My elderly computer has decided to refuse to boot (cannot find OS) so I now have a brand new one (it was on the cards anyway) - but I need to install all the (free) anti-virus and malicious software tools that I had acquired (but cannot remember what they all were - one was Kaspersky).

Can someone prompt me with a few names that I might recognise?

Not having the ability to read these off the list of programs on the (now defunct) menu I'm struggling to find what I want.

There was another program that I remember - Malwarebytes - which I have now downloaded, but any recommendations as to what to have to protect from evil will be considered.

Thanks.

(and then there's all my browser favourites!)

Most of us use avast (http://www.avast.com/download-software)! or AVG (free.avg.com/)

Also in addition super anti-spyware (http://www.superantispyware.com/)

Avast and Zone Alarm my choice for several years.

Zone Alarm was one (and possibly Avast - I'll take a look). Thanks.

Microsoft Security Essentials
Malwarebytes Antimalware
Windows Firewall

NOTHING ELSE.

Immunet: Free Antivirus Software Download and Endpoint Security (http://www.immunet.com) - worth a look

The answer must depend on what kind of outside communications you do.

If you just browse major websites (e.g. bbc.co.uk) then you don't need antivirus software, and if you are behind a NAT router then nothing is going to get you from the outside.

If you go to dodgy websites (which includes pilot forums ;) because they are quite frequently infected) then you need some antivirus software. I use Kaspersky, which has never caused me any problems, over a number of PCs I look after at home and work. Avoid anything from Symantec (Norton).

If you use email then you need to be altogether more careful. Especially if like most people you use Micro$oft email software (Outlook or Outlook Express). Again AV software is a must.

If a teenager has access to your PC, you can forget it. The battle is lost :)

If you just browse major websites (e.g. bbc.co.uk) then you don't need antivirus software, and if you are behind a NAT router then nothing is going to get you from the outside.

Dear oh dear ! :ugh::ugh::ugh:

I suggest anyone reading this thread ignores that paragraph, and we'll leave it at that out of politeness. :E

Since a gram of prevention is worth a kilo of cure, I'd suggest using Firefox as default browser, with the Noscript add-on, and AdblockPlus.

NoScript will prevent drive-by downloads (from infected webpages) from even recognising that your browser is there.

I also use Avast, have MBAM and SAS (superantispyware) available for Bad Times (hasn't happened in a few years, now) and Secunia PSI, to monitor any out of date or vulnerable software. Windows and other software installed is kept scrupulously up to date. Windows firewall has proved more than adequate with this setup.

Some kind of imaging software and an external drive is worthwhile. Macrium do a free one called Reflect. Others include Acronis, and the old but reportedly good Norton Ghost.(or Norton Go back.)

In the event you get an actual infection and need to use tools to clean it, I'd suggest getting those, under knowledgeable guidance from a helper at a security forum, at the time they are needed.

Read "The Time has come" thread from June 2011. All you need on there.
Mr Mike of the bracknell world must be tired of repeating his advice.
My local techie guru fully agrees with him.

Does anyone use ARO 2011 from Sammsoft? I've been using it to clean and optimise my laptop since the System Tool virus last January.Last Thursday my laptop downloaded 10 updates from Windows and since then I've been unable to open the programme and Windows is telling there is a problem with it.Thanks in advance.
Colin

Mr Mike of the bracknell world must be tired of repeating his advice.
My local techie guru fully agrees with him.

I prefer Zone Alarm as a firewall as it always asks before allowing a new program to access the internet, I consider that as the backstop device.



Saab as this subject keeps cropping up is it worth making this into a sticky?

ARO 2011 from Sammsoft?


Let me guess, did you per-chance find out about this "useful" software through your web browser one day ?

Never heard of it. But it's never good when Google auto-complete suggests "scam" as the second word and you get 25,000 results :cool:

I suggest anyone reading this thread ignores that paragraph, and we'll leave it at that out of politeness

Are you able to, just very occassionally, if not always, write something that resembles a contribution to knowledge, rather than just taking the p1ss out of somebody but without any information content?

IO540,

I assumed from your prior postings on this forum where you demonstrated a good level of computing experience that it would be un-necessary for me to expand further because you would probably understand the reasons for my post being the way it is. So perhaps I just got your username mixed up with someone else's in my mind.

I'm a bit busy at the moment, but I will return to the forum later today and post and expanded explanation for the benefit of the public as requested.

taking the p1ss out of somebody but without any information content

As I have explained before here on Computers & Internet. I'm not out to catch anyone out, and I'm certainly not out to take the p1 out of people. It's just that I'm a busy individual, who has pretty much "seen it all before" when it comes to IT/Telecoms ... and therefore some of my replies can be, short & sweet, shall we say..... particularly when a post such as the first paragraph of yours earlier goes so much against the grain that I find it difficult to comprehend why such a view was held.

But I digress. I offer you my apologies if my post was misinterpreted.

Bye for now, but I'll be back to expand as requested.

Let's start by addressing your statement that "nothing can get you when you're behind NAT".

Two irrefutable counter-arguments :

"Phone home" software that sends data/information about your computer/network to the outside world.

Software with mechanisms to bypass or work-around NAT (legitimate examples of this include Skype, GoToMyPC, Teamviewer etc.). Products such as Teamviewer provide you with full remote-control of your computer without any need to open any inbound ports on the firewall perimeter of your network.

It doesn't take much imagination to realise what can be done by people with malicious intent.

One source of further reading on this is the activities and presentations of the Jericho Forum.

The Jericho Forum began in 2003 when a group of global corporate CISOs came together informally to discuss an issue that no one was addressing – de-perimeterization – the erosion of the network perimeter. Concerned that the industry was valiantly trying to shore up an ever-crumbling corporate perimeter while trying to securely conduct business via the Internet.



I'll leave you with two facts :

(1) RFC1631 (aka NAT) was never designed as a security mechanism. It's role in life was always, and will always be to address the problem of address depletion and scaling in routing. That's it. The fact that your IP address gets masked in the process is a byproduct of the way the NAT mechanism was designed and consequently implemented.

(2) That today's internet is not a very pleasant place. There is an ever growing number of mechanisms at the disposal of the mischievous to bypass security, and the only way to address these effectively is to build a layered security model, not just relying on one piece of infrastructure to protect you.

You might be of the opinion that "oh, I'm just a boring home user, with no nuclear secrets on my ageing PC.... why should I bother". To that, I say remember zombie botnets and spam.... the miscreants want you to be a small piece in their large cog. It's your duty as an individual connected to the internet to do your small bit to help deflect the damage they cause. If you don't believe me on the damage front, I'll leave you with a little quote from a recent ticketing system notification message :

We experienced a large scale distributed denial of service attack
starting at 17:34 this evening targetted at one of our customers. This
attack resulted in an unprecendented load on our routers and some
interlinks.

The attack is still on-going but we have mitigated most of its effects
by way of filtering traffic on our network border.

As a result of the volume of traffic, customers will have seen some
packetloss until we put in place systems to filter the attack.

We are still seeing a high level of inbound traffic however the
filters which has been in place for over 40 minutes appears to
be successfully mitigating most of its impact. We are continuing
to monitor the network closely.

In terms of "only visiting major websites"......


What if someone, or something (virus etc.) edited your hosts file ? Changed your DNS settings to point you to mischievous DNS servers ?

What if someone, or something setup an inline HTTP proxy to alter your BBC browsing experience ?

What if someone hacked the BBC and put some malicious files up ? (don't say it will never happen, I can point you to lists of many "major" websites). Plus there's always the prospect of the "inside job".

What if a page on the BBC site had an iFrame ? Displaying content from a remote site in a BBC border.... what happens if that content becomes malicious ?

What if you received an email purporting to be from the BBC telling you to visit their website to read something of interest to you ?

Variations on the theme include cross-site scripting attacks etc.


In summary ..... treat the internet..... the WHOLE internet.... as untrusted, and keep your wits about you at all times.

That is all true, but the software which accesses external sites had to arrive at your computer from somewhere to start with.

If you install Skype, and it goes to your firewall and opens up the ports it needs, and then it goes to your router and (with UPNP?) opens up the ports in that also, that is not good, but I did say to the other poster

If you just browse major websites (e.g. bbc.co.uk)If he does all kinds of other stuff too then his machine can be compromised.

And if you then go and block those back doors using a firewall, then Skype will stop working...

At work we run an email server and we used to get about 10k spams per day, not to mention regular dictionary attacks on port 443 (router config port) so I have no illusions about nice people out on the internet. Even after we went to Messagelabs for incoming email filtering we still had spam delivered to our IP via SMTP, and we had to set up the email server to accept emails only from the ML IP ranges to stop that.

But I still maintain that somebody who uses a computer, at home, for pure web browsing on major websites is going to be fine.

That is not the same as doing exactly the same while working at say Cisco, whose IT systems will be subject to hundreds of not thousands of attacks concurrently.

I have configured PCs and laptops for loads of people over the years and every case of a trashed machine I saw was caused by some trojan which fairly obviously came down email, instant messaging (usually a message containing a URL) or from an infected website. In most cases, on machines used by kids, who tend to click on everything that pops up :)

The worst one I ever had was a PC I built for the child of our postman. As far as I could tell that kid, about 10, only ever used a web browser, but the machine was almost unbootable. When I saw the websites he was clicking on, it was not suprising. He simply clicked on every link he saw. But still no evidence of a highly technical attack.

There are many infected websites etc but I just don't see significant resources going into hacking typical homeowner PCs behind NAT routers. Do you have evidence that the bot nets are set up in that way? I have seen a few zombie PCs (including one belonging to my son; he lives with the ex) but all of them were used in a manner which would have guaranteed instant infection.

Now, y'see, this is an interesting quandary because I agree with both of you to a certain extent.

Mixture is right that it's dangerous to state that using no firewall or AV you'll be safe behind a NAT-only router browsing places like the Beeb. The reason behind this is that NAT opens a bunch of ports, down which a bunch of hijacked traffic can travel, and if you're not doing anything about sanitising that traffic or even checking your PC once it's arrived on it, then there's no hope for you really.

However, IO540 is also right to a certain extent by saying that you needn't go overboard with your defences. This is because the workload of keeping them all up-to-date and reliable would outweigh the workload saved by not having half of them.

Personally, I would go, as I have shown, with the golden rule of:

1) A SINGLE antivirus ONLY package (none of these all-in-one-AV-plus-firewall packages)
2) A NAT/SPF router
3) Malwarebytes pre-loaded
4) Windows Firewall


The reasons are (and the numbers correspond to above)

1) You should NEVER run more than one AV package with realtime protection at any one time (because they find each other and fight....slowing your computer down to a crawl and breaking it). You should never run a software firewall unless you know EXACTLY what you're doing with regard to blocking and unblocking certain types of traffic (and to this extent those who DO know how to run a software firewall should in no circumstances suggest that those who don't should).

2) NAT might not be 100% safe, but it's 10000000% safer than a modem, and is probably the reason why the internet still actually operates rather than having ground to a halt with all the numpties and their kids running infected computers behind modems. An SPF firewall in hardware is going to affect your computer MUCH less than a software firewall, and it means your computer isn't useless when you pick it up and use it in someone else's network (but of course you should be careful before connecting to theirs willy-nilly).

3) Malwarebytes Anti-Malware is STILL one of the very few pieces of software that I can instruct someone with a highly-infected PC to use to clean it themselves. However, the viruses ARE getting worse, and one day it'll be useless.

4) Windows Firewall is great. It's very unintrusive, and most importantly it's very hard to accidentally cock up the settings. The later versions in Windows Vista/7 DO provide outbound rules, and even better it's centrally controllable via GPO when in a business setting. Any other software firewall is likely to be none of these things, and as i've said on countless previous occasions, a badly-configured firewall is worse than no firewall at all.

So, why MS Security Essentials I hear you cry? Well, I'm persuadable for you to change that requirement to any of AVG/Avira/Avast/Kaspersky/F-Secure. However, if you pay for your package you need to understand that the virus definitions are likely to have been gleaned from others who will have paid for their package....and given that the FAR greater number of people who DON'T pay for their package are the ones who will be providing the free AV vendors their definitions, you can see why it would be better (and cheaper) to go free. Oh, and any of the other vendors of AV software out there had better seriously beef up their offerings if they want to be taken seriously. The likes of Trend/McAfee/Norton get immediately uninstalled from any PC I deal with, and that's unlikely to change at present.



oh, p.s. - yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous. I would add one other item to the list above, and that's to educate yourself on the workings of viruses, and how to spot them or how to have a sneaking feeling you might have been infected. THAT would lower the infection rates!

My concern is that the infections I have come across on already infected PCs were never detected by AV software.

OK, any half respectable trojan will disable the AV software anyway (sometimes this is evident in that updates stop working, and other odd things start happening) and this is why scanning the hard drive rarely finds anything (other than objecting to files called keygen.exe ;) ) but even when I have done e.g. a TrueImage image of a definitely infected HD, copied it to a blue ray DVD, and mounted that image (using TI) on another (clean) machine, and scanned that entire resulting logical drive, file by file, with e.g. Kaspersky, the AV software still failed to find the virus among the files.

Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans :)

So, to me, it appears that the really nasty infections are usually not detected by common AV software - unless it comes as an email attachment, or appears on an infected website (SQL injection, or whatever?) which silently redirects to some site in China. Kaspersky is pretty good at detecting those.

I have seen a number of web infections (two well known pilot forums among them, and in neither case was it publicised so people could check their PCs) and Kaspersky detected the attempted redirection on those.

Since we started using Messagelabs for email filtering we have not had anything remotely resembling a dodgy attachment. AFAIK, none of the PCs used by me, my family at home, or at work, have ever been infected.

And the webmail services (yahoo, hotmail, etc) have come a long way since the days when you set up a hotmail account and looked in there the following day and there would be 100 spams in there. They all do spam and virus checking, to a pretty good degree. Still won't stop clever hacks done with malformed PDFs or Jpegs, but those are pretty rare attacks.

yes I have seen insecure PCs behind NAT become part of a botnet, and the effects on traffic are horrendous.Were they infected while sitting there switched on, with nobody using them?

How does one access a PC behind a NAT router, which has no open ports?

And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.

Do you have evidence that the bot nets are set up in that way?

Researchers from UC-Santa Barbara took over the Torpig Botnet for 10 days.

Their report contained a couple of interesting paragraphs on DHCP and NAT :

The DHCP effect:

As we discussed, during our ten days of monitoring, we observed 182,800 bots. In contrast, during the same time, 1,247,642 unique IP addresses contacted our server.

The NAT effect:

By looking at the IP addresses in the Torpig headers we are able to determine that 144,236 (78.9%) of the infected machines were behind a NAT, VPN, proxy, or firewall. We identified these hosts by using the non-publicly routable IP addresses listed in RFC 1918: 10/8, 192.168/16, and 172.16-172.31/16. We observed 9,336 distinct bots for 2,753 IP addresses from these infected machines on private networks. Therefore, if the IP address count was used to determine the number of hosts it would underestimate the infection count by a factor of more than 3 times.

All that could simply mean that there are millions of people out there who click on every p0rn site link they can find :)

After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic :)

Same with emails.

Malwarebytes also failed to see anything. In fact it has found nothing at all when I have run it - except in one case of a laptop on which it found 13 trojans :)

This is why you need to run Malwarebytes via safe mode with command prompt. Because in the vast majority of recent viruses the main method of defence employed by the virus has been to 'hide' itself from whatever AV you're using at the time....and this is hooked into explorer.exe. The ONLY version of booting Windows which doesn't invoke explorer.exe is safe mode with command prompt (and then manually navigating to, and executing mbam.exe). I've had machines which say "0 files infected" when booted normally, which then say "100 files infected" in safe mode with command prompt.


Were they infected while sitting there switched on, with nobody using them?

Not recently, but then recently things have got better with patching, firewalls, AV readily available. In the past, yes.


How does one access a PC behind a NAT router, which has no open ports?

Initially, you spoof the source address or run a man-in-the-middle attack.


And if you get through the router, the PC (assuming it is running windoze with the main patches applied) will still present the attacker with a login prompt, or the attacker will need login credentials if you are going in via a LAN. That's if the PC has been configured to ask for a login+password. If not, one important element of security has been lost.

You assume that all inter-process communication is password protected. And/or that hackers intend to use things like CIFS shares for access?

Let me give you one relevant example. The recent Anonymous attacks have been related to SQL injection hacks, where SQL servers have been exploited by sending malformed requests, leading to them coughing up things like passwords or other otherwise hidden documents. Now, consider a SQL server running on a PC (not an unknown phenomenon on a lot of PCs that otherwise don't need it), sat waiting for querying. It doesn't take too much of a leap of faith to see that if there was access to that server you could be susceptible to a security breach of the PC. Now what if you had access through NAT to the port? pretty easy to hack, huh? Especially if you remember that NAT holds the port open for a fair amount longer than it takes to transmit the data. Not too difficult to gain access in that regard, if the port's opened for some reason or another.

After all, according to a Cisco mate of mine, p0rn accounts for the majority of internet traffic :)

Your Cisco mate needs to update his/her knowledge:

Porn passed over as Web users become social: author | Reuters (http://www.reuters.com/article/2008/09/16/us-internet-book-life-idUSSP31943720080916)

Indeed A.O, as the original poster on that thread and recipient of the advice from Mr Mike of Bracknell-world - I gave an update on the installation process and 4months later, can further report that everything has since run smoothly and efficiently and I can honestly recommend it.
DaveD

Me, I just do what I'm told so I have a Mike from B set up on my new pc.

Ancient Observer,

Me, I just do what I'm told so I have a Mike from B set up on my new pc.

Yeah, he's one of those rare few good things to have emerged from Bracknell in the past millenium. :E