Windows 7 Application Layer Security

Discussion in 'Windows Security' started by b0r1s, Jul 25, 2011.

  1. b0r1s

    b0r1s New Member

    Jul 25, 2011
    Likes Received:
    A lot of people here asking what is the best way to secure ones windows PC, what is the best antivirus out there etc. There is no best for a single person, since we are all different and so are our needs. There have been many threads just showing you different security products, but i haven't seen any of them explaining why or which one should you pick and use.
    Software provided here is all freeware

    User Levels

    There are different kind of users out there, so the security solution varies to each and every one of them. I'll categorise and make 3 groups of users and then explain the security solutions under every one of them. Here i am describing application layer security. This means how to secure your windows PC with applications. There are of course numerous other ways to secure your windows by configuring it with Group Policy options for example, but this here is an application layer security.

    Nr 1: Regular User - Users who use their windows PC for activities such as using web browser, mail applications, listening to music, watching movies, etc.
    Nr 2: Advanced User - Users who use their windows PC for activities like Regular User, but also using P2P software, installing various other software, tweaking windows etc.
    Nr 3: Power User - Users who use their windows PC for activites like Regular User and Advanced User, but also using the PC for software development, deploying servers and all other things you can do with your windows PC.

    Security Solutions

    Security Software:
    Antivirus - Microsoft Security Essentials or Avast
    Anti-Malware - Malwarebytes

    Regular Users are using minimal amount of applications in their everyday life, thus making the attack vector minimal as well (meaning, if you only turn your PC on and off, it is hard to infiltrate it, so if a person uses his/her PC only to listen music or watch movies then it's also hard to get anything malicious in the PC). So using a good antivirus software with default settings is good enough for them. (Very small changes to configuration might be needed)
    Anti-Malware is needed to regularly scan system for potential threats antivirus might have missed.

    Advanced User
    Security Software:
    Antivirus - Avast or Avira
    Firewall - COMODO firewall
    Anti-Malware - Malwarebytes
    Software Startup Monitors - WinPatrol

    Advanced Users know more about their PC's and thus using more applications, so the potential attack vector is bigger, especially using P2P software.
    A good antivirus software is a must, Avast or Avira have good heuristics and work very well. The antivirus solution should be configured to more advanced levels as well.
    A good firewall is needed to prevent intrusions or monitor incoming or outgoing internet activity for malicious software.
    Anti-Malware is needed to regularly scan system for potential threats antivirus might have missed.
    Software startup monitor is needed to see what applications are starting with windows and disabling some which are suspicious or troublesome.

    Power Users
    Security Software:
    COMODO Internet Security Suit (Antivirus, Firewall, Defence+)
    Software Startup Monitor - WinPatrol
    Anti-Malware - Malwarebytes (is not important to have)

    Power Users are doing a lot of things with their windows PC's so the attack vector is at it's highest. A normal antivirus wont help Power Users anymore since detections can be bypassed, something more advanced is needed. COMODO Internet Security Suit has it all.
    COMODO Antivirus with heuristics - Antivirus alone does not really matter anymore, it is just here to make life a little easier. This antivirus comes with cloud based heuristics as well, offering 0-day exploits protection.
    COMODO Firewall - An advanced firewall which can be configured to monitor all connections coming in or going out from your PC, see ports which are listening connections etc.
    COMODO Defence+ - This is the key feature. It includes HIPS, Registry Protection, Memory Firewall, COMODO's Self-Defence, Sandboxing, Prevents Buffer Overflows and so much more.

    A true Power User knows how applications behave whether it's known or unknown, now with Defence+ you can monitor these activities and to allow or disallow some or all of them. That leaves malware very little chance to start in your system. It is nearly impossible to bypass Defence+ as it works in deep kernel level.

    Another great thing is COMODO Sandbox. All unknown software outside the Trusted Software list will get executed in sandbox (you can choose settings for your sandbox and how hardcore you want it to be). This means if you start or through some magical exploit a malicious software gets executed, like a RAT for example, then nothing happens. The RAT might reach a connection to the Client if you allow it (i don't know why you should) then nothing can be done in your system since the RAT is running in the sandbox, where everything is limited. After reboot, the file wont get started or will be deleted. No keylogging, screen viewing or anything else can be started. So simplifying even more, COMODO Sandbox breaks malware.

    The Defence+ and all other COMODO parts are highly configurable, for example you can even add your own files under Defence+ which you want to protect, add your own protection to some registry or COM elements etc. There is a lot you can do with COMODO.

    Some of you might think why not use Avira or any other AV with COMODO, but having COMODO's AV disabled or removed. Simple answer, as i said before, firstly AV's can be bypassed and secondly, this would eat up a lot of computer resources.
    -Deja Vu
    #1 b0r1s, Jul 25, 2011
    Last edited by a moderator: Jul 25, 2011

Share This Page