Solved Single User Security

[dw85745]

As a single user I'm not worried about physical login.

However, I do download from the NET and have several of my own programs which access trusted servers of third parties. I never paid much attention to security as up to down figured those hacking were way ahead of those trying to stop it.

With my new build and install of Windows 7, I decided maybe now is the time.

So my questions are:

1) When accessing the NET should I be logging on to my system as a user rather than administrator?
2) Is Windows 7 Firewall adequate or better than someone else?
3) Would it be better to use a sandbox?
4) If I use a sandbox, how can I ensure that the programs or pages I download from the NET are not infected so I can copy them onto my system -- e.g. what program should I run against the download to check it for viruses)?

Thanks
David

 

[richc46]

David
Very astute questions.
It is suggested that you do not log on as administrator. If you are infected by malware the damage done will be limited
Windows 7 firewall is fine. Others are going to post and disagree, since it is a matter of opinion. I trust my system to the built in fire wall.
Sandboxie is very good software. I do not use it but it will give you an extra layer of protection
You can test the safety of any download with virus total
https://www.virustotal.com/
Now here is your bonus answer. I use the free Macrium Reflect. It makes an image of my hard drive (I make an image after any big changes, ie updates. It has saved me from 3 virus. You get a virus, just replace with the image.
Good luck to you

 

[dw85745]

richc46:

Thanks for the excellent response.

I too make an HD image. Actually two, using the old concept {Son>Father>Grandfather).
Never tried "Macrium Reflect".

My understanding is Windows 7 now has built in mirroring software, but to date (just built the system) haven't had time to research. This new system came with Intel Storage Technology (whatever that is), so it may also be part of that.
Previous ran AMD so trying to get up to speed with Intel nomenclature.

FWIW:

The government used to put out a standard called 800-60 which allowed one to quickly configure their system for different levels of security. I used it with XP. Forgot about it till now so will check and see if still available for Win7.

Based on my experience the only TRUE security is to have two systems. One for the Internet and one for "production'. However this presents a problem when one wants to get something from the NET
and use it for "production" -- hence my Question #4. Went to your link but they only test up to 128MB file as I recall. It has a .com extention so I personally will not use it.

IMHO even third party software is a big issue. Had FoxIt reader installed and unknown to me they had installed a link to their cloud. Its gone now. Adobe also used to be (or maybe still is -- I don't run any Adobe products) for putting things on your system which are almost impossible to get off.

Along with any third party program come a bunch of dll's. Each of those contain many functions which can be used for good and/or bad purposes and who knows what the program is doing behind the scenes.

Not trying to be paranoid about this, but M$ OS was never designed for security which makes things difficult at best.

 

[Tookeri]

Here's a simple solution you can use to check downloaded programs. You right click the file and use the "Send to" menu:

http://www.sevenforums.com/tutorials/346474-virustotal-herdprotect-check-files-simultaneously.html

 

[dw85745]

Tookeri: Thanks, will check into it.

It a shame all this verification is left up to the individual..
I've long contented that since everything must pass through a few gatekeepers (i.e. those that have direct access to the internet backbone), that they could monitor all uploads to the NET and eliminate any virus / malware before it got out. They should also be able to identify those sending as they would have to have an account with that firm in order to make their connection.
Unfortunately above my pay grade or would have been implemented years ago.

 

[Tookeri]

Well this solution doesn't upload any files. It only sends a file hash(checksum) which is a unique short string that is like the sum of all bytes in the file. If a single byte would change in the file the hash will be a completely different one.

 

[LMiller7]

Tookeri: Thanks, will check into it.

It a shame all this verification is left up to the individual..
I've long contented that since everything must pass through a few gatekeepers (i.e. those that have direct access to the internet backbone), that they could monitor all uploads to the NET and eliminate any virus / malware before it got out. They should also be able to identify those sending as they would have to have an account with that firm in order to make their connection.
Unfortunately above my pay grade or would have been implemented years ago.

Something like that may have been possible (but probably not practical) with current technology and malware as it existed 20 years ago. But modern malware has become highly sophisticated, using various forms of encryption and other advanced methods to avoid detection. In many cases file scanning is ineffective. Scanning of network data, setting aside the practicality, would be much more difficult and even less effective. Modern AV products use a combination of file scanning and analysis of the malware code as it runs, or tries to run, on a live computer. Even then some malware is undetected.

Many email providers scan email messages on their servers but it's effectiveness is questionable when confronted with modern malware. Real time scanning of network data would be much more difficult and of questionable value.

 

[Layback Bear]

First of all todays bad guys are very very smart.
That is why it takes several programs to do security scans.

Even using two separate computer is no insurance that it doesn't get both computers infected.
If you used two computers; one to download and scan something before you use it on the second computer you still have to put your trust in the programs you scanned with. Two computers would probable be the safest way. Their have also been reports that some new hardware can come with infection installed on the hardware. Mostly from China. It's a never ending battle.

We all have programs we trust more than others to do our security scans. You will have to make that decision on what security programs to use.
Just remember anything you hook to a computer in any fashion can infect a computer.

For my needs I use backup, MSE, Malwarebytes, and the built in Windows 7 firewall.
When in doubt about something I also use various stand alone programs to scan with.

One must also check for program updates daily in my opinion.
The bad guys create infection by the thousands per day.
I do a lot of reading in the Security section of this forum to try and keep up with the new threads on security.

Like I said before, keeping up with security problems is a never ending battle and one should keep themselves informed to ever have a chance.

The good news.
The good guys are getting better at finding and stopping infections.
Quality security programs are cheap or free.
The security programs are easy to use in most cases.

 

[Tookeri]

And you can't even trust multiple scanners. Virustotal for example is used by the bad guys too to modify the code until all AV's say it's clean. A simple file scan is not enough these days to detect malware, even when it's scanned with more than 50 products. A good AV should also have reputation and behavior based detection. A program needs to be running for the behavior analysis to work, preferably in some kind of sandbox.

But checking a file on Virustotal is still much better than only your AV's real-time scan.

 

[LMiller7]

Modern malware often uses a private form of encryption internally and that makes things very difficult for file scanners. Malware authors know a great deal about file scanners, their limitations, and how they may be evaded. The scanner may still be able to recognize specific patterns in the encrypted or unencrypted portions of the code but the odds are against it. But it is still worthwhile doing. Only after the malware code is decrypted prior to running in a live system does the AV product have a decent chance.

If an AV product says a specific file is infected it probably is. But don't discount the possibility of a false positive. But even if multiple scanners and a resident AV product see no infection that doesn't mean it is clean. Malware will often evade the very best AV products and scanners with the latest definitions. Proving that something is not present is very difficult, even on general principles.

 

[dw85745]

IMHO all the above posts are valid.
Hence my statement about two machines. (one internal, one external).