Home computer security, antivirus, malware, and more

[Face_Intentionally_Left_Blank]

While I’ll be glad for antivirus/scanner suggestions, I’m hoping for some security suggestions beyond the usual methods/suspects.

I surf. A LOT. I click from link to link to link, and sometimes I end up in dangerous places that I didn’t really intend, in the search of a promised article or a bit of info. Sometimes I end up in seemingly safe places, but find their ads are infected, or someone did something naughty to their webpage, or whatever. My point is, I would like to improve my security. Let’s assume that I am habitually possessed of bad judgement and little sleep, so my surfing habits are unlikely to change.

What I’m using:

[ul]
[li]Windows 7 Pro, 64-bit[/li]
[li]ESET NOD32 Antivirus - Due to expire in the next 10 days, I’ll have to buy another license or switch. Thinking about Kaspersky, as they’re perennially good, and a friend said it had very little effect on his gaming benchmarks. I don’t like heavy, bloated, resource-hungry utilities. May stick with NOD32. Haven’t decided.[/li]
[li]Malwarebytes Anti-Malware Premium - with real-time monitoring.[/li]
[li]BluHell Firewall - Not a firewall, but a small add-on for Firefox that does much of what AdBlockPlus does, but with less memory usage. Works pretty well, never felt the need to go back to AdBlockPlus after taking BluHell for a test.[/li]
[li]Firefox with NoScript - I’ve used both for years, but I’m finding NoScript increasingly problematic. With my surf habits, I visit a lot of new (to me) websites, and I’m constantly fiddling with it, allowing this and that until I find the thing that I need to allow to view the webpage properly. This is an 11-month-old install, so it’s not likely to get better in a few weeks once I have my regular sites set up. NoScript may also be causing problems with my Outlook.com web-based email, so I find myself disabling it far more frequently than I ever would have in the past. A disabled NoScript is no help, but yet it bugs the hell out of me. It is because of this I am looking to increase my security otherwise, in hopes of picking up the slack somewhat. I try not to leave NoScript disabled for long, but accidents happen.[/li]
[li]Drive Image- I periodically image my drive, and can roll back to an image to undo everything that’s happened since. Not as bad as a format/reinstall, but not something I like to do a lot.[/li]**I’ll field suggestions for my next antivirus, but I’m also looking for other, hopefully low-maintenance/low-overhead security measures I can implement.
**
Things I’ve tried/considered:

[li]UAC: I turned this off when I installed Windows, and use an Admin acct. I know, bad Face! Bad! I just like to be able to do whatever I want without hassle. I recently tried upping UAC again, and found it kind of broke LCDMISC, a utility I use for my g15 keyboard display. I’m not willing to do without it, so UAC was turned off again.[/li]
[li]Hosts file: I’ve heard there are hosts files that you can merge with your own that re-route known ad-spammers and malware-infested URLS. Anyone use these? Your experiences/thoughts?[/li]
[li]EMET 5.1: I’ve heard good things about this, but I just don’t quite get what the hell it does, so I’ve been hesitant to install it.[/li]
[li]SandboxIE: I have this installed and use it on rare occasion, but dislike it for much the same reason I surf under my Admin acct and don’t run UAC. I like to save bookmarks and pictures and files, and I might make changes to Firefox that I don’t want to disappear when I close it. I also run *LastPass *and Xmarks, and don’t think they’ll get along with SandBoxie on a regular basis. Maybe I need to work with this more and learn the ins-and-outs.[/li]
[li]OpenDNS: or other DNS besides what my ISP provides. Heard this could help. Don’t know how much, or if it could get annoying. Their idea of a ‘bad’ site could be quite different from mine, and I would be annoyed if I found myself blocked from a lot of sites unnecessarily. If it’s a worthwhile safety measure, and can be undone easily (maybe a script to switch between DNS servers), I’d try it.[/li][/ul]

So, security-minded people, what do you have for me? I’ve done some surfing on the subject, but it’s sometimes hard to get a bead on whether someone really knows what they’re talking about. Other times, it’s hard to understand what they’re saying. I could use the advice of some fellow Dopers, as I already know which ones of you are full of shit

Thanks!

[ethelbert]

I like your experiments with Sandbox, but I would take it a step further. Get an inexpensive computer and run some Linux distribution on it. Periodically refresh your installation with an image copy. Use this computer solely for your excursions (don’t do any banking on it). This will take some money and a bit of time, but hey, you’re insomniac.

ethelbert, only a little full of shit.

[Face_Intentionally_Left_Blank]

Hey, thanks. Yeah, your suggestions are solid, but a bit more involved than I really wanted. I’d rather shore up my current computer’s defenses than bring another machine into this. Also, money is a factor. I’m hoping to get a cheap, small SSD this Black Friday/Cyber Monday, and that’s about the limit of my extra money.
No one has any thoughts on EMET 5.1, OpenDNS, Hosts file blacklists? No opinion on a good, low-overhead antivirus? No other suggestions?

How about a good firewall? I used to use one all the time, but then they got bloated and hooked into the system worse than malware, so I let them go by the wayside.

[RickG]

Well, you could follow my friend’s advice and run Windows in a sack you can use to drown it. Specifically, turn your existing machine into a Linux box (free), get VirtualBox (free), and run Windows as a guest OS. Create a snapshot of the Windows guest machine just after doing a clean install of the OS (with all security patches). Surf to your heart’s content, pick up all the viruses/malware you like, then just revert the machine back to the clean snapshot. This is a much quicker version of “nuke and pave”.

If you are a gamer, this may not work. In that case, you might be able to convert the machine into a dual-boot configuration. Then just boot into Windows when you want to game, but don’t surf under any circumstances on that machine. When you want to surf in Windows, use the guest OS on the Linux boot. Or just do all your surfing in Firefox or some other browser on Linux.

Really, what does Windows provide that a real differentiator, besides gaming, these days?

[Quartz]

The first thing you should do is turn UAC back on. It’s nowhere near as invasive as it was in Vista. You should be able to adjust the properties for LCDMISC to get it to work with UAC.

[Trinopus]

I’m not savvy enough to give detailed advice…but I’m using AVG, which was recommended to me by a co-worker who is tech-savvy. But I also use the free version of Malware Bytes.

So far, I seem to be okay… (Cross fingers…)

[Face_Intentionally_Left_Blank]

Thanks for the suggestions. I’ll take another look at UAC and see if I can get LCDmisc to work. AVG is a good, free AV which is always in the conversation when you talk about good, free AV software.

The Linux installs and dual-boots are getting into a pretty radical area for me. I don’t want to get into Linux, and I don’t want to devote the time, effort or space for a dual-boot. I want to shore up my Windows install. I don’t doubt the effectiveness of your suggestions - it’s just that it’s rather a lot more than I want to get into.

This is similar to what I’m running into elsewhere. I’m not finding a middle ground between basic security measures (invariably an AV & Malwarebytes AM free) and fairly advanced measures which I consider to take excessive time, effort, and hard drive space (dual-boots, VM’s, Linux installs, etc). If you were to go strictly from what I googled up, you’d think there was no middle ground.

As I said above, I’ll mess with UAC and see if I can figure out how to get LCDmisc to work with it. I think I’m also going to dig into EMET 5.1 and see how that goes. I found some info on how to set it up.

Thanks to those who took the time to post and help me out. I appreciate you taking time out to lend your thoughts to the discussion.