Build Your Best Single Super App

[AtlBo]

What is the best way to describe the tools available to security programmers when designing a security application? I'm not sure, but I gave it some effort below. Idea of the thread to use the below to build a super app from pieces of existing software that fit the category or at least the best possible combination of any of these types of protection. Don't have to go for them all, and it's fine to go for a lean combination. Just think of them being combined into one application. Example is the ability to fit Comodo HIPs ability to protect backup drives into an app, so that from alerts I can set which programs are allowed access to the drive. That would be for File/document protection. Choose which types of protections you would use and the applications that have the best module to date->build your best possible super app. Also, it's OK to have duplication of protections like HIPs document and roll back. Sometimes things get by security. Here are the types of protection I have come up with so far:

1. Signature detection

1. Static​

2. Dynamic​

2. HIPs monitoring
3. Anti-expoit-Memory protection (smart protections or trainable as with Comodo HIPs)
4. Anti-EXE policy (Application whitelisting)
5. Anti-EXE run-time (Application blacklisting (hope I didn't get these two backwards))
6. AI/ML monitoring
7. Sandbox protection (less configuration is better)
8. Firewall protection
9. File/document protection
10. Secure backup
11. Anti-keylogging
12. Network monitoring/parental support (i.e-Gryphon type internet control software)
13. Security tools (which ones)

1. File shredding​

2. Mail shredding​

3. Security cleaner​

4. Mail scanning​

5. Software updating​

14. Zero day protection
15. Anti-ransomware (including roll back etc.)
16. System policy (i.e.-Remote desktop refinement or improved user access limitation/management software)
17. System monitoring and protection (i.e.-monitoring of system events, tasks, startups, clipboard monitoring, camera monitoring, anti-screen capture, and logs)-This includes monitoring and protection of Windows settings
18. Browser filtering
19. Password management
20. VPN
21. Data encryption
22. Anti-theft software
23. Script monitoring-Includes monitoring of interpreters
24. Secure browsing and online banking and purchases-Can include Anti-tracking or other features (can be in the form of a security browser or extensions or other software addons) Can include Anti-tracking or other features (can be in the form of a security browser or extensions or other software addons)
25. Behavior monitoring (i.e unknown application adding a driver or service)
26. Boot protection-Anti-rootkit
27. Tamper protection-Protection of settings
28. Self protection-Protection of application run-time integrity

If anyone can think of another type(s) of protection I didn't mention, please say so. I will add it someplace in the list.

I can't build my ideal application for now. I could come up with something about 1/4 decent if the software I would recommend were more reliable and/or flexible. I will work on the best I could come up with and post it later. Looking forward to seeing which protections are chosen...

 

[DDE_Server]

Really interesting thread i will keep watching

 

[DDE_Server]

i want recommendation for Harding windows firewall as am depending mainly oh soft firewall (TP link router firewall are active but they don't permit to play with its configuration in my home )
i am using Emsisoft +Vodoo shield and applied Hard-configuratior by Andyful
but i feel the need to hard the web protection more by firewall and be simple and compaitable without over killing my machine with any source hog applications

 

[AtlBo]

Here is what I came up with last night. Many protections, but I don't think it would be really heavy. For example, I don't need rollback, rather smart sandboxing of documents and HIPs style write protection of document/important locations. Other than detection and AI/ML from network protection, I think this is mostly mechanical style protections.

CHOICES:
9. File/document protection-Comodo from the HIPs module. Protected Files and Folders->Protected Objects->[user select location]
1. Signature detection-Kaspersky Security Cloud
10. Secure backup-don't think this exists yet. Only backup app can write to backup locations
12. Network monitoring/parental support-Gryphon software, protections, and firewalling.
7. Sandbox protection (less configuration is better)-Some kind of a smart on demand sandbox. Sandbox all unsigned/unsafe and browsers and vulnerable document applications, like Comodo but smarter sandbox settings
11. Anti-keylogging-SpyShelter anti-keylogging module
24. Secure browsing and online banking and purchases-Rather have the security built into the browser like with Avast Secure Browser than extensions...long as the browser is as good as uBlock.
15. Zero day-Bitdefender's quick signatures
3. Anti-exploit-More like Comodo's HIPs monitoring of memory access for unsigned/unrecognized . I like being able to protect each process from both memory access of other apps and from process' own attempts to access memory of others. I like that Comodo helps set up exclusions from alerts
25. Script vault-Just something I thought up but haven't seen
19. Password protection-Like KeePass or Last Pass but data encrypted and stored locally. Open source is the way to go with this software...all the way open source...

MUST HAVE but not necessarily in the main app. Could have separate apps for these:

17. System monitoring-(i.e.-monitoring of system events (event viewer type events), tasks, startups, clipboard monitoring, camera monitoring, anti-screen capture, and logs...Notifications and Warnings) MUST HAVE. I want this from a security based app. I am fairly certain this does not at present exist in a form I would buy
13. Security tools-I want this, and I want these exact ones
1. File shredding
2. Mail shredding
3. Security cleaner
4. Mail scanning
5. Software updating
16. System policy (i.e.-Remote desktop refinement or improved user access limitation/management software/other tools for managing system)-I want this for sure, but I think mostly for managing group policy and registry based settings...also add a layer of security to Remote Desktop and maybe some other Windows elements.

Much of this programming doesn't exist at this time at least...

 

[RoboMan]

My perfect app would have the following modules:

Real time protection scanning
Static= BitDefender signatures
Dynamic= Kaspersky Systemwatcher

File whitelisting/blacklisting
Kaspersky Application Control and Vendors List

Document and logging protection
Zemana anti-keylogging / ESET document protection

Firewall
Windows built-in with an easier rule adding GUI with a context block/allow connection

Sandbox
Comodo's sandbox with auto-sandbox

Tools
File Shredder
Secure Vault

Ransomware Protection
Kaspersky rollback
Secure folders

Others
Boot protection
Memory protection
Windows settings protection (avoid disabling system restore for example)
Monitoring interpreters
Tamper protection
Self protection
Anti tracking for browsers

 

[AtlBo]

Others
Boot protection
Memory protection
Windows settings protection (avoid disabling system restore for example)
Monitoring interpreters
Tamper protection
Self protection
Anti tracking for browsers

Thanks for these. I will add clarification for the following:

Anti-exploit->memory protection (smart protections or trainable as with Comodo HIPs)
System monitoring-This includes monitoring and protection of Windows settings
Script monitoring-Monitoring interpreters
Secure browsing and online banking and purchases-Can include Anti-tracking or other features (can be in the form of a security browser or extensions or other software addons)

These will be added:

Boot protection-Anti-rootkit
Tamper protection-Protection of settings
Self protection-Protection of application run-time integrity

Always liked the idea of a self-protection app that a computer operator could configure to protect any application(s) on the system from unauthorized shutdown. Comodo HIPs has this as one of its HIPs protections. When I considered boot protection and thought of it as part of "System monitoring", but it can be a standalone protection module too. For me System monitoring would cover boot protection and all of the other sensitive areas of Windows...