Hello. I'm currently running Comodo Firewall, with Antivir PE, and use Spyware Terminator as my RealTime AntiSpyware Protection. I also use AVG Anti-Spyware, Adaware, and SuperAntiSpyware for on demand. The thing is, I use FireFox as my Browser with McAfee Site Advisor, and even with my wife sharing the PC, they never pick up more than a cookie or two. I realise AVG is still more of an Anti-Trojan Scanner, so I would keep that, but I would like to do away with Adaware as on demand and ST as my RealTime Protection. What I wonder though, is am I making a mistake in feeling safe with primarily just FireFox? I was also thinking of maybe switching back to AOL AVS (Still not sure if it causes Chkdsk problems though) as it already has Spyware Protection along with it's Antivirus Protection, and then use WinPatrol Free which I also have, but don't use in RealTime, or add Arovax Sheild when the new version is released. Help would be appreciated with what others use or don't use.

does having a realtime antispyware make u feel safer, or could u remove it and still feel protected?

its as simple as that.

i dont use realtime antispyware and my ondemand scanner is limited to ewido micro. all in all, i dont feel the need for more scanners beyond that and KAV.

Personally I have not used real time antispyware for years (on demand a couple of times every year) so based on my experience trying to get infected: No you don't need RT antispyware with firefox. But of course I use Noscript extension and JAVA turned off and it takes care of internet based viruses too.

I feel a real time antispyware app is needed for protection no matter what browser you choose to use.
My basic thinking is i'd rather have it and not need it, than need it and not have it.

I run an AV that includes protection for multiple types of malware. While its a terrific product, I ain't bettin' the farm on it. Along with an on access AT, I run Spyware Terminator for the level of real time protection that it offers. I also use the free version of SUPERAntiSpyware. ST runs very well on my system with no discernible system hit, and both it and SAS are good quality free products. Was a fan of Adaware, but no longer. Firefox isn't bulletproof. The cretins that be are always busy trying to crap on your cupcakes, so I say run those apps!

A real-time protection prevents the installation of malware and that is the very best protection you can get.
When there is NO installation, malwares can't execute their evil job and you don't need to remove them either. Isn't that obvious and logical ? So it's all about preventing installation of malwares.

If malwares install themselves on your computer, you have two extra problems :
1. You need to stop the execution of installed malwares as complete as possible UNTIL they are removed
2. You have to remove these installed malwares as complete as possible.

If you find security softwares to do all that, you have a very good security setup.

I guess I just want a more set and forget type of set up. Although without doubt Comodo, Antivir and ST pretty much give me this, I just thought it to be even simpler to use AVS as both Spyware and Antivirus Protection, and then maybe a light weight HIPS like WP Free or Arovax Shield. I know ST has HIPS too so I'm on the fence about which way to go. I no longer get the nag screen from Antivir as I did the Safe Mode, Administrator deny avnotify exe. method mentioned in the Forum, but it would be nice to have definitions for Antivirus and Spyware to be updated in one product like AVS which uses the KAV Engine. So I guess my other question is. Which would offer better Spyware Protection and Detection, AVS or ST? I already know Antivir and KAV are very close in AV Protection and Detection.

id say a dedicated antispyware would have the upper hand, particularly for removal.

-{ Quote: "I guess I just want a more set and forget type of set up. Although without doubt Comodo, Antivir and ST pretty much give me this, I just thought it to be even simpler to use AVS as both Spyware and Antivirus Protection, and then maybe a light weight HIPS like WP Free or Arovax Shield. I know ST has HIPS too so I'm on the fence about which way to go. I no longer get the nag screen from Antivir as I did the Safe Mode, Administrator deny avnotify exe. method mentioned in the Forum, but it would be nice to have definitions for Antivirus and Spyware to be updated in one product like AVS which uses the KAV Engine. So I guess my other question is. Which would offer better Spyware Protection and Detection, AVS or ST? I already know Antivir and KAV are very close in AV Protection and Detection." }-
The trouble is that none of the security softwares are complete in doing their job and in many cases you don't even know exactly against what you are protected. That's why you need a layered security setup : what one security software doesn't do, might be done by another security software on your computer.

For stopping the installation of malware you need CIPS for less-knowledgeable users and HIPS for knowledgeable users.
CIPS = Prevx1, Online Armor, ...
HIPS = ProcessGuard, System Safety Monitor, ...

For stopping the execution of malwares, I can't give you any answers yet, I'm searching for them myself. Anti-Executable is certainly one of them.

For removal of malware, you have lots of AV/AS/AT/AK-scanners or you use one of the rollback softwares.

Your very last chance to get rid of all your troubles is a restoration of a CLEAN image file.

There was a long running thread sometime ago with a title something like ‘Has your AT/AS ever stopped anything in real time?’

At the time, I didn’t realize how pertinent that question really is.

I’ve had all sorts of Trojans and spyware get into my system. What I’ve found is that if your AV does not pick it up, nothing else will.

My AV has stopped many things in real time. Ewido active, PestPatrol active, Spyware Doctor, Ad-Aware Plus and others have all let everything pass right by. They can detect malware with a scan, but don’t seem to be able to stop it on the way in.

So either you get the AV that has the best AS/AT available, or you choose another method to prevent infection. But for some reason, traditional AT and AS programs running actively don't seem to work.

Hi,folks: Wars against malwares is dependent upon whose is outsmart the other; antimalware programmers or malware writers. If both belong to same fittness/sport clubs,the chance of success is preditable, if not, then is everyone's guess. I used to be a firm believer of multi-layered defense system, put all my trust on all types of anti- apps. At the end, it fails. No matter how good your programs are, it only takes one single slip of care, bingo, here goes your defense . Firefox is a better security browser than IE, that does not mean it will protect you completely. Now I am taking a different approach, utilizing sandbox/virtuallization app such DeepFreeze Standard as my primary defense element, plus firewall,AV. As far as realtime scanner of AS is concerned, that can be put in the backroom for now. Since I can surf net w/ DF's frozen mode, all traces will be gone 100% after reboot, why would I worry about those infections at all? Nothing evil will stay behind!

Alright I'm not trying to be rude here but I want people to realize that Firefox is no longer "secure through being obscure" and such. It's got a larger market share now. It's being attacked and targeted. True Mozilla is better with patching sometimes, but let's stop acting like Firefox is this big virus and spyware barrier when quite frankly it's not.

You should still use a realtime antispyware IMO. Spyware Terminator is light, and it's set and forget. You're using it already and I don't understand why you would get rid of it, don't fix what's not broken!. Since ST is free and light and working, just leave it be in my opinion.

I do know this is a security forum and most of you are smarter then me but my point is that I think people should stop fiddling with their setups so much. If it works, just use it. Your computer was made for work and play and if you spend all your time securing it you won't have time to do any of that. I use to be like that but I stopped myself. Use your computer, don't spend all this time securing it (in my opinion, and remember, I'm not trying to be rude here).

I guess the bottom line is, Firefox won't nessecarily protect you and using a realtime AS is good or at least don't get rid of the on demand one.

(And not trying to be rude here and this is minor but it's Firefox not FireFox.)

-{ Quote: "
For stopping the installation of malware you need CIPS for less-knowledgeable users and HIPS for knowledgeable users.
CIPS = Prevx1, Online Armor, ...
HIPS = ProcessGuard, System Safety Monitor, ...

" }-
I'm not sure it's as mutually exclusive as that:
I use both a CIPs (PrevX1) and a HIPS (SSM) as although there is some overlap, a HIPS provides some finer tuning of control but PrevX avoids me having to use the grey matter too often when deciding what to allow.
I don't think you need a real time AS if you are going to use a sandbox or frozen system for surfing (e.g. Deep freeze or FD-ISR frozen snapshot) but I'd certainly recommend one if you are not, providing there isn't too much of a performance hit and you've got enough RAM to play with.
Frozen systems are probably the way most of us are going when online but this doesn't come without its own inconveniences (like updating Windows or AVs etc.). No solution is perfect and ultimately it depends on how much 'high-risk' sites you are going to and how paranoid/ obsessive you are.
Basic common sense plus a CIPS/HIPS and AV plus Hardware Router are enough most of the time.

-{ Quote: "I'm not sure it's as mutually exclusive as that:
I use both a CIPs (PrevX1) and a HIPS (SSM) as although there is some overlap, a HIPS provides some finer tuning of control but PrevX avoids me having to use the grey matter too often when deciding what to allow.
I don't think you need a real time AS if you are going to use a sandbox or frozen system for surfing (e.g. Deep freeze or FD-ISR frozen snapshot) but I'd certainly recommend one if you are not, providing there isn't too much of a performance hit and you've got enough RAM to play with.
Frozen systems are probably the way most of us are going when online but this doesn't come without its own inconveniences (like updating Windows or AVs etc.). No solution is perfect and ultimately it depends on how much 'high-risk' sites you are going to and how paranoid/ obsessive you are.
Basic common sense plus a CIPS/HIPS and AV plus Hardware Router are enough most of the time." }-
I don't need any finer tuning, because I have a black/white vision on malware. Grey doesn't exist, it's good or bad, black or white.
Prevx1 has settings to block unknown and caution programs and that fits in my black/white vision.
I don't need HIPS either, because Prevx1's Community Database decides for me what is black and white.
Why would I become an expert, when other experts (Prevx1) do all the difficult work for me and much better than me.
Even when Prevx1-experts make mistakes, I only have to report these mistakes and it will be fixed, just like I report false positives to scanner companies.

Why do I need an AV ? My frozen snapshot cleans my snapshot better than any scanner(s) ever will.
A frozen snapshot isn't inconvenient, it requires a new approach and other habits and also needs study and testing.

I might use one of these sandbox softwares, because my security setup isn't finished yet, but I will never give up my rollback system, it's too good to ditch it.
Rollback gives my computer back like it was yesterday and what worked yesterday will also work today, tomorrow and the day after tomorrow.
No malware is going to change my computer, I'm the one, who will change my computer if necessary. My whole security setup is based on that principle from installation up to restoration and what is between them.

I admire your confidence in PrevX1 but it's only as good as the experts as well as the community using it and the rapidity updates are offered.
I like SSM because it provides a failsafe as I feel I know better than anybody else exactly what is on my computer.
As for the AV I'd agree that there is no great need if you are going to reboot to a clean snapshot after every online 'episode'.
I just hope that FD-ISR is bullet-proof against all rootkits and as yet I'm unconvinced.
I'm afraid I feel frozen snapshots are not convenient for me rather than for everybody as a whole as I'd rather not look for and then manually download every MS patch or AV update.
I would use them for any 'high-risk' surfing, it's just I'm too old to bother with porn or warez sites and too mean to file share.;D

-{ Quote: "I don't need any finer tuning, because I have a black/white vision on malware. Grey doesn't exist, it's good or bad, black or white.
Prevx1 has settings to block unknown and caution programs and that fits in my black/white vision.
I don't need HIPS either, because Prevx1's Community Database decides for me what is black and white.
Why would I become an expert, when other experts (Prevx1) do all the difficult work for me and much better than me.
Even when Prevx1-experts make mistakes, I only have to report these mistakes and it will be fixed, just like I report false positives to scanner companies.

Why do I need an AV ? My frozen snapshot cleans my snapshot better than any scanner(s) ever will.
A frozen snapshot isn't inconvenient, it requires a new approach and other habits and also needs study and testing.

I might use one of these sandbox softwares, because my security setup isn't finished yet, but I will never give up my rollback system, it's too good to ditch it.
Rollback gives my computer back like it was yesterday and what worked yesterday will also work today, tomorrow and the day after tomorrow.
No malware is going to change my computer, I'm the one, who will change my computer if necessary. My whole security setup is based on that principle from installation up to restoration and what is between them." }-

But Prevx1 could be circumvented just like any other software and then you'd kind of have a problem....well at least IMO.

-{ Quote: "I just hope that FD-ISR is bullet-proof against all rootkits and as yet I'm unconvinced." }-
I hope so too and I'm not convinced either. If I was I would be an idiot.

Malwares have one thing in common : they change your harddisk in many ways, but they CHANGE it. Since a frozen snapshot removes any change, it will remove rootkits too. That's the theory of course. ::) For me to find out, if it's true.

But I have my clean backups/snapshots in the background to remove them anyway. I have TWO kinds of backups : clean backups for restoration only and possible infected daily backups like everybody has.

ErikAlbert

Don't get me wrong, I admire your approach to computing security 'nirvana'.
I wish I had your discipline and rigor with this....
It just seems there is a slight contradiction in your apparent desire for a fully 'automated' protection system e.g. Anti-Executable, Prevx1, total separation of OS/data etc. using nLite and the requirement to 'hand' update Windows when using Frozen Snapshots.
For me there has to be a balance between degree of user intervention and ease of use and for that I'd rather avoid frozen snapshots but trade that off against using real time scanners (however imperfect), whilst knowing that my security setup is not good as some others but like you having quick restore with a clean FD-ISR snapshot as well as a completely clean ATI image if the sh*t really does hit the fan.

-{ Quote: "..it's just I'm too old to bother with porn.... ;D" }-

At what age does that happen?

My computer will probably be a lot cleaner then.

:blink:

L Bainbridge,
Any bad comments are WELCOME. You can't hurt my feelings regarding softwares of my own ideas.
It's difficult to explain, but that's the way I do my job.

1. nLite is just a tool to create a new "Windows Installation CD", based on the original CD.
nLite allows you to include slipstreaming, security/updatings patches, and customizing/tweaking all kinds of settings
and removal of Windows components at FREE WILL.
What many users do AFTER installing Windows, happens now DURING installing Windows, that's the only difference
and that is alot more convenient. Also your Windows Update or automatic update will be shorter, because
most security/updating patches are already included in the customized "Windows Installation CD".

2. The frozen snapshot in my security setup has only one purpose.
If any of my security software fails to do its job, my frozen snapshot is supposed to clean the mess.
But I need these security softwares to stop the installation or execution during TWO reboots, because the frozen snapshot doesn't stop the installation/execution of malware, it only removes the malwares (changes) during the next reboot. The period between TWO reboots is normally equal to a working day of 8 hours.
So I have a very good reason to use Prevx1, etc. ... in my frozen snapshot.

Consider my security setup as one of the hundreds security setups at Wilders. ;D

-{ Quote: "At what age does that happen?

My computer will probably be a lot cleaner then.

:blink:" }-
Somewhere between puberty and senescence, I guess .
Anyway, I was only referring to online porn:wacko:

-{ Quote: "L Bainbridge,
Any bad comments are WELCOME. You can't hurt my feelings regarding softwares of my own ideas.
It's difficult to explain, but that's the way I do my job.

1. nLite is just a tool to create a new "Windows Installation CD", based on the original CD.
nLite allows you to include slipstreaming, security/updatings patches, and customizing/tweaking all kinds of settings
and removal of Windows components at FREE WILL.
What many users do AFTER installing Windows, happens now DURING installing Windows, that's the only difference
and that is alot more convenient. Also your Windows Update or automatic update will be shorter, because
most security/updating patches are already included in the customized "Windows Installation CD".

2. The frozen snapshot in my security setup has only one purpose.
If any of my security software fails to do its job, my frozen snapshot is supposed to clean the mess.
But I need these security softwares to stop the installation or execution during TWO reboots, because the frozen snapshot doesn't stop the installation/execution of malware, it only removes the malwares (changes) during the next reboot. The period between TWO reboots is normally equal to a working day of 8 hours.
So I have a very good reason to use Prevx1, etc. ... in my frozen snapshot.

Consider my security setup as one of the hundreds security setups at Wilders. ;D" }-

ErikAlbert

Agree with you totally on nLite- we've discussed it in an earlier thread.
I do understand your setup and it does make a lot of sense, but it takes too much discipline for mere computing mortals like me, so I'm stuck with realtime scanners in an imperfect world.
Lee

-{ Quote: "But Prevx1 could be circumvented just like any other software and then you'd kind of have a problem....well at least IMO." }-
That is not an argument for me not to use Prevx1, because any software can be compromised unexpectedly. This can happen to anybody.
If I don't anchor anything in my frozen snapshot, the "change" that compromised Prevx1 will be removed during the next reboot.

I also have two possible solutions when something serious happens :
1. I have an archived snapshot that contains the original off-line installation of my frozen snapshot, which can be used to create a new clean frozen snapshot at any time.

2. I also have an image file that contains the original off-line installation of my system partition, which can be used to create a new clean system partition at any time.

As long I can recover, I'm safe. I only need my Acronis Rescue CD and my external harddisk to recover my two internal harddisks in the worst scenarios.

And of course there are plenty of horror stories to discourage any user and make any security setup look useless, but those stories never happened to me.
We will talk about this when it REALLY happens. :)

In light of all the recent HIPS threads, I thought this may once again become a good question. I'm still not completely sure an Antispyware is needed with FireFox, but surely in todays times something like paid or free ProSecurity and SSM, or even Cyberhawk would be good to have when using FF, right? Also, Spyware Terminator has HIPS, and even Windows Defender which I heard has improved greatly, has some other types of protection independent of what browser you may use.

-{ Quote: "Alright I'm not trying to be rude here but I want people to realize that Firefox is no longer "secure through being obscure" and such. It's got a larger market share now. It's being attacked and targeted. True Mozilla is better with patching sometimes, but let's stop acting like Firefox is this big virus and spyware barrier when quite frankly it's not.
" }-

Hello,

With all due respect, could you please show me one exploit that works in Firefox, as in "you visit a page and get owned"? I asked for this a thousand times and no one ever provided me with a single example.

Those blanket-coverage sentences are a pure marketing propaganda. Nothing else. Fear mongering. Because once the common people realize that you do not need to spend 80-200 dollars on "protection" and that it can be accomplished fairly simply with a 5Mb free browser - superior one at that too - and a single 100Kb extension - lots of money-makers and war profiters will go down. For the time being, they will write articles claiming that "security experts" say Firefox is secure and all that .... but in recent months, there has been an increased "hacker" activity and Firefox has many bugs and exploits ...

Extrementus Bovinus.

On topic:

I agree with sukarof. Real-time anti- is not needed. Of course, it's relative and depends 100% on the user. My needs do not require one. Firefox + Noscript is probably the highest level of web peace optimization you can get for Windows systems.

Mrk

I have not tested it my self yet, but doesnt IE7 have something called "safe mode" where everything dangerous is disabled so it will act like FF with noscript? Like javascripts, user rights set to low and so on?

I read about this IE7 "safe mode" before IE7 was released. But I still cannot figure out how to invoke it. :(

-{ Quote: "I have not tested it my self yet, but doesnt IE7 have something called "safe mode" where everything dangerous is disabled so it will act like FF with noscript? Like javascripts, user rights set to low and so on?" }-

What about using Arovax Shield for Cookies, or Cyberhawk for Unknown Threats along with NoScript?

can't you just disable java?

-{ Quote: "I read about this IE7 "safe mode" before IE7 was released. But I still cannot figure out how to invoke it. :(" }-

accessories and in one of subfolders there it is internet explorer safe mode for IE7.
lodore

I'm using AVG ISS, but as AVG Anti-Malware by custom uninstalling Firewall. Instead I have ZA Free Firewall because it is more informative. My question now is, do I even need the Anti-Spyware Component installed if I'm using Firefox with NoScript? It seems to take up a lot of memory, and from what I understand never catches anything in RealTime. The actual AVG Anti-Spyware program by itself is fuller and more featured, and does at least find things during a scan. It just seems to make more sense to use ZA Free and AVG as the Pro version of the Antivirus, and maybe Arovax Shield or Cyberhawk for added peace of mind. Both softwares use much less memory, and may be a better choice to use with Firefox.

Just a side note. Since SuperAntiSpyware like AVG Antispyware never seems to find anything during a scan, is what leads me to believe you don't need RealTime AS with Firefox.

Makes sense to me duke1959. :D

Yeah, but I still like the idea of a Behavior Blocker like Cyberhawk. The thing is though, I wonder if CH would even be needed with Firefox and Noscript?

-{ Quote: "I'm using AVG ISS, but as AVG Anti-Malware by custom uninstalling Firewall. Instead I have ZA Free Firewall because it is more informative. My question now is, do I even need the Anti-Spyware Component installed if I'm using Firefox with NoScript? It seems to take up a lot of memory, and from what I understand never catches anything in RealTime. The actual AVG Anti-Spyware program by itself is fuller and more featured, and does at least find things during a scan. It just seems to make more sense to use ZA Free and AVG as the Pro version of the Antivirus, and maybe Arovax Shield or Cyberhawk for added peace of mind. Both softwares use much less memory, and may be a better choice to use with Firefox." }-
I run a similar setup to you where i only use the av+as part of avg iss. It does use more memory but there no noticeable slowdown. If you have sufficient memory then i would keep the as component, just in case something gets thru.

Yeah I don't notice any slowdowns either farmerlee. It's just I thought using Cyberhawk instead of the AVG Antispyware Component, would not only reduce memory usage, (CH was around 10MB on average with it's two processes running, where AVG is up to 36MB) but also be a better and more realistic form of protection with FF.

Gotta ask this again since I just received some info in the Other Antivirus forum here in Wilders from the thread about if AOL AVS is better than AVG Ant-Malware. It seems someone there claims you cannot get infected by using Firefox. I'm starting to believe them, but I would rather have an excuse to hold onto my Security Software. So if anyone can read what was claimed in that post and report either there or here why any of us do need RealTime Protection with Firefox, it would save me a couple of uninstalls. Then again if it can't be proven that we need RealTime protection with Firefox, it would probably help me with my Wilders Security Forum obsession.

Hello,

duke, you should use your real-time AS or whatever because you love security and it's fun for you. You should NOT use your real-time AS or whatever because you live in fear from some unknown danger.

Attitude 1: fun and joy - and a chance to learn new things.
Attitude 2: fear will paralyze you, rendering your wit useless.

Do not ditch product A or B because it is 'unnecessary.' Ditch it because you feel you do not want to use it, for whatever reason, not because market pressure or such compels you into doing it. Because if that's the angle, you can sleep warmly at night.

Knowledge is the key here. You need to understand how things work. Once you do that, you will not need to ask the question you did. You will know the answer for yourself, based on things you have learned AND the experience you accumulated.

Mrk

Mskvonic. The reason I use different security programs is not because I live in fear of some infection, but for the fun. It is the fun however that is occupying way too much of my time. This will stop now though, simply because if I have learned anything I have the power to make it so. I thank you for your part in this however, as you have helped me understand even more that the obsession was taking some of the fun away. Take care and thanks again.

Version 2.0 of Spyware Terminator will have a shield for Firefox. I'd excited to see how this will turn out. :)

I have been anti-spyware free for over a year. Firefox w/ NoScript has been bullet-proof for me and I've tested it at both test and real-world sites. Even the Firefox exploits that have been touted as dangerous are stopped as long as javascript can't run. The only point of real-time anti-spyware is to stop exploits from coming in through your browser. NoScript does a better job of that over anti-spywares any day.

It also lets you only turn on javascript from only the web site your at, so you can filter out the crappy javascript ads being promoted from 3rd-party sites.

I love noscript.

Just wondering if it's possible to run PrevX1 and Cyberhawk together or would there be conflict?

What do people think?

I love NoScript, too, and use it, but there are several sites where I allow javascript... sites I trust and use often... but I wonder if this doesn't open a door. You never know. So I keep AVG AS active just in case. Never had a hit yet, though. Weekly scans (using a variety of products) are always clean.

Dan

-{ Quote: "I love NoScript, too, and use it, but there are several sites where I allow javascript... sites I trust and use often... but I wonder if this doesn't open a door. You never know. So I keep AVG AS active just in case. Never had a hit yet, though. Weekly scans (using a variety of products) are always clean.

Dan" }-

I'm not too clear about the following and I'd like someone to inform me.

In the interests of security, is it better to disable Java and JavaScript or if I'm running NoScript (which I am) does this filter out the potential ill effects of hostile sites which misuse Java and JavaScript to install malware on my computer?

Hello,

Even if you use java / javaScript, you should not be exposed to any potential exploits while using FF. I know there is not a single documented case of a drive-by that works in FF. None. Prove me wrong please.

The rendering of the java code is done via java runtime engine installed on the computer. This software is what you should keep up to date. Sun Java is configured to run its processes with reduced privileges, a sort of internal sandboxing.

Javascript is rendered directly inside the browser. FF is immune to javascript thingies. A few PoC thingies show up once in a while, a few people get a nice subject for their MSc or PhD dissertation, but nothing more than that.

Yet, if you wanna feel secure, you could use the Noscript to whitelist trusted sites. More than security, you will find that lots of sites will load faster without bloated script junk, but some others will not function correctly because most people are not talented enough to write good html + css and use server side scripting to do decent work of their websites.

Mrk

-{ Quote: "Hello,

With all due respect, could you please show me one exploit that works in Firefox, as in "you visit a page and get owned"? I asked for this a thousand times and no one ever provided me with a single example.

Those blanket-coverage sentences are a pure marketing propaganda. Nothing else. Fear mongering. Because once the common people realize that you do not need to spend 80-200 dollars on "protection" and that it can be accomplished fairly simply with a 5Mb free browser - superior one at that too - and a single 100Kb extension - lots of money-makers and war profiters will go down. For the time being, they will write articles claiming that "security experts" say Firefox is secure and all that .... but in recent months, there has been an increased "hacker" activity and Firefox has many bugs and exploits ..." }-

http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html

-{ Quote: "Myth - "Firefox is Secure" - Example

Reality - Firefox is anything but Secure with multiple unpatched vulnerabilities allowing exposure of sensitive data to local users. You only need one vulnerability to be insecure. Since Firefox v1.x was released, users have been exposed to over 150 security vulnerabilities and counting.

Secunia - lists (160) security vulnerabilities in Firefox, over (100) are rated Highly Critical. - Source

Notes - The number of Secunia "advisories" (41) does not equal the actual amount of "vulnerabilities" (160). Over 10 advisories have multiple vulnerabilities, look carefully. SA19631 - Lists 24 Vulnerabilities Alone!" }-

-{ Quote: "http://mywebpages.comcast.net/SupportCD/FirefoxMyths.html" }-
The person who runs this site has been proven years ago to be a scumbag. He used to run around all over various forums using different names hijacking/trolling threads making disparaging remarks about Firefox. He eventually was tracked and banned from most of them.

The funny thing is, some of the "myths" he lists have never been claimed by supporters of Firefox and and the rest of his arguments are irrelevant or have been easily disproved.

His sole purpose for the site is to get advertising money from hits on it. He has an agenda that involves bashing Firefox. If you actually look through the list, you can tell what a bunch of Barbara Streisand (B.S.) it is.

Some of his myths are "Firefox uses less memory than IE" and "Firefox loads faster than IE". Never has any developer or intelligent supporter of Firefox made these claims, yet this knucklehead lists them as if they are the gospel truth believed by Firefox users. (What a dillweed!):wacko:

FF with Noscript is indeed a fine protection but to make it near on invincible I run them through Sandboxie with no slowdowns or issues.

And then I am usually in PowerShadow mode so I don't feel there is a need for any realtime blacklists here.

I do an infrequent online scan every now and then with Kav or similar which never find anything to worry about.

That FF myths site, is it run by Mastertech?

Hello,

Welcome sky_dynasty, Mastertech et al.

Pointing to your site is NOT a proof of what I asked for.

Proof would be:

Here's a piece of code. Copy paste it to your notepad. Save as html.
Open this file with FF. You get pwned. QED.

No. There's no such proof, because no one can provide one. Except that Secunia lists oh-so many MSc subjects for your enthusiastic software engineers.

While you are at it, you should read about the new vulnerability in mouse cursor that affects IE but NOT FF. Oh, how insecure the FF is.... oh oh... wait! It's the MS cookie that got buggered once again...

Mrk

Immediate System Recovery softwares, like FDISR, RollbackRx, PowerShadow, ... allow malware to install/execute themselves.
ISR-softwares are NOT security softwares, they only REMOVE CHANGES, including malware during the next reboot.
If malware is installed and executed between two reboots or two scans of a scanner, it's too late.
So if you have only ISR as protection, your security is worthless, you only have a very good and fast cleaning method during reboot, that's all.

ISR doesn't remove only the bad changes, but also the good changes like security software and non-security software updatings.
If you like to keep those good changes, you have to disable the ISR-protection to allow these updatings.
That's a problem and you have to depend on your security softwares, when the ISR-protection is disabled.
Also the timing of software updatings is important, the safest way IMO is to do this right after reboot, when your computer is still clean.

Most softwares update themselves automatically at random during the day, which is also a problem, you can't accept them because your ISR-protection is ON and if you want to accept them, you have to turn OFF ISR-protection.
This means that you have to disable all automatic software updatings and do them manually right after reboot when your computer is still clean.