A System Security Suite is one which bundles all the required tools for complete System Protection, like AntiVirus, Firewall, AntiSpyware, File cleaners, Registry Cleaners etc. But all these Security suites are commercial softwares.
How about making or rather assembling your own Security Suite, which consists all the required tools? These tools in the assembled Suite are very efficient and powerful. Moreover your Security Suite is completely FREE!
Read on…………

AntiVirus:-
Well, Viruses need no introduction, do they? To battle them you need an AntiVirus!
AVG 7 Free AntiVirus is one of the few full fledged free AnitViruses. Full fledged AV means that, it should at least have Real Time scanner, On Demand scanner, Mail scanner, Automatic Updates.
AVG satisfies all the above condition and has good Virus detection, Features set, and Quick updates and is also very light on resources. You don’t have to worry about any Viruses, Worms or Trojans sneaking into your PC, AVG’s powerful Real Time background scanner will block it.

Another equally good free AntiVirus is AntiVir. AntiVir has some 1,80,000+ ( and growning ) virus definitions, which makes it one one of the largest virus database. It has very good Heuristics to detect even the latest viruses. AntiVir's real time scanner is very light on system resources, making this one ideal for computers with lesser resources.

Avast Home Edition is another free AntiVirus, which has all the necessary features like Real time scanner, Network Shield and Web Shield for Networks and Internet, IM Shield for Instant Messengers and Automatic Updates. This new edition also supports 64 bit Windows Operating System.


AntiSpyware:-
Spywares, Adwares and Hijackers (collectively called as Malwares, short for Malicious Softwares) can do major damages to the system. Notorious malwares like CoolWebSearch are very hard to remove and are not detected/completely removed by the AntiViruses. This calls in for a special dedicated tool, AntiSpyware!
AdAware and SpyBot SnD are very good AntiSpywares which have frequently updated large database of Malwares.
SpyBot SnD has one cool tool built into it called as TeaTimer, this TeaTimer monitors the System continuously and protects the System files and Registry from Malwares.
SpyBot SnD also adds a BHO to the Internet Explorer, by using this SpyBot blocks the bad downloads(like installation of ActiveX components, BHOs by Spywares without the knowledge of the user) automatically. These two softwares are a must have in every computer.
Another good tool is Microsoft AntiSpyware, this requires Windows XP and above. This is still in it’s Beta version, but is gaining popularity!


Anti Trojan:-
Not all Trojan Horses are detected by AntiVirues and AntiSpyware. So you should have softwares which specialize in the removal of Trojans. So called BackDoor Trojans open your PC from the inside to attackers, which enables the person/website who sent the Trojan to monitor your PC. Even worse variant is so called RATware, short for Remote Administration Tool, which enables a hacker to control your PC!
a2 Free is the one of the best free Anti Trojan (and Anti Malware) software available. Free version has only a On Demand scanner and there is no real time protection.
Antoher good AntiTrojan available for Free is Ewido, this comes as 14 day trial after which special features are disabled and free, basic version can be used. It’s better to have both the scanners.


Immunize!:-
Above softwares detect and remove Virues and Malwares present in the PC, but they can not prevent them from sneaking into your system (except Real Time scanner of the AntiVirus to an extent).
SpywareBlaster prevents the installation of Malwares into system. SpywareBlaster need not be running in the background, but it’s a run once tool.
Its working principle can be described as follows, many Spywares, Hijackers make certain Registry entries called as CLSIDs. SpywareBlaster has a database of these bad CLSIDs. When we run SpywareBlaster once, it sets the Kill Bit of the bad CLSID as 1, this means, the specific CLSID is killed or it is not allowed to register. So this prevents the installation of these Spywares. This is something like Immunization!
Along with SpywareBlaster, SpyBot SnD too has a similar feature, which immunizes the system against the installation of malicious programs through browsers.


Firewall
There will be many (65535!) virtual Ports in a computer. These ports are either open or closed or used by some applications. When the PC is connected to Internet, many Worms, Hackers can scan for the open ports of PC connected, if they find an open port, they try to sneak in the System without the user’s knowledge. Popular attack of this type is SQL Slammer worm attack, known as HellKern. You would never know what’s happening in the background.
To prevent these port scanning and other malicious attacks, Firewalls should be installed.
Firewalls act as barrier between PC and Net, and filter the data that is being transmitted and received. Also, Firewalls block all the open ports so that port scanning will be unsuccessful.
A popular Free Firewall is ZoneAlarm, this is one critically acclaimed Firewall. ZoneAlarm is very light on System resources and it blocks each and every baddies without failure!
Other free firewalls available are Kerio Personal, Sygate Personal, OutPost Personal Firewall.


Clean that junk!
After some time of PC usage, junk/temp files start to accumulate. This eats up space, and also functions as favorite hideout for viruses and malwares. So it’s necessary to clean up the junk regularly. CleanUp! and CCleaner are very good Free cleaners available. They clean the every bit of junk in the system. Just run them before shutting down your PC or after disconnected from Internet to remove the junk.
Anther good junk cleaner is GLock Temp Cleaner, this along with cleaning junk files, has one extra feature that is it lists all the archives present in the System, and later we can delete the unwanted archives.


Registry Cleaner:-
If any Softwares are installed in a PC, it makes a Registry entry. Registry entries are also created by softwares to remember the user’s preferences like "Recently opened files" etc. These entries should be theoretically removed when the specific software or file is removed. But, many a times this does not happen. This leads to the accumulation of large number of junk in the registry. This degrades the System performance. This is where Registry Cleaners come into picture.
RegCleaner is one of the best free Registry cleaners available. Apart from cleaning, it has plenty of other features like Startup information, File type Editing etc.


Miscellaneous Tools:-
This is a list of free tools which perform some specialized tasks. SpywareGuard is small real time bad download protection tool, which works in a similar manner of SpywareBlaster. This actively monitors Internet Explorer and blocks any malicious ActiveX Components, BHOs and Tracking Cookies.
MRUBlaster is a small tool from the house Javacoolsoftware which makes SpywareBlaster and SpywareGuard. This nifty utility scans the computer for MRU lists (Most Recently Used lists are the history kept by the applications or Windows itself like recently opened documents, search items, files opened etc). MRUBlaster can scan and remove up to 30000 different MRU entries.
UltraWipe is a software which scans for junk files in the System. But along with this, it has got some extra features like "Wipe free space", this wipes the free space in the drive so that any deleted data can not be recovered, and "Wipe Memory", which wipes/defragments RAM.


Emergency Tools:-
Emergency tools are those which are designed to remove specific threats. Some of the popular and free ones are listed here.
McAfee Stinger is a very good tool, which can detect and remove some 55 (and growing) common and dangerous Viruses , Trojans and their variants. It’s a stand alone On-demand scanner.
ToolBarCop is tool using which can remove/disable IE Toolbars, buttons, BHOs, Context menu entries and even Start up entries. It’s very easy to use, and when anything is removed it can create a registry backup of the removed registry entry.
HijackThis is ToolBarCop plus more. HijackThis is a tool which is normally to be used only when other tools like SpyBot SnD, AdAware etc can not find a solution to your Spyware/Adware/Malware problem.
HijackThis searches in some key areas of the System and Windows Registry and pulls out the information from it. These key areas are used by both Legitimate and Illegal software. So, if you remove all the entries that HijackThis shows, then you almost are guaranteed to perform a Format or at least a Windows Repair!
HijackThis searches and lists, Running processes, Default URLs, Search URLs of IE, IE Toolbars, WinSock Hijackers, BHOs, ActiveX components, Non-Microsoft Services and more!!!
CWShredder is a tool designed to remove the notorious CoolWebSearch Hijacks.
About:Buster is used to restore the Browser default pages, when they are hijacked by About:Blanck and other bowsers hijackers.

Online Scans
Even though we may have the best AntiVirus, AntiTrojan/Spyware tools, we are not completely secure. Because, some 500 new viruses and their variants are trying to attack us every month. And for these Security tools to detect those new threats, they need to be updated. But, update process is generally ignored and postponed! Hence, it is a better to perform an Online scans to check the System. These online tools have up to date database and they can detect more malwares than any other.

Some of the free and good Online Virus scans available are TrendMicro HouseCall, Panda AntiVirus Scan, F-Secure, BitDefender and many others. TrendMicro HouseCall is one of the most popular scanners.
There are Online Spyware/Trojan scanners too. Some of the good ones are eTrust PestPatrol Scan, WebRoot SpySweeper Scan etc. These scanners scan our PC for Spywares and Trojans.



Alternate Browsers:-
Since Internet Explorer has many vulnerabilities, it’s easy for malicious Websites to drop baddies into the System. Main target areas are Plugins for IE, BHOs, ActiveX components, Toolbars for IE. Spywares/Trojans masquerade as above these Add-ons for IE, and can do their job effectively!
So, it's safer to switch to alternate browsers like FireFox, Opera and Mozilla Suite. These browsers, by design do not support the above listed add-ons. These browsers also offer many user friendly features like Tabbed Browsing, Inbuilt Downloader with Resume support, inbuilt search support, faster page loading etc.


By installing and scanning regularly with most of the above mentioned tools, we can ward off most of the threats.
But above all, we must have common sense – what to click, what not to click, what to download and what not to! - we can stay away from baddies if we are a bit careful!


Finally, our Security Suite contains these modules:-
AntiVirus -------------- AVG or Avast or AntiVir (only one AntiVirus should be present in computer)
AntiSpyware ---------- AdAware, SpyBot SnD, MS AntiSpyware (it’s better to have more than one AntiSpyware)
AntiTrojan ------------- a2 Free, Ewido
Immunization tool ---- SpywareBlaster
Firewall ---------------- ZoneAlarm or Sygate or OutPost or Kerio (only one firewall should be used)
Junk Cleaners --------- CCleaner, CleanUp!, Glock Temp Cleaner
Registry Cleaner ------ RegCleaner
Miscellaneous Tools – SpywareGuard, UltraWipe, MRUBlaster
Emergency Tools ---- McAfee Stinger, ToolBarCop, CWShredder, About:Buster, HijackThis

Hope this information helps……

Very nice Swatkat! - if I can offer two minor suggested changes.

1. Firewalls - Internet Connection Firewall (ICF), renamed to Windows Firewall in XP SP2, is inadequate for a firewall as it only provides protection from unauthorized "incoming" access attempts, thus providing no protections from Trojans and other malware from "phoning home" with your personal data. Windows Firewall should be used only until ZoneAlarm, or some other 3rd party firewall is installed. At that time, Windows Firewall should be disabled.

2. Ensuring all critical updates and patches are applied in a timely manner is essential to ensure systems vulnerabilities are eliminated. Running Windows Update is a integral part of "Practicing Safe Computing".

_________________
Bill, AFE7Ret
Freedom is NOT Free!

And if I may offer another minor suggestion under immunize, I would include the following freebies:

1. The customblocklist for Spywareblaster which adds more restricted sites to its database: http://customblockinglist.cjb.net/

2. IE-SPYAD and Block List: Both used to add even more sites and domains associated with known spyware, advertisers and marketers to Internet Explorer's Restricted Sites Zone.

https://netfiles.uiuc.edu/ehowes/www/resource.htm
http://www.spywareguide.com/blockfile.php

DickT - Just the Facts

"THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"

Nice writeup, swatkat!

Very valuable and complete writeup swatkat, thanks...


And I would also add another suggestion under immunize section - three FREE and small and "non-setup" programs from http://www.grc.com page (see under "Three Musketeers"), that "patch" holes in Windows or disable dangerous and mostly unused features: DCOMbobulator, Shoot The Messenger, SocketLock and UnPlug n' Pray


Just as an info - from all the mentioned categories I use the folowing types of programs: AntiVirus, Immunize!, Firewall and Alternate Browsers.


regards, satyr

If we want to enter the realms of the paranoid, it's becoming HIP to talk about HIPS/IDP etc.

The idea of HIPS/IDP is that they monitor certain critical sensitive areas of your system and alert you when these areas are changed, or when a process does something 'fishy'.

An example of one area monitored that many people find easy to understand is the startup folder. Any program stuck in there will autostart everytime the computer starts.

A HIPS covering that area will warn you whenever this happens.

Similarly , there are other areas (registry, Win.ini , autoexec.bat among others) that once changed will enable a program to autostart. A good HIPS will try to monitor as many of these areas as possible.

Monitoring this area is important because malware often needs a way to start by itself since the user obviously isn't going to turn it on!

The problem is, many legimate programs will want to autostart too. Firewalls for example. Antiviruses etc.
So the user has to make the decision.

This is opposed to traditional signature based approaches like Antiviruses which tend to give specific identifications of malware (or at least family of malwares for heuristics).

The problem is HIPS relys heavily on the user to decide if a certain change is dangerous or not. So it is not suitable for the beginner. A whitelist of safe applications will help a little, but in the end the user still has to decide.


Also depending on the nature of the behavior monitored, a HIPS can be very sensitive and generate quite a few warnings and popups that the user has to handle.

HIPS is slowly being added to some traditional firewalls ,AVS , but I believe Antispyware generally made use of them first to counter driveby downloads.

Eg MSAS already incorporates some of this.

I suspect this is sufficient for most people. As it covers quite an impress number of check points.

Other people might like to play with Winpatrol , Mikelin's Startup manager etc.

Those who truly are paranoid, could consider more advanced tools.

ProcessGuard Free
Antihook
PrevX Home

There boost superior techniques of monitoring , and more behavior monitoring, but at the cost of making use more complicated.

I would throw in System Safety Monitor but the future of that one is uncertain. It probably won't be free after Dec 2005.

Hi there,

Great suite SwatKat

The UltraWipe link doesn't work though. It can be downloaded here:

http://www.snapfiles.com/get/ultrawipe.html

I would add another program to the list as an essential must have and that would be ERUNT. This free program, either on demand or automatically depending on the settings you choose, will make a full back up of your registry and save it in its program folder and unlike system restore, doesn't take up much space. This will save your life if system restore is no longer an option, or due to a corrupted or/and malware infested registry you can't even boot up and, in any case, one has to be able to boot to innitiate system restore.

For the full tutorial on ERUNT written by the author, read the following:

http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

I would strongly advise that you follow the part where it suggests that you store the ERUNT program folder and its contents in your WINDOWS folder. The reason for that, is that if your registry becomes so damaged that you can't boot at any time in the future, you can actually access your WINDOWS folder via the Recovery Console and restore the registry from the ERUNT folder stored there. Voila, you can boot up without having to do a complete reinstall or even repair of Windows. For that reason ERUNT can save your computer's life. I would also advise making a backup of your registry by double clicking on the ERUNT destop Icon and following its instructions on doing so, before any registry manipulations or installing new programs.

To download ERUNT:

http://www.larshederer.homepage.t-online.de/erunt/

Big Smiles

HS

Someone who is paranoid suffers from paranoia - a psychological disorder characterized by delusions of persecution or grandeur.

The threats are real. They are not delusions. Practicing Safe Computing requires disciplined caution and proactive defenses. That's not paranoia - that's being smart.

_________________
Bill, AFE7Ret
Freedom is NOT Free!

Nice work swatkat! You obviously put alot of effort and hard work into your document. How about MS's Malicious software removal tool http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&displaylang=en ? I'm not sure how effective it is and whether it's worth adding to the list. MS does seem to update it on a regular basis.

You are right.

MSAS does not require XP. I'm running it on w2k (windows 2000) as I type.

In addition to using an alternate browser, It's probably a good idea to use Trillian for IM instead of AIM or ICQ. Trillian is compatible with all major IMs, but, supposedly, is more secure. Not too sure about the accuracy of that claim, but I've heard it made several times. At any rate, it is more convenient than having multiple IM programs.
http://www.ceruleanstudios.com/downloads/

IMsecure is supposed to make it even better, but idk...
http://www.zonelabs.com/store/content/catalog/products/sku_list_ims.jsp

I just tried IMsecure today, and I'm not too sure about it. Most of the features are disabled in the free version. The free version can block IRC (not sure what that is). The free version also has a STOP button to stop all IMs. It works, but where is the GO button ?? The main function of the free version seems to be encrypting IMs, but it doesn't seem to be working for me. I turned on the encryption option, and the option to label IMs as encrypted or unencrypted. Then, when I IMed myself, it was labeled unencrypted! I'm not too sure how useful encrypting IMs is anyway. IMsecure looks like a loser to me, but maybe someone can set me straight.

Here are some more good online scanners.

Test your fire wall
http://www.symantec.com/cgi-bin/securitycheck.cgi (also has AV scan)
http://scan.sygate.com/

Test your browser security
http://bcheck.scanit.be/bcheck/

Ewido online scanner
http://www.ewido.net/en/

MS malware scanner
http://www.microsoft.com/security/malwareremove/default.mspx

Suggestion - Add Software for scanning/removing rootkits, they are the main type of software that conventional AV and Anti-Spyware apps won't detect, I have heard. If it's a stupid idea and covered by the anti-trojan stuff, forget it then.