as highlighted here:
http://www.wilderssecurity.com/showthread.php?t=294118&highlight=spyware...
It is for this reason, plus it's restricted nature that I haven't followed it through.
Ah, thanks; I had missed that particular discussion of the two HOSTS files (as well as HostMan), and I certainly agree that rummaging around in there could cause some major heartburn... (Perhaps I can get to organizing my notes into an overview of the HOSTS file and a how-to on working with it for the general readership (but that would have to be down the road a piece, I'm afraid...).
With respect to SpywareBlaster, I notice that the version of Firefox referenced in the discussion is 3.6 (for which integration is a known issue); however, I am using v4.01 (with several common ad-ons installed) in XP Pro SP 3 and have had no issues to date (I also run CCleaner before shutting-down Windows). A quick search on "SpywareBlaster + Firefox 4" produced this thread: http://www.geekstogo.com/forum/topic/300627-spyware-blaster-doesnt-detec... .
Thanks for the link. I am still seeing similar topics posted in other places and usually the results are the same as in, "First it wasn't working, now it is but I don't know what changed". My tech also reports some incidences from amongst his own customers to the point he has now removed it from his recommended list. I also understand that many Firefox users are still preferring to stay with the older version which is another consideration.
Spybot has similar reports too.
Personally, I believe these issues may well be caused by third party influences including other security programs and Firefox extensions but looking at the various forum posts suggests a root cause will be hard to find. For now then this is why I prefer to let this one lie, rather than have folks install something and falsely believe they are protected.
Understood, and you are welcome. I'll keep an eye on how it behaves in this rig, and report back if any issues should develop.
Thanks! - appreciated :)
Perhaps this is a lame question, but what visual style are you using in the picture of peerblock above? I like it a lot!
It was taken from a machine running XPSP3 with Windowblinds installed.
It's just a pity ClearCloud DNS will be discontinued for consumer use at Sept 1. http://forums.clearclouddns.com/messageview.aspx?catid=274&threadid=7955...
Thanks, I am aware of this but as I have it listed in several articles I was waiting until nearer the time before editing it out. Experience (as per PC Tools firewall) has shown that sometimes these decisions are reversed depending on the feedback received. In this case though, with GFI seemingly taking a Symantec view of freeware, I guess this one is most likely to disappear.
Stimulating article. I see you've now added ClearCloud to the alternative DNS services you recommend.
Clear Cloud is my choice too - it's reassuring to know that many of the malware sites are blocked automatically. I find I occasionally have to disable ClearCloud in order to visit certain safe sites. In which case I need to remember to re-enable it afterwards. Forgetting to do this might be a concern if I were relying on ClearCloud as an essential part of my security set up. But I guess that's not the case for most users.
I think the problem for most users would be how to make this judgement?
ClearCloud are extremely fast (often only hours) to respond to false detections. They are similarly quick to find the bad sites. Because this type of malware infection is so fluid, the website you've used safely for years and was clean yesterday might not be today.
IMO if you choose a method of protection then you should be guided by what it tells you. Disabling any security protection for average users is not a good idea. My advice would be to report the site as a false positive and then return to it next day. If not being able to enter it immediately really is life threatening then using something like Sandboxie or BufferZone with Windows is essential, as are the usual precautions of not saving anything outside of the protected area. Alternatively, a quick reboot with a live Linux CD is another way around for anyone so inclined, again so long as nothing is saved and transferred to your Windows system.
I would also suggest one fast item that involves just changing DNS settings to use OpenDNS, which tends to eliminate the ability to go to a lot of malicious sites.
I think that this article is really very valuable and offers a perspective on effective securing of a PC that is rarely seen among internet security advise. It's too bad however, that it is so hidden on this site (I only recently came across it). While I keep up in a general sense on security software I had never heard of the sphinx firewall control or lockbox. Peerblock on the other hand I had previously found and have enjoyed greatly. Honestly, if a person is a relatively safe web surfer there is little need for any more than what is presented here. I will definitely check back to this article for updates in the future, thanks so much to the writer.
Thanks Frankie, I'm pleased you found it useful. The general trend these days is to add more rather than less to a security setup, so not everyone will agree with my reasoning here.
Since writing this, there has been a new release of ZoneAlarm Free firewall which might also qualify for consideration. I've been running it myself without any problems except for MSE updates which is a known issue. Otherwise, it truly installs out of the box and without the bloated features of some of the other choices doesn't require much input afterward either.
Well unfortunately I used ZoneAlarm back when it was the firewall to have, and error after error running common programs along with painful difficulties uninstalling ZA have left me reluctant to give it another try. Thanks for the advise, and I have seen good reviews for the new ZA elsewhere, but unless it absolutely blows Comodo, or a properly configured Windows Firewall out of the water in resource usage or performance I don't think it's for me.
And I second the above comment about using a secure DNS being one of the lightest additions possible, although I'm not sure why Open DNS would be so superior to DNS Advantage or Google Public.
I cover the use of independent DNS services here..
http://www.techsupportalert.com/content/safe-computing-under-hour.htm
.. but you're right that this should be included here too. I'm currently favoring the Norton alternative but any of them will probably be safer than the one provided by your ISP, although not necessarily any quicker, depending on your geographical location.
ZoneAlarm cannot be compared to Comodo because it doesn't have the same feature set. A "properly configured" Windows firewall will always do the job, but is beyond what a lot of folks will either want to, or are able to achieve. IMO the new version of ZoneAlarm offers a level of simplicity that will appeal to many. Sunbelt too achieves this but was never upgraded to support Windows 7.
Thanks for the comments - I'll add the DNS services to this article too as soon as I have a free moment :)
Odd that the free firewalls from PCTools (now owned by Symantec) and Comodo weren't listed. Both have been fairly light on my systems and give fairly good protection.
The idea behind the article was to suggest an alternative setup for people wanting to get away from exactly this type of firewall, especially those with little system knowledge for whom such an application is not suitable.
Nice diet plan! I didn't know much about the blacklisting/whitelisting apps like PeerBlock.
Is PeerBlock recommendable as a supplement to a fatty security plan!?
How does PeerBlock compare to PeerGaurdian 2? Found here: http://www.techsupportalert.com/content/probably-best-free-security-list...
By the way, maybe the products that are new-ish to the site (PeerBlock, My LockBox) could be also made into separate Hot Find or Daily Tech Treat articles.
Somebody who knows better might be able to add to this (or correct it) but I believe PeerBlock was derived from the original PeerGuardian. There's also a similar program called Protowall but I'm not sure how affective this is because I've not had a chance to check it out yet.
http://blocklistpro.com/download-center/protowall/
I did see a comment on the blocklist forum that Protowall was built to use less resources that PeerBlock before PeerBlock itself was "adjusted" to use less. From that I assume that earlier versions of PeerBlock were pretty heavy on the system. I've yet to install Kiwi monitor on this system but when I do I'll hook up PeerBlock and then post a weeks average resource use figures for it.
PC security is all about options and compromise and my article here is just another angle which folks might want to try. Certainly you could use PeerBlock to compliment any setup but using too many lists with it is bound to slow your surfing down. I'm using three of the defaults plus ten other lists though and not noticing anything bad.
Thanks for the reply, but now I just have more and more questions!
Is PeerBlock just a fancy GUI for something like a Host File blacklist, with extra features (like a whitelist)?
Do you have any views on the advantages/disadvantages between PeerBlock and, say, Host file malware/ad blocking?
For example, I'm just now trying out a list made for a Host file but compatible with Firefox Adblock Plus (and probably Chrome Adblock):
http://hostsfile.mine.nu/downloads/
Adblock Plus also has a malware domains blocker on its site as well. The same problem occurs with too many of these kinds of lists in that they might slow down browsing and make it difficult to discover/troubleshoot what is blocking some site you want to get to.
Just to show evidence that I tried to figure it out myself(!):
http://en.wikipedia.org/wiki/IP_blocking
I suppose PeerBlock is more general than something like a Firefox addon and protects more software.
Two contrasting comments on Host file/IP blocking:
http://www.portablefreeware.com/index.php?id=1559#comments
I think what sets this one apart is the configuration options. There are so many different lists to choose from across a wide range of categories. Also, the lists can be edited and/or you can even write your own. Two clicks from the tray icon gets you to somewhere blocked (if you trust it)either temporarily or permanently so the program is easy to use too. According to my own GUI I'm currently blocking 827094866 IP's. Will this help to keep me safer? Truth is who can tell but it's certainly a complimentary layer worth considering.
I did actually hook up PeerBlock to Kiwi a while ago and it's currently using 23MB so it's not exactly a "light" addition to your armoury.
Post new comment