Greetings all!

I'm currently using NOD32 set up with all the "bells and whistles" activated per this forum. I also run Spybot S&D resident (teatimer and IE protection) as well as Adaware SE Plus with Adwatch resident running. Thirdly, I check for Spware Blaster updates once a week or so (non-resident program).

After reading through some of the threads, I note some are using products such as TDS-3 and Ewido and I also noted some feel it necessary to run these programs in addition to NOD32. I am fully aware that NOD32 is plainly (and preferentially) an antivirus program, not necessary an "anti-trojan" system. My question is: Do I need to be running some other anti-trojan program? I thought that up until this point that Spybot and Ad-aware along with NOD32 were adequate (of course along with fully patched-up windows). Am I wrong? Naive and uninformed? Or just lucky so far?

Opinions please?
(I apologize if I've posted this in the wrong area of the forum)

Dom

I personally haven't had anything slip by NOD32, however I got TDS3 because of it's additional tools for detecting & dealing with trojans outside the scope of an antivirus program. What you can always do is get the free scanners and run them frequently, especially on anything you've downloaded. If you find that it's picking up files that NOD32 is missing, you can consider getting the full version of your AT of choice. Another thing you can consider is getting some preventative software that blocks certain actions rather than detecting specific files. I reccommend preventative software with ANY setup, really. Even with the very best of all types of scanners, there will undoubtedly be SOME things that can slip through. ProcessGuard, Prevx, RegRun, & System Safety Monitor are the ones that come immediatly to mind, these will all give you greater control of what happens on your system.

Thanks for your reply...



So...Adware and Spybot resident programs are not enought with NOD32???

Dom

Just today, ewido picked up two trojans that NOD32 had missed. Without it, I would have been in big trouble.

NOD32 is still an excellent AV, but if you are what could be considered a "high risk" user, an AT to supplement your defense is almost certainly a good idea.

As far as I know, Spybot and Ad-Aware do not offer any specifically anti-trojan protection.

www.ewido.net for a free trial version

One more thing...the reason I reccomend ewido over TDS-3 for you is because ewido also includes some anti-spyware capabilities that are beyond the current scope of TDS-3.

-{ Quote: "Just today, ewido picked up two trojans that NOD32 had missed. " }-

What were the trojans and did you submit them to Eset?

It really depends on you and what you want. If you want the very lightest setup then you're probably ok with NOD32 as-is. I have not experienced any trojans slipping by NOD32 personally.. in fact having a RAT that deleted a LOT of important stuff from my harddrive is what brought me to NOD32 in the first place. The fact is, however, that no scanner will ever be 100%. However if you want an ever more secure setup there are lots of options available to you, not just more scanners. If you don't feel safe enough with just NOD32, then by all means get some more software. If your existing scanners aren't satisfying you, then more scanners probably won't help.

My recommendation would be to run some free scanners to help you determine if you actually NEED more, and get your system secured and prepared for new/unknown threats by adding some preventative software. Between NOD32's heuristics and your preventative apps, you can get better coverage from 0-day attacks than any scanner combo.

edit: yes, if you are a "high risk" user and encounter a lot of little known trojans, then adding a specialized anti-trojan is not a bad choice. Either way, however, multiple layers that approach security from different angles are always the best way you can go because you won't have to worry about whether your chosen scanners will detect specific threats as much.

This is what works really well for me, very simple to use and maintain. (http://www.wilderssecurity.com/showpost.php?post&p=326701)

You may want to take a look here (http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25) for further discussion on security and how to make your system that much stronger and here (http://www.wilderssecurity.com/showthread.php?t=43117) for more.

Let us know how you go…

Cheers ;D

I tried Trojan Hunter and Ewido. TH made NOD32 go nuts with it's own temp files causing FPs.

Ewido made NOD32 virtually unresponsive (in cancelling or ok'ing option menus).

Will keep trying...

My advice would be similar to Notok's and I would certainly do what BlackSpear does and maintain at least one clean image copy that you can always use as a failsafe measure. Personally, I would recommend either Image for DOS (Terabyte Unlimited) or Ghost 2003. Both run under DOS.

I would also agree you should scan using online scanners such as McAfee's or maybe install a free version of KAV 4.5 (you can get it from ICE Systems) with the resident scanner turned off. And try out KAV scans (maybe with extended databases) for a trial period to see what is going on. Ewido free would also be a good trial software.

I would definitely look into installing ProcessGuard 3.0 Free and I would highly recommend the paid version which proactively prevents the installation of really nasty malware such as keyloggers and rootkits. The trial version will prevent dll injections which is a great facility to have - and for free!

Hope this helps you a bit in your decision making process.

Rich

downloaded spywareguard. No hiccups so far...

thank you all very much for all of your consideration and help.

The best recommendation is strongly dependent on how you want your system to behave, its configuration, and available resources.

Like a number here that use NOD32, I run BOClean as a second tier protective measure. There is only one time where BOClean captured something NOD32 let pass, and that was a purposeful challenge test that I performed going to a known malware infesting site. Even at that, the piece that NOD32 let through would have been caught on a scan with "Potentially Dangerous Applications" checked.

BOclean is light, rock solid, as close to set it/forget it as I've experienced. I still have and use TDS-3 for diagnostic purposes, but BOClean is an excellent complement to NOD32 since they both have a run light operating ethic. Licensing terms are also generous for home use.

Aside from Outpost Pro firewall to control outbound traffic, my prime security detail running realtime is an AV (NOD32 or KAV)/BOClean/ProcessGuard. That's it. Everything else I run on demand as indicated.

For general surfing, NOD32 alone is enough. To cover some domains not fully handled by NOD32, an AT with realtime option is useful - and BOClean/TDS-3/TH/Ewido all provide that option. The specific choice among these depends on desired traits and personal preferences.

Blue

-{ Quote: "What were the trojans and did you submit them to Eset?" }-

Yes, everything was submitted and I am awaiting their addition.

Well, I took the plunge and purchased BOclean. Works well...

Anyone figure out the exclude AMON thing? (bet it's in another forum :))

-{ Quote: "Anyone figure out the exclude AMON thing? (bet it's in another forum :))" }-Is a direct link to the suggested solution (http://www.wilderssecurity.com/showpost.php?p=97116&postcount=13) close enough?

Blue

Thanks...
Yes, after further checking I found that:
C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE

worked for me...only because it is exactly as it is in my registry HKlocalmachine--sofware--microsoft--windows--currentversion--run key

it solved the problem of boclean popping up every 10 secs in AMON.


This forum is great, and another great reason I'm happy to own NOD32. Everyone has been patient and helpful.

I very much appreciate it.

-{ Quote: "I very much appreciate it." }-My pleasure Anubis Prime!

Blue

So...to conclude this thread...

I am running NOD32--tweaked out.

BOClean

Spybot teatimer and IE protection resident

and Adwatch resident.


Now I actually feel better, and safer.

Hi and Happy New Year to All,

I might be out of order with this query but hope that Blackspear (and others too) won't mind if I ask a question about one of the programs he mentioned in his link. I am interested in finding out whether 'Crapcleaner' is simple and safe to use for somebody who is absolutely terrified of messing too much with the registry.

I use most of the programs mentioned in these posts and they all play very well with NOD32. My system stays clean and fast and I want to keep it that way hence the interest in garbage removal.

Elray

-{ Quote: "I am interested in finding out whether 'Crapcleaner' is simple and safe to use for somebody who is absolutely terrified of messing too much with the registry." }-It is fine, VERY simple to use and does a nice a job, you shouldn't have a problem at all...

Cheers ;D

-{ Quote: "So...to conclude this thread...

I am running NOD32--tweaked out.

BOClean

Spybot teatimer and IE protection resident

and Adwatch resident." }-In my opinion you are running VERY light, as an absolute minimum with my clients, I have them run Nod32 tweaked to the max, ZoneAlarm, Spyware Guard, Spyware Blaster, Spybot Search and Destroy - Immune and Tea Timer features used, Ad-Aware SE

Cheers ;D

Blackspear,
Sorry, didn't give you the big picture in my posts...just the resident programs.

I have an SPI firewall enabled router coupled with Windows firewall (SP2), and I also run Spyware blaster in addition to the 4 resident items (tweaked NOD32, Adaware SE-adwatch,Spybot teatimer/IE resident, BOClean)

Any better???

Dom

-{ Quote: "Blackspear,
Sorry, didn't give you the big picture in my posts...just the resident programs.

I have an SPI firewall enabled router coupled with Windows firewall (SP2), and I also run Spyware blaster in addition to the 4 resident items (tweaked NOD32, Adaware SE-adwatch,Spybot teatimer/IE resident, BOClean)

Any better???" }-Getting there, the Windows firewall is slightly better than useless as there are NO outgoing notifications, thus one of the FREE firewalls such as ZoneAlarm will alert you to something that tries to access the internet from your computer. Spyware Guard will alert you to an attempted change of your home page (something quite a number of nasties try to do these days).

Just trying to get you a little safer, prevention is better than cure ;) ;D

Cheers ;D

Much appreciated...

My goal is also to stay as light as possible. I figure two firewalls (hardware plus software; albeit windows firewall) should be adequate. I fear from past experience of feeling the frustrating effect of using 3rd party firewalls. I've had them interfere with browsing, throttle my internet connection, and just kill resources. I do see your point of wanting to be notified of outbound connection attempts...Though I've since poked around in the Windows firewall settings (SP2 version is vastly different than the previous version as you know). There is a setting box which states: "Display a notification when Windows Firewall blocks a program".

One other question: Does it matter that spyware guard hasn't been updated since 2003???

I'd agree with Blackspear here.

My logic is as follows. With the SPI enabled router, you've largely moved the functionality of the XP SP2 firewall off the PC to another device. It's basically not doing a whole lot in your case since it's really an in-bound protective measure and the router is covering you there. Third party firewalls also provide outbound connection monitoring and blocking. This is something that consumer level routers and the XP SP2 firewall lack, and it can be useful.

If you're like me and don't want to get involved with arcane rule making and understanding all the details of network communication protocols, going with a nice free or paid firewall that handles things on an application basis is an excellent compromise. I use Outpost Pro paid version (they have a great deal going on now - single user license with a lifetime license for the usual $40 price - good until Jan 10, see here (http://agnitum.com/christmas.html)), many folks use ZoneAlarm Free with equal success. Both are solid options, and there are additional ones out there. Here's (http://lists.gpick.com/pages/Firewalls.htm) a good link on what's available.

Blue

I'll check out those links, thanks!

Just as an aside, I had used Zone Alerm Pro for some time until the now infamous initial 4.5 (I think this is one) upgrade where performance went south, at least for a while. I really don't know if it improved as far as resource footprint since I pulled the plug on that paid version at that point, went with an Outpost family license, and never looked back.

On the topic of resource footprint, one of the supposed lightest is LooknStop, whose support forums also reside here at Wilders.

You clearly appreciate the performance/protection tradeoffs, and that's always a difficult balancing act. I tend to look at a decent SPI enabled router as critical, and a light software firewall as a comfortable added layer. Of all the things I have running, it was the last added. Of the resident programs I run (see here (http://www.wilderssecurity.com/showpost.php?p=326584&postcount=4)), I really can't imagine pulling it off for something else or to squeeze additional performance (although this is highly machine dependent). In terms of CPU cycles spent, I've more or less made the decision to handle adware, data miners, and things of that ilk after the fact. If anything, that's where I run lean (no TeaTimer, Adwatch, registry monitor, etc.). I'm comfortable doing it that way and try to mitigate things by using a well configured Firefox as my browser.

Very reasonable people will assess this configuration as somewhat exposed, other equally reasonable folks will say I'm armed to the gills. Me? It's my comfort zone at the present (naturally, subject to change under changing conditions....)

Blue

I also neglected to mention that I have a small wireless network in my house consisting of one desktop and one laptop. Historically when I have tried 3rd party firewalls (Mcafee and Norton) they inhibited my computers from talking with one another. (I have a partition on my desktop mapped to my laptop which is a must at this time.)

Does Outpost easily allow LAN/WAN communication? What would you guesstimate the average footprint of it is? I'm intrigued...

I haven't seen that problem, but I use a simple workgroup configuration with a minimal number of shared folders. When I had problems, it was simple stuff like forgetting to add the approach protocols to the network. Readily fixed.

As for footprint, Outpost on my PC now is weighing in at 13 MB, have about 20 hours of uptime and it's the fourth most CPU intensive process at just under 6 minutes (just above BOClean at 3 minutes). Right now I'm running Outpost as a pure background process. If the GUI is active, I think the RAM footprint is 30 MB or so. Doesn't really matter on my systems, the smallest has 512 MB RAM, I'm running 1 GB RAM on my system with a peak commit charge of 460 MB.

What resources do your systems have?

If you're intrigued, give the trial a whirl and go with default configuration all the way. That would be a fairly conservative use test.

Blue

PS - two of the PC's on my LAN are also wireless - no problems at all on that front

Actually, I took the plunge and downloaded/installed Outpost Pro trial.

It was easy to configure, and allowed my intranet traffic, seemed rather lightweight with RAM usage (5-9 MB)

I run a P4 3.06GHz HT processor, 1GB RAM.

The problem is Outpost kept my processor usage between 53-66%--continually. I left it run for 5-10 min with no drop. Unfortunately I can't run a program that is that taxing. My system with all of the resident programs I run usually sits at 1-4%. Heck, as I'm typing this in IE with windows task manager open my processor usage is maxing at 4%. I imagine it doesn't do that on your system, and it's a shame because from a usage/footprint perspective it seems like a great program.

Well, back to router/windows firewall for now. I'll keep trying though.

Thanks again!

Strange. Never seen anything like that. I do recall BSOD with some early builds of 2.0 in HT systems, but that was it. Sounds like it was hung in a loop. Off hand, can think of any suggestions. You did disable the Windows firewall, correct?

Blue

Windows firewall was automatically disabled by Outpost, but I did check.

I just chalk it up to everyone's system being different. I do believe you when you infer it's a great product. This is confirmed by message board after message board.

I figure now I'm more protected than I was two weeks ago. I'm fairly sure I have a clean system. Outpost, while it was on my system, didn't report any unusual outbound stuff. Hopefully with NOD32, BOClean, Adwatch, and Spybot all running resident I will get some sort of notification if something fishy even tries to make it's way onto my system. ;)

Before I was using just Norton AV 2004 and on demand scans from Adaware and Spybot. (router and win firewall on of course). I'm advancing slowly but surely I suppose. Maybe if I format my system and build from fresh I'll give Outpost another try. Blue, I certainly appreciate your attention to my security situation and am very thankful for your suggestions and input.

Thanks again to Blackspear and everyone else. I'm still stunned at what a responsive and helpful forum this is. (I guess I've been snooping around the wrong forums before ;D )

Dom

-{ Quote: "I just chalk it up to everyone's system being different." }-Yep. That's why we do trials and that's why there's no best solution for everyone.

As it is, right now you're in quite good shape and it's been my pleasure to assist where I could. Let us know if you give it another go

Blue

After much debate, I've tried Kerio PF. It runs well on both my desktop and laptop. I haven't decided if I want to buy or just let some functions go dead after 30 days.

It seems to get along with everything so far!

I'll keep you posted. I'll check on resource usage,etc and see if it works out.

Dom

Thanks for keeping us up-to-date Dom, as it helps us all to learn...

Cheers ;D

-{ Quote: "It is fine, VERY simple to use and does a nice a job, you shouldn't have a problem at all...

Cheers ;D" }-

Thanks for the quick reply. I'll give it a try!

Elray ;)

-{ Quote: "Thanks for the quick reply. I'll give it a try!" }-My pleasure Elray.

All the best...

Cheers ;D

Update...

I've tinkered with Kerio until the late hours of the night. I ended up removing it from both of my computers. It made both of them seem a bit sluggish, and prevented some apps from opening properly. I tinkered with settings, etc. with no avail--so off it came.

Back to square one: NOD32,BOClean,Adaware + Spybot residents, SpywareBlaster, IESpyads, Router SPI + Windows firewall. I haven't had any issues running even lighter than this since I've had broadband (1999)... so I will be constantly reading up here and other places to see what's new.

Good Night (or Good Morning, actually),

Dom

-{ Quote: "many folks use ZoneAlarm Free with equal success. Both are solid options, and there are additional ones out there." }-
Yes, but one could also say that "many folks use ZoneAlarm without great success", that is if you want to believe the many (and I mean many) discouraging stories about ZoneAlarm. Neither did I have any positive experiences with ZoneAlarm the higher its version number.

-{ Quote: "Yes, but one could also say that "many folks use ZoneAlarm without great success", that is if you want to believe the many (and I mean many) discouraging stories about ZoneAlarm." }-Actually, I happen to be among those folks, just trying to stay positive here. Part of it is a pure numbers game - more users=more problems. How much of it is due to this alone? I have no idea. However, I can say that I was not sad when I moved on to Outpost Pro.

Blue