I'm in the market for the top Security software around. I've been searching the web for about 4-5 hours and I have some ideas but can you all help me list the top COMMERCIAL software for the following securtiy categories. Thanks!
firewalll-
HIPS-
anti-trojan-
NIPS software-
bufferzone-
keylogger-
sandboxing application-
virtual machine-
program checker-
external firewall-
router with good hosts file (whatever that means :wacko:) -
registry backup-
image backup-
registry monitoring-

Right now I use Kaspersky's Internet Suite as my anti-virus/firewall. I also have SystemMechanic Pro, Lavasoft's Ad-Aware Pro, and Advanced System Optimiser Pro.

These are the programs that I was thinking of buying online in the near future:

Sunbelt CounterSpy
SecureIT
VMWare
Panda TruePrevent
IceSword
RunSafe
Jetico
Safe'n'Sec Plus
PrevX
-Anti-Executables
Invircible
DefenseWall
virtual sandbox
Helios
SocketShield
BufferShield
DeviceWall

Ok that's it for now. Please let me know what suggestions or whatever you have. Any and ALL advice welcomed. I'd like my laptop/PC to be as secure as possible! Thanks!!

P.S. - what do you all think about Tor, Proxomitron, and Privoxy?? Someone just recently advised me to download and use all three of them at all times. (to keep myself safe) I was wondering what the experts here thought about that before I start using them.

Kman1,

Assuming you are behind a NAT router, save your money, time, sanity, system, etc. KIS is probably all you need, especially if you practice safe hex and keep your system updated.

The only thing you might want to look at is Sandboxie. It's good, free and will be of help when you want to surf to more dangerous areas on the net.

Also look at using Firefox (with noscript and site advisor extensions) or Opera.

Good luck.

I fully agree with this advice. If u really want to waste money go ahead.
OR if u still insist, read posts here at wilders for few months so that u can be aware of what u actually need. I see so many software in ur list with exactly same function. U can,t run two similar software together.

-{ Quote: "I'm in the market for the top Security software around. I've been searching the web for about 4-5 hours and I have some ideas but can you all help me list the top COMMERCIAL software for the following securtiy categories. Thanks!
firewalll-
HIPS-
anti-trojan-
NIPS software-
bufferzone-
keylogger-
sandboxing application-
virtual machine-
program checker-
external firewall-
router with good hosts file (whatever that means :wacko:) -
registry backup-
image backup-
registry monitoring-
QUOTE]

Wow, you'll get a huge variety of opinions on all of those !

I'd narrow it down a bit first. Think about what you feel the areas you wanted covered in the first place are depending on what your habits are and your level of expertise with HIPS etc.

Once your on access apps are sorted and work together well and cover the secuirty flaws you want to address - then think about on-demand stuff which to be honest you can have as many of as you wish.

In my experience, its the conflict of start up apps which can provide the biggest headache. More expereienced members will give you a good idea of which go together well and perhaps more importantly which don't !

Good luck with your choices.

I was looking for info about "InVircible" (I thought it was InVincible) and I stumbled on this website :
http://www.wizlife.co.za/content/index.cfm?navID=9&itemID=30

And this website is complaining about my Firefox :
-{ Quote: "Your browser does not support scripts, navigation is not visible, please modify your settings or upgrade browser" }-
I find that funny, because Wilders taught me the opposite.
You can use this website to test your browser. ;D

KIS is excellent. Two other combinations that will provide broad spectrum protection are...

1- Prevx, and AntiVir, and Kerio 2.1.5

2- Online Armor AV+, and Kerio 2.1.5

NOTE a- AntiVir and Kerio 2.1.5 are free.

NOTE b- Online Armor AV+ includes an integral antivirus (Kaspersky) as well as a HIPS, anti-keylogger, HOSTS protection, surfing protection, email guard, & other protective modules.

NOTE c- In the near future, Online Armor AV+ will add an integral firewall module, at no additional cost. When that occurs you won't need Kerio 2.1.5 any longer. Online Armor AV+ will function quite well on its own with no other apps.

Some observations concerning your list:

Ice Sword is free,so is GMER.Both are good rootkit scanners.
Helios is an alpha,very rough around the edges according to user feedback.
Sunbelt CounterSpy is working on a beta for version 2.0 that is an improvement over the old version.I'd definitely have this program on the short list.

so it seems that with my current setup (Kaspersky's Internet Suite anti-virus/firewall, SystemMechanic Pro, Lavasoft's Ad-Aware Pro, and Advanced System Optimiser Pro), all I need is Prevx, AntiVir, Kerio 2.1.5, and KIS?? (and an NAT router also)

Agreed?? sounds good to me and a lot cheaper as well. I just wanted to see what experts would have to say about it. By the way:

1. anything else that I just MUST have?? Just wondering.. (since I don't mind spending money on my laptop's safety :) )

2. What do you think of my current set-up? Is there anything you see that's redundant or that does the same job as another program I have? (or whatever)??

Thanks!

You probably need some patience and do some self-learning by reading the posts at the sub-forums titled "other firewalls", "other anti-virus software", and "other anti-malware software". By doing so, you will probably get a better general idea on what computer security is about and what good security applications are available. And then you would be able to ask more specific questions on computer security which would be more helpful to you. IMHO, the most important thing in computer security is to get a good understanding on what computer security is really about. The more one understands it, the fewer security applications are really needed to keep a clean computer. Otherwise, it will not help much even with all the security applications available installed on you computer.

KIS = Kaspersky's Internet Suite. You do not need to install a second copy of it, as you already have one copy installed. AntiVir is another anti-virus software. If you do not want to get rid of KIS, AntiVir is redundant. If you can configure the firewall of KIS properly, Kerio 2.1.5 is not a must either. My guess, according to the question you asked, is that you probably would have problem in configuring Kerio 2.1.5 at this time. If you can not configure some software properly, there is no point to have it. It also seems to me that Advanced System Optimiser Pro is a maintenance tool, and has nothing to do with computer security.

I hope you have also an image backup/restore solution :

Clean Images
You only can create CLEAN images during an OFF-LINE installation from scratch.

1. First Clean Image = winXPproSP2 + Drivers
The freeware "nLite" allows you to create a new "WinXPproSP2 Installation CD" that contains most of the security patches, which means you don't have to be on-line to install these security patches.
The only weak point is the ACTIVATION of winXPproSP2, which requires a very short internet connection.
All the rest is installed OFF-LINE (= without internet connection).

2. Second Clean Image = First Clean Image + all your softwares, EXCEPT
- application softwares that can't work without internet, like browsers, email-softwares, ...
- security softwares, like firewalls, scanners, HIPS, ...

These softwares don't need internet and can be installed off-line without problems.
Configure each software as much you can BEFORE taking the "Second Clean Image".

3. Third Clean Image = Second Clean Image + all softwares that need internet, EXCEPT
security softwares, like firewalls, scanners, HIPS, ...

These softwares are NOT security softwares, but they are useless without an internet connection, like internet browsers, email-softwares, ...
Configure each software as much you can BEFORE taking the "Third Clean Image"

4. Fourth Clean Image = Third Clean Image + all security softwares.
Some security softwares don't require an internet connection during installation and you install these softwares OFF-LINE, but don't update them yet.
Configure each software as much you can BEFORE taking the "Fourth Clean Image"

Some security softwares require an internet connection during installation (Windows Defender, A2, ...).
Install these softwares AFTER creating the "Fourth Clean Image".
If you don't have such softwares, the better.

Rules for all clean images
1. The timing of taking these clean images is very important and requires preparation on paper.
2. Never overwrite these clean images and don't use them for backup anymore.
3. Store these clean images in a separate folder on your external harddisk, because they don't belong to your daily backup folders.
4. Only use these clean images for restoration on a formatted or a safely erased harddisk.

Purpose of all clean images
The bottom line is that you need these clean images to start all over again from scratch, but without doing it manually and without any infection.
You most probably will need only one of the four images and that depends on from where you want to start the restoration.
For instance : if you have a total new security setup in mind and want a clean computer, you might restore the "Third Clean Image" instead of the "Fourth Clean Image".

Daily Images
AFTER the "Fourth Clean Image" you can connect to the internet and update all your softwares and take your first "Daily Image" and so on.

Separating your personal data
You might consider to separate your personal files from your system files by creating two partitions : system partition [C:] and data partition [D:], but that is entirely up to you.
I've done this since I have my new computer without any regrets.
It's very reassuring, when you don't have to worry anymore about your personal files, when your system partition is in serious trouble.

Immediate System Recovery
You might consider softwares, like FirstDefense-ISR, RollbackRx, ...
These softwares allow you to create snapshots of your system partition, which can be used for
- immediate system recovery (rollback snapshot)
- cleaning snapshots (frozen snapshot)
- creating different work environments
- creating different test environments
- having second backup solution (only possible in FirstDefense-ISR)

If you don't need all that, forget my post, it doesn't matter. :)

Hi Eric, I can hardly believe that a new commer can digest this stuff all in all!
Let him swallow bit by bit.

Hello,
A solid firewall and Firefox, for starters.
Imaging software for main course.
Linux for dessert.
Mrk

-{ Quote: "Hi Eric, I can hardly believe that a new commer can digest this stuff all in all!
Let him swallow bit by bit." }-
Well he only has to read it, which doesn't mean he has to do it now, he can do it one year later.
He said "Any and ALL advice is welcome", so I gave him a piece of my advice.

He can start with a simple daily full backup and find the right image backup software for his total system to do the job properly. :)

-{ Quote: "I'm in the market for the top Security software around. I've been searching the web for about 4-5 hours and I have some ideas but can you all help me list the top COMMERCIAL software for the following securtiy categories. Thanks!

NIPS software-

Right now I use Kaspersky's Internet Suite as my anti-virus/firewall. I also have SystemMechanic Pro, Lavasoft's Ad-Aware Pro, and Advanced System Optimiser Pro.

These are the programs that I was thinking of buying online in the near future:

Sunbelt CounterSpy
SecureIT
VMWare
Panda TruePrevent
IceSword
RunSafe
Jetico
Safe'n'Sec Plus
PrevX
-Anti-Executables
Invircible
DefenseWall
virtual sandbox
Helios
SocketShield
BufferShield
DeviceWall

Ok that's it for now. Please let me know what suggestions or whatever you have. Any and ALL advice welcomed. I'd like my laptop/PC to be as secure as possible! Thanks!!

P.S. - what do you all think about Tor, Proxomitron, and Privoxy?? Someone just recently advised me to download and use all three of them at all times. (to keep myself safe) I was wondering what the experts here thought about that before I start using them." }-

OK. I will try my very best to answer your question. If ask me any further questions here (or by PM if I forget to answer you). It is noted that all my comments regarding to the performance of the products are mainly based on my objective observations, reading on test reports. There is no personal perference is involved when picking a security product.

I assume you are not very technically knowledgeable, so I will recommend programs which are suitable for beginners to use. It seems you are willing to pay too, so I will suggest both free and commercial products.

First, there are many duplicating efforts in your categories. I will try to regroup your categories.

This is the security category:
-{ Quote: "
firewalll-
HIPS-
anti-trojan-
bufferzone-
keylogger-
sandboxing application-
virtual machine-
program checker-
external firewall-
router with good hosts file-
" }-

This is the backup category:
-{ Quote: "
registry backup-
image backup-
registry monitoring-
" }-

By the way, you may view my signature. It has my recommendations about different security products (anti-virus, software firewall, antispyware)

Note: I am by no means an expert. All the following are intended to be a reference only!

Security
There are the main categories:
- antivirus (also antitrojan, antikeylogger)
- hardware and software firewall
- antispyware
- classic HIPS
- virtualization/sandboxing

Antivirus (AV)
Although it is called antivirus (which is a misnomer), it is meant to detect more than just virus. A typical anti-virus usually detects viruses, trojans, keyloggers, backdoors, macros etc.

Free:
Avira AntiVir (highly recommend! :thumb: ) -- excellent detection on both known and unknown malware, but have far many false alarms of detection (eg AntiVir has 20+ while most have only about 3-6)
Avast -- much worse than AntiVir, but better than AVG: above-average detection on known malware, above-average on unknown malware, few false positives
AVG (not recommend!) -- the worst of the above 3: in contrast to quite many public memebers which recommend this product, I discourage it. Only so-so detection rate on known malware, miserable detection rate on unknown malware, few false positives. "Free" is not a good reason of picking that AV since there are 2 better alternatives.

Commercial:
Kaspersky (highly recommend! :thumb: ) -- excellent detection on known malware. It has been at the top-notch level for 3 years or more. Above-average in unknown malware, few false positives. It has also good self-protection.
BitDefender -- good detection on both known and unknown malware, few false positives
NOD32 -- It is light and use less system resources. Good detection on both known and unknown malware. I know quite many praise it highly. However some tests and observations (one performed by me (http://www.wilderssecurity.com/showpost.php?p=839371&postcount=33)) that it may be a bit overrated. I found that it seems to be weak at detecting malware in archives correctly. It seems it is worse in detecting trojans/keyloggers which concerns me most. That makes me not too comfortable when using it. Few false positives.
McAfee -- It used to be a very good AV. It tends to decline bit by bit every ear. Now it has good to above-average detection on known malware, above-average detection on unknown malware. It has good quality controls on signatures, so it generates very few false positives. Some may feel it is bulky.
Norton -- It used to be so-so in detection rates. Now it has good detection on known malware, but still poor in unknown malware detection. It has good quality controls on signatures, so it generates very few false positives. Some may feel it is bulky.

Note:
- AV Comparatives (http://www.av-comparatives.org/ ) has already listed a large number of good anti-virus programs. An AV program has to meet its entrance criteria before it is tested under AV Comparatives. Don't pick any other anti-virus programs which are not listed here. Chances are that they are worse than any of the listed one, or they are rogue software or scum software, or the vendors refuse to let the general public know its true performance results
- Forget about Panda and Panda TruePrevent. Its AV scores badly in the independent reviews. Panda refuses to continue participating in the independent review of AV Comparatives because it is dissatified with the results shown in the website. I would say if the company does not wish to let their product tested in the independent website, the chances are the company does not wish general public to know its true performance results. Guess why?
- Since there are many peer products available and their performance are proved by independent reviews, don't choose a product with unknown quality. Don't believe the hypes mentioned in the author's website!

AVs with multiple scanners:
- F-Secure
- Gdata AVK (German products. English support is limited)
- TrustPort
These are the AVs which uses more than 1 scanners from other companies. The performance is more or less (but not necessarily the same as) the combination of the scanners. It sounds like a better alternatives. But it appears they tend to be more bulky, tend to cause more instability problems. It scans longer since it uses more than 1 engine. But you can always download and try before purchase, so you can see how well they can run on your computer.


AV reviews
Here's the places where I base my comments on the performances of different AV:
http://www.av-comparatives.org/ (highly recommended! :thumb: )
http://www.av-test.org/ (recommended!)
http://www.virus.gr/english/fullxml/default.asp (it tests so many AV, some AT/AS products, good for some basic references on their performances, but not a definitive guide)
http://agn-www.informatik.uni-hamburg.de/vtc/ (good but outdated)
http://www.virusbtn.com/
http://www.icsalabs.com/

Excellent sources of anti-virus comparison reports!!
http://www.abxzone.com/forums/showthread.php?t=86202

Firewall

Hardware vs Software Firewall
http://www.webopedia.com/DidYouKnow/Hardware_Software/2004/firewall_types.asp
http://www.smallbusinesscomputing.com/webmaster/article.php/3103431

Hardware Firewall
A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. If you have a set of preset rules, it will determine whether the packet is to be forwarded or dropped. A router is what you need. Like other hardware, it is a standalone tangible product. You can buy in the store.

Software Firewall
In addition to the hardware firewall, you can also install software firewall to further improve your network security. Here is the recommendations:

Free
Jetico -- this is a good firewall. However it is just for the experienced users. It has excellent rates of leakage protection. Although this firewall can be attacked by different kill methods, no kill method can completely disable its rpotection, so you are still safe.
Comodo -- so-so leakage protection but excellent kill protection.

Free but not recommended
ZoneAlarm Free (not recommend!) -- it is too weak and has limited functions although it is free. Use better free alternatives.
Outpost Free (not recommend!) -- Performance-wise, this is not more or less the same as the good Outpost Pro. Please see problem1 (http://outpostfirewall.com/forum/showthread.php?t=15745) and problem2 (http://outpostfirewall.com/forum/showthread.php?t=17090). Outpost Free was released before Windows XP and has not been updated for it. It lags behind. Feature-wise, here's the differences between Pro VS Free versions (http://www.outpost.ie/outpost/profree.html). Here's the link for free product!! (http://www.agnitum.com/products/outpostfree/download.php).


Commercial
Outpost Pro (recommend) -- It has good leakage protection. It has excellent kill protection. Only a few killtest can partially break its protection, but you are still safe since no one can completely disable it. It is a support forum which provides different rules for different programs for you to download and import to your firewall, according to your needs.
Kaspersky Internet Security -- It has above-average leakage protection. It has excellent kill protection. Again only a few killtest can partially break its protection, but you are still safe since no one can completely disable it.
ZoneAlarm Pro -- It has good leakage protection, and above-average kill protection. However there is an incident that it may be involved in spying for years (http://www.spamdailynews.com/publish/ZoneAlarm_phones_home.asp). The case is ZoneAlarm still send encrypted data to 4 of its servers even if the user tells it not to do. Do your own diligence and judge yourself on this issue.
Norton Internet Security -- It has good leakage protection, and above-average kill protection. It is easy for beginners to use. It has a feature which can set rules automatically for the programs it knows about. However this may pose some security problems since it may misset some of the rules which you don't notice.

The following products are not recommended since they can be terminated easily (there is no point to use them even if there is a product which has perfect leakage protection but too easy to be terminated):
Product==========Failures in Kill-test
Sunbelt Kerio============16
Netveda===============22
Look'n'Stop=============31
Filseclab Pro============34

Firewall Tests
There is only 1 firewall test which I find it good and useful. It is from www.firewallleaktester.com . It has 2 types of tests:
Leak-tests: http://www.firewallleaktester.com/tests_overview.php
Kill-tests: http://www.firewallleaktester.com/termination_overview.php

Leak-tests are tests to see how good a firewall is to prevent the malware from bypassing its protection and transmitting information to the bad guy. Note that one can always tighten their firewalls by configuring the rulesets in order to pass the leaktests.

Kill-tests are tests to see how good a firewall is to prevent itself from being terminated or nullified by the malware.

Questions:
Do I need anti-trojan to detect trojans?
Is anti-trojan necessarily better than anti-virus in detecting trojans?
Is anti-trojan realy necessary?
(Similar questions can be applied to anti-keyloggers)


Short answer:
No. Go for HIPS and sandbox solutions. It offers a more extensive protection and protect you in different aspects.

Strange but true, anti-virus(AV) performed much better than anti-trojans(AT) in on-demand tests (eg the top AV can detect over 90% trojans, but most AT cannot even achieve 50%), although there are some minor things AT might be better than AV. If you feel you need an anti-trojan, use the free ones. Don't waste your money on paid ones. Similar logic can be applied to anti-keyloggers.

For free and good anti-trojans, you may try Ewido (it is called AVG anti-spyware now). It has far more signatures than the rest of the antit-trojans (so it can detect more trojans and other malware). It has only on-demand scanners (ie scan on user requests). It has no real-time protection, but that doesn't matter since your anti-virus program will take care of them too.

For details on the reasons and alternatives security products to protect you against these risks, see:

Is a dedicated anti-trojan program really needed?
http://www.wilderssecurity.com/showpost.php?p=855828&postcount=13

Anti-trojan tests - you can do your own dilgence :)
http://www.wilderssecurity.com/showthread.php?t=150192

--------------------------------------------------------------------------------------------------

Questions:
Are more security products = better protection of my computer?
Should I install as many security products as possible?
Should I install more than 1 resident anti-virus, 1 firewall, 1 anti-spyware?


Short answer:
No. "More security products" is not equal to safer. You may actually make it worse for the following reasons:
- overkill since a lot of security aspects are overlapping with one another
- possible instability, crashes and conflicts
- compatibility issues which may cause you more headache as a beginner
- you may be wasting money and time for no practical benefits (or additional headaches/problems)

Also don't install more than 1 resident anti-virus, 1 firewall, 1 anti-spyware. It is going to ask for trouble.
However you may run 1 resident program supported by many on-demand scanners.
For details, see http://www.wilderssecurity.com/showthread.php?t=147096

Anti-spyware

If you would like to know how your anti-spyware performs, there is a good review website http://malware-test.com/antispyware.html

Please read the following table (result present as a table for easy reading and comparing purpose) and do your own diligence:
http://www.malware-test.com/images/total11.png

(higher number means higher detection rates)
red color = 1st rank
yellow = 2nd rank
green = 3rd rank

If you wonder why the result from 11th round is very different from other previous rounds, it is because the samples are collected from Honeynet (simply speaking, places for real malware collection and research) in this round.
This should somewhat represent the real situations on how well your anti-spyware can protect you against adware/spyware emerging every day on the Internet.

If you wonder why anti-spyware performs much worse in real world situations, it is because malware writers will keep using new malware to infect your system. While old malware will keep circulating, they will keep using the latest hackology to crack/infect your computer. I may make an educated guess that anti-spyware can manage to get 10-30% of ad/spyware detection rates, while anti-virus can manage to get 30-50% in real world situations.

How well anti-virus possibly perfrom in real world situations:
http://www.wilderssecurity.com/showpost.php?p=839371&postcount=33

HIPS / Sandbox

Info about HIPS
HIPS = Host-based Intrusion Prevention System

There are many ways to classic different types of HIPS.
To simplify the matters, here's the types of HIPS according to my classification:
- behaviour blockers (ie the ones which will prompt based on the behaviour of the program. The decision is made by you or the HIPS or a mix, depending on the programs. Different HIPS may offer different coverage of porteciton against potentially malicious behaviours)
- sandbox / virtualisation (ie instead of distinguish between good or bad behaviours, they try to isolate any untrusted programs. Any changes made by that program will be isolated. Thus the changes made within the isolated areas will not affect your actualt/real system)

HIPS FAQ
http://wiki.castlecops.com/HIPS_FAQ

Discussions about types of HIPS
http://www.wilderssecurity.com/showthread.php?t=152694

======================================================================================

There are so many HIPS available in the market and there is no test which largely test the performances of these products, so it is rather hard to pick a product of this kind. It seems we need to pick a product based on our own (subjective) experiences or feeling.

Behaviour Blocker
They are the complementary to your existing antivirus/firewall/anti-spyware software.

However as a beginner user, try to avoid any HIPS which requires much security knowledge to use. This would include HIPS which prompt you (without advice) for a decision on a behaviour/action made by a program (eg System Safety Monitor), since it is very likely you will make decisions casually or make wrong decisions, or are being cheated by a malicious program to allow its actions.

You should choose an HIPS product which will help you make decisions (eg offering online databases, learning modes, prompts with advice etc.) You may try the following products:

Newbie chocies
- Prevx1 (it has an online community database to make decisions and protect you against malware)
- Online Armour (it also has an online community database)
- GesWall (this one is completely free, but it works a bit different. It makes use of access policy to control how a program access to the resources. You can set a specific program to run as "trusted (isolated)". It will pose more restrictions on this kind of program. Many changes will not be saved by this program)

Require some learning
- ProcessGuard (you need to run it in learning mode first in order to let the program to learn your system, or you will have many prompts)

Not tried yet, but may be worth a trial
- Kaspersky 6 - PDM component (Haven't tried, may be a good combination with its antivirus / firewall, but it requires you to make the right decision)
- Safe 'n' Sec (it has "Intelligent Decision Make". Haven't tried. Seems to be suitable for beginners too)

Only for advanced users
- GhostSecurity, including Appdefend and Regdefend

Some indepedent reviews on HIPS:
- http://www.wilderssecurity.com/showthread.php?t=153910
- AV Comparatives did some tests on HIPS too (http://www.av-comparatives.org/seiten/comparatives.html) (the report is called "Comparative of various protection tools")
- http://kareldjag.over-blog.com/0-categorie-69553.html
- http://security.over-blog.com/

======================================================================================

Sandbox / Virtualisation - HIPS for newbies
Run all try to isolate any untrusted programs. Any changes made by that program will be isolated. Thus the changes made within the isolated areas will not affect your actualt/real system

Free
- Sandboxie (recommend!) (this is free restricted version. Some advanced features are locked unless paid. However most of the basic features are available, and you can use it as long as you can. The free version is still great. Remember you should terminate the sandbox / all untrusted programs before doing anything which require safety [eg online banking])
- Bufferzone SAE (not good: it has several versions. Each is designed for a particular product only. Limited use. It is better to stick with sandboxie which can be used by all executable programs)

Commercial
- Bufferzone Pro (yes, this one is similar to sandboxie which can work with all executable programs)
- DefenseWall

Os-level sandboxing / virtualisation (safer than aplication-level sandboxing)
- VMWare
- Altiris Virtualization
Note: There are more to do than merely safety issues.

Hello,

Wai wai I must disagree with you on several points.
But the major one is the firewall termination issue.

When you run a program ... locally ... with admin privileges - it's over. Firewalls are supposed to protect from external threats. Not from your own folly. You could as well say boot from a floppy and erase the hard disk. Why not? Where is the protection there? One you do something locally - game over.

Firewalls should be valued by their ability to filter traffic. That's all. Everything else is fancy, including nips, hips, chips, web annoyance etc. And the ability to be configured safely with minimum effort so that even noobs will be able to use them efficiently.

Jetico is a great firewall, but being adequate for about 0.000000001% of users, it is a bad firewall. Good for Wilders hardcore hobbyists, bad for someone who thinks computers are magic.

If you get infected and something kills your firewall - unplug the line. Very simple. Nothing gets through.

Mrk

Other questions answered

OK. Try to answer questions asked for specific products.

> Sunbelt CounterSpy
This anti-spyware is good, better than your ad-aware. You may try.
but it may be a bit bulky. Doesn't matter if you have fast/good hardware.

> SecureIT
Hey, this is not for you. 8)
SecureIT helps organizations assess their vulnerability to a broad spectrum of technological and other risks.


> VMWare
This is OS virtualisation.
You may use it for safety purpose, but there are many other purposes too (eg testing applications, avoid dll conflicts)

> Panda TruePrevent
Forget this one. Performance is bad. Refuse to participate in independent review of AV Comparatives.

> IceSword
Can be used to analyse rootkits.
Forget it. Not for beginners.

> RunSafe
Run program as limited account (restricted).
In Windows XP, you can be a limited user, power user, adminsitrator etc.
Limited user has the least rights, defined by Windows XP.
You may change the rules, if you know how to.
Another alternative: DropMyRights (completely free).

> Jetico
Explained in firewall section.
Not for beginners.

> Safe'n'Sec Plus
> PrevX
> DefenseWall
> virtual sandbox <-- not good in my opinion
See HIPS section for details

> Anti-Executables
Simple program.
Only run programs which have been trusted.
Any program which is not in that list will not be able to run.

> Invircible
Forget it.
Stick with the reputable or top-notch AV.
Avoid unknown AV program. May be rogue.

> Helios
What is it?

> SocketShield
> BufferShield
Forget it.
Stick with the choices recommended in my HIPS sections.

> DeviceWall
Are you afraid of someone who will plugin a (movable) device and steal your data?
If not, save it.


-{ Quote: "P.S. - what do you all think about Tor, Proxomitron, and Privoxy??" }-
Tor and Privoxy will run together.
This is called proxy surfing. It is more to do with anonymity/privacy, not security. However there are many implications about proxy surfing and anonymity. It will also slow down your browsing.
Forget it if you do not have specific needs for that.

Proxomitron is to control how website can display.
It filters codes before a website is displayed.
It is multi-purpose, including security ones.
You may run it, but you need to learn how to use it. Not for beginners.

Alternatively you may try McAfee SiteAdvisor. It will tell you which website is good, cautious, or dangerous. It has an analysis page for each website, so you can know more details in case you wish to know.

Final word on choices of security products (Please read!)
Don't try every security product which sounds great or wonderful, or which just come across you. They may be after all hype. There are many rubbish security products on the Internet. Some even produce scum-typed or rogue security products to rip your money off, or install additional malware to your system.
Only pick your choice from the most reputable ones (eg the ones in my abovementioned posts).


Hope all the above helps.
Please spend some time to read through all of them.
It should help you much in security.
Tell me what you feel.
See you. :)

-{ Quote: "Hello,
Wai wai I must disagree with you on several points." }-
That's fine.
Beware that since the above posts are intended to be read by a newbie/beginner (or the questioner), and it is never intended to be complete, I may leave out many details or don't explain something in depth.


-{ Quote: "But the major one is the firewall termination issue.

When you run a program ... locally ... with admin privileges - it's over. Firewalls are supposed to protect from external threats. Not from your own folly. You could as well say boot from a floppy and erase the hard disk. Why not? Where is the protection there? One you do something locally - game over." }-

That's why it is dangeorus to run as an administrator account - too many (bad) rights. However it is also an annoyance to run as a limited-user account.

I think every security program (not just firewall) should try to protect itself form being modification/termination/hijacking etc. What's the point of having the best protection if your protection can easily be disabled? It is equal to installing many locks on the door but you leave the keys under the door-carpet.

Plus it is still not 100% fool-proof that the security program will never be modified or terminated if you run in a limited-user account. There is always a vulnerability in the operating system.

-{ Quote: "> SecureIT
Hey, this is not for you. 8)
SecureIT helps organizations assess their vulnerability to a broad spectrum of technological and other risks.
" }-
Secure-It (http://www.sniff-em.com/secureit.shtml) (notice the hyphen) on the other hand, can be used for tightening Windows/Internet Explorer settings. supposedly it may break some things tho.

btw keep up teh informative posts Wai_Wai :thumb:

-{ Quote: "
I think every security program (not just firewall) should try to protect itself form being modification/termination/hijacking etc. What's the point of having the best protection if your protection can easily be disabled/bypassed? It is equal to installing many locks on the door but you leave the keys under the door-carpet.
" }-
I side with Mrkvonic here. A firewall is meant to filter packets and that is it. All of this application control and other stuff is add ons that go beyond the original purpose of a firewall. An av is for detecting viruses and other malware based on signatures and heuristics. A HIPS like Process Guard, SSM, etc. is for protecting processes, allowing a user to control which executables run, etc. It is pretty worthless for every single program to try and protect its own termination, when one application can do the job that all of your security apps are trying to do simultaneously.

Secondly, I don't think you should include outpost free as a viable option. See here (http://outpostfirewall.com/forum/showthread.php?t=15745) and here (http://outpostfirewall.com/forum/showthread.php?t=17090) :-\

Thirdly, AVG bashing isn't the best thing to do. The av is continually improving and the detection really isn't that bad. However heuristics on the other hand need a little bit of work.

Fourthly, Comodo probably has the best leak detection out there along with Outpost. I don't know why you call it so-so :-\

Fifthly, I use Secure-it and it is nice for hardening the TCP/IP Stack in case your firewall gets knocked out of permission. Required, no, but helpful in case something happens, yes

Sixthly, virus.gr is pretty bad at testing, so I don't think it is a real valid link to be giving to people, especially beginners who take one test a little to far ;) .

Just some pointers though...
--------------------------------------

To the original poster:

I would stick with the basics for security. You will need a good firewall like ZoneAlarm, Comodo, Ghostwall, CHX-I, or even Windows SP2 firewall, a solid av like KAV, NOD32, Antivir, and maybe a HIPS like System Safety Monitor or Process Guard if you feel ready for them. This will be sufficient for your security. Also, I always recommend browsers other than IE because of the fact I like them more ;D . Opera is always an excellent choice. Remember to play around with some of the choices given by users here and find what you personally like and what fits your system the best.

Cheers,

Alphalutra1

-{ Quote: "Fifthly, I use Secure-it and it is nice for hardening the TCP/IP Stack in case your firewall gets knocked out of permission. Required, no, but helpful in case something happens, yes" }-
isnt that what harden-it does? iirc secure-it is for hardening IE.

-{ Quote: "isnt that what harden-it does? iirc secure-it is for hardening IE." }-
My bad.... ;) Get all those hardening things messed up sometimes, you know harden-it, secure-it viagra, ... ;D

Alphalutra1

-Secure your network: A NAT+SPI router or better yet a UTM Linux distro in a spare box
-Diagram a backup and partition strategy
-Protect your important personal data
-Make strong passwords
-Harden and update your OS and apps
-Use secure apps, specially for dangerous activities like surfing, mailing, etc

After that choose a "good enough" firewall, a top AV with HTTP scanner and a user-friendly HIPS or sandbox

Don´t forget common sense and don´t stop learning

-{ Quote: "I side with Mrkvonic here. A firewall is meant to filter packets and that is it. All of this application control and other stuff is add ons that go beyond the original purpose of a firewall. An av is for detecting viruses and other malware based on signatures and heuristics. A HIPS like Process Guard, SSM, etc. is for protecting processes, allowing a user to control which executables run, etc. It is pretty worthless for every single program to try and protect its own termination, when one application can do the job that all of your security apps are trying to do simultaneously. " }-

I can't see the point.
If a malware can easily disable AV before it can detect the malware, what's the point of using it, even having the perfect detection?
So you are probably not password-protect your security programs/settings since you don't care it will be modified or terminated? If it is modified/termianted, it is usually done silently. your GUI may look fine. your AV may look fine, but it is actually changed. It can no longer detect that malware. What's the point of using this product if it cannot perform its task? That's beyond me.

Another point you made is since you can use third-party software to rpotect your security programs, so this is not a problem. But I still feel it is good for the product to be responsible to protect itself. Remember not everyone will run third-party software to remedy the problems posed by the security program itself. That is why the program should protect itself from being killed (it is within its scope).

By the way, here's another interesting question I would like to discuss. One says this software firewall (FirewallX) is intended to block incoming traffic only. Thus it is no problem even if it can't block *ANY* outgoing traffic. The reason is it is the user responsibility to make sure the system is free of malware. If there were no malware in the system, there is no need to control outgoing traffic. Therefore FirewallX is as strong as FirewallY (which intends to protect both incoming and outcoming traffic).

That's my opinion. No matter how one defines the scope of a software, it doesn't change one fact, the weakness is still here. It will not be removed if you change the scope of that security program, although it may be a good excuse of not enhancing your software (since you don't care about it). If you can choose between 2 firewalls:
- good incoming + outgoing traffic control, but no self-protection
- good incoming + outgoing traffic control, with strong self-protection
Which one will you choose?


-{ Quote: "
Secondly, I don't think you should include outpost free as a viable option. See here (http://outpostfirewall.com/forum/showthread.php?t=15745) and here (http://outpostfirewall.com/forum/showthread.php?t=17090) :-\
" }-
Good points.
I didn't realise it.


-{ Quote: "Thirdly, AVG bashing isn't the best thing to do. The av is continually improving and the detection really isn't that bad. However heuristics on the other hand need a little bit of work." }-

To simplify the matter, just quote from AV Comparatives:
It is rated:
- 4 "standard" rating
- 3 "grey" rating (worse than standard)
- NEVER get any advanced or advanced plus rating


-{ Quote: "Fourthly, Comodo probably has the best leak detection out there along with Outpost. I don't know why you call it so-so :-\ " }-

To simplify the matter, just quote from the result of Firewallleaktest.
It is much lower than Outpost.


-{ Quote: "Sixthly, virus.gr is pretty bad at testing, so I don't think it is a real valid link to be giving to people, especially beginners who take one test a little to far ;) ." }-

Its methodology is not as good, nor the test is as comprehensive as AV Comparatives. Actually the methodology of virus.gr is crude.
However the good thing is no test site manages to have the test results of so many products. If you can't find any performance report of your security program, you may get some basic ideas here. As I stated beside the link, it is good for some basic references on their performances, but not a definitive guide.
Although the test result is not as reliable as AV Comparatives, I personally will not simply discard its result completely because it has some problems. Anyway I give this link, and leave the final decision to the reader to choose whether they would like to read it too or completely discard it.

just think would a newbie be running a HIP's that stops processes from being terminated? i think the anwser is a big fat NO!

so av's and suites and other secuirty software should protect itself termination.
and why pay more money to protect your av from termination by using a HIPS?
should the av protect itself because if it doesnt its not really doing its job.
lodore

Hello,

Wai wai, you say "malware can disable av" ...
How does that happen?
You run a file on your machine.
It's no different than taking a hammer and smashing the mobo.
Don't run malware on your computer and you will not need to worry about the firewall getting terminated.

Let's say you have the best of the best of the best firewalls. It's still useless if you boot from floppy and delete the partition it resides on, right? This is the local access in the extreme - but still an example where a user actively does damage.

Malware like thermite, wallbreaker etc - they all require that you:
1. Download them.
2. Double-click them.

That's TWO steps for making ruins of your machine.

Answer: don't do them.

If firewall needs to protect itself, why not Office? Or files? How about files that won't get deleted? That's protection from a mistake, isn't it? If you need to protect the programs from the user - there is a huge problem in the entire concept - either the user or the programs.

Mrk

P.S. AVG is a great free AV, not for everyone's taste, but definitely a solid choice. Does what needs to be done.

-{ Quote: "Secure-It (http://www.sniff-em.com/secureit.shtml) (notice the hyphen) on the other hand, can be used for tightening Windows/Internet Explorer settings. supposedly it may break some things tho.
" }-

Haha... Funny.
I haven't heard of it. Is it secure to use secure-it? 8)
It seems we can acheive the same by configuring the system ourselves (although this tool provides convenience).

Alternative hardening tool: SafeXP (http://www.theorica.net/safexp.htm)


-{ Quote: "btw keep up teh informative posts Wai_Wai :thumb:" }-
Thanks, but just call me Wai Wai (notice the underscore). ;)
No one calls me with an underscore. :P

-{ Quote: "Hello,

Wai wai, you say "malware can disable av" ...
How does that happen?
You run a file on your machine.
It's no different than taking a hammer and smashing the mobo.
Don't run malware on your computer and you will not need to worry about the firewall getting terminated.

Let's say you have the best of the best of the best firewalls. It's still useless if you boot from floppy and delete the partition it resides on, right? This is the local access in the extreme - but still an example where a user actively does damage.

Malware like thermite, wallbreaker etc - they all require that you:
1. Download them.
2. Double-click them.

That's TWO steps for making ruins of your machine.

Answer: don't do them.

If firewall needs to protect itself, why not Office? Or files? How about files that won't get deleted? That's protection from a mistake, isn't it? If you need to protect the programs from the user - there is a huge problem in the entire concept - either the user or the programs.

Mrk

P.S. AVG is a great free AV, not for everyone's taste, but definitely a solid choice. Does what needs to be done." }-
I think you are missing the point mostly av's are used by newbie that dont know what anything about security and dont know that the sites they visit contains malware that can disable there security software, in this case we need av's that can protect them selfs and stop the malware.
if you owned a big business and found out the security software you use in you whole business can be shutdown by some malware you wouldn't be happy would you? not having malware on your system is fine if you know what malware is and are safe on the internet.
lodore

-{ Quote: "Malware like thermite, wallbreaker etc - they all require that you:
1. Download them.
2. Double-click them.
That's TWO steps for making ruins of your machine.
Answer: don't do them." }-

It is because malware doesn't always need to ask for your permission before it can execute. Another misconception is "a user will not be able to get infected if it keeps its OS up-to-date + practice safe browsing & common senses + don't execute any suspicious files/attachements". Another user has asked similar questions previously, so instead of repeating the same thing again, go and read:
http://www.wilderssecurity.com/showpost.php?p=870348&postcount=108
http://www.wilderssecurity.com/showpost.php?p=876442&postcount=117

The only way to not get infected in any way is to unplug your connection to the Internet. I remember that a moderator called bigc73542 contains such a signature which says:
*puppy* The Only Safe Computer Is Unplugged *puppy*

By the way, if it were so easy to kick all bad guys out of our home, ErikAlbert would find himself so stupid to waste so much time to image its drives and keep rolling back changes on every startup. ErikAlbert would even assume its computer is infected once it is connected to the Internet (not a really bad assumption actually ;) ).


-{ Quote: "P.S. AVG is a great free AV, not for everyone's taste, but definitely a solid choice. Does what needs to be done." }-

Avast and AntVir are also free, in case if you don't notice.

As to how solid AVG is, all the above comments are based on the test reviews (no subjectivity involved!), so it is very easy to verify (unlike other people's).
Instead of relying anyone's comments, everyone should simply visit, for example, AV Comparatives (http://www.av-comparatives.org/seiten/overview.html) and judge themselves:
AVG - 4 standard ratings and 3 unclassified (grey) ratings.
Never get any "advanced" nor "advanced plus" ratings.

-{ Quote: "I think you are missing the point mostly av's are used by newbie that dont know what anything about security and dont know that the sites they visit contains malware that can disable there security software, in this case we need av's that can protect them selfs and stop the malware.
if you owned a big business and found out the security software you use in you whole business can be shutdown by some malware you wouldn't be happy would you? not having malware on your system is fine if you know what malware is and are safe on the internet.
lodore" }-

Yes, this is one of the valid point - to take care of the newbies.

However it is useful for (advanced) surfers with basic common senses too. Security is a losing game for defenders. For example, it is possible for a hacker to remotely attack your computer. That's why hackers can amange to hack even the most famous websites' servers, making them losing thousands of dollars. Sometimes you just don't know how serious the problem may be. Here's one case where a flaw in Microsoft Internet Explorer's image rendering capabilities may allow attackers to execute code remotely, according to security experts.
http://www.builderau.com.au/news/soa/Unpatched_IE_flaw_allows_remote_attacks/0,339028227,339199780,00.htm

Yes, they are safer than IE. The ranking is Firefox/Opera > IE 7 > IE 6. But don't jump into the conclsuion that Firefox/Opera etc. are definitely safe. No software or portection is definitely safe. They always have bugs/vulnerabilties which could be exploited without user intervention.

Another valid point is more protection is better than less. Since self-protection is one of the critical aspect (if it is [silently] disabled, it becomes totally useless), it is always good to have it.

Use what was said if you will as a reference/manual lol.
I will stick with a simple orientation.
-Get a firewall. Comodo is free and one of the best:thumb: . No use buying one.
-Get a sandbox. Sandboxie and GeSWall are on the top and are free:thumb: .
-Get an AV. If you want the best, maybe NOD32, or Kaspersky, or others that were mentioned. But the free Antivir and Avast! aren't that far from these.
-Get Opera or Firefox. Better features and more secure. Free lol :thumb:

The firewall filters what can get through.The sandbox isolates the browser for instance to prevent anything leaking from it, complementing the firewall. The AV checks if anything got through.
Most of the time this will keep you safe. But Spyware can get through somehow, if you're concerned with it (some people aren't). Then you can get Spybot Search and Destroy, AVG Anti-spyware, A-squared and Superantispyware, all free, and on-demand scanners. Thet all have resident shields, but that's amounting too much shields and except for Spybot, they are paid.
This would be a great start. And it's possible you won't want/need anything else. All free or some paid if you really want to.

-{ Quote: "
To simplify the matter, just quote from the result of Firewallleaktest.
It is much lower than Outpost.
" }-
To simplify the matter, Comodo v. 1.1.005 was tested. Comodo is currently v. 2.3.4

And I will have to back up mrkvonic again. A firewall was not meant to be a HIPS, it was meant to filter packets which were coming to the computer and determine which were correct and which weren't. I would also choose the firewall without the self protection. Leak testing and kill testing are losing battle for the good guys, a new method by the bad guys is always coming out. No leak test is infallible, and if a driver gets installed, then it can go by undetected. Same goes for the kill tests.

Each piece of security software is meant to perform its specific task, and it should excel in that task or else unecessary code has been put into the product and it becomes more and more bloated.

Cheers,

Alphalutra1

Hi

Wai Wai, why do you think malware-test.com is fair or impartial? See site admin comments regarding there testing at:

http://forums.superantispyware.com/viewtopic.php?t=265

Thanks
rico

-{ Quote: "By the way, if it were so easy to kick all bad guys out of our home, ErikAlbert would find himself so stupid to waste so much time to image its drives and keep rolling back changes on every startup." }-
True, backup is always the most important security layer and the only one you can trust if done correctly. But I´m not fan of rollback changes at boot, my PC is usually up days and weeks
-{ Quote: "ErikAlbert would even assume its computer is infected once it is connected to the Internet (not a really bad assumption actually ;) )." }-
Theoretically right, practically a little paranoid. You should detect an abnormal behavior, I don´t know of a totally silent ITW infection.

-{ Quote: "But don't jump into the conclsuion that Firefox/Opera etc. are definitely safe. No software or portection is definitely safe. They always have bugs/vulnerabilties which could be exploited without user intervention." }-
Very right indeed. But being third-party apps separated from the inner of the OS and being fully controled(NoScript, cookie management, etc) makes them a lot more secure

Hello,

Wai Wai,

You're talking about newbies doing mistakes. What about a newbie who "accidentally" deletes a few files in system32 or a driver in safe mode? What protects from him?

BTW, I think that you can stay safe from any malware regardless of how up to date your OS is and what security you run. You do NOT have to get infected if you connect to the Internet. It's all up to the user.

Your security setup = this + this + this does not change much. There is no reason you should ever see your setup do anything - react to an attack or such.

As to malware executing itself - again, the solution is very simple. If you can, avoid such sites, but if not, just use an alternative browser, possibly with a javascript filter and you'll be fine. There's no black magic involved.

Furthermore, I don't trust online comparatives at all. In those tests, Symantec always gets a very high grade, while my experience tells me a different story.

You say FF and Opera are not definitely safe. I'll say, for the thousandth time. Can you please show me a working example where a FF / Opera users gets hit by drive-by download?

Mrk

Don't forget your tinhat as well :|

;)

Running as a limited user and setting correct folder permissions (eg removing everyone access and add limited user read only settings to system folders) will stop a lot of viruses and malware.

I've never run more than an spi firewall (currently on my router AS well as NAT) and a decent anti virus software.

Note: I dont install different software often, and test out software on a spare machine before trusting on my main machines... by carefully selecting my software I do not worry about bad behavior - eg choosing firefox over ie 6. People who are regular software downloaders/testers and dont have the ability to run a spare machine could well benifit from some kind of sandboxing/HIPS/backup/roll back system.

Hello,
A few more things:
There is really no reason to assume that a machine is instantly infected once connected to the net or that the only machine safe is the one unplugged. I find such remarks rather baseless and inadequate as they spread fear and panic among the less knowledgeable. Things need to be taken in proportion.
Mrk

-{ Quote: "Hello,
A few more things:
There is really no reason to assume that a machine is instantly infected once connected to the net or that the only machine safe is the one unplugged." }-

I'm afraid you haven't read the link, or interpret it wrong.

What the above tries to say is there is hardly any (nearly) sure-fire way to ensure the safety of a PC when it is connected on the Internet. You can be pretty safe, but not always very safe.

Nevertheless, once you are connected to the net, it is possible for a hacker to locate your computer and exploit vulnerabilities found on your computer. Depending on the vulnerabilities, it may be able to damage your computer with malicious codes, even without user intervention. Whoever thinks "you can never get infection if you don't execute any program" clearly has no clues on how your computer / operating system operates.

That is why it is said "the only [definitely] safe machine is the one unplugged." But we are not telling people that your PC will always get infected once you connect to the Internet. The above is just a possibility, not an absolute.

-{ Quote: "I find such remarks rather baseless and inadequate as they spread fear and panic among the less knowledgeable. Things need to be taken in proportion.
Mrk" }-

Here's some reasons or incidents to show that why a properly protected PC can still get infected (even if the user is not doing something silly):
http://www.wilderssecurity.com/showpost.php?p=876442&postcount=117 (some explanations)
http://www.castlecops.com/postx165065-0-0.html (a case where a properly protected PC and user with common sense still get infection, and that malware is very sneaky that many scanners can't detect it)

There is an article which explains why it is unreliable for a security product (eg anti-virus) to run and protect under Windows. Microsoft security researchers are warning about that threat. They are the threat which involve the use of rootkit technology which is almost impossible to detect using current security products. This could pose a serious risk to corporations and individuals since Windows is no longer able to provide valid information about the status of your PC. Any anti-malware has to search from outside the system to detect such kinds of threats. Using something like BartPE can help to achieve this.

By the way, the situation is probably the reverse. Average people are underestimating the dangers of the Internet, rather than overestimating. Many people are naive in the thinking that they are safe from these dangerous Internet plagues. A recent study released by a leading manufacturer and researcher of Internet viruses states that a malware infects 50% of all home computers, within the first twelve minutes of use (source (http://www.securitytutorial.com/infected_computer.html)). Sometimes it may take as fast as 8 seconds.

-{ Quote: "
Nevertheless, once you are connected to the net, it is possible for a hacker to locate your computer and exploit vulnerabilities found on your computer. Depending on the vulnerabilities, it may be able to damage your computer with malicious codes, even without user intervention. Whoever thinks "you can never get infection if you don't execute any program" clearly has no clues on how your computer / operating system operates.

That is why it is said "the only [definitely] safe machine is the one unplugged." But we are not telling people that your PC will always get infected once you connect to the Internet. The above is just a possibility, not an absolute.
" }-

So, if I boot up a default install of windows xp with the sp2 firewall enabled(as it is by default), then I can watch exploits occur before my eyes without any user intervention, NO

User intervention is needed for almost every single attack out there. The only attack it is not needed in are networking attacks, which are easily thrwarted by a firewall. Everything else the user has to do, like not properly configure their browser, open up unknown attachments, download the latest "cool" game, etc.

Also, I would find it incredibly rare if a hacker would search for a certain pc nowadays and try to exploit vulnerabilities by hand. This is done by botnets nowadays and worms. It would be worthless for someone to waste their time trying to run something on your computer, when it can be automated for maximum revenue.

That other thing about computers connected to the internet are infected is absolute garbage, and why don't you go put on your tin foil hat since BIG BROTHER is coming for you :lurking: . Nothing can happen to your computer if you are behind a firewall and you don't do anything to get you infected. Visiting windows update won't get you infected with any non-microsoft malware ;) , but it will help get rid of any exploits that can happen to your pc when you surf the internet and someone intends malicious intent to you.

-{ Quote: "clearly has no clues on how your computer / operating system operates." }-

I know that in order for something to run, it has to be executed. It can be any executable file, like a .exe, .jar, .bat, etc. These always have to be started by something. Almost 100% of the time, remote files not included on the OS are run by the user. Otherwise, they are run by some remote worm, botnet, hacker, etc. who has gained access over a computer and then runs it. However, you can't gain control over a computer if no incoming connections are being accepted and the user hasn't run anything that would open up connections, can you? If you really have seen these automated attacks get through Windows SP2 firewall with no user intervention, please feel free to post the links to the exploit, or even a video where we can see it happen. If you don't feel it appropriate to show exploits on this forum, just PM me the link, because it will be enjoyable to watch :P

Cheers,

Alphalutra1

Hello,
Well, Alpha stole my post, in a good way.
Mrk

Most(if not all) drive-by downloads don¨t work in Firefox with NoScript

Hmm After listening to Wai Wai, I think I better load up more of the latest HIPS, I have being a bit lax these few weeks on keeping up with the latest.

To those of you who say it's unlikely, let me just say this *Anything* is possible!!!! Look at all the cutting edge stuff reported on rootkits ,let me tell you it's just the tip of the iceberg on the stuff the hackers are keeping back.

You think your HIPS ,firewalls can keep you safe, think again! If there is a vulnerability in them (and most certainly there will be), the hackers will find it and exploit it.

I also think it is a good idea to change your security setup once every week, so you present a moving target. You don't want to present a static defense using the same security software all year round while advertising to the world that you run antivirus X, firewall Y, HIPS Z, so hackers can plan according and work around it.

Hello,
Wai wai, I followed the two links. The second one, which is relevant to the issue of getting infected, has little information as to how the infection happened. And the security setup used is irrelevant, which only proves my points that if you're going to infect yourself, you might as well save money and CPU cycles and run a simple setup, because a heavy one won't save you anyway.
But if you can provide a proof-of-concept example where a genuine hacking takes place without user intervention, I'll be glad to read it / see it.
Mrk

Mrkonvic you kidding right?

Of course it happens. You just need to exploit a vulnerability in a service. Most famous example Slammer worm.

Hello,
I'm not kidding.
Give me an example where this takes place - with a firewall in place.
Mrk

-{ Quote: "Hello,
I'm not kidding.
Give me an example where this takes place - with a firewall in place.
Mrk" }-

There was a great thread on DLSreports http://www.dslreports.com/forum/remark,14671194~days=9999~start=20 where they tried to hack 3 common cheap nat routers... they were able to sneak packets past but noone managed to get or place any files or gain any kinda access. I think they used various tricks like fragmented packet attacks (its a 20 page thread !), they tried xp without a firewall (about page 16/17, took 7 mins to get in with a bot!
With Sp2 inplace, noone got in.

Pretty conclusive that the only way in past a firewall (nat/spi etc) is to fool the user somehow (with poor software and/or user-stupidty ).

-{ Quote: "Mrkonvic you kidding right?

Of course it happens. You just need to exploit a vulnerability in a service. Most famous example Slammer worm." }-

To exploit the service, you must first get past the firewall though - which is done by system insecurity NOT firewall insecurity and must be either directly or indirectly a user issue or software/OS issue.

-{ Quote: "
User intervention is needed for almost every single attack out there. The only attack it is not needed in are networking attacks, which are easily thrwarted by a firewall. Everything else the user has to do, like not properly configure their browser, open up unknown attachments, download the latest "cool" game, etc." }-

Totally agreed.

-{ Quote: "
That other thing about computers connected to the internet are infected is absolute garbage, and why don't you go put on your tin foil hat since BIG BROTHER is coming for you :lurking: . Nothing can happen to your computer if you are behind a firewall and you don't do anything to get you infected. Visiting windows update won't get you infected with any non-microsoft malware ;) , but it will help get rid of any exploits that can happen to your pc when you surf the internet and someone intends malicious intent to you." }-

Hence my signature :D

http://www.cinema.com/image_lib/7056_008_thumb.jpg

Wow!! Thank you guys for Such an informative THREAD!! sorry I haven't responded in something like 2 months but I have completely off my computer because I think my computer has been taken over. I say that because 1. i see a blue screen before my wallpaper appears everytime I turn my computer on and 2. when I'm typing in MS Word, whatever I'm typing always turns to Greek. (seriously) I can read Greek and it's the exact same thing that I was typing in English except that it's in Greek. I try to fool "it" by typing jiberish but it doesn't do anything. However as soon as I try to type what I want to type it always changes to Greek. (as if someone is constantly watching me. >:( )

But like I said, thanks for the info in the posts. With all the info given here this is what I've concluded that I'm going to purchase:

Outpost Pro / Ewido Pro / Trend Micro AntiSpy Pro / Safe 'n' Sec Pro / Sandboxie Pro / RunSafe Pro / SafeXP pro

Thanks everyone for educating all the newbies in my situation. I know that I'm not the only one. hehe 8) Ya know, there should be a thread like this one every 5 or 6 months. I specifically referring to Wai Wai extremely helpful posts among others! Thank you, Wai wai!!! (every1 else 2)

Tony