[LINK] making windows secure: sandboxie and other goodies

Kim Holburn kim at holburn.net
Mon Aug 7 08:54:20 AEST 2006 

Just how far do you have to go to make Windows secure?

Microsoft's recommended method of dealing with malware is  
periodically wipe the OS and application from your disk and load them  
anew.  You could install 4 or 5 of these free utilities instead.

Or of course the simplest option of all: don't use windows.

Sandboxie looks very interesting.

From:
http://www.techsupportalert.com/best_46_free_utilities.htm

> 4   Best Free Browser Protection Utility   Updated July 25, 2006
> There's a scumware  plague at the moment. All it takes is a visit  
> to a pushy web site or a "loaded" shareware install and next minute  
> your Internet Explorer homepage has been changed, your default  
> search setting altered, unwanted ads pop up on your screen and worse.
>
> If you use Windows 2000 or later my top recommendation for safe  
> browsing is a free program called Sandboxie [1] that creates a  
> special contained "sandbox" environment on your PC. While browsing  
> within the virtual sandbox provided by Sandboxie you are totally  
> corralled off from other parts of your PC. So any files you  
> download are isolated to the sandbox. Similarly, any programs that  
> are executed only do so within the sandbox and have no access to  
> your normal files, the Windows operating system or any other part  
> of your PC.
>
> Usage is remarkably simple. To start a sandboxed browsing session  
> you just click the Sandboxie icon from the Quick Launch tray and  
> this will launch your default browser in the sandbox. You can then  
> use it in the normal way to browse to sites or download files.
>
> If you downloaded a file it will install normally but again will be  
> corralled off from your real PC. Anything it writes to your hard  
> drive, any changes to the Windows Registry or changes to the  
> Windows startup will be held in a separate area within the sandbox.  
> Similarly, any new processes running in your computer memory will  
> be sandboxed.
>
> After you have finished browsing you can right click the Sandboxie  
> icon and delete all sandboxed files and processes and your PC will  
> be returned to the same state it was in before the browsing  
> session. If you want retain particular downloaded files you can  
> save them permanently before clearing the contents of the Sandbox.
>
> The advantage is clear: any spyware, trojans, keyloggers or other  
> malware products that infected your PC while browsing will be  
> eliminated.
>
> Sandboxie works fine with all browsers but requires Windows 2000  
> and later. It can cause problems on some PCs so backup before  
> installing.
>
> Users of earlier Windows versions may want to check out   
> SpywareBlaster [2.  It's is not a sandbox but rather is a program  
> that changes some settings in your computer to help prevent an  
> initial infection. It provides protection against thousands of  
> malevolent products that use ActiveX based exploits, block hostile  
> sites and discards unwanted cookies as well. SpywareBlaster is most  
> effective with Internet Explorer but can be used with Firefox as  
> well. though this may be overkill as Firefox doesn't need to be  
> protected against ActiveX exploits. Once it has changed your  
> setting SpywareBlaster doesn't really need to continuously run on  
> your PC other than to provide automatic updates. These can however  
> be initiated manually. SpywareBlaster is free but the update  
> service costs $9.95 annually.
>
> A companion program to SpywareBlaster is SpywareGuard [3] that  
> provides active protection. It is a monitor that checks programs  
> before they are run for malware behavior and also does some  
> signature checking as well. However of late SpywareGuard seems to  
> have been rather neglected with no new updates for more than a year  
> so I can only give it a qualified recommendation.
>
> An alternative to SpywareGuard is to use one of the free intrusion  
> prevention and detection utilities listed here. These provide  
> active protection against infection and work very effectively in  
> concert with the passive protection provided by SpywareBlaster.
>
> =>index
>
> [1] http://www.sandboxie.com  Free for personal use, Win2K and  
> later, 310KB
> [2] http://www.javacoolsoftware.com/spywareblaster.html  Freeware,  
> all Windows version, 2.5MB
> [3] http://www.javacoolsoftware.com/spywareguard.html  Freeware,   
> All Windows versions, 913KB


> 5  Best Free Firewall   Updated July 25, 2006

> [1] http://www.sunbelt-software.com/Kerio.cfm (7.3MB)
> [2] http://www.zonelabs.com/store/content/company/products/znalm/ 
> freeDownload.jsp  (9.0MB)
> [3] http://www.personalfirewall.trustix.com/ {14.1MB)
> [3] http://www.jetico.com/index.htm#/jpfirewall.htm[ (2.7MB)
> [5] http://www.netveda.com/consumer/safetynet.htm (6.3MB)



> 6   Best Free Trojan Scanner/Trojan Remover
> [1]  http://www.ewido.net/en/  (2.2MB)
> [2] http://www.anti-trojan-software-reviews.com/review-ewido.htm <=  
> review of Ewido


> 7   Best Free Rootkit Scanner/Remover  Updated June 11, 2006

> [1]  http://www.f-secure.com/blacklight/  (787KB)
> [2]  http://www.sysinternals.com/Utilities/RootkitRevealer.html  
> (210KB)
> [3] http://www.sysinternals.com/Forum/default.asp
> [4] http://www.xfocus.net/tools/200509/IceSword_en1.12.rar <= slow  
> Chinese site, 565KB
> [5] http://tinyurl.com/ckqsn <= Local download link for IceSword  
> (V1.12)
> [6]  http://rapidshare.de/files/21011497/IceSword1.18en.7z.html  
> (V1.18)
> [7] http://www.techsupportalert.com/rootkits.htm <= How to deal  
> with the threat of rootkits


> 8  Best Free Intrusion Prevention and Detection Utility for Home  
> Use   Updated June 22, 2006.

> [1] http://www.techsupportalert.com/intrusion-detection.htm
> [2] http://www.prevx.com/prevxhome.asp  Freeware, Win2K and later,  
> 7.5MB
> [3] http://www.download.com/Prevx-Home/3000-8022_4-10364927.html
> [4] http://www.winpatrol.com/download.html  Freeware, Win 98 and  
> later, 1.1MB


> 9  Best Free Anonymous Surfing Service

> [1] http://anon.inf.tu-dresden.de/index_en.html
> [2] http://tor.eff.org/






--
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61258620 M: +61 417820641  F: +61 2 6230 6121
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request
Cacert Root Cert: http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.
Use ISO 8601 dates [YYYY-MM-DD] http://www.saqqara.demon.co.uk/ 
datefmt.htm

Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the Link mailing list