Advice for ultra secure computer?

Hi,

In addition to Avast Free, MBAM free, Windows Defender, and HijackThis, what would you recommend for an extra secure computer?

The pc will have XP sp3 and will be used for online RPG’s, logging into email and websites where you want your information to be secure (eg. Ebay etc).
Is there any extra software to help keep login info safe?
Is there a big increase in security by having paid versions of the above programs?

What is your advice?

For XP I would get rid of windows defender and you could possibly upgrade to MBAM Pro, one off subscription.

HiJackThis is a bit of a waste of time and space, it hasn’t been updated in over 18 months and really ill prepared to search out the hiding places of modern malware.

Personally the best thing you could do is ensure you have a robust backup and recovery strategy, in the form of drive imaging software, that can make a perfect copy of your drive/partitions.

A good firewall wouldn’t go astray either on XP, you dont say what browser your using ? Firefox would be the better choice for XP i think with the neccessary addons like no script and ad block.

Also aggree 100% with what DavidR has mentioned :slight_smile:

Ultra-secure?

HIPS…something like Mad Mileh’s Comodo D+. That is, provided you how to correctly and safely answer all the deny/allow questions. And whether you can stomach a HIPS (its not for everybody).

Sandboxing Browsers, PDF Readers etc. can provide a good extra layer of protection. The paid versions of Avast have an on-demand Sandbox, or you can use Sandboxie ( the free version has some limitations ).

Greetz, Red.

Advice for ultra secure computer?
ultrasecure = disconnected from internet ;D

:°D

(Sorry for the OT)

+1 :wink:

HIPS....something like Mad Mileh's Comodo D+. That is, provided you how to correctly and safely answer all the deny/allow questions. And whether you can stomach a HIPS (its not for everybody).
+1

A variation of the “disconnect from the Internet” comment. See if your broadband router supports the following:

  1. A “dial-up” feature setting for it’s hardware firewall. Works identical to the old phone dial-up connection; when your browser, etc. requests a connection to the Internet, the router will allow the connection. The connection is closed automatically after a set inactivity time. There may be a slight lag in response for the initial connection.

  2. Create a “honeypot” on the router to trap any unsolicted inbound connections. On my router you just designate an unused IP address in your DHCP range of available addresses i.e if DHCP assigned range is 192.168.1.1 - 192.168.1.253, I use 192.168.1.253.

Finally create a rule for your software firewall rule to block any outbound DNS(TCP/UDP port 53)to localhost 127.0.0.1 255.0.0.0 to block any DNS rebind attempts.

Oops! Forgot the most important one. Never ever surf with admin rights!!! It akin to posting a red flag on your butt in a bull fighting ring.

A few things I suggest:

Secunia PSI. Keeps all your software patched for you, automatically. It will keep reader, flash, and java up-to-date before their updaters even realize they’re out of date.

Google Chrome. Supports more mitigation technologies than any other web browser. DEP, ASLR, SEHOP are all supported. Also chrome uses integrity levels for sandboxing, much like IE’s protected mode, and this http://chrome.blogspot.com/2012/01/speed-and-security.html

Consider upgrading to Windows 7. A lot more mitigation technologies are available and enabled by default. You can enable more mitigation technologies by downloading Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) here http://www.microsoft.com/download/en/details.aspx?id=1677

^^ Some mitigation technologies are not turned on by default for compatibility reasons. If you turn them on and all of your software works fine, then great, keep those settings. Just pick the “Maximum Security Settings” profile in EMET and if it doesn’t work out, dial it back down to the default profile. ^^

Adblock Plus. Whatever browser you use, you should consider Adblock Plus, since a lot of malware spreads through infected advertisements. There’s also a maintained malware domains list for Adblock Plus here, http://adblockplus.org/en/subscriptions Scroll to the bottom.

Finally consider a malware filtering DNS like Norton DNS dns.norton.com or DynDns Internet Guide setup.dynguide.com.

–Ian