Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Debating Chamber > Security

Reply
 
Thread Tools Display Modes
Old 24. Jan 2012, 04:18 AM   #1 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default Coexistence among Security Apps within 'Limited User' Accounts

As a Newbie to your wonderfully educational site, I'm wondering about inter-compatibility and viability of various pieces of security freeware that are recommmended here, specifically within a 'Limited User' account. I'm running three Windows XP SP3 laptop computers (currently all with IE8) on a small NAT LAN, trying any tricks I can find to keep them safe, and I'm finally fed up with ZoneAlarm (now CheckPoint) products that more and more frequently have "issues" with the LUAs on my machines. (I'm currently TRYING TO run ZoneAlarm Extreme Security.)

I imagine putting together a simple (but hopefully effective) 'security suite,' probabaly comprising the following components:

The Windows XP firewall. augmented by Windows 7 Firewall Control for program control;
Microsoft Security Essentials for anti-virus/spyware;
Sandboxie for browser security; and perhaps
The free version of Emsisoft Anit-Malware 5.1 for malware removal.
I might or might not switch to Firefox as my default browser.

I would certainly be running mostly from a LUA in XP (although I would install from an Administrator account of course), and I would probably also use some sort of Software Restriction Policy (e.g., http://www.mechbgon.com/srp/index.html) and some secure DNS server (as recommended here).

I just stumbled across the statement, "But of course, using sandboxie with a modern browser + good internet habits + using a limited user account will keep you safe and happy with a good browsing experience," in a recent thread at http://www.techsupportalert.com/free...e-sandbox.html. This APPEARS to answer one of my questions below:

Are the above-mentioned apps mutually compatible?
Will they each work properly from a LUA?
Is there a database somewhere showing which security freeware have compatibility problems (or, conversely, play nicely) with which others?
Above all, I don't want my security apps complaining about permissions issues and/or malfunctioning when I'm running from a LUA!

Any advice would be most welcome! -- jclarkw
jclarkw is offline   Reply With Quote
Old 24. Jan 2012, 09:29 AM   #2 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default

Your current configuration: Windows XP SP3 with Microsoft Security Essentials + Sanxboxie and the free version of Emsisoft Anti-malware seems to be fine. I would personally feel that MSE + sandboxie is more than enough since MSE's protection is fine, but each to his own

I've used both MSE and Sandboxie in a LUA (XP) with great success.

IE 8 is a great browser (together with sandboxie) but the alternatives like Firefox and Opera are better. However, if you are happy with IE 8, stick with it.

I also used a program called "surun" which was like a mini UAC for Windows XP. Works great and does not bloat your system. You might want to try that.

http://translate.google.com/translate?u=http%3A%2F%2Fkay-bruns.de%2Fwp%2Fsoftware%2Fsurun%2F&langpair=de|en &hl=de&safe=active&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

You could also disable autorun and autoplay for starters manually or with a utility like tweak ui (scroll to the bottom of that page to download):

http://windows.microsoft.com/en-US/w...ads/windows-xp
Concerned User is offline   Reply With Quote
Old 24. Jan 2012, 05:10 PM   #3 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default

Thanks much! I've already disabled autorun and autoplay (along with NetBIOS over Tcpip and a few other things), and I'm willing to go into an Administrator account temporarily for special purposes like software installation and on-demand Microsoft Updates.

One "unfair" question, since it isn't your recommendation: Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)? I think I understand the concept, but I don't see how the instructions provided there follow conceptional outline of specifying specific (and different) save and execute directories...

Thanks again. -- jclarkw
jclarkw is offline   Reply With Quote
Old 25. Jan 2012, 05:13 AM   #4 (permalink)
Senior Member
 
Concerned User's Avatar
 
Join Date: Apr 2010
Location: இந்தியா, सिन्धु, India
Posts: 486
Default

Quote:
Originally Posted by jclarkw View Post
Thanks much! I've already disabled autorun and autoplay (along with NetBIOS over Tcpip and a few other things), and I'm willing to go into an Administrator account temporarily for special purposes like software installation and on-demand Microsoft Updates.

One "unfair" question, since it isn't your recommendation: Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)? I think I understand the concept, but I don't see how the instructions provided there follow conceptional outline of specifying specific (and different) save and execute directories...

Thanks again. -- jclarkw
Yes, I've used these policies in the past and they worked fine. I don't think they're needed if:

You use separate user accounts (limited users), control your downloads, visit safe sites and avoid dodgy sites, no autoruns, running an av scanner (with updated signatures) etc.

That particular policy the you referenced will allow .exe files to be executed only from the program files folder. You can fine tune it to allow .exe files from any other path also.
Concerned User is offline   Reply With Quote
Old 25. Jan 2012, 10:30 AM   #5 (permalink)
Senior Member
 
Join Date: May 2009
Posts: 158
Default

Hi jclarkw

I've actually used the exact build you had in mind(with the exception of emsisoft) and I can assure you it works perfectly fine whether its deployed within a LUA and SPR environment.

In regards to SPR, sandboxie and it works fine but it may be redundant when used together. Personally, i reckon if you've bought sandboxie already, you don't really need SPR and vice versa if you intend to use SPR you don't really need to buy sandboxie either. They are both extremely good security solutions that haven't seen any real exploits in the wild.
Terarus is offline   Reply With Quote
Old 25. Jan 2012, 04:38 PM   #6 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default

Quote:
Originally Posted by Concerned User View Post
That particular policy the you referenced will allow .exe files to be executed only from the program files folder. You can fine tune it to allow .exe files from any other path also.

Thanks, Concerned User. Looking into Microsoft's guidance on SRP, I THINK I can see how to specify the execution directory or directories. What I don't immediately see is the other half of the equation -- how to prevent the Limited User from storing files other than in a specific, DIFFERENT directory or directories...

Last edited by jclarkw; 25. Jan 2012 at 05:03 PM. Reason: Fixed Typo
jclarkw is offline   Reply With Quote
Old 25. Jan 2012, 04:43 PM   #7 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default

Quote:
Originally Posted by Terarus View Post
...i reckon if you've bought sandboxie already, you don't really need SPR and vice versa if you intend to use SPR you don't really need to buy sandboxie either...

Thanks, Terarus. If the two approaches are effectively equivalent, it appears from the Sandboxie on-line "Getting Strated" guide that SRP may be considerably less bother than Sandboxie (which I haven't bought yet -- so far only downloaded the free version). Do you agree?

If so, can you guide me to a more complete descripton of setting up the recommended SRP. As mentioned to Concerned User, I cannot immediately see how to set up both sides of the recommended policy.
jclarkw is offline   Reply With Quote
Old 25. Jan 2012, 05:02 PM   #8 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default

Quote:
Originally Posted by Concerned User View Post
I also used a program called "surun" which was like a mini UAC for Windows XP. Works great and does not bloat your system. You might want to try that.


Yes, I've seen SuRun mentioned elsewhere on your site, and it sounds great. I read through the on-ReadMe file last night, however, and noticed a statement that gave me pause:

"SuRun... appends "Start as Administrator..." ...to the system menu of **every application that does not run as administrator** [emphasis mine]."

Does this imply, as it appears, that some software can be initially installed to run as admiinstrator, independently of the privileges of the users that is logged on? If so, then (going back to my original issue with ZoneAlarm Extreme Security) why didn't ZoneAlarm just set up its software to always run as administrator, even when a Limited User is logged on?

Last edited by jclarkw; 25. Jan 2012 at 05:05 PM. Reason: Fix Typo
jclarkw is offline   Reply With Quote
Old 25. Jan 2012, 05:14 PM   #9 (permalink)
Member
 
Join Date: Jan 2012
Posts: 20
Default

Quote:
Originally Posted by jclarkw View Post
Are you famiiliar the advice given at http://www.mechbgon.com/srp/index.html (referenced above)?


Here's another free-software security question: Looking further into the site mentioned in this quote, I see also the recommendation to "Install Microsoft's mitigation toolkit, called EMET." (I think I understand what 'DEP' means, but so far I have no idea about 'SEHOP' or 'ASLR.' I suppose that these are things that a comprehensive secuirty suite might take care of for me...) Do either of you think using EMET is worth the additional bother?

Thanks again for putting up with all my newbie questions! -- jclarkw
jclarkw is offline   Reply With Quote
Old 26. Jan 2012, 02:37 AM   #10 (permalink)
Senior Member
 
Join Date: Jul 2010
Location: New Zealand
Posts: 1,741
Default

Quote:
Originally Posted by jclarkw View Post
Here's another free-software security question: Looking further into the site mentioned in this quote, I see also the recommendation to "Install Microsoft's mitigation toolkit, called EMET." (I think I understand what 'DEP' means, but so far I have no idea about 'SEHOP' or 'ASLR.' I suppose that these are things that a comprehensive secuirty suite might take care of for me...) Do either of you think using EMET is worth the additional bother?

Thanks again for putting up with all my newbie questions! -- jclarkw
I'd be surprised if it was worth it except for some specific older applications that are not kept up-to-date. The main problem is that if the malware has got to where it can engage with these technologies then you've got a bigger problem anyway.

DEP must be CPU-based to fully enable it so won't be much help systems with older CPUs. GRC Securable utility will tell you if your CPUs are DEP enabled.

ASLR is in Vista and 7.

Forget the rest.

This article might help:
http://www.infoworld.com/t/microsoft...ck-emet-21-831
__________________
Better to light a candle ... than to curse the darkness.
Remah is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 01:09 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.