Hi members,

Old setup (we are behind a hardware firewall)
- PC1: Antivir free (write only check, heuristics high), EQsecure (behavior blocker prompt + block as default) and GeSWall
- PC2: A2 Malware paid, DefenseWall paid that is all

I know PC1 is rock solid (yiou can swap EQS for SSM pro and GeSWall for DefenseWall), but I want to test an absolute user friendly setup (PC2).

Could you PM some dodgy websites, because I want to test the effectiveness of the setup of PC2 for drive by infection. Do not worry I have an image backup at hand (on a not connected external drive).

I will also try a few downloads. I will keep you posted on the results.

Regards K

try here for some links especially as the thread gets going
http://forum.sysinternals.com/forum_posts.asp?TID=3446

There are often links to mals and dodgy sites in the "malware" forum there:
http://forum.sysinternals.com/forum_topics.asp?FID=18

Have a good time, let us see how you go.

Hi members,

I did some simpel tests:
- regtest = pass
- trojandemo = pass
- trojan simulator = pass

Now the disappointing news
- AKLT = fail

EDIT A2 Malware
- Zapass = PASSED! :ouch:

I will hold my horses and see how they react, let's wait their reaction.


EDIT: OKAY GOOD TO WAIT, A2 MALWARE DOES STOP THE ZAPASS TEST WHEN THE
INTELLIGENT FALSE POSITIVE REDUCTION IS OFF :-X

So A2 Malware managed to exceed my expectations on user friendliness in such a way, I thought it failed:-[


Reg K

So DW needs additional protection?

I assume SSM or Cyberhawk would be better options than A2?

No DW does not additional protection. An additional layer to protect the user from making mistakes. CyberHawk's messages are not as clear as A2. Only CH works as advertised. PC 2 is the user friendly implementation, PC1 is the rock solid one.

-{ Quote: "No DW does not additional protection. " }-
But in the 2 failed tests it appears to need additional cover?

re: AKLT -> the keylogger issue is something Ilya knows about and he says he will harden keylogger protection in DW version 2. Version 2 is already at RC1, so the final will probably be out soon.

re: Zapass -> maybe the OP was testing A2, because DW most definitely passes Zapass.

Zapass can inject its code only into untrusted process (this is normal).
AKLT is competely covered with DW v2.0.

Hello,
Kees, testing sites / malware like that is not really effective. You need to test it when you do not expect it. Why don't you give me your IP, turn off the firewall and then I'll see how good your defense is??
Mrk

Mrkvonic

The reason I came to wilders was because we were hacked (my son hacked a hacker and he returned the favour), so that option is a NO

I bought a hardware firewall and DefenseWall on the PC with the most digiliterate user (wife) and GeSWall pro on the power user (son). Next I bought SSM Pro and figured a block with no pop-ups (UI disconnected) setup featuring Antivir free, SSM Pro, SensiveGuard free and DefenseWall on wife's PC (PC1) and a Antivir, WinPooch, Samurai, CyberHawk free and GesWall on son's PC (PC2). After discovering that UI-disconnected was not workable for my wife (although she installed exactly 2 application in her whole digital life), I tried EQSecure in behavioral blocking mode. Found out that EQS was a great subsititution for WinPooch, Samurai and CyberHawk on my son's PC. Next step is a completely user friendly security setup for my wife's PC. That is the reason for trying A2 malware.

Others:
Sorry I was not clear. I tested AKLT and Zapass only with A2 Malware. A2 Malware should protect against dll injections.(EDIT IT DOES)

Reg K

Hi Reg

Almost all of the security software is based on generic threats. If someone for whatever reason comes after your son, and they are good, it will be tough stopping them.. You might seriously want to consider isolating your son's internet connection. Then if he gets into trouble, let him cope. That way he will learn.

Pete

-{ Quote: "That way he will learn." }-


Hmmmm, hacking a hacker? :lurking: Sounds like he has already learned somethings. :o ::) :blink:

Thunder Z, yes only accidently.

He is a gamer/script kiddy/amateur, making graphics for game clans with two of his friends. They just had fun leaving a message to innocent PC users with no firewall and open ports with the message "your friendly hacker was here" and some hints to close their security holes. They should have been warned when they tumbled upon a fat PC with loads of other IP-adresses. Off course a script kiddy is no match for a real hacker.

This is the reason why he likes Antivir, EQSecure and GeSWall pro on his PC

Regards K

-{ Quote: "Hi Reg

Almost all of the security software is based on generic threats. If someone for whatever reason comes after your son, and they are good, it will be tough stopping them. You might seriously want to consider isolating your son's internet connection. Then if he gets into trouble, let him cope. That way he will learn.

Pete" }-

Pete

His intrest is now on designing graphics for the gaming community. As a matter of fact I have confiscated his PC for three weeks, because his school results suffered from his hobby. His lesson was that all his graphics work was destroyed also.

regards Kees

Hello,

If you son hacked a hacker, then the hacker is not a hacker.
And if your son got hacked back, then he's not a hacker either.

I want to make you understand that you fear the unknown. Hacking is not something special. Not in the term often used to determine taking over one's computer and such.

Real hacking is playing with bits and delving into kernel. Blasting ports with packets and looking for open ones is more of a game.

In that regard, I warmly suggest you invest in learning more about how PCs work and what can and cannot be done.

You will sleep better.
You will save money on unneeded software.
You will know when and what to do when confronted with a security issue.

Mrk

Mrkvonic,

Although it has been quite a while back:
- I programmed mainframes in the late 70-ties in assembler, cobol, pascal and fortran
- Designed the first real time on-line systems in the early 80-ties on unix systems (I still hate the caps and non-caps text based early interfaces) and worked my way through C
- Hobbied my way into PC in the late 80-ties (with visual and object oriented programming languages)

Yes I have not written code, designed data base, setup network architecture since 1989, but I will pass on your expert advice to get to know how a PC works, or how to set up militarised or demilitarised zones of a network security, thank you I have been there and think I got the T-shirt, because:

- I sleep good,
- I do not spend a lot of money on security software
- I do not fear the unknown.

And Yes my son is not a hacker, just a script kiddy. And for the so called hacker he encountered, may be the guy did not deserve the name hacker (we were a sitting duck with just windows firewall and norton AV) or may be it was arrogance of his side to leave his own defence open (and get hacked by a script kiddy). At least he noticed the entry and it was enough to upset his ego to return a favour.

Regards Kees

Kees, is A2 heavy or light in real-time?

Hi Blackcat

On PC2 (athlon 3700, with a mild overclock to 2,6 Ghz, say comparable in business aps to a Pentium of 3,2 Ghz), startup of unchached Internet Explorer 7 is (relative)

Antivir (write only, heuristics high) + A2 malware + Defense Wall = 100%

Antivir (same) + EQSecurity + DW = 140%

Antivir + SSM-free + Sensive Guard + DW = 175%

Antivir + SSM Pro + DW = 200%

So performance in terms of start up time of IE7 is great of A2, only it takes 30MB of ram (smallest footprint was Antivir + EQS +DW) by itself. I have 1,5 GB of Ram so I am not worried about 30 MB of Ram in XP. I am convinced that with A2 and DW I have a user friendly and sound security setup for my wife. In stead of testing all the user scripts and scenario's she is likely to perform to prevent unwanted pop-ups andquestion to which she always says yes when she does not understand the message, DW = absolutely quite, A2's option to prevent false positives in an intelligent way and the very clear pop-ups (which I have only gotten by testing with malware) make me feel confident I have finally found a user friendly and safe setup for a 'digilliterate'.

On the new game PC1 of my Son (dual core at 3.2 Ghz) we will run Antivir (same) + EQS 3.3 (prompt + block) and GesWall Pro, because it is the cheapest (only one life time lisence of GW Pro) and 'best' choice to the power user
(not an Anti Executable but behavioral blocker for my Son who tries out a lot of software).
Regards K

Kees, I have 2GB Ram here so memory usage is not a problem.

I was more concerned with system drag as earlier versions of A2's Guard I tried, significantly affected system performance in real-time.

I may give the new version a try if the Guard is light in performance terms.

Hi Blackcat,

I am a freeware user, only buy software (like GeSWall and DefenseWall) when it suits my goals perfectly. I think A2 V3.0 is as exciting as DW and as good as freeware like PowerShadow or EQsecurity, difference of A2 and DW to others in their class, is that they are really user friendly and can be used by the average user (or the lazy power user, because freaks will tune SSM and EQS). I bought a lisence of A2 after one day of trial (only DW equalled this).

SO powerfull and easy to use software on my list is
1. DW
2. A2 - Primary Response SafeConnect
3. Online Armour with AV and FW - Anti Executable - - PrevX2 -

I rate A2 over PRSC because PRSC uses expert based rules (which are more vulnarable than the blackist + plain behavior approach of A2) and OA over AE (because of the Av and FW) and AE over PrevX2 because of its strength and it is the obvious choice of First Defense owners.

Out of the AV's I have a weakness for AV's with high heuristics rates (Nod32 and Avira). Rationally Norton also belongs in this row, but my experience with Norton in the past makes this hard to confess. My choice of all in one solution is KIS.


Regards K

-{ Quote: " On the new game PC1 of my Son (dual core at 3.2 Ghz) we will run Antivir (same) + EQS 3.3 (prompt + block) and GesWall Pro, because it is the cheapest (only one life time lisence of GW Pro) K" }-
Slightly off topic, I thought that GesWallPro was the same as DW; a 1 life-time license BUT annual updates which are not free?

In the case of GW; 1-year of Safe Applications Updates, costing €14.95, which I presume would be a good choice particularly if protective methods are improved.

Ho blackcat,

I can understand that developers can not life one lifetime lisences. So my understanding of GW is problably old. When DW daredto make the move GW must have followed soon afterwards.

Still I think those aps are worth the money. DW gives the less troubles so if you should stick to XP the next two/three years I would buy DW. Due to its architecture, I think GW will have a Vista version earlier than DW. So when going to Vista soon (say within a year), my choice would be GW.

Brian and Ilya (US versus Russia) are as user friendly and fanatic when it comes to user support (do these guys ever sleep?).

Regards

Hi Kees! BTW maker of GW is basically a Russian too!

Yes, Andrey Kolischak is from Russia (right now he lives in Luxemburg). So- Russia versus Russia! Who wins :D ?

-{ Quote: "Yes, Andrey Kolischak is from Russia (right now he lives in Luxemburg). So- Russia versus Russia! Who wins :D ?" }-

The PC user who is wise enough to use one or other of these appliances!

Aigle, Ilya

Okay I know russians are good programmers (that is why I help a small Dutch company with 75 programmers in Moskou and St Petersburg). because I get e-mails from Brian Wallace I thought it was a US based company.

As I said, GW problably has a Vista version sooner than DW and is just a tad faster, but DW is the most easy to operate HIPS available. With the improved user interface and help (yes help files) in DW 2.0 it will also become a bit more user friendly.

So to me it is a draw with a little advantage (using XP) to DW. But the answer of Riverrun is problably the smartest.

Regards K