Security products that complement F-Secure AV/IS
Have you ever wondered if it's enough to use an AV/IS (Anti-virus/Internet Security) product? "Yes", keep reading. "No", keep reading ;-)
Personally I think F-Secure(FS) provides great protection, but my interest for security in general has led me to also use a couple of other products that uses different techniques to get an overall better and layered protection. Here are my own outlines and reflections on 3 additional types of protection you can use for enhanced security.
All software mentioned here has been around for years, are compatible with FS AV/IS, works since XP, and has free versions that are known, common and widely used on Windows computers.
Malwarebytes Anti-malware - "Because your antivirus alone is not enough"
"MBAM" is a great complement to any AV/IS product. A free on-demand scanner that besides malware, spyware etc. also can detect(depending on settings) potentially unwanted: programs, modifications, peer-to-peer software. For example suspicious toolbars that might be/been installed without your knowledge or approval.
The pro version adds real-time and malicious website protection without conflicting with FS. Pro also has automatic updates and scheduled scanning.
Enhanced Mitigation Experience Toolkit - Exploit blocking
"EMET" by Microsoft is another free great but different product, designed to force applications to use security defenses that are built into Windows to prevent hackers from gaining access to your system. So why isn't this already enabled in Windows? Well, it's probably mostly known by tech users as not all software support all these security defenses, and it may require some tech skills to configure EMET for maximum security settings. However, people who doesn't know what DEP is for example could still benefit from EMETs protection by using EMETs recommended settings instead of maximum and only use the recommended or popular software configuration.
http://support.microsoft.com/kb/2458544 or an easier to remember: http://microsoft.com/emet
EMET injects a DLL into the programs you choose, and then monitors them for different exploit techniques. This makes it more difficult for malware exploits even if a monitored program doesn't have the latest update and there is a known exploit. Even several of Microsofts own zero-day vulnerabilities has been blocked by EMET.
EMET comes with import files with pre-defined settings for many common programs like browsers, java, Skype, office-programs, adobe reader, media players, plugin-container for FireFox etc. EMET also has a certificate trust feature that can block man-in-the-middle attacks in Internet Explorer.
Troubleshooting: I recommend to launch and test all programs monitored by EMET: test locally and on trusted sites(for programs that uses internet). Test compatibility with windows explorer preview pane and double-clicking file types in windows explorer for any incompatible caller mitigations etc. That way you'll get rid of any incompatible settings and EMET false alerts.
If you add programs yourself, it's a good idea to only add one program at a time and test it as described above. If any pre-defined program(or programs you've added yourself) is not compatible with all EMET mitigations, it will crash(EMET ending the process). Find out the type of mitigation EMET detected for that program, and uncheck that mitigation for the program in EMET, and try again. The type of mitigation detected is shown in the EMET pop-up alert and can also be found in Windows Event Viewer.
Tech info - EMET mitigations:
DEP, BottomUpASLR, MandatoryASLR, HeapSpray, NullPage, LoadLib, MemProt, StackPivot, Caller, SimExecFlow, SEHOP, EAF.
These mitigation techniques are often used by malware, but you don't really need to know what they are and how they work. An extensive EMET review: http://www.dedoimedo.com/computers/windows-emet-v4.html
Note: EMET supports XP(SP3), but XP doesn't support all mitigations in EMET. So EMET is limited in XP.
Sandboxie - Isolating high risk software
"SBIE" is a third type of protection: It doesn't detect and stop any malicious code or programs at all, instead it uses a different approach - it limits possible infections to a sandbox area.
When a program(for example a browser) is launched in the sandbox, all writes to disk will be routed to a sandbox folder instead of your normal files. The programs in the sandbox however has no clue they're not writing to your real files. When you're done you delete the sandbox and all changes will be discarded including any infections.
Sandboxie does not default limit any read access to your disk, but there are options for such limitations if you want. The free version is enough for most users.
Although Sandboxie's purpose is kind of "it doesn't matter if you get infected", you still want FS to protect you inside the sandbox. If FS detects anything you would like to know for future reference. There are known conflicts with some AV products but Sandboxie will detect F-Secure and apply compatibility settings for it. The latest update for F-Secure compatibility was made in June 2013. To verify that F-Secure works inside the sandbox: launch a sandboxed browser and test detection for the "clean/safe dummy Eicar virus": http://www.f-secure.com/v-descs/eicar.shtml I've verified with IS 2014.
Important: All security updates and settings changes for the programs you run sandboxed(for example a browser), should be applied in your normal OS environment, NOT inside the sandbox because changes are discarded when you delete the sandbox.
Just as you shouldn't trust your AV/IS to 100%, same goes for Sandboxie, so keep it updated.
MBAM is very easy to use. EMET and Sandboxie can require some tech skills to be able to configure and use all its functions, but they are not difficult to set up with default settings. As with all software you should first read the system requirements and any information incl. risks using it.
Feel free to comment or suggest other great complement software, preferably with a motivation.
Great post, NikK. A lot of time and hard work went into this thread starter.
I have been using layered defences for years, with and without a real-time Antivirus/Internet Security Suite. Blacklisted scanners simply cannot keep up with the numbers of new malware released every day.
A few products that I run/ would recommend to run with F-Secure include;
1. Policy-restriction programs--these all apply restrictions to running processes by applying a policy that determines what applications are and aren't allowed to do. Examples include GesWall, DefenseWall and AppGuard.
At the present time I am running AppGuard(instead of EMET) together with F-Secure IS; http://www.blueridge.com/index.php/products/appguard/consumer
BUT if I still had a 32-bit system I would recommend DefenseWall; http://www.softsphere.com/programs/ so easy to use it's on my 87-year-old grannie's laptop.
2. Anti-Executable-using NoVirusThanks EXE Radar Pro on one machine-http://www.novirusthanks.org/product/exe-radar-pro/ it whitelists trusted applications and blacklists untrusted ones. Powerful anti-executable software that allows you to manage trusted applications allowed to run in your system, block untrusted applications and keep your PC safe from malware and trojans.
3. Virtual Private Network-(VPN)- A VPN incorporates two features, encryption and tunneling , to ensure that data is delivered safely and privately across the public space. The basic idea of a VPN is that your computer creates an encrypted connection, over the internet, to a computer network that you trust. This could be, say, the network at your office, your home, or a third party VPN service provider. After creating the connection, all your network traffic - web browsing, email, IM, everything - is routed through your encrypted VPN connection. I use Zenmate, a Chrome plugin,
ZenMate(Free) creates a tunnel similar to a virtual private network (VPN) between your device and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, governments and ISP‘s from spying on your web browsing activities, downloads, credit card information or anything else you send over the network via your browser. ZenMate can thus help to protect you from PRISM and NSA spying attempts. It acts like a Hotspot Shield in unsecured WiFis but in contrast to many other free VPN Services it comes as a lightweight and easy to use browser plugin. Use ZenMate to protect your privacy, bypass Internet censorship and secure your Internet without losing any speed.
At the present time I run F-Secure IS 2014 alongside;
AppGuard (with Sandboxie in reserve),
Malwarebytes and Hitman Pro as backup on-demand scanners;
ZenMate for Chrome; when banking/buying stuff.
UAC is set to maximum
Listing all these makes me appear as paranoid as Rusli!
It would be of interest to see what the F-Secure experts here run on their machines; my money is on no security software for the likes of Fendy and Ben.1 1Like
But If I had to recommend one essential program to run alongside F-Secure it would be a good Imaging/backup program. If you get over the initial hurdle of trying out the first restore it is very easy to carry out even for those users who are not computer savvy.
A good backup/imaging program is essential for buggy software, programs that will not uninstall and Cryptolocker malware. The ones I have listed below I have used over several years and they have never failed a restore in that time.
Recommended free versions-Macrium; http://www.macrium.com/reflectfree.aspx
Recommended retail versions;
1. Macrium Reflect Standard; http://www.macrium.com/personal.aspx
2. AX64 Time Machine; http://www.ax64.com/
AX64 is so fast in restoring images (3-4m) it is like a snapshot/imaging program all-in-one.
So F-Secure and a good backup program is really all you need (maybe I will take my own advice ).
Blackcat, would you recommend those backup programs over the Backup and Recovery tools provided within Windows 7 and 8 / 8.1? If so, what makes them better? I am forever struggling to find enough free space to do a full system backup on my desktop computer, and have just purchased a new 2Tb external hard drive for that purpose, so would like to optimise my backup regime as far as possible.
I have not upgraded to Win 8/8.1 yet so have no experience of using its Backup. Win 7 Backup let me down a few times but fortunately it was not my only backup program. Further, the restore times with WIN 7 backup was very slow, probably because it could not carry out incremental backups.
Used Acronis Image/Norton Ghost for years until they became either too bloated/too slow or simply did not work (most people's advice is not to go near Acronis TrueImage with a bargepole)
Lots of free programs;
But I recommend Macrium Reflect Free, which is free for personal use, easy to use, can clone and image, and IME, is
Retail programs: I have licenses for a number of these including AX64 Time Machine, Macrium Reflect Standard and Terabytes Image for Windows; http://www.terabyteunlimited.com/image-for-windows.htm
IFW has a one-off license fee and all 3 have superb support. My current favorite is AX64; simple to use. All 3 of these programs have never failed in a restore.
My advice is to try the Windows inbuilt backup and then compare it to AX64. The only way you can tell that the program has successfully taken a backup is to restore your OS. Scary initially but once you have carried out a few, a piece of cake.
Thanks Blackcat, I'll have a look at those when I receive the new external drive. I have to admit, I've never fully trusted 'free' software, when there are paid alternatives available. It's not that I want to spend money, but to my mind, why would a developer / vendor offer something for free, when there is clearly a purchase market for the said product? There's usually a catch somewhere...
Incodentally, I thought Win7 did do incremental backups, as I recall it saying somewhere that the first one would take the longest, then future ones would be quicker, as it only backs up new or changed files.
Incidentally, I thought Win7 did do incremental backups, as I recall it saying somewhere that the first one would take the longest, then future ones would be quicker, as it only backs up new or changed files.
Theoretically it may have been able to carry out incremental backups but ALL my restores took ages to complete; not much difference to the initial baseline backup.
For anyone being curious about Sandboxie mentioned in the initial post in this thread, a new great review was published today:
In short, Sandboxie is mainly about isolating usage of high risk software/browsing.
No, Banking Protection is like a firewall blocking other connections from your computer while you're doing banking stuff.
A sandbox area in general is a limited space on your hard drive. Put simply, programs in the sandbox are forced to only write to C:\Sandbox without the program even knowing about it. If the sandboxed program needs to write to a file in the C:\windows folder for example, it will instead be written to C:\Sandbox\C\Windows
When you delete/empty the sandbox, any infections will that way be deleted too.6 1Like
Yeah.... Comodo, MBAM, HimanPro, AVIRA, Superantispyware, Norton , Eset Online Scanner, Kaspersky, Bitdefender Free Antivirus, Dr Web, Sophos, McAfee, VirusTotal, ClamAV for Unix etc ...
Not forgetting one thing...
Merry Christmas to all of you here in the forum! And have a great Joyus New Year!!!
Peace & Regards!
But If I had to recommend one essential program to run alongside F-Secure it would be a good Imaging/backup program.
A very good single advice Blackcat!
You should also make sure you have a boot or system repair disc for that backup program, for any worst case scenarios.
And even if you don't take backups, at least create a Windows System Repair disc: Windows 7 Windows 8