greatdivide's Security Configuration! *Warning: Noob Here*

[greatdivide]

Hello everyone.

Please understand that I am not an expert in this area. I am also not an avid downloader and I'm the type of guy that downloads things when needed. I do not do any malware/virus testings. I usually go with freewares unless I have to pay premium for a certain feature. I'll try my best to go into details about my project.

I have a small startup that handles client information(outsourcing jobs). So basically, we have Client 1, and we act as his virtual assistant. We also do a lot of content research/article writing. We edit images hence we have Adobe Photoshop CC 2015 and Illustrator CC 2015. We also have Microsoft Office 2013 to install Word and Excel. I have a license for 2016, but I do not like the fact that I cannot customize my installation. And I'm very anal when it comes to installation of softwares as I only want the things that I use to be installed.

My staff aren't very tech savvy and are only working what they're told to. So since they'll be in the vast domain of the internet, and this people won't be able to identify what is malicious or not, I need to safeguard their workstations to avoid simple and complex mistakes. So, I compiled a list of what I believe 'Experts' in this forum are using. Also, as per @Umbra 's recommendation, I plan to stick with my 'finalized' list just so I can master their functions and their behaviors.

Webroot AnywhereSecure - As I've said. I'm not very knowledgeable when it comes to antivirus. I pretty much want to use this since I really like softwares that are being constantly updated by their developers. It has a great UI and has a great feedback from reputable security researchers.

Comodo Firewall - I'm still researching if this would suffice or if it would be optimal to get CIS Pro. But I'm definitely leaning on Comodo as they have been in the firewall industry for quite a long time now. I'm also a huge advocate of their SSL Certificates as well.

Hitman Pro Alert - Another great software that is heavily discussed and consistently being updated. I'm quite confused about this one though. Is Hitman Pro Alert a freeware because I can't see an option to purchase a license in their site. Only for Hitman Pro.

Emsisoft AntiMalware - To be quite honest, this is such an under-advertised product(at least for me). I guess I was in the bandwagon of MBAM, I have been using MBAM for more than 5 years and it has never failed me. But I'll see what the fuss is all about EAM. They have a money-back guarantee, so it's a win-win situation.

SecureAPlus - Yet again another highly updated software and it's amazing how the developer listen to people's demands. I love the synergy of this product. People are willingly looking for bugs, developer quickly attends to it. It's just amazing. You get the benefits of having 10+ highly reputable antiviruses whilst being free. I don't think it can get any better than this.

Hitman Pro - This will be a mainstay on the on-demand/second opinion scanners. Will definitely purchase a license for this, not only because of the product, but also to support the developers as well.

Malwarebytes AntiMalware - I already have a lifetime license of it. Has been working great for the last couple of years. Another addition to the second opinion scanners.

Emsisoft Emergency Kit + Comodo Cleaner Essential - Both products are foreign to me. But I'll definitely do my research on it before deciding. It's also used by @Umbra, so it must be good.

Shadow Defender - This will solely be used whenever I want to add a software to the workstations. I'm only downloading softwares from reputable companies and making sure the hashes match.

Adguard + Adguard Assistant - Any word if it has any conflict with Adblock Plus/uBlock Origin?

HTTPS Everywhere + WOT - This will be another mainstay. It will definitely help stir away my staff from potentially malicious websites. With WOT giving that graphical warning, and HTTPS Everywhere making sure that they are communicating with the destination site with encryption.

I'm open for suggestions and recommendations that will fit best my situation.

Thanks MalwareTips!

 

[Deleted member 178]

I will redline the important fact , then give you my opinion.

Please understand that I am not an expert in this area. I am also not an avid downloader and I'm the type of guy that downloads things when needed. I do not do any malware/virus testings. I usually go with freewares unless I have to pay premium for a certain feature. I'll try my best to go into details about my project.

I have a small startup that handles client information(outsourcing jobs). So basically, we have Client 1, and we act as his virtual assistant. We also do a lot of content research/article writing. We edit images hence we have Adobe Photoshop CC 2015 and Illustrator CC 2015. We also have Microsoft Office 2013 to install Word and Excel. I have a license for 2016, but I do not like the fact that I cannot customize my installation. And I'm very anal when it comes to installation of softwares as I only want the things that I use to be installed.

The help you need , it is your private computer or those you use for your company? this is very important.
The first paragraph indicates it is your private computer; but 2nd paragraph seems to indicates you also use your computer for working.

First rule: NEVER but NEVER , mix private and working computer. Better buy a middle-end computer exclusively for your work , with it , no fancy surfing , downloads movies or whatever. it will be only for working.

My staff aren't very tech savvy and are only working what they're told to. So since they'll be in the vast domain of the internet, and this people won't be able to identify what is malicious or not, I need to safeguard their workstations to avoid simple and complex mistakes. So, I compiled a list of what I believe 'Experts' in this forum are using. Also, as per @Umbra 's recommendation, I plan to stick with my 'finalized' list just so I can master their functions and their behaviors.

From that i guess you are the one who setup the PCs, seems you don't have an IT guy.

if needed, i will gives 2 answers for each product ; one for Private use , one for corporate use.

Webroot AnywhereSecure - As I've said. I'm not very knowledgeable when it comes to antivirus. I pretty much want to use this since I really like softwares that are being constantly updated by their developers. It has a great UI and has a great feedback from reputable security researchers.

Private: good one, im using it right now, you will have almost nothing to configure.
Work: if you have several computers, you may purchase the endpoint version , then you can manage all the computers from yours.

Webroot has tons of preventive features, take a look on it and inform yourself

Comodo Firewall - I'm still researching if this would suffice or if it would be optimal to get CIS Pro. But I'm definitely leaning on Comodo as they have been in the firewall industry for quite a long time now. I'm also a huge advocate of their SSL Certificates as well.

definitely not for you, in both case. You need expertise to use it properly. if you use it , you will have lot of issues to deal.

Hitman Pro Alert - Another great software that is heavily discussed and consistently being updated. I'm quite confused about this one though. Is Hitman Pro Alert a freeware because I can't see an option to purchase a license in their site. Only for Hitman Pro.

Great program, yes it has a free (but limited in features) version. It is almost an automated soft; you will have barely nothing to do. if you can afford to purchase it for each computers , i would recommend it.

Emsisoft AntiMalware - To be quite honest, this is such an under-advertised product(at least for me). I guess I was in the bandwagon of MBAM, I have been using MBAM for more than 5 years and it has never failed me. But I'll see what the fuss is all about EAM. They have a money-back guarantee, so it's a win-win situation.

Another great program; a bit more complex than Webroot but their support team is very efficient in case of issue.

SecureAPlus - Yet again another highly updated software and it's amazing how the developer listen to people's demands. I love the synergy of this product. People are willingly looking for bugs, developer quickly attends to it. It's just amazing. You get the benefits of having 10+ highly reputable antiviruses whilst being free. I don't think it can get any better than this.

I never used it, so i cant be of much help for this
so i would use it only on private computer.

Hitman Pro - This will be a mainstay on the on-demand/second opinion scanners. Will definitely purchase a license for this, not only because of the product, but also to support the developers as well.

If you buy an Hitman Pro Alert's license, you will have Hitman Pro licensed included !

Malwarebytes AntiMalware - I already have a lifetime license of it. Has been working great for the last couple of years. Another addition to the second opinion scanners.

indeed, more private use however even if they do endpoint solutions.

Emsisoft Emergency Kit + Comodo Cleaner Essential - Both products are foreign to me. But I'll definitely do my research on it before deciding. It's also used by @Umbra, so it must be good.

yes do your research first; because they are malware remediation softs. You will use them only on infected computers and by someone with some expertise. Deleting critical files may occurs.

Shadow Defender - This will solely be used whenever I want to add a software to the workstations. I'm only downloading softwares from reputable companies and making sure the hashes match.

hahaha my favorite for both private or corporate uses.

You miss one very important aspect of SD; revert any changes to the selected partition.

Imagine you have your employee workstation, all the important software needed for his job are installed. Then you install SD, and set it to protect at boot.

From now, everything the employee will do on his computer will disappear at next reboot (everything , including malwares). So in a corporate environment, you have to exclude some folders , where the employee will save his work or protect only the system partition and let another partition unprotected to save the files the employee needs.

not saying , if you want to update something on the computer, you just quit the protected mode, update what you want and reprotect it.

using SD smartly allow you to even discard the need of any AVs except anti-keyloggers (since keyloggers transmit your datas in real time. SD will delete it only at the next reboot , in the meanwhile damages could be done and sensitive infos leaked)

Adguard + Adguard Assistant - Any word if it has any conflict with Adblock Plus/uBlock Origin?

Adguard Desktop (paid version) is the best of all adblockers; it also prevent malwaretized ads , phishing and other malicious sites. no conflicts but overlappings that will slow down your surf.
If you have Adguard desktop, no need the others.

HTTPS Everywhere + WOT - This will be another mainstay. It will definitely help stir away my staff from potentially malicious websites. With WOT giving that graphical warning, and HTTPS Everywhere making sure that they are communicating with the destination site with encryption.

cost nothing to add them , go for it.

Final note:

Most of the cited softs are private computer oriented.

For you company's computers; from this list , i would do Webroot endpoint solution + Shadow Defender, both are easy to use and need few maintenance. Then HMPA and adguard will be good additions but not necessary.

if you take a look on my configuration, i'm using both

both need
i hope i helped you.

 

[greatdivide]

I'm horrible at quoting. So I'll just reply in points. I hope that would be fine for you. Just to clarify, my private computer will be used privately. (Irony right?) Basically, this is the area where I will stress test the needed applications that I need to put on the workstations. However, there won't be much applications to use on it, since we're just doing outsourced work, the majority of the jobs are done via the browser.

1. So, I guess it's safe to say that if I have >5 workstations, it's optimal to go for an Endpoint Security type of protection. I've read lots of great reviews regarding Symantec Endpoint Protection. I guess I can't finalize my decision on Webroot without reading more about what other companies have to offer. But I'm very thankful that you have brought this to my attention.

By doing a quick search, I believe there are 4 stand outs that provide business-level of protection. And these are as follows:
- Kaspersky Small Office Security
- Symantec Endpoint Protection Small Business Edition
- ESET Small Office Security
- Webroot Endpoint Protection

These are all great choices for me. Just need to read more about it and post my thoughts about it. But in terms of reputation, these are really good companies.
2. I don't believe that there's a great need for an IT guy. There shouldn't be anything hard that I cannot accomplish through the help of Google and since we're not doing anything high-risk, and with the preventatives that are in place, we really don't have a big threat model. Our main adversary would most likely be those generic try-hard malwares. But then again, I'm not being too cautious.
3. Any recommendation for a firewall for a beginner? I'm definitely willing to learn.
4. Yes. I'm going to purchase Hitman Pro Alert for every single workstation and even my own private laptop. And it's great to hear that Hitman Pro comes together with it.
5. Since nothing will be saved in the workstation computers(everything will be saved in the NAS), then SecureAPlus will only be used on the private computer.
6. Regarding Shadow Defender, I think this is a program that needs proper monitoring. At least for me. So, I'll purchase the license. Do some test runs. And when I feel comfortable about adding it to the workstations, then that'll be the time. It's a very powerful solution.

Thank you @Umbra for your time and answers.

Cheers,
greatdivide

 

[Deleted member 178]

the majority of the jobs are done via the browser.

so you will need HMPA more than other stuff.

By doing a quick search, I believe there are 4 stand outs that provide business-level of protection. And these are as follows:
- Kaspersky Small Office Security
- Symantec Endpoint Protection Small Business Edition
- ESET Small Office Security
- Webroot Endpoint Protection

i used Symantec EP, great but you will need lot of research to master it properly to secure your network. SEP is made to be tweaked, there is no default setting; but once setup , it is great protection . read my review of it : Symantec Endpoint Protection (review & explanation)

2. I don't believe that there's a great need for an IT guy. There shouldn't be anything hard that I cannot accomplish through the help of Google and since we're not doing anything high-risk, and with the preventatives that are in place, we really don't have a big threat model. Our main adversary would most likely be those generic try-hard malwares. But then again, I'm not being too cautious.

so it is fine, if you can handle the job

3. Any recommendation for a firewall for a beginner? I'm definitely willing to learn.

Windows Firewall is enough, learn to tweak it; if you need it to shows alert popups to notify if some processes want to reach out; you may use Binisoft Windows Firewall Control.

4. Yes. I'm going to purchase Hitman Pro Alert for every single workstation and even my own private laptop. And it's great to hear that Hitman Pro comes together with it.

indeed

6. Regarding Shadow Defender, I think this is a program that needs proper monitoring. At least for me. So, I'll purchase the license. Do some test runs. And when I feel comfortable about adding it to the workstations, then that'll be the time. It's a very powerful solution.

and simple to use

Thank you @Umbra for your time and answers.

You are welcome, i'm sure other members will jump in this thread and gives you some more advices

 

[Soulbound]

ill lay my opinions on the list that is not on the actual config:
-webroot if 1 single pc it is fine, but other vendors provide decent protection such as symantec, eset, kaspersky. if more than one pc network, then get endpoint version of eset or symantec.
-firewall: windows firewall is sufficient granted you are behind a router.
-wot: wot is a community based rating system, dont go trusting it blindly. you have better use by using mcaffee equivalent or even using symantec's dns services.

toolkit for on demand scanners is fine but do you really need that much?

still on a fence if shadow defender is really needed, but it is a good software.

 

[Exterminator]

This thread seems like it's 7750 pages long
Only thing I can add is maybe using a spoiler

[SPOILER=whatever it is you want it to say] your post [/SPOILER]

Thanks for sharing your config

 

[jamescv7]

Well in the case of business computers, it does need an overlapping protection capabilities hence more on virtualization and backup within system image.

Webroot SecureAnywhere can be an acceptable component of Antivirus, since its pretty light + the configuration is already at good stage. So the works involve on business computer should not be a problem.

Since you use SecureAplus, then that should end the story cause of numerous engines provided if you connect on the internet as protection is reach on maximum level.

Shadow Defender is a good choice as virtualization but needs a proper maintenance in dealing exclusion of folders.

Other mentioned are fine to be include on a separate partition and use in case of emergency happen.