Is the idea of having a product that does one thing very well lost in these 'suites'?

[apathy]

I've been around the malware circuit since Thunderbyte for Dos.
Programs like Defensewall have my admiration as it does one thing properly.
These days you have all of these 'do it all' suites available that may do a couple things well but the rest are horrible. Honestly I would rather spend my money on an app like DW/Returnil/Sandboxie and others as they are focused on their goal.

I've installed and uninstalled some of these suites and the price is high and the value is very low. What other programs out there are going in the right direction and focusing on performing one goal?

[sbbb24]

Generally, I have been happy running Comodo Firewall (no defense +), Prevx 3.0, and Avira on Vista 64bit.

Despite Avira having a security suite, their free antivirus component is great. Also, despite Comodo having a suite as well, I have been pleased with their firewall (and their HIPS when I do so choose to use it). I do tend to agree with those who say the all in one's are not the best option, but if you pick and choose the best components of each, that is something worth investigating.

-Bob

[bollity]

I don't like these suites.all what they want is your money.they put all things in one product and say : look we have all the security you want: antivirus antispyware firewall web protection, and it is funny that after all these defences you sometimes got infected.
I use avira free (and sometimes avast) + online armor free + superantspyware (for on-demand scan).and i feel i'm secure taking in consideration i don't open suspicious files or websites.be careful of cracks and keygens !

[Acadia]

Although these "suites" fill a niche, I do not like that way that they advertise themselves as "all the security that you need", the "one package that does it all", etc. The folks here are Wilders know better but too many newbies fall for this and are soon enough infected with something.

Acadia

[raven211]

Quote:

Originally Posted by Acadia

Although these "suites" fill a niche, I do not like that way that they advertise themselves as "all the security that you need", the "one package that does it all", etc. The folks here are Wilders know better but too many newbies fall for this and are soon enough infected with something.

Acadia

Very well put, my friend.

[TrojanHunter]

Security suites are aimed at the mainstream, so they'll never offer the kind of control you can get with separate applications.

Quote:

Originally Posted by Acadia

The folks here are Wilders know better but too many newbies fall for this and are soon enough infected with something.

Using individual programs to achieve a security platform does not likely reduce the liklelihood of infection for newbies any more than using a suite. If anything, the former approach is worse for newbies because there’s more maintenance for them and a steeper learning curve trying to figure out how they all work, as opposed to the suites where all the configuring is done in one application. Infections for newbies or anyone for that matter are usually the result of careless surfing/email paractices, running as admin, being late on applying critical patches and antivirus updates, and just harboring an overall indifferent approach to pc security; they’d rather do other things than worry about pc security. For many Wilders members it's a hobby, almost a way of life

[Pleonasm]

Quote:

Security suites are aimed at the mainstream, so they'll never offer the kind of control you can get with separate applications.

It is a debatable point. A key advantage that a security suite provides is the “integration benefit.” When the parts of a security solution are complementary, the sum of the parts is more than the whole. As Symantec explains…

Quote:

Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. The approach is considered necessary so that threats leveraging different vectors of attack can be blocked, and to mitigate the damage that a compromised system is exposed to. To this end, suites bring together several protection layers, typically starting with antivirus, antispyware and a 2-way firewall, and also including other technologies like intrusion protection, antiphishing, antispam, vulnerability assessment, and parental controls depending on the package. But, are security suites more secure than a combination of individual products? …

The one aspect of multilayer security that is not widely embraced and discussed, but that is key in opening the potential for suites to deliver better security, is the level of integration across security layers. This is where true security suites can really make a difference. Take the two most fundamental layers in a security product: antivirus and firewall. How can integration between these two technologies provide better security? Outbound firewalls control whether applications running on a computer can send information out to the Internet. They try to determine whether an application attempting a connection is a safe application that should be allowed access or a malicious application that should be blocked. Firewalls on their own are ill equipped to make this decision and constantly seek to improve their ability to allow or block access automatically. In a suite, and with some integration, AntiVirus technology can help the firewall tremendously in this process. Let’s say that a Trojan found its way onto a system, and is calling "home". The firewall will see the Trojan establishing a network connection, and will need to decide whether to allow it, block it, or ask the user what to do. If the firewall can instruct the antivirus program on that system to check whether it matches a signature, and the antivirus program sees that this is a Trojan and can pass that information to the firewall, the firewall can now take automatic action and block the network connection. The system is more secure, since the communication from the Trojan was blocked; the system overall is more usable, since this happened without relying on user action. Integrated security layers can improve the overall security of a system. Unfortunately, many security suites in the market don’t provide a level of integration that really makes a difference.

Delivering integrated security layers is just as important as embracing a multilayer security approach, and is an important consideration when trying to decide whether to use a security suite versus individual products, or when making a product selection amongst suites.

Quote:

NIPS (Network Intrusion Prevention Systems) technology complements and works in tandem with firewalls in providing the first and last line of defense in a layered security solution. NIPS technology offers two main benefits, preventing remote code execution by exploitation of vulnerabilities and blocking malware from phoning home. Technically, NIPS inspects packet headers and payloads, blocking bad traffic and allowing good traffic to get through without ever requiring user interaction and complementing what firewall and antivirus technology alone can do. …

With NIPS complementing a firewall, all network traffic going past the firewall will be examined, decoding protocols looking for suspicious patterns. If a pattern is found, the network packet is dropped and the connection disconnected, blocking the attacker from further penetrating the system. The effectiveness of NIPS technology is that it is a clean kill. No artifacts of the attacker are allowed to persist on the disk, and no cleanup is required.

With these clear benefits, and overall effectiveness, NIPS technology becomes an important component of a desktop security product, strengthening and working in tandem with antivirus and firewall technologies for a more complete and effective system defense.

Reference: this thread

[Mosqu]

Quote:

Let’s say that a Trojan found its way onto a system, and is calling "home". The firewall will see the Trojan establishing a network connection, and will need to decide whether to allow it, block it, or ask the user what to do. If the firewall can instruct the antivirus program on that system to check whether it matches a signature, and the antivirus program sees that this is a Trojan and can pass that information to the firewall, the firewall can now take automatic action and block the network connection.

Shouldn't the AV have prevented the Trojan from execution?

[raven211]

Quote:

Originally Posted by Mosqu

Shouldn't the AV have prevented the Trojan from execution?

Well, yeah, I too consider Trojans and Trojan.Downloaders/Droppers to be a job for your AM/AV on your machine since it's malware.

Now, on the topic, I would still be able to make separate software go quiet. If TF was fixed, I could for example make a semi-completely silent setup with TF, Avast! and AVG LinkScanner, where LinkScanner would be what makes it semi-silent, but for a good reason - so that the user knows when something is not right with a page. Still completely automatic on the other hand and the only software that I would run anyday for now if they do their job correctly.

[Keyboard_Commando]

Only the other day I was saying to myself I kinda wished Defensewall had a firewall ... outbound internet control, at the least.

But once a firewall is added, the call for AV/Malware protection then arises; The product has probably moved away from what first impressed you, because it is now wandering off into areas of the unknown - becoming untrusted, possibly.

Must be a tough decision for niche products like Sandboxie, Defensewall, etc, as to if they should answer some of their customer's requests for more implemented practical uses. I have used/abandoned/returned to Sandboxie since it came out. It hasn't really changed and I think that's what I like about it. It has just become rock solid at what it does best.

[Acadia]

Quote:

Originally Posted by Keyboard_Commando

I have used/abandoned/returned to Sandboxie since it came out. It hasn't really changed and I think that's what I like about it. It has just become rock solid at what it does best.

Indeed, I too like products that do just one thing and do it well. Most products bite off more than they can chew.

Acadia

[Dark Star 72]

Quote:

Originally Posted by Keyboard_Commando

Only the other day I was saying to myself I kinda wished Defensewall had a firewall ... outbound internet control, at the least.

Ilya plans to implement Outbound control in DefenseWall with the upcoming v3 series. Hopefully not too far away
Some reading:

http://gladiator-antivirus.com/forum...howtopic=85913

http://gladiator-antivirus.com/forum...howtopic=88394

[Pleonasm]

Quote:

Shouldn't the AV have prevented the Trojan from execution?

Of course. But, no anti-virus product from any vendor is 100% perfect. It’s only an example, for purposes of illustration.

The concept here is commonsensical, in my view: when the components of a security solution are able to interface with one another (as is the case in a well-designed suite), security has the potential to be improved because of the integration among the anti-virus, anti-spyware, firewall, intrusion protection, anti-phishing and anti-spam capabilities. When separate products from different vendors are patched together, there is no opportunity to achieve this benefit.

To use a sports analogy, it’s the difference between a collection of players versus a team of athletes. As has been said, “Players win games, but teams win championships.”

[Mosqu]

Quote:

Originally Posted by Pleonasm

Of course. But, no anti-virus product from any vendor is 100% perfect. It’s only an example, for purposes of illustration.

I did understand that it is just an example. But it has explained nothing to me. If the AV isn't able to get the malware, why should the firewall be able to - by asking the same AV that missed the threat?

[Pleonasm]

Quote:

If the AV isn't able to get the malware, why should the firewall be able to - by asking the same AV that missed the threat?

Mosqu, I see your point now.

There are, however, some possibilities to consider. (1) Perhaps the malware was missed by the anti-virus because a signature for it had not yet been deployed at the time of its installation, but – now that the signature is in place – the updated anti-virus adds intelligence to the firewall. Or, (2) the heuristic behavior blocking technique deployed by the anti-virus itself was insufficient to detect the malware – but, when used in combination with the behavior detected by the firewall, the threat is found.

Empirically, it would be intriguing to have an independent organization test the effectiveness of security suites versus a set of independent products to assess how frequently the “integration benefit” of suites actually occurs. However, I am aware of no such tests, unfortunately.

The discussion of “best of breed” versus “suites” will continue, I believe, for many years yet…

[raven211]

Quote:

Originally Posted by Pleonasm

The discussion of “best of breed” versus “suites” will continue, I believe, for many years yet…

I think it's at a stop if everyone can admit; even with a suite in place, there's no thing like "Total Protection", so even a suite will run together with other software to complement it. The case is the same for suites as for running separate software - simple as that.

[trjam]

the problem is, there is to much of everything. Most of the suites are good, really good. But then again, it is very cool to mix and match the individual products. I mean this can drive you batty. I know.

[raven211]

Quote:

Originally Posted by trjam

the problem is, there is to much of everything. Most of the suites are good, really good. But then again, it is very cool to mix and match the individual products. I mean this can drive you batty. I know.

Yes, but that's the thing; if you're fine with a suite - go for it - if you're not, you complement it. You like to run individual software? Do it. The only thing that matters is that you're happy with what you're running to be protected. I don't see the discussion continuing after that point really.

[nomarjr3]

Despite the recent battering that Symantec had in this forum regarding with the Ask toolbar bundle, I have to admit NIS 2009 is one of the top notch security suites out there in the market, if not the best.

A novice user won't need anything else, as long as he understands the problem and knows what decision to take when pop-ups occur.

And no, there are some security suites that provide at least 90% protection. You also have to understand that NO software is perfect afterall. Even Returnil, Shadow Protect, Sandboxie, DefenseWall, Avira, Prevx, etc. have their own flaws and drawbacks.

[mvdu]

Quote:

Originally Posted by nomarjr3

Despite the recent battering that Symantec had in this forum regarding with the Ask toolbar bundle, I have to admit NIS 2009 is one of the top notch security suites out there in the market, if not the best.

A novice user won't need anything else, as long as he understands the problem and knows what decision to take when pop-ups occur.

And no, there are some security suites that provide at least 90% protection. You also have to understand that NO software is perfect afterall. Even Returnil, Shadow Protect, Sandboxie, DefenseWall, Avira, Prevx, etc. have their own flaws and drawbacks.

I will still take KIS or Avira because I'm more comfortable with their detection. But NIS is pretty good for novices: decent detection, more lightweight than before, and few prompts.

[jrmhng]

Suites because consumers and some rather unthoughtful reviewers (Neil J. Rubenking from PCMag for example) evaluate products on a price v features formula. "An extra $10 and I get parental controls, pc tune up and 1 gig of online back up space! WOW"

[noone_particular]

Quote:

What other programs out there are going in the right direction and focusing on performing one goal?

There aren't many of those left. SandBoxie is one of the few that I'm impressed with. I haven't tried DW. SSM fills that role on my PC. I don't know of anyone who still makes a pure firewall that's not bundled with other stuff, which is why I stay with Kerio 2.1.5.

Except for a few good apps, the days of quality, single purpose apps are disappearing for many reasons.
The user base has changed. 10 years ago, the average computer user was more of a hobbyist and had at least some understanding of how the OS worked. Now most users regard the PC like any other appliance and have little if any knowledge of how it works and even less desire to learn. Software is expected to configure itself.

IMO, the primary reason for the decline of single purpose apps is financial viability. Apps that are capable of doing their jobs without the need for updates represent a one time sale for the vendor in a limited market. No matter how good such an app is, if it doesn't target the average user, the vendor won't be able to make a profit from it. SSM was such an app. It was/is a very effective security app in the hands of a skilled user but wasn't suitable for the masses. A good rule based firewall released now would have the same problem. Most users aren't going to learn how to write firewall rules. Those that will aren't numerous enough to keep a vendor going. Proxomitron was like that. There is no app that's a more powerful web content filter but it's beyond the average users abilities to use, except for loading someone elses premade filter sets. If it had been payware, it would have failed.

Single purpose security apps are basically specialty items that aren't suitable for the masses. Very few will make a living from them. Many of the best aren't being developed anymore because they weren't financially viable. That trend will continue. Users who want both single purpose apps and vendor support have a problem. If users want quality single purpose apps, they'll either have to choose Open Source or drop the vendor support requirement.

IMO, that's the primary reason most security suites still have AVs at their core. That keeps the user paying for updates and keeps the suite profitable. We've got software that makes the AV obsolete and unnecessary. SandBoxie is one such example. We've got everything we need to make suites that would stand on their own with no updating necessary. The vendors aren't going to make that change. For them, relying on one time sales is financial suicide.

The end result is that users and vendors are stuck between two opposing forces. Being forced to maintain financial viability is interfering with the progress towards truly good packages that can stand on their own. It's not the users or the vendors fault. It's just the world we live in.

[NoIos]

Well the key word here is maintenance. Everyone who has more than 3 PCs, I think can perfectly understand this. Suites require little time and effort to keep them up to date and configure them. They also offer enough security for certain types of PCs like mediacenters, gaming PCs, file servers etc.

I have a home lan with more than seven desktops and believe me just to upgrade the firewall or do a windows update requires to spend your free time of the day. Specially if you have not that much free time and the release is the usual crappy one that works fine on 5 and breaks 2 of the PCs.

So I made the choice:
Suites for the PCs that do standard jobs and have a specific usage, separate security products for the PCs that humans do a variety of jobs on them.

[Keyboard_Commando]

Quote:

Originally Posted by Dark Star 72

Ilya plans to implement Outbound control in DefenseWall with the upcoming v3 series. Hopefully not too far away
Some reading:

http://gladiator-antivirus.com/forum...howtopic=85913

http://gladiator-antivirus.com/forum...howtopic=88394

Thanks. Interesting discussions.

Sounds like Ilya has plans for Defensewall becoming somewhat a suite of protection.