I mentioned in that post that if you tell it to, a sandbox will let you download files and programs onto your PC and if you want to install software or edit and print a file you will have to let things out of the sandbox and into your PC where you are of course vulnerable to attack.
So how do you protect yourself from threats OUTSIDE the sandbox?
This post (and the next one) will discuss two different kinds of programs which might be called "before" and "after".
The "before" programs monitor your hard drive for suspicious looking activities (e.g. logging keystrokes, changes to certain files on your hard drive) and alter you to the requested changes asking you to approve or abort.
One free program which does this is ThreatFire AntiVirus (previously called "Cyberhawk"). I used to use this program but I found the warnings uninformative - which means that you are told something is wrong and can't really work out if the reported alarm is a threat or not. As a result I didn't allow some changes which needed to be made to run legitimate programs).
However, I found another free application called WinPatrol which does this job and gives you enough information to tell whether the changes that a program wants to make come from a trusted or malicious source. Win Patrol. (They have a "Plus" version which apparently tells you more, but I've been doing fine with the free version.)
Here (Diagram 1) is a screenshot of WinPatrol's control panel. (It includes options like scheduling tasks, control of which programs run at start up etc.)
Diagram 1
When WinPatrol spots something suspicious it alerts you.
Here (Diagram 2) is the alert I got when Windows Live Mesh tried to add itself to the progams running at start-up. (As it happens this change is acceptable, but if you received such a message from a program which you didn't want to allow to make this change you would simply hit the "No" button instead of the "Yes" button).
(Diagram 2)
The bonus of programs like Win Patrol (as opposed to re-active programs - see below for examples) is that they are pro-active - catching things before they happen - rather than re-active - catching problematic changes after they have happened. So WinPatrol etc. give protection in real time.
I also run Spybot Search and Destroy and Lavasoft's Ad-Aware (two "re-active" programs) just to make sure that nothing got through inadvertently.
(Lavasofts paid versions apparently offer real-time protection, but we're looking for FREE software)
In my next post I will discuss the free programs which remove all traces of any installed programs.
(By the way the "barking dog" sound which is set as a default can be neutralized on the control panel)
WinPatrol can run on: Windows 95/98/Me/NT/2000/XP/Vista
Subscribe by EMAIL
Site Feed (get updates as they happen)
No comments:
Post a Comment