Hi Guys,

A little help please, regarding renewal of NOD32 AV.

I use the following:

1. NetGear wired router
2. Anything that connects to the net does so through 'DropMyRights'
3. NOD32 3.0 (no problems)
4. Shadow Defender
5. SpyBlaster
6. MVPS Host
7. Firefox
8. McAfee SiteAdvisor
9. Monthly Full weekly increments via Shadow Protect

I've done some hardening using 'SeconfigXP'
On Demand - Superantispyware


With the above SAS & NOD never find anything, during there scans. I would like to ditch the AV, but NOD scans email, perhaps my weakest link. But I don't open attachement & Thunderbird is great at handling junk.

I know about AVG AV free, & NOD's renewal fee does not bother me.

Help

Take Care
Rico

http://www.avast.com/eng/avast_4_home.html
-{ Quote: "E-mail/News protection consists of two independent modules; first, there is a generic scanner working on the SMTP/POP3/IMAP4/NNTP protocol level. It is capable of protecting any existing e-mail client that uses these protocols. Second, there is a special plugin for MS Outlook only; the mail scanning is completely transparent, requiring no special settings.

A new feature of version 4 is heuristic analysis of e-mail scanners. This feature can protect against new, unknown viruses and worms that are not possible to detect by the usual means. The heuristic module performs a thorough investigation of every e-mail message and watches for suspicious signs, that might announce virus presence. When the number of those signs exceeds a user-defined level, the message is considered dangerous and the user is warned. " }-
Hi Rico,

I'm not familiar with Thunderbird, but Avast's resident shield takes care of the above. The home (free) version is very comparable with the paid (pro) version. http://www.avast.com/eng/av4_version_comp.html I've used Avast in the past and wouldn't hesitate using again. You can also pick and choose which shields are on and off.

Also, some things aren't clear in your post. Do you run virtualized all the time? Do you read your emails as text only? Do you have a data partition that isn't virtualized? Running virtualized means your protected partitions should stay clean all the time, but doesn't protect you if something happens to get on you machine and steals or destroys your data during that virtualized session. There are many ways to mitigate this such as sandboxes, HIPS, AV's, LUA's etc. Let's us know a few more details and I'm sure the suggestions will flow like water.

Take care,
innerpeace

Hello Innerpeace,
-{ Quote: "
Do you run virtualized all the time?" }- 99.6%

-{ Quote: "
Do you read your emails as text only?" }- Not sure as I did not pay attention to this with T-Bird starting, limited + NOD32. But I will pay attention to this now that you've mentioned.

-{ Quote: "Do you have a data partition that isn't virtualized?" }- Yes

Thanks & Take Care
Rico

Greetings Rico,

There's been a lot of talk lately about malware than can gain admin access when using DropMyRights. I have no idea how common it is. I also use DMR and a sandbox app for my internet facing applications.

Your system partition is protected so your data partition needs some sort of protection. There are a few of us that use a sandbox program that can blocks access to other drives, partitions, folders or files. For example, I'm running Firefox through Sandboxie which is set to block access to my D: partition. There was an interesting thread posted by Peter2150 in the FD-ISR forum. It's called "The ErikAlbert approach - A test". It's a good read for anyone who has a boot to restore program and a data partition.

http://www.wilderssecurity.com/showthread.php?t=192840

As far as running an AV or not, IMO, it's important to run some kind of protection software. At the minimum, it should let you know if something bad is attempting to get on your machine. At that point you can reboot :). You could opt to try another AV for awhile or try a HIPS type program. Most of them run very light. Or, if you like your current set-up, then stay with it. After all, it's has kept you safe.

Hi Innerpeace,

Your probably referring to the 'Su-Run' thread regarding DMR. I think DMR can be defeated only if you use the wrong shortcut to start, something with internet access. I find that situation highly unlikely as the full right shortcuts (this machine) are hard to get to.

I took a look at Avast & AVG, NOD seems superior at AV comparatives, so if i keep an AV it most likely will be NOD.

Protecting <D:\> I thought about just ticking <D:> in SD but the reboot thing. I've heard about 'locking' a partition, sounds intriguing. HiPs used PG, then tried SSM, both of those kind of take the fun out of computing.

Take Care
Rico

PS. Well so much for 'lockdown' nevermind that.

Hi Rico,

Here was what I was talking about as far as DMR. If your running Vista, then this doesn't matter. Again, I have no idea if it's even worth worrying about.
-{ Quote: "Rico, thanks for your praise. However, I disagree about DropMyRights. The problem under XP is that applications running with higher rights are subject to shatter attacks by applications running with lower rights. The lower-privileged applications can send window messages to the window of a higher-privileged application and control that one or exploit possible buffer overflows. In other words: There is a danger that, under DropMyRights, applications can break out of their security context. (Note that this security flaw doesn't exist any more in Vista!)
" }-
http://www.wilderssecurity.com/showpost.php?p=1156084&postcount=14

I think your main concern is protecting your data from possible theft. Your AV should do that providing it has the proper signatures. Also, keeping your programs up to date is important and you can use the link in my signature to do an online check. I do an online check at least once a month.

Sorry I couldn't help anymore. I'm all out of ideas for now. Let me know what you've decided or if you have other questions.

Take care,
innerpeace

Hello Innerpeace,

You helped tremendously, I renewed NOD32. The vulnerability with DMR seems remote (I'll do some checking), also for the price & ease of use, it seems almost silly not to use on XP. Yes that was my concern protecting the data partition. I've read about some who go AV-less, had dreams of giving that a whirl. I have Secunia on my FF toolbar, I'm always up-t-date, I'm a little anal about it.
Thanks:thumb:

Take Care
Rico

Hi Rico,

Your welcome and it's good to hear you've made your decision. You should be fine :).

Take care,
innerpeace