How Do You Secure Your Home Pc?

[Guest Deleted_Account]

Here's the question: How do you secure your home PC (Personal use; no servers/etc.) What software do you use?

I'll start off:

Current set-up on my Windows 7 Ultimate x32 Acer Asire One

 
1) Commodo Internet Secruity (Firewall and Defense +; AV turned off; Secondary Anti-virus)

2) Avast! 5 (Primary Anti-Virus)

3) ThreatFire (Because it is awesome :p)

4) Windows Defender (Third anti-virus/spyware (for the speed it's nice and fast)

5) Spy-bot Search and Destroy (Anti-spyware/Pro-active defense)

6)DecaffeinatID (IDS/Anti-Man-in-the-middle)

7)Windows firewall (Just cause )

Now it's your turn :)

~x942~

P.S: Also any ideas on a good HIDS i could add? Snort isn't working like i want it to and OSSEC wont run for me :(

[Netshroud]

ESET Smart Security 4

Windows Defender (in background)

[Infiltrator]

I can see you have more than one antivirus installed, ideally you only want to have one installed.

Comodo is a very good personal firewall, I have used it myself and its really effective and efficient, I would recommend using it over the windows built in firewall, as it will give you a better protection, no offense to Microsoft built in firewall, I just think Comodo does a better job at securing the system.

Avast 5 its what I use at home very good, very effective at detecting malware not as effective as Kaspersky tough but will keep your computer safe at 99.00% of all times.

Don't forget that, having a good firewall and antivirus is not going to make you 100% secured. You still have to patch things up, like update your software once a month.

As far as the computer security itself is concerned, its looks secure to me.

Another thing you could look at securing would be at the network level. You can build your own firewall box with PSFense/Untangle or buy a hardware based firewall. Most firewalls will do packet inspection which is not enough for securing a network, you want a more effective way for blocking attacks like IPDS.

[Guest Deleted_Account]

I can see you have more than one antivirus installed, ideally you only want to have one installed.

Yes i do have more then one, 3 to be exact, but Comodo is disabled and i only use it in emergency (like the 1% of the time when Avast can't remove something) found Comodo AV gave far to many False positives to use it all the time. ThreatFire (not sure if you are familiar with it) is only used when i tell it to scan thats all it does no continuous scan or real-time defenses. It uses something along the lines of Avast's "Code emulation" to get rid of zero day threats and virus's that don't have definitions.

Comodo is a very good personal firewall, I have used it myself and its really effective and efficient, I would recommend using it over the windows built in firewall, as it will give you a better protection, no offense to Microsoft built in firewall, I just think Comodo does a better job at securing the system.

Definately love Comodo and agree with what you said. Is running windows firewall AND Comodo a bad idea? Only reason Windows firewall is running is because i haven't bothered turning it off and one of my programs wont work unless it's turned on (though not a big deal anyways).

Avast 5 its what I use at home very good, very effective at detecting malware not as effective as Kaspersky tough but will keep your computer safe at 99.00% of all times.

Again I agree completely. I have used Kaspersky and i don't think any thing beats it lol. Love Avast been using it for years version 5 is so mush better too.

Don't forget that, having a good firewall and antivirus is not going to make you 100% secured. You still have to patch things up, like update your software once a month.

Definitely. I upgrade every time there is a new update. Auto-update for windows and virus definitions.

As far as the computer security itself is concerned, its looks secure to me.

Another thing you could look at securing would be at the network level. You can build your own firewall box with PSFense/Untangle or buy a hardware based firewall. Most firewalls will do packet inspection which is not enough for securing a network, you want a more effective way for blocking attacks like IPDS.

Haven't tackled the PSfense/Untagle yet going to try with my old dell as long as i can just plug my router in and have wifi kinda like MODEM to PSfense/Untangle TO aplha sheild to Router. Also Right now i have an AlphaShield and my routers build in firewall so i have 3 in total including Comodo. I have used SheildsUp! to check with all and each one individually all (Besides my router) gave me a PASS result with ALL ports stealth-ed so comodo and Alpha sheild do there jobs. Still want Untangle though so i can add more like a AV that scans incoming traffic and put and IDS on it (maybe) and definitely have fun with iptables

[DaBeach]

WIN7 Ultimate 64bit

MS Firewall with all in/out blocked with exceptions.

Stopped using Spyware/Malware scanners years ago along with AntiVirus and 3rd party firewalls. Recent firewall FVS338 blocked in/out ports as well however, recently setup pfSense firewall.

MS Patches applied regularly

If I observe anything funky I will restore an image of the drive setup after a fresh OS install, and I also perform a restore of the image about every couple months or so anyway.

I gave up on the 3rd party scanners as described above as it began to be a chore and consumed too much boot up time and CPU resources.

I run as a standard user with a separate account for Admin purposes.

Additionally, everyone here has their own PC and I do not let anyone touch mine at all!

[Guest Deleted_Account]

WIN7 Ultimate 64bit

MS Firewall with all in/out blocked with exceptions.

Stopped using Spyware/Malware scanners years ago along with AntiVirus and 3rd party firewalls. Recent firewall FVS338 blocked in/out ports as well however, recently setup pfSense firewall.

MS Patches applied regularly

If I observe anything funky I will restore an image of the drive setup after a fresh OS install, and I also perform a restore of the image about every couple months or so anyway.

I gave up on the 3rd party scanners as described above as it began to be a chore and consumed too much boot up time and CPU resources.

I run as a standard user with a separate account for Admin purposes.

Additionally, everyone here has their own PC and I do not let anyone touch mine at all!

Could be risky but as long as your not downloading anything that could/would be infected then its fine. I've done it before for the same reasons and even MS says you should run as a limited user Similar to linux and root unless necessary you don't sign in as root. However for some reason When using windows I and Presumably most others use an Admin account VS linux and doing Limted & root way not sure why though lol

[DaBeach]

Could be risky but as long as your not downloading anything that could/would be infected then its fine. I've done it before for the same reasons and even MS says you should run as a limited user Similar to linux and root unless necessary you don't sign in as root. However for some reason When using windows I and Presumably most others use an Admin account VS linux and doing Limted & root way not sure why though lol

Well, even if you went nuts and visited/downloaded perhaps installed risky items you could just perform a restore image every week or so, which on my system takes about 7 minutes and it should be gone. I guess this would also be similar to running virtual OS's on your OS and just blowing the image off after use. Are you aware of any issues of data becoming infected and then effecting the OS, like say media files or documents?

[Infiltrator]

I gave up on the 3rd party scanners as described above as it began to be a chore and consumed too much boot up time and CPU resources.

I don't seem to have this problem, my computers always have a good boot up time. And my current antvirus never hogs much of the system resources, they system is always running stable and smooth.

Edited July 18, 2010 by Infiltrator

[Infiltrator]

Well, even if you went nuts and visited/downloaded perhaps installed risky items you could just perform a restore image every week or so, which on my system takes about 7 minutes and it should be gone. I guess this would also be similar to running virtual OS's on your OS and just blowing the image off after use. Are you aware of any issues of data becoming infected and then effecting the OS, like say media files or documents?

I think he may be using Linux, I know even Linux is not the safest operating system on the planet, but compared to MS is considered a very safe system to use, you don't get as much viruses and shitware as you get in Windows but you never know. There is always a possibility.

[DaBeach]

I don't seem to have this problem, my computers always have a good boot up time. And my current antvirus never hogs much of the system resources, they system is always running stable and smooth.

I had stopped using scanners etc... around XP and during Vista days. It started to feel like a burden having to update and check for updates and taking time to scan with multiple softwares not to mention defrag. The last time I caught a virus was with XP and IE which by simply visiting a page something changed my notepad.exe to a virus and it attempted to get by the firewall (this was my 2nd virus caught in my lifetime btw). I feel now that safe practices combined with firewalling is better and if you catch a virus your probably done anyway and off to a reinstall these days.

[Infiltrator]

I had stopped using scanners etc... around XP and during Vista days. It started to feel like a burden having to update and check for updates and taking time to scan with multiple softwares not to mention defrag. The last time I caught a virus was with XP and IE which by simply visiting a page something changed my notepad.exe to a virus and it attempted to get by the firewall (this was my 2nd virus caught in my lifetime btw). I feel now that safe practices combined with firewalling is better and if you catch a virus your probably done anyway and off to a reinstall these days.

Since you don't run any AV, how can you tell if your system is not infected or not. It could be infected without you even realizing.

And computer viruses nowadays are getting very smart, lying dormant while its causing some sort of damage to the system, without any user consent. Plus it could be incorporated with some kind of nasty rootkit, to make it even impossible to be detected.

I don't know, give me good reasons to believe your system is not infected.

[Sparda]

I don't do any thing stupid.

[DaBeach]

Since you don't run any AV, how can you tell if your system is not infected or not. It could be infected without you even realizing.

And computer viruses nowadays are getting very smart, lying dormant while its causing some sort of damage to the system, without any user consent. Plus it could be incorporated with some kind of nasty rootkit, to make it even impossible to be detected.

I don't know, give me good reasons to believe your system is not infected.

No strange files or websites, No opening attachments, No P2P, torrents etc. I agree about the advancement of viruses which returns to the position of having to resort to the "Scorched Earth" routine when one is caught. I feel restoring to a fresh OS install image would defeat a virus (not so sure about a root kit though or if a virus was able to contaminate data files on other drives). When the restore image is applied the drive partition is deleted prior to reimaging (would this not remove a rootkit?)

I am also not so sure that software would make it on a system without some sort of actions by the user allowing it to install. Also returning to a fresh install in 7 minutes also avoids bit rot, it takes me around 10-12 hours to build a system.

So currently I use the following:

WIN7 Ultimate 64bit as a standard user

WIN Firewall blocked all in/out with exceptions for programs such as firefox

No IE only Firefox with NoScript and BetterPrivacy (for flash cookies)

Router/Firewall with rules blocking ALL in/out except those allowed such as port 80 out

Patching OS as updates arrive

When I rebuild my main system hardware I am going to try the use of virtual machines for all internet connections which would allow me to either go safe or wild on the net and be able to delete the image and revert to a fresh image after use. I am thinking this would be an additional layer of potential protection. What would be the opinion of this method?

I doubt there is anything on my system however, I will also admit that I can't be completely sure until a restore is completed.

[Infiltrator]

No strange files or websites, No opening attachments, No P2P, torrents etc. I agree about the advancement of viruses which returns to the position of having to resort to the "Scorched Earth" routine when one is caught. I feel restoring to a fresh OS install image would defeat a virus (not so sure about a root kit though or if a virus was able to contaminate data files on other drives). When the restore image is applied the drive partition is deleted prior to reimaging (would this not remove a rootkit?)

some rootkit can actually write themselves to the actual hardware, so even if you format your hard drive it will still reinfect the system.

there are virus like boot sector virus that can hide themselves in the boot sector of a hard drive and even with a complete reformat of the hard drive, it could still infect the system, unless you wipe the master boot record, that should completely wipe the fucker off.

[gcninja]

best answer I've ever heard is, shut down, in the box in a the closet. nothing can get to it there from the internet

[DaBeach]

some rootkit can actually write themselves to the actual hardware, so even if you format your hard drive it will still reinfect the system.

there are virus like boot sector virus that can hide themselves in the boot sector of a hard drive and even with a complete reformat of the hard drive, it could still infect the system, unless you wipe the master boot record, that should completely wipe the fucker off.

Ok, do you mean that a root kit that was able to write itself to the hardware (I am assuming you mean the hard drive) and it was to get under a format, would not a deletion of all partitions take it out? I remember in my DOS days that a format would not clean a drive of some virus's and it would require a low level format (fdisk) which I believe is a low level format.

If I recall even the Sony root kit which I believe was installed after inserting a music CD may have required user assistance to complete the install.

In regards to the boot sector and/or master boot record, would a deletion of all partitions blow any root kit/virus off?

So I guess you could say that in situations like a WIN7 installation in which windows creates 2 partitions on a new install if I were to have issues later and go in an say restore the drive image on the 2nd partition where the OS is stored I could be at risk as I don't usually bother with the 100mb System Reserved partition.

If this is the case maybe I should switch from DriveSnapShot to a disk cloning utility and copy ALL partitions in one wipe vs DriveSnapShot imaging each partition individually.

[Infiltrator]

Ok, do you mean that a root kit that was able to write itself to the hardware (I am assuming you mean the hard drive) and it was to get under a format, would not a deletion of all partitions take it out? I remember in my DOS days that a format would not clean a drive of some virus's and it would require a low level format (fdisk) which I believe is a low level format.

Sorry I meant the hard drive, but some hardware has a built in ROM in it, so if the root kit is engineered to write itself to that particular ROM than you are doomed.

Now as you mentioned above, performing a low level format should wipe the virus off.

[Mr-Protocol]

Interesting thread. Virus coding recon work? :P j/k

[Guest Deleted_Account]

Interesting thread. Virus coding recon work? :P j/k

haha totally now all your packets belong to me! MUAHAHAHAHAH *COUGH* COUGH* :P

And on a side note looks like you do NOT want to run ThreatFire and Comodo (just re-installed it never used it with comodo before) rebooted and Bluescreen uninstall from safe mode Kernel panic :( reimage and fixed but it was annoying!

[Infiltrator]

And on a side note looks like you do NOT want to run ThreatFire and Comodo (just re-installed it never used it with comodo before) rebooted and Bluescreen uninstall from safe mode Kernel panic :( reimage and fixed but it was annoying!

Why is that? Comodo is pretty easy and secure to use. I don't know about ThreatFire but it looks promising.

[barry99705]

I'm running Ubuntu 10.04, full disk encryption, with an encrypted home directory inside that(different passwords). Computer never sleeps, always shut down when done. I use vmware images for my "other" browsing needs. ;)

[Guest Deleted_Account]

Why is that? Comodo is pretty easy and secure to use. I don't know about ThreatFire but it looks promising.

Bad wording sorry. I meant at the same time did it a second time and confirmed there seems to be conflicts if both are in startup so just tell ThreatFire not to start with windows and all works fine.

[Infiltrator]

Bad wording sorry. I meant at the same time did it a second time and confirmed there seems to be conflicts if both are in startup so just tell ThreatFire not to start with windows and all works fine.

Good to know, so there seems to be a compatibility issue between the two. Comodo seems to play real nice with Avast never had any issue. But thanks for letting me know.

[Charles]

I only run an AV and let Windows deal with the firewall and haven't had any problems.

Sidenote: Using a VM in "seamless mode" works great for web browsing.

[ParMan]

I Just dont plug it into the internet.