Quick Fix is now recommending the following free security tools and options to help maximally protect Windows-based computers against the particularly nasty infections making the rounds today.
We present these recommendations in a three-tiered structure of options:
(1) Our standard security software provides excellent security protection in a manner that is maximally-transparent and minimally-intrusive during computer use regarding both (a) informative pop-ups (and “nag screens” from free security products, in some cases) and (b) requests for user action when problems are identified or suspected. This level is what the vast majority of our customers will be most comfortable with. This option is what Quick Fix installs, by default, with all of its standard shop services.
(2) Our advanced security options offer an enhanced level of security, but, necessarily, require the user to become more highly-informed in order to correctly utilize the protective features offered. From a user perspective, this will entail (a) being presented with more pop-ups (and “nag screens”), (b) making appropriately-informed decisions regarding real or suspected infections, and (c) correctly dealing with usage limitations imposed on both (i) some network communications and (ii) some hardware and/or software installation processes. Using these tools correctly and without complications will require users to become educated about appropriate usage methodologies. We expect this option will be attractive to a relatively small subset of our customers. This option will be installed by Quick Fix only upon specific request, and with full customer understanding of the associated operational implications.
(3) Our expert security options offer the highest level of protection against malicious intrusions. However, this added security comes at a price, requiring the user to become highly-familiar with the correct usage of these tools. The tools in this category will (a) present the highest number of pop-ups and “nags,” (b) require the highest degree of user decision-making, and (c) impose the greatest number of security-related usage limitations. Comfortable fluency will be necessary in order to avoid otherwise unavoidable frustrations, and even possible Windows system corruption. We expect this option may appeal to only a few of our customers, but we feel it is important to make known that such extremely highly-protective tools do exist. Availability will be only for independent installation by the customer.
Standard security software
OpenDNS: This involves setting the computer’s TCP/IP (TCP/IPv4) DNS look-up option to manually use the following two IP addresses for domain name resolution: <208.67.222.222> and <208.67.220.220>. Doing so will reduce to nearly zero the likelihood that any internet navigation will pass through known infection-distribution sites. The only conflict we have encountered with this option regards laptops attempting to connect to protected “public” networks (as at hotels, for example) that require temporarily resetting IPv4 DNS resolution to “automatic” (because of requirements imposed by the network service provider). Afterwards, when no longer constrained by this requirement, the system should be reset to the above IP addresses for “secure” usage again. These settings present no incompatibilities with any Windows operating systems.
Microsoft Security Essentials (MSSE): This is a “pseudo-conventional” signature-based antimalware product, (a) the performance of which is nearly second-to-none, (b) that accommodates rootkit-types of infections (aided in significant measure by Microsoft’s recent acquisition of SysInternals), and (c) that “plays nice” with Windows installations (Microsoft developed both MSSE and Windows, so the frequency of conflicts and incompatibilities is exceedingly low). Versions of MSSE are available for all contemporary Windows operating systems (XP, Vista, and Win7, both 32-bit and 64-bit). MSSE is a set-it-and-forget-it installation that is extremely highly-automated in function, and is extremely highly-capable at defeating contemporary malware infections and strategies. At boot-time, MSSE may require a bit of time to fully execute all of its updates, so a few minutes of patience may sometimes be required.
Advanced security options
Threatfire: This is a well-performing free host intrusion protection system (HIPS) that also provides anti-rootkit scanning, detection, and removal. It is as close to a set-it-and-forget-it HIPS/rootkit solution available at this time. It will sometimes require time to update itself after initial boot, so a delay in system usability may be encountered. Also, it has been known to interfere with some relatively complex network communication environments, and also sometimes intercepts software and hardware installation processes. The network issues don’t really have a simple work-around, but installations can be performed by temporarily suspending Threatfire monitoring until after installations are complete.
Sandboxie: This free tool appears to have emerged as the Windows-based-computer standard sandboxing application in use in the world today. It presents as about the simplest sandbox utility available at this time, but still offers a moderately rich set of implementation features, should they be desired. By design, it will interfere with some system functionality, so becoming knowledgeable about its operation is a prerequisite for comfortably using this tool. It is primary intended for securing web-browsing sessions, but may be used in other applications, as well. After a 30-day “grace” period, Sandboxie presents with a 5-second countdown nag screen informing the user of the free status of the existing installation, and requesting whether or not the user wishes to purchase a full license. To continue using the free installation, just wait for the 5-second countdown and then click on the “proceed button,” and Sandboxie will continue to operate normally, indefinitely, free-of-charge.
Expert security options
Avira: This is a free, signature-based anti-malware scanning tool that offers absolutely top-of-the-line performance characteristics, plus an advanced installation option that allows Avira to start early in the boot process (before the Windows NT kernel has gone fully to protected-mode operation) to more-aggressively safeguard against operating-system rootkit hooks that try to install during the boot process. The free version offers resident-shield protection, and allows scheduling of updates and system scans, but presents the user with a bold, nearly-full-screen splash advertisement window after every update execution. Its signature-based detection capabilities are supplemented by heuristic detection, making it a formidable zero-day malware detector. If used, MSSE should be uninstalled first, as system-damaging conflicts might occur. Both 32-bit and 64-bit compatibility is offered by Avira AntiVir Free.
EmsiSoft Antimalware: This free signature-based antimalware application has perhaps the best performance characteristics (regarding both retrospective detection and prospective detection) of any products tested by independent testing groups over the past year or two (although Avira and MSSE are also very near the top). The free version, however, does not allow scheduling, nor real-time resident shielding, so updates and scans must be performed manually. As such, the free version is effective only as a manually-operated scanning and eradication tool, although, in that capacity, it is nearly the best, if not the best, product currently available (according to independent testing results). Also, its signature-based detection is supplemented with heuristics, imparting it with industry-leading zero-day detection and eradication capabilities. Both 32-bit and 64-bit compatibility is offered by the free license of EmsiSoft Antimalware.
Prevx: The free version (v3.0) of Prevx is useful as a host intrusion protection/prevention/detection system with excellent performance characteristics. It also offers scheduled and manual scanning capabilities. The free version of Prevx, however, does not offer a means for removal of identified malware/intrusions, although removal by other means is facilitated by the specific identifications provided by this tool. As with Threatfire, Prevx may, in some instances, interfere with normal networking functionalities, as well as, potentially, with some application installations (although installations can be made to proceed by temporarily suspending Prevx until installation is complete). Both 32-bit and 64-bit compatibility is offered by Prevx 3.0 Free.
Spyware Terminator: This is a less-commonly-known free security tool that possesses very nearly unsurpassed host intrusion protection/prevention/detection capabilities. Whereas its name suggests
spyware eradication as its primary function, it has become far better recognized as a leading host intrusion protection system (HIPS) (whereas its spyware detection/eradication capabilities are only middle-of-the-pack capable, in independent testing studies). Implementing this tool, however, will require a relatively highly-informed user, in order to deal with both (a) the relatively frequent requests for user interaction regarding (b) the aggressive nature of Windows system and application process interruption/interrogation exhibited by Spyware Terminator’s function. This tool is not recommended for those who seek to minimize their requirements for actively engaging with security software, although the protection offered has been shown to be among the most robust available today.
GeSWall: This is another of those free security tools that are not designed for those who seek to minimize actively engaging with their security software. The primary function of GeSWall can be considered as providing isolated Windows sub-operating environments (of which sandboxes are an example) in which to execute “untrusted” applications, processes, and functions. A simple way to characterize GeSWall may be as “Sandboxie’s considerably-bigger brother.” Comfortable, trouble-free utilization of GeSWall’s features will be accomplished only after considerable (and on-going) familiarization with its operational documentation and help files. The most recent version (as of this writing) is version 2.9. Version 2.9 does not yet support 64-bit Windows operating systems, but Gentle Security (the creators of GeSWall) claim that this support will be forthcoming with their anticipated “near-future” release of version 3.0.
SafeSpace: In the same way that GeSWall might be considered “Sandboxie’s big brother,” one may view SafeSpace as “GeSWall on steroids.” Releases of this free security software package can be found scattered about the internet, on the standard, legitimate, free-software distribution sites (just Google it), but it would appear that SafeSpace’s creators (Artificial Dynamics) may no longer be in business. Regardless, the pre-existing release of SafeSpace (ca. 2008) appears to remain compatible with all contemporary Windows operating systems. And, its feature set and functional capabilities are extremely impressive. It operates in the manner of a sandboxing, virtual-environment, application-isolator of “untrusted” processes, but with considerably expanded functional capabilities beyond those of Sandboxie, and even of GeSWall. Again, this is not a tool for those who wish to avoid user interaction, or the need for providing decision-making guidance. Nor is it for those who wish not to have to spend time reading about and learning how to use SafeSpace. However, for those so inclined, SafeSpace may be about the best, free sandboxing-type security application for Windows created to date.
_________________________________________________________________________________________
There are other security tools that probably deserve to have been included in the expert category, but have been omitted (the newly-released, free Online Armor firewall, recently acquired by EmsiSoft, being one such possibility). However, we continue to stay on the lookout for security alternatives that might better protect our customers’ Windows-based PCs. We will continue to keep you apprised of what we learn from our research into how to more effectively deal with the ever-evolving security-threat-landscape that presents to all computers that attach to today’s internet.
