Complete Protection?

Greetings all!

I'm currently using NOD32 set up with all the "bells and whistles" activated per this forum. I also run Spybot S&D resident (teatimer and IE protection) as well as Adaware SE Plus with Adwatch resident running. Thirdly, I check for Spware Blaster updates once a week or so (non-resident program).

After reading through some of the threads, I note some are using products such as TDS-3 and Ewido and I also noted some feel it necessary to run these programs in addition to NOD32. I am fully aware that NOD32 is plainly (and preferentially) an antivirus program, not necessary an "anti-trojan" system. My question is: Do I need to be running some other anti-trojan program? I thought that up until this point that Spybot and Ad-aware along with NOD32 were adequate (of course along with fully patched-up windows). Am I wrong? Naive and uninformed? Or just lucky so far?

Opinions please?
(I apologize if I've posted this in the wrong area of the forum)

Dom

 

I personally haven't had anything slip by NOD32, however I got TDS3 because of it's additional tools for detecting & dealing with trojans outside the scope of an antivirus program. What you can always do is get the free scanners and run them frequently, especially on anything you've downloaded. If you find that it's picking up files that NOD32 is missing, you can consider getting the full version of your AT of choice. Another thing you can consider is getting some preventative software that blocks certain actions rather than detecting specific files. I reccommend preventative software with ANY setup, really. Even with the very best of all types of scanners, there will undoubtedly be SOME things that can slip through. ProcessGuard, Prevx, RegRun, & System Safety Monitor are the ones that come immediatly to mind, these will all give you greater control of what happens on your system.

 

Thanks for your reply...



So...Adware and Spybot resident programs are not enought with NOD32

Dom

 

Just today, ewido picked up two trojans that NOD32 had missed. Without it, I would have been in big trouble.

NOD32 is still an excellent AV, but if you are what could be considered a "high risk" user, an AT to supplement your defense is almost certainly a good idea.

As far as I know, Spybot and Ad-Aware do not offer any specifically anti-trojan protection.

www.ewido.net for a free trial version

One more thing...the reason I reccomend ewido over TDS-3 for you is because ewido also includes some anti-spyware capabilities that are beyond the current scope of TDS-3.

 

It really depends on you and what you want. If you want the very lightest setup then you're probably ok with NOD32 as-is. I have not experienced any trojans slipping by NOD32 personally.. in fact having a RAT that deleted a LOT of important stuff from my harddrive is what brought me to NOD32 in the first place. The fact is, however, that no scanner will ever be 100%. However if you want an ever more secure setup there are lots of options available to you, not just more scanners. If you don't feel safe enough with just NOD32, then by all means get some more software. If your existing scanners aren't satisfying you, then more scanners probably won't help.

My recommendation would be to run some free scanners to help you determine if you actually NEED more, and get your system secured and prepared for new/unknown threats by adding some preventative software. Between NOD32's heuristics and your preventative apps, you can get better coverage from 0-day attacks than any scanner combo.

edit: yes, if you are a "high risk" user and encounter a lot of little known trojans, then adding a specialized anti-trojan is not a bad choice. Either way, however, multiple layers that approach security from different angles are always the best way you can go because you won't have to worry about whether your chosen scanners will detect specific threats as much.

 

This is what works really well for me, very simple to use and maintain.

You may want to take a look here for further discussion on security and how to make your system that much stronger and here for more.

Let us know how you go…

Cheers

 

I tried Trojan Hunter and Ewido. TH made NOD32 go nuts with it's own temp files causing FPs.

Ewido made NOD32 virtually unresponsive (in cancelling or ok'ing option menus).

Will keep trying...

 

My advice would be similar to Notok's and I would certainly do what BlackSpear does and maintain at least one clean image copy that you can always use as a failsafe measure. Personally, I would recommend either Image for DOS (Terabyte Unlimited) or Ghost 2003. Both run under DOS.

I would also agree you should scan using online scanners such as McAfee's or maybe install a free version of KAV 4.5 (you can get it from ICE Systems) with the resident scanner turned off. And try out KAV scans (maybe with extended databases) for a trial period to see what is going on. Ewido free would also be a good trial software.

I would definitely look into installing ProcessGuard 3.0 Free and I would highly recommend the paid version which proactively prevents the installation of really nasty malware such as keyloggers and rootkits. The trial version will prevent dll injections which is a great facility to have - and for free!

Hope this helps you a bit in your decision making process.

Rich

 

downloaded spywareguard. No hiccups so far...

 

thank you all very much for all of your consideration and help.

 

The best recommendation is strongly dependent on how you want your system to behave, its configuration, and available resources.

Like a number here that use NOD32, I run BOClean as a second tier protective measure. There is only one time where BOClean captured something NOD32 let pass, and that was a purposeful challenge test that I performed going to a known malware infesting site. Even at that, the piece that NOD32 let through would have been caught on a scan with "Potentially Dangerous Applications" checked.

BOclean is light, rock solid, as close to set it/forget it as I've experienced. I still have and use TDS-3 for diagnostic purposes, but BOClean is an excellent complement to NOD32 since they both have a run light operating ethic. Licensing terms are also generous for home use.

Aside from Outpost Pro firewall to control outbound traffic, my prime security detail running realtime is an AV (NOD32 or KAV)/BOClean/ProcessGuard. That's it. Everything else I run on demand as indicated.

For general surfing, NOD32 alone is enough. To cover some domains not fully handled by NOD32, an AT with realtime option is useful - and BOClean/TDS-3/TH/Ewido all provide that option. The specific choice among these depends on desired traits and personal preferences.

Blue

 

Yes, everything was submitted and I am awaiting their addition.

 

Well, I took the plunge and purchased BOclean. Works well...

Anyone figure out the exclude AMON thing? (bet it's in another forum )

 

Is a direct link to the suggested solution close enough?

Blue

 

Thanks...
Yes, after further checking I found that:
C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE

worked for me...only because it is exactly as it is in my registry HKlocalmachine--sofware--microsoft--windows--currentversion--run key

it solved the problem of boclean popping up every 10 secs in AMON.


This forum is great, and another great reason I'm happy to own NOD32. Everyone has been patient and helpful.

I very much appreciate it.

 

My pleasure Anubis Prime!

Blue

 

So...to conclude this thread...

I am running NOD32--tweaked out.

BOClean

Spybot teatimer and IE protection resident

and Adwatch resident.


Now I actually feel better, and safer.

 

Hi and Happy New Year to All,

I might be out of order with this query but hope that Blackspear (and others too) won't mind if I ask a question about one of the programs he mentioned in his link. I am interested in finding out whether 'Crapcleaner' is simple and safe to use for somebody who is absolutely terrified of messing too much with the registry.

I use most of the programs mentioned in these posts and they all play very well with NOD32. My system stays clean and fast and I want to keep it that way hence the interest in garbage removal.

Elray

 

It is fine, VERY simple to use and does a nice a job, you shouldn't have a problem at all...

Cheers

 

In my opinion you are running VERY light, as an absolute minimum with my clients, I have them run Nod32 tweaked to the max, ZoneAlarm, Spyware Guard, Spyware Blaster, Spybot Search and Destroy - Immune and Tea Timer features used, Ad-Aware SE

Cheers

 

Blackspear,
Sorry, didn't give you the big picture in my posts...just the resident programs.

I have an SPI firewall enabled router coupled with Windows firewall (SP2), and I also run Spyware blaster in addition to the 4 resident items (tweaked NOD32, Adaware SE-adwatch,Spybot teatimer/IE resident, BOClean)

Any better

Dom

 

Getting there, the Windows firewall is slightly better than useless as there are NO outgoing notifications, thus one of the FREE firewalls such as ZoneAlarm will alert you to something that tries to access the internet from your computer. Spyware Guard will alert you to an attempted change of your home page (something quite a number of nasties try to do these days).

Just trying to get you a little safer, prevention is better than cure

Cheers

 

Much appreciated...

My goal is also to stay as light as possible. I figure two firewalls (hardware plus software; albeit windows firewall) should be adequate. I fear from past experience of feeling the frustrating effect of using 3rd party firewalls. I've had them interfere with browsing, throttle my internet connection, and just kill resources. I do see your point of wanting to be notified of outbound connection attempts...Though I've since poked around in the Windows firewall settings (SP2 version is vastly different than the previous version as you know). There is a setting box which states: "Display a notification when Windows Firewall blocks a program".

One other question: Does it matter that spyware guard hasn't been updated since 2003

 

I'd agree with Blackspear here.

My logic is as follows. With the SPI enabled router, you've largely moved the functionality of the XP SP2 firewall off the PC to another device. It's basically not doing a whole lot in your case since it's really an in-bound protective measure and the router is covering you there. Third party firewalls also provide outbound connection monitoring and blocking. This is something that consumer level routers and the XP SP2 firewall lack, and it can be useful.

If you're like me and don't want to get involved with arcane rule making and understanding all the details of network communication protocols, going with a nice free or paid firewall that handles things on an application basis is an excellent compromise. I use Outpost Pro paid version (they have a great deal going on now - single user license with a lifetime license for the usual $40 price - good until Jan 10, see here), many folks use ZoneAlarm Free with equal success. Both are solid options, and there are additional ones out there. Here's a good link on what's available.

Blue