Hi Gang,

Just a quick question here, which I am sure will have multiple answers. I currently use NOD32 for my AV software, which I know helps against trojans as well.

My question is, do I need something "other than" NOD32 to help protect myself from attack and infection?

I've read some good stuff about BOClean, but Im not familiar with the software. I was curious if you think I would need or should look into getting/using BOClean in addition to NOD32. Or do you think NOD32 is enough to cover all the bases?

Im just trying to make an informed decision prior to making a new software purchase. I am very much into security and have things pretty much up to snuff here on my home network.

Any thoughts and or advice would be greatly appreciated.

Thanks as always,

Jag

Whether you need it to stay secure or not really depends on your habits. If you are a high risk user (visit adult websites, use p2p, etc.) then you'll want all the protection you can get. If, however, you generally only visit known good sites and are very careful with email, then you could probably do without. Many of us here opt for maximum protection, with our without reason :) If nothing else you could always use one of the free AT scanners for on-demand scans periodically, and/or use some generic behavior blocking.. ProcessGuard, Prevx, and RegRun being my personal favorites, and can potentially save you from all kinds of malware.

Hi,

Give a try to TrojanHunter


http://www.misec.net/trojanhunter/


Have a great day :)

BOClean works very well indeed with NOD32 and will give you an additional layer of protection and peace of mind. Do you need it? - I think Notok covers most of the angles in his post ;D

Thanks for the advice ladies and gentlemen. :)

I will give it some more thought before purchasing. I am a safe/secure internet user. No adult sites or P2P programs for me. :)

Best Regards,

Jag

Hi Jaguar,

Just to add some more food for thought:

I recently was just casually browsing the Internet looking for some generic information (no porn or anything like that), and I got hit by a warning of a trojan trying to install on my system. So even casual, browsing can lead to trouble nowadays.

KAV 4.5 has a very strong extended database, that covers all sorts of trojans and other types of malware. The latest version of NOD32 is not as strong in this department (is is very strong in other areas such as heuristics and resource usage). I often visit the online malware scanning site run by jotti, and very often you will see trojans go undetected by NOD32 - even with heuristics. For this reason, I would strongly recommend that you have some sort of backup for NOD32. With this backup, you could very well have keyloggers, rootkits, or other types of very nasty malware on your system and not know about it for a long period of time (as happened to many of my friends).

If I were to purchase just one product, I would say that ProcessGuard provides the best overall protection, as long as you are comfortable with the messages that it will be giving you asking permission for execution. RegDefend and Prevx also afford additional protection in their own way.

If you are looking for a good real-time anti-trojan, then any of those that have been mentioned, are about equivalent in my experiences - i.e BOClean, Ewido, and TrojanHunter. I have all three (and use them for different purposes), but I only run Ewido in real-time because it behaves best and has the least amount of conflict with my setup which includes KAV 4.5, ProcessGuard, Prevx, and RegDefend. So the best way to decide is to just get trial versions of the products and see which one behaves best. Any one of them would be satisfactory.

Hope this helps,
Rich

{QUOTE-> I am a safe/secure internet user. No adult sites or P2P programs for me. :) <-QUOTE}Hi Jaguar, you shouldn't have an issue then with Nod32. It also depends on what other security you use. To see a few setups, you may want to take a look HERE (http://www.wilderssecurity.com/showthread.php?t=62972). As well there are discussions HERE (http://www.wilderssecurity.com/showthread.php?t=45284&page=1&pp=25) and even more HERE (http://www.wilderssecurity.com/showthread.php?t=43117).

Hope this helps...

Let us know how you go.

Cheers ;D

Rich and Blackspear,

Thanks for the additional information. ;D I will let you guys know what I decide.

Regards,

Jag

Notok's answer came closest. You have to realize that if you ask if you "need" to use <insert name of fringe security software genre here> on a site full of paranoiacs and security hobbyists, you're going to be told that you'll be screwed for sure if you don't.

But these are the same people who are constantly saying that they came across this malware, that malware, this virus, that worm, this trojan--while I see none of it, no matter what I scan with.

So yeah, if your habits are as senseless as some of the people around here, you better take every measure you can.

Consider this (http://www.microsoft.com/technet/community/columns/secmgmt/sm0405.mspx): {QUOTE-> Less is very often more and using defense in depth as a way to justify unnecessary and potentially harmful actions is inappropriate. <-QUOTE}

{QUOTE-> Notok's answer came closest. You have to realize that if you ask if you "need" to use <insert name of fringe security software genre here> on a site full of paranoiacs and security hobbyists, you're going to be told that you'll be screwed for sure if you don't.

But these are the same people who are constantly saying that they came across this malware, that malware, this virus, that worm, this trojan--while I see none of it, no matter what I scan with.

So yeah, if your habits are as senseless as some of the people around here, you better take every measure you can. <-QUOTE}But nameless,

You're here along with the rest of us :)

Seriously Jaguar, it is very easy to either go overboard or not appreciate the full context of vulnerabilities. Regardless of what you do, you shouldn't be picking up malware on a regular basis unless you are either looking for it or frequenting rather seedy sites.

You have a very decent AV already. Hopefully you have at least a cheap router. There's plenty of free antispyware scanners available to deal with that material. An AT may or may not be needed. I like to run one, and I use BOClean. It's a very solid product.

The advice given thus far has centered on consideration of where you surf. Also focus on what you do (online bill payment, online purchasing, banking, etc.) the information stored on you PC, and your tolerance to a system compromise. If you don't do any of the activities mentioned - you're good as is. If you do some or all of the things I mention, look closely at the threads indicated by Blackspear, try to get a sense of how things are positioned, why they are there, and assemble a level of control that you feel comfortable with. If you don't quite understand the rationale of something, ask here.

It is as easy to go overboard as it is to be blissfully unaware and vulnerable. Both extremes are the result of gaps in knowledge and understanding, and therefore can be addressed through some relatively straightforward education and analysis.

Blue

{QUOTE-> But nameless,

You're here along with the rest of us :) <-QUOTE}Saying "This site has paranoiacs" doesn't mean "Everyone here is a paranoiac".

{QUOTE-> Saying "This site has paranoiacs" doesn't mean "Everyone here is a paranoiac". <-QUOTE}Point taken :)

Blue

{QUOTE-> You have to realize that if you ask if you "need" to use <insert name of fringe security software genre here> on a site full of paranoiacs and security hobbyists, you're going to be told that you'll be screwed for sure if you don't. <-QUOTE}It purely depends on your surfing habits and how many people use your system and where in fact they go and what they click on.

I could actually get way with a minimalist approach, however my fiancé couldn’t, see attached screenshot, she thought because the email said I know you, that it was intended for her. Nor could her brother that clicks absolutely any ware, wandering across any sight he can find looking for the usual. Nor could my Aunt, whom I spent 8 hours trying to get off a mongrel piece of software that was hidden within windows that had a form of timer (not seen before).

So with my setup they all have a play to their hearts content, and I know my system is safe.


{QUOTE-> But these are the same people who are constantly saying that they came across this malware, that malware, this virus, that worm, this trojan--while I see none of it, no matter what I scan with. <-QUOTE}That is good for you, in reality, you are very much a minority, which goes against the tide the continually flows into my shop asking for help.


{QUOTE-> So yeah, if your habits are as senseless as some of the people around here, you better take every measure you can. <-QUOTE}As I have said before, being safe and secure is not a bad thing, it is sensible.

Cheers ;D

Hi all,

I remember on another forum (unrelated to security), a person was suggesting that there was "nothing to worry about". Two months later he was hit bad - and for all the time and data that was lost (I am not sure how much of his own financial records were compromised), it would have been well worth it for him to have purchased a good set of security software.

When one lives in the city long enough, one learns that an ounce of prevention is worth a pound of cure. My local computershop owner tells me his biggest business nowadays is cleaning systems of trojans and viruses - systems belonging no doubt to those who thought it couldn't happen to them. Of course, in any environment, there are those who have been hit (as have I, with Norton AV running no less) and those who haven't. Just because I have never had a theft in my home, doesn't mean I leave my home with the doors ajar, hoping that no one tries to get in. In is not paranoia - it is commonsense. What is not commonesense, is to save $25 and hope that it never happens to you. $25 is the price of one meal out on the town.

Rich

Hi Blackspear,

You must have been writing while I was. :)

Anyway, as you can see, I share your point-of-view. It really doesn't make sense to roll the dice when it is pretty straight forward to protect one's system nowadays at minimal cost. My experiences is that a single, good AV (such as Norton) is simply inadequate for many reasons and in many ways.

Rich

{QUOTE-> My local computershop owner tells me his biggest business nowadays is cleaning systems of trojans and viruses - systems belonging no doubt to those who thought it couldn't happen to them. <-QUOTE}I am one of these Computer Shop owners, and it is a big percentage of my business. You should see the stress these people are under when they walk in to the shop with an infected PC...

Cheers ;D

Hi Blackspear,

At one time I was one of those distressed owners - many times over. ;) Finally, I decided I had to put some time in to understand what were the nature of the vulnerabilities and what was a reasonable set of security software. Like you, I am feeling much better nowadays because I know what is going on and for some nominal amount of money, I have been able to afford my system a decent level of protection.

Cya,
Rich

{QUOTE-> I remember on another forum (unrelated to security), a person was suggesting that there was "nothing to worry about". Two months later he was hit bad - and for all the time and data that was lost (I am not sure how much of his own financial records were compromised), it would have been well worth it for him to have purchased a good set of security software. <-QUOTE}I'm not sure how this relates to me. Did I ever say I was immune? No, I just questioned the need for anti-trojan software.

{QUOTE-> When one lives in the city long enough, one learns that an ounce of prevention is worth a pound of cure. <-QUOTE}I'll go for the pound of prevention--that being educating myself.

{QUOTE-> My local computershop owner tells me his biggest business nowadays is cleaning systems of trojans and viruses - systems belonging no doubt to those who thought it couldn't happen to them. <-QUOTE}This is because so many people these days are obtaining computers, with zero knowledge of how to use them, let alone how to use them securely.

{QUOTE-> What is not commonesense, is to save $25 and hope that it never happens to you. $25 is the price of one meal out on the town. <-QUOTE}Exactly. So spend your $25 on a book about security, not on software that may not work when you count on it to, or may make your system crash.

{QUOTE-> It purely depends on your surfing habits and how many people use your system and where in fact they go and what they click on. <-QUOTE}Oh come on, you know that it depends on a lot more than that.

{QUOTE-> I could actually get way with a minimalist approach, however my fiancé couldn’t, see attached screenshot, she thought because the email said I know you, that it was intended for her. Nor could her brother that clicks absolutely any ware, wandering across any sight he can find looking for the usual. Nor could my Aunt, whom I spent 8 hours trying to get off a mongrel piece of software that was hidden within windows that had a form of timer (not seen before). <-QUOTE}These people need instruction, not more and more software. If I can teach my wife and mother basic security practices, I'm pretty sure 99% of everyone stands a good chance.

{QUOTE-> That is good for you, in reality, you are very much a minority, which goes against the tide the continually flows into my shop asking for help. <-QUOTE}I think I would find it very odd if people brought perfectly-functioning computer systems to you.

{QUOTE-> As I have said before, being safe and secure is not a bad thing, it is sensible. <-QUOTE}This perfectly exemplifies why my point was missed. I didn't say that it wasn't good to be "safe and secure"; I questioned the means of approaching that end. (Key word "approaching", since you won't ever truly be "safe and secure".)

I find it hard to imagine how my point could have been missed more widely. You guys speak as if all you have to do is load up on "security" software, and you're good to go. The only trade-off is the expense. And that this is "common sense".

But that's far from the truth. When you load up on software, you're giving up your money (sometimes a lot of it), your time (sometimes a lot of it), system performance (sometimes a lot of it), and very, very often, system stability (sometimes a lot of it).

Can you argue that these aren't trade-offs of using more and more software? Please explain to me how it is "common sense" that you need to heap additional software on a system, without considering this.

And you didn't even consider how the system in question is used, or by who! What platform is it? Is it behind a router? Who uses it, when, and for what? Is it used for all his banking and work records, or just for adult entertainment surfing? How much can he afford to spend?

I am saying that you shouldn't throw away the basic security principle of understanding what it is we're trying to protect, and just go straight into the shotgun "more is better" approach.

I'm really, really tired tonight, and poorly spoken. I don't mean any offense by anything I've written, and I doubt I explained myself well. I'm not saying that you shouldn't use an AT... Just that... Oh man I've gotta go sleep. :)

Hi nameless,

Yep it has been a long day. :-) Hope you get a good night sleep (I'm about ready to hit the sack also) and I am sure all of the advice can be sorted out, if there are still any remaining questions. I really like Blackspear's link as a good starting place for advice in answer to some very complicated questions. Security, is always a complicated subjected, no matter what type we are talking about - home computer, home, homeland. No easy solution - just different ideas and points-of-view.

Cya,
Rich

nod is great as a av and getting really good as soon a at. eset seems to be working very hard at adding new defs all the time. of late i have seen almost 3 or 4 updates a day on many occasions. im sure we will be there soon... but i myself do recc an at. or at least a adaware or spybot. if nothing else.. no these are not the best solutions but they can detect certain things that nod may miss. fortunatly my nod has saved my but on 9 occasions in the last three days. no adult sites, but just surfing believe it or not. i occasionaly use p2p but rarely mostly to obtain foriegn films or stuff not available here or out of print outdated stuff you cant get any longer. again rarely though.
as blackspears stated above i have seen this 9 times. where i have bd, arcavir, mcafee, etrust, trend, clam av and others to throw these against when i find them on other machines. and most except maybe kav and mcafee overlook them. so do you absolutly need a at. not always, is it a recc. extra layer of protection i feel yes. even if you are a "safe surfer" 9 times in three days is nothing to play with

I dont think ArcaVir would let those go very easily - Its heuristics engine is NOT AT ALL bad :)

And yes, I do remember that you NOD recently caught a few trojans for you, zfactor. Am I right? :):)

I'm not being sarcastic, I'm seriously asking a question :)

{QUOTE-> I'm really, really tired tonight, and poorly spoken. I don't mean any offense by anything I've written, and I doubt I explained myself well. I'm not saying that you shouldn't use an AT... Just that... Oh man I've gotta go sleep. :) <-QUOTE}nameless,

I thought you articulated your position quite well, and it is involves points that should be borne in mind by all: Security is not achieved my simply layering (or piling) security applications upon one another. Having a large number of security applications does not mean you have good security
It's important to educate oneself regarding security needs for your PC and what various security applications can do for you.
Layering an increasing number of security applications can induce system instability. If your system is unstable, you either have too much or the wrong mix and it's time to reassess the situation
You didn't explicitly say this - but one issue with some of the more sophisticated applications is that average users do not generally have have the knowledge to appropriately deal with flags raised by these programs. Program Q is trying to do {writing value ABC to registry key XYZ}. How is the average user to deal with this information? Although I use a measure of registry protection, I'd say that this type of protection is dicey addition for casual PC users (i.e. the bulk of the population).
Just because I have a given configuration doesn't mean it's necessarily appropriate for you. It comes down to designing one's security complement based on an informed analysis of needs and risk assessment
Simple additions, like a router, go a long way in providing off-PC security

By the same token, Rich and Blackspear makes some equally compelling points: The costs of many of these applications are very modest. Excellent security can be achieved for reasonable cost. As far as I can see, viable security can be achieved for free.
There are a multiple of options available, with links to many provided by Blackspear. On that count, simply because the option exists, doesn't mean one must take it.
Too many users simply dismiss the needs of security. This is a very perilous path to follow in the present day.
And then we have our original poster Jaguar, it is obvious in starting this thread that he appreciates the need to get up to speed with the situation before pulling the trigger. I've offered my advice, which should be weighed, not accepted without question. It's a very rational approach.

Personally, I've thought this is has been an excellent exchange, and I don't believe everyone here are on different ends of the debate across the board.

Anyone serious about security should realize achieving balance in security applications means a number of different things. An application for which one blindly and automatically approves every flag offered may as well not be installed. By the same token, if every flag offered is blindly disapproved, system stability may eventually be compromised. Using tools without understanding their function can be more dangerous than not having the tool at all.

Increasing the number of realtime monitoring programs will also increase the risk of system instability. Notice the use of the word "will" not "can", it is an inevitable consequence of their function. That is something many users fail to appreciate. Adding additional measures should always be done deliberately, with a specific goal in mind, and with an eye towards avoiding pure duplication of coverage.

These applications are tools. They are tools applied to a PC. It's not any different from getting tools to perform maintenance on a car or house. Simply because I can purchase a set of wrenches and can pull the brake system on my car apart doesn't make it a good idea. If I know what I'm doing, self maintenance is fine. If I don't, leave it to those that do. In the current context, rely on a shop or an informed friend for guidance. I know - this can be fraught with problems - there are no easy answers. If I want to learn self-maintenance, devote the time to do that. Having that knowledge can be rewarding, even if not used on a daily basis.

In advising users asking questions here, it's a pragmatic impossibility to develop a use/risk profile realtime for every user question raised. That's something the user posing the question must do offline. We can help guide that way, but in the end the user must assume responsibility for the final decisions.

Just my perspective today, and it's always subject to revision based on what I learn moving forward since the playing field is definitely not static

Blue

yes firecat nod has stopped many trojans in the last few days for me!! nothing that all my other av's picked up either so nod stopped everything.
as blue said i dont believe in piling on security. but if a user is using a program like nod they do need to understand that its original intention was an av not a anti trojan. while they have come a long way and detection is really pretty awsome right now with it, back in the older days of nod it would never detect trojans for me. great at av but no so on trojans.
i do believe in as i stated not piling it on but i feel the need for
a) awsome av with hopefully good trojan and worm detection
b) a really good firewall EVEN WITH A ROUTER to block in and out
c) at this point in time a good spware/malware/trojan program such as boclean or ewido or etc..
i run adaware mostly just to clean up cookies etc.. but not active i run it on demand when i feel the need to. so 3 programs i dont feel is overkill especially if they are light ones at that.
not picking on anyone not starting flaming......
i do feel some here are overprotected and as stated above this could cause many conflicts i have seen it before and continue to see it all the time working on cust computers. i see some here running 4-5-6 or more prgrams sometimes 2 anti trojans etc.
ill admit it i do have a backup scanner on my home pc but mainly just to compare my nod to, to see if anything gets by it on demand not active and very rarely gets used.

the question oringinally stated here was about trojan protection with nod.
1) is it a great at... no not yet getting better everyday they are working hard at it.
2) would i soley use nod for av/at ..... not yet hopefully soon we will be able to be this lucky
3) do i feel any av is great as an at..... possibly kav or mcafee are best right now ...but not perfect i have seen lots that kav missed on my system that nod picked up so a half dozen of one , you get the idea
with the frequency eset is getting thier updates out they are doing a fantastic job. i stopped using nod way back when because of the lack of updates. now that i see this it reassures me of eset.

i dont mean to be long winded here but this seems to be an ongoing argument always of do i need a at. some feel one way others feel different.
at this point in time right now i dont feel that any av is a perfect at. and even most at's are lacking also. if you use a good av with a good at and firewall you are very safe. yes maybe one day something could possibly sneek through but chances are slim

I would like to mention one nice thing about BOClean that I've found. It will run without killing your system too much, even if it is running all the time. But if you disable the options to run on startup, and to monitor the system continuously, you can run BOClean whenever you want, and it will simply scan and exit. This is how I'm using it right now.

I actually have a simple command script, called by Task Scheduler every 4 hours, that (1) Runs the BOClean updater; then (2) Runs BOClean (using Task Scheduler is also an easy way around BOClean's built-in 6-hour update check limitation. Shhhh... Don't tell Kevin! :)). Since I have BOClean configured not to monitor continuously, it simply scans and exits. This is what I'm comfortable with at the moment. The script could hardly be simpler:

@echo off
cls
if not defined BOClean set BOClean=1 & start "BOClean - Update, Scan, and Exit" /min %SystemRoot%\system32\cmd.exe /c %0 & goto :EOF

echo. & echo Running the BOClean updater...

start "" /wait "C:\Program Files\BOClean\BOC4UPD.EXE"

start "" "C:\Program Files\BOClean\BOC412.EXE"

rem -end of script-

Wow,

So much information and forethought has gone into this thread. I really appreciate everyone's comments. ;D

I still have not decided what to use yet, however I am leaning towards BO Clean due to its low resource usage.

I still need to get a good software firewall too. I am behind a Linksys BEFSX41 router and for the time being, am just using the Windows firewall. (I know not great, but better than nothing). Im trying to decide on what firewall to use, again, something with a small footprint, esp because I am a gamer. ;)

Ive tried Sygate and Look N Stop in the past, I may give ZA a shot but not sure since I have heard some negative things about it like conflicts with other programs and it being a resource hog.

Currently I have...

Windows XP Pro w/SP2 and all up to date hotfixes.
NOD32 for AV
Custom Hosts file found here. (http://www.mvps.org/winhelp2002/hosts.htm)
Spybot Search and Destroy
Spyware Blaster
Lavasoft Ad-Aware
MS Antispyware
Analog X Script Defender

So I figure I have a half way decent setup, but I want a firewall and some type of anti trojan/malware protection.

Again, thanks to all for your comments and feedback. I love this site!

Regards,

Jag

Hi,

I am using ZA Pro with:

KAV 4.5 (and NOD32)
Ewido (and/or BOClean)
RegDefend
UnHackMe
ProcessGuard
RegDefend

I am running Windows SP2 with 512K. This setup has never had any conflicts. However, I do run Ewido (which I consider equivalent to BOClean in this setup) instead of BOClean, because for some unresolved reason, BOClean spikes in resource usage (much more than Ewido) when ProcessGuard is installed. Others have reported similar behavior. Also, when I run BOClean, and forget to shut it down before I shut down my system, my system does hang.

The two ATs where I have experienced conflicts are:

1) TrojanHunter (which I use on-demand from time to time just for fun)
2) TDS-3 Exec Protection (I use TDS-3 as my primary on-demand Trojan remover).

Rich

Jag,

I think I speak for all the contributors - it's our pleasure to help.

You have a decent router, a software firewall can wait and depending on your gaming needs, you may want to skip it altogether. Whether you need/desire a software firewall depends on a lot of factors, but I personally feel it is one of the last layers to add (assuming a router is present) and first layers to go. Others may differ on that point, although from a load-balancing perspective, it's fairly clear a router should come first if the question is software firewall vs. router. The router provides all the in-bound blocking that you need. The only things that will get through are those that are requested from the user side. The only question is whether you've initiated the request. If NOD32 is in working order and decently configured, you should be fine.

I'm a BOClean fan and appreciate its low resource footprint and minimalistic mentality. The home licensing terms don't hurt either (the license is for under 5 PC's in a family residence, see here (http://www.nsclean.com/boeula.html)).

You have a very decent group of applications. You should be well protected.

Blue

Hi Blue,

I agree with everything you say. My experiences are this:

In the past, where there have been holes in my security, I have been penetrated (my son's machine even more so). It was very, very costly for me. I have changed my surfing habits, as the security risks became more clear to me, and I have asked my son to do the same - and he has. But even so, there are times when simple browsing with Google can end up in trouble. Many users may not even know that they have been penetrated, simply because the security tools that they have in place do not detect the situations. So opted for:

1) More conservative browsing
2) Using non-Microsoft tooks (e.g. FireFox and Thunderbird)
3) The best pro-active defense I can find

For me it is worth it, since one security penetration would cost me much more in time and money than running these tools. One other thing that you alluded to - system instability. This is certainly very true. An early version of Prevx mangled my registry and I had to do a total restore. Since then, I now keep an image copy of my system on an external harddrive using Image For DOS. Total cost is $100, but again it is well worth it to me. Recently, I thought I may have a problem (but probably not). I really didn't want to take a chance, so I just did the image restore. More peace of mind.

Everyone is different. I guess the more one experiences security problems , the more cautious one becomes in life. Just recently, I was casually browsing and I caught a bad trojan which KAV 4.5 promptly neutralized. Who would have guessed?

Cya,
Rich

We use NOD and BOClean on a gaming machine used by a bunch of teens; no noticeable effect while gaming with both real time scanners running.

Actually over the last 6 months NOD has stopped everything on that machine that is used by a bunch of teenagers who don't always practice the best computing habits on the Internet.:)

Do you know if there are plans to improve the trojan detection in future versions of NOD32? Is it better in 2.5 than 2.12.3?

Looks like trojan protection continues to improve as it has for awhile.
Count the trojans. :D

http://www.nod32.com/scriptless/support/info.htm#CurVersion

NOD32 captured this in an e-mail earlier today: Win32/TrojanDownloader.Small.ZL trojan. Thank you NOD!

Also the NOD HTTP scanner provides additional benefits on the game machine that is used by a bunch of teenagers that don't always practice safe computing habits. The following is a sample of the virus log showing just the NOD HTTP scanner results over several days that the HTTP scanner stopped from even downloading to the machine.

JS/TrojanDownloader.IstBar.A trojan connection terminated
Win32/TrojanDownloader.Agent.BP trojan connection terminated
Java/Exploit.Bytverify.F trojan connection terminated
Multiple infiltrations connection terminated
HTML/Exploit.ObjData trojan connection terminated
Win32/Dialer.NAD trojan connection terminated
Win32/TrojanDownloader.OTXloader.A trojan connection terminated

Blue et al,

Thanks again for the GREAT feedback I have received on this thread. I could really not be any happier than what I am right now. ;D You guys are the best on this forum.

Just so you all know, I decided to pull the trigger today and so I purchased BO Clean. Seems pretty sweet, runs in the background using minimal resources, kinda like NOD32. :)

I will take your advice on the software firewall Blue, perhaps I will just try to lock down XP a bit more, and wait awhile on the software firewall. I know they are great, and I would like to know what is "trying to connect" to the internet, but I also want to keep performance up on this pc. I will say however that I will not compromise security for system performance. I never do, and never will. I just try to find the right balance of protection and performance that keeps my rig running smoothly, while also allowing to fill my gaming needs. ;)

Thanks and Regards to all,

Jag

My pleasure Jag.

For the record, I do have Outpost Pro installed on my machines at home - the family license (basically 5 machines for the price of 2) was a major driver.

My older son is a semi-hardcore gamer and doesn't have any performance issues, at least that I know of, with Outpost - he also runs the NOD32/BOClean combo, as do a number of other folks around here.

I use Outpost for pure outbound application control. Ran for quite some time without it with no problems. Once the application rules are set, I leave it basically in the background - checking on things every couple of months.

It's also good to stage system changes as you are now doing. It's a lot easier to debug system problems or performance drains since the latest installation is generally the unambiguous culprit - alone or with the help of some of the other installed applications.

Put your system through the wringer and see how it holds up. That's a good way to get a feel for how it all comes together.

Have a great weekend!

Blue

Good choice. Be aware that the author of BOClean recommends (in at least some cases) going into NOD32's configuration, and excluding the entire BOClean directory, as well as the BOC412.INI file in your Windows directory (usually C:\WINDOWS\BOC412.INI; just hit WinKey+F and search for %SystemRoot%\BOC412.INI).

And due to a shortcoming in NOD32, if you do this, you will have to exclude the BOClean path using both the short file-naming convention, and the long (that is, exclude C:\PROGRA~1\NSCLEAN\BOCLEAN and "C:\Program Files\NSClean\BOClean", or whatever your BOClean directory is).

If you don't have any problems, though, never mind...

Blue,

Thanks for the feedback. I have tried Outpost before but got some good ole BSOD while trying it, not sure if you have ever experienced that at all. ???

Nameless, thanks for the tip. I am curious however as to why they recommend setting up exclusions. So far I have not had any problems. Do you know when they could occur? Is it during a scan perhaps?

Let me know.

Thanks,

Jag

{QUOTE-> Blue,

Thanks for the feedback. I have tried Outpost before but got some good ole BSOD while trying it, not sure if you have ever experienced that at all. ???

Nameless, thanks for the tip. I am curious however as to why they recommend setting up exclusions. So far I have not had any problems. Do you know when they could occur? Is it during a scan perhaps?

Let me know.

Thanks,

Jag <-QUOTE}Jag,

I've never had an Outpost based BSOD - go figure - that's why we trial these things.

On the exclusions, in the past you'd see AMON constantly respond to BOClean files. The exclusions took care of that. Curiously, I'm not seeing that behavior on the beta. I'm running with default settings

Blue

Hi Blue:

AMON now has this feature:

Optimize scanning - enables use of cache. When enabled, any file will be checked by AMON only once until it has changed.

{QUOTE-> Jag,

I've never had an Outpost based BSOD - go figure - that's why we trial these things.

On the exclusions, in the past you'd see AMON constantly respond to BOClean files. The exclusions took care of that. Curiously, I'm not seeing that behavior on the beta. I'm running with default settings

Blue <-QUOTE}

Blue,

Thanks again for the help. I never really checked out what AMON was scanning and I can see it was scanning all of the BOClean files so I set up the exclusions. So thanks to you and nameless for that one. ;D

I also noticed it constantly scanning the GCASDTSERV.EXE file from the MS Antispyware program. So I added an exclusion for that file, just FYI.

I am not running the beta version of NOD32, I think I will wait until it goes final. I am however testing it in a VM Ware session as well as Virtual PC. So far, so good.

I am using NOD32 version 2.12.3 with Blackspear's recommended settings however. I had no exclusions setup until this evening tho. ::)

Thanks again to all for the help here. I also failed to mention that I use Firefox for my web browser, which by the way is now updated to version 1.0.3 so be sure to upgrade!

Jag

P.S. Have a great weekend yourself!

Jaguar, try to use CounterSpy (trial version) i/o MS antispyware. Is definetly better. Can find spyware that MS antispyware cant.

I am not familar with Counterspy. I have heard of it tho. I thought I remember hearing that it gave out too many false positives however. Altho I could be mixing it up with another program. :P

{QUOTE-> Nameless, thanks for the tip. I am curious however as to why they recommend setting up exclusions. So far I have not had any problems. Do you know when they could occur? Is it during a scan perhaps? <-QUOTE}On my system, the reason for the exclusion was more serious than just files being scanned repeatedly. I was actually having total system freezes (http://www.wilderssecurity.com/showthread.php?t=71732). Somehow, the freezes were caused by NOD32 scanning the BOClean files in real-time (i.e. with its AMON component).

In any case, excluding all BOClean files from NOD32's AMON component solved the problem completely. I should also point out that this was what Kevin--the author of BOClean--advised.

If your system runs fine, though, I don't think I'd worry about excluding BOClean.

{QUOTE-> I am not familar with Counterspy. I have heard of it tho. I thought I remember hearing that it gave out too many false positives however. Altho I could be mixing it up with another program. :P <-QUOTE}See this post (http://www.wilderssecurity.com/showpost.php?p=427577) for further information on CounterSpy.

Hope this helps...

Cheers ;D

Blackspear, finally i purchased CounterSpy. It looks like the MS Antispyware but the database is stronger. Really i checked it and is very good. Has found 2 keyloggers that other antispywares couldnt found.

{QUOTE-> Blackspear, finally i purchased CounterSpy. It looks like the MS Antispyware but the database is stronger. Really i checked it and is very good. Has found 2 keyloggers that other antispywares couldnt found. <-QUOTE}Good to hear.

Cheers ;D

Just i dont have any firewall in my pc. I think that NOD32,CounterSpy and teatimer are enough. Generally i dont like the firewalls:) What u think?

{QUOTE-> Just i dont have any firewall in my pc. I think that NOD32,CounterSpy and teatimer are enough. Generally i dont like the firewalls:) What u think? <-QUOTE}Not good at all, try ZoneAlarm FREE, it is really simple. At the moment you are playing chicken on a large multilane highway, it's going to be very messy... Time to get a firewall my friend.

Cheers ;D

:o :o :o :o

The firewalls can reduce the speed of my internet? (DSL)

{QUOTE-> :o :o :o :o

The firewalls can reduce the speed of my internet? (DSL) <-QUOTE}Not my experience at all, and I have installed a hell of a lot of them, 100's on customers PC's.

Cheers ;D

{QUOTE-> The firewalls can reduce the speed of my internet? (DSL) <-QUOTE}They invariably do, it is just a question of how much. There is no way around this. You probably won't notice it, but no one can honestly say "It makes literally 0% difference!"

Firewall software is also a great way to make your system crash, and kill off countless hours of idle time.

Not that you shouldn't run it...

{QUOTE-> :o :o :o :o

The firewalls can reduce the speed of my internet? (DSL) <-QUOTE}Stephanos G,

Whether or not a firewall reduces the speed of your internet depends on where your throughput bottleneck redsides.

If you have a very fast connection and a rather slow PC, the bootleneck of handling packets may reside on your PC. In that case, yes, you may experience reduced speed. If you have a slow connection and a very fast PC, there's not way you will see it. It general, you really shouldn't see an impact of the firewall on connection speed. It's only a traffic monitor at a packet level, there is no analysis beyond that. For example, when I turn off my copy of Outpost, I do not see a sudden jump in responsivenes. Basically, I see no impact. I would expect that is true for the vast majority of cases.

Blue

{QUOTE-> They invariably do, it is just a question of how much. There is no way around this. You probably won't notice it, but no one can honestly say "It makes literally 0% difference!"

Firewall software is also a great way to make your system crash, and kill off countless hours of idle time.

Not that you shouldn't run it... <-QUOTE}
What about hardware firewalls? ???

{QUOTE-> What about hardware firewalls? ??? <-QUOTE}Firecat,

Same answer as I gave above. Hardware firewalls are spec'ed with a typical maximum throughput. As long as this is well above the max download speed of you internet connnection, you'll be fine. For example, I have a 4 Mbps max download speed. My router, a Zyxel Zywall 10W has a stated (ftp://ftp.zyxel.com/zywalls/document/zywalls_V.1(2003)_ProductGuide.pdf) max throughput of 25 Mbps. As with many vendor specs, it's probably somewhat optimistic for general use, so lets assume it is ~ 20 Mbps. With a 4 Mbps line being processed by a device that can handle 20 Mbps, that device shouldn't be a bottleneck.

If it were an older device, and had a max throughput in the area of 4 Mpbs, then yes, you would see an impact.

nameless' comment also applies. For anything added to the communications path, you will see some incremental slowing, the question is whether or not it is perceptible to the user.

Blue

Thanks Blue :)

{QUOTE-> Whether or not a firewall reduces the speed of your internet depends on where your throughput bottleneck redsides.

If you have a very fast connection and a rather slow PC, the bootleneck of handling packets may reside on your PC. In that case, yes, you may experience reduced speed. If you have a slow connection and a very fast PC, there's not way you will see it. <-QUOTE}A pretty good explanation, but they always slow it down somewhat, even with a slow connection and a fast PC. You may not notice it, but it's happening. OK, so maybe I'm just being pedantic, but... I guess I'm anal about details like that. :)

They also like to use CPU time. (This is where people look at how much CPU time their firewall's EXE has used, not realizing that the CPU time is also being used by the driver, which won't show up that way.)

{QUOTE-> What about hardware firewalls? ??? <-QUOTE}A good hardware firewall is indispensable for most systems, I think. Some of them are crap just like everything else, but a good one will be 5,000% better than any software firewall available--except that it won't help much with outbound connections.

Unfortunately i tried today the Zone alarm firewall. Has slowed too much my internet speed. Finally i decides to uninstall it. Now my internet is flying again. I prefer NOD32 and CounterSpy. I never liked the firewalls. Same problems i had before with Norton internet security. Thanks anyway

Maybe you should give Look N Stop or some other firewalls a try.

ladies and gents,

No offense intended, but this is the NOD32 support forum. Feel free to discuss firewalls and firewall issues over on 'other firewalls'.

Thanks in advance ;)

regards,

paul

Paul,

I agree with you, this thread did go off topic a bit, sorry about that. :'(

Regards,

Jag