Please advise for security setup

[Feline]

Hello,

I'm just in the process of reinstalling my computer after a nasty trojan/virus/whatever took it out. It was a thing called 'ThinkPoint' - invaded out of the blue, no download, no nothing; I'm still shocked about it. After much hassle, I thought it better to reinstall Windows, as the system was really messed up.

I'm now looking for a new, free antivirus to install, and I'm undecided between Avira Personal, Avast 5 and the free AVG. Or maybe someone has another recommendation.

Before, my system ran with the integrated Windows Firewall and Avira as antivirus. Other than that, I had SpyBot to search for malware. I figure this wasn't enough...

I know have installed MalwareBytes and SuperAntiSpyware and I've just discovered Sandboxie for safer surfing. Now I'm looking for an appropriate Antivirus program. I'm not sure if I should stick to Avira, as the latest version 10.something doesn't seem to be as neat as the one I had (from last year or so). But then, the old one only updated every three days, not sure if that was sufficient.

I have only an old machine (from 2003), running Windows XP, SP3 on a Pentium 4 with 2 gigahertz and 1 GB of RAM, so the antivirus program should be light on ressources.

I've read Avast should be good and light, and even lighter if you don't install all the shields. Unfortunately, I'm not very savvy with computers and not sure if I'd know which I'd need and which not.

AVG is told to be a resource hog by some sources, others say it's not. Maybe those are the ones with the 4-GH-machines...

In short, what would you guys recommend, and also - should I look for a new firewall or is the Windows FW okay? I don't want to get paranoid and stuff my old comp with tons of security software, but I'd like a better protection than I had.

Thanks so much,

Feline

[kendall.a]

If you haven't already done so, please check out this link:

http://www.techsupportalert.com/best...s-software.htm

I would also suggest that you run through our security wizard:

http://dev.urltrim.com/secwiz

In terms of AVG, Avira, Avast, and MSE it is primarily an issue of taste and personal preference. All of them are pretty close in terms of protection. Personally, I prefer MSE. I find that it is pretty light on system resources. And, I've never had an issue with it updating nor have I ever had a virus with it.

You might want to also consider Panda Cloud. I'm not a huge fan of it, but others are. Right now, there is a free giveaway of a 1 year license for the Pro version found at:

Panda Cloud Pro Giveaway

Lastly, and most importantly, regardless of the AV that you choose, please, please add Sandboxie to your list of security apps.

P.S. I strongly urge to read about DNS blocking. Please review the information found in this link

Malware Blocking using DNS

[Feline]

Thanks for your reply. I have already added Sandboxie and I'm quite enthusiastic about it. I wish I had known about it beforehand. I'm also reading about Time Freeze Free, but haven't downloaded it yet. Maybe it is even redundant with Sandboxie aboard. But I still have to learn a lot about security...

And thanks for the links, I'll look into them.


p.s. As for MSE - I've always disabled Windows automatic updates as I'd just like to go for updates myself. Won't MSE, given it's from Microsoft, not start any hassles about it?

[bo.elam]

Feline, discovering Sandboxie is the best thing that could happen to you.
Take some time learning how to use it and as time goes on, it would be
like if it was always there.
Use Sandboxie with default settings when you start using it. Later,
you ll read that there are some changes that can be done to the
settings that make SBIE hardened and stronger, play with them so
you know how these changes affect your browsing.
Using a hardened Sandbox is stronger than a Sandbox with settings on
default. Programs and applications in the Sandbox are more restricted,
same applies if you have viruses in the sandbox. They can do less in a
hardened sandbox and in many cases they wont even start or run.
If you use Sandboxie, use it all the time not only part of the time. This
program is made to be used all the time and there is no reason why to
use it only on certain sites. Its easy to learn and use. Its so easy that
its almost unbelievable all the protection that you get when you browse
Sandboxed. If you use it correctly and you are careful about what/where
you download, I promise you, your computer will not be infected again.
You ask about anti virus. Honestly, when you use SBIE, it does not really
matter which one you use. If I was you, I would use the AV that I feel
comfortable with. Like you I used Avira and Avast but prefer using MSE
because, like you, I can not stand Avira 10 and with Avast, I was never
too sure about its protection. So I agree with Kendall about MSE.
By the way, I have Windows updates disable and that does not interfere
at all with MSE. I either update manually when I want to or after 24
hours MSE does the update automatically. Both ways, it has worked fine.
Keep the enthusiasm, that's 90% of anything and everything that youll
ever do, whether its Sandboxie or ...life.

Bo

[Feline]

Thanks, Bo. I guess I'll give MSE a try, right now I'm busy piecing my computer back together.

Sandboxie is great, and I'm curious to read how to 'harden' it. With the little I know, I've seen that I can create more sandboxes than one. I plan to use one for my normal everyday surfing, the contents of which I can keep for awhile; and another one for more 'reckless' surfing. I have a guilty pleasure - once in a while I enjoy watching movies online, and I guess this isn't the safest thing to do with those streamed videos. So, for such occasions, I could use another sandbox and delete its contents after usage. Or so I think...

Anyhow, now that I know such a thing exists at all I see no reason to surf without it. My only gripe is to save bookmarks beyond the sandbox, but it shouldn't be a problem to copy them to text. Bookmark files are just html, after all.

I really will look into security matters more closer now. I probably got a bit sloppy or reckless, when I'm online for about 12 years and this was my FIRST virus/trojan/whatever infection. Before that, I only got tracker cookies...

Times are a-changin'...

Feline


edit: Does it make sense to use Sandboxie for anything other than websurfing? Email comes to mind, but even though I use Outlook Express I reckon my emails are rather safe, since nothing hits OE without passing Mailwasher. My version is old, but still good - it lets me look at every mail before downloading it to the computer, and whatever looks odd gets deleted before it can arrive.

Other than surfing and emails, I see not much risk... but who knows?

[bo.elam]

Feline, reading your post makes me smile. You have a bunch of questions
about Sandboxie on your mind but I advise you to go one at a time so you
don't get confused or frustrated.
Remember use SBIE on default for now but read about how to harden
the Sandbox before you start playing with that. You can start here, its all
on the Restrictions settings.

http://www.sandboxie.com/index.php?RestrictionsSettings
Actually they are not many, so they are easy to implement and to set them
up.
I ll tell a little secret about how many sandboxes I use. I only use one,
so don't start making a sandbox for this and a sandbox for that until you
are comfortable with your default sandbox. OK.
The only time I HAVE A USE for another Sandbox is if I want to install/run a
program Sandboxed or if I want to open a file Sandboxed which is restricted
on starting and running on my default sandbox.
I am happy that you realize that there is no reason to surf without it. By the
way, you can save your bookmarks when you are surfing Sandboxed. See
here.

http://www.sandboxie.com/index.php?ApplicationsSettings

Go to the Web browser section and allow direct access to favorites or
bookmarks for firefox or IE and they will be saved when you delete the
contents of the Sandbox.
If you dont know yet how to recover files from the Sandbox to your HD,
here is how. I prefer the Quick recovery. If you use Sandboxie properly,
then recovering the wrong files is the only way you ll get infected. So, be
careful with what you download.
http://www.sandboxie.com/index.php?RecoverySettings


I also use Outlook Express. You can Sandbox it if you like but I don't.

Bo

[Matapan1969]

If you browse with Administrator rights, I would suggest the following:

- Safe DNS (Clearcloud, Norton, Comodo, OpenDns)
- Avast 5 Free (it's the lightest I have seen)
- XP firewall
- Sandboxie (following the very good suggestions from bo.elam about how to reinforce it)
- Malwarebytes and/or Hitman pro for on demand scan

If you use a Limited Account + SRP (that I strongly suggest), you could skip Sandboxie in my opinion.

[Feline]

Thanks a bunch!

Bo, I'm learning about Sandboxie. Right now, I have set the box(es) to "DropAdminRights=y" in the ini file, assuming that I surf without administrator rights then. Guess that's the next best thing to surfing with a limited account, as Matapan suggests. Unfortunately, I hate fuzzing around with two accounts, I'm the oldfashioned kind still crying after my good ole Win98SE...

One thing I'm wondering - when I habitually run CCleaner after surfing, it doesn't find any cookies etc within the sandbox. I guess that's how it should be, as CCleaner runs outside of it.

But, if I run SuperAntiSpyware outside of the sandbox, it happily finds all kinds of adware cookies that should be within the sandbox. Now I'm wondering - if SAS can reach inside the sandbox from outside, could not anything reach outside from the inside? Or is SAS supposed to treat the sandbox just like any other folder? MalwareBytes didn't find the cookies (yes, I've ran it before SAS deleted them... )

As for the two sandboxies, I think I'll keep them for now. My normal surf behaviour is pretty tame and no reason to delete the sandbox every day. But the next time I'll watch a movie or chase after the best formula 1 livestream I'll definitely feel better deleting whatever is collected asap.


Matapan, I surf with administrator rights, as I prefer to have only one account for daily usage. I'll check into Safe DNS, I already read about OpenDNS.

What is SRP?

Feline

[bo.elam]

Hi Feline, if you surf as a administrator, as I do, then its better to
apply the drop my rights settings as you are doing.
Like I told you before, I only have one Sandbox and that Sandbox is
deleted every time I close my browser. In other words, I don't see the
point of saving sandboxes like you are doing now. That might be the
reason why SAS finds cookies on your PC. On mine, SAS has not found
one, single cookie during the past two years. Not one.
I always surf sandboxed using FF, when I run CCleaner, it never finds
any FF cookies, but keep in mind that some programs use IE, so you
might see some IE cookies when you run CCleaner.
The Sandboxie folder is just like any other folder, there is nothing
special about it. Unbeliveable but that is the truth.
Dont be alarm if one day, when you are scanning your computer, your
AV detects malware in system restore. That wont mean that you are
infected or that SBIE was bypassed. That has never happened on my
PC, but it can happen and more so if you don't delete your sandbox
when you finish browsing. Keep in mind that Windows is saving the
data in your computer when SR points are created.

Happy surfing

Bo

[Feline]

Hi Bo, I guess I understand now... I thought of keeping one sandbox for 'usual' things, or rather maintaining the browser like I used to do before, keep logged on to some fora etc, just sandboxed - as opposed to a sandbox that gets deleted every time. However, if I go to deleting the sandbox after closing, there really is no need for a second one.

As for the bookmarks, I didn't get along with the help sites because the new Firefox doesn't have separate bookmarks files anymore, but bundles them with history. I've downloaded a little plugin that adds 'favorites' to FF, and those can be easily recovered - Sandboxie offers it right after setting them.

Ah well, guess it just takes a couple of days to get used to it...

Feline