Protecting yourself from botnets

[phusicist]

Our collective battle against botnets is going badly, according to Ryan Naraine’s recent article in eWeek.

What’s that? You didn’t know we were battling botnets? You’re not alone. Though botnets are a major cause of Internet insecurity problems, few netizens know what they are or how they work.

Hey there, so I just finished reading this newyork times articles on Bot Nets: http://www.nytimes.com/2007/01/07/t...=1&adxnnlx=1168193055-/Md4/0S5iz1xLjldK+u7Mw"
and it got me thinking. I have no firewall or antivirus software, though I use SpyBot S&D and webroot spysweeper, so I'd like to install a fresh copy of windows and put up every preventative measure I can. Only problem is every botnet article I've read so far suggests that there really isn't any way you can fight them. So I'm wondering if you guys can help me out.

First I'm thinking of getting Shields UP as an antivirus and Zonealarm firewall. Do you suggest another anti-virus/firewall?

PCWorld suggests the following:

We looked at five apps that adopt this preventive strategy. Amust's 1-Defender and DropMyRights, two free programs, restrict the ability of software (and malware) to make major changes to your computer, such as in non-user-controlled parts of the Windows Registry. Though basic, these utilities are very effective--especially DropMyRights, which works with any program.

Stronger protection comes from two apps that wall off Internet programs in a "sandbox." Software running in the sandbox is blocked from making system-level changes and from accessing personal files, like bank documents in your personal finance app. GreenBorder Pro works only with Internet Explorer, though a Firefox version is planned; for $30 (the promotional rate at press time), you get a one-user license plus a one-year subscription that covers product updates. Fortres Grand's $50 Virtual Sandbox works with any program and must greenlight any process that wants to run on your computer; but its frequent alerts can grow irksome, and its setup is somewhat more complicated than GreenBorder Pro's.

For even more protection, consider the free VMWare Player and Browser Appliance. This hefty download supplies a Firefox browser that runs in a fully virtualized environment; it's much like using a separate PC just for the Web. There are some gotchas, but the player is fairly easy to install, and it offers a great deal of safety for systems with the resources to run it.

I'm not very computer-literate so can someone explain how and why these work?

Also, anymore suggestions would be great. Thanks a lot.

 

[-Job-]

The idea with those programs is to isolate personal data and trusted applications from the high risk operations of browsers and malicious software.
With DropMyRights, by restricting program's ability to make system changes you can, isolate your browser from the system registry, so malicious software running on the browser won't be able to change the computer policy to disable access to the TaskManager, for example.
Sandboxing also isolates a program's access. By sandboxing an application, such as a browser you can disable access to certain information on your disks for example (i.e. the program can only use the resources in its sandbox). This would prevent malicious software from stealing your personal data.
Finally, VMWare Player, or VMWare Workstation which is better but not free, allows you to create a completely separate environment. VMWare emulates computer hardware, which you can use to run a separate Operating System from within your existing OS (called the host OS). When you run an OS image from VMWare you specify how much disk space to use, how much RAM, how many CPU cores, etc. The OS running within VMWare has only access to these resources (unless you explictly enable access, by creating network shares for example). So VMWare can work as a sandbox for a whole Operating System.
For example, i have VMWare Workstation installed on my laptop (Win XP) and i have two OS Images that i can load into VMWare at any time, one is SUSE Linux 10 and another is Windows Vista. I use these for testing mostly, but if you're worried about security then you would do your high risk operations in one of the images, and keep your personal data and applications on the host Operating System.

 

[phusicist]

Thanks. Very informative. DropMyRights might be unnecessary if you use zonealarm, it prevents any registry changes while you surf. But I think I'll try it out anyway. And I hear that Virtual OS can themselves be weak against exploits, is this true? And I plan on using bank accounts/credit cards online. One more question, will these sandboxes interfere with Kaspersky or Zonealarm? I'm pretty sure both also monitor program access. I remember using Zonealarm a while ago and the constant prompts for permissions gave me headaches, not even knowing what to allow and not to allow.

So from now on I'll only use my admin account for adding new programs, I'll get Kaspersky and Zonealarm, both having these nice privacy protection centers, try sandboxing, and also switch to my ISP provided email accounts. Is this a good start? I've tried backing up my free hotmail account but I couldn't figure out how. I think I'll have to forward each message individually to my gmail and use outlook express to back that up.

 

[Anttech]

Zonealarm is the worst program I have ever seen. It manipulate Ignorance to make itself look like it is doing something.

"Zonealarm has stop 10,000,000 crack attempts to root your system"

should read

"Normal network chatter has been detected 10,000,000 on your network"

 

[mcgreen]

Link to Good Review of 8 Sandbox Programs

phusicist,

Gizmo over at Tech Support Alert did a review of 8 popular sandbox apps. It's good reading, check it out at

http://www.techsupportalert.com/security_virtualization.htm"

Also AVG has both a free and paid AV program that work well and are popular. I've used both with minimal complaints.
http://www.grisoft.com" (free)

Nod32 also has a very good AV program.
http://www.eset.com"

Good Luck!
-McGreen