1

As mentionned in the title, I have KIS 2014, Malewarebyte Pro and Spybot installaed on my windows 7 (regularly updated). I regularly scan my pc for viruses and spywares and clean it with Glary utilities pro and Ccleaner. I also blocked Javascript in my main Chrome browser (for unknown websites).

Are these practices sufficient to stay safe from trojans and direct attacks? I know the question is open, but I'm just wondering if there are other solutions to enhance the security. I think a good VPN could give more security?

What about Ipchain and proxies? I don't know much for these two tricks but I just state what I've heard from professionnals.

Bill
  • 138
  • 7

2 Answers2

1

This will only protect you from well known viruses. To be honest, if they perform a targeted, direct attack against you, you would expect the attacker to employ several anti-virus evasion techniques which will bypass all your AV software because its fingerprint is not cataloged yet. Anti-viruses are good protection to prevent infection of known viruses. They can offer no or only limited protection against targeted attacks. Also note that once you have been affected it's already too late. If you have been affected by a virus (it has been able to execute) you should nuke it from orbit and restore from the last know good, clean backup.

A VPN will give you privacy, it will not give you security, the same goes for ipchains and proxies.

Ulkoma
  • 8,793
  • 16
  • 66
  • 95
Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
  • +1, Thanks for the answer ! The same holds with the firewall within KIS 2014? If can configure it to deny remote access and block some vulnerable software to access internet ? – Bill Nov 07 '13 at 15:32
  • 1
    Yep, because you can't cover things like zero days. – Lucas Kauffman Nov 07 '13 at 15:35
  • So there is no optimal solution, only surf carefully and stay anonymous I guess ! – Bill Nov 07 '13 at 15:44
  • 1
    Well, that will save you from normal attacks, targeted attacks (really targeted attacks) will probably always succeed if enough effort is put into them. – Lucas Kauffman Nov 07 '13 at 15:45
  • But targeted attacks suppose that the attacker knows your identity, that why I raised the anonymat issue, and then VPN? what is the best VPN solution in your opinion? I usually surf under the VPN of my institution, I don't know if it is secure enough. (Yes, it respond but I want to enrich the discussion, maby we can learn some tricks from other users :) I will check it later ;) ) – Bill Nov 07 '13 at 15:55
  • 1
    @Bill: You can try using VPN services that claim to not log internet traffic. Do however take note that since you have no way of knowing the authenticity of the claim, you are going to have to trust the VPN provider to not log or cooperate with law enforcement/other entities. – Nasrus Nov 08 '13 at 16:35
  • Right ! Is there anyone here who knows a good VPN? even a commercial one. – Bill Nov 08 '13 at 20:38
  • 1
    I can't make product recommendations, but TorrentFreak has several articles about VPNs that you can take a look at. Do note that attackers can identify you through traffic analysis at the connection between the VPN provider and your service you connect to, and using a PPTP/weak encryption VPN is equivalent to no protection at all. – Nasrus Nov 09 '13 at 02:11
1

There is no such thing as a configuration that will completely prevent your system from getting hit by Internet attacks, especially if you are being targeted by a nation-state or other such adversary with significant resources on hand. You can't exactly prevent zero-day malware or exploits (although you can try to mitigate their effects using software like EMET and SELinux).

That said, if you use some common sense (such as not browsing seedy and suspicious websites, or downloading random stuff off the net), keep up to date on the latest in security software and mitigation techniques, as well as constantly harden and review your system configuration (secpol.msc and such for Windows), you should be able to reduce your attack surface significantly and reduce the chances of getting hit. Your current configuration is a good start.

As for your latter question, VPNs and proxies are meant to improve your anonymity (but only if they provide encryption and authentication, and aren't run by someone looking to spy on or infect his/her users). And even then, there are other considerations, such as encryption used (PPTP "VPNs" anyone?) among other factors. You may wish to look up the uses and potential issues of VPN use.

Nasrus
  • 1,250
  • 12
  • 13
  • Thanks for the answer ! I'm usually careful when surfing, my browsers are up to date, and I use Chrome for my personal accounts and work without any extensions installed and with javascript disabled., and I use Firefox for other tricks, with adblocks, noscript and other usefull extensions. But the question that still arise is how to check if we are really infected, expecially with targeted attacks, I usually check my ports and established connections (with currports and tcpviews), I didn't found any suspicious activity. Is that sufficient? – Bill Nov 07 '13 at 15:50
  • A useful question : http://security.stackexchange.com/questions/3681/how-to-best-defend-against-targeted-attacks – Bill Nov 07 '13 at 16:29
  • 1
    @Bill: an attacker can choose to exfiltrate data when you are not using tcpview or the monitoring tools, and can edit the system logs. There is no way to prevent targeted attacks other than round-the-clock monitoring of the system's integrity (via tools like Tripwire) and network traffic (logging to a write-only server that is checked often). Even with that, the attacker can compromise the logging server itself. There is always a way around any countermeasure. – Nasrus Nov 08 '13 at 16:28
  • So the question that still arise is how to detect those targeted attacks. Prevention alone is not always effective ! beyond of practices and precautions, if we speak tools, are there sophisticated (commercial or free) tools able to deal with these attacks ? – Bill Nov 08 '13 at 20:42
  • 1
    In simple terms: no. You can try purchasing an IDS/IPS solution, but like I said zero-days can get past that when used by skilled attackers who know about and develop countermeasures like using whitelisted traffic for comms. – Nasrus Nov 09 '13 at 01:59