Virus and Trojans

[Jjoshua2]

My parents each have a laptop computer with Windows XP. I thought I had them pretty secure, but they each just got a Trojanspy.banker that Ad-Aware detected with a TAC level of 10, the highest. I had Mcaffee Enterprise 8.0i, adaware, spybot and windows defender on there, and they are updated regularly, a couple times a week, and run. They get all the latest microsoft update patches within a couple of days, and use the latest firefox with adblock, except for a few sites which need IE7.
So because of the Trojan, which seemed a serious one, I am reformatting them, and putting on Windows XP Pro. So this time, I want to do better, so I put on the same stuff as before already, except I also got Spyware Blaster, and Antivir Personal Edition instead of Mcaffee, since I couldn't find the Mcaffee 8 disk, and just the enterprise 7.1. I want to make it more secure than last time, so this shouldn't happen again. They don't think they opened anything suspicious recently. I'm thinking maybe I need a better firewall.

 

[Lemon law]

They each got the same trojan---with many thousands of those devils floating around on the net, what are the odds--that at random--they would get the same one? that pretty well tells you they both died in a common accident---by perhaps both viewing the same e-mail attachment or going to the same infected website.----but its perhaps futile to figure out where at this late point in time.

But running win xp pro with a software restriction policy from a limited account would be an immense increase in security.

In terms of me commenting on your prior security set up---from a layered defense perspective--my comment is (a) A better firewall may help but any firewall will roll out the red carpet for any malware the user wants to download. (b) You have no process control on those computers to warn that something is trying to install. (c) Your active antivirus should have stopped the trojan---but did not.
Maybe its time to fire the one you got and replace it with the free AOL anti-virus.---that has the best detection rates of any AV on the market.

But there is a good consolidated security thread on the software section of Anand tech---or find some posts by John who has his own excellent(IMO) malware guide. Either of those will tell you how to--step by step---set up a very good layered defense.

 

[Jjoshua2]

What is a software restriction policy (you mentioned running win xp pro with that)? And on the prior set up, "you have no process control", what is that too? Thanks for the help!
What do you think of this Kaspersky 6.0 for free after MIR from buy.com? Would that be better than Mcaffee enterprise or Antivir? http://www.buy.com/retail/Product.asp?sku=202693413&******
Also, I should probably install a firewall right? How does the Comodo compare to the Zone alarm. The "Which Firewall is the most secure?" ranked comodo over za, but they were both commercial editions.
Since I have windows defender, do I not need to use spyware guard? I read that using multiple realtime protections for the same type of malware can be bad.
Any other protections I should put on?

 

[irishScott]

As for the firewalls, ZoneAlarm and Comodo each offer good free security. I personally use Comodo because it uses less memory. ZoneAlarm is easier to configure and understand (not to say that Comodo is Hard), so if your parents are noobs you might want to go that way.

For the AVs, Kapearsky (sp?) > *

I personally use AntiVir Free Edition because it's lightweight, and still has a great detection rate. You can also check out AOL's free scanner. They use Kapearsky's engine, so it's basically Kapearsky lite edition.

IIRC the Detection Ratings went something like:
Kapersky & AOL = 99%
AntiVir = 94%

 

[Jjoshua2]

Yes, if you read my first post, you will found out that I installed that (spyware blaster) already, this time around. Last time, I didn't have it.

 

[irishScott]

Originally posted by: Jjoshua2
Yes, if you read my first post, you will found out that I installed that (spyware blaster) already, this time around. Last time, I didn't have it.

Ah, yes. Reading comprehension FTL

Edited my post.

 

[Lemon law]

To Jjoshua2,

In terms of a software restriction policy---thats a windows XP pro option---XP home does not offer it.
Its one thing to have a limited account which limits what the user can download or monkey with on a computer.---but a software restriction policy really tightens up restriction on what software on a computer can do---so any malware that sneaks in such an account is almost powerless ---you can find somethings regarding setting up a software restriction policy in windows help--or by google---but truth be told and credit given---I PM'd mechbgon who sent me via email his handy video on setting one up.
I don't have it here---but if you need some help---PM me later and I will see about transcribing it into step by step directions---once set up--its set it and forget it.---and it only takes five minutes to set up one---less if you know what you are doing.

In terms of process control---its simply programs that restrict other programs ability to install---by asking the computer's user--do you want this to install or not?---which takes some education of the user to be useful---and when a legitimate program installs--they can bug the bejus out of you as they ask--step by step--do you want this to install---but they can save your butt when a virus or trojan tries to install. Knowing what legit and what isn't takes some education.--------one free and easy process control program is win patrol---system safety monitor is another.

But the rest of your questions are already answered in things like the consolidated security thread or subject to some debate. But in MHO, one can secure a PC with no cost freeware programs. But still, the biggest insecurity in any computer is the user sitting behind the keyboard---who can defeat the
best security software and hardware.---and a software restriction policy used by a limited account user on win XP Pro is about the closest one will come to idiot proof.---but that is instantly defeated as soon as the users uses an administrative account.

 

[AsusGuy]

Use Comodo its a better firewall than ZA also try AVG Free Anti-Virus WWW.FREE.GRISOFT.COM

 

[Jjoshua2]

Ok, I put on Comodo. Are default settings fine? I've read the security thread. They gave a link that rated Comodo as the only one that blocked everything, when it was on its highest settings. I think I probably want those settings?
I'm thinking of putting on script defender. Would that be a good idea? I'm thinking pros would be increased security and neg possible compatibility issues with the ton of other stuff I'm putting on.
I just put on IESPYAD. Should I put in a host file with domain blocking?

 

[tyanni]

making them non admins would solve most of this...

 

[mechBgon]

Originally posted by: tyanni
making them non admins would solve most of this...

*ding ding ding* we have a winnar

1) Make them non-Admins like this

2) if the computers have XP Professional Edition, then add a Software Restriction Policy in addition to making them non-Admins. This is very quick & easy.

3) for good measure, add free Kaspersky antivirus instead of AntiVir, it's better. Configure it as shown there.

ALSO do this:

• Go into the antivirus's Settings panel
• Click on Mail Antivirus. Set the slider to High and set it to Block Access > Delete in the Action box
• Now also click the Customize button. A panel appears. Click the File types button and ban all the filetypes listed there except for ones you decide are ok, like JPG, GIF, maybe DOC, XLS and PPT.

This will cause Kaspersky to arbitrarily delete most kinds of email attachments that could possibly be a virus. If you don't foresee them needing to recieve ZIP files, then add the Zip filetype to the "banned" list, because lots of malware will arrive as an attachment inside a password-protected Zip file.

These three measures are proactive and form a powerful supplement to other layers of protection (user education, patching vulnerabilities, firewall protection, etc).

Also check the system with Secunia's online checkup. And fully enable DEP by right-clicking My Computer and doing what's shown in this pic :camera:.

 

[Jjoshua2]

I made the account non-admin. Av-comparitves shows Antvir better than Kaspersky in both pro-active and and with definition files, the pro-active by a wide margin. The Antivir is the pro version, but how can I know that Kaspersky is better than the free version of antivir if it doesn't appear better than the pro?

 

[mechBgon]

Originally posted by: Jjoshua2
I made the account non-admin. Av-comparitves shows Antvir better than Kaspersky in both pro-active and and with definition files, the pro-active by a wide margin. The Antivir is the pro version, but how can I know that Kaspersky is better than the free version of antivir if it doesn't appear better than the pro?

The key factor in my mind is reaction time. Kaspersky updates 24 times per day. AntiVir...? Once a day, last I checked. And I know that with Kaspersky, you can set it to arbitrarily reject the filetypes you don't want your parents to receive.

The Software Restriction Policy is highly recommended as an addition to the non-Admin accounts, since you have XP Pro. Check my SRP info out, and holler if you have questions about it.

 

[AsusGuy]

Yes running users as non-admins is a very good thing to do. Comodo will also run fine on default settings.

 

[Jjoshua2]

Yes, I've made them non-admins and did the SRP thing. thanks for that tip. Anything else?

 

[Lemon law]

In terms of anything else, the main thing will now be in self education. If you implement most of the recommendations, your parent's computers will be very hard targets for hackers.

But you still have to understand that security is a moving target----and in the malware area---there are very many clever people trying to get their malware on any computer for fun and profit. So you have to somewhat think like a hacker---what vulnerabilities or security holes will they use to attack? And the answer is anything they can exploit.----because 24/7/365 we are all getting shot at from every possible direction.

While Anand Tech is a great forum---there are other more security centric forums---things like spywarewarrior.com and castlecops. Visiting those sites will give the reader just browsing exposure to
other security ideas and some of the tricks hackers use.

What I am trying to say in a round about ways is that is no one answer to security and that the greatest security hole in any computer system is the ignorance of the user. So if you keep self-educating your self, you can then help educate your parents.

 

[Jjoshua2]

Ok, so its pretty good for now, but I'll have to stay on top of it I take it.

 

[Jjoshua2]

Is there any where that's reviews how much different antivirus software slow things down? The Mcaffee enterprise and Avira free both seem quite fast. I've had experience with Norton, and I don't like it one bit. Its way to heavy. Kinda like the ATI control panel.
I'm thinking the top antivirus is NOD32, Kaspersky, and Antivir Premium. NOD32 looks expensive since each computer needs its own license, and we have quite a few. Kaspersky is free from buy.com after MIR, is it limited to 1 comp? What about Antivir premium?
I created an account on castlecops too, so I'll try that, but I like Anandtech!

 

[mechBgon]

Originally posted by: Jjoshua2
Is there any where that's reviews how much different antivirus software slow things down? The Mcaffee enterprise and Avira free both seem quite fast. I've had experience with Norton, and I don't like it one bit. Its way to heavy. Kinda like the ATI control panel.
I'm thinking the top antivirus is NOD32, Kaspersky, and Antivir Premium. NOD32 looks expensive since each computer needs its own license, and we have quite a few. Kaspersky is free from buy.com after MIR, is it limited to 1 comp? What about Antivir premium?
I created an account on castlecops too, so I'll try that, but I like Anandtech!

I used to be an admin where we used VirusScan Enterprise 8.0i. If you just install it and leave it as-is, then it's in Nerf Mode (as I call it).

If you want to really use all its capabilities, you have to do extensive configuration, and then it will have a performance impact you'll notice at times. But you can arbitrarily forbid all sorts of risky behaviors, such as execution of executable files within the user's profile (which encompases their email, temp internet files, desktop, My Documents, etc).

Kaspersky's free version is free for home use, as many as you want. The pay-for versions are for one computer each, but they're cleared for business usage and have some extra capabilities. I heard NOD32 is very good too, and has little noticable performance impact.

 

[Noema]

Originally posted by: mechBgon

1) Make them non-Admins like this

You gotta love the mechBgon with the admin cap icon.

 

[mechBgon]

Originally posted by: Noema

Originally posted by: mechBgon

1) Make them non-Admins like this

You gotta love the mechBgon with the admin cap icon.

 

[Jjoshua2]

Ok thanks. By the Kaspersky free version do you mean the AOL one? The 30 day trial?

 

[mechBgon]

Originally posted by: Jjoshua2
Ok thanks. By the Kaspersky free version do you mean the AOL one? The 30 day trial?

I mean the AOL one that I describe on this page. It's not a 30-day trial, it's perma-free. After one year you just get a fresh activation key and you're good for another year. If you'd rather run AntiVir, that's still a pretty good antivirus, and whichever one you use, go through all the option panels and check out your options for enhanced detections, heuristics, etc. general antivirus configuration suggestions