Security products that complement F-Secure AV/IS

NikK
NikK Posts: 903 Forum Champion

Have you ever wondered if it's enough to use an AV/IS (Anti-virus/Internet Security) product? "Yes", keep reading. "No", keep reading ;-)

Personally I think F-Secure(FS) provides great protection, but my interest for security in general has led me to also use a couple of other products that uses different techniques to get an overall better and layered protection. Here are my own outlines and reflections on 3 additional types of protection you can use for enhanced security.

All software mentioned here has been around for years, are compatible with FS AV/IS, works since XP, and has free versions that are known, common and widely used on Windows computers.

 

Malwarebytes Anti-malware - "Because your antivirus alone is not enough"

"MBAM" is a great complement to any AV/IS product. A free on-demand scanner that besides malware, spyware etc. also can detect(depending on settings) potentially unwanted: programs, modifications, peer-to-peer software. For example suspicious toolbars that might be/been installed without your knowledge or approval.

The pro version adds real-time and malicious website protection without conflicting with FS. Pro also has automatic updates and scheduled scanning.

http://www.malwarebytes.org/products/malwarebytes_free/

 

Enhanced Mitigation Experience Toolkit - Exploit blocking

"EMET" by Microsoft is another free great but different product, designed to force applications to use security defenses that are built into Windows to prevent hackers from gaining access to your system. So why isn't this already enabled in Windows? Well, it's probably mostly known by tech users as not all software support all these security defenses, and it may require some tech skills to configure EMET for maximum security settings. However, people who doesn't know what DEP is for example could still benefit from EMETs protection by using EMETs recommended settings instead of maximum and only use the recommended or popular software configuration.

http://support.microsoft.com/kb/2458544  or an easier to remember: http://microsoft.com/emet

More info:

Spoiler

EMET injects a DLL into the programs you choose, and then monitors them for different exploit techniques. This makes it more difficult for malware exploits even if a monitored program doesn't have the latest update and there is a known exploit. Even several of Microsofts own zero-day vulnerabilities has been blocked by EMET.

EMET comes with import files with pre-defined settings for many common programs like browsers, java, Skype, office-programs, adobe reader, media players, plugin-container for FireFox etc. EMET also has a certificate trust feature that can block man-in-the-middle attacks in Internet Explorer.

 

Troubleshooting: I recommend to launch and test all programs monitored by EMET: test locally and on trusted sites(for programs that uses internet). Test compatibility with windows explorer preview pane and double-clicking file types in windows explorer for any incompatible caller mitigations etc. That way you'll get rid of any incompatible settings and EMET false alerts.

If you add programs yourself, it's a good idea to only add one program at a time and test it as described above. If any pre-defined program(or programs you've added yourself) is not compatible with all EMET mitigations, it will crash(EMET ending the process). Find out the type of mitigation EMET detected for that program, and uncheck that mitigation for the program in EMET, and try again. The type of mitigation detected is shown in the EMET pop-up alert and can also be found in Windows Event Viewer.

 

Tech info - EMET mitigations:

DEP, BottomUpASLR, MandatoryASLR, HeapSpray, NullPage, LoadLib, MemProt, StackPivot, Caller, SimExecFlow, SEHOP, EAF.

These mitigation techniques are often used by malware, but you don't really need to know what they are and how they work. An extensive EMET review: http://www.dedoimedo.com/computers/windows-emet-v4.html

Note: EMET supports XP(SP3), but XP doesn't support all mitigations in EMET. So EMET is limited in XP.

 

Sandboxie - Isolating high risk software

"SBIE" is a third type of protection: It doesn't detect and stop any malicious code or programs at all, instead it uses a different approach - it limits possible infections to a sandbox area.

When a program(for example a browser) is launched in the sandbox, all writes to disk will be routed to a sandbox folder instead of your normal files. The programs in the sandbox however has no clue they're not writing to your real files. When you're done you delete the sandbox and all changes will be discarded including any infections.

http://sandboxie.com/

More info:

Spoiler

Sandboxie enables you to run programs in an isolated virtual environment which is great for high risk things like trying out(or even installing) unknown programs or using not trusted websites that require both javascript and plugins/active-x to work. Other things you can sandbox: mail, chat, P2P, games etc.

Sandboxie does not default limit any read access to your disk, but there are options for such limitations if you want. The free version is enough for most users.

Although Sandboxie's purpose is kind of "it doesn't matter if you get infected", you still want FS to protect you inside the sandbox. If FS detects anything you would like to know for future reference. There are known conflicts with some AV products but Sandboxie will detect F-Secure and apply compatibility settings for it. The latest update for F-Secure compatibility was made in June 2013. To verify that F-Secure works inside the sandbox: launch a sandboxed browser and test detection for the "clean/safe dummy Eicar virus": http://www.f-secure.com/v-descs/eicar.shtml I've verified with IS 2014.

Important: All security updates and settings changes for the programs you run sandboxed(for example a browser), should be applied in your normal OS environment, NOT inside the sandbox because changes are discarded when you delete the sandbox.

Just as you shouldn't trust your AV/IS to 100%, same goes for Sandboxie, so keep it updated.

MBAM is very easy to use. EMET and Sandboxie can require some tech skills to be able to configure and use all its functions, but they are not difficult to set up with default settings. As with all software you should first read the system requirements and any information incl. risks using it.

Feel free to comment or suggest other great complement software, preferably with a motivation.

Comments

  • Simon
    Simon Posts: 2,667 Superuser
    Great thread, Nik. I only have FSIS running in real time, but have MWB as an occasional on demand scanner. I will check out your other recommendations. :)
  • Blackcat
    Blackcat Posts: 503 Influencer

    Great post, NikK. A lot of time and hard work went into this thread starter.

     

    I have been using layered defences for years, with and without a real-time Antivirus/Internet Security Suite. Blacklisted  scanners simply cannot keep up with the numbers of new malware released every day.

     

    A few products that I run/ would recommend to run with F-Secure include; 

     

    1. Policy-restriction programs--these all apply restrictions to running processes by applying a policy that determines what applications are and aren't allowed to do. Examples include GesWall, DefenseWall and AppGuard.

     

    At the present time I am running AppGuard(instead of EMET) together with F-Secure IS;  http://www.blueridge.com/index.php/products/appguard/consumer 

     

    Capture AG1.GIF

     

    Capture AG2 .GIF

     

     

    BUT if I still had a 32-bit system I would recommend DefenseWall; http://www.softsphere.com/programs/ so easy to use it's on my 87-year-old grannie's laptop.

     

    2. Anti-Executable-using NoVirusThanks EXE Radar Pro on one machine-http://www.novirusthanks.org/product/exe-radar-pro/ it whitelists trusted applications and blacklists untrusted ones. Powerful anti-executable software that allows you to manage trusted applications allowed to run in your system, block untrusted applications and keep your PC safe from malware and trojans.

     

    Capture NVT1 .GIF

     

    Capture NVT 2 .GIF

     

    3. Virtual Private Network-(VPN)- A VPN incorporates two features, encryption and tunneling , to ensure that data is delivered safely and privately across the public space. The basic idea of a VPN is that your computer creates an encrypted connection, over the internet, to a computer network that you trust. This could be, say, the network at your office, your home, or a third party VPN service provider. After creating the connection, all your network traffic - web browsing, email, IM, everything - is routed through your encrypted VPN connection. I use Zenmate, a Chrome plugin, 

     

    ZenMate(Free) creates a tunnel similar to a virtual private network (VPN) between your device and our Internet gateway. This impenetrable tunnel prevents snoopers, hackers, governments and ISP‘s from spying on your web browsing activities, downloads, credit card information or anything else you send over the network via your browser. ZenMate can thus help to protect you from PRISM and NSA spying attempts. It acts like a Hotspot Shield in unsecured WiFis but in contrast to many other free VPN Services it comes as a lightweight and easy to use browser plugin. Use ZenMate to protect your privacy, bypass Internet censorship and secure your Internet without losing any speed.

     

    Capture Zenmate.GIF

     

     

    At the present time I run F-Secure IS 2014 alongside;

     

    AppGuard (with Sandboxie in reserve),

    Malwarebytes and Hitman Pro as backup on-demand scanners;

    ZenMate for Chrome; when banking/buying stuff.

    UAC is set to maximum

     

    Listing all these makes me appear as paranoid as Rusli!Smiley Tongue Smiley Wink 

     

    It would be of interest to see what the F-Secure experts here run on their machines; my money is on no security software for the likes of Fendy and Ben.

     

     

     

  • Blackcat
    Blackcat Posts: 503 Influencer

    But If I had to recommend one essential program to run alongside F-Secure it would be a good Imaging/backup program. If you get over the initial hurdle of trying out the first restore it is very easy to carry out even for those users who are not computer savvy. 

     

    A good backup/imaging program is essential for buggy software, programs that will not uninstall and Cryptolocker malware. The ones I have listed below I have used over several years and they have never failed a restore in that time.

     

    Recommended free versions-Macrium; http://www.macrium.com/reflectfree.aspx

     

    Recommended retail versions;

     

    1. Macrium Reflect Standard;  http://www.macrium.com/personal.aspx 

     

    Capture macrium.GIF

     

     

    2. AX64 Time Machinehttp://www.ax64.com/ 

     

    Capture 2 .GIF

     

    Capture 3 .GIF

     

    AX64 is so fast in restoring images (3-4m) it is like a snapshot/imaging program all-in-one.

     

    So F-Secure and a good backup program is really all you need (maybe I will take my own advice Smiley Embarassed).

     

  • Simon
    Simon Posts: 2,667 Superuser

    Blackcat, would you recommend those backup programs over the Backup and Recovery tools provided within Windows 7 and 8 / 8.1?  If so, what makes them better?  I am forever struggling to find enough free space to do a full system backup on my desktop computer, and have just purchased a new 2Tb external hard drive for that purpose, so would like to optimise my backup regime as far as possible.

  • Blackcat
    Blackcat Posts: 503 Influencer

    @Simon 

     

    I have not upgraded to Win 8/8.1 yet so have no experience of using its Backup. Win 7 Backup let me down a few times but fortunately it was not my only backup program. Further, the restore times with WIN 7 backup was very slow, probably because it could not carry out incremental backups.

     

    Used Acronis Image/Norton Ghost for years until they became either too bloated/too slow or simply did not work (most people's advice is not to go near Acronis TrueImage with a bargepole)

     

    Lots of free programs;

     

    http://www.techsupportalert.com/best-free-drive-imaging-program.htm

    http://www.freewaregenius.com/the-best-free-disk-imaging-program-a-comparative-analysis/

     

    But I recommend Macrium Reflect Free, which is free for personal use, easy to use, can clone and image, and IME, is

    extremely reliable.

     

    Retail programs: I have licenses for a number of these including AX64 Time Machine, Macrium Reflect Standard and Terabytes Image for Windowshttp://www.terabyteunlimited.com/image-for-windows.htm

     

    IFW has a one-off license fee and all 3 have superb support. My current favorite is AX64; simple to use. All 3 of these programs have never failed in a restore.

     

    My advice is to try the Windows inbuilt backup and then compare it to AX64. The only way you can tell that the program has successfully taken a backup is to restore your OS. Scary initially but once you have carried out a few, a piece of cake.

     

     

  • Simon
    Simon Posts: 2,667 Superuser

    Thanks Blackcat, I'll have a look at those when I receive the new external drive.  I have to admit, I've never fully trusted 'free' software, when there are paid alternatives available.  It's not that I want to spend money, but to my mind, why would a developer / vendor offer something for free, when there is clearly a purchase market for the said product?  There's usually a catch somewhere...  Smiley Wink

     

    Incodentally, I thought Win7 did do incremental backups, as I recall it saying somewhere that the first one would take the longest, then future ones would be quicker, as it only backs up new or changed files.

  • Blackcat
    Blackcat Posts: 503 Influencer

    @Simon wrote:

     

    Incidentally, I thought Win7 did do incremental backups, as I recall it saying somewhere that the first one would take the longest, then future ones would be quicker, as it only backs up new or changed files.


    Theoretically it may have been able to carry out incremental backups but ALL my restores took ages to complete; not much difference to the initial baseline backup.

  • NikK
    NikK Posts: 903 Forum Champion

    For anyone being curious about Sandboxie mentioned in the initial post in this thread, a new great review was published today:

    http://www.ghacks.net/2013/12/11/sandboxie-review/

     

    In short, Sandboxie is mainly about isolating usage of high risk software/browsing.

  • Simon
    Simon Posts: 2,667 Superuser
    Is that similar to what FS's Banking Protection does?
  • Simon
    Simon Posts: 2,667 Superuser

    Oh, I see.  Thanks for the explanation, Nik.  :)

  • Rusli
    Rusli Posts: 1,012 Influencer

    Hi,

     

    Yeah....  Comodo, MBAM, HimanPro, AVIRA, Superantispyware, Norton , Eset  Online Scanner, Kaspersky, Bitdefender Free  Antivirus, Dr Web, Sophos, McAfee, VirusTotal, ClamAV for Unix etc ...

     

    Carbon Black!

     

    Not forgetting one thing...

     

     

    Merry Christmas to all of you here in the forum! And have a great Joyus New Year!!!

     

    Peace & Regards!

     

  • NikK
    NikK Posts: 903 Forum Champion

    @Blackcat wrote:

    But If I had to recommend one essential program to run alongside F-Secure it would be a good Imaging/backup program.


     

    A very good single advice Blackcat!
    You should also make sure you have a boot or system repair disc for that backup program, for any worst case scenarios.

    And even if you don't take backups, at least create a Windows System Repair disc: Windows 7  Windows 8

This discussion has been closed.
Pricing & Product Info