Security products that complement F-Secure AV/IS
Have you ever wondered if it's enough to use an AV/IS (Anti-virus/Internet Security) product? "Yes", keep reading. "No", keep reading ;-)
Personally I think F-Secure(FS) provides great protection, but my interest for security in general has led me to also use a couple of other products that uses different techniques to get an overall better and layered protection. Here are my own outlines and reflections on 3 additional types of protection you can use for enhanced security.
All software mentioned here has been around for years, are compatible with FS AV/IS, works since XP, and has free versions that are known, common and widely used on Windows computers.
Malwarebytes Anti-malware - "Because your antivirus alone is not enough"
"MBAM" is a great complement to any AV/IS product. A free on-demand scanner that besides malware, spyware etc. also can detect(depending on settings) potentially unwanted: programs, modifications, peer-to-peer software. For example suspicious toolbars that might be/been installed without your knowledge or approval.
The pro version adds real-time and malicious website protection without conflicting with FS. Pro also has automatic updates and scheduled scanning.
Enhanced Mitigation Experience Toolkit - Exploit blocking
"EMET" by Microsoft is another free great but different product, designed to force applications to use security defenses that are built into Windows to prevent hackers from gaining access to your system. So why isn't this already enabled in Windows? Well, it's probably mostly known by tech users as not all software support all these security defenses, and it may require some tech skills to configure EMET for maximum security settings. However, people who doesn't know what DEP is for example could still benefit from EMETs protection by using EMETs recommended settings instead of maximum and only use the recommended or popular software configuration.
EMET injects a DLL into the programs you choose, and then monitors them for different exploit techniques. This makes it more difficult for malware exploits even if a monitored program doesn't have the latest update and there is a known exploit. Even several of Microsofts own zero-day vulnerabilities has been blocked by EMET.
EMET comes with import files with pre-defined settings for many common programs like browsers, java, Skype, office-programs, adobe reader, media players, plugin-container for FireFox etc. EMET also has a certificate trust feature that can block man-in-the-middle attacks in Internet Explorer.
Troubleshooting: I recommend to launch and test all programs monitored by EMET: test locally and on trusted sites(for programs that uses internet). Test compatibility with windows explorer preview pane and double-clicking file types in windows explorer for any incompatible caller mitigations etc. That way you'll get rid of any incompatible settings and EMET false alerts.
If you add programs yourself, it's a good idea to only add one program at a time and test it as described above. If any pre-defined program(or programs you've added yourself) is not compatible with all EMET mitigations, it will crash(EMET ending the process). Find out the type of mitigation EMET detected for that program, and uncheck that mitigation for the program in EMET, and try again. The type of mitigation detected is shown in the EMET pop-up alert and can also be found in Windows Event Viewer.
Tech info - EMET mitigations:
DEP, BottomUpASLR, MandatoryASLR, HeapSpray, NullPage, LoadLib, MemProt, StackPivot, Caller, SimExecFlow, SEHOP, EAF.
These mitigation techniques are often used by malware, but you don't really need to know what they are and how they work. An extensive EMET review: http://www.dedoimedo.com/computers/windows-emet-v4.html
Note: EMET supports XP(SP3), but XP doesn't support all mitigations in EMET. So EMET is limited in XP.
Sandboxie - Isolating high risk software
"SBIE" is a third type of protection: It doesn't detect and stop any malicious code or programs at all, instead it uses a different approach - it limits possible infections to a sandbox area.
When a program(for example a browser) is launched in the sandbox, all writes to disk will be routed to a sandbox folder instead of your normal files. The programs in the sandbox however has no clue they're not writing to your real files. When you're done you delete the sandbox and all changes will be discarded including any infections.
Sandboxie does not default limit any read access to your disk, but there are options for such limitations if you want. The free version is enough for most users.
Although Sandboxie's purpose is kind of "it doesn't matter if you get infected", you still want FS to protect you inside the sandbox. If FS detects anything you would like to know for future reference. There are known conflicts with some AV products but Sandboxie will detect F-Secure and apply compatibility settings for it. The latest update for F-Secure compatibility was made in June 2013. To verify that F-Secure works inside the sandbox: launch a sandboxed browser and test detection for the "clean/safe dummy Eicar virus": http://www.f-secure.com/v-descs/eicar.shtml I've verified with IS 2014.
Important: All security updates and settings changes for the programs you run sandboxed(for example a browser), should be applied in your normal OS environment, NOT inside the sandbox because changes are discarded when you delete the sandbox.
Just as you shouldn't trust your AV/IS to 100%, same goes for Sandboxie, so keep it updated.
MBAM is very easy to use. EMET and Sandboxie can require some tech skills to be able to configure and use all its functions, but they are not difficult to set up with default settings. As with all software you should first read the system requirements and any information incl. risks using it.
Feel free to comment or suggest other great complement software, preferably with a motivation.