Need security advice for non-networked pc

jko · 24. Nov 2010, 10:15 AM

What would you recommend as protection for a laptop running XP that is not (and never is) connected to the web/network?
It's a standalone laptop used for projecting powerpoint presentations.
The main issue is that a very limited number of users come along with a presentation on memory stick or cd.
Any advice would be appreciated.
John

eyeb · 24. Nov 2010, 03:22 PM

hm... using linux?

The problem with this is since it is "never" connected to web, it wont get any updates and cant use cloud scanning.

The best solution I can think of is using Wondershare's Time Freeze and/or "paid" sandboxie. I know the paid part isn't allowed on forums but I'm mentioning it so you know about this option... and hopefully it wont be removed lol.

Anyways with either of them, you can sandbox your laptop so things are reset once it is turned off. I'd stick with Time Freeze for a more secure isolation since it is complete system.

torres-no-tan-magnifico · 24. Nov 2010, 03:37 PM

As the only way malware can get onto your PC is via an infected memory stick or CD, I would disable Autorun which by default is enabled in XP.

Here's how:

http://antivirus.about.com/od/securi...ht/autorun.htm

If you are running XP Home please pay particular attention to point 13 in the article.

Hope this helps!

jko · 24. Nov 2010, 05:03 PM

Thanks to you both for the advice.
I'll look into what you suggest and see what would work best.

bo.elam · 25. Nov 2010, 02:07 AM

jko, I think a combination of what eyeb and torresmagnifico are recommending
is perfect for you. If I was you I would disable Autorun and run the memory stick
Sandboxed using Sandboxie. It can be done in the free version by right clicking
on the USB drive that's been used, so you really don't need the paid version in
order to run USB sticks Sandboxed. The difference with the paid version is that
on it the USB sticks would open automatically sandboxed when the drive is
"forced" to open Sandboxed.

Bo

Anupam · 25. Nov 2010, 09:00 AM

For a standalone PC, the security software required will be less, and therefore, system will run light. Thats a good thing.

A firewall is not needed.

I would suggest using a good antivirus, like Avast, or Avira. Choose older versions of Avira, 8 or 9, as the latest version 10 has problems. Avast will be good, in my opinion.
Would not suggest MSE, as it updates via Windows updates only, and I don't think it can be updated manually. Avast seems to be a good choice. Offline definitions can be downloaded from another system connected to the internet, and then Avast can be updated, whenever possible.

I would also suggest keeping MBAM and SAS for monthly on-demand scanning, or any schedule as per requirement. Their definitions should be updated via offline setup too.

Offline definitions setup for all three are regularly available on their site, or on download sites like MajorGeeks.

WinPatrol can be added to the setup. Its an excellent light weight HIPS.

Biggest threat(and only one I think) for a standalone PC are the memory sticks, or USB sticks. So, care should be taken while dealing with them.

I will suggest installing Panda USB Vaccine. It will disable the autorun on the PC, and for USB sticks. That's very important. Also, if you let it boot with Windows, it will monitor for any USB stick being inserted, and will disinfect it first.

Do not open USB sticks without scanning with the antivirus, or MBAM first.

Opening USB sticks in virtualized environment is a good idea. You can go with TimeFreeze, or Sandboxie as you feel. TimeFreeze is quite easy to use. Whenever you have to use a USB stick, just turn on TimeFreeze protection, and then check for viruses, or suspicious files first. If it seems OK, then protection can be turned off. Or, if its suspicious, you can keep using the stick with TimeFreeze. Once the work is over, just reboot your PC. No changes will be done to the system.

bo.elam · 25. Nov 2010, 02:08 PM

Quote:

Originally Posted by Anupam

I would suggest using a good antivirus, like Avast, or Avira. Choose older versions of Avira, 8 or 9, as the latest version 10 has problems. Avast will be good, in my opinion.
Would not suggest MSE, as it updates via Windows updates only, and I don't think it can be updated manually. Avast seems to be a good choice. Offline definitions can be downloaded from another system connected to the internet, and then Avast can be updated, whenever possible.

Hi Anupam, if he decides to install a AV, MSE can be an option since the
definitions can be downloaded from here and installed on the PC with
no Internet connection.
https://www.microsoft.com/security/p.../HowToMSE.aspx

I believe in the past MSE update it though Windows updates but that is
not the case now, at least not since I been using it.

Bo

Anupam · 25. Nov 2010, 02:10 PM

Thanks for that info Bo. I was not aware of that. So, besides Avast then, MSE can be a good option.

Sope · 25. Nov 2010, 02:47 PM

I wouldn't fancy having to manually update an AV, SAS, MBAM etc. on a regular basis. Seems like a lot of messing about for a PC that never gets connected to the internet .

If it was me, I'd go for something like Time Freeze (as suggested by eyeb) and just allow the PC to reset after every use.
Less labour intensive

jko · 25. Nov 2010, 06:42 PM

Wow, thanks for all the great advice.
I'll certainly investigate the options, but I'm sensing that the consensus is to run in a sandboxed environment - that way, in the unlikely event that anything does get on, it's not going to upset the critical stuff. It does seem like less hassle than trying to manually update AV signatures.
Thanks again.

24. Nov 2010, 10:15 AM	#1 (permalink)
jko Member Join Date: Feb 2010 Posts: 5	Need security advice for non-networked pc What would you recommend as protection for a laptop running XP that is not (and never is) connected to the web/network? It's a standalone laptop used for projecting powerpoint presentations. The main issue is that a very limited number of users come along with a presentation on memory stick or cd. Any advice would be appreciated. John

24. Nov 2010, 03:37 PM	#3 (permalink)
torres-no-tan-magnifico Copy Editor Join Date: Sep 2009 Posts: 622	As the only way malware can get onto your PC is via an infected memory stick or CD, I would disable Autorun which by default is enabled in XP. Here's how: http://antivirus.about.com/od/securi...ht/autorun.htm If you are running XP Home please pay particular attention to point 13 in the article. Hope this helps! __________________ Torres-no-tan-magnifico

25. Nov 2010, 09:00 AM	#6 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	For a standalone PC, the security software required will be less, and therefore, system will run light. Thats a good thing. A firewall is not needed. I would suggest using a good antivirus, like Avast, or Avira. Choose older versions of Avira, 8 or 9, as the latest version 10 has problems. Avast will be good, in my opinion. Would not suggest MSE, as it updates via Windows updates only, and I don't think it can be updated manually. Avast seems to be a good choice. Offline definitions can be downloaded from another system connected to the internet, and then Avast can be updated, whenever possible. I would also suggest keeping MBAM and SAS for monthly on-demand scanning, or any schedule as per requirement. Their definitions should be updated via offline setup too. Offline definitions setup for all three are regularly available on their site, or on download sites like MajorGeeks. WinPatrol can be added to the setup. Its an excellent light weight HIPS. Biggest threat(and only one I think) for a standalone PC are the memory sticks, or USB sticks. So, care should be taken while dealing with them. I will suggest installing Panda USB Vaccine. It will disable the autorun on the PC, and for USB sticks. That's very important. Also, if you let it boot with Windows, it will monitor for any USB stick being inserted, and will disinfect it first. Do not open USB sticks without scanning with the antivirus, or MBAM first. Opening USB sticks in virtualized environment is a good idea. You can go with TimeFreeze, or Sandboxie as you feel. TimeFreeze is quite easy to use. Whenever you have to use a USB stick, just turn on TimeFreeze protection, and then check for viruses, or suspicious files first. If it seems OK, then protection can be turned off. Or, if its suspicious, you can keep using the stick with TimeFreeze. Once the work is over, just reboot your PC. No changes will be done to the system. __________________ Anupam

25. Nov 2010, 02:10 PM	#8 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	Thanks for that info Bo. I was not aware of that. So, besides Avast then, MSE can be a good option. __________________ Anupam

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

24. Nov 2010, 03:22 PM	#2 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	hm... using linux? The problem with this is since it is "never" connected to web, it wont get any updates and cant use cloud scanning. The best solution I can think of is using Wondershare's Time Freeze and/or "paid" sandboxie. I know the paid part isn't allowed on forums but I'm mentioning it so you know about this option... and hopefully it wont be removed lol. Anyways with either of them, you can sandbox your laptop so things are reset once it is turned off. I'd stick with Time Freeze for a more secure isolation since it is complete system.

24. Nov 2010, 05:03 PM	#4 (permalink)
jko Member Join Date: Feb 2010 Posts: 5	Thanks to you both for the advice. I'll look into what you suggest and see what would work best.

25. Nov 2010, 02:07 AM	#5 (permalink)
bo.elam Senior Member Join Date: Nov 2009 Posts: 1,224	jko, I think a combination of what eyeb and torresmagnifico are recommending is perfect for you. If I was you I would disable Autorun and run the memory stick Sandboxed using Sandboxie. It can be done in the free version by right clicking on the USB drive that's been used, so you really don't need the paid version in order to run USB sticks Sandboxed. The difference with the paid version is that on it the USB sticks would open automatically sandboxed when the drive is "forced" to open Sandboxed. Bo

25. Nov 2010, 02:47 PM	#9 (permalink)
Sope Senior Member Join Date: Feb 2009 Location: Wales, UK Posts: 809	I wouldn't fancy having to manually update an AV, SAS, MBAM etc. on a regular basis. Seems like a lot of messing about for a PC that never gets connected to the internet . If it was me, I'd go for something like Time Freeze (as suggested by eyeb) and just allow the PC to reset after every use. Less labour intensive

25. Nov 2010, 06:42 PM	#10 (permalink)
jko Member Join Date: Feb 2010 Posts: 5	Wow, thanks for all the great advice. I'll certainly investigate the options, but I'm sensing that the consensus is to run in a sandboxed environment - that way, in the unlikely event that anything does get on, it's not going to upset the critical stuff. It does seem like less hassle than trying to manually update AV signatures. Thanks again.