Why do people use so many programs...

I've gotta agree with this also. Originally I was using suites and ran out of cash and started using separate free components. My machine was way faster. I began to learn more and kept hearing about using many layers of protection. I'm fairly layered right now and I'm still learning. I only activate my virtualization apps when things are going to get rough. I'm now debating on disabling my AM, but I'm not going to do that until I have the knowledge to do so safely. That takes time and a lot of research. Unfortunately the research is never ending as malware development and vulnerabilities are constantly changing.

I personally don't think my active programs are excessive, some will argue. It's all about trust and how much control you feel you have or need. The more I trust and learn about Sandboxie, the more I will consider changing my setup. Like many people here, our setups are based around a single application or 2. All my programs must be stable, and work with OA2 which is the center piece of my setup. I also need to learn more about it and how a HIPS works. It all boils down to what are you comfortable with and does your setup work well with your system.

innerpeace

 

Not as easy as you think even with spare time and cash, you need some brains and effort spent learning... Much easier to slap on a dozen "layers" and go around "heavily armed"...

Come to think of it, that probably requires very little effort... I can teach anyone to be heavily armed by giving them a shopping list.. Does that make them a security expert?

Being "heavily armed" has nothing to do with being an expert. From the wording of your earlier sentence, you seem to be confused on this point...

 

Good point, I am a good example. I am a noob in comparision to other Wilders members, I even do not know, how TCP works, not that I would care anyway. I believe, that noone actually need security aplications as long as he follows 3 simple rules like: do not use scripting in a browser by default (just allow trusted webpages), do not open HTML emails and attachments, do not open unknown files (like installing an unknown software and so on) and that is it, no big deal.

So it is quite easy to be protected against automatic malware and a protection against real hackers just does not exist, NSA gets hacked no matter what.

But the point is, that it is uncomfortable, lets just imagine using a browser without scripting, it is a terrible idea, is not it, especially, if you get used to it?

Talking about anti-aplications, it is quite simple. As the old saying goes, “A lie repeated often enough eventually becomes the truth.” So you "NEED THEM".

The other side is a layered defense, that can be usefull, in case a man would do a mistake, but lets not forget, it is the man, who gives 99,95% protection.

 

People here at wilders are heavily armed compared to the average computer usser.

As you note it does take some brains and effort spent learning.

 

For fun, (beta)testing, trialling, curiosity.

Gerard

 

If use only 3 real security softwares on my computer, instead of 30+.
Is that acceptable for you or is it still too much ?

 

See you guys, I'm done with this thread. It's getting silly IMO.

 

It's really a toss up on what a user prefers compared to the most useful setup.

Following myriads of different discussions over the months i personally lean to simplicity if at all possible. For example, a solid HIPS running in tandem with AE plus Power Shadow "AND" Sandboxie now.

This config can be with or without FD-ISR, with AE i don't use FD-ISR because of caution recommendations to compatibility.

But the underlying and most useful protections aside from those for myself is what some have been preaching over a long time, IMAGING! I make images from 2 different programs and store them on alternative partitions/Hard Drives in case of malicious penetration thru the above mentioned shields.

So far so good.

 

True but this has nothing to do with your statement that there are more security experts than you can shake a stick at... (BTW your statement is overstating things, unless you consider an "expert" has someone who loves to run security programs)

That refers to becoming a real security expert, and not a pseduo one who is confused about the difference between being truly knowledgable expert and one who just runs around heavily armed....

 

Actually, you are not as noob as you think, there are lots of people here who can talk and tell you all about hips but have no idea about how TCP works either...

I repeat do not confuse playing with security programs with being knowledgable about security...

 

Before I began frequenting Wilders I was as ignorant as they come about security software and how they work and rate. I learn something every day here from all who post. If it weren't for the people in this forum I would never have even heard of apps like FDISR, PerfectDisk, NOD32, Sandboxie, SuperAntispyware, AVG AS, etc. The average person never sees these apps in a store. I think I have accumulated a good affective arsonal just from frequenting this forum. A tip O' the hat to all.

 

This thread really resonates with me right now!

I'm working on understanding how security works. Fooling around with (probably) too many security apps too . Wilders forums is wonderful for pointing me in directions I would never have found on my own.

Really, I am beginning to believe that knowledge of TCP/IP is vital, so am reading Steven's famous books on the subject. Real security, IMHO, happens in the 'real' world. I only have a (very) superficial understanding of most of the apps I use and the ones I'm testing.

Also, how malware really works. Does one have to play with malware in a test environment to get a 'feel for it'. Opinions please! I'm inclined to think so. How can one fight something one doesn't understand?

 

When I first came to Wilders posting Anonymous was still allowed, I posted as Carver. I was registered as carver at other forums as Carver, just not at Wilders. I am registered now as carver at Wilders. I am learning at about Programs like Bufferzone; DefenceWall; SSM; Sandboxie; NOD32; Avira; BOClean; A-Squared; SuperAntiSpyware; Spyware Terminator; Cyberhawk. To think I just came here because the official forum for NOD32 is at Wilders.

 

Yes some of the members here like to have a layered defense instead of a security suite.
Myself, i've used suites before but prefer the layered approach.
Each program I use has it's own job with little or no overlap.
As far as boot time is conserned,just a couple of minutes here which is not bad.
Also it is still quite fast online.
Become a safe surfer ? The web is not the safest place to be, sites that should be safe could and do still become compromised and infected.
So I say "to each their own" whatever makes you safe

 

I never said I liked Suites but 10+ programs is overkill.
I don't even use a suite, I run a layered protection, and I prefer it over Suites also.

 

I'm in the same boat. TCP/IP, cryptography, filetypes, scripting, OSes, etc.

 

Well most of this is like a foreign language to me but I'm here to learn. That's why I just registered recently. There's much to sort thru and I'm sure over time maybe I'll get a much better grasp on things.

 

Welcome to the forums Low.

 

Why thank you Metal. I appreciate it.

 

Doesn't that describe pretty much everybody here? That doesn't stop us from running around "heavily armed"...

 

Assumptions like that can get you owned.
just allow trusted webpages
Trusted sites get hacked too. Check the thread about the Bank of India. Could just as easily have been your bank, or another site you trust. No site can be completely trusted because no site is hackproof. "Trust" is hazardous to your PCs health.

do not open HTML emails and attachments
If this works for you and those you know only send text, great. I regularly receive files and links of interest via e-mail, so it won't work for me. Besides, that would make e-mail incredibly boring.

do not open unknown files
Unless you have a totally static or unchanging system, you open files unknown to you very time you add a new program or allow an auto-updater to run. Every installer that you don't store locally is unknown to your system. Installing an updated version of your browser should be a safe process but there's no guarantees. You can't know for certain that the site wasn't hacked 5 minutes ago and that a trojan was added to the download. You could check the file's digital signature against the one posted on the site to make sure they match, but that could have been changed to match the compromised download. True, this is unlikely, so how about something simpler? The editor of the webpage got the links mixed up and it leads to the wrong version for your OS. Mistakes happen. Did you check the signature before you opened it? What precautions did you take before launching the installer? An install monitor? A system backup? Did you shut down any security apps? Why?

A file doesn't have to be malicious or compromised to be dangerous. If it's incompatible with your system or another app you use, the results can be just as bad. A minor update or new feature can cause this. Same questions, what precautions did you take beforehand? What about auto-updates? Even some AV vendors have released updates that were so badly written that they crash the entire security suite. You can wake up to find the auto-update that ran last night has caused a BSOD that only a system restore can fix. Do you have an inage of your system from before the update? How old is it?

How many security apps a user has or how many processes are security related does not translate into being more secure. A user can have 30 security processes and have gaping holes in their system. A user can have 3 security apps running and be well protected. Mine varies from 3 to 12, depending on what I'm doing with several more that run once at bootup. Normal on my box is 7 security/privacy related processes. Their combined performance hit on my PC is less than a typical resident AV and far more effective.

If you're working with firewall rules, a basic knowlege of the main protocols TCP, UDP, ICMP, the numbering system for IP addresses, ports-the difference between open, closed, and stealthed, how DNS works, etc is very useful. You don't have to become an expert on the subject, just pick up on the basics.

Working with real malware isn't really necessary to set up a good security package. If you're interested in researching malware, how it works and how to defend against it, definitely use a test unit. This is a huge field that branches in many directions. A serious study of malware is a full time job just to keep up with it. This is the type of study that you can dive into and not come out. I occasionally use a testrig to study how a specific exploit works or to see if my security package is sufficient to defend against certain threats, but it's by no means necessary to go this far. Security is a very relative term, secure against what or who, and for how long? Total security doesn't exist.
Rick

 

I agree with everything, PC can be infected in a min (via zero-day exploit or by an user's intervention) or never, no matter, what security software is used, if any, but as long and it works for me, I have no reason to change it and the same attitude applies to everyone, does not it, whetever it is a security software or not.

 

I think people are using a lot of tools because they want to be protected against as much as possible. IMO, 4 realtime security tools is reasonable though, I mean it´s obvious that you need a layered protection, at least that´s what many people believe. My ideal setup would be AV/AT/AS (all in one), firewall, HIPS + sandbox. A suite would be an option, but standalone apps are often better IMO. Btw, currently I´m running 3 realtime security tools and they don´t slow down my system at all. My boot time is only 90 seconds.

@ LUSHER

Yes correct, but like I often said to you in our PM conversations, it´s obvious that most people over here are no experts, but they have a special interest in security tools and like to test and discuss them. Of course, it also depends on what you mean with "expert". Compared to people who don´t know anything about PC security, a lot of us over here can be labeled as "experts" (or as I call it "amateur-experts" ) , of course you also got the true experts (like you?) who know a bit more than only which tools to use for protection.

 

I don't think so.

That's a personal choice. In my view, my security setup is very simple:
- Whitelisted web content (third-party browser + plug-ins)
- Network access control (rule-based firewall)
- A layer of isolation between the applications and the OS core (policy-based sandbox)
- Locked OS (hardening)
- A tripwire system (integrity checking + logs from forensic -rootkit scanners, Autoruns, RunScanners, etc- tools).
- On-demand scanning of new files.
- Data encryption.
- Backup system (imaging + file backup + media redundancy)

 

herbalist:
If you're working with firewall rules, a basic knowlege of the main protocols TCP, UDP, ICMP, the numbering system for IP addresses, ports-the difference between open, closed, and stealthed, how DNS works, etc is very useful. You don't have to become an expert on the subject, just pick up on the basics.​

Yes, true (I just like this stuff).

Working with real malware isn't really necessary to set up a good security package. If you're interested in researching malware, how it works and how to defend against it, definitely use a test unit.​

I guess I should just use my old laptop (poor thing). Yes I can see this area can get addictive. Browsing some of the code from rootkits.com ... scary. I didn't realize rootkits could be so stealthy. Hiding in bad blocks on the disk, in some hardware on the motherboard. Yikes!

Absolute security is, of course, impossible (without turning the computer off and pulling the plug). It all makes me wonder about the direction to go for excellent security. FDISR, Returnil, EQSecure (which I've downloaded but not tried yet). I'd like to try AE but hear it conflicts with FDISR. Whitelisting seems a very good way to go...much shorter list.