For discussions of this Security that you use and its purpose (http://www.wilderssecurity.com/showthread.php?t=78484)

Cheers

Blackspear.

How do you define minium, tight security?

I rather you list your apps according to the type of threats they handle.

Good list, but

a) you shouldn't post programs that are (still) buggy (prevx for example)
b) post outdated stuff (that host file for example; last update took place in 2003!)

http://www.wilderssecurity.com/showthread.php?t=62495
post from which wings made the snide comments

-{ Quote: "
No offense, but I don't care so much what you think to be honest, since you're no expert, like the majority on this board.

-{ Quote: "Good list, but

a) you shouldn't post programs that are (still) buggy (prevx for example)
b) post outdated stuff (that host file for example; last update took place in 2003!)" }-


it seems as though you didnt take the hint from the other thread you posted in which you said you dont care what we think here. and as most others replied back to you who cares what you think either. if ya dont like it stay off the forum.

these folks know more in their little fingers than you do in your entire being.

Analogx's script defender seems like a good program to protect against malicious scripts.

some small suggestions

- http://accs-net.com/hosts/get_hosts.html-{ Quote: "Download the latest Hosts file:
Last updated on September 1st, 2003 " }-too old, yes?

- Any way to merge host files, removing duplicate entries?


-I see point #13 in medium security -{ Quote: "13. Keymaker (FREE) – Password Generator.
http://www.itoolpad.com/products/keymaker/
" }-AIRoboform http://www.roboform.com/
stores passwords in a 1024 bit file [I'm not sure of this]
What it does:
• AutoSave passwords in browser. [multiple browser support]
• AutoFill passwords to login form.
• Clicks Login button for you.
• Fills personal info into online forms.
• Saves offline passwords & notes.
• Generates Secure Random Passwords.
• Encrypt passwords and personal data using 3-DES.
• All personal info is stored on your computer only.
• Take RoboForm with you on USB disk for ultimate portability. [i]and ultimate safety
• Sync your passwords and notes to Palm or Pocket PC.
• Backup & Restore, Print your passwords.
More info: http://www.roboform.com/ai.html

--{ Quote: "21. PopPeeper (FREE) – Email Notification.
http://www.poppeeper.com/" }-I recommend the Open source freeware PopTray which has A LOT of plugins and definitely a better UI
http://www.poptray.org/
http://forum.poptray.org

Note: I have removed my earlier post...
b'coz BS said to discuss this topic here : http://www.wilderssecurity.com/showthread.php?t=62973
I hope you guys will do the same. I will probably delete this message soon too.

Great stuff for those of us who are not well educated in computers.

I notice that Wormguard is for worms, obviously, but I had assumed that AV and AT programs also detected and eliminated worms.
Must not be so??

Jerry

-{ Quote: "Opps ... I missed one other suggestion. A dedicated ADS Streams Remover ( I know many apps have this built in functionality ... but they aren't always successful in deleting the Streams ) and seeing as this is becoming a viable vehicle to hide malware." }-Also Ad-Aware (http://www.lavasoftusa.com/) "To further protect you, Ad-Aware SE Personal Edition also has the capability to scan and list Alternate Data Streams (ADS) in NTFS enabled volumes."

Mike

you can test it with PC SECURITY TEST 2005


http://www.pc-st.com/us/download.htm

BlackSpear .
May I add RegDefend to the tight security ? Awsome . Protects the registry WITHOUT polling

-{ Quote: "BlackSpear .
May I add RegDefend to the tight security ? Awsome . Protects the registry WITHOUT polling" }-I have RegDefend installed now, and have removed Prevx, Spybot S&D Resident and MJ's Registry Watcher, though for me to reccomend to do so will be a while, as I'm to new to RegDefend.

Cheers ;D

hmm.. any freeware alternate to this?

-{ Quote: "http://www.ghostsecurity.com/index.php?page=regdefend
is this the RegDefend you're all talking about?

The website looks like a DCS clone ;)" }-Indeed it is No13, they now have their official forum right here at Wilders ;) ;D

Cheers ;D

heck...
you beat me to the edit AGAIN BS...
damn! [thank god Buck ain't here...!]

-{ Quote: "heck...
you beat me to the edit AGAIN BS...
damn! [thank god Buck ain't here...!]" }-You are better off not editing out a major change to your post, as quiite often the posts after it consequently make no sense ;) ;D

And LOL, yeah BB would have been quick off the mark and given you a ribbing ;) ;D

Cheers ;D

~lurking~

:lurking: *puppy* :lurking:

Is Blackspear playing again, like a bad smell, reminds me a bit of Cochise's horse ;D

-{ Quote: "as quiite often the posts after it consequently make no sense" }-
I absolutely LOVE that kind of chaos!
:lurking:

-{ Quote: "I absolutely LOVE that kind of chaos! :lurking:" }-LMAO, but others don't, especially newbie’s to the forum ;) ;D

;D ;D ;D

-{ Quote: " Last edited by Blackspear : Today at 07:24 PM. Reason: Spelling and Grammer, just the usual..." }-~um~ ;)

-{ Quote: "I have RegDefend installed now, and have removed Prevx, Spybot S&D Resident and MJ's Registry Watcher, though for me to reccomend to do so will be a while, as I'm to new to RegDefend.

Cheers ;D" }-

I would remove Registry watcher but not PrevX. I have already tweaked PrevX to stop monitoring registry and startups, but it's monitoring of file areas is still valuable.

Hi Pollmaster .

I have done the same . Prevx is invaluable at what it does . I was hoping , before a better understanding , that RegDefend would take it's place . Nope . But I am very happy with Prevx . Still needed with Prevx . Take care

-{ Quote: "I would remove Registry watcher but not PrevX. I have already tweaked PrevX to stop monitoring registry and startups, but it's monitoring of file areas is still valuable." }-Thanks for that, I'll look at doing the same.

Cheers ;D

I use only antivirus and firewall as an active defensive software on my machine. No active registry watchers, no trojan shields, no process guards, no anything else. I do from time to time on demand scans with Ad-aware, MS Antispyware, or recently downloaded Spyware Doctor. I do also hijackthis scans regularly as well as antivirus system scans. And all this progs find NOTHING - not even single threat.

I'm on LAN behind the NAT, using Firefox with secure option set, OS - Win XP SP2 with all available critical updates. I do not share files and printers - disabled. I reduced amount of services to absolute minimum (only 7 basic system services running). I have also blocked DCOM RPC, RPC Locator, and NetBios disabled with Windows Worms Doors Cleaner (UPNP, and Messenger I get rid off with XPLite). My OS is also well tweaked.

My point is, do I need all these applications you talk about? I don't want to slow my computer down with tons of protective software consuming system resources and slowing down CPU. I know it's always a trade between speed and security, but so far I have had no problems for months. Do not think I like risk - I do not, but simply I don't want to waste my machine power when there is no need for it. Probably I would have more problems with setting up all this software and checking all possible options - and finally getting frustrated with computer slowdown - than see a benefit of this.

Where is a border between efficiency and protection? It is possible I am wrong, and some day will be sorry of not getting enough protected...

To be honest , my opinion is you only need what you have . Especially if you surf safely . Other programs are nice to " layer " your security as one bad " hit " by a nasty and you may be down for awhile . I would still suggest another program , such as a Zero Day Attack protection program . Other than that , you should be ok . But !!!! If your computer has the resources , it is always good to layer , JUST IN CASE . Good luck in your quest

-{ Quote: "To be honest , my opinion is you only need what you have . Especially if you surf safely . Other programs are nice to " layer " your security as one bad " hit " by a nasty and you may be down for awhile . I would still suggest another program , such as a Zero Day Attack protection program . " }-

What's a zero day attack protection program?

-{ Quote: "What's a zero day attack protection program?" }-

hehe! This! http://www.qualystem.com/en/rescue.html

Its purpose is to create a bootable image CD for the event of system failure. But also allows me to post here with harddrive disconnected :P

98se,

Do you think by using that program you mentioned 'Qualystem Rescue' you could create a running system off a usb drive instead of a cd/dvd? I would like to be able to access the net and run many of my favorite programs right off a usb drive instead of the cd/dvd.

Blue,
Wow!!! You "current setup" is quite thorough. I'm impressed. I have a couple of questions and you can PM your answer or post it here as you see fit.
1) Lavasoft's Ad-aware Pro has Ad-watch which monitors your registry and you have Giant Antispyware (now MS AntiSpyware) which I believe has an active component that monitors your registry. You also have RegDefend (which I'm curious to hear your opinion on). Do you have a problem with multiple softwares competing to monitor changes to the Registry, or have you disabled that feature in some products in favor of others?
2)I notice that you also use WebRoot Spysweeper, Lavasoft's Ad-aware Pro (I use), Spybot Search & Destroy (I use), and Microsoft Antispyware (I use). What do you think about Spysweeper (I see it is rated #1 by many)? Which do you rely on most/first? Does Spysweeper find things that the other 3 that you use leave behind often?
Thank you for your time and guidance.

{Edit by BlueZannetti 3/4/05 - the remainder of this post resides in it's original location here (http://www.wilderssecurity.com/showthread.php?p=391118#post391118)}

-{ Quote: "Blue,
Wow!!! You "current setup" is quite thorough. I'm impressed. I have a couple of questions and you can PM your answer or post it here as you see fit.
1) Lavasoft's Ad-aware Pro has Ad-watch which monitors your registry and you have Giant Antispyware (now MS AntiSpyware) which I believe has an active component that monitors your registry. You also have RegDefend (which I'm curious to hear your opinion on). Do you have a problem with multiple softwares competing to monitor changes to the Registry, or have you disabled that feature in some products in favor of others?
2)I notice that you also use WebRoot Spysweeper, Lavasoft's Ad-aware Pro (I use), Spybot Search & Destroy (I use), and Microsoft Antispyware (I use). What do you think about Spysweeper (I see it is rated #1 by many)? Which do you rely on most/first? Does Spysweeper find things that the other 3 that you use leave behind often?
Thank you for your time and guidance." }-dallen,

I made a conscious decision to not enable any of the realtime features of my antispyware applications. I don't have firm experience here, just a gut level feel that, as you remark, the various security program could end up fighting it out in the background. For realtime malware monitoring I decided to base everything on my AV and AT. Although they are not marketed in competition with antispyware applications, decent AV's and AT's do seem to deal well with the installation portions of spyware. Some nonfunctional residual bits may be left over, but my personal experience is that they cover the field well with the most aggressive and insidious components of the infestation and thats fine by me since a demand scan with an antispyware package will sweep up the residual pieces.

With respect to RegDefend, my attraction was two fold: (a) I've been impressed with Jason's previous efforts, and (b) I wanted some rock solid registry protection. As Jason has already noted here (http://www.wilderssecurity.com/showthread.php?t=68291), most other applications of this type poll registry keys for changes and reset the original value if required. RegDefend sits at a lower level so the request for the change is intercepted and dealt with before any actual changes occur. Seems to be a preferred approach to my way of thinking. I realize there could be unintended cconsequences here, that's a risk I'll take for now. RegDefend is the only registry monitor that I have running, so there are no contention issue. At this point I like it a lot. Extremely stable. Does one thing and does it well. Nice spartan approach.

On the antispyware front, Giant Antispyware (now MS Antispyware) is my first line defence here. It is the one I rely on most. Lavasoft AdAware and Webroot Spysweeper are roughly tied for second. All have found bits and pieces of spyware missed or neglected by the others. A good discussion of the current situation is spyware control, based on Eric Howes Anti-Spyware Testing (http://spywarewarrior.com/asw-test-guide.htm) effort by Brian Livingston is here (http://windowssecrets.com/050127/). My experience seems typical and likely reflects both the volume of spyware and the speed with which it evolves. I would recommmend any or all of these products. I also use Spybot S&D on occasion and when I use it, items invariably missed by the other players are located. This is one of the reasons I don't fret about the number of seemingly duplicate spyware applications. At some point in the future there may be one or two prime players covering 99% of the field (as is the case in AV's), but the antispyware folks are a long ways from that today.

Blue

I don't know how IMPORTANT certain programs are or THE MUST HAVES but I would like to know if all I need is what i have and that is...

anti-virus-avg free edition
spywareS&D
spywareblaster
as for firewall...I think I'm useing the windows firewall.
IE...6.0<<( I don't know the settings on it or what they should be either )

I just want to know the absolutely neccessary softwares to have..
If anyone could reply directly, I'd be greatful!!!
Thank You for ALL replies in advance. ;D

I JUST TRIED TO RUN ADAWARE IN 'SCAN FOR ADS' BUT A WINDOW CAME UP AND SAYS: INVALID SCANNING OPTIONS, THE SCANNING MODE YOU HAVE CHOSEN REQUIRES THAT ONE OR MORE DIRECTORIES ARE SPECIFIED.

You could add these free choices, Resa05:

Ad-Aware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5)
Microsoft AntiSpyware (http://www.microsoft.com/athome/security/spyware/software/default.mspx)
Zonealarm free firewall (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=dbtopnav_za)

Ad-Aware & MS Anti would be additions to your spyware protection, MS Anti has real-time protection which the other free choices don't have.

Zonealarm will provide you with outbound network protection, something MS firewall doesn't really have. :)

before i download and install zone alarm is there anything anyone wants to say that i should be advised of or should know before doing this? such as maybe settings and stuff....i need great direction and instructions because i'm know a very computer literate person so to speak :) thank you all :)


also i already have adaware...i just forgot to mention it :)

Don's suggestions are good. They will provide you with good anti-spyware protection as well as a good firewall. You might also want to look at a free anti-trojan:

http://www.emsisoft.com/en/software/free/

This is a good product. My setup is different than yours, but adding some anti-spyware and a good anti-trojan should certainly make you more secure. However, since you seem to be new at this, I would not start adding too much to your system unless you have a good image copy so that if things go crazy, you can recomver easily. If you do not know how to create an image copy, try to find some friend or local computer depot that will make one for you. I would hate to see you get into trouble installing these programs. Problems to occur from time to time.

Rich

Click on the "Select" button that is to the right of the ADS scan and check the box next to the C: drive. Make sure you also perform a Full Scan, and if you are not sure of the results, ask before deleting anything. Sometimes anti-spyware products give false positives so you don't want to delete files that are important to your system, even if the product suggests that you delete them. Chances are, you will get a lot of alerts concerning tracking cookies and such.

Rich

what is an image copier? i always get critical files when i run adaware and i always remove them?

An image copy, creates a duplicate copy of your current hard disk, so that if, for some reason, your system becomes unusable, you can restore the image copy and the hard disk would look like it did at the time that the image copy was taken. It's sort of like making a backup copy a a word processing document, just in case the document becomes corrupted - only in this case you are copying every file on your disk.

If this is too complicated for you to understand, you probably will need some assistance in creating an image copy.

Rich

hi all

me I have a pretty minimal set-up but its served me well

Firewall: ZAF zonealarm free
Backup: True Image
Anti Virus: NAV Norton AntiVirus
Anti Trojan: A2 A-Squared Free
Anti spyware:Spybot & Adaware
Browser: Firefox with adblock and Flash block i also use spyblocker and its pacfile

to secure IE from attack

i use IE spyad Spybot immunization function SWS SpywareStopper and spywareguides active X Block list

to secure sensitive files I use Ax-Crypt

i have also striped my version of windows with 98lite which helps to close down a lot of other problems and make it run better

I have also applied Bugoff, HTA Stop 2003, DSO Stop2, Anti-Polymorphism Patch and Saved Passwords Lock Patch to lock down a few more security holes

also to help ensure I'm fully patched up I use UNOFFICIAL Windows98 Second Edition Service Pack

to help keep my system stable i have Norton Utilities which i use for error checking and general maintenance

to help protect me email I use spamgourmet

self analysis of my security set up generally not to bad a couple of weaknesses though

1.) zaf because its not as good as other firewalls or so I'm told its also rather out dated as I don't like the newer versions to bloated

my problem here is that I find other firewalls to perplexing to use

2.) lack of real time monitoring nav does come with a guard but that's all I got so I'm venerable to other forms of malware

but the prob here is that apps like process guard SSM are difficult to use also there are very few ATs around that work with 98 even fewer are free and even less than that are still supported and as far as I know none of the free supported ATs that work with 98 come with background monitoring

other than that I think I'm in pretty good shape

Hi people and thanks for your help so far although I have been invisible and not a member until today. Although I rely on my PC for my occupation I consider myself a relative novice in terms of PC setup and have found this forum valuable already.

I am in the process of setting up a brand new PC at the moment and am taking the time to research my stuff properly before I even connect to the internet. I don't want a system cluttered with millions of cross-over applications - I am trying to cover all bases without going overboard. My new system (Pentium 4 3.4Ghz with HT and 2 GB DDR2 RAM should be able to handle a bit mind you ;D )

I will see if anyone has any comments on my setup so far (2 or 3 of these programs have been added based on my time here - the rest I had already sussed out) and then ask a couple of questions if that's ok. I should also note that I have partitioned my hard drive into a C/D drive ..................C drive for Windows/programs and D drive for all data. As I set up the PC and add programs I am sure I want I am imaging C drive with Ghost 2003 (DOS) and burning images to DVD so that at any time I can return to a clean PC and format D drive if I have to without having to reload Windows. Weekly backups of crucial data are taken onto CD/DVD

Current security apps:

NOD 32 antivirus (Paid)
Zonealarm Pro (paid)
Spywareblaster
Spybot w/teatimer om
Pestpatrol Corporate w/keypatrol etc.......... (not much comment on this that I've seen.......unnecessary??)
IM Secure
Adaware SE
TrojanHunter
Registry First Aid (Rosecity)
Mozilla


I think that's it. My main idea here is for people to pick my novice ass to pieces ;D

I also am interested in people's take on no hardware firewall. I have a connection with the only cable internet vendor in my area (Telstra) who use this ridiculous "heartbeat" system that causes occassioanl dropouts -maybe 1-2/day- on every router I know of. My internet is that crucial I cannot afford even brief dropouts. I do prefer to stick with cable though. Having said that I have an ADSL connection as backup for that and a dialup as backup for that ;D Is my Zonealarm Pro enough?? Am I lacking in terms of worm protection?

Any comments welcome.

Ed.

-{ Quote: "I have a connection with the only cable internet vendor in my area (Telstra) who use this ridiculous "heartbeat" system that causes occassioanl dropouts -maybe 1-2/day- on every router I know of." }-Hi Eddievh, welcome to Wilders.

Your set up is pretty good. You may want to take a look at the first post which has this link: Security that you use and its purpose (http://www.wilderssecurity.com/showthread.php?t=62972)

In regards to Telstra, I too am on Bigpond, and use their cable, you see the router that works really well for me in that link above, no dropouts here ;D

Hope this helps...

Cheers ;D

Thanks Blackspear,
I was hoping I'd done a fairly good job there ;D Also thanks for your thread on extra settings for NOD32 - I did a search on Google for just that and this is how I found Wilders. I also wouldn't have bought NOD32 without the reassurance of having that thread to fall back on (it ain't quite as user friendly as some) so maybe you can start charging commission ;)

Cheers,

Ed.

-{ Quote: "Thanks Blackspear" }-My pleasure.


-{ Quote: "I was hoping I'd done a fairly good job there" }-Not too bad at all.


-{ Quote: "Also thanks for your thread on extra settings for NOD32 - I did a search on Google for just that and this is how I found Wilders." }-No problem, and you will enjoy Wilders, it’s a great place to hang around, learn and chat.


-{ Quote: "I also wouldn't have bought NOD32 without the reassurance of having that thread to fall back on (it ain't quite as user friendly as some) so maybe you can start charging commission ;)" }-LOL, just wanted to make things easy for everyone else, it’s not so hard when you have someone walk you through things.

I have sold dozens and dozens of Netgear routers, and would seriously take a look in that direction with Bigpond, you won’t be disappointed. You simply get rid of Bigpond Login (heartbeat), place in the DNS servers (Telstra are the only one I know that require this) and the router will maintain your connection from there.

Cheers ;D

I think my security setup is better than even Blackspear's...

Mac OS X

;) :P :D

-{ Quote: "I think my security setup is better than even Blackspear's...

Mac OS X

;) :P :D" }-You forgot to mention its purpose. But if there isn't one in the first place, that's forgivable. ;) :P

-{ Quote: "You forgot to mention its purpose. But if there isn't one in the first place, that's forgivable. ;) :P" }-

Its a Mac. What better purpose do you want??!!

8) ;D

Its purpose is to be a Mac? There is nothing else to be gleaned from that statement.

-{ Quote: "Its purpose is to be a Mac? There is nothing else to be gleaned from that statement." }-
you've never seen a mac ;) ;D *drool*

No, but I know bad grammar when I see it.

go see a Mac... please. It's wonderful. You'll feel free of the Wintel domination.
Also true for Fedora.

thanx dude can't ever have to many programs helping. *hands you cookie*

Starlight, as you have asked the same question here, (http://www.wilderssecurity.com/showthread.php?t=69951&page=2) I have deleted this duplicate.

Cheers

Blackspear.

I have a paid for licence for ZoneAlarm Security Suite and untill the recent release I have found it to be ok although sometimes for unknown reasons it can hog my resources.

I have however begun to question how much they listen to either the beta testers or issues within the forums before releasing new versions or indeed making sure issues are corrected quickly and efficiently. IM secure is not that great nor is the ID Lock and as for their Spam removal again it works but is basic but overall it sucks which leaves just the Firewall.

I have been advised by them, ZA Tech Support, that until such time they can fix the issues with MSN 7 to return to ZA Pro. In the ZA Forums however it seems there are issues with the latest release of ZA Pro also.

What version of ZA Pro are you running?

I would like to know as I want to go for Nod 32 which you are also running. Which version?

If I know the versions that work together then that is one battle I wont have to fight.

I also want to run PG which version?

I have a paid for version of PE, TDS-3 and Wormguard but have not installed then for ages since my last windows install basically because I do not know how to use them properly.

I have a paid for version of TrojanHunter and TrojanGuard; I use SpyBot Search n Destroy (free); Ad-Aware SE Personal (free); SpyWare Blaster (free); Crap Cleaner.

Of the other software that you use I notice that you have Kaspersky 4.5; is this free or a paid for version?

I read alot about Kaspersky's and they seem to be streets ahead of Norton when it comes to updating their database.

You have RegDefend which I know nothing about nor where to get it from. Can you supply a link?

You have Firefox and Thunderbird. I have version 1.3 ready to install and to learn how to use. Thunderbird is for E-mails?

You have Ewido (licensed) and again I do not know much about this software apart fromwhat I have read and have yet to see a bad report.

You have UnHackMe: Rootkit installation prevention;this is new to me.

You have WormGuard: traps potentially malicious scripts; I did have issues with WG2 so have not installed it since.

You have SpywareGuard which I know of but I use TrojanHunter Guard which came with TrojanHunter.

You have TDS-3 and likewise I have paid for it but not installed.

You have Ad-aware and Spybot which I agree with you I would not be without.

You have HijackThis and likewise so do I. I run it after installing anything new just to keep account of what Active X is being assigned by software and if I should remove or not.

You have CounterSpy Anti-spyware(trial; I have not heard of this one and have been considering using the MS Beta.

You have Trojan Hunter; I also have this software. I have not heard of BOClean.

You have SpywareBlaster; I agree it works and is free.

You have DCS Port Explorer; I also have this software but again not installed.

You have System Internals Filemon. Again I have no knowledge of this software.

I use CCleaner all the time but have never used RegSeeker.

Overall you have a similar setup to me but obviously you use it to the best effect.

Do you get any clashes with any of the above? I am interested in respect of any of the software hogging your PC as I go online alot playing games. When I am in game only what do I need running and what can I switch off temporarily until I am back online surfing when I assume is the time my PC Security needs to be at its tightest.

Only answer if you have the time but I would appreciate any advice. :)

Hi Cyborg,

Much of the software that I have is due to the way my security system has evolved over the last few years. I believe that it is best to keep things simple, so that is what I will try to do.

1) I am running ZAP Pro 5.5. I have not had any problems running this version with any of the AVs I have tried out including NOD32 and KAV 4.5 (and 5.0). I have 4.5 paid and am extremely satisfied with its scanning and detection capabilities. Literally nothing has ever gotten through (this has not been my experiences with other AVs). However, its interface has much to be desired and it took a while for me to become comfortable with it.

2) Since you have chosen NOD32, I would recommend that you also install an anti-trojan program at this time to supplement NOD32's capabilites. I would recommend Ewido which is a very simple AT that has both real-time and on-demand AT capabilities. It is relatively easy to install and use and has daily updates. There is a free trial available and I do not think you will have any problems installing and running it. Others recommend BOClean. It is tough for me to say which has better real-time scanning and detection. I do know that Ewido on-demand will pick up some bits of tracking cookies and other types of malware on my machine from time to time. I have found that Trojan Hunter's real-time engine does conflict with many of my programs, which is why I initially went ahead and sought out a replacement.

3) Beyond these two products (NOD32 and Ewido), I would recommend focusing any "learning time" on products that pro-actively prevent malware from installing on your machine. The two products that I like at the moment are ProcessGuard and RegDefend. ProcessGuard prevents new programs (dlls) from executing on your system without your permissions. RegDefend prevents programs from changing the registry without your permission. In other works, they intercept potential malware before they can ever get started. The downside is that you, as a user, have to be comfortable making decisions when new alerts are presented to you. Depending upon your habits, the learning curve is manageable. If you are game, I would begin by installing PG, leave it in learning mode for a period of time as DiamondCS suggests, and then take it out of learning mode, at which time it will start intercepting. If you can learn to understand the messages, then you are home free. If not, then this type of guard is probably not for you. The PG forum on Wilders provides very active advise.

4) If you are comfortable with ProcessGuard, I would then recommend installing RegDefend with a similar type of approach.

If you can put these four programs (NOD32, Ewido, ProcessGuard, RegDefend) in place, I think you will be very well protected without the need to get involved with other programs that I mentioned on my list. The only other program that I have that actually has found malware, is Ad-aware which detects and deletes tracking cookies.

There is a learning curve with some of these programs, but as someone else pointed out, the learning curve is miniscule when compared with what one has to know when removing trojans.

Rich

Blue -

I see in your post above that you have two physical hard drives with each one having a XP Pro boot partition. I would appreciate any info you can provide as to the thinking behind that setup. Reason is I have the chance to add a new external HD which will supplement the original internal 60G drive and the 80G internal drive that I added last yearand is the boot drive with XP Home. The 60G still has the original ME setup and FAT files. and is used for backup & storage.

My BIOS doesn't allow boots from USB drive, so I would have to put the second boot partition on the 60G slave, rather than the external drive. Am I accomplishing anything by doing the foregoing?

Your thoughts/advice would be welcome.

What software is equal to ms antispyware. Any software and\or combination of softwares that make up the same thing. I can't find a reason to use it as an active scanner anymore and trying to find out if that is a good move. I mean I have KAV 5.0, Regdefend, Analog X Script Defender, Outpost Firewall, and Trojan Hunter as active. Just trying to find a way to save resources and just do manual scans. By the way, does anyone know what other extensions to add to script defender than the defualts.

dja2k

Hi dja2k,

With your setup, I think that realtime MS AS is superfluous. Especially with RegDefend in there backing up KAV. There may be some stray malware cookies that get through that you can catch with running Ad-aware or on-demand MS AS. The only thing that I would suggest is that you might want to add ProcessGuard (very little resource usage) to help protect against rootkits and keyloggers. Since you already have RegDefend, I think you will find PG a very nice addition. But PG would be, in my opinion, insurance protection. Your defenses seem to me to be already very strong.

Rich

Yeah I already have process guard, just don't have it active. It tends to screw up a lot of setups and exe runs. I might just add it again to my setup. So your saying that ms antispyware shouldn't be on all the time and just used as a scanner? Okay then, MS antispyware will be kept off (saves me memory) Oh , I forgot to mention I have xoftspy running as a scanner daily and also Bitdefender AV 7 Free Edition running a scan every other day as well. In addition, KAV running a scan daily as well. One thing, on the KAV, do you know if I should turn on riskware detection? I had it on before, but for some reason, I lost most of my uninstall entries from my ADD\REMOVE, being exe uninstall files. I have no other software that could have done that except when I thought about it, that option was on and it does make things slow when you read a folder full of exe install files. By the way, anyone know what other extensions to add to the analogx script defender entries; no one seems to answer me on this.

dja2k

Spend some time w/ ProcessGuard and I'm sure you can get it running pretty transparently (with the exception of the execution prevention.) The MSAS agents do add some very good protection, but being beta means you'd want to watch it some. If you don't want to run it resident, you might try SpywareGuard (http://www.javacoolsoftware.com/), it uses less resources.

If you want more scheduled scans, you should check out a-squared, it's very good for that. Spybot Search & Destroy, too.

Of course I have to mention the system hardening stuff. Not only will that give your security a signifigant boost, but it can speed up your system, sometimes enough to off-set your resident protection. See my sig for my suggestions. Many of the steps mentioned in the link are covered by the small apps, but it's still very worth going through, especially the suggestions for disabling services (if you haven't done this already.) If you don't mind spending $25, Qwik-Fix (http://www.pivx.com/) does quite a bit. Pivx has a team searching for vulnerabilities and releases workarounds for the vulnerabilities via Qwik-Fix (it auto-updates) when found. They also plan to add protection for 3rd party apps (like Firefox, etc) in the (near?) future, which you won't get from the free apps.

As far as Script Defender goes, I don't really have any suggestions for you. AFAIK it's pretty good by default, but I haven't looked at it in a while (might look again now thaty you mention it.) You can try checking out some other script blockers to see if they use any different extentions. ScripTrap is a good one to start with since it uninstalls 100% completely (http://keir.net/scriptrap.html) and attached is what RegRun covers, as ambiguous as it is. This might make a good subject for a new thread, though. ;)

-{ Quote: "Blue -

I see in your post above that you have two physical hard drives with each one having a XP Pro boot partition. I would appreciate any info you can provide as to the thinking behind that setup. Reason is I have the chance to add a new external HD which will supplement the original internal 60G drive and the 80G internal drive that I added last yearand is the boot drive with XP Home. The 60G still has the original ME setup and FAT files. and is used for backup & storage." }-I went with that setup following an unfortunate beta test result that required a reinstallation of my OS and applications. I really didn't want to suffer the downtime again (~ 2 days to get fully up given other time committments), so this seemed reasonable insurance against that.

This basically provides a working system and a test system. After setting up this way I've had one other bad beta result, but this time I was fully back in the time it took to reboot the system - less than one minute - and could rebuild things at my leisure

I ended up configuring the remaining home systems this way also. I spend a few gigs of disk space to provide a rapid recovery avenue when needed.

Blue

Thanks for the response. I may try that approach also since I have ample storage and occasionally get into a bind that can take a while to fix when experimenting with programs.

Hi,

Yes, I think if you activate, and become comfortable with ProcessGuard, you will greatly increase your protection. If KAV is not running in real-time with extended databases, then you may want to keep MS AS, since on my system KAV is doing more than MS AS, but I am running KAV in real-time.

I use riskware, but I do not automatically delete when KAV gives me the "Not a Virus:XXXX" warning. In this case, KAV is alerting to a module that may be associated with a virus/trojan, but also is associated with legitimate uses. So I do some research on google or on the KAV forum before I delete anything with this kind of warning.

Basically, I find that running KAV 4.5, ProcessGuard, and RegDefend in real-time makes MS AS in real-time superfluous. I only run Giant AS on-demand nowadays, and it hasn't found anything in ages. CounterSpy on-demand will find some minor malware as will Ad-aware and Ewido now and then. But since you have KAV on-demand, then probably you should keep MA AS real-time. That is what I would do.

Rich

-{ Quote: "Yeah I already have process guard, just don't have it active. It tends to screw up a lot of setups and exe runs. I might just add it again to my setup.

dja2k" }-

Personally the best thing I like about PG is not it's process monitor but rather it's ability to block global hooks and drivers from installation. So even if you dont like it popping warnings whenever you run something new, it can still be very useful.

Ok, carrying over from my list, is why:

-{ Quote: ".....Various other rootkit detectors, ADS, etc - enough to keep me busy for hours on end - but hey, it's fun......I think ??? " }-

Damn! I am a security freak :-\ I need help :o

What am I protecting? To be honest, nothing of any real value. I don't online bank and have no valuable files, other than my apps. I'm protecting my security apps, my themes, and other programs - my pretty desktop! - and trying to save myself from having to reformat if I get a virus - that's the bottom line. It's WAR! - and sometimes it's fun - especially when you win and and kill the intruder saving yourself from reformatting or True Image (my last resort)

Someone should make a board game - you go surf the internet and purchase programs and/or buy Antivirus, visit a pron site and get a nasty trojan, etc and you could land on a virus/trojan and it will cost you if you are not protected well enough. But then, maybe not - God knows I spend much too much time with the computer as it is.

-{ Quote: "Hi,

Yes, I think if you activate, and become comfortable with ProcessGuard, you will greatly increase your protection. If KAV is not running in real-time with extended databases, then you may want to keep MS AS, since on my system KAV is doing more than MS AS, but I am running KAV in real-time.

I use riskware, but I do not automatically delete when KAV gives me the "Not a Virus:XXXX" warning. In this case, KAV is alerting to a module that may be associated with a virus/trojan, but also is associated with legitimate uses. So I do some research on google or on the KAV forum before I delete anything with this kind of warning.

Basically, I find that running KAV 4.5, ProcessGuard, and RegDefend in real-time makes MS AS in real-time superfluous. I only run Giant AS on-demand nowadays, and it hasn't found anything in ages. CounterSpy on-demand will find some minor malware as will Ad-aware and Ewido now and then. But since you have KAV on-demand, then probably you should keep MA AS real-time. That is what I would do.

Rich" }-

What extended databases of KAV are you talking about?

When you say you use the riskware option, is there a way to make it prompt me before it deletes anything of that sort. Like I said before, I think that the scan removes my exe uninstall files thinking they are riskware. I have cleaned out my system twice because of that and have no other software that could have done it but KAV 5.0.

I run KAV 5.0, Trojan Hunter 4.2, Analogx Script Defender, and RegDefend in real time. Just added process guard again. So with that I don't run MS AS active anymore.

I have all other software mention here and there, but mainily as a manual scanner , I have xoftspy running daily, I have bitdefender scan running daily, Ad-aware daily, and I run MS AS every other day.

dja2k

-{ Quote: "What extended databases of KAV are you talking about?" }-This one:

http://img85.echo.cx/img85/2668/kav50configureupdater0zw.jpg
-{ Quote: "When you say you use the riskware option, is there a way to make it prompt me before it deletes anything of that sort. Like I said before, I think that the scan removes my exe uninstall files thinking they are riskware. I have cleaned out my system twice because of that and have no other software that could have done it but KAV 5.0." }-
Set Kav to "Block access and promt user for action".

I don't show that option on my update tab. I have the KAV Personal Pro 5.0.20. What version are you using and illustrating in that picture.

dja2k

-{ Quote: "I don't show that option on my update tab. I have the KAV Personal Pro 5.0.20. What version are you using and illustrating in that picture.

dja2k" }-
Ah, i see, in that case you simply checkmark "Detect riskware" in "Riskware detection" in the main GUI. "Detect hack tools" is the so called SuperSecure:

http://img15.echo.cx/img15/9758/kavprorisk5jl.jpg
You can read more about what these extra database option will add to the standard bases here:http://www.kaspersky.com/extraavupdates, you do not need to change the ending of all links from "updates" to "updates_ext". This is only for versions older than 5.0. :)

Thanks Don for clarifying.

Hi Dja2k,

" I run KAV 5.0, Trojan Hunter 4.2, Analogx Script Defender, and RegDefend in real time. Just added process guard again. So with that I don't run MS AS active anymore."

From my experiences, this would be a very secure real-time protection environment. Mine is very similar: KAV 4.5, ProcessGuard, RegDefend (with RegRun extensions), Ewido, UnHackMe.

I run Ad-aware, Spybot, Counterspy and GiantAS, NOD32 (the current beta), HijackThis, TrojanHunter, BOClean, Ewido, Rootkitrevealer, and TDS-3 on-demand from time to time. Only Ad-aware and Ewido will pick up some minor cookie malware from time to time. I do this just to continue to test my own hypothesis that the above configuration is very strong with a minimum amount of overhead. So far, the configuration is doing very well.

Rich

-{ Quote: "Ah, i see, in that case you simply checkmark "Detect riskware" in "Riskware detection" in the main GUI. "Detect hack tools" is the so called SuperSecure: You can read more about what these extra database option will add to the standard bases ere:http://www.kaspersky.com/extraavupdates, you do not need to change the ending of all links from "updates" to "updates_ext". This is only for versions older than 5.0. :)" }-

I already did the reading on the different virus definations and thanks. So with that, I see Don, I will just check the first riskware box, but not the hack tools for now and see how it goes

-{ Quote: "

From my experiences, this would be a very secure real-time protection environment. Mine is very similar: KAV 4.5, ProcessGuard, RegDefend (with RegRun extensions), Ewido, UnHackMe.

I run Ad-aware, Spybot, Counterspy and GiantAS, NOD32 (the current beta), HijackThis, TrojanHunter, BOClean, Ewido, Rootkitrevealer, and TDS-3 on-demand from time to time. Only Ad-aware and Ewido will pick up some minor cookie malware from time to time. I do this just to continue to test my own hypothesis that the above configuration is very strong with a minimum amount of overhead. So far, the configuration is doing very well.

Rich" }-

Is unhackme really neccessary with all your other protection? Don't you think that ewido takes up too much resources when active? I guess with me using Trojan Hunter Active would be the same as your Ewido Active software. One more thing, do you have Spybot Immunized with Spyware Blaster installed and if so, since you don't have Counterspy and MS Antispyware Active, do you have the Spybot Browser Helper Enabled?

Sorry for all the question guys, just want to be sure when I setup a secure and workable set up defense apps. Don't want to use something I don't need and don't want to use something that is useless. You know what I mean? :P

dja2k

-{ Quote: "do you have Spybot Immunized with Spyware Blaster" }-I do, and would advise to do the same, this is prevention from installation.


-{ Quote: "since you don't have Counterspy and MS Antispyware Active, do you have the Spybot Browser Helper Enabled?" }-Yes.


-{ Quote: "Sorry for all the question guys" }-No problem at all, that is what this thread is for ;) ;D


-{ Quote: "Don't want to use something I don't need and don't want to use something that is useless." }-I think that is the aim of each and everyone’s setup, not to have overlap, but to have a layered defence.

Hope this helps…

Cheers ;D

-{ Quote: "I already did the reading on the different virus definations and thanks. So with that, I see Don, I will just check the first riskware box, but not the hack tools for now and see how it goes" }-
Good choice, i personally use both ATM (running the Kav 6 prototype), but always recommend to use extra options with caution as they will flag programs as riskware (like mIRC) and some become uneasy when they see this "not-a-virus:Riskware." These are simply warnings and it's up to you whether you want to continue using the program/application. I normally recommend that you use the "Block access and prompt user for action" in the RTM-settings, this way you control, but of course it can be restore from "View backup" :)
-{ Quote: "Is unhackme really neccessary with all your other protection? Don't you think that ewido takes up too much resources when active? I guess with me using Trojan Hunter Active would be the same as your Ewido Active software." }-
If you ask me, then a run with unhackme before you install all you security related stuff should suffice, because once you have installed Kav, Trojan Hunter, Regdefend and Process Guard and have them properly configured! You pretty much got a fortress, but PG wont help if a rootkit is already installed, therefore it's a good thing to run Unhackme & Rootkitrevealer before installing these. If you have license for Trojan Hunter, then keep that, you can always take a look at Ewido when it runs out, i do use Ewido and like it a lot (no slowdowns here), but Trojan Hunter has been around for quite while and has regular updates. :)

Thanks for all the fast responses guys. This is really helping me find a good and strong defense setup. Wasn't too sure about my past setup, but it seems this one is turning out to be a keeper for now.

Does anyone know how to configure bitdefender 7 free edition not to use as many resources as it does, but yet being able to run a manual scanner without having to go manually and startup the services. I mean the it runs two startup files, 1st is bdmcom and 2nd is bdnagent. Services for that are 1st Bitdefender Communicator and 2nd Bitdefender Scan Server. When I take a look at the task Manager, I see bdmcom.exe taking as much as 30 MB and bdss.exe taking as much as 17 MB. Now for an Antivirus that is not active, that is pretty much in my books. So if anyone knows how to disable the startup, but being able to run it manually or by the internal scheduler, please let me know.

dja2k

Try using Autoruns (http://www.sysinternals.com/index.shtml) from Sysinternals to control what starts, they have several little freeware-tools.

-{ Quote: "

If you ask me, then a run with unhackme before you install all you security related stuff should suffice, because once you have installed Kav, Trojan Hunter, Regdefend and Process Guard and have them properly configured! You pretty much got a fortress, but PG wont help if a rootkit is already installed, therefore it's a good thing to run Unhackme & Rootkitrevealer before installing these. If you have license for Trojan Hunter, then keep that, you can always take a look at Ewido when it runs out, i do use Ewido and like it a lot (no slowdowns here), but Trojan Hunter has been around for quite while and has regular updates. :)" }-

Why are alot of you people using ewido instead of an active trojan blocking program. I see that ewido says it blocks trojans, but is it as good as TDS-3 or Trojan Guard? Do we even need an active trojan guard with all the other software we have protecting us. I mean can't we manually scan for trojans every so often?

dja2k

Hi,

I use UnHackme basically as a backup for ProcessGuard. It is probably unnecessary, but there is always a chance that I will make a mistake in answering a ProcessGuard alert message, so I like the idea of double protection. Anyways, I like Greatis as a company, so I want to support their efforts.

Ditto with Ewido. The combination of KAV 4.5, ProcessGuard, and RegDefend will probably protect me against trojan-like malware that Ewido protects my system against. However, I purchased Ewido a while ago, (as I did my other ATs), and it doesn't use that much resouces, so I run it for extra protection. I also scan with the other ATs from time to time (TDS-3, TrojanHunter, BOClean), but nothing has ever gotten through my first line of defense.

I use SpyBlaster and SpyBot protections.

Cya,
Rich

-{ Quote: "Hi,

I use UnHackme basically as a backup for ProcessGuard. It is probably unnecessary, but there is always a chance that I will make a mistake in answering a ProcessGuard alert message, so I like the idea of double protection. Anyways, I like Greatis as a company, so I want to support their efforts.

Ditto with Ewido. The combination of KAV 4.5, Script Sentry, ProcessGuard, and RegDefend will probably protect me against trojan-like malware that Ewido protects my system against. However, I purchased Ewido a while ago, (as I did my other ATs), and it doesn't use that much resouces, so I run it for extra protection. I also scan with the other ATs from time to time (TDS-3, TrojanHunter, BOClean), but nothing has ever gotten through my first line of defense.

I use SpyBlaster and SpyBot protections.

Cya,
Rich" }-

So Rich, would you say that running KAV 5.0 (extended database), Outpost Firewall 2.6l, Process Guard 1.150, Spyware Blaster 3.3 Enabled, Spybot 1.4 Immunized and Browser Helper Enabled (though I don't use IE as my defualt Browser) and Regdefend 1.150 would be initial line of defense. Cause now that I got my setup working fine, I am trying to get rid of programs that don't really need to be running. I know that trojan hunter is a good app, but I see most of you don't run trojan detection software as active, but mainly as a scanner. I mean if my first line of defense is as good as it gets, do I really need the extra trojan hunter running (which by the way takes up about 12 - 15 MB of memory to run as active. I mean if it has to run, then let it be, I have 1024 MB of ram, so its no biggy, but hey the more you got running, the slower things can be. I mean this programs are reading files constantly.

dja2k

dja2k, the setup you describe "KAV 5.0 (extended database), Outpost Firewall 2.6l, Process Guard 3.150, Spyware Blaster 3.3 Enabled, Spybot 1.4 Immunized and Browser Helper Enabled (though I don't use IE as my defualt Browser) and Regdefend 1.150" would be a better than probably 95% of users and it would be a very strong setup, i'd add MS-AntiSpyware as on-demand scanner only, i can tell you that while Kav has been installed, i have never had any of the AT's that i have used give an alert and with PG correctly configured, you would have to be unlucky to be infected by a trojan.

With 1024mb ram you don't have to be too concerned with memory, you should look at CPU-usage instead.

Btw. RegDefend 1.200 has been released some time ago. :)

Jeeze guys. Get out of your houses and go get some fresh air. You're all obsessed. All these apps you got installed and you probably don't go anywhere near a website that would infect you anyway. If you don't go to porn or warez sites then you pretty much eliminate 99.99% of your chance of infection anyway. It seems to me that it's more a hobby than a neccessity. You like the idea that your pc is running all these apps and that it's your own little fortress that can't be penetrated. There's more to life than sitting looking at a pc and saying "Just try to infect me and watch all my apps spring into action and KAPOW! got you, you little bugger". Now if you do frequent porn and warez sites then i can fully understand why you go this far. But i fear that you only have these apps running so you have bragging rights.

muf

Thanks for the insight Don. Yes Muf, some of us mght be braggers (cause we know how to use these apps) and others might just want to be protected, but isin't it better to have sex with a condom than to have sex without. Wouldn't you say sex is like the internet, you don't know what kind of stuff is out there. Better safe than sorry don't you think?

dja2k

Not that you're in much of a position to criticize, Muf (http://www.wilderssecurity.com/showthread.php?p=352048#post352048), but then again, just like everyone else on the board, we don't really know your circumstances. ;)

-{ Quote: "isin't it better to have sex with a condom than to have sex without" }-If we speak of every day users....those that don't visit Forums such as this....it would not matter if they use a condom if they don't know how to use it....or whether or not it has holes in it ???

-{ Quote: "But i fear that you only have these apps running so you have bragging rights." }-One only needs to take a look at any site that helps out with HijackThis Logs to see that the tidal wave is increasing in speed, width and hight...

Prevention is far better than cure…

Cheers ;D

Hi dja2k,

I agree with Don. I think you have an excellent first line of defense, and as long as you pay attention to the alert messages that you may get from your real-time security programs, I think you are extremely well protected.

Like Don, I run various programs on-demand from time to time. Mostly because I bought them previously, so I am always "testing" the strength of my real-time defense. So far, from time to time CounterSpy, Ewido, and Ad-aware may pick up a stray "tracking cookie" during a full scan, but nothing beyond that.

I do remember a while ago that somehow a "Java exploit" got past KAV real-time and ended upon in the Java cache folder. The exploit itself was harmless, since it was neutralized quite some time ago by the latest versions of Java. Possibly, because it was never executed, it was never detected since all of the ATs that I have would detect it ever tried to do something. However, I did find it while doing a full KAV scan, which I do about once every two weeks.

I personally think you are in very good shape and just keep tracking this forum for updates and other unusal things that might need your attention.

Cya around,
Rich

-{ Quote: "Not that you're in much of a position to criticize, Muf (http://www.wilderssecurity.com/showthread.php?p=352048#post352048), but then again, just like everyone else on the board, we don't really know your circumstances. ;)" }-

Oh my god! I didn't realise i used so much stuff myself. I suppose when you look at the list, it's not much different than what everyone else is saying. I take back what i said. I'm a certified fruit and nutcase like the rest of you! ;)

Put the handcuffs on me now officer, i've been nicked!!!

muf

p.s I do frequent those undisireable places though. So at least i do have good reason for my level of protection.

-{ Quote: "Oh my god! I didn't realise i used so much stuff myself. I suppose when you look at the list, it's not much different than what everyone else is saying. I take back what i said. I'm a certified fruit and nutcase like the rest of you! ;)

Put the handcuffs on me now officer, i've been nicked!!!" }-LMAO, by the looks of it you had joined us long ago, and just hadn't realised you were already here ::) :o :D ;D :lurking:

HI Muf,

I only wish what you say is true, but I just spent several hours of my time cleaning a machine of a friend who really just casually browses the Web and hardly uses her machine and had Trend Micros Suite on her system. Unfortuately, the current state of affairs is that probably more people are affected than probably even know about it.

The real problem is in Redmond. They can quickly shut down lots of "holes" in the software, but they themselves need the holes so they can do what they want to do (intrude on the usage of Windows) and thereby they leave "windows" open to other intruders. I think this underlying, over-arching problem will only be solved when large institutions start moving away from Windows because the risks/financial losses are too great for them to many any longer. Once large institutions start addressing these issues with a new OS, then their employees (and money) will follow. Until then, I don't know what can be done, except continue to harden defenses against MS allowed security holes.

Rich

Thanks rich for the reply and also to the rest of you for helping out. I will keep my current line of defense and see how it goes. Did start getting some blue screens \ crashes though something about restarted due to bugchecks, but I can live with it for a while until I find out what is causing them. I really think that it is outpost as I encountered them some time ago, but can't rule out the other apps just yet. The errors usually are interent related like for instance it happened when I was in Amazon.com and I noticed that it started getting slow to go to the next page, then suddenly it just happened. I am still waiting on people at the Outpost forum to address a question on their Component Control, Open Process Control and Hidden Process as some of them might conflict with what I got. For now I have Component Control DISABLED, Open Process Control DISABLED, and Hidden Process set to ALLOW ACCESS. I set Hidden Process to ALLOW ACCESS because Trojan Hunter would then be blocked and my interent connection would fail at windows startup. As far as Component Control and Open Process Control, well I will have to wait and see what the best options are. I will see what happens anyways.

dja2k

-{ Quote: "Thanks for the insight Don. Yes Muf, some of us mght be braggers (cause we know how to use these apps) and others might just want to be protected,
dja2k" }-

Muf has a point. But so what? It's a hobby that isn't hurting anyone. Still, knowign how to use an app is not cause for bragging I think. I rather brag I know how to program.

-{ Quote: "HI Muf,

I only wish what you say is true, but I just spent several hours of my time cleaning a machine of a friend who really just casually browses the Web and hardly uses her machine and had Trend Micros Suite on her system. Unfortuately, the current state of affairs is that probably more people are affected than probably even know about it." }-


I have to concur here. I just spent the last 7 days and probably 5 hours on the telephone sorting out a mates pc that had got infected. He hadn't got around to fixing up his telephone line to his pc for two years. Eventually got up and running and was once again happily browsing the net. Then he phoned me to say he might have an infection. I then found out he uses NO PROTECTION AT ALL. Windows 98 with no firewall, no AV, no AT, no AS. NOTHING. Just bare bones windows and his 56k dial up. And he's one of those typical red-blooded males that visits 'THOSE' places. So for him to say he thinks he 'MIGHT' be infected was a bit funny.

Anyway, turns out he had Mirar, JS.Seeker, something called USBN.EXE and other stuff owning his pc. He went and purchased Norton AV(not by my recommendation - panick buy!). I did him a cd with Ad-Aware, Spybot, CWShredder to help remove his problems. And also provided copies of SpywareBlaster & ScriptSentry along with enabling Teatimer for resident protection. Norton found 3 infections. Spybot found 29 critical items, Ad-Aware found 39 critical items - All scanned in safe mode. Had to remove the USBN.EXE manually and it was resetting his dial-up and trying to phone a premium sex phone line.

He's just been given Norton Firewall 2003 by a workmate who got it as a freebee but never installed it. So he's installing that this weekend - BEFORE HE GOES BACK ONLINE! Seems to be good to go now.

Btw, It's not easy cleaning someone's pc on the phone when they are not pc literate. The disk i gave him i left at his place of work as it's just around the corner from where i live. But his house is just way too far away for me to travel so i had to remedy his pc on the phone. Hard work. But i got there in the end. :D And who knows, maybe he's learned a lesson or three. ;)

muf

Okay now I have had it with outpost and their damn blue screen BSOD errors. I have been getting a blue screen daily while just on firefox surfing. What else do you guys, which you have helped me a lot, reccomend as a replacement. And yes I know zonealarm is good, but I can't understand make the rulesets on it and no one seemed to help out before. But besides zonealarm and outpost, any other good firewall. Also I am behind a linksys router. I gave outpost many chances since the 2.5 version and all builts til 2.6, but they all cause those blue screens. So what do you think about a firewall that will fit my needs on good security and I don't care about memory usage.

dja2k

I'm a fan of Look n Stop, I've had no problems with it. Sometimes the rules can seem daunting to the new user, but for the most part you just have to load up the enhanced ruleset. When you're more comfortable you can download Phant0m's ruleset for more, as well as use the beta drivers (completely stable.) I didn't know much of anything about firewalls when I first started using it, and had no trouble. Plus the support for it is right here at Wilders, and any additional rules you need can be downloaded.

So lock n stop is pure rule based. Does that mean that it doesn't have a pop-up to block or accept connections from the start?

dja2k

-{ Quote: "What else do you guys, which you have helped me a lot, recommend as a replacement." }-Look 'n' Stop has a FREE 30 day trial, I'm impressed with it, and it is very easy to set up for file sharing behind a router.

Hope this helps...

Cheers ;D

-{ Quote: "Look 'n' Stop has a FREE 30 day trial, I'm impressed with it, and it is very easy to set up for file sharing behind a router.

Hope this helps...

Cheers ;D" }-

But it leaves everything to allow access until you setup a rule right?

dja2k

Yes it has application control, which will prompt you to Authorize or Block an application that's trying to access the internet. Almost all firewalls are rules based, but most of them don't let you customize them, which leaves you with a configuration made for the lowest common denominator (security wise) to ensure compatibility for all users.

Like Blackspear says, it's got a 30 day trial, you might give it a spin. I've not heard of (or experienced) any stability issues. Should you decide to uninstall it, you can use the Phantastic Uninstaller (http://www.fluxgfx.com/ssc/forumdisplay.php?f=14) to remove it completely (you would run it after uninstalling from Add/Remove Programs.) You can also take a look through the forum here for just about anything else you might want to know.

-{ Quote: "It has both application control and rules, just like most firewalls. The difference is that it gives you full control of the rules, should you decide you need/want to change anything. Both the application control (which gives you the pop-up to 'allow' or 'block' a program) and rules are very configurable, but it's organized in a way that makes it easy to use.

Like Blackspear says, it's got a 30 day trial, you might give it a spin." }-

Think I tried it once before, not to sure, but it didn't lock anything. I would allow access to everything, browser and programs from start unless I had to turn on something. If I do use it, what is this about enhanced rules and something about an updated system file? Also is look n stop ever known to create blue screens due to BSOD's?

dja2k

I have recently purchased an XP PC, my first PC in over 12 years.

I can honestly say that I have spent more time in one day sat atop a chilling iceberg staring out at an ocean depth of security issues than I have ever needed to in over 15 years of Mac OS use.

It's a really sad state of affairs... A computer should be a compliant tool, not something one has to wrestle with at great expense of time/money/resources.

The level of PC paranoia I've encountered today more than suggests I should stick to using OSX when interfacing with the internet and all its scummy alleyways. The PC can sit in the corner and receive what it needs via OSX's built-in firewall.

-{ Quote: "I have recently purchased an XP PC, my first PC in over 12 years.

I can honestly say that I have spent more time in one day sat atop a chilling iceberg staring out at an ocean depth of security issues than I have ever needed to in over 15 years of Mac OS use.

It's a really sad state of affairs... A computer should be a compliant tool, not something one has to wrestle with at great expense of time/money/resources.

The level of PC paranoia I've encountered today more than suggests I should stick to using OSX when interfacing with the internet and all its scummy alleyways. The PC can sit in the corner and receive what it needs via OSX's built-in firewall." }-
Mac computers and Apple products are becoming more popular. With popularity you become more of a target for security issues. Apple's turn is coming and right now your just whistling past the graveyard.

Ah, but BSD and UNIX whistle quite different tunes. Both time tested and very tough nuts to crack http://www.apple.com/macosx/features/unix/ . What's more, Apple aside, some seriously good guys watch over it.

As I doubt OSX will ever achieve the same size audience as Windows, I'm more convinced of its security.

-{ Quote: "Ah, but BSD and UNIX whistle quite different tunes. Both time tested and very tough nuts to crack http://www.apple.com/macosx/features/unix/ . What's more, Apple aside, some seriously good guys watch over it.

As I doubt OSX will ever achieve the same size audience as Windows, I'm more convinced of its security." }-
I don't know, Firefox has been getting hammered (no pun intended) the past six months or so with more fixes and patches than IE so I guess it's considered mainstream now. Although it still is not as much in use as IE. Security by obscurity is not something that lasts.

-{ Quote: "I don't know, Firefox has been getting hammered (no pun intended) the past six months or so with more fixes and patches than IE so I guess it's considered mainstream now. Although it still is not as much in use as IE. Security by obscurity is not something that lasts." }-I agree Hammer. Sadly I knew this day would come. The bigger and more successful it becomes the bigger a target it will be. :(

-{ Quote: "One only needs to take a look at any site that helps out with HijackThis Logs to see that the tidal wave is increasing in speed, width and hight...

Prevention is far better than cure…

Cheers ;D" }-

Insert gratutitous Online Armor ad here ;D

Seriously, all I use at home is OA (but I am behind a firewall) - at the office, we run a linux based firewall, with Snort IDS on it - and OA on the desktops - partly because we eat our own dogfood (tasty, too!) and partly for testing.

Now, I would never advise a user to run OA alone (at least, not yet) but it absolutely amazes me when people are running 5 or 6, or more different programs to protect themselves.

Obviously, every user is different in terms of expertise (and paranoia) but still, head-shaking moments.

Mike

Heheh, you know Mike, I almost didn't want to beta test OA because I am already running 5 different security apps, and I consider even 5 too many (not that any except the AV chew many resources)...

But I suppose firewall + AV + 3 isn't too bad (now plus OA).

Of course my prefered setup would be Firewall+AV+HIPS, but so far no one HIPS does a thorough enough job yet.

That's one of the reasons I'm rather interested in where OA is heading :)

-{ Quote: "Insert gratutitous Online Armor ad here ;D

Seriously, all I use at home is OA (but I am behind a firewall) - at the office, we run a linux based firewall, with Snort IDS on it - and OA on the desktops - partly because we eat our own dogfood (tasty, too!) and partly for testing.

Now, I would never advise a user to run OA alone (at least, not yet) but it absolutely amazes me when people are running 5 or 6, or more different programs to protect themselves.

Obviously, every user is different in terms of expertise (and paranoia) but still, head-shaking moments.

Mike" }-I know, but with several systems used by teenagers, and parents fed up with paying to have them cleaned, these same systems are remaining clean through password protecting Nod32 and having it run a weekly silent clean, as well as password protecting Process Guard 3, and using the other prevention software, it remains extremely hard for these same teens to infect their systems.

Problem solved, parents happy ;) ;D

Cheers ;D

-{ Quote: "I know, but with several systems used by teenagers, and parents fed up with paying to have them cleaned, these same systems are remaining clean through password protecting Nod32 and having it run a weekly silent clean, as well as password protecting Process Guard 3, and using the other prevention software, it remains extremely hard for these same teens to infect their systems.

Problem solved, parents happy ;) ;D

Cheers ;D" }-

That's a good point - so if we added a parental lock into OA which auto-denied everything (ActiveX, unknown app execution, keyloggers) this would be a Good Thing... I've discussed with a couple of people who have suggested it, but seems that this would be a(nother) must-have feature.


Mike

Hi Mike

I think password protected control is a very good thing. It doesn't detract from the product in anyway, and helps parents prevent their kids from causing havoc on their computers ;D

This seems quite a neat tool.

http://toolbar.netcraft.com/

-{ Quote: "This seems quite a neat tool.

http://toolbar.netcraft.com/" }-


I wonder if it's spyware or trackware though.

-{ Quote: "Hi Mike

I think password protected control is a very good thing. It doesn't detract from the product in anyway, and helps parents prevent their kids from causing havoc on their computers ;D" }-

Vikorr - I have a 8 year old.... this is Soooo on the list :-) Although, to be fair he hasn't allowed nasty stuff (so far!).

Mike

Hello there my brothers and sisters in security. Can you feel those pure and precious encryption algarythems embracing our very soul penitrating us to secure our computers that extra mile? When I think back to how I used to surf naked in the cyber rain I realize how vunurable and unprotected I really was and it saddens my heart. Since I have become a man I have left such childish wisdom behind me - a favorite still is "Well I can't see a virus, so it must not be there!". What am I all about here? I want my computer security tighter than a virgin on prom night with a chastity belt strapped to her loins. I'd like to see a posting that states...

I use program A, B, C, D, E, F, G, etc...
then with each program we, as paranoid freaks of technology, sit down and discuss how to secure, patch, configure, and manicure each program to the fullest. For example if someone says 'Firefox' then lets show others who may not be so 'gosu' aka don't know it really well how they can beef that one particular program up to the max. What settings do you use? What do you enable or disable when you first set it up and why do you do it that way? Do you know of any extensions or custom configs that would make it more secure or work better?

An example is as follows...

Key Legend:
[√] Check the box
Text Uncheck the box
* Personal preference
$ Personal preference w/security measure

I. Replacing IE with something else...

1. Mozilla Firefox Browser
http://www.mozilla.org/products/firefox/

a. CLEANUP FOR THOSE WHO DON'T USE BOOKMARKS TOOLBAR
►*View►Toolbars►Bookmarks Toolbar

b. OPTIONS
►Tools►Options►(Left hand side menu)

-->General
►Home Page►*Use Blank Page
►$Connection Settings...(For use with remote or local host proxy... Proxomitron anyone?)

-->Privacy
►History►(0 days)►Clear
►Saved Form Information►Save information I enter...►Clear
►Saved Passwords►Remember Passwords►Clear
►$Download Manager History►Upon successful download►Clear (See notes at end of Firefox section)
►$Cookies►Allow sites to set cookies►Clear (See notes at end of Firefox section)
►Cache►(0 KB)►Clear
►Clear All►Clear All Information

-->Web Features
►Block Popup Windows [√]
►Allow web sites to install software
►*Load Images [√]
►*for the originating web site only
►Enable Java (See notes at end of Firefox section)
►Enable JavaScript (See notes at end of Firefox section)


-->Downloads
►●Ask me where to save every file
►[√] Show Download Manager window when a download begins.
►$Close the Download Manager window when all downloads are complete.

-->Advanced
►*Browsing►Resize large images to fit in the browser window

►OK

c. RESTRICTING REFERERS

►URL box <type>
about:config
►Filter: box <type>
refer
►Select 'network.http.sendRefererHeader'►Change from 2 to 0►OK

d. CUSTOM CONFIGURATIONS

►URL box <type>
(Slot reserved for all those custom configs so many of you use to increase connections on broadband.)

e. EXTENSIONS/PLUGINS

►(Slot reserved...)

Notes:

2. Opera Browser - (Slot reserved for regular user.)

Now I understand this is a more involved process and typing than these other postings that simply list them... But we feel that a poorly handled program offers a false sense of security and that would defeat the purpose of why we are here. If you are familiar with a certain program and know how to get the maximum out of it list it and tell us what you did to tighten it. Over time we will then have a compiled listing of many different types of programs so that new users can familiar themselves with them more quickly.

What about Sentinel? Its free now...

I really feel the need to see a present day thread for this topic.
Most of the posting was last Spring.
Some of the links don't even go anywhere, anymore.

I think a bi-yearly new thread for this topic of what programs are used and the discussion of them would be most beneficial to the people coming to this forum to find this advice, rather than an enormous list from a year ago. I assume a lot of progress has been made?

Also, I'd like to see programs listed by what they fulfill, such as:
Anti-Virus
Encryption
Firewall
Hardening (listing the actual fixes gained from each program)
Sandbox
etc. etc.

I'd really like to see this, so we can for the most part go down a list and start checking off each specific coverage, including the best settings in the programs chosen.
Thanks.