A question for any Dynamic Security Agent users

I am, of course, very familiar with DSA, having had opportunity to directly review certain logic diagrams produced by one of my more adventureous (but benign) students.

Solcroft is largely correct in what he says, most of which is concerned with my following statements...

As I am an old lawyer, one needs to pay close attention to what I write, ESPECIALLY when I write a glittering generality such as that quoted above. When I am dancing, please take note that my feet seldom touch the floor.

To wit, I said that certain DSA modules are "highly redundant" with those of OA. I did NOT say that they are identical. I primarily meant "redundant" in the sense that, if one runs OA & DSA simultaneously, and a new process is run for the first time, both of them will pop-up an alert. .

As to the relative protective power, OA versus DSA, OA covers a broader spectrum of possible threats than does DSA and (as said before) they overlap only in some areas. However, I was not discussing relative protective power in my prior post.

If I HAD been discussing *protective effectiveness" then I might have written the following: "If I could run only ONE security app, & the options were strictly limited to OA & DSA, then my choice would be SSM".

I'm happy that I still have the ability to surprise Lusher once in a while. On the other hand, I can never surprise my wife -- she always knows what I am thinking even before I do. Which leads to the interesting question: If a man in a forest states an opinion, & no woman is present, will he still be wrong?

 

NO, it does. Try FireHole leaktest against it!

 

Aigle,

I believe you, why Firehole leaktester and not for instance Zapass?

Regards Kees

 

Because I did not try Zapass.
Right now I am not sure but I think:

Firehole -- global hook
Zapass -- remote thread creation

So they are a bit different. Pls correct me if I am wrong.

 

That's exactly the problem I was alluding to in my response to Wordward who wanted to know which one was "more comprehensive in protection" even if we restricted comprehensiveness to mean the features offered and ignore quality differences.

If you compare any two HIPS chances are, one will have one feature the other doesn't and vice versa.

Solcroft probably feels that *on the whole* DSA provides more comprehensive protection which means he might think some features in OA like the run safer option etc is not as important etc..

 

OT question: does anyone know where I can find the full-blown technical details of exactly what is restricted under Limited User Account? I've been trying to find this information without success.

 

Well, usually Limited User Accounts are part of the Users group, so:

http://www.wellesley.edu/Computing/WinXP/wxpgroups.html

http://www.microsoft.com/resources/...ndows_security_default_settings.mspx?mfr=true


Users Can:
-Create, modify, and delete their own data files
-Run system-wide or personally installed applications
-Change their personal settings
-Install programs for their own use only
-Access the network
-Print to local or networked printers
-Do anything a Guest can

Users Cannot:
-Modify system-wide settings, operating system files, or program files
-Affect other users' data or desktop settings
-Install applications that can be run by other users
-Add printers
-Configure the system for file sharing


For even more details, open Process Explorer under an account with Administrator rights, then open something like notepad, and at the same time open notepad again with something like DropMyRights or psexec. From there you can compare the privileges of each notepad process by viewing the Security tab in Process Explorer.

 

I believe you, BUT -- I never had DSA forget anything. At least, not that I noticed.

Has anyone else experienced this issue?
~~~~~~~~~~~~~~~~~~~~~

Also -- the new Webroot firewall is using a new version of Private Firewall (PFW) -- newer even than is available from PFW's own website. The Webroot FW includes DSA.

Does anyone know whether the Webroot version of DSA (included in their firewall) is ALSO newer than the one available from PFW's site?

 

Yes, everytime DSA would ask, forgetting my previous choices and is why I uninstalled DSA, only leaving it in some snap-shots that are rarely rebooted.

 

No. But I only used it for a short period of time. I liked it. Maybe I will use it again.

 

Been using WDF with DSA for about a week now, and so far it hasn't forgotten anything so far. Also, I have come to believe it is a very well thought out piece of software. My PC and Internet runs fast and smooth, and no bumps so far running it along with a-squared AM and AVG Pro. I may even shut down a-squared and just rely on WDF/DSA and AVG for my security.

 

Well, I say if it works well for you and your system then go for it.

Have you considered using some sort of virtualization in your setup as well?

 

I have considered something like Returnil RedZero, but have been reluctant to try it out. I worry that some of these type of programs may cause troubles despite not hearing of many.

 

Hi,

When I tested DSA three times at different days, I have this experiences, that was why I uninstalled it; there are many other HIPS better and more updated than DSA. A security app stands still , not moved one inch farther does not warrant your glance at all. No update for DSA since ----, I can not even want to recall it. In this case, grass is greener on other side of the fence, and is not an illusion at all. Take care.

 

I would highly recommend a sandbox such as Sandboxie. While virtualization doesn't guarantee 100% security (no program offers that), it just adds another layer of security.

If you're concerned about these sandboxes causing trouble, you can always back up your data using something like Acronis True Image.

Another option is creating a restore point or even another user account for the sole purpose of testing out some of these programs and then delete the account afterwards.

 

By now Wordward,you should have become convinced that the use of WDF/DSA(or OA),will give you all the security you need for normal usage-that together with a good antivirus.

You have tried both-decide which appeals more,is easier to use, get used to it,be happy and dont worry

I am using WDF/DSA( a new version is out!) with just an antivirus,no additional layers,what is the point?.No problems.

I think you also have a router,enable NAT.

However ,if it gives you additional, reassurance,there is no conflict if you install Threatfire a top rated HIPS, no speed penalty and only small memory usage.

No doubt you have imaging backup software like ATI-set it to schedule auto download twice daily in the background and no matter what disaster,trojan,virus. software or hardware,occurs,you are as safe as can be.

 

Hairy Coo you say a new version. What version number is it? I have 5.5.10.20 which I thought was the latest version, but now that I think about it how does one update WDF? I don't see any update tabs.

 

The previous version was 5.5.8.xx.
You have the current version.

 

Thanks, I may send Webroot an E-Mail to ask about how to update WDF when a new version is out, and since I'm not sure if DSA has been updated along with the firewall I will ask this as well. From what I have read and heard from a few people however, DSA offers more protection than OA Free does so I'm not that worried if it has been updated.