| View previous topic :: View next topic |
| Author |
Message |
FatalChopstix
Warrior
Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51
|
 Posted: Fri Jan 16, 2009 6:40 am Post subject: What's your combination of security? |
 |
|
I'm trying to get a feel for what everyone uses as far as security goes  . Please post your combination of security programs such as:
Firewall
Antivirus
Antispyware
I particularly have COMODO Internet Secuirty, Threatfire, SpywareBlaster, and MBAM.
Thanks guys  |
|
| Back to top |
|
 |
Coldmoon
Junior Member
Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12
|
| Posted: Fri Jan 16, 2009 7:30 am Post subject: |
|
|
Hello FatalChopstix,
What I propose you look at is not specific applications, but those that best fulfill your overall strategy. What I suggest is to look for something appropriate in the following categories:
1) Prevention - Firewall, policy, and/or some form of behavioral analysis (HIPS is one type).
2) Detection - Any consistently solid scanner (Eset, Symantec, Kaspersky, Avira, Grisoft, Avast!, etc...)
3) Cure - some form of System level virtualization and/or application virtualization
As I am biased in #3 due to my affiliation with Returnil, I naturally recommend RVS for a System level virtualization solution but suggest you also read this excelent thread at Wilders Security that discusses a range of alternatives in this particular space:
Title: Light Virtualization - the first year....
http://www.wilderssecurity.com/showthread.php?t=230459
With kind regards
Mike
_________________
Coldmoon over Dark Water... |
|
| Back to top |
|
|
FatalChopstix
Warrior
Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51
|
| Posted: Fri Jan 16, 2009 8:17 am Post subject: |
|
|
| Thanks Mike, I'll have to check it out |
|
| Back to top |
|
|
mikey
Malware Expert
Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex
|
| Posted: Fri Jan 16, 2009 8:08 pm Post subject: |
|
|
Firewall; NAT/Snort
Antivirus None
Antispyware; None
I mind behavior and manage my processes across many OSs and many appliances. Since 2002, I have had no need for sys eating resource hungry apps that don't protect anything.
Any tool that reacts to infection instead of being proactive is worthless to me and my clients. If it can't intiate, it can't infect.
Just something to think of as you ponder the antiquated and obsolete status quo still being sold to users now.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE
Spyware/Adware is NOT freeware, it costs all of us dearly.
Mikey's Stuff
Fiddler and friends...essential web diagnostic, forensic, & development tools.
- |
|
| Back to top |
|
|
Coldmoon
Junior Member
Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12
|
| Posted: Sat Jan 17, 2009 9:19 am Post subject: |
|
|
Hi Mikey,
You know I also subscribe to a similar strategy for my personal systems, but some are not ready to take the leap as it were. So even if you do not use resident monitoring, there is still a need for effective (or as effective as you can get) feedback within that strategy.
This is why we/I still recommend some type of on demand scanning capability as a feedback mechanism, or at the least, a redundant verification of the system's clean state. This also applies for checking images, snapshots, and restore points...
There is also need for some form of incomming content monitoring, as it is best to swat the nasties before they get to your system in the first place...
Mike
_________________
Coldmoon over Dark Water... |
|
| Back to top |
|
|
mikey
Malware Expert
Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex
|
| Posted: Sat Jan 17, 2009 5:31 pm Post subject: |
|
|
Personally, I find it very easy to teach a noob how to effectively secure their sys. Most of the regular users here remember the 'grandmother' story I told a couple years ago. Well, she still has NEVER had any unwanted wares on board and she spends very little effort maintaining that record.
However, I find it extremely hard to teach those folk who have been brainwashed by all the thousands of so called security experts who simply repeat the same garbage they were taught...the garbage that originates with those who peddle garbage wares.
Sure, I agree that if a sys has been compromised, some scanners can be effective to identify the malware. However, a user is much better off coming to one of the hundreds of sites like this one to seek help manually removing it.
Having a scanner remove anything is a good and likely way to damage or cause fatality in the sys and/or applications. You and I both have seen the countless instances of this very scenario so many times that it makes me sick to think that these same antiquated techniques are still in use.
A few quotes of mine from other threads;
| Quote: |
| I think it is sad that so many still periodically rip the guts out of their system while usually using multiple scanners and without even a clue to what items they are removing. Then these same folks wonder why their system and applications fail to function properly after they have been ripped apart by various scanners. |
| Quote: |
| The industry continues to suck money from users with annual subscriptions to lease (not sell) their wares. Of course they aren't going to innovate to techniques and processes that really protect...that would decrease their revenue...a revenue & market share now sought after by every scam artist out there. Some vendors have even been caught playing on both sides of the street. |
| Quote: |
We don't want our system to be bogged down with massive bloatware that uses half the available resources including tech support. We prefer our file protections & redundant process filtering as well as our host based content filtering that use a negligible amount of resources by comparison.
We don't want to maintain/update multiple signature DBs that are ALWAYS going to be behind the infection instead of preventing it. If we were to get a newer malware on board somehow, none of the conventional scanners are likely to even detect it much less remove it properly anyway.
We don't want to spend the human resources required for clean up after an infection that could have just as easily been avoided.
What we do want is 'control' and that is what we strive for. IMO all resident signature based scanners are just dinosaurs. |
| Quote: |
| So, I really feel sorry for those folks who are still being exploited by both the malware propagators and the anti-malware industry simultaneously. |
| Quote: |
Even one of the well established anti-malware developers (DiamondCS) has now denounced the bogus and obsolete methods that have thus far been predominant (scam) and they completely retooled their organization. More and more honest developers will surely follow suit. If they don't, I hope they get left behind. There have also been a rash of new products offered lately. It's time for this long siege to end.
I also think that the majority of folks coming here for help and guidance want to learn how to avoid infections. It would be nice to see that actually happen.
My response to this, "the users are too lazy or too stupid" is; HOGWASH |
Anyway, just a few more things to think about...
JMO
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE
Spyware/Adware is NOT freeware, it costs all of us dearly.
Mikey's Stuff
Fiddler and friends...essential web diagnostic, forensic, & development tools.
- |
|
| Back to top |
|
|
mikey
Malware Expert
Joined: 12 Feb 2004
Last Visit: 03 Sep 2012
Posts: 1061
Location: CenTex
|
| Posted: Sat Jan 17, 2009 6:02 pm Post subject: |
|
|
BTW Nice to see ya CM(Mike).
For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days. Since then he continued to work for Lavasoft up until a couple years ago. Since then he has been working @ Returnil doing dev and app support for them now. IOWs he is an expert in the anti-malware field.
It would be nice to see him here on a regular basis.
_________________
-
W2K/2K3/XP/2K8/Vista/W7/RHE/DEBIAN/SUSE
Spyware/Adware is NOT freeware, it costs all of us dearly.
Mikey's Stuff
Fiddler and friends...essential web diagnostic, forensic, & development tools.
- |
|
| Back to top |
|
|
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 23 May 2013
Posts: 10271
Location: sunny California
|
| Posted: Sat Jan 17, 2009 9:29 pm Post subject: |
|
|
| Quote: |
| For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days. |
Wow.. that brings back some memories.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. |
|
| Back to top |
|
|
Coldmoon
Junior Member
Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12
|
| Posted: Sun Jan 18, 2009 11:37 am Post subject: |
|
|
| Quote: |
| Personally, I find it very easy to teach a noob how to effectively secure their sys. Most of the regular users here remember the 'grandmother' story I told a couple years ago. Well, she still has NEVER had any unwanted wares on board and she spends very little effort maintaining that record. |
But how does she varify the clean state? I am not advocating blanket support for AV/AS/AM removal capabilities as this has proven to be a hit or miss thing for years with more miss than hit in recent years....
| Quote: |
| However, I find it extremely hard to teach those folk who have been brainwashed by all the thousands of so called security experts who simply repeat the same garbage they were taught...the garbage that originates with those who peddle garbage wares. |
What I do find on-demand scanning effective for is to provide some form of detection, both false and positive. The false detections lead to greater insight into behaviors you might want to make note of or investigate further, the positive detection tells you there is something you need to tighten up.
Personally, the first is more interesting to me as the second is something I have not had to deal with since I first joined Becky's back in the day 
But there is also a need for weening users off of traditional approaches. Whether rightly or wrongly, they have been taught to believe that they are protected when they really aren't. This means that there is a place for scheduled and on-demand/on-access scanning (USB stick pluged in, clicking on that exe you just downloaded, open a suspect website, download an e-mail with an attachment, etc), just not for resource hogging resident scanning and/or file system monitoring...
| Quote: |
| Having a scanner remove anything is a good and likely way to damage or cause fatality in the sys and/or applications. You and I both have seen the countless instances of this very scenario so many times that it makes me sick to think that these same antiquated techniques are still in use. |
Yes I have and agree with you. As stated earlier, it is more miss than hit with these approaches. BUT (you knew ther would be one ) what if you could detect something and instead of using the AV removal engine you simply restarted your computer to remove it immediately? This then places the pick-your-scanner in the appropriate place in a strategy as a problem indicator (EX: car idiot light).
Though not the only effective strategy, it allows the user to become comfortable with and gives confidence in a strategy that integrates virtualization. It is far from perfect, and admittedly is not the most efficient approach, but it helps lead the user towards a more efficient line up in time...
Mike
_________________
Coldmoon over Dark Water... |
|
| Back to top |
|
|
Coldmoon
Junior Member
Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12
|
| Posted: Sun Jan 18, 2009 11:44 am Post subject: |
|
|
| suzi wrote: |
| Quote: |
| For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days. |
Wow.. that brings back some memories. |
HI suzi
Whenever someone brings that up I start feeling the years I have met allot of good people along the way though and have no regrets about joining the fight...
I am bullish about the next few years as there is going to be change that we can all be happy about 
Mike
_________________
Coldmoon over Dark Water... |
|
| Back to top |
|
|
goldengreek
Warrior
Joined: 29 May 2006
Last Visit: 25 Jul 2010
Posts: 270
Location: Chicago
|
| Posted: Sun Jan 18, 2009 12:03 pm Post subject: |
|
|
| I use to be real paranoid about spyware and had about a dozen programs on my pc along with Norton. After these programs deleted valid registry componets with all their false positives, causing me to reformat 10 times, I got smart. I practice safe surfing now and don't use any bloated AV or antispyware programs. I do download Kaspersky"s on demand scanner a couple times a year just to check, but it never finds anything. As long as one stays away from P2P programs, porn and crack sites, online casinos, etc and checks their e-mail before they open it, I don't think you need anything other than a firewall or hips. |
|
| Back to top |
|
|
FatalChopstix
Warrior
Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51
|
| Posted: Sun Jan 18, 2009 5:25 pm Post subject: |
|
|
Right. I think once I get my computer clean, I'll delete all of these Antivirus programs. However, I am going to keep the firewall.
Thanks goldengreek |
|
| Back to top |
|
|
roger_m
Warrior Addict
Joined: 24 Feb 2006
Last Visit: 26 Mar 2013
Posts: 605
Location: Blackwater, Australia
|
| Posted: Mon Jan 19, 2009 2:13 am Post subject: |
|
|
Well personally I think that if you are very careful as to what you install on your computer, you need absolutley no protection other than the built in Windows firewall.
Based on my own experiences visiting hundreds of websites, with abosolutely zero real time protection or blocking, and visiting lots of "unsafe" websites too, and getting zero infections. And using the built in Windoze firewall and using Maxthon for my webbrowser (which is built on the "unsafe" Internet Explorer). Oh and also installing new software daily.
Well the only "infections" were false posatives, particuarly from Spyware Doctor and CounterSpy.
Or am I missing something?
However I don't recommend this for the average PC user. |
|
| Back to top |
|
|
Daveski17
Warrior
Joined: 17 Oct 2008
Last Visit: 17 Jan 2013
Posts: 118
Location: Rainy Olde England
|
| Posted: Mon Jan 19, 2009 6:05 am Post subject: |
|
|
| Hmmmm.... this is all food for thought. I have 4 anti-malware programs: MBAM, SUPERAntiSpyware, Spybot & SpywareBlaster (all freeware). I use the latter two as browser immunizers (Spybot works well with Opera) & SAS removed a trojan for me once, so I tend to trust it. Serves me right for surfing Russian newspaper websites using SeaMonkey's translator. I am fairly convinced that is where I got it from. MBAM has a good quick scan of about 5 minutes, which is convenient. I run full scans weekly or fortnightly, depending on how I feel & if I have the time. I am seriously thinking of running Ubuntu or Open Suse soon though so malware will be less of a problem. |
|
| Back to top |
|
|
compumoose
Junior Member
Joined: 10 May 2005
Last Visit: 03 Nov 2010
Posts: 12
|
| Posted: Mon Feb 09, 2009 4:19 pm Post subject: morning |
|
|
Hi
I am new and know just enough to be dangerous to myself. I run Mcaffe Security Suite, Firewall set to tight and constantly updated AntiVirus. For spyware I run Spyware Doctor registered version updated. For on demand scanning I have superantispyware, and malwarebytes. This seems to cover me pretty well. Any suggestions about additions are welcome
Compumoose |
|
| Back to top |
|
|
aBenG
Warrior
Joined: 06 Apr 2006
Last Visit: 28 Feb 2012
Posts: 297
Location: Darkest UK
|
| Posted: Sat Mar 07, 2009 4:43 am Post subject: |
|
|
Compumoose, I'd give the boot to MacAffee (inefficient bloat) and SD (false positives).
I use ProcessGuard for execution protection with a couple of system hardeners (BugOff and Windows Worms Doors Cleaner). Also keep Avast and SpybotSD on board for scanning downloaded files only.
Currently trying out Online Armor fw but not convinced it is adding anything to the setup above.
Stay safe!
_________________
Inperfect. |
|
| Back to top |
|
|
|
