Hi, I'm not sure if I'm posting this in the right forum. I recently had a Vundo infection that I took care of. I really have no idea how it happened. No porn. No video downloads. I was using Norton AV and that's about it. So now I'm on the ball and here's what I have running real-time:

Avira AntiVir Premium
SuperAntiSpyware paid version
Spyware Blaster
Spybot SDHelper and Immunize
Belkin router

So it looks like I still need a software firewall to cover the outgoing. On the surface, it looks like Look N See would be perfect for me. I like the fact that it's easy on system resources. Only thing, I would still have no HIPS protection. I don't how important that is. I'm really concerned about that mystery Vundo infection. I'm not sure if my current setup would have me covered. Can somebody help me add the last piece or two to my puzzle?

Thanks alot!
IB

-{ Quote: "Only thing, I would still have no HIPS protection. I don't how important that is." }-
It's very important. In fact, it's critical.

On the outbound firewall filtering subject, I do find filtering handy, but can it really stop malware from communicating out? I mean some malware can pose as a legitimate process, as to fool the user.

Thanks. I'm starting to think I wasted my money on the real-time anti-spyware. If I were to add something like DefenseWall HIPS, would that clash with anything on my list? If a malware tries to initiate, am I going to have two or three programs popping up at once?

-{ Quote: "Thanks. I'm starting to think I wasted my money on the real-time anti-spyware. If I were to add something like DefenseWall HIPS, would that clash with anything on my list? If a malware tries to initiate, am I going to have two or three programs popping up at once?" }-

SAS is great, just probably needed more for on demand, sanity checks...and your PC will appreciate not having two real-time scanners. You should have no issues running Defensewall with Avira, and Popups from Defensewall are minimal, at best. Until Defensewall adds outbound protection, I would suggest adding Online Armor free and look into a good imaging package. :thumb:

-{ Quote: "Thanks. I'm starting to think I wasted my money on the real-time anti-spyware. If I were to add something like DefenseWall HIPS, would that clash with anything on my list? If a malware tries to initiate, am I going to have two or three programs popping up at once?" }-defensewall almost blocks malware silently 90% of the time:thumb:

My vision is simple (deep IMHO)- HIPS and firewall are the first layers of your computer's defense as they do not require signatures of already known malicious modules. The next layer is anti-virus, it will clean up files it already knows as malicious. Anti-spyware are, mostly, useless nowadays as automatic tools. They can be usefull as a set of tools for manual malware cure process (as AVZ, for instance), but no more.

And, as you asked about my program- no, there should be no conflicts.

HIPS is essential to defend a system. That is.

Thanks for all the suggestions. The more time I spend on this site, the more I realize I still have alot to learn! I'm going to spend some time reading up on the sandbox and imaging software.
IB

Give Defensewall a shot.
And Returnil free.
I don't use Sandboxie but it is a good program too.
Good luck.
Hugger

-{ Quote: "My vision is simple (deep IMHO)- HIPS and firewall are the first layers of your computer's defense as they do not require signatures of already known malicious modules. The next layer is anti-virus, it will clean up files it already knows as malicious. Anti-spyware are, mostly, useless nowadays as automatic tools. They can be usefull as a set of tools for manual malware cure process (as AVZ, for instance), but no more.

And, as you asked about my program- no, there should be no conflicts." }-

This is true. Prevention is your first line of defense, followed by detection (Antivirus) and a cure such as Returnil, Comodo DiskShield BETA, etc. Layered security is the only way forward in our days, If you don't have Prevention (HIPS) it's like having a Burglar Alarm in your house without no door.

-{ Quote: "My vision is simple (deep IMHO)- HIPS and firewall are the first layers of your computer's defense as they do not require signatures of already known malicious modules. The next layer is anti-virus, it will clean up files it already knows as malicious. Anti-spyware are, mostly, useless nowadays as automatic tools. They can be usefull as a set of tools for manual malware cure process (as AVZ, for instance), but no more.

And, as you asked about my program- no, there should be no conflicts." }-

100% agree, i go even more extreme , i dont use no real time av / spy<crap>ware etc...

i use sandboxie eaz fix (fdisr sec pc) + on demand scanners only.
i run this way more than 2 years , never got no virus or even no single malware

demand scanners can be run what ever u feel u need to scan , most of them are free and equal to the paid version (same sig data base) minus the "real time protection" :)

So it looks like the HIPS program will be important. I do spend alot of time on password-protected sites.

On the sandboxes, how cumbersome are they in daily use? I'm constantly moving files around on the hard drive, renaming files, etc. Will the sandbox get in the way of that? What I'm getting at - What activities will be limited, if any?

Thanks!
IB

with sandboxie, whenever u download something in sandboxed browser or w/e your using, it gives u a pop up option to restore the file outside of the sandbox if you want to, or you can say no and keep it in the sandbox. so it shouldnt get that much in the way, takes like a second to click restore and the added protection is definetly worth that time.

-{ Quote: "with sandboxie, whenever u download something in sandboxed browser or w/e your using, it gives u a pop up option to restore the file outside of the sandbox if you want to, or you can say no and keep it in the sandbox. so it shouldnt get that much in the way, takes like a second to click restore and the added protection is definetly worth that time." }-i like sandboxie alot but when it comes to save files thats where i dont like it,let's say some one at home open a file that was recovered from the sandbox and it happens to be malicius then what,you may get infected.doble layer here is a must,if i am the only one using my pc, sandboxie will be more than enough for me cause i know that anything that i recovered from the sandbox i will run sandbox.
note:if you happen to have sandboxie and defensewall,anything you recover from the sandbox to your documents when run ofcourse will run untrusted by default,so you are still safe when double layer it.

ye double layers would be best, but as long as you KNOW what ur downloading it shouldn't be a prob, thats why it may not be for the average user who just accepts everything.

-{ Quote: "ye double layers would be best, but as long as you KNOW what ur downloading it shouldn't be a prob, thats why it may not be for the average user who just accepts everything." }-exactly;D

You need triple layers, (3 layers):
Prevention
Detection
Cure

In that order. :-)

Thanks for the all input! :) Just one hypothetical: Let's say for some reason, I want to rename an Excel file that resides in folder: MyDocuments\folder1. So I startup the computer, haven't done anything yet, open Windows Explorer and navigate to MyDocuments\folder1. I click on the file I want to rename, press F2 to rename, type in the new name and hit Enter. Will I receive a warning to approve this? Or does that depend on how I have things configured?
-IB

Depends on what HIPS your going to use. Try HIPS like DefenseWall (http://www.softsphere.com/), ThreatFire (http://www.threatfire.com/), Comodo Firewall (comes with Defense+ HIPS) (http://www.personalfirewall.comodo.com/)

ThreatFire is more of a behavioral blocker though.

Hi, I think I'm close to a verdict on my setup. You guys probably forgot my post already, had to put out some fires yesterday. :) At this point, I think I'm going to avoid adding a sandbox. So for real-time protection, it's either:

Avira AntiVir Premium - AV
Belkin router
Online Armor Personal 3.0 - outbound firewall and HIPS

OR

Avira AntiVir Premium - AV
Belkin router
Look N Stop - outbound firewall
DefenseWall - HIPS

I'm reading alot of great things about Look N Stop as a stand-alone outbound firewall. Only thing, I would need to add a stand-alone HIPS program. I would probably go with DefenseWall. But I think I would rather go with just one program to cover firewall and HIPS - just for the sake of simplicity and to avoid conflicts. Online Armor 3.0 gets great reviews. I would really like to just install it and get it all over with. But would I be missing any kind of needed protection? I'm mainly worried about keylogger protection and the issue here where a trojan got by most HIPS protection: DefenseWall, SBIE and SSM bypassed by Trojan (http://www.wilderssecurity.com/showthread.php?t=179003) - something to do with child/parent handling. Would Online Armor be deficient in any of those aspects? Thanks for the help!

-{ Quote: "Hi, I think I'm close to a verdict on my setup. You guys probably forgot my post already, had to put out some fires yesterday. :) At this point, I think I'm going to avoid adding a sandbox. So for real-time protection, it's either:

Avira AntiVir Premium - AV
Belkin router
Online Armor Personal 3.0 - outbound firewall and HIPS

OR

Avira AntiVir Premium - AV
Belkin router
Look N See - outbound firewall
DefenseWall - HIPS

I'm reading alot of great things about Look N See as a stand-alone outbound firewall. Only thing, I would need to add a stand-alone HIPS program. I would probably go with DefenseWall. But I think I would rather go with just one program to cover firewall and HIPS - just for the sake of simplicity and to avoid conflicts. Online Armor 3.0 gets great reviews. I would really like to just install it and get it all over with. But would I be missing any kind of needed protection? I'm mainly worried about keylogger protection and the issue here where a trojan got by most HIPS protection: DefenseWall, SBIE and SSM bypassed by Trojan (http://www.wilderssecurity.com/showthread.php?t=179003) - something to do with child/parent handling. Would Online Armor be deficient in any of those aspects? Thanks for the help!" }-

I think you mean look n stop? I think the first combo is more secure, the second combo is easier.

-{ Quote: "
I'm reading alot of great things about Look N See as a stand-alone outbound firewall. Only thing, I would need to add a stand-alone HIPS program. I would probably go with DefenseWall. But I think I would rather go with just one program to cover firewall and HIPS - just for the sake of simplicity and to avoid conflicts. " }-


Look'n'Stop and DefenseWall work excellent together. :thumb:
No conflicts here. ;D

-{ Quote: "I think you mean look n stop? I think the first combo is more secure, the second combo is easier." }-

Yeah, that's Look N Stop. Oops. Coolio, when you say the first combo would be more secure, are you talking about the Matousec Firewall Challenge? If that's the case, from what I'm reading, you really can't judge LNS by those tests. That's why the separate HIPS is needed. If Online Armor would protect me better, that's good news to me.

personally the 2nd combo gives u more control and protection at least in my opinion.