Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how much is enough? hardening security on a pc...


  • Please log in to reply
27 replies to this topic

#1 enigmatus

enigmatus

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 September 2015 - 12:14 PM

Hello guys,

 

Im running Windows 8.1

My always running and protecting config is: 
Norton Secure DNS, TinyWall, Comodo Internet Security (all enabled), UAC on, KIS 16 (all enabled), Spyshelter Premium and Gilisoft USB Lock. +few windows security tweaks

On demand: too many to mention...

I ran the Comodo Leak Test and got 340/340 points, ran Atelier Web Firewall Tester and passed the test...

BUT! (and here is my worry)

I tried Zscaler Security Preview and got 54 points of a hundred (lower is better), on 1st section says my system fails on phishing vulnerability and "vulnerable to threats contained on a known malicious website" on 2nd section it fails completely.

AND LASTLY

I ran Quarri LeakDetector and none of the security softwares blocked or even notified anything about it, and the screen monitor feature logs my screen, the keystroke monitor logs my typing and the clipboard monitor logs.

I think this could be something for general concern, because i have "pretty good protection" as most of you may have too, and this can happen, so... how much is enough?... for all of us.



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:49 PM

Posted 20 September 2015 - 12:47 PM

Hi there,

I don't think running Comodo Internet Security and Kaspersky Internet Security at the same time is a good idea. You might want to consider removing one of the two.

The weakest link in security is the end user - if you don't practice safe surfing then no software in the world will be able to save you from infections.

Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs

You might want to get an anti-malware scanner as well since both Kaspersky and Comodo are very bad at AM in my opinion.

Edited by Alexstrasza, 20 September 2015 - 12:48 PM.


#3 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 September 2015 - 01:07 PM

thanks,

 

you are right about the two running together, but im a bit paranoid :P  oh and i use AM but only on-demmand (MBAM)

the thing is that with all this "protection" i still get those results, how can that be possible? and how can any of us strengthen our security? (so we dont get results like that)



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 20 September 2015 - 01:12 PM

Something else, but very important: do you make regular system backups?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 September 2015 - 01:34 PM

yeah, i use WD Smartware for that, thank you :)

 

what about the zscaler test and quarri leakdetector matter?



#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:49 PM

Posted 20 September 2015 - 01:51 PM

Running two antivirus programs together will actually weaken your security instead of strengthening them... see here to know why.

#7 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 20 September 2015 - 02:19 PM

that is right, for that reason i disabled the file antivirus on kasperky, and installed comodo internet security without antivirus, so i have no real-time scanning running, anyway theres still no answer about the zscaler and quarri matter  :s  



#8 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 September 2015 - 08:24 AM

ok ok, maybe zscaler is trying to sell, who knows, but the leakdetector tool, trying to sell or not bypasses everything, who cares if its selling, we are talking of a possible security flaw we maybe all have, and no one is investigating this, how can you be so closed mind?



#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 22 September 2015 - 09:34 AM

It's impossible to investigate. You are referring to a program that is not (or no longer) available.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 September 2015 - 09:36 AM

i could send it to one of you guys, the way you prefer, so you can test it and see, and you try it on a VM or whatever



#11 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:02:49 PM

Posted 22 September 2015 - 09:48 AM

That won't help the community here. If the program is no longer available, then no one can use it, only you who have it.

 

FYI: I did find back the EULA for this tool on the company's website. The EULA does not allow the user to distribute the tool.

 

It looks like the company retired this tool and is no longer offering support for it.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#12 rp88

rp88

  • Members
  • 3,016 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:49 PM

Posted 22 September 2015 - 02:20 PM

Looking at your list of security programs and techniques one thing I noticed you lack is anti-exploit protection and other means of making drive-bys les likely. This may have been what the "you are vulnerable to a malicious website" result meant. You can secure yourself against drive-by (also called exploit and when delivered to other sites via adverts called malvertising) infections by running malwarebytes anti-exploit (there is a free version) and for extra security using firefox as your browser with the noscript extension installed, combined these should mean that you can no longer be infected by drive-by methods, although use of noscript may take a few weeks getting used to, after which it will have "learnt" the settings you like and won't seem strange at all. This sort of protection, against these sort of infections is getting mroe important day by day as more malware is starting to be delivered via dangerous adverts (which can appear in the corners of legitimate sites including major news sites and other reputable ones) and exploit pages, thesedays you don't have to download a dodgy file to get infected, you can be infected just by seeing an tiny advert on the corner of a page.




Post #4:"Something else, but very important: do you make regular system backups?"
Well said Didier Stevens, I just wanted to highlight the importance of this because even with near perfect security IF something DOES hapen you need something to fall back on. Make sure to have both backups of files (make these regularly, at the end of each day backup any iles you edited that day) and backups of your whole system (system images) which allow you to restore the whole system (the operating system, your choice of settings for the operating system, all your installed programs, and the settings you have for each of them...) to an earlier point in time, you don't need to make images so often, but you need to make sure to have several of them made at a time when you know the system was utterly clean of infections, running as you like it and had all the programs you use installed on it.

Edited by rp88, 22 September 2015 - 02:23 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 AM

Posted 22 September 2015 - 04:07 PM

that is right, for that reason i disabled the file antivirus on kasperky, and installed comodo internet security without antivirus, so i have no real-time scanning running, anyway theres still no answer about the zscaler and quarri matter  :s

There still can be issues even with doing that.

For details, see the IMPORTANT NOTE about not using more than one anti-virus program in this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 September 2015 - 07:17 PM

rp88

 

KIS is supposed to protect from exploits, and for the malicious websites i use a combined host file, norton dns, firefox with the kaspersky protection, trafficlight, https anywhere, noscript, ublock and noflash, so the browser is ok.

 

i do backups but not that often.

 

look... the thread is starting to get old maybe, and in other forums i have even been blocked, and all this happened to me on this 3 last days because of being curious and trying to help, i put the zscaler test on a second place, because its possible that is just a marketing tool and so and so... but what i still dont understand is what happens with this little tool -Quarri LeakDetector- wich bypasses every security layer (damm im tired of repeating this again and again...)

 

if a light comes from the sky and some of you or just you gets motivated to try it for yourself, then you can see why im worried, this quest is becoming exhausting...



#15 enigmatus

enigmatus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 22 September 2015 - 07:19 PM

quietman7

 

i have been told, and thank you too for reminding me that, i still have a lot to learn, ill se how can i configure everything and if i have to uninstall something, but right now im focused on discovering about this freakin tool






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users