Is hips necessary? which is the best combination?

[Guest]

[MorphOS REBOL]

Well, eaglehorse.hour,

I think I somehow understand what you mean.

Maybe the term "properly configured sys" is rather vague. Yes, it's true.

You already got some ok answers from others here, though, such as to better not be running your machine with admin rights. Which may be a fine thing if not exactly knowing what your sys is enabled to do.

Some people may prefer running their OS as an admin, though. Confessed: My poor self included.

Some (maybe and hopefully helpful) hints, advices and (of course, as always here... some joking around as well) you may find in those two  threads:

http://forums.comodo.com/general_discussion_off_topic_anything_and_everything/bestrecommended_nlite_configurations-t12467.0.html

http://forums.comodo.com/general_security_questions_and_comments_not_product_related/disabling_unnecessary_and_potentially_dangerous_services-t12373.0.html

I really hope they are of some use to you.

Of course, there ain't no complete definite checklist anywhere on how to make your sys totally safe. Total IT security aka safe computing is, and probably will ever be, a mere illusion. All you can do is make your sys MORE safe than it is NOW. That's about all you can and should really take care of.

Cheers friend, hope this helped, if only just a little bit.

[andyman35]

Well, eaglehorse.hour,

I think I somehow understand what you mean.

Maybe the term "properly configured sys" is rather vague. Yes, it's true.

You already got some ok answers from others here, though, such as to better not be running your machine with admin rights. Which may be a fine thing if not exactly knowing what your sys is enabled to do.

Some people may prefer running their OS as an admin, though. Confessed: My poor self included.

Some (maybe and hopefully helpful) hints, advices and (of course, as always here... some joking around as well) you may find in those two  threads:

http://forums.comodo.com/general_discussion_off_topic_anything_and_everything/bestrecommended_nlite_configurations-t12467.0.html

http://forums.comodo.com/general_security_questions_and_comments_not_product_related/disabling_unnecessary_and_potentially_dangerous_services-t12373.0.html

I really hope they are of some use to you.

Of course, there ain't no complete definite checklist anywhere on how to make your sys totally safe. Total IT security aka safe computing is, and probably will ever be, a mere illusion. All you can do is make your sys MORE safe than it is NOW. That's about all you can and should really take care of.

Cheers friend, hope this helped, if only just a little bit.

It's true of course that complete security is an illusion.As I read once 'it's very easy to have a 100% secure pc,just unplug it from the internet and don't install anything'.

The fact is a combination of good AV,firewall (Comodo of course) and a couple of antispyware apps,alongside switching browser to Opera or Firefox will offer enough protection for normal usage.

It's only really necessary to go to greater lengths if you undertake 'risky' actions,such as using P2P,downloading warez or torrents,or enjoy surfing adult sites 

[eaglehorse.houndsofhell]

Thank you for the advice. It was taken and much appreciated.
 

[AnotherOne]

One part of the solution is to use MS's "Drop My Rights" to surf as a reduced rights account.  See http://msdn2.microsoft.com/en-us/library/ms972827.aspx
for more info.  The virtue of this is that your reduced rights prevent program installation and a number of other system changes that malware will attempt.  This is not a perfect solution, but it will prevent some problems.  Another approach involves turning off Javascript and ActiveX controls while surfing.  This prevents web sites from running hostile scripts while you are at their web site.  There is a plug-in for Firefox that allows you to turn on Java for selected sites (called NoScript) which normally has Java turned off, but a couple of clicks will turn it on again - for that web site.  With these and a good (CPF) firewall (CPF takes a bit of work to configure, but there are tutorials about this topic under this site's FAQ's), you have most of the external threats covered.  Then you only have to worry about files that you download and email that you accept.  That's where you need to have a good antivirus program and an anti- spyware program.  There is also the "Social Engineering" attack which can infect your computer.  My wife was browsing a recipe site when she got a pop-up that declared that somehow Microsoft had detected an infection with malware and offered to download a "malware removal tool".  Fortunately she asked me what to do and so she did not download what was almost certainly a virus or worse.  Sites like that are often not as well secured because the owner of the site is not a security expert.  As a result, hackers can infect the site with such viruses.  If you have any open ports that the virus can find (no properly configured CPF), you can get what is called a "Drive-by" download or infection.
Finally, there is the "zero-day" virus/malware which is so new that the AV etc programs do not have a way to identify it.  These often spread by email or over networks, and it is possible that you might activate one on your system by opening an email attachment.  In such a case, you would have to rely on HIPS or a similar heuristics-based software that identifies hostile behavior by the malware and shuts it down.  Not surprisingly, the virus authors attempt to disable AV software, so even HIPS is no guarantee.  A fairly fool-proof method of avoiding this problem is to run your email software in a "Sandbox" which is a program that intercepts all disk writes and calls.  The changes and writes are stored and you have the option to delete or accept any changes whne you exit the program.  A free one is something called "Sandboxie" - sorry no web page, but it is easily found in Google.  There are a number of simple changes that also improve safety.  Use Comodo's Verification Engine.  If, by accident, you go to a spoof Banking/Paypal/Credit card site, you can know that it is phoney if the green border does not appear when you mouse over the logo (the effect usually appears as soon as you open the page).  Also, please change the default "Hide know file extensions" under the "Folder Options" section of Explorer or on the Control Panel.  This allows hackers to send you an email attachment like Something.txt.exe so that you will only see Something.txt.  Txt files are harmless, but .exe files can be viruses. 

[andyman35]

I agree with the above post,very well put. 

SanboxIE is available from:  http://www.sandboxie.com/

It's a great piece of software,the free version is limited to one 'sandboxed' application at a time,but running the web browser within it will prevent most of the threats from malware,however it should be a part of a layered security approach,since there may be security holes in the sandbox from time to time causing leakage.

[chenshiguo]

EQsecure  is better

[andyman35]

EQsecure  is better

I've heard good things about that,only trouble is I can't read Chinese 

[MorphOS REBOL]

Any kind of virtualizing attempts is CRAP.

There is no WAY OF HIDING on the web.

I just felt the need to mention that simple truth.

Don't hide and do pooty things.
Surf safely and be YOURSELF is all one should do. Don't be ashamed. Do it.

Be yourself. Enjoy yourself.

Remember it's YOUR LIFE.

Lived by you, once.

[andyman35]

Any kind of virtualizing attempts is CRAP.

There is no WAY OF HIDING on the web.

I just felt the need to mention that simple truth.

Don't hide and do s**tty things.
Surf safely and be YOURSELF is all one should do. Don't be ashamed. Do it.

Be yourself. Enjoy yourself.

Remember it's YOUR LIFE.

Lived by you, once.

What has sandboxie got to do with anonimity on the web? I'm talking about running a web browser within a sandbox isolated from the actual system in order to prevent drive by malware and spyware embedding within it,that has nothing to do with the likes of TOR and Privoxy. 

[MorphOS REBOL]

Depends on what your intentions are.
Is underwear necessary?
Is music necessary?
Is god necessary?

Depends on what you are.

Some of the above things are more than important to me. Are they necessary, though? I don't really know.

[Luketan]

I've heard good things about that,only trouble is I can't read Chinese 

I can read chinese, but you don't need to , to work eqsecure.

[zen_usuario]

I've heard good things about that,only trouble is I can't read Chinese 

EQsecure 3.41 is fully traslated to english, free, and you can use (import) the last "Alcyon's rule set" for highest protection.
Of course, EQsecure 3.41 hasn't "network module", so you can use a "pure" firewall with it without problems.

[andyman35]

EQsecure 3.41 is fully traslated to english, free, and you can use (import) the last "Alcyon's rule set" for highest protection.
Of course, EQsecure 3.41 hasn't "network module", so you can use a "pure" firewall with it without problems.

Thanks for the info Zen 

[DarkButterfly]

You could also use DefenseWall HIPS to run browsers and email clients within virtual environments, for example. It does a very great job and it works just out of the box. No tweaking needed for the new and unexperienced users. They will get along just fine.

I'm using it right now for my browsing. It is a very great tool.

[carioca]

You could also use DefenseWall HIPS to run browsers and email clients within virtual environments, for example. It does a very great job and it works just out of the box. No tweaking needed for the new and unexperienced users. They will get along just fine.

I'm using it right now for my browsing. It is a very great tool.

thanks for your reply. but nowadays I've been using windows much less because I use the gnu linux which It's not easy to be infected by virus and malwares. although when I use more rarely I've been using the sandboxed web browser which It makes a great job and I have bought the lifetime key combining the comodo products that I relly rely on them.best regards

[Tags:]