Want protection? Get Sandboxed ! Make yourself Bulletproof !

[John Phoenix]

This won't help if your already infected but the best ways I have found is to protect your Windows system is with sandboxes, AND sandboxed restore backups.

What is a sandbox? A sandbox is a special type of virtual environment that is used to run your applications in. It is totally self contained and the only thing that can get in or out of the sandbox is what you allow to go through.

Read this for more info:Sandbox (computer security) - Wikipedia, the free encyclopedia

Google Chrome and other chrome versions have sandboxing technology built in. They might help but I don't like Google Chrome one bit (personal opinion only) and only use the much better ChromePlus for times when my Firefox is tied up with something.

My first line of defense - prevention security.

For browsing I use Firefox running inside of Sandboxie. Sandboxie is a free sandbox tool that has been around for years and has stood the test of time. There is a free and a paid for version. The free version is fully functional and works very well. You can sandbox any program on your computer that you want to access the web. Sandboxie - Sandbox software for application isolation and secure Web browsing

There is also BufferZone Pro Trustware - BufferZone-Threat Free Internet It is also free, but I haven't tried this program myself.

I trust Sandboxie so much, I use it without any annoying firewall running. I do not even use anti-virus programs. Why?, because if anything did get through to infect me, I would just restore using my "sandboxed" restore backup.

My second line of defense - secure restore points/snapshots

There are two neat programs that work well for this but the latter works better IMO,they are Comodo Time Machine and RollbackRx by HorizonDataSys.

(RollbackRx is less buggy than Comodo Time Machine)

These programs work to create restore points or snapshots much like Windows System Restore. The major difference is that these programs store their snapshots in a layer of your hard drive underneath your C drive partition. Nothing can get to these restore points to corrupt them, they are locked off away from your Windows partition.

With Microsoft System Restore, a virus can get to it easily and wipe out your restore points because these reside on your C drive. Not secure.

The great thing about these programs are, if you do get hit with a virus, and it wipes out your C drive, so Windows cannot even boot up, they will restore your entire system from the protected snapshot in 5 minutes. Let me say that another way.. The virus can completely destroy your entire windows partition and either of these programs can have you system restored in 5 minutes. Now that's worth having. They have their own mini operating systems that run at boot you can use to restore your snapshots, independent of Windows.

Comodo Time Machine is Free : Data Recovery with Comodo Time Machine | Comodo

RollbackRx has a trial version: System Restore Software | Fix Any PC Computer Issue Without IT Knowledge - Horizon DataSys

My third line of defense - Backup to dvd

For regular backups to dvd, I like to use Macrium Reflect. It works similar to Norton Ghost. It is free, but they also have a more advanced paid for version. Macrium Reflect boast the best compression ratio for hard drive backup. Simply use Macrium Reflect to make a backup, and when you need to reinstall it will install your operating system intact with all of your programs installed, just the way they were when you make the backup. No need to reinstall any applications.

Macrium Reflect FREE Edition - Information and download

You may want to use an anti-virus program before making a snapshot/restore point or a backing up your hard drive just to make sure your not backing up a virus.

As long as you use a good sandbox program, make snapshots on a regular basis, back up your drive on a regular basis, using these programs you will never have to fear virus's again. You'll be bulletproof.

 

[Timothy Cullen]

Thx for the info John I had no idea bout sandboxing but I'm gonna get it right away. This is gonna help me keep my system safe and let me play like I want to. Thx for enlightening me
Tim


Sent from my droid/apple hybrid

 

[nanovapr]

Bulletproof? Windows? That is kind of an oxymoron! Yes, sandboxing is in general a step in the right direction.

 

[Fenix-T]

Don't forget common sense. I think that's the most important thing. For the past 8 yrs, I've been using just common sense and Firefox w/ adblock without issue. Got hit about a month ago, so it's not perfect. Got it from a seemingly legit auto forum. Still not bad for an 8yr run without real protection. I think Windows gets more crap than it deserves.

 

[nanovapr]

Adblock is great. To really see more of how much web pages are trying to gather (and sell) your personal use data on your PC, another great browser addon is Ghostery.

Another one that will alarm you to see what is going on behind the scenes is Noscript. It is truly amazing to see how many things are trying to be run on your PC.

I am a network guy, I think Windows completely deserves the crap it gets. But? Yes, common sense is the very best starting place by far!

 

[usamare]

I use the paid version of Malwarebytes ($25 for lifetime registration) and Firefox with the NoScript addon. It makes browsing a little bit annoying sometimes, but it has proven to be quite a formidable and cheap setup.

Sandboxie sounds interesting though, will have to check that out.

 

[John Phoenix]

There are some other things one can do that can be great security boosts for windows such as;

Running popular apps through a copy of Linux installed on a windows virtual machine. You get the protection of a sandbox in the form of the virtual machine with the added security of Linux. This may be over kill if you don't have tons of system ram and video processing power.

Windows 7 users also have access to Windows XP Mode that lets you run a copy of Windows XP inside of Windows 7 through a virtual machine. Intended for Win 7 Professional users or above, the Windows XP Mode software is freely downloadable from Microsoft. This gives you a full copy of Windows XP that will integrate seamlessly with windows 7 running in a virtual machine. Best software I have found to run such a virtual machine is called VMLite. It's Free
VMLite XP Mode Overview
This program has many more features and is way more powerful than the default "Virtual PC" virtual machine software Microsoft recommends to run XP Mode.

Windows XP Mode will run fine in Win 7 Home Premium using VMLite. Microsoft asks the you own Professional or above to download the program. You cannot download it if you say you only own Home Premium in the drop down box. Using XP Mode on Home Premium without owning a copy of Professional or above may be against the XP Mode End User license Agreement.
http://www.microsoft.com/windows/virtual-pc/download.aspx Also Free (Imagine that, Microsoft giving away a free copy of an OS. I think the sky is falling)


Playing with virtual machines can be a blast because you can run many operating systems virtually inside of windows. Because they are their own self contained virtual environments, they are very secure.

 

[MagnusEunson]

Two general lines of approach outlined above.. minor comments..

- If you're sandboxing yourself away, you may find it more convenient to keep LiveUSBs on-hand than maintain the various other components. Just boot into the LiveUSB and have at it. You can also additionally use a LiveUSB that doesn't auto-mount all your hardware for you or doesn't even load the disk controllers at all. There are options from the benign to full-on Tor or I2P enabled live boots at Boot and run Linux from a USB flash memory stick | USB Pen Drive Linux and Free Portable Software USB Flash Drive Applications | Pendriveapps.

- The folks that go the more integrated approach w/ just good practices and NoScript (or friends). I'd like to suggest you add to your mix the opening of foreign documents using Google Docs - Viewer instead of any local program. It opens almost anything I've thrown at it so I can view, copy & paste, etc. The number of PDFs online w/ exploits and how quickly they propagate beyond Adobe and AVs reach is staggering.

-Magnus

 

[John Phoenix]

Thank you nanovapr for letting us know about NoScript and Ghostery.

I may try Ghostery but will stay way clear of Noscript. After reading the seemingly unscrupulous business and coding practices of NoScript and its creator Giorgio Maone, I feel it's best for me to stay away from that application.

See Criticisms toward the bottom NoScript - Wikipedia, the free encyclopedia

 

[John Phoenix]

Thanks MagnusEunson for the tips. I have never tried a liveUSB OS and I may find that keen for secure browsing. Does it mount your existing hard drive so you have access to storage space?

Haven't tried Google Docs either. Cool I got new stuff to play with. Hope my laptop can auto mount a Live OS from USB - I cannot access the bios in this machine.

 

[Tripster]

I just use common sense when it comes to internet security, simplicity at its finest.

 

[incantius]

"sandboxing" is really nothing more than a "stripped down" virtualization. it has it's pros & cons. if you're pretty tech-saavy with PCs then it's pretty simple, but for those that aren't virtualization can be a nightmare.

someone earlier mentioned Windows being slammed more than it should...that's a very true statement. the best security that Apple & Linux have going for them is "security by obsurity". if you're looking to spread a virus who would you go after a few hundred thousand or millions? even the "security by obsurity" doesn't protect against phishing, etc. I'm not a windows fan boy but it's better than Mac as far as "true" security goes...Linux is a different beast altogether with all of it's variants (i.e. distros) it can be locked down much better really than windows & Mac (not a Linux fan boy either...) the main reason that Linux is more secure is that you can install "modules" or individual portions of the OS. for example if you're setting up a Linux box as a firewall you only need to install the base kernel and the relevant modules for firewall, TCP/IP and nothing else (and hundreds of other configs based on your needs). the biggest issue with Linux is that it's not as user friendly for "casual" users. but for geeks it's very stable & easy.

 

[MagnusEunson]

Thanks MagnusEunson for the tips. I have never tried a liveUSB OS and I may find that keen for secure browsing. Does it mount your existing hard drive so you have access to storage space?

Yeah, some are designed explicitly not to though... as in 'zero touch'. But most default to mounting all available storage for manual use.

Hardware in the past five years usually defaults to some USB in the boot path. So if it wasn't changed manually, then it'll cycle through your USBs first. -Magnus

 

[oldsoldier]

Thanks MagnusEunson for the tips. I have never tried a liveUSB OS and I may find that keen for secure browsing. Does it mount your existing hard drive so you have access to storage space?

Haven't tried Google Docs either. Cool I got new stuff to play with. Hope my laptop can auto mount a Live OS from USB - I cannot access the bios in this machine.

Depending on your preferences you can set the OS to mount the hard drives. Having a live usb preset with your favorite apps and preferences is great for when you have to use a computer that doesn't belong to you... not mounting the disks is great too because you don't leave a trail of personal information on those machines.

 

[John Phoenix]

the biggest issue with Linux is that it's not as user friendly for "casual" users. but for geeks it's very stable & easy.

This is true. I started with Corel Linux years ago then went to Fedora and been through a lot of Linux versions since. Ubuntu and Kunbuntu are good because they are very popular. I also like Mint.

The Best Linux I have found for a Windows desktop user is PCLinuxOS. Built on Mandrake, it is designed with the Windows desktop user in mind. Even though it still has that Linux learning curve it has the best windows desktop emulation to help a windows user get around and be productive easily. The learning curve is also slightly easier because of this.

They have a regular version (fits on a CD) and a Full Monty version with every app under the sun thrown in and a unique way to have multiple desktops for different work tasks - one desktop for internet apps, another desktop for your games, another for work etc.. (fits on a dvd)

I highly recommend any windows user thinking of trying a Linux distro to try PCLinuxOS first. Dude! Sweeet! » PCLinuxOS

I'd give up windows completely if it weren't for the fact that I'm a hard core video games junkie and I just cannot play the games I wanna play on Linux. Other than games, there's Nothing a good linux version cannot do that windows does.

 

[John Phoenix]

Thanks oldsoldier. I'll keep that in mind as I'm playing with the liveUSB's.

But you know how people carry cell phones with them everywhere they go? I do the same with my laptop. It Never leaves my side. I like the power and flexibility over a blackberry or Iphone. ( I even use it as a regular cell phone)

And MagnusEunson, Thanks for the answer about the storage space.

 

[John Phoenix]

Just wanna drop this in here.

Linux is pretty secure compared to Windows, everyone knows that. But, if you really want security in a desktop try out PCBSD. It's way more secure even compared to Linux out of the box. PCBSD not a Linux distro, it is a version of FreeBSD which is an open source fork of UNIX. Yes, UNIX may scare the heck out of most folks but PCBSD is made for the desktop user so you can do everything in an easy familiar like way. There are thousands of applications made for it. No messing with any Unix command lines unless you just want to.

I'm playing with a copy in a virtual machine and it's just as easy to use as any other desktop system, comes with everything you need, internet, multimedia etc pre-installed. Check it out: PC-BSD

‪pc-bsd-a quick tour of the desktop‬‏ - YouTube

‪PC-BSD: A FreeBSD for the Masses?‬‏ - YouTube

 

[incantius]

Just wanna drop this in here.

Linux is pretty secure compared to Windows, everyone knows that. But, if you really want security in a desktop try out PCBSD. It's way more secure even compared to Linux out of the box. PCBSD not a Linux distro, it is a version of FreeBSD which is an open source fork of UNIX. Yes, UNIX may scare the heck out of most folks but PCBSD is made for the desktop user so you can do everything in an easy familiar like way. There are thousands of applications made for it. No messing with any Unix command lines unless you just want to.

I'm playing with a copy in a virtual machine and it's just as easy to use as any other desktop system, comes with everything you need, internet, multimedia etc pre-installed. Check it out: PC-BSD

‪pc-bsd-a quick tour of the desktop‬‏ - YouTube

‪PC-BSD: A FreeBSD for the Masses?‬‏ - YouTube

i didn't mention FreeBSD simply because of the fact that it is so little known about. with Linux, etc. there are many more resources for learning/support whereas FreeBSD simply doesn't have that following, etc. sure it's a good OS but since pretty much only the "geekiest of geeks" are even aware that it exists I'm not sure I'd recommend it to "basic users"

 

[MagnusEunson]

First off I'm a fan of PC-BSD for using in the field w/ my taps after transitioning off of stock FreeBSD two years ago.

However, to say it's "way" more secure is not based in any reality. You're projecting an aspect of obscurity when the attack vectors aren't generally core to the OS in the first place. The application layers you use on top of it is the most likely set of attack vectors. If they're going at your OS and main OS components in the first place, I'd be hard convinced that the update cycles of any Linux distribution varies negatively w/ relation to any of the major BSDs. As a simple matter of fact the ports trees are updated so in-line across the major UN*X distros that you're really talking direct kernel attacks, remote, etc. and we're going to open up the thread to a level of complexity that isn't necessary.

W/ that said, the closest out of the box media and PC replacement on the BSD front really is PC-BSD. But only because the major components that make it so, based on the GNU libraries, GTK, QT, etc. and built upward, are the common base for all the major UN*X players now. -Magnus

 

[John Phoenix]

I'm just going on what I read and lots of folks consider it more secure than Linux.. I haven't had as much personal experience with it yet but I like it a lot. It uses KDE and it's ilk and granted with like popular technologies they will get targeted. These days everyone kinda has to use GNU libraries or derivatives of them for cross compatibility because they are so well known and popular, everyone uses them. Even Open Solaris which I have been checking out with it's Gnome desktop. I found like PCBSD Open Solaris to have all the standard features you'd want out of the box for a desktop and everything works well with my hardware. This is the first I've seen of Open Solaris and my first thought was OMG It's Just like Linux. There are many core differences in the way PCBSD, Linux, and Open Solaris work internally due to their kernel differences but the really nice thing I found surprising is the many similarities they do share for a familiar desktop experience. Unless you need something like Windows for games, you can take any one of those and have an easy almost windows like experience. At least for the purposes of this discussion we can agree they are all 3 more secure for whatever reason than Windows out the box, and versions of Linux like my beloved PCLinuxOS even comes pre-installed with a firewall for extra security.

I'm waiting for the day ReactOS matures, that will be the One To Watch because it will do everyone you want in a desktop Plus play all the windows games you miss with the other OS's.