Need help with security programs

[eyeb]

Hi, been reading here for a while and seeing there's a lot of options I'm confused on what to use lol sorry if this isnt in right place, couldn't find another section to ask questions.

Please make suggestions to my setup, if suggesting new things, try to keep it free editions :S can't afford the pro version right now.

What I got is:
-Windows XP
-Avira free
-OpenDNS (primary) and clearclouddns (secondary) [no idea why I don't use the same for both... thought if one missed something the other would catch it i guess lol, don't know why it needs two dns though]
-Sandboxed Firefox (using this setup http://www.portablefreeware.com/foru...hp?f=10&t=6426)
-Sygate firewall
-ProcessHacker - like it more than taskmanager plus it tells me if a driver is being loaded

Things I've tried but didn't like much
-Threatfire - but I'm not sure if it's needed with Avira and I didn't really feel any safer with it since I didn't know what it was doing lol
-Privatefirewall - preferred the outdated Sygate firewall because I couldnt figure out how to make "rules" with Privatefirewall like I could in sygate. Also couldn't figure out how to remove programs from its list either lol
-Defensewall - another HIPS and same reason as why I didn't like Threatfire

I known I don't have anti-spyware/malware scaners... but I just don't feel like I need them. I'm pretty good about what I download and things...

edit: also could you put explainations with your suggestions lol so I can follow your logic in why your suggesting it, thanks

[MidnightCowboy]

Excellent choices. I know we all have different likes and opinions but if I was still with XP then Sygate would be on it for sure

The only real query I have is with your DNS choice. Considering your primary address is likely to be used nearly all the time then effectively you are only using OpenDNS. This is OK if you have a need to filter results for content but not so hot if you're looking for protection against malicious sites as OpenDNS only include this in their premium service (apart from phishing & botnets). For security considerations I would consider using ClearCloud full stop.

Agreed you don't need any additional active anti-spyware scanners, especially with a sandboxed browser, but for the space they take up Malwarebytes and HitmanPro are always worth their presence.

Agreed too about the complexities of managing a full out HIPS. WinPatrol doesn't suffer from these issues though, being more light weight, but it will still warn you about changes to system settings which are often targeted by malware.

[Av_Crazy]

^^ :thumbs up:

[Ritho]

Quote:

What I got is:
-Sandboxed Firefox (using this setup http://www.portablefreeware.com/foru...hp?f=10&t=6426)

I had not seen Jante PE before. Only in alpha stage but is very interesting sounding utility. Similar to ThinApp in concept at first look. I shall have to play with it some.

[26Dolphins]

Hi,

Quote:

Originally Posted by MidnightCowboy

...
but if I was still with XP then Sygate would be on it for sure
...

You always manage to get my attention.
Why would Sygate Personal Firewall be on your Win XP system for sure?
In what way is it more suitable for specifally a Win XP system over other firewalls, actively developed and supported?

[MidnightCowboy]

Quote:

Originally Posted by 26Dolphins

Hi,


You always manage to get my attention.
Why would Sygate Personal Firewall be on your Win XP system for sure?
In what way is it more suitable for specifally a Win XP system over other firewalls, actively developed and supported?

I just liked working with it. It won't be much good when IPV6 takes over the world but we're not there yet It's easy to set up and understand plus it has good logs which are vital to assess if you need to add custom rule settings. I also liked the feature which monitors DLL changes and allows to accept or not. Nothing like a HIPS of course but a useful tool and a great alternative for those not wanting a "do it all" firewall.

R.I.P.

[eyeb]

MidnightCowboy, Thanks for putting me at ease with using Sygate lol. This was one of the things I wasn't sure about because it IS outdated.
I didn't know it wasnt good with IPv6 but I don't have it installed so this isn't an issue I suppose lol.

About it not having HIPS, it never bothered me because I thought the HIPS in Avira would cover for it. Or another HIPS program anyways if I needed it.
I'll look into Winpatrol though.

@Ritho, JauntePE is a nice way to sandbox programs. It works in a similar fashion as sandboxie in that it adds a line at the start of the program which redirects it to sandbox (can't say anymore on this, someone explained it to me but it was complicated). Unfortunately JauntePE is supported only for XP because the creator dropped this project when Vista came out. I hear people managed to get it to work to some extent on Vista but I can't testify to it. If you want more info + download here is a link http://sites.google.com/site/jauntepe/Home

edit: for the time being I think I'll stick with OpenDNS however. I like their logging feature. Plus I use it on at home with multiple computers so I can keep all the settings together. Sad about it not offering much protection if not using the premium service though. I'd switch to clearcloud if it could be customized but I havent found out if it is possible.

[MidnightCowboy]

ClearCloud offers no filtering options by content but this is not their intention. With OpenDNS already providing this function it wouldn't make much sense for ClearCloud to jump in with just more of the same.

Here are a few snippets from their FAQ:

ClearCloud is a service that provides safe and reliable web browsing by preventing you from going to websites that are known to perform malicious activity. It’s like having a GPS in your car that won’t let you turn down a street with known criminal activity.

Does ClearCloud make my web browsing safer?

Absolutely! ClearCloud prevents you from going to hundreds of thousands of known bad websites. These sites are detected and updated continuously, often within hours of them going live.

------------------

I know there have been requests to add an "opt out" facility to the service but to me this makes no sense at all. Having chosen something to protect you surely it makes sense to trust it. It would be a bit like taking your seat belt off every time you hit a straight bit of road because only roads with bends are dangerous. If on the other hand you wish to make your own choices about which websites to enter then having a DNS service at all is pointless.

To provide some balance here is a good resume of the other services available:

http://doug.mehus.info/post/31509243...etting-crowded

[bo.elam]

Quote:

Originally Posted by -.-

About it not having HIPS, it never bothered me because I thought the HIPS in Avira would cover for it.
@Ritho, JauntePE is a nice way to sandbox programs. It works in a similar fashion as sandboxie in that it adds a line at the start of the program which redirects it to sandbox (can't say anymore on this, someone explained it to me but it was complicated). Unfortunately JauntePE is supported only for XP because the creator dropped this project when Vista came out.

Can you tell me why you prefer to use Jaunte instead of Sandboxie?
Safety wise Sandboxie is as perfect as it can be and it works very
well with Firefox so I can not see why to use something like Jaunte
instead.
As far as I understand Jaunte is not developed anymore, not even
for XP and I can testify of the amount of changes that need to be
done on Sandboxie in order for it to still work well when changes are
made to Firefox and other applications, so if Jaunte is not developed
presently I can not see it keeping up with the changes that are
made every day to applications that we all use.
Please tell me what I am missing and why I should try it out.
By the way Avira free or paid does not have HIPS, the paid version
has some behavior protection but is not a blocker and it don't work
too well.


Bo

[eyeb]

@MidnightCowboy, I understand why clearcloud doesn't allow filter/opt out. Its just I don't like it. Like with GPS example, it can tell me it is bad to drive there but I still want choice to. If Clearcloud had something like google's unsafe thing where it blocked page but gave link to allow us to go if we wanted to I'd be happy. All I want to know is that it is unsafe so I can be more aware of the site and be more careful. But I kind of want to control what I can do online and not be forced into what I do instead.

@bo.elam, from what I can tell JauntePE works near flawlessly on XP (I havent found it to not be able to do what I want it to but cant say it is 100% flawless lol). I prefer Jaunte because I don't want an additional process running for the sandboxing. It's worked fine for the new versions of firefox and internet explorer and all other programs I've used it on. Keep in mind that while Jaunte isnt being developed, XP isn't either... So if it worked then, it still works now. Nothing in XP has really changed to make Jaunte not able to work.

I use jaunte to sandbox browser in case I misclick and install something... Anything that is downloaded will be sandboxed and I wont know it and it'll get deleted when I close browser. The only things that aren't sandboxed is to the folder I set it to not sandbox. So if it is downloaded and it doesnt launch by itself then it won't be sandboxed but since it isnt launched then it doesnt do anything. It will however sandbox child processes from the browser so even if file is located in unsandboxed folder, if it was launched from browser then I'm still safe.

Disadvantages to Jaunte is that it isn't as complete of an isolation as sandboxie. It doesn't have the disallow internet connection/drop rights/etc. But I can launch jaunte through dropmyrights.exe to get the same effect. I also have a firewall which asks me if I want to allow internet access so I don't need sandboxie to do it for me. It also doesn't sandbox processes that I manually launch but I know better than to go around launching things I dont know.

basically, Jaunte is a launcher that is capable of sandboxing programs and their child processes but when not opened by the launcher the files are no different than other files. It's advantage is it requires no additional processes to run and works well with dropmyrights.exe. Between Sygate/ProcessHacker I can tell if something is launched and if so I know its already sandboxed and I can terminate it and delete sandbox.

If you'd like I could upload my firefox folder with the jaunte setup and you could play with it. However it won't work on windows other than xp so you'd need XP. I don't know how well it works with XP mode on windows 7, I only have XP...

edit: didn't know that behavior thing on Avira WASNT HIPS... thought they worked the same way except Avira doesn't ask if I want to allow something to run if nothing is detected. Guess I didn't like HIPS asking me if I want to open notepad.exe and such because I already know it's safe.

For the secondary scanner, I might get Hitman but I'm not sure I like the idea of it only scanning. I might use Cloud antivirus for an on demand scanner in the future. I felt like I didn't need a secondary scanner because virustotal has a firefox plugin that scans downloads plus I use their uploader on files I find suspicious. And I kind of trust virustotal a bit more because I feel like if something does get on my system then it's also possible to avoid detection from other scaners as well.