Proactive Security System - Part 2

<<< Part 1

Basis for a new security strategy:

Proactive, not reactive

Blocking viruses and spyware by using signature-based scanning is a reactive measure. There's no way to keep signatures up to date for the new malware that's churned out every day. Some crimeware is even designed to generate a new signature for each attack. Virus scanning still has its place, but you also need something smarter.

Malware has to find a way to install itself before it can initiate harmful action. Most of these installation behaviors are well known. Why not watch for this malicious behavior instead of trying to catch every variant of the malware? If you can block installation, the malware is stymied.

There's another dimension of behavior that can be blocked too. Malware has to come from somewhere. Some websites silently install malware when you visit. Others serve up malware disguised as useful software. Why not block those evil websites?

There are now online services that screen websites for malware and other adverse behavior. The best of these services are augmented by human networks that report problem websites. McAfee SiteAdvisor and Exploit Prevention Lab's LinkScanner are prime examples of services that block malware at the website level. Firefox 3 natively blocks access to websites that are known to attack visiting computers.

If you visit [below] the websites behind the software and services that I use in my setup, you'll learn more about how they add "smarts" to security. You'll also discover that this strategy is not original with me. ;-)

Details of my security setup:

Putting a pro-active strategy to work

1. Nothing is more important for online security than a good firewall. I use a state-inspection hardware firewall in cascade with a software firewall (next item).
   1. I suggest a Linksys BEFSR41 (wired router) or WRT54GL (the wireless router I use) for your hardware firewall. Both of these include state-inspection firewalls.
2. No defense is "bullet-proof". I keep my data backed up, and I make up-to-date drive images (I use TrueImage) as insurance. No defense system is complete without precautions like these.
3. Three (3) of the most important elements of my setup are handled by Firewall,. It's nominally my firewall, but it's nice to have all three functions on one program. It's somewhat of a challenge to learn to use Online Armor though. [see tips] You might prefer another good firewall. ;-)
1. My opinion on Online Armor as a firewall is partly based on the results from highly-recommended tests run by Matousec, and on Scot Finnie's extensive firewall evaluation project. Your mileage may vary. ;-)
2. Element 2 of Online Armor provides me with a powerful intrusion prevention system. This is an important part of a pro-active defense. [alternative HIPS programs]
3. Element 3 of Online Armor allows me to run internet-facing programs with reduced rights. This is another important part of a pro-active defense for Windows XP. Vista UAC provides similar capability natively. [alternative methods]
4. I run Sunbelt Software's new VIPRE, which combines antivirus and antimalware scanning protection. It was designed from the ground up to minimize the drain on system resources. I evaluated the beta version for several months, and I've now adopted it for all of my computers. Sunbelt released VIPRE in Aug, 2008. [reviews]

   I previously used Sunbelt Software's CounterSpy, which performed well. It's been some time since I used Webroot's Spy Sweeper, but it is also highly rated.

5. Keeping up to date on security threats and remaining vigilant is nearly as important as having a stout firewall. I strive to do that at all times. ;-)
6. My main browser is Mozilla Firefox, running with reduced rights, and with the McAfee SiteAdvisor extension installed. This Firefox extension warns you about rogue websites. Don't download without it. :-)
7. My email client is Mozilla Thunderbird, running with reduced rights. Thunderbird was designed from the the outset to be secure. I use it in conjunction with my Gmail account, which blocks executables and scans attachments for viruses.
8. I maintain tight security settings for Firefox, Thunderbird and other internet-facing programs. [detailed instructions]
9. I keep Windows and all key programs -- not just internet-facing ones -- patched and up to date. I use Secunia's (free} "Personal Software Inspector" (PSI) to monitor all my software for updates. It used to be that keeping Windows patched was the only thing that was critical. Now, virtually any program's vulnerabilities are targets for attack.
10. Rootkits are insidious malware programs that are very good at hiding from ordinary security software. F-Secure's BlackLight is one of the best special programs that can root out rootkits (pun is accidental). ;-) I run BlackLight regularly to check for rootkits.
11. The DNS server your ISP assigns to you is an essential part of your Internet connection, but is usually an afterthought for them. It is seldom up to date, and often not secure. The OpenDNS.com service is run as a business, not a burden, and the operators are passionate about what they do. It also speeds up website acquisition, and pro-actively improves security by blocking phishing and other malicious sites. Real people there examine suspected phishing sites to determine if they are legitimate or scams. [instructions] [more]

Important Tips:

How to work with this security setup

There are some tricky aspects of making this security setup work for you. Online Armor, and other powerful security software, locks things down to the point that you sometimes can't do some ordinary tasks with your computer. I've provided some tips to remove some of the obscurity that makes it difficult for many users to work with this setup and those programs.

Tips for working with this security setup >>>

Bulletproof your browser:

And other internet-facing programs

Make your internet-facing programs more secure.> The best way to prevent your browser and other internet-facing programs from serving as gateways for attacks would be to run Windows XP under a "Limited" user account. I've done that, and the trouble is there are way too many limitations to deal with. The next best way to bullet-proof things is to run your internet-facing programs with reduced rights.

Note: This is for a Windows XP machine. Vista already runs programs with limited rights. Unless you make a bone-headed mistake, Vista is already just about as safe as this approach makes XP.

What follows are three ways to run programs with reduced rights, plus some more things that you can do to make your browser more secure.

Microsoft's "DropMyRights"

This is a simple, but powerful program from Microsoft that I've used extensively in the past. Use it to run just about any internet-facing program with reduced rights. It's an excellent free choice.

Online Armor

I currently use Online Armor to run internet-facing programs with reduced rights. It also has a firewall and intrusion prevention. Rights control is a bonus. Online Armor is an excellent program, but it is difficult for someone with average experience to use. I do have some key tips that will unlock the major secrets though.

DefenseWall HIPS

DefenseWall HIPS is another program that runs programs with reduced rights.

InformationWeek | 5 Ways To Button Up Internet Explorer

"We sniffed out five tools for Internet Explorer that can help lock down the browser and make online time at least somewhat safer."

InformationWeek | 5 Tools To Bulletproof Firefox

"Here are five essential tools for securing Firefox by disabling JavaScript and Flash, sniffing out suspicious sites, foiling phishing, preventing peeks at private data, and preparing powerful passwords."

10 privacy and security extensions for Firefox

This is a more or less complete index of the Firefox extensions that will enhance your browsing security. McAfee SiteAdvisor, NoScript, Google Safe Browsing (or Google Toolbar), and Dr Web Antivirus are the most valuable.

<<< Part 1