Do WS Forum Members Run too Many Security Programs?

What is to many? Are you asking about real time, on demand? Are you counting on-line scans?

There are members that run only one, there are members that run far more.

Did not vote because I feel it is to wide open a question.

No doubt about it~ Waaayy too many! It's funny how some setups people have, even allow a person to use the computer as a tool which it was intended.

:thumb:

Learning about computer security is a process. Usually a user gets infected, seeks help and piles on the security programs hoping to secure their machine/s. Then they eventually learn more about infection vectors and how to specifically protect against them and ween down their setups according to their needs, habit and computer specs.

There are some here a Wilders that enjoy trying new programs all the time. Some are trying to find the holy grail of security and to others it's just a hobby. At least it keeps them off the streets :P. Just kiddin'.

I use 3 real time security programs. Is that too many or overkill? I think so, but I'm still learning. To others, I need way more to protect myself. The important thing is I understand the setup, know it's limitations as well as mine.

Also understand that you can't underestimate that warm and fuzzy feeling you get when you experience the illusion of being safe online ;). It's priceless!

I also haven't voted yet like ThunderZ because the question is too wide open.

I´d say yes and no. Yes because for every day use you dont need all that stuff if you run in a LUA. No because as long as you run as an admin you might need it if you dont know how stuff works.
The tragedy and contradiction is that the people who needs all that security the most doesnt use it. Mostly because the dont know about security.

Most people here are, as innerpeace points out, enthusiasts who are in a process of learning. In that sence all the software they use help, therefore "need" them (as it did for me once) to learn about computer security.

{QUOTE-> I´d say yes and no. Yes because for every day use you dont need all that stuff if you run in a LUA. <-QUOTE}
Don't you need a personal firewall to deal with internet worms, especially for travel computers?

{QUOTE->
Most people here are, as innerpeace points out, enthusiasts who are in a process of learning. In that sence all the software they use help, therefore "need" them (as it did for me once) to learn about computer security. <-QUOTE}
I just like to install stuff so that more icons show up in the system tray...I was in heaven with my pre-OSX mac!

Some of them definitely run way too many. At one time, I was guilty of that as well. Had 3 AVs, 2 firewalls, 4 anti-spyware, etc installed on one underpowered old PC.

Part of the problem with deciding what is too many will also depend on what you call a security program. Example: I have 2 encryption programs, one for e-mail, one for file encryption. I consider them to be privacy tools more than security programs. Another user might consider them to be security programs.

There's also a problem with the wording of the original post which centers around the word "RUN". Example: Script Sentry (http://www.jasons-toolbox.com/programs.asp?Program=Script%20Sentry). It's technically not a running security app. The only time it runs is when a file using an extension that it's associated with is launched. Then there's the question of "on demand" software. What about tools that are "unzip and use"? They're not actually installed and can just as easily run from a CD? Is a browser other than IE a security program? What about a browser extension like NoScript or FlashBlock? What about tools like NMAP, Ethereal, and Sam Spade?

There's really 2 separate questions here.
Do users have too many security apps running?
Do users have too many security apps installed?

I have 3 security apps running on all my Windows PCs. On one 2K unit, I have 4, testing Sandboxie to see if adding it would be justified. I consider the 3 to be necessary (Kerio 2, SSM, Proxomitron). Haven't decided about Sandboxie yet. As for how many I have installed, unzipped, available, etc, I'm not sure what to count.

I voted too many because the os should be tougher itself, and one additional security app should be enough.

Too bad that with windows this is not realistic.

Besides running more apps than we really need we are also guilty of changing programs way more often than needed. But, unlike the majority of computer users, with most of us here it is more of a hobby for us. And others here it is their profession.

In my own case I still run an av to catch stuff on incoming emails, Prevx more or less because I like it so much, Defensewall for policy because some of the stuff I run on my computer don't like LUA, and Returnil for testing stuff out. It's not that I really need all of these apps but they all have a purpose for my usage.

I run nod32 and sandboxie installed , other are portable or run only on demand.

After all that I have learned here over the years lurking at Wilders, now I am trying to simplify my setups with the least amount of real time programs covering the "most likely" threats!!;D

From what I read here, the overall average is skewed towards too many. I probably help bring that back towards center with the few I feel the need to run (http://pc.akajohndoe.com/secytools.htm).

That all depends on why someone is running x amount of programs.
A layered defense is a good idea so that will account for some overlap.
Sometimes when I have beta-tested in the past I would keep some redundant programs just to look for possible program conflicts.

I have three real-time security programs running right now.
IMO that's not too many.

What I have in my sig is more than fine :)

I think noone particular made a good observation.
There's a difference between running apps, and installing/testing apps. It seems to me that most folks here show good sense in how many security apps actually run.
Now as far as testing, how could there ever be too much? :)

Regards,

I have only 1 running app and Windows Firewall. Couple with some on-demand tools and the occasional download of ComboFix.

IMO,Some have to much security but to each there own.If memory serves even as a newbie to computers never had more then AV/AS and firewall but there is not much I haven't tried since joining wilders but settled down now and just running my trusty Sandboxie and Defensewall and other then windows wall and my recovery soft,I have No OD scanners of any kind. Since these security programs do not require daily updating, I find I have a very easy to maintaine OS and can spend more time enjoying my pc rather then updating numerous security apps or running scanners.

absolutely way more than it's required. sometimes when i see the signatures of some membs i can't help but think to myself "damn, they must've forgotten what it feels like using A COMPUTER!"

just check this out:
{QUOTE-> Re: What is your security setup these days?

--------------------------------------------------------------------------------

Firewall:
Linksys Router RT31P2
Outpost Firewall Pro 6.5.2514.381.0685
Harden-It 1.2
Seconfig XP 1.1

Anti-Virus/Anti-Spyware:
Kaspersky Anti-Virus Personal 8.0.0.506
Prevx Edge 3.0.1.17

HIPS:
Ghost Security Suite 1.420 (AppDefend 2.000 and RegDefend 3.000)
DiamondCS WormGuard 3

Block Lists:
MVPS hosts file 2/11/09 + hpHosts hosts file 2/18/09 (with HostsXpert 4.3)
SpywareBlaster 4.1 + custom blocking (http://koti.mbnet.fi/pattaya1/swb3.htm 3/2/09)

Resident On Demand Scanners:
SUPERAntispyware 4.25.1014
Malwarebytes Anti-Malware 1.34
Dr. Web CureIt Anti-Virus 5.0.0.0
Mischel TrojanHunter 5.0 (962)
A-squared scanner 4.0.0.46
Ewido (AVG) Micro 4.0
UnHackMe 5.0
AVG Anti-Rootkit 1.1.0.42
F-Secure BlackLight 2.2.1092 Beta
RootRepeal 1.2.3
Trend Micro Rootkit Buster 2.2.0.1014
Packed Driver Detector (Mischel) 0.9 Beta
ESET SysInspector 1.1.2.0
Trend Micro HijackThis 2.0.2
WinPatrol Plus 15.9.2008.5

Online Scanners:
HijackThis log file analysis & Networktechs HJT log analysis (HijackThis log analyzers)
VirusTotal
Jotti's malware scan
McAfee Freescan <-QUOTE}

http://www.wilderssecurity.com/showpost.php?p=1415587&postcount=4153

{QUOTE-> absolutely way more than it's required. sometimes when i see the signatures of some membs i can't help but think to myself "damn, they must've forgotten what it feels like using A COMPUTER!"

just check this out:


http://www.wilderssecurity.com/showpost.php?p=1415587&postcount=4153 <-QUOTE}

It's interesting to notice that there is no mention about recovery solutions. I suppose people have what gives them a sort of peace of mind when using their computer.

In short I mentioned running recovery soft as part of my security setup and your right the most important of all IMO is a recovery solution.cheers

{QUOTE->
just check this out:


http://www.wilderssecurity.com/showpost.php?p=1415587&postcount=4153 <-QUOTE}

Hahaha, nice zoo ;D

Of course.

This is what helps vendors gauge their products more effectively because of the scrutiny applied to their releases.

After that, it becomes clear that the LAYERED APPROACH is still a formidable safeguard and the odds are in our favor and only raise the bar even more with additional security measures.

The fact is, malware has a road map of Windows NT systems and work to exploit those weaknesses unendingly, so while it's not neccessary to HEAP a load of safety apps on a machine, it definitely decreases if not totally eliminates the chances of being overwhelmed by 0-day viruses/malwares of ever reaching the foothold inside systems multi-fenced with today's more aggressive shieldings offered by vendors. Just how many can be a luxury or simply a solid prevention against various methods designed to infiltrate and/or cause maximum disruption in service.

EASTER

{QUOTE-> Hahaha, nice zoo ;D <-QUOTE}

Good Gosh.LOL

I think most at Wilders appear to use what is necessary and what they feel comfortable with. There are however, some setups like siberianwolf has referenced that are absolutely ridiculous. Running so many realtime security apps must feel like having malware on your system anyway. Unless you're tester there really is no need for such setups. I didn't vote as my answer is some do, some don't.

It depends from member to member.

For example I use nothing but SRP and firefoxs noscript. More naked than that...;)

ps. I bought a license of norton for my brother in law and Agnitum security suite for my sister and my parents.

Panagiotis

Way too many from where I'm sitting! The only 'true' security app I use is Norton Internet Security 2009 (essentially an AV + FW).

But then again, I also use Eaz-Fix which allows me to rollback to any previous snapshot (just in case)! ;)

When security apps start duplicating coverage, there's too many or they've been badly chosen. It's easy to look through the threads and find examples of users running 2 or more HIPS, firewalls, etc. The only reason I can see that someone would run more than one HIPS or internet firewall is because they don't trust them to do the job. If someone has so little trust in a firewall or HIPS that they feel the need to add another, why keep the first one? I lurked at this forum for a couple years before registering and remember seeing threads where users complained that one of their installed HIPS was conflicting with another one they installed and wanted the vendors to "fix the problem". The vendors should have refused to fix these user caused "conflicts" of apps that never should have been installed on the same OS. IMO, by altering their products to accomodate this duplicate coverage, they weakened their own products.

Layered security is not a big pile of security apps.

Forget the hips, forget the AV, forget the anti this anti that, forget the firewall even. Just use Linux. :thumb:

{QUOTE-> When security apps start duplicating coverage, there's too many or they've been badly chosen. It's easy to look through the threads and find examples of users running 2 or more HIPS, firewalls, etc. The only reason I can see that someone would run more than one HIPS or internet firewall is because they don't trust them to do the job. If someone has so little trust in a firewall or HIPS that they feel the need to add another, why keep the first one? I lurked at this forum for a couple years before registering and remember seeing threads where users complained that one of their installed HIPS was conflicting with another one they installed and wanted the vendors to "fix the problem". The vendors should have refused to fix these user caused "conflicts" of apps that never should have been installed on the same OS. IMO, by altering their products to accomodate this duplicate coverage, they weakened their own products.

Layered security is not a big pile of security apps. <-QUOTE}
Yes it is true and i agree with you but for example in my case - i use Online Armor - which offers Firewall and classical HIPS protection, second security application which i use is DefenseWall. DW offers HIPS too, but it isn't classical HIPS which i more prefer. DefenseWall covers my security layers on another level as a sandbox policy software.

Of course they do, it's Wilders tradition, lol. I stopped with the tradition long ago and *shock!*...my computer works, doesn't crash, and I don't need to email support, lol. I run sandboxie, Avast, and Spywareblaster, nothing more.

{QUOTE-> Forget the hips, forget the AV, forget the anti this anti that, forget the firewall even. Just use Linux. :thumb: <-QUOTE}
:thumb:
go with the penguin (any one of the stable mods). all you need is a nat restricted router/fw(hw).

{QUOTE-> I think most at Wilders appear to use what is necessary and what they feel comfortable with. There are however, some setups like siberianwolf has referenced that are absolutely ridiculous. Running so many realtime security apps must feel like having malware on your system anyway. Unless you're tester there really is no need for such setups. I didn't vote as my answer is some do, some don't. <-QUOTE}

Thanks Beavenburt for that comment.

I just had to chuckle whern you wrote that because theres been a tinge of truth to it at least for me. I remember getting loaded down with the old style adware & malwares that peaked up my CPU or else finally pushed explorer over the edge to crash.

I've run into the same thing occasionally before when heaping a load of security programs to prevent malwares.

That was very humurous to read but in many cases can & is very true.

As of this post a rating of 57 to 18 seem to confirm this.

EASTER

{QUOTE-> Forget the hips, forget the AV, forget the anti this anti that, forget the firewall even. Just use Linux. :thumb: <-QUOTE}

I have Ubuntu on one old desktop, and I appreciate the fact, the reality, the philosophy behind the Linux project (I'm actively trying to learn to use this operating system).

I've also tried unsuccessfully to get my printer, scanner, and what not to work with Ubuntu (some people say sure it's possible), after one week I gave up, because I have other infinitely more interesting things to do with my time.

I'm keeping Ubuntu on that computer, but to slam Windows as an insecure OS is ridiculous to say the least. Microsoft has paid a huge fine to the European Anti Trust commission for bundling Media Player with the OS. By the same token, I would expect the same fines to be given to companies like HP, Lexmark etc. for not supplying clear support for at least some Linux environments.

Last but not least, if Linux or one of its many incarnations ever reached half of the popularity that Windows enjoys, it would without any doubt become a target of malware, needing some kind of security.

I dunno how relative this would be, or efficient, but IMO the limiting of activatable file extensions would have a dramatic impact on malwares PERIOD!

It's like the governments of the world, the more staff & offices that are created, the more budget is needed to fund their everyday activities efficiently. A poor analogy i agree, but just look at.................better yet, can anyone with absolute certainty produce the number of file extensions at any given moment or time can activate with a windows O/S to produce a desired or fashioned effect?

My pet peeve. WAY TOO MANY EXTENSIONS THAT CAN BE LAUNCHED AND THUS EXPLOITED FOR DISRUPTIVE OR MALICIOUS PURPOSES.

That's long been a disaster in the making which is already taken the entire globe of developers to address.

I like to *think* I don't, but I've changed so often I sometimes forget what I'm running.

Right now, Shadow Defender carries the weight. I've got the latest Threatfire for backup and, if I'm in the mood, I'll substitute Sandboxie for Shadow Defender.

Firewall is hardware on our Linksys router and another Hardware firewall on our modem.

That's it....

I also have free MBAM and SAS - both on demand that I run once a week each. I've also got an old version FD-ISR but I don't really count that as security.

IMHO it's vitally important given the newer techniques of today;s malware to actively run an armada or fleet if you will of security apps to better stave off and repel potential new 0-days, or else if thats more then you're comfortable with or your system can handle, all i can suggest is run virtual systems like RETURNIL RVS for one in tandem if you so choose with Sandboxie or others of your choice like DEEP FREEZE w/Anti-Executable and a firewall or router.

Regardless of your choice, your treasure guard is always a reliable series of images from a reputable backup program safely stored away in event of some forced intrusion on your good machine.

EASTER

Those "newer techniques of today;s malware" are only effective against default-permit oriented security policies. When tried against a system protected by one of the oldest security concepts, a default-deny policy, those techniques fail. The only modification to a basic default-deny policy that I would deem necessary is extending it to the activities of the allowed processes, primarily the attack surface and effectively isolate it from the OS components and from other applications. Code that exploits an application is useless if that application isn't allowed to do what the code asks of it. It doesn't take an armada to accomplish this. One well configured classic HIPS will cover it. Software restriction policies and limited user accounts would cover most of it.

Some people here won't like what I'm going to say, but that changes nothing. This is for those who are strictly interested in protecting their system and doesn't include them who study malware as a hobby or a livelyhood. If you're trying to protect your system by learning and keeping up with every new technique malware uses to get past your defenses and every new method and location malware uses to hide on your system, you're like a puppy chasing your tail. There's no end to it. Windows will NEVER run out of unpatched holes because it was designed to be default-permit in its operation with everything integrated together, as is most of the user software. Security patches are nothing more than another example of that policy, the equivalent of plugging one hole in a window screen. "This type of code can be used to compromise the system so we'll block that specific activity with a patch."

The time you spend learning what all the different kinds of malicious code do and learning to detect/block/remove them would be better spent learning your own operating system and the apps you use. Determine what each one needs to function and what other processes each one needs access to in order to perform the work that you do. Learning the needs of your applications and system components is no harder than learning how malware infects your system, and there's a lot fewer system processes than there are types of malware. Many of the executables on XP for instance will never be used on a normal home system. The big difference is that learning the basics of your system has an end to it. When the specifics of your policy are set, you're done. You don't have to go back into it every time a new zero-day exploit is found. It doesn't matter if a particular rootkit infects your BIOS or if another one hides in an alternate data stream. If it can't run in the first place, it can't hurt you.

I've been using a default-deny based security policy for going on 5 years now. I use P2P and download executables and software with it. I'm not a safe surfer. I attack phishing sites. I let others use my PC whenever they need to. I break all the rules except for one, which is I don't allow an unknown to run on my system. In the last 5 years, the full system backups I maintain have never been used because of malware. Default-deny works and it's worth the effort it takes to learn your system well enough to set it up. Windows comes with the basic tools that are needed. The rest can be obtained for no cost. Stop wasting your time and money. Secure your OS permanently and be done with it!

...for some it is an addiction they can not help themselves...;D

experimentation however is the best teacher... and we all benefit from the shared knowledge. If you are savvy enough to fix what you might break because of the addiction then no harm is done.

PC security addiction is a much better affliction then most any other addiction :D Carry on....

here's a very good article on lua by leo. and i totally agree with him:

{QUOTE-> Limited User Accounts are very effective at reducing the potential impact of a virus or spyware.

Unfortunately my experience has been that they're also effective at reducing your abilities in other areas as well.

I'll be honest ... every time I've attempted to set up a Limited User Account (often referred to as LUA), I've been frustrated, and eventually ended up reverting that account to full administrative privileges.

My frustration is not with LUA itself, per se, but with other software.

The concept behind LUA is simple: you don't need every privilege on your machine in order to do most day-to-day activities. Surfing the web, sending email, writing documents or balancing your checkbook do not, and should not, require anything other than the most basic of permissions on the computer.

Taking away certain types of permissions - such as the ability to write to certain system directories, install activex controls and the like - means that it's more difficult for malware to do those things if you happen to run across it as a Limited User. Since so much malware relies on exactly those types of operations, it's actually a very effective strategy.

And yes, even though I have my own frustrations with it, I do recommend it, if possible, as a very valid step towards increasing the overall security of your system. I particularly like the idea of families setting up their children's accounts on a shared computer with LUA.

To do so, by the way, in Control Panel, User Accounts, click on the account you wish to change, click on Change My Account Type, and then select Limited. Note that you will not be able to change the primary Administrator account, and that not surprisingly, you need administrative privileges to actually do this to any account.

Now, about my frustration.

Every time I try to run as an LUA, I keep running into things that I can't do. Things that I want to do. For example installing software in general is an issue using an LUA. If that software expects to be installed for the current user, then logging in as the administrator to install it may still not set up the software for use in another Limited account on the same machine.

Now, to be fair, there are often workarounds. One could temporarily elevate the Limited account to administrator just long enough to install whatever software needs installing. But there are also frequently still complications, and it's certainly an additional, somewhat cumbersome step to what's typically already a complicated process.

Now I definitely understand that there is a fundamental conflict here - you want to prevent installation of malware, while allowing the installation of trusted applications. Unfortunately there's no easy way to distinguish, so LUAs must prohibit both - or at least those that affect protected system areas.

The more fundamental problem is that while many applications do need it, too many assume administrative privileges when they don't. As a result, they fail when installed or run from LUAa.

If there's good news in all this, it's the answer to your other question about anti-spyware and anti-virus software. Most of these applications are installed at the system level, and as such work on the entire machine, regardless of what user you happen to be logged in as, or even whether you're logged in at all.

So, yes, I'm one of those folks who apparently needs to use software that requires or assumes administrative privileges often enough that running as an LUA is simply not a practical option for me. My advice to you: try it. I know I'm an edge case - I do a lot of things that more normal people don't. You may find that all your needs are met in an LUA, and as a result, you will definitely be safer. <-QUOTE}

http://ask-leo.com/are_limited_user_accounts_effective.html

p.s.: and, yes, i know many of you have read it before, as i did years ago.

That's one of the advantages of using classic HIPS to set the priveledge levels. You can set the access priveledges and restrictions for each process or program individually. You can also specify them differently for each user. It's also much simpler to elevate to an administrator mode when necessary. On my PCs, SSM fills this role. With SSM, going from user mode to administrator mode is as simple as entering the password that connects the UI. I haven't tried any other classic HIPS but they're probably just as capable.

IMO, installing software shouldn't be allowed under a limited user account or in user mode. If software can be installed, so can adware, malware, etc, which defeats the whole purpose a limited account. If installing and updating software is treated as an administrative task, the risk of malware installing while in user mode is nearly eliminated.

I think Leo is making much ado about nothing. I run under a LUA all the time and when I want to install software I save it to a file and logoff then login as an administrator. No problems thus far and all it takes is a few seconds.

Well Now, quite a read.

As a malware researcher for many moons myself, i don't bother with LUA/SRP preventions at all. Why? Because it's imperative to determine that these security apps which so many seem to stockpile for active service on the web either work, or they don't.

Further, i don't subscribe to VMware to run malwares for testings. What's the benefit or education in that? And besides now days malwares are designed not to run when they detect a virtual environment anyway.

I choose, like fcutdat, to enter the snakepits full of fangs with the armour i go into them with. If the machine comes out unscathed after some time in the playpen, then the security programs have proven their worth whether freeware or commercial. On the other hand, if not, then a limitation exists that needs to go back to the workshop for an overhaul,

More On Topic: YES! WS Forum members in the majority run too many safety programs because of the UNCERTAINTY if one or two their arsenal fail, they still have secondary backup security systems in place to fill that gap if needed.

EASTER

Sandboxie on my desktop and ShadowDefender on my laptop, along with the other stuff I mentioned, seems to work fine. I'm a safe surfer, but even 'safe' websites these days seem to collect stuff.

I got hit with that damned antivirus2008 (I think) with my laptop just last week. After a brief instant of panic, I remembered I had ShadowDefender engaged. Since it was too late, and the thing was there, I let it go for a minute, just to see what it did, and then rebooted and all was well. This was on a presumably safe site that I'd been to many times before without a problem.

Oddly, McAfee didn't register a thing. Not very comforting, unless the av2008 was a very new variant. In any case, ShadowDefender proved its worth.

That's my exciting story. Other than months ago when my wife got hit with something similar on a graphics site she frequents, and it took hours to get rid of (thanks for nothing Norton AV), we've since been safe and secure with Sandboxie and ShadowDefender.

Sandboxie and Shadow defender are really good apps.I ofcourse u need a antivirus for malware detection and imaging for recovery .I wont mind installing such great apps ,when majority of other users install so many apps for desktop enhancements and others.ISRs like FD-ISR are luxury indeed and i dont need running all time.

{QUOTE->
I got hit with that damned antivirus2008 (I think) with my laptop just last week. After a brief instant of panic, I remembered I had ShadowDefender engaged. <-QUOTE}

Out of curiosity, do you remember allowing any executable? What browser were you using? Easter was mentioning "fcutdat", who uses ProcessGuard to stop any executables, and according to his experiences as well as from other members, nothing will download automatically into your machine unless you 'allow' it.

If that happened with your laptop, having Vista you should have been alerted by UAC, did it pop an alert?

{QUOTE-> Out of curiosity, do you remember allowing any executable? What browser were you using? Easter was mentioning "fcutdat", who uses ProcessGuard to stop any executables, and according to his experiences as well as from other members, nothing will download automatically into your machine unless you 'allow' it.

If that happened with your laptop, having Vista you should have been alerted by UAC, did it pop an alert? <-QUOTE}

It's a site that was in my bookmarks and I've used many times in the past few years. It's gone now.

Yes, I did allow an exec. but it was to open a file to some American Old West history information, and that av2008 or similar appeared and started running.

I have Vista sp1 and no, no alert popped up, which surprised me too. I get the warning when I try to open CCleaner, my screenplay writing program, MBAM and others, but not when it should alert. My browser is IE7, although I'm looking at a new one I found, called Orca.

In any case, I let the malware play for a minute or so to see what it did, after a second or two of panic when it started, and then rebooted and all traces gone - thanks to ShadowDefender. I know this malware isn't one of the deadly ones. It's more a major nuisance.

{QUOTE-> It's a site that was in my bookmarks and I've used many times in the past few years. It's gone now.

Yes, I did allow an exec. but it was to open a file to some American Old West history information, and that av2008 or similar appeared and started running.

I have Vista sp1 and no, no alert popped up, which surprised me too. I get the warning when I try to open CCleaner, my screenplay writing program, MBAM and others, but not when it should alert. My browser is IE7, although I'm looking at a new one I found, called Orca.

In any case, I let the malware play for a minute or so to see what it did, after a second or two of panic when it started, and then rebooted and all traces gone - thanks to ShadowDefender. I know this malware isn't one of the deadly ones. It's more a major nuisance. <-QUOTE}

So it means that malware (or some of it) has already managed to get around UAC, didn't take long! Still you were using IE7 which we all know is the most popular and most vulnerable of all browsers. I wonder what would have happened, had you used Firefox or Opera in the same circumstances.

Thank you for sharing the experience.

Well I thought I might have a say in this too. Sincerely sorry for my English by the way I'm not very good at it :)

I myself sometimes take a double take seeing the various stuff installed by some members here. I wonder if their usefulness weighs out their resource consumption or if the members just install all of them to give themselves a peace of mind and not thinking about the practicality of their security setups. I'm sure a lot of users here are pretty computer fluent and can make the differences between rogues, spyware, malware from legit applications. I run a single scanner (Norton AV 2009) for the sole purpose of scanning malware infested removable drives and nothing else. I could use the computer forever without using an antivirus and not get infected by anything because I know what I'm doing online/offline on my computer. Might replace it soon with Prevx Edge since it seems to detect these forms of malware as welll. Even if I did insert removable drives without anything installed I know how to open them without getting infected but it's easier letting something else do the work. I could make and send a custom trojan binded to a custom emoticon on Windows Live Messenger to someone and no antivirus on earth would protect against it. I ask this from the guys that run 10 security applications one on top of another. How many times have you been protected from a legitimate piece of malware since you installed all of those apps? Could those pieces of malware have slipped through if you took off one of your applications? If you have never encountered a virus since you've installed those applications ask yourselves do we really need all of these? Would it make a difference at all if I just keep one or two of my apps running instead of all of these since I probably have a lower chance of getting infected than getting cut down by a falling lawnmower? I'm saying this because I know a lot of you are really knowledgeable with this field. A single scanner/behaviour blocker/sandbox is enough for most of us in my honest opinion. Or maybe even just keep a clean image of the system and revert back to it if anything happens. It's not going to be everyday you'll get infected by malware to run everything on top of each other. The only reason I keep Comodo Firewall running is because I like to see what goes in and out of my computer not because I use it's firewall component nor if the Defense+ would actually catch anything malicious within this millenium. Sometimes it's a lot more trouble than it's worth and I might even remove it one of these days. :)

{QUOTE-> Well I thought I might have a say in this too. Sincerely sorry for my English by the way I'm not very good at it :)

I myself sometimes take a double take seeing the various stuff installed by some members here. I wonder if their usefulness weighs out their resource consumption or if the members just install all of them to give themselves a peace of mind and not thinking about the practicality of their security setups. I'm sure a lot of users here are pretty computer fluent and can make the differences between rogues, spyware, malware from legit applications. I run a single scanner (Norton AV 2009) for the sole purpose of scanning malware infested removable drives and nothing else. I could use the computer forever without using an antivirus and not get infected by anything because I know what I'm doing online/offline on my computer. Might replace it soon with Prevx Edge since it seems to detect these forms of malware as welll. Even if I did insert removable drives without anything installed I know how to open them without getting infected but it's easier letting something else do the work. I could make and send a custom trojan binded to a custom emoticon on Windows Live Messenger to someone and no antivirus on earth would protect against it. I ask this from the guys that run 10 security applications one on top of another. How many times have you been protected from a legitimate piece of malware since you installed all of those apps? Could those pieces of malware have slipped through if you took off one of your applications? If you have never encountered a virus since you've installed those applications ask yourselves do we really need all of these? Would it make a difference at all if I just keep one or two of my apps running instead of all of these since I probably have a lower chance of getting infected than getting cut down by a falling lawnmower? I'm saying this because I know a lot of you are really knowledgeable with this field. A single scanner/behaviour blocker/sandbox is enough for most of us in my honest opinion. Or maybe even just keep a clean image of the system and revert back to it if anything happens. It's not going to be everyday you'll get infected by malware to run everything on top of each other. The only reason I keep Comodo Firewall running is because I like to see what goes in and out of my computer not because I use it's firewall component nor if the Defense+ would actually catch anything malicious within this millenium. Sometimes it's a lot more trouble than it's worth and I might even remove it one of these days. :) <-QUOTE}

I couldn't agree more. As a matter of fact I use an antivirus for the same reasons that you've mentioned, my computer is often exposed to other people's infected flash drives, and in order not to infect other people, if I'm alerted about anything (the rate of infection of flash drives is from my experience 1 every 3 drives) I reboot my system as a precaution.

I have noticed, however, that most members nowadays run their machines with a lot less compared to a few years back, which shows a definite trend towards having a basic setup and more confidence in their own judgment.

{QUOTE-> Well I thought I might have a say in this too. Sincerely sorry for my English by the way I'm not very good at it :)

I myself sometimes take a double take seeing the various stuff installed by some members here. I wonder if their usefulness weighs out their resource consumption or if the members just install all of them to give themselves a peace of mind and not thinking about the practicality of their security setups. I'm sure a lot of users here are pretty computer fluent and can make the differences between rogues, spyware, malware from legit applications. I run a single scanner (Norton AV 2009) for the sole purpose of scanning malware infested removable drives and nothing else. I could use the computer forever without using an antivirus and not get infected by anything because I know what I'm doing online/offline on my computer. Might replace it soon with Prevx Edge since it seems to detect these forms of malware as welll. Even if I did insert removable drives without anything installed I know how to open them without getting infected but it's easier letting something else do the work. I could make and send a custom trojan binded to a custom emoticon on Windows Live Messenger to someone and no antivirus on earth would protect against it. I ask this from the guys that run 10 security applications one on top of another. How many times have you been protected from a legitimate piece of malware since you installed all of those apps? Could those pieces of malware have slipped through if you took off one of your applications? If you have never encountered a virus since you've installed those applications ask yourselves do we really need all of these? Would it make a difference at all if I just keep one or two of my apps running instead of all of these since I probably have a lower chance of getting infected than getting cut down by a falling lawnmower? I'm saying this because I know a lot of you are really knowledgeable with this field. A single scanner/behaviour blocker/sandbox is enough for most of us in my honest opinion. Or maybe even just keep a clean image of the system and revert back to it if anything happens. It's not going to be everyday you'll get infected by malware to run everything on top of each other. The only reason I keep Comodo Firewall running is because I like to see what goes in and out of my computer not because I use it's firewall component nor if the Defense+ would actually catch anything malicious within this millenium. Sometimes it's a lot more trouble than it's worth and I might even remove it one of these days. :) <-QUOTE}

x2 Absolutely no reason AT ALL to run 10 security programs.

IF your that paranoid-bored, unplug your computer,find a new hobby / profession,because your missing out on waaay more fun and enjoyable things out there in life.

{QUOTE-> I couldn't agree more. As a matter of fact I use an antivirus for the same reasons that you've mentioned, my computer is often exposed to other people's infected flash drives, and in order not to infect other people, if I'm alerted about anything (the rate of infection of flash drives is from my experience 1 every 3 drives) I reboot my system as a precaution. <-QUOTE}Do you know what I do if I find a friends flash drive infected. I create a folder called autorun.inf in it and give it +rsh attributes and remove permissions for it for all users. So basically the drive is protected forever from those trojans unless the person formats it. Yeah I know I'm a good person ;D

{QUOTE-> I have noticed, however, that most members nowadays run their machines with a lot less compared to a few years back, which shows a definite trend towards having a basic setup and more confidence in their own judgment. <-QUOTE}Wow I guess I haven't seen how it was back then. I can only just imagine. :wacko:

What I find amazing is that only one person in this poll thinks that people run too few security programs. This means that no one else has raised an eybrow for those who have said they use just

1) Router/Firewall

2) Opera/Firefox

The first takes care of all Port-based exploits, such as Slammer, MSBlaster, and the current Conficker worms.

The second takes care of web-based exploits since all such exploits in the wild target IE. Just look at the patches each month from Microsoft.

I asked several who use the above how they deal with:

1) Conficker.b USB exploit: protect USB/Autorun.inf. Various solutions

2) PDF exploits: use alternate PDF Reader

3) Flash exploits- banner ads, etc: Opera - flash block; Firefox - NoScript


When you think about it, all other exploits require the victim to agree to download.



Antivirus2009
http://www.wilderssecurity.com/attachment.php?attachmentid=202207




Koobface
http://www.wilderssecurity.com/attachment.php?attachmentid=207031



Storm e-cards - Valentines Day
207032

and so forth.

Solution described by several: Don't install bad stuff!

Too simple? To dangerous? Some think not!

----
rich

Is 5 too much ?? If so I am security paranoid.

I don't think it matters, you use whatever gives you the illusion that you're safe, because in reality, you're never safe. At the end of the day we all want the feeling of security and comfort to make our days easier and that's what matters.