Server Help :: View topic - Security Software

Server Help

Trash Talk - Security Software

Cerium - Mon Sep 25, 2006 11:14 pm
Post subject: Security Software

Im setting up a computer for one of my very computer-illiterate friends to use. Since this machine will be on my network with internet access, I need to secure the hell out of this machine. I need some decent antivirus and firewall software that works well but is also something I can show him how to use with relative ease.

Any and all suggestions would be appreciated; except those from blah-er, quanchi or the 3rd dummy I don't like.

Thanks
-C

Confess - Tue Sep 26, 2006 12:47 am
Post subject:

Spybot Search and Destroy is really nice for a Spyware remover/preventer.

D1st0rt - Tue Sep 26, 2006 1:11 am
Post subject:

Here's how I roll:

AdAware (Adware)
avast! (Antivirus)
Spybot (Spyware)
ZoneAlarm (Software Firewall)

If you're willing to shell out $50 bucks the ZoneAlarm Security Suite looks solid, and I would definitely trust a bunch of Israelis over donut eating corporate America when it comes to protection.

Muskrat - Tue Sep 26, 2006 1:12 am
Post subject:

My formula for quick free AV is AVG + ZoneAlarm Firewall. They are both pretty straightforward and effective.

If they are really stupid baby-proof their browser and email...

D1st0rt - Tue Sep 26, 2006 1:17 am
Post subject:

I used to use AVG until it bugged me every day about how I "might not be using this software legally, GET LEGAL" because it wasn't supposed to be used on commercial machines.

Muskrat - Tue Sep 26, 2006 1:53 am
Post subject:

Why would you use AVG on a commercial machine?

Mine GO BOOM - Tue Sep 26, 2006 3:08 am
Post subject:

So, this is for someone stupid? Or at least, a normal user.

Antivirus - Nod32 is my most recommended user antivirus application. It works great, and the only other recommendation I'd give is Norton Corp Edition (NOT the normal one sold in stores!). I have a copy of that because PSU gave it away free, not sure the normal way people can buy it. But Nod32 is wonderful for normal users and not too expensive.

I personally use ClamWin because of the fact that it doesn't try to do anything on your computer, ever, until you ask it to. No residual scanner (I've never needed one), no prompts ever, and when it updates overnight, there is a normal attention bubble that appears in the system bar for a couple of seconds and disappears. So why have it? Every so often, I'll scan a file or two. Just right-click and Scan With ClamWin.
Spyware - Windows Defender can do everything you need now. Spybot, Adaware, etc are now second place to Microsoft's solution. And for a normal user, they only need Windows Defender and nothing else. If they happen to get loaded with shit, whoever will fix their computer can run other software when needed. Bonus is that it updates along side the system, so for forgetful users the updates come to them even if they don't want it.

I use nothing for spyware. Don't even bother running anything for it anymore. Sure, maybe once every three months I'll run Spybot and the others, but being a smart user has resulted in 0 spyware and 0 viruses on my system, even when other idiots use my computer. The key to that? VMware loaded up and set to full screen, they don't even notice it is a guest OS.
Firewall - Default Windows Firewall. Why? Personal firewalls are pointless. I used to run Tiny Firewall (a better version is Kerio v2, not the newer ones) but then it didn't really do much. Sure, there was a couple of applications I don't want sending anything else out, so I block it on my hardware firewall, m0n0wall. For normal users? They sure as hell don't read what they click on, so any personal firewall is useless and only gets in the way. I've had to recently fix someones computer because it had three firewalls all trying to do things at once, and somehow one got set to super-secure mode which blocked all TCP traffic. That was fun to try and fix.

Why only Windows's default firewall? It blocks most incoming ports by default, which is pretty much all a firewall needs to do. If you have software sending data out, a personal firewall is useless because your system is already compromised. Nothing is stopping that virus from disabling your firewall or just bypassing it completely. And most software that needs opened incoming ports already work nicely with Windows's firewall, such as all the IM applications. This firewall will stay invisible and pretty much out of the user's way. Anything more, and the user won't read the constant popups saying how many port scans it has blocked, or whatever.

Bak - Tue Sep 26, 2006 5:17 am
Post subject:

if they're already computer illiterate just show them linux.

Cerium - Tue Sep 26, 2006 12:16 pm
Post subject:

Thanks for the info.

Yes, this is for someone whos completely computer retarded (think "blah-er" minus the buzzwords). Most of what he'll be using it for is browsing and email, but on occasion we will play some games on it like Rise of Legends or other such windows-only games.

So far, I've set him up with XP Pro, Windows Defender and a user-only account. I've also setup remote desktop so I can just install software/updates remotely.
Haven't decided on any AV yet, but I'd like to stay as close to free and legal as possible.

The only major task left is sifting through microsoft's policy nonsense to prevent him from doing something stupid -- like installing anything.

K' - Tue Sep 26, 2006 12:24 pm
Post subject:

PROCESS GUARD!
You don't want that mofo's comp operating without process guard.

Also, Murphy, why isn't zonealarm security suit (firewall/antivirii/antispyware) good?

Solo Ace - Tue Sep 26, 2006 2:36 pm
Post subject:

Cuz ZoneAlarm posts DNS requests to a main server, and they sell the queries! (According to Ek).

Mine GO BOOM - Tue Sep 26, 2006 3:32 pm
Post subject:

K' wrote:

Also, Murphy, why isn't zonealarm security suit (firewall/antivirii/antispyware) good?

I don't know about their spyware/antivirus software, but their firewall is complete shit. It is flashy, pops ups a ton, and blocks things a firewall really shouldn't be needing to touch. It, by default, will filter your HTTP traffic. It gives tons of false positives on the applications it attempts to blocks.

But because it throws up so many windows constantly saying how useful it is, people thing it is useful. For any normal user, Windows's firewall is just as strong and less harmful. I recently had to fix someone's computer who's zonealarm decided that it must protect the user, and block 95% of all traffic. Why it left the rest, who knows, but it sure as hell wasn't anything the user actually wanted. Uninstalling, even by instructions from their site, didn't work. Had to use an install disk to reset Windows back to default, and even then it attempted to bring itself back to life but failed because most of its files were deleted.

I'd recommend you read this for more detailed information.

D1st0rt - Tue Sep 26, 2006 3:49 pm
Post subject:

Muskrat wrote:

Why would you use AVG on a commercial machine?

I wasn't, which was why I was so annoyed at the notices.

Doc Flabby - Tue Sep 26, 2006 3:59 pm
Post subject:

My setup - runs like a dream

anti-vir http://www.free-av.com/ - free anti virus software. I like this one because it doesnt slow down my computer and its german, probabbaly the best free av out their.

windows firewall - its acctually really powerful and is included in windows 2000, not many people realise its full power or thats its in windows 2000 http://homepages.wmich.edu/~mchugha/w2kfirewall.htm

anti-spyware - spybot http://www.spybot.info/. The best feature of spybot is not its excellent spyware remove but its "immunize" function this is a must if u insist on using IE.

firefox - because ie has an unpatched root vunrability that was discovered 2 weeks ago. firefox patches these things next day or sooner

opera - use if when accessing "dodgy" sites as you can disable javascript very easily in it. also very few people try to attack it. its popup blocking is excellent too.

peerguardien2 http://phoenixlabs.org/ - protect yourself against getting sued. only use this while torrenting as it blocks some ips that subspace servers are on. Its very easy to enable and disable so this isnt a problem.

Mine GO BOOM - Tue Sep 26, 2006 4:51 pm
Post subject:

Doc Flabby wrote:

opera - use if when accessing "dodgy" sites as you can disable javascript very easily in it. also very few people try to attack it. its popup blocking is excellent too.

Give NoScript Extension a try. Whitelisting sites for javascript.

Doc Flabby wrote:

peerguardien2 http://phoenixlabs.org/ - protect yourself against getting sued. only use this while torrenting as it blocks some ips that subspace servers are on. Its very easy to enable and disable so this isnt a problem.

This has proven to be true, oh, absolutely never? You know how they find IPs to target? They connect to the tracker, request a listing of peers, and then never touch those peers. Because if they do, they could technically be giving you authorization to 'share' in the movie because they are too. They never touch you. They never connect to you. They hit the trackers, from IPs that are not in that program's list. They then sort IPs into ISPs that give in to them, and send off emails to those ISPs.

This program is completely useless and has never helped anyone, ever. It is a false sense of protection and only has false positives (ie: SS servers). I refuse to let people recommend this program, as it is just as bad as people forwarding emails otherwise they'll get chickpox.

Bak - Tue Sep 26, 2006 5:08 pm
Post subject:

Quote:

Rise of Legends or other such windows-only games.

Wine would probably run these fine. There's nothing like linux to stop people from installing things.

Dr Brain - Tue Sep 26, 2006 7:02 pm
Post subject:

Nothing to stop linux literate people from playing them, you mean. For a newbie, WINE can be quite daunting.

BDwinsAlt - Tue Sep 26, 2006 7:57 pm
Post subject:

Like Flabby said, AntiVir is awesome.

Here is what I would use for someone who is very computer illerate.

1. AntiVir
2. FireFox
3. Firewall, Windows firewall + router

That's all I can think of at the momment.

Some good things about AntiVir are it can scan at a scheduled time. It will update at a scheduled time too. I personally hate the norton products, I haven't try the corp one. Of course firefox wins over IE.

That's just what I think.

(I never get spyware since I've used FireFox so I don't use any spyware software.)

Some Extensions I can think of that I use are:

1. NoScript
2. Fasterfox
3. IE Tab (To use activex stuff)
4. DownThemAll!
5. Allow Right-Click
6. Forecast Fox
7. Nuke Anything

Just go to the mozilla site and search for the names.

Bak - Tue Sep 26, 2006 8:20 pm
Post subject:

Dr Brain wrote:

For a newbie, WINE can be quite daunting.

Just put shortcuts to all his games on the desktop. He's not going to be installing anything so it'll work.

Cerium - Tue Sep 26, 2006 9:33 pm
Post subject:

Bak:
He was probably refering to me. I'm not the linux nut you guys are. My only experience with it is remotely through putty, and I've never used/installed/whatever WINE.

BDWhatever:
You're the 3rd dummy I was refering to.

Everyone suggesting linux:
Not going to happen. Yes, in the most abstract sense it is probably more 'secure' in that there are far less exploits for it. However, as stated above, my experience with it is less than satisfactory. In my incapable hands it would probably be a sitting duck.

Besides, for all intents and purposes, the XP setup he's getting will be secured enough that it will be useless as an IRC drone and as long as I periodically update the various definitions, I think he'll be safe.

To somewhat derail this topic: I do have plans to throw Ubuntu on my laptop so I can play around with linux and get used to it, though I fear that the frustration of finding and downloading several peices of lego-software will lead to a broken laptop and a hole in the wall.

K' - Wed Sep 27, 2006 6:48 am
Post subject:

Murhpy, it would appear that your dissatisfaction from ZASS actually be invoked from its largely encompassing services' scale of execution rather than incompetence of service.

And, as we always know, it is more often than not the end-user who be the source of all trouble.

The cases which you've mentioned; a block of 95% of traffic, most likely occured from a neglegeant user being too reckless or lazy to make proper use of its highly-arbitrary connection authorization scheme.
The dummy most likely pressed deny on everything out of panic and let a few slid by with the allow.

The uninstall giving trouble...what have you messed up?

It never gave me any trouble.

As for false-positives...feh; They're advisements by most, ignorant users may be paniced by it, I suppose.
As for me, I take it as nothing more than the notice it is, I pay it personal discreation and research before I decide upon proper action.
I like being noted about every beep that stirrs up...I'm this kind of a person (control freak), I don't want unauthorized code to execute on my machine.

Were you to say that the service actually fails (and I have seen a bit of bad-behaviour on that end, however, the nature of the 'failure' in question was not such that it would normally compromise the system) then I would have a quarrel with it.
As it stands, it works quite sternly.
All in all, the service allows a very wide breadth of configuration and control as well as automatation - and it works.
It filters the shit out.

I think you've grown somewhat lazy.
It's like MAC people or Firefox people when they bash the other side.
It's not about being handed a software that by default set to counter the common breaches so you can sit laid back and do nothing and say "I'm secured!" until someone slips it by from your back oriffice and then you all scream like Jack Thompson.
It's about being able to say "my software allows me the freedom to configure it to the kind of security I want, and if I'm having a fucking clue and am half-savvy, I can make sure to adapt it according to the varying reality to keep on countering new threats.

So zonealarm is 'complicated', so what?
The average windows user would say the same about unix.
And it's not that unix is really more secure than windows, it's just that it allows a certain depth of user control which windows does not, so if you have a clue, you can make sure it's more tightly monitored and protected than the other OS.

Smong - Wed Sep 27, 2006 8:20 am
Post subject:

I just remembered in control panel -> sounds, you can set a sound each time a program starts. If it doesn't help you find naughty programs then it's at least a good audio feedback for starting programs.

(On a side note quick reply has lost its preview/submit buttons, with the forum selector/permissions appearing in that location).

BDwinsAlt - Wed Sep 27, 2006 8:26 am
Post subject:

What was wrong with my suggestions? Other's suggested the same thing.

Smong - Wed Sep 27, 2006 9:08 am
Post subject:

No one is criticizing your suggestions (yet), Cerium just called you a dummy in general.

K' - Wed Sep 27, 2006 11:56 am
Post subject:

Smong wrote:

Cerium just called you a dummy in general.

To which we all concur.

Smong, instead of sounds get Process Guard.
It's an excellent piece of software.
That, along with The Cleaner, makes for a perfect protection against all sorts of vile codes executing and/or installing themselves uninvited onto one's registry.

Mine GO BOOM - Wed Sep 27, 2006 3:06 pm
Post subject:

K' wrote:

And what is their target audience? End users that don't know what they are doing. For that case, it fails because it does all these fancy things that they don't know anything about, which cause larger problems. They try to fix it themselves, screw it up more, and then come to others for help after leaving the system in an incomplete state with parts of firewalls and antivirus programs deeply embedded in Windows stacks.

For that target audience, Windows Firewall works perfectly fine. It blocks incoming ports, which is all a firewall really needs to do in most cases. For more advanced audiences, I'd recommend a hardware firewall. If you want a software firewall to do everything on your computer, to allow certain programs specific access, I'd recommend Kerio Personal Firewall version 2.15, their last freeware release. Why? It is 100% free, it can do specific blocking, has options for automatic, ask everytime, block everything, etc. All the 'goodies' of ZoneAlarm firewall without any of the side effects. Kerio is a firewall, acts like a firewall, and only does things that a firewall does. It doesn't do packet shaping, it doesn't edit packets, it doesn't show itself off for the hell of it. Its a personal firewall.

As for grown lazy and bashing the other side? Keep up to date on security patches and sign up for some good mailing lists, and it shouldn't matter what software you run. If something bad happens and there isn't a fix, don't use that application until there is or find one of the many third-party fixes or hacks to prevent it. Do I think all my computers are secured? No. In fact, I'm pretty sure there is at least two different routes that I think someone can get at least user access to on this webserver right now. There are probably five other ways that I don't know exist that someone could probably root the system right now.

But I have a way to check for security breaches that I don't know how they happened. Every week, there are two snapshots taken of the server. One is a simple backup script run inside the environment, another is remotely through the Xen environment, which has direct access to the data from a safe environment. If someone rooted this box, I'd either know because the fail-safes in the system would trigger, or if they were smart enough and bypasses that and setup their own software to hid themselves, the Xen backup will show that, and you cannot hid from that. Completely automated, once a week I do a complete systems check between the two images here at home. Everyday, I do a difference backup on the system. So if a problem happens, I'm at most one week lost, and at best one day lost.

Now for my windows computer? If I would get a virus, the system is dead. You pickup a good 0day virus, it will bypass any software firewall, any antivirus, anything for you to detect it. Hell, it doesn't even need to be a good virus, it could just be Sony acting up again. If a system is infected, be in Windows, Linux, or OSX, the system is compromised and everything on it should be treated as such. A personal firewall won't tell you it failed, because a good virus will not let it. An antivirus won't be able to clean it, because it already screwed around with it. Best you can do is boot from a BartPE environment and scan and try and fix once signatures are released or start anew and only get back data files from the old computer.

Being lazy with a personal firewall? Sure, it is nice to prevent application X from phoning home if you wanted to, but you can do this just as easily from a hardware firewall. Oh noes, how can you find out? Wireshark plus a managed switch is a hell of a lot better than a personal firewall. Then you can see ZoneAlarm's own little phone home that it doesn't tell you about. Anything running on your computer has the ability to not tell others parts about it. Security should be run on systems not compromised by the user systems.

Last attack of the message: Windows v Anything Else security. When you log into Windows, what user account privileges are you using? My bet is on Administrative. Why? Windows started out and continued as a one-user system. To allow old applications to work, most of the time you have to run under an administrative account. Linux and BSD started as multiuser systems, where things were designed from the start to run as normal users unless otherwise needed. That right there is what almost all the security bogges down to.

If you go to a command prompt and type del /f /q /s *.* and tried to use the system afterwards, I'd bet you'd find it difficult. On Linux, if you typed rm -rf / I bet another user on that system would still log in fine and can do most of the same stuff they did before. Oh sure, you could do sudo rm -rf / and wipe the system, but I'm talking about just using the privileges that right now your web browser is using also. Granted, Vista is working on that idea, but the first user they create by default is still an administrator. And with how often security popups occur to click Continue, viruses and spyware will still work just how they did before. My bet is that most people will just disable User Account Control as soon as they find out how.

Smong - Wed Sep 27, 2006 5:54 pm
Post subject:

TLDR

BDwinsAlt - Wed Sep 27, 2006 6:02 pm
Post subject:

Cerium WTH is wrong with you. I was only trying to help. Did you miss out on something during your childhood that made you an asshole? Why do you have to be so fuckin gay.

Cerium - Wed Sep 27, 2006 8:40 pm
Post subject:

Shut up, stupid.

Mine GO BOOM - Wed Sep 27, 2006 9:37 pm
Post subject:

Smong wrote:

TLDR :P

This roughly sums up what I said.