The purpose of this page is to give you an example of a complete set of security softwares, to give
you an idea as to how to secure you.
Ok let's start, i assume that if you have reached this point, you have already read and applied
windows security tips given in the advices area.
Main security software categories for home user :
* Anti-Virus
* Anti-Trojan
* Anti-Spyware/Malware
* Firewall
* SandBox/application monitoring (HIPS)
* Process related (process protection, process to port mapping)
Additional security software categories i won't talk about :
* Data Encryption (Files, network)
* Privacy management
(there are more, but i want to focus on the main ones. I know some could say that to talk
about a minimum security to have without talking about privacy is idiot, but if you follow
the software set above, your privacy will be indirectly safe, of course you can still add privacy related softwares.)
1 - ANTI-VIRUS
Probably with the Firewall categorie one of the most controversed topic, about
which is good and which not, and why. I just recall to the reader that i give
an example, a good one, but not necessarely the best.
Their are so much viruses/worms in the wild that an AV is absolutly
needed nowadays, it's a bare minimum to have.
I have tested Kasperky, NOD32, Norton, and AVG.
If you want to check an independant AV testing website, check out
http://www.av-comparatives.org
I advise
NOD32, or
KAV 6.0
NOD32 has one of the best Heuristic module, which means that it performs very good at detecting unknown viruses,
not yet added in any AV signatures base. It is also very light on ressources.
(KIS 6.0 screenshot, same GUI than KAV 6.0)
KAV 6.0 has probably one of the best detection rate (known viruses), and Kaspersky Lab is very quick at submiting
new AV signatures when new viruses/worms are detected in the wild. Moreover, KAV 6.0 includes the
firewall leak
tester awarded 'Proactive Defense' technology (that you can choose to not install if you wish installing the AV part only).
If you want to test them, try the trial version :
NOD32 :
http://www.nod32.com/download/trial.htm
KIS & KAV 6.0 :
http://www.kaspersky.com/
2 - ANTI-TROJAN
Trojans can be more dangerous than a virus, while this one can destroy your files or
altered them, a trojan can give a full access to a remote intruder who can do what he
wants on your computer, in fact, he can do all you can do, he can find all your
private and sensitive information.
In the worst case, you computer can be turned in a "zombie", attacking target
without your knowledge (e.g. Microsoft), and only making you visible
(appear as the attacker) hiding the true one, the cracker.
I advise
EWIDO Anti-malware 4.0
Ewido 4.0 is in beta stage for now, only the previous 3.5 version is the final commercial version. However the 4.0
is a great improvement, and you should try it. The resident protection will scan the programs when they execute with
a memory scanner and via emulation, which "should" bypass nearly all runtime packers. There is still techniques from
the malware side to try fighting generic unpacking and emulation, if this subject interest you, you can read the following article :
http://scheinsicherheit.pytalhost.de/decompdelay.htm
Ewido website :
http://www.ewido.net/
3 - ANTI-SPYWARE/MALWARE
Spywares are a recent annoying kind of threat, their purpose is to advertise you,
by all the way possible (to make you go on a website, about different subjects,
to the most simple like to buy a car, to the worst like porn website, a threat
for your childs). To do that, they show you popups, redirect your surfing at
an unexpected website, hijack your softwares (mainly your browser, mail client,
instant messaging client), and write registry entries.
All of that leads often to privacy leaks (retrieve information about you
to the authors) system stress (CPU & Memory consumption), and surfing/playing
annoyances (bandwitdh consumption).
The two most well known Anti-Spyware are SpyBot and Ad-Aware.
I will talk about
"Spybot S&D 1.4".
Spybot is well known on the anti-spyware scene, and does it's job very well.
Spybot provides an-demand scanner, and a resident protection called "tea-timer".
One interesting feature is the IE "Immunization", described in the help file :
----------------------------------------
The permanent immunity works on some Internet Explorer control options that are partly visible in the Internet Explorer interface, partly hidden in the registry only. It adds domains known to contain bad contents into the Restricted Zone, thus blocking installation of executable code from those pages; it also adds block options for bad executable code by its ID, and it sets known tracking cookies to not be accepted by Internet Explorer.
To cut it short: it modifies Internet Explorer, through official ways, to block a lot of the bad stuff known to Spybot-S&D.
----------------------------------------
Download link :
http://www.safer-networking.org/en/download/index.html
4 - FIREWALL
Ouch, the hot topic.
A "firewall" is not the same thing for everyone, so hard to tell you "the best" (i can't).
A basic firewall, as it used to be, is a vanilla packet filter, which mean that it checks
rules (ip adresses, ports, protocols) and allows traffic or drop it.
Nowadays, Windows home users needs have evolved, and so, firewalls too.
Now, their are firewalls which handles websites cookies, emails spam,
websites popups, bandwitdh throttler, port to process mapper, and most include outbound
application filtering (their are other features like plugins, etc...)
Because everyone's needs is different, a "best" firewall can't be chose.
Note : on this website i'm talking about leaktests, so about outbound application
filtering. Thus, the "score board" does not show good and bad firewalls, only
good and bad outbound application filtering (a firewall is more than that,
but it's an important part ).
I will talk about firewalls like softwares able to allow/block inbound/outbound
network traffic, and have an outbound application filtering.
i advise
"Look'n'Stop 2.05".
(their are a lot more like ZoneAlarm, Outpost, etc...)
LNS uses very little ressources, what it mean that it won't slow down
your computer or your surfing.
It has the application filtering (one of the best) and the network
filtering splitted, which mean that someone behind a NAT router
(with a firewall integrated and well configured) can only use
the application filtering without to bother to deal with the
network filtering (that he can disabled).
For others without routers, LNS provides you preconfigured set
of rules to avoid you to waste time to setting it up.
Their are advanced rules to really make you invisible
to scans.
If you are concerned by web's threat management by your "firewall",
norton could be good despite of his bad application filtering and
his "ressource hogger" behaviour.
Look'n'Stop website
5 - APPLICATION MONITORING
This approach is very interesting and very effective, if you can't
fight all known and unknown threats, the most effective is to prevent
threats to load, simply.
Because basically even the most sophisticated threat is just
an executable, monitoring executables launching on his system is
a strong additional layer of security.
A real "SandBox" software (or HIPS, stands for Host Intrusion Prevention System) will write a list of trusted executables
(BlakIce for instance checks all your system executables to the setup)
and will block the launch of any other applications.
I advise
Ghost Security Suite 1.110 from Ghost Security
Also take a look at the
firewall leak
tester awarded 'Proactive Defense' technology, part of KAV6 and KIS6.
Ghost Security Suite includes two softwares in one, AppDefend & RegDefend. You can choose to
buy or install either part alone, you are not required to install the suite.
RegDefend is a kernel registry protector, it intercepts read/write access to the registry and allow/block/ask
depending of the settings. It can so prevent a malware from writing an entry in the "Run" registry key, thus
preventing it to automatically run at each startup. Registry parts to monitor are completely customisable.
AppDefend is a "sandbox" or HIPS software, it is a system monitoring software, allowing the user to watch application
activities, and to allow or block what he wants to. From AppDefend forum, below are the threats that AppDefend protects against :
Network access, Process creation, Process execution, Global Hooks (DLL injection / Keyloggers), Process/Thread suspension and context modification,
Virtual Memory modification, Remote Thread Creation, Physical Memory access, Termination of threads and processes, Rootkit installation methods.
The Proactive Defense included in KAV 6.0 or KIS 6.0 can globally do the same, except for process termination. On the other side, the Proactive Defense
can detect invisible processes, hidden from the task manager by a rootkit driver. Both products have overlaps, but also have complementary features.
By configuring both correctly, it is possible to run them concurrently, and to gain a very strong security layer.
Download links :
Ghost Security Suite :
http://www.ghostsecurity.com/index.php?page=appdefend
KAV 6.0 beta :
http://www.kaspersky.com/beta?product=176822894
6 - PROCESS RELATED
In this area, i will talk about 1 kind of software :
* process to port mapping
The "process to port mapping" means that you can trace which process is using which port,
which protocol, is connected to which IP adress, etc...
By being able to see your system connections states, you are able to detect by yourself
trojans, spywares, or worms.
Because sometimes you can allow a software to run, and then allow it to connect to
the internet to do one action, but because sometimes you are not sure if you can
totally trust it, with a process to port mapper you can see excatly what it does.
There are several process to port mapper out there, not one relying on the same
method to detect _accuratly_ processes and ports, some are slow, others innacurate.
The best i have ever seen is
"Port Explorer" 1.800 from DiamondCS.
This security software provides usefull tools to analyse processes and their
network's connections. You can choose one line and to terminate the process, or
let it alive but preventing it just to send data (but letting it to receive),
or preventing it to send and/or received data, you can spy what a process
send/received with a built in packet sniffer, you can restrict bandwitdh a process
can use (for instance block it to 5Kb/s max), and you can do many other things
like whois/lookup etc...
An intesresting feature is that Port Explorer will let you see possible
suspicious processes by highliting them in red, such processes have one or many
sockets belonging to them, but hasn't any windows displayed (like trojans
does). Of course a simple Instant messaging minimized to the systray will
be in this case, but a trojan too... it allows you to quickly see suspicious
processes.
At the end, the display is totally customizable, you can choose all colours,
and choose your language between : Dutch, English, French, German, Italian, Portuguese,
Spannish, and Sweddish.
To test it or buy it :
http://www.diamondcs.com.au/portexplorer/index.php?page=download
Other security softwares :
With such softwares installed and _properly configured_ your computer is turned on
a heavy fortress. Of course it asks time, personal investigation, and money... but these
softwares really worth it, atleast try them.
For those who want more choice, as a quick example, an other software set could be :
Kaspersky, BoClean, Spybot, Outpost, Abstrusion protector, Port Explorer, ProcessGuard,
even if there is in this list softwares that don't have all the features of those i chose.
You can try to improve even more your security by doing data encryption or by adding
specialized privacy related softwares, but i stop here because all software shown
are sufficient to provide you a strong security.
Conclusion :
If everyone was educated to the security, worms and viruses
would fall down in the dark and we would never anymore heard of them.
It has nothing to do with "IQ", but with education, you don't know that you have
to do something until you learn it from your mistakes, or from someone else.
I know, sadly, a lot of friends who never update Windows and
doesn't have any security related softwares, sometimes just an Anti-Virus outdated,
don't wonder how worms can spread around the world, it's all about education.
After many years of studying security, I have noticed that threats level has "jumped" when the Internet has became ordinary
at home, when high bandwidth connections started to be available at low prices
for everyone, when it has became a fashion.
Which wasn't important before that, all security stuff, is nowadays a must to have.
For proof, just format and install Windows, connect to the internet, and you will be
infected by a worm in 10s or less, it would have sounds unbelievable there are few years.
The internet isn't anymore a game place where you can go on gaming sites, forums, looking at
beautifull wallpapers, and listen music and enjoy with all entertainments... users have now
to understand real risks they can encounter, they have to bother with security (i say "bother"
because i know people not enthousiasm to do that) _before_ their personal entertainments.
So, keep using best guidances, install a security software suite and understand it,
keep going on security forum to be aware of lastest threats, and you will see that to
have a safe computer never hurted by malicious threats is possible, but only possible
if you want it.
