Gizmo's Freeware Forum

Gizmo's Freeware Forum (https://www.techsupportalert.com/freeware-forum/)
-   Security (https://www.techsupportalert.com/freeware-forum/security/)
-   -   Coexistence among Security Apps within 'Limited User' Accounts (https://www.techsupportalert.com/freeware-forum/security/9095-coexistence-among-security-apps-within-limited-user-accounts.html)

jclarkw 24. Jan 2012 04:18 AM

Coexistence among Security Apps within 'Limited User' Accounts
 
As a Newbie to your wonderfully educational site, I'm wondering about inter-compatibility and viability of various pieces of security freeware that are recommmended here, specifically within a 'Limited User' account. I'm running three Windows XP SP3 laptop computers (currently all with IE8) on a small NAT LAN, trying any tricks I can find to keep them safe, and I'm finally fed up with ZoneAlarm (now CheckPoint) products that more and more frequently have "issues" with the LUAs on my machines. (I'm currently TRYING TO run ZoneAlarm Extreme Security.)

I imagine putting together a simple (but hopefully effective) 'security suite,' probabaly comprising the following components:

The Windows XP firewall. augmented by Windows 7 Firewall Control for program control;
Microsoft Security Essentials for anti-virus/spyware;
Sandboxie for browser security; and perhaps
The free version of Emsisoft Anit-Malware 5.1 for malware removal.
I might or might not switch to Firefox as my default browser.

I would certainly be running mostly from a LUA in XP (although I would install from an Administrator account of course), and I would probably also use some sort of Software Restriction Policy (e.g., http://www.mechbgon.com/srp/index.html) and some secure DNS server (as recommended here).

I just stumbled across the statement, "But of course, using sandboxie with a modern browser + good internet habits + using a limited user account will keep you safe and happy with a good browsing experience," in a recent thread at http://www.techsupportalert.com/free...e-sandbox.html. This APPEARS to answer one of my questions below:

Are the above-mentioned apps mutually compatible?
Will they each work properly from a LUA?
Is there a database somewhere showing which security freeware have compatibility problems (or, conversely, play nicely) with which others?
Above all, I don't want my security apps complaining about permissions issues and/or malfunctioning when I'm running from a LUA!

Any advice would be most welcome! -- jclarkw

Concerned User 24. Jan 2012 09:29 AM

Your current configuration: Windows XP SP3 with Microsoft Security Essentials + Sanxboxie and the free version of Emsisoft Anti-malware seems to be fine. I would personally feel that MSE + sandboxie is more than enough since MSE's protection is fine, but each to his own:)

I've used both MSE and Sandboxie in a LUA (XP) with great success.

IE 8 is a great browser (together with sandboxie) but the alternatives like Firefox and Opera are better. However, if you are happy with IE 8, stick with it.

I also used a program called "surun" which was like a mini UAC for Windows XP. Works great and does not bloat your system. You might want to try that.

http://translate.google.com/translate?u=http%3A%2F%2Fkay-bruns.de%2Fwp%2Fsoftware%2Fsurun%2F&langpair=de|en &hl=de&safe=active&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

You could also disable autorun and autoplay for starters manually or with a utility like tweak ui (scroll to the bottom of that page to download):

http://windows.microsoft.com/en-US/w...ads/windows-xp

jclarkw 24. Jan 2012 05:10 PM

Thanks much! I've already disabled autorun and autoplay (along with NetBIOS over Tcpip and a few other things), and I'm willing to go into an Administrator account temporarily for special purposes like software installation and on-demand Microsoft Updates.

One "unfair" question, since it isn't your recommendation: Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)? I think I understand the concept, but I don't see how the instructions provided there follow conceptional outline of specifying specific (and different) save and execute directories...

Thanks again. -- jclarkw

Concerned User 25. Jan 2012 05:13 AM

Quote:

Originally Posted by jclarkw (Post 67703)
Thanks much! I've already disabled autorun and autoplay (along with NetBIOS over Tcpip and a few other things), and I'm willing to go into an Administrator account temporarily for special purposes like software installation and on-demand Microsoft Updates.

One "unfair" question, since it isn't your recommendation: Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)? I think I understand the concept, but I don't see how the instructions provided there follow conceptional outline of specifying specific (and different) save and execute directories...

Thanks again. -- jclarkw

Yes, I've used these policies in the past and they worked fine. I don't think they're needed if:

You use separate user accounts (limited users), control your downloads, visit safe sites and avoid dodgy sites, no autoruns, running an av scanner (with updated signatures) etc.

That particular policy the you referenced will allow .exe files to be executed only from the program files folder. You can fine tune it to allow .exe files from any other path also.

Terarus 25. Jan 2012 10:30 AM

Hi jclarkw

I've actually used the exact build you had in mind(with the exception of emsisoft) and I can assure you it works perfectly fine whether its deployed within a LUA and SPR environment.

In regards to SPR, sandboxie and it works fine but it may be redundant when used together. Personally, i reckon if you've bought sandboxie already, you don't really need SPR and vice versa if you intend to use SPR you don't really need to buy sandboxie either. They are both extremely good security solutions that haven't seen any real exploits in the wild.

jclarkw 25. Jan 2012 04:38 PM

Quote:

Originally Posted by Concerned User (Post 67746)
That particular policy the you referenced will allow .exe files to be executed only from the program files folder. You can fine tune it to allow .exe files from any other path also.


Thanks, Concerned User. Looking into Microsoft's guidance on SRP, I THINK I can see how to specify the execution directory or directories. What I don't immediately see is the other half of the equation -- how to prevent the Limited User from storing files other than in a specific, DIFFERENT directory or directories...

jclarkw 25. Jan 2012 04:43 PM

Quote:

Originally Posted by Terarus (Post 67783)
...i reckon if you've bought sandboxie already, you don't really need SPR and vice versa if you intend to use SPR you don't really need to buy sandboxie either...


Thanks, Terarus. If the two approaches are effectively equivalent, it appears from the Sandboxie on-line "Getting Strated" guide that SRP may be considerably less bother than Sandboxie (which I haven't bought yet -- so far only downloaded the free version). Do you agree?

If so, can you guide me to a more complete descripton of setting up the recommended SRP. As mentioned to Concerned User, I cannot immediately see how to set up both sides of the recommended policy.

jclarkw 25. Jan 2012 05:02 PM

Quote:

Originally Posted by Concerned User (Post 67689)
I also used a program called "surun" which was like a mini UAC for Windows XP. Works great and does not bloat your system. You might want to try that.



Yes, I've seen SuRun mentioned elsewhere on your site, and it sounds great. I read through the on-ReadMe file last night, however, and noticed a statement that gave me pause:

"SuRun... appends "Start as Administrator..." ...to the system menu of **every application that does not run as administrator** [emphasis mine]."

Does this imply, as it appears, that some software can be initially installed to run as admiinstrator, independently of the privileges of the users that is logged on? If so, then (going back to my original issue with ZoneAlarm Extreme Security) why didn't ZoneAlarm just set up its software to always run as administrator, even when a Limited User is logged on?

jclarkw 25. Jan 2012 05:14 PM

Quote:

Originally Posted by jclarkw (Post 67703)
Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)?



Here's another free-software security question: Looking further into the site mentioned in this quote, I see also the recommendation to "Install Microsoft's mitigation toolkit, called EMET." (I think I understand what 'DEP' means, but so far I have no idea about 'SEHOP' or 'ASLR.' I suppose that these are things that a comprehensive secuirty suite might take care of for me...) Do either of you think using EMET is worth the additional bother?

Thanks again for putting up with all my newbie questions! -- jclarkw

Remah 26. Jan 2012 02:37 AM

Quote:

Originally Posted by jclarkw (Post 67817)
Here's another free-software security question: Looking further into the site mentioned in this quote, I see also the recommendation to "Install Microsoft's mitigation toolkit, called EMET." (I think I understand what 'DEP' means, but so far I have no idea about 'SEHOP' or 'ASLR.' I suppose that these are things that a comprehensive secuirty suite might take care of for me...) Do either of you think using EMET is worth the additional bother?

Thanks again for putting up with all my newbie questions! -- jclarkw

I'd be surprised if it was worth it except for some specific older applications that are not kept up-to-date. The main problem is that if the malware has got to where it can engage with these technologies then you've got a bigger problem anyway.

DEP must be CPU-based to fully enable it so won't be much help systems with older CPUs. GRC Securable utility will tell you if your CPUs are DEP enabled.

ASLR is in Vista and 7.

Forget the rest.

This article might help:
http://www.infoworld.com/t/microsoft...ck-emet-21-831


All times are GMT +1. The time now is 10:46 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.