Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

What's your combination of security?

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion
View previous topic :: View next topic  
Author Message
FatalChopstix
Warrior


Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51

PostPosted: Fri Jan 16, 2009 6:40 am    Post subject: What's your combination of security? Reply with quote

I'm trying to get a feel for what everyone uses as far as security goes Very Happy. Please post your combination of security programs such as:

Firewall
Antivirus
Antispyware

I particularly have COMODO Internet Secuirty, Threatfire, SpywareBlaster, and MBAM.

Thanks guys Smile
Back to top
View user's profile Send private message
Coldmoon
Junior Member


Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12

PostPosted: Fri Jan 16, 2009 7:30 am    Post subject: Reply with quote

Hello FatalChopstix,
What I propose you look at is not specific applications, but those that best fulfill your overall strategy. What I suggest is to look for something appropriate in the following categories:

1) Prevention - Firewall, policy, and/or some form of behavioral analysis (HIPS is one type).

2) Detection - Any consistently solid scanner (Eset, Symantec, Kaspersky, Avira, Grisoft, Avast!, etc...)

3) Cure - some form of System level virtualization and/or application virtualization

As I am biased in #3 due to my affiliation with Returnil, I naturally recommend RVS for a System level virtualization solution but suggest you also read this excelent thread at Wilders Security that discusses a range of alternatives in this particular space:

Title: Light Virtualization - the first year....
http://www.wilderssecurity.com/showthread.php?t=230459

With kind regards
Mike
_________________
Coldmoon over Dark Water...
Back to top
View user's profile Send private message
FatalChopstix
Warrior


Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51

PostPosted: Fri Jan 16, 2009 8:17 am    Post subject: Reply with quote

Thanks Mike, I'll have to check it out Smile
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Fri Jan 16, 2009 8:08 pm    Post subject: Reply with quote

Firewall; NAT/Snort

Antivirus None

Antispyware; None

I mind behavior and manage my processes across many OSs and many appliances. Since 2002, I have had no need for sys eating resource hungry apps that don't protect anything.

Any tool that reacts to infection instead of being proactive is worthless to me and my clients. If it can't intiate, it can't infect.

Just something to think of as you ponder the antiquated and obsolete status quo still being sold to users now.
Back to top
View user's profile Send private message Visit poster's website
Coldmoon
Junior Member


Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12

PostPosted: Sat Jan 17, 2009 9:19 am    Post subject: Reply with quote

Hi Mikey,
You know I also subscribe to a similar strategy for my personal systems, but some are not ready to take the leap as it were. So even if you do not use resident monitoring, there is still a need for effective (or as effective as you can get) feedback within that strategy.

This is why we/I still recommend some type of on demand scanning capability as a feedback mechanism, or at the least, a redundant verification of the system's clean state. This also applies for checking images, snapshots, and restore points...

There is also need for some form of incomming content monitoring, as it is best to swat the nasties before they get to your system in the first place...

Mike
_________________
Coldmoon over Dark Water...
Back to top
View user's profile Send private message
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Sat Jan 17, 2009 5:31 pm    Post subject: Reply with quote

Personally, I find it very easy to teach a noob how to effectively secure their sys. Most of the regular users here remember the 'grandmother' story I told a couple years ago. Well, she still has NEVER had any unwanted wares on board and she spends very little effort maintaining that record.

However, I find it extremely hard to teach those folk who have been brainwashed by all the thousands of so called security experts who simply repeat the same garbage they were taught...the garbage that originates with those who peddle garbage wares.

Sure, I agree that if a sys has been compromised, some scanners can be effective to identify the malware. However, a user is much better off coming to one of the hundreds of sites like this one to seek help manually removing it.

Having a scanner remove anything is a good and likely way to damage or cause fatality in the sys and/or applications. You and I both have seen the countless instances of this very scenario so many times that it makes me sick to think that these same antiquated techniques are still in use.

A few quotes of mine from other threads;

Quote:
I think it is sad that so many still periodically rip the guts out of their system while usually using multiple scanners and without even a clue to what items they are removing. Then these same folks wonder why their system and applications fail to function properly after they have been ripped apart by various scanners.


Quote:
The industry continues to suck money from users with annual subscriptions to lease (not sell) their wares. Of course they aren't going to innovate to techniques and processes that really protect...that would decrease their revenue...a revenue & market share now sought after by every scam artist out there. Some vendors have even been caught playing on both sides of the street.


Quote:
We don't want our system to be bogged down with massive bloatware that uses half the available resources including tech support. We prefer our file protections & redundant process filtering as well as our host based content filtering that use a negligible amount of resources by comparison.

We don't want to maintain/update multiple signature DBs that are ALWAYS going to be behind the infection instead of preventing it. If we were to get a newer malware on board somehow, none of the conventional scanners are likely to even detect it much less remove it properly anyway.

We don't want to spend the human resources required for clean up after an infection that could have just as easily been avoided.

What we do want is 'control' and that is what we strive for. IMO all resident signature based scanners are just dinosaurs.


Quote:
So, I really feel sorry for those folks who are still being exploited by both the malware propagators and the anti-malware industry simultaneously.


Quote:
Even one of the well established anti-malware developers (DiamondCS) has now denounced the bogus and obsolete methods that have thus far been predominant (scam) and they completely retooled their organization. More and more honest developers will surely follow suit. If they don't, I hope they get left behind. There have also been a rash of new products offered lately. It's time for this long siege to end.

I also think that the majority of folks coming here for help and guidance want to learn how to avoid infections. It would be nice to see that actually happen.

My response to this, "the users are too lazy or too stupid" is; HOGWASH


Anyway, just a few more things to think about...

JMO
Back to top
View user's profile Send private message Visit poster's website
mikey
Malware Expert


Joined: 12 Feb 2004
Last Visit: 29 Jan 2014
Posts: 1071
Location: CenTex

PostPosted: Sat Jan 17, 2009 6:02 pm    Post subject: Reply with quote

BTW Nice to see ya CM(Mike).

For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days. Since then he continued to work for Lavasoft up until a couple years ago. Since then he has been working @ Returnil doing dev and app support for them now. IOWs he is an expert in the anti-malware field.

It would be nice to see him here on a regular basis. Smile
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 23 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Sat Jan 17, 2009 9:29 pm    Post subject: Reply with quote

Quote:
For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days.


Wow.. that brings back some memories.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Coldmoon
Junior Member


Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12

PostPosted: Sun Jan 18, 2009 11:37 am    Post subject: Reply with quote

Quote:
Personally, I find it very easy to teach a noob how to effectively secure their sys. Most of the regular users here remember the 'grandmother' story I told a couple years ago. Well, she still has NEVER had any unwanted wares on board and she spends very little effort maintaining that record.


But how does she varify the clean state? I am not advocating blanket support for AV/AS/AM removal capabilities as this has proven to be a hit or miss thing for years with more miss than hit in recent years....

Quote:
However, I find it extremely hard to teach those folk who have been brainwashed by all the thousands of so called security experts who simply repeat the same garbage they were taught...the garbage that originates with those who peddle garbage wares.


What I do find on-demand scanning effective for is to provide some form of detection, both false and positive. The false detections lead to greater insight into behaviors you might want to make note of or investigate further, the positive detection tells you there is something you need to tighten up.

Personally, the first is more interesting to me as the second is something I have not had to deal with since I first joined Becky's back in the day Laughing

But there is also a need for weening users off of traditional approaches. Whether rightly or wrongly, they have been taught to believe that they are protected when they really aren't. This means that there is a place for scheduled and on-demand/on-access scanning (USB stick pluged in, clicking on that exe you just downloaded, open a suspect website, download an e-mail with an attachment, etc), just not for resource hogging resident scanning and/or file system monitoring...

Quote:
Having a scanner remove anything is a good and likely way to damage or cause fatality in the sys and/or applications. You and I both have seen the countless instances of this very scenario so many times that it makes me sick to think that these same antiquated techniques are still in use.


Yes I have and agree with you. As stated earlier, it is more miss than hit with these approaches. BUT (you knew ther would be one Laughing ) what if you could detect something and instead of using the AV removal engine you simply restarted your computer to remove it immediately? This then places the pick-your-scanner in the appropriate place in a strategy as a problem indicator (EX: car idiot light).

Though not the only effective strategy, it allows the user to become comfortable with and gives confidence in a strategy that integrates virtualization. It is far from perfect, and admittedly is not the most efficient approach, but it helps lead the user towards a more efficient line up in time...

Mike
_________________
Coldmoon over Dark Water...
Back to top
View user's profile Send private message
Coldmoon
Junior Member


Joined: 29 Aug 2006
Last Visit: 12 Feb 2009
Posts: 12

PostPosted: Sun Jan 18, 2009 11:44 am    Post subject: Reply with quote

suzi wrote:
Quote:
For those who don't know him; He's one of the old 'Becky' bunch and was my right hand when we were doing application support for AdAware back in the early days.


Wow.. that brings back some memories.


HI suzi Smile

Whenever someone brings that up I start feeling the years Laughing I have met allot of good people along the way though and have no regrets about joining the fight...

I am bullish about the next few years as there is going to be change that we can all be happy about Wink

Mike
_________________
Coldmoon over Dark Water...
Back to top
View user's profile Send private message
goldengreek
Warrior


Joined: 29 May 2006
Last Visit: 25 Jul 2010
Posts: 270
Location: Chicago

PostPosted: Sun Jan 18, 2009 12:03 pm    Post subject: Reply with quote

I use to be real paranoid about spyware and had about a dozen programs on my pc along with Norton. After these programs deleted valid registry componets with all their false positives, causing me to reformat 10 times, I got smart. I practice safe surfing now and don't use any bloated AV or antispyware programs. I do download Kaspersky"s on demand scanner a couple times a year just to check, but it never finds anything. As long as one stays away from P2P programs, porn and crack sites, online casinos, etc and checks their e-mail before they open it, I don't think you need anything other than a firewall or hips. Smile
Back to top
View user's profile Send private message Send e-mail
FatalChopstix
Warrior


Joined: 13 Jan 2009
Last Visit: 15 Jun 2009
Posts: 51

PostPosted: Sun Jan 18, 2009 5:25 pm    Post subject: Reply with quote

Right. I think once I get my computer clean, I'll delete all of these Antivirus programs. However, I am going to keep the firewall.
Thanks goldengreek Very Happy
Back to top
View user's profile Send private message
roger_m
Warrior Addict


Joined: 24 Feb 2006
Last Visit: 06 Mar 2014
Posts: 605
Location: Blackwater, Australia

PostPosted: Mon Jan 19, 2009 2:13 am    Post subject: Reply with quote

Well personally I think that if you are very careful as to what you install on your computer, you need absolutley no protection other than the built in Windows firewall.

Based on my own experiences visiting hundreds of websites, with abosolutely zero real time protection or blocking, and visiting lots of "unsafe" websites too, and getting zero infections. And using the built in Windoze firewall and using Maxthon for my webbrowser (which is built on the "unsafe" Internet Explorer). Oh and also installing new software daily.

Well the only "infections" were false posatives, particuarly from Spyware Doctor and CounterSpy.

Or am I missing something?

However I don't recommend this for the average PC user.
Back to top
View user's profile Send private message
Daveski17
Warrior


Joined: 17 Oct 2008
Last Visit: 17 Jan 2013
Posts: 118
Location: Rainy Olde England

PostPosted: Mon Jan 19, 2009 6:05 am    Post subject: Reply with quote

Hmmmm.... this is all food for thought. I have 4 anti-malware programs: MBAM, SUPERAntiSpyware, Spybot & SpywareBlaster (all freeware). I use the latter two as browser immunizers (Spybot works well with Opera) & SAS removed a trojan for me once, so I tend to trust it. Serves me right for surfing Russian newspaper websites using SeaMonkey's translator. I am fairly convinced that is where I got it from. MBAM has a good quick scan of about 5 minutes, which is convenient. I run full scans weekly or fortnightly, depending on how I feel & if I have the time. I am seriously thinking of running Ubuntu or Open Suse soon though so malware will be less of a problem.
Back to top
View user's profile Send private message
compumoose
Junior Member


Joined: 10 May 2005
Last Visit: 03 Nov 2010
Posts: 12

PostPosted: Mon Feb 09, 2009 4:19 pm    Post subject: morning Reply with quote

Hi

I am new and know just enough to be dangerous to myself. I run Mcaffe Security Suite, Firewall set to tight and constantly updated AntiVirus. For spyware I run Spyware Doctor registered version updated. For on demand scanning I have superantispyware, and malwarebytes. This seems to cover me pretty well. Any suggestions about additions are welcome

Compumoose
Back to top
View user's profile Send private message
aBenG
Warrior


Joined: 06 Apr 2006
Last Visit: 28 Feb 2012
Posts: 297
Location: Darkest UK

PostPosted: Sat Mar 07, 2009 4:43 am    Post subject: Reply with quote

Compumoose, I'd give the boot to MacAffee (inefficient bloat) and SD (false positives).

I use ProcessGuard for execution protection with a couple of system hardeners (BugOff and Windows Worms Doors Cleaner). Also keep Avast and SpybotSD on board for scanning downloaded files only.

Currently trying out Online Armor fw but not convinced it is adding anything to the setup above.

Stay safe!
_________________
Inperfect.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Anti-Spyware and Security Software Discussion All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group