Which security pair is better?

Discussion in 'other anti-malware software' started by bellgamin, May 26, 2015.

  1. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @ bellgamin - bahh. Fellow can dream right? :D

    On a better note, i kept all 12 of my XP Pro SP2 hard drives and all they need is a box :p
     
  2. @bellgamin

    When I recall correctly (I used it on my XP box also), Sunbelt HIPS also guards program launches and dll injection. Considering you run AppGuard in locked mode, you have a driver based default deny (comparable with AppLocker, stronger as SRP), so the NVT would only be a second layer in case AppGuard would fail or you shoot yourself in the foot installing malware.

    The first is not likely considering the fact that AppGuard is used by US military. When US is able to create complex malware as Stuxnet, I think they are also capable of selecting sound and safe security programs. The second is not likely either also considering the wisdom you have gathered during your long live.

    So considering my preference (less is more) AppGuard + Sunbelt FW is a combo with sufficient protection IMO. I would rather add MBAE to the mix to protect the old OS against exploits (MBAE in process memory protection, Sunbelt DLL-injection protection, AppGuard's memory protection would keep XP running for hopefully quite a few years).

    Regards Kees
     
  3. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I agree with WS on the protection level.

    Myself i used the Kerio 4 free program and was somewhat unlucky in that my connection would sometimes need a reboot after running Kerio for longer periods, more than 12 hours or so for the internet to work. Its hips part was an easy one, sort of like ProcessGuard free. An anti executable. I think it is able to control what programs start other programs. Can't remember though if the free version had dll injection control, most likely not as I could not had been able to stand such popups ;)

    kerio 2.1.5 was always my fave along with Sygate in XP. Not having them installed same time of course.
     
    Last edited: May 30, 2015
  4. Jarmo, the last 4.7 beta had the options of the paid version and I also remember that the HIPS was able to control which program was allowed to be launched by another program (so more granular as NVT-ERP)
     
  5. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,207
    I have not tried NVT-ERP, even though I think it is a good program. Your advice of getting rid of one antiexe is a sound recommendation to me too and not running them same time at all.

    Lets hope Belgamin don't get any threaded BSOD running them both together if he does. My advice would be to maybe stay away from any anti executables and just run some anti exploit if ever getting a BSOD. I (faintly) remember getting a BSOD from some version Kerio 4. I tried 2 versions and always came back to a simpler albeit less protective firewall.
     
  6. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    @ Kees - MBAE is one of my *must have* security apps. It is always active. The same holds true for AppGuard. By the way, I do have an antivirus (Avast Free) but I do not run it in real-time - only on-demand for downloads.

    @ Jarmo P - NVT-ERP is not a "good program". It is a SUPERBLY SUPERB program!!! Plus it is THE antiexe-on-steroids. Plus it has the best - the very best - support forum here at Wilders. ||| I have never had a BSOD with XP no matter how much I abused it. It's like the dog Prince I had when I was a toddler -- I could do anything to that poor fellow (& sometimes did if my parents weren't watching) and he would never ever bite or even growl. Just licked my face and moved a ways back. So also is my loyal friend, WinXP
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I didn't know that Kerio als had a HIPS component, sounds good.

    Thanks, and I have always enjoyed reading your topics and posts. :thumb:
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    I didn't know about this, I wonder how AG is being used, I suppose purely as an anti-exploit tool?

    I agree about ERP, it's a simple to operate but still a powerful app. MBAE is cool too, especially now it can even protect sandboxed apps, running under Sandboxie's control.
     
  9. No central management intrusion prevention for PC's running admin. There have been test/demo's to compare ApGuard's effectiness against EMET, but I can't find them anymore.
     
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Well, that is an old discussion, AG will block everything in "lock down" mode so of course it will perform better than EMET, because anti-executables don't care if malware is triggered by some exploit or not.
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,789
    Correct. Minor description change: HIPS, if the driver is enabled, watches buffer overflow and code injections. BEHAVIOR section controls parent-child and modifications thereof.
    Last free and complete versions are 4.7.4 and 4.7.5.
    Good thread. Thanks to Belgamin to starting it and Kees for clearing up few things I've been wondering about in the past five or so years of using Sunbelt FW.
     
  12. CGuard

    CGuard Registered Member

    Joined:
    Mar 2, 2012
    Posts:
    145
    I like this rationale. :thumb:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.