Friday, November 7, 2008

The ETM Security Suite: Free Edition

[ This post is part of a series: ETM Security Suite ]


Now I'm no security guru, but I am a technophile who watches a lot of free porn, downloads a lot of torrents, and has seen more of the Internet than you can probably imagine. So, naturally I should be overrun with malware of all sorts, right? Wrong.

I actually rarely update my shit, and for about 6 weeks I was living on the edge: security software-free. However, even a sensible computer nerd should have something to keep his computer safe in that rare event that he actually does stumble across something malicious. So, I finally sat down a little while ago and re-researched - and tested - a handful of programs.

I set out with the following goals in mind:
  1. Comprehensive - Any security suite I settle on needs to a be full-featured. Real-time scanning, firewall, rootkit prevention, registry protection, diagnostic utilities, and clean-up.
  2. Low-resource - It is incredibly important to me that any set of programs I use operates with as little resource usage as possible. In fact, this was the reason I went six weeks with no protection (must game FASTER!). This also means that I must be able to disable them from starting up should I ever need to.
  3. Cheap as free - I'm not paying for shit since I've seen for myself that I really don't need this stuff anyway. Also, I'd prefer to tell my friends "Download these things and you should be fine. Cost? They're free!"
  4. Simple - I don't want any programs I can't recommend to others, and if they're overly complex, people won't use them. I help friends and family get rid of malware fairly often, so it's important they're using simplistic enough programs to be troubleshooted over the phone.
So, if those sound like characteristics of your ideal security suite (obviously they are), allow me to introduce you to the 2008 ETM Security Suite: Free Edition...

DISCLAIMER
Almost every one of these programs is free for PERSONAL use only. If you're a company looking to stay safe and clean on the cheap, these aren't for you. Also, I obviously have no liability if this security suite doesn't do the trick for you. However, I use these personally. I'm not just recommending shit I never touch.


Comodo Internet Security
Prevention, Detection, Removal

This firewall and antivirus combo does the job beautifully. Its on-access virus scanning can be disabled so that you only employ it when you choose to (as I prefer to do) and the firewall is very simple, very effective (by all accounts I've read on my nerd sites), and very easy to use (easier than any I've used before given all of its features). Install it when you have a clean computer, set it to "Training mode" by right-clicking the taskbar icon and choosing training mode in both Firewall security level and Defense+ security level. Then, play around online a bit. After about an hour of it watching what you normally do, set them both back to Safe or Clean PC mode and you're done! This solves the issue of about half the pop-up notifications you usually get from newly installed firewalls.

You might ask, "What's Defense+?" Defense+ is a neat little sub-section of Comodo that watches your browser homepage, registry, and processes for suspicious activity. When you go to install something else, you'll see what I mean ("avgexxx.exe wants to change startup entry 0x000008R" for example). This handy little tool helps you keep tabs on what's going on with your computer as it happens. Lastly, this firewall has logging, automatic updating, support forums, and a little traffic window on the main screen. That last part is handy because the taskbar icon shows an upstream\downstream comparison of traffic. Ever wonder why your internet is running so slow suddenly? Open Comodo and find out!

See update 1

AVG Antivirus FREE
Detection, Removal

If there was any product in this list I was willing to pay for, it's AVG Antivirus. The paid version includes some very useful tools that I'd like to have, and this software has been getting top scores in just about every computer security magazine and reviews site I read for roughly a year and a half now. And when I say top, I mean like TOP scores.

At any rate, the free edition is supposed to be just about as amazing in terms of virus and malware detection and removal. It's a pretty straight-forward antivirus and works quickly (I don't have any malware to test it with, but I'll trust the 15 or so professional security journalists that recommend it). My only gripe with this program is that I couldn't find a way to turn off the startup processes within the program itself. For any of my friends or family, I'd recommend they keep it on, but for me, I want as little as possible running in the background. Anyway, I eventually solved this issue by disabling its processes from running on Windows startup with CCleaner, a program I'll mention later. You can stop programs from starting up a handful of other ways too, but I love any excuse to use CCleaner.

Following section redacted, see update 2
Ad-Aware Free
Detection, Removal

Basically the same as AVG, but targeted more towards adware and spyware than viruses and trojans. As with AVG, it's been getting top scores for as long as I can remember, despite being around for years and years. Whoever Lavasoft is, they've been riding this program's wave for at least 5 years now, and they've never let it fall out of the top 10 lists of free security software. Real-time protection is not available in the free version (or, at least, not in the one I have... I haven't updated in a few weeks now), but that's not really an issue since you'll have AVG and Comodo taking care of that. In fact, I'd probably recommend to users downloading this entire suite to turn off real-time for Ad-aware even if it comes with it. That's not to say Ad-aware isn't excellent, but having three programs watching your every move is a bit of overkill, especially when the other two are so good at it already. Even still, it's important to have as many options for scanning and removal as you can tolerate, and Ad-aware is a relatively fast scan that I'm happy to tolerate from time to time.

Windows Defender
Detection, Removal

Now, for this you'll need a Genuine Windows installation, so if you're running a pirated copy, you can't get it. It's not a major loss. If anything was to be scrapped from this list, I'd cut this off first. It's basically an anti-malware program from Microsoft released solely so they can say they aren't ripping their customers off by having lazy OS programmers who leave too many security holes open.

Now, that's clearly not a vote of confidence, but I still download this. It's mainly superstition\cynicism as my motivation: I think if anyone knows the jungle of bullshit code of Windows that gets thicker with every release, it's Microsoft. However, I only ever run this if there's a problem. Download it, keep it updated, but don't waste your time scanning unless you found a problem using one of the other better scanners.

Mozilla Firefox
Prevention

If you're running Internet Explorer, stop. Seriously. The most recent version of IE isn't nearly as mired in security holes as previous installments, but Firefox has always been and likely will always be more secure. Furthermore, it runs faster and smoother than IE, and has a shitload of extensions, themes, and add-ons available to the user who wants a more full-featured browser. Did you hear me? It comes out-of-the-box simple and fast, and then let's you decide how many bonus features you want on top of that. Beautiful, isn't it? Proxying is quick and simple in Firefox and can plug into Tor using the FoxyProxy extension (if you don't know what that is, don't worry about it), and between full-featured IRC and FTP client extensions, e-mail clients, and an option to run IE within Firefox (for those handful of web sites that demand IE... otherwise known as Microsoft.com), there's no reason not to run Firefox.

Recommended add-ons for a converting user are:
(for this last one, once it's installed, go to Tools > Add-ons, click Custom Download Manager, click Options, then under "Download Manager's Type" click "Sidebar")

Additionally, I suggest you check out this page for some Searchbar extensions. Saves me a ton of typing when I want to look something up. Also, if one of your favorite sites isn't on that page, visit said site, click the Searchbar down arrow, and see if there's an "Add favoritesite.com to Searchbar" option. Some pages have plugins for the Firefox Searchbar but haven't gotten listed very high on Mozilla's list.

McAfee SiteAdvisor
Prevention

Probably the greatest, simplest, free prevention tool there is. We all know McAfee, as they've been around since the days of DOS rooting out and destroying viruses spread by 5.25" and 3.5" floppy diskettes. Well, they're still in the biz, still doing great work, and still manage one of the most widely-distributed security suites on the market. Now, for we who do not want to fork over the cash to buy McAfee, they have a handy tool that leverages their enormous database of virus signatures against every page on the Internet. Basically, once you've added this to your Mozilla browser, any time you do a search (Google, etc.), the results will have either a little check mark, red X, yellow circle, or white question mark icon next to them. Green means go, yellow means caution, red means stop, question mark means they haven't looked into it yet. Simple enough, right?

If you need more information about the site's rating, click the icon, or use the little button in the lower-right of your browser to investigate the reasoning behind that choice (said button also changes color to tell you the status of the current page you're viewing). If you encounter a question mark, click it, and ask McAfee to scan the page. Granted, it won't be done anytime soon (it goes into a queue that is miles long), but you'll be doing the rest of us SiteAdvisor users a favor. Lastly, this extension, as well as Google's search engine as of late, will stop you with a warning screen if you try to access a site that they've flagged. You can proceed anyway if you know that the site is safe, but information like this usually comes at a premium.


This thing is god-damn brilliant. Did you just finish a torrent that you think is suspicious, or that had a vague warning comment from another user on the download page? Got a file you're too scared to open? Well, lucky for you, most viruses won't execute until they're decompressed\accessed, so for the moment you're probably okay... but how can you be absolutely sure it's safe? How about scanning it with 37 leading malware scanners? Normally, you'd need to actually own all 37 of these scanners, but with VirusTotal Uploader, all you have to do is right-click the file, go to "Send to", and choose VirusTotal. In about 15 minutes, you'll have your answer. All the scanning is done by their servers, not your computer, so you can do whatever else you want while you wait. What's more, the scan results are archived on their web site, so you can send the link to whatever forum, torrent site, or friend you received the file from and give them the heads-up.

Absolutely fucking indispensable for anyone who downloads P2P and anyone else who receives e-mail from idiots. FYI: That means indispensable to everyone.

HiJack This!
Diagnostic

For the computer illiterate, this tool isn't terribly useful. However, most computer professionals will be glad to see you have it, and if you're brave enough to peer into the bowels of your computer to try and fix a problem yourself, this is essential. Basically, this program scans your active processes, HOSTS file, and a few other places to tell you what the fuck is really going on with your computer. So, if you think you've cleaned up the problem and you know what to look for, this is the program to run for confirmation. It outputs a text file with the data that you can dig through yourself, or you can go to their support forums where computer experts can take a look. So, if your computer has been royally fucked by some trojan that brought a whole lot of uninvited guests to party in your 'puter, their forums may be the single best place to start to taking care of things. Realize that their help is free, and free means slow. These people aren't paid (I don't think), they're just good Samaritans who know their shit.

What's Running?
Diagnostic

This is basically the Ctrl-Alt-Del Task Manager on crack. View active processes and modules, what program\process\module asked them to start, where they're located, their current activities, your IP Connections and ports, all your drivers, and everything that is called to run at Windows Startup as well as what called it. This isn't a security tool per-se, but it was the only thing that helped me root out a particularly nasty trojan about a year ago (which I subsequently blasted with registry removal, DOS investigation, a couple of scanning tools, file deletion, CCleaner Registry clean-up, and of course some information from the HiJack This! forums).

This won't be the bread-and-butter of any security technician's diagnostic process, but it helps, and it doesn't cost you any resources.

CCleaner
Clean-up

This is the be-all, end-all of free computer clean-up. Basically, you click a button, it deletes all your temp files, cookies, history, MRU data, and cache. Now, not only does it delete it, but you can have it set to do multiple passes, including the NSA Standard (7 passes) or even the Gutmann method (35 passes). 35 passes of deletion is so strong, computer forensic professionals aren't even sure the data can be recovered at that point (don't count on it though, I'm sure the FBI has something up their sleeve). What does this mean? This means that the personal data you're worried about a trojan getting are deleted to infinity (and beyond!). Now, that is by no means an effective preventative tool, because the important data is more typically discovered by keyloggers, not spyware or trojans.

Where CCleaner really shines is on the "Registry" tab. If you've ever installed, uninstalled, changed the settings of, or updated a program or driver on your computer, it is highly likely that you have a useless registry entry (or ten) as a result. Think about how many things you've changed on your computer since you bought it. Almost every one of those changes resulted in registry entries being left behind - in short, your computer is bogged down with really old, useless, and cluttered registry data. CCleaner will take care of most, if not all of that, with just a few clicks. Simple to use, quick to run, and absolutely indispensable for anyone wanting a fast computer.

Now, this might not sound like a security program... because it's not. However, if you've seen how clusterfucked computers can get when they're infected, you know the type of damage malware can do to a registry. Malware typically digs itself way deep into Windows... so deep that the scanners often only pull out the weed and leave the roots. Unlike my metaphor, viruses don't grow back simply from leftover roots in the ground, but computers are meant to be clean and efficient... CCleaner will help you get that efficiency back after an infection.

Simplifying it all

Now, that's a hell of a lot of reading I put you through. Hopefully, you stuck with me here and saw the wisdom in each of these programs. You might think if you take my advice, your computer will be slowed to a crawl by all this shit running. Guess what? From all of these programs, I only have 1 process active: Comodo. You'll probably want to keep AVG on as well, but the point is you get all this protection, maintenance, and diagnostic stuff for FREE and without costing your computer its speed (in fact, you'll probably speed things up thanks to CCleaner, Firefox, and a nice clean computer). So, to stay protected and clean, how often should you update? Scan? How do you make this stuff regular?

Well, you can play with the Windows Task Scheduler to try and get it to automate your scanning, but I frankly hate automated scans, and you should be concerned enough about your computer's security and your own privacy to keep to this very simple regimen:

ALWAYS...
  • Browse with Firefox. If you absolutely need to use IE for a certain web site (like Windows.com), use the IE Tab add-on (linked above in that section) to maintain some of the securities of Firefox
  • Have Comodo running, both Firewall and Defense+. Comodo is a two for one deal on protection. Let's stretch an analogy way too far here: adding a firewall is like locking your doors and windows. Obviously, that helps, but your windows are still breakable. The same rule applies - if a piece of malware is determined enough, it will find a vulnerability in even the tightest security. Defense+ means that even if a virus breaks in, you have an angry dog waiting for it . That spyware\adware\virus isn't going to get much done because it will be pinned down on the floor by Comodo.
  • Have AVG Running (if the free version even has active protection... I'm not sure. You might want to buy it if you can and the following stuff suggests you should). This is your choice, based on how proficient you are with computers and how safe your users are. If it's just you, a gamer who rarely has malware problems, you can disable this using What's Running or CCleaner's startup management options. However, if you have children, a stupid sibling who hops on your computer from time to time, or allow friends to use your computer regularly (even if it's on a guest or otherwise limited account - spyware doesn't need admin privileges to infect your computer), you should have something like AVG scanning the files you access active all the time (VirusTotal Uploader is manual, things like AVG are automatic).

ONCE A WEEK\EVERY OTHER WEEK...
  • Update everything. It usually only takes a minute to update each of these programs. If something manages to slip onto your computer and cripples your internet in the process, you'll wish you had updated malware definitions.
  • Scan with Comodo, AVG, and Ad-aware (It's fine to do this outside of Safe Mode since these are just the regular "check-up" scans). No one scanner is the be-all end-all of scanning, nor will there ever be one. If you want to scan weekly with AVG, but every other week with Comodo and Ad-aware, that's a fine compromise.

WHENEVER YOU FIND MALWARE DURING A REGULAR SWEEP...
  • Update, reboot to safe mode, and scan with Comodo, AVG, Ad-aware, and Windows Defender. Run CCleaner after all the scans have finally given you a clean bill of health, and create a Restore Point using Windows System Restore (Google it if you can't find where it is on your computer. XP has two organization styles, and Vista moved everything. I don't know where System Restore is on your computer).

WHENEVER THE PROBLEMS PERSIST...
  • Use What's Running to see if you can find the files yourself, and use VirusTotal Uploader to confirm.
  • Boot normally and use HiJack This! to get a log of activity and active processes to post on the forums linked in the HiJack This! section above.
  • Ask for help from any computer nerds you know who have handled this type of stuff before.

ONCE A MONTH
  • Run CCleaner, just to keep shit running smoothly.
  • I also recommend that you defrag your computer, for speed purposes, but that's not really security. The guys who made CCleaner have a defrag tool that is miles better than Windows' included. http://www.defraggler.com/
It's really not hard, people. All told, you'll lose about 1 hour every other week to scans, and 1 hour a month to CCleaner and Defraggler. That's 3 hours a month to re-certify your computer's clean bill of health.

Final note
A lot of ISPs nowadays will give you security software along with your service, though they don't usually market it well enough. Call your ISP and check. McAfee, for example is great stuff. The firewall is excellent (I used it personally until we changed ISPs) and the real-time on-access antivirus, though taxing on your resources at times, is better than the free version of AVG (though the paid version of AVG I hear is better than McAfee). If nothing else, you gain one more scanning tool. However, if your ISP gives out Norton\Symantec or Computer Associates (CA), DO NOT DOWNLOAD THEM.

Norton is marginally more effective than its main competitor, McAfee, but in the process it digs itself so deep into your system that you will NEVER get it off. My brother actually had to dig into the registry to remove Norton in his security class once because it was inadvertently stopping him from removing a boot sector virus before it forced another restart cycle (boot sector viruses are one of the nastiest types). Computer Associates (formerly eTrust PestPatrol) crashed my computer whenever I installed it... all I had on my computer at the time was Windows, hardware and peripheral drivers, and Internet Explorer. I went through two weeks of back and forth with the vendor thinking I had a faulty OEM Windows or bad hard drive before I, not they, figured out that if I didn't install PestPatrol, I was 100% fine.

Good luck, safe browsing, and in the unlikely event you get stuck with a virus, happy hunting!

No comments:

Post a Comment