Duplication between Comodo Firewall, Spyware Termainator and DSA?

At the moment I am running Comodo as my firewall, Spyware Terminator as my AS and Dynamic Security Agent as anti-malware.

However I'm getting somewhat frustrated at the number of warning screens asking me permission to let various bits of application software to run.

I'm tempted to stop running ST as a realtime application and rely on DSA backed up by SuperAntiSpyware on demand scans. However this would still leave Comodo and DSA fighting over application permissions.

Would it be sensible to switch off the application monitoring in either DSA or Comodo or are they doing slightly different jobs?

Thanks for your help.

 

Best thing you can do is ise Mozilla Firefox , Comodo firewall and have some on demand anti spyware. AND if you can handle it i would suggest a HIPS program . If you like advanced things i would suggest ProSecurity or SSM. if you like basic things i would suggest ProcessGuard. You really dont need on access antispyware with this combo

 

Just run Spybot S&D on my computer and it has identified DSA.exe as spyware, which seems to be reinforced by googling for dsa.exe. Are these information sources out of date or does Dynamic Security Agent contain spyware?

 

While DSA is not a half bad program, I feel that it's unnecessary with CPF firing on all cylinders. Another way to go without adding additional software is to utilize the HIPS that's built into ST.

Regarding your other post, DSA is a legitimate program from a legitimate company (PWI, Inc.). Any spyware hits are false positives probably generated by the way DSA does its job.

 

If the warnings from Spyware Terminator are bothering you, just disable the HIPS in ST, but leave the real time shield enabled...
Also you could try adjusting the warning frequency of comodo security> advanced> miscellaneous, if its set to 'very high' you may want to change it...
'high' should be enough... argus

 

Yes,Spybot sees it as "tango".However none of a squared,AVG AS and Adaware confirm.And if you google for dsa.exe,yes,you get detail about spyware with that name,but if you look at the details,they don't match.Registry entries,system folders,size are different.False positive IMO.Also if you visit privacyware's site,i think it's hard not to think this as legit program.They even claim to be Microsoft's certified partner.

 

This would be a wise decision. Having them both running real-time is somewhat redundant. I have yet to see one AS catch anything on my system in real-time. They are good at finding things on scan, but I feel are pretty much worthless in realtime. Most of the time a good AV will catch the malware before the AS has a chance to detect it. Another reason I run DSA resident rather than ST is the fact it uses much less resources. On my system, the latest ST release took up an incredible amount of memory, while DSA runs a little over 3MB most of the time. I also feel DSA covers a little more ground than ST, especially when dealing with processes and not just application behavioral matters.

I would keep the application monitoring enabled in DSA, since it monitors both regular behavior as well as network-related. My understanding is that Comodo only alerts on an application in relation to Internet access, while DSA covers all the areas of your system. That being the case, it is redundant to have both DSA & Comodo performing overlapping duties. Also, as you state, it is aggravating having to deal the multiplicity of prompts. Simply having DSA monitoring your system would definitely make life easier in that respect.

 

Thanks guys for the feedback.

I'm still unsure about what combination of ST and DSA to run.

We run our family PC in multiuser mode and we do seem to have the occasional problem with graphics not displaying properly when ST is in operation, which I put down to some form of memory leakage.

DSA and Comodo do seem to fight with each other a bit about who is seeking permissions for what, so I do run DSA, I'm fairly certain I'll run it with Application monitoring in Comodo turned off.

I'm still interested in further views on this combination of software so keep posting.

 

I'd just run comodo + av + dsa, thats plenty of protection.

 

With application monitoring in Comodo turned off presumably?

 

Yeah, if the multiple pop ups annoy you then turn it off.

 

Hello all,

My name is Chris Iannicello, Product Manager for Dynamic Security Agent. I wanted to clarify that DSA from Privacyware is NOT spyware.

The spyware being referred to is from a different company. This seems to be from a product called Personal Desktop Spy, which is not related to our product. Here are the details:

Updated: March 21, 2005 01:46:30 PM GMT
Type: Spyware
Name: Personal Desktop Spy
Version: 2.0
Publisher: SpyArsenal.com - KMiNT21 Software Risk Impact: High File Names: dsa.exe; PersonalDesktopSpy-v2.0-setup.exe Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

***

If you have another other questions about Dynamic Security Agent, let us know.

Thanks,

Chris

 

SpyBot, like Ad-Aware SE, both, are become somewhat archaic now don't you think? They have always been subject to false positives and the strangest part of that is they have at times targeted Security Software as being something or anything that they are really not.

DSA is doing a bang up task over here so far, just wish i could get the hang of removing it's statistics so as to start fresh instead of uninstalling then reinstall to set a new training period. Then again maybe i'm simply overlooking something thats right there in it's features?

 

Here is a thread from a few days ago that addresses some of the ST HIPS v. DSA HIPS.

https://www.wilderssecurity.com/showthread.php?t=159869

I use DSA, ST and Comodo. I have the ST HIPS disabled as ST seems to consistently perform poorly. But ST seems to have a viable real time shield which I keep enabled. DSA performs well against termination methods, as does Comodo firewall. So I keep DSA enabled pretty much all the time. Comodo seemed to quiet down on the pop-up warnings somewhat when I moved the alert frequency to "very low."

Be sure and post how turning off application monitoring in Comodo works out. One thing that is a bit of a turn-off with Comodo is that their pop-up warning windows are SO heavy that they turn into a pain. It seems to take forever to close them, it's like they lock up or something.

 

I feel the best way to make a decision like this is to look at all the vectors of attack on your system and make sure you have security in place to protect those vectors. This also involves an understanding of what each application does, thus preventing overlap and waste of resources. So let's look at it this way:

Bases to be covered:

Service vulnerabilities - Make sure your uneeded services are disabled, especially the very vulnerable ones that are malware targets as well as unnecessary. There is a lot of information out there concerning this aspect.

Access Restriction - Combination of vulnerable services disabled as well as permission restrictions. This involves use of limited account, system hardening and use of a firewall. We can also throw Antivirus in there, though it technically isn't in this category. However, a good AV will stop a lot of malware before it reaches your system (such as NOD32's IMON scanner, Avast's webshield, etc.)

Startup Restriction - Though not true of some advanced malware, much of the malware out there cannot run if it is not allowed to start. This is where your HIPS and AS apps come in. Most malware caught by AS apps is caught when the malware attempts to start. I have yet to see any AS app catch malware by signatures, etc. Doesn't mean it doesn't happen, just that I've never seen it on my machine or anyone else's that I've observed. That being the case, you're more likely to catch malware with HIPS than you are with AS (although both generally catch stuff trying to place itself in registry autostart locations). So, you're probably more likely to catch malware with the HIPS function in either DSA or ST than the real-time shield in ST. In short, there is no need to run both DSA and ST. You also have the extra protection with Comodo if malware tried to piggy-back on a legitimate app, or if malware tried to modify the memory of a legitimate app. DSA also does a good job at catching this.

If I were in your shoes, I would run the following:

Antivirus
Comodo as firewall only - disable advanced detection options and turn those duties over to DSA.
DSA (in place of AS).

That is essentially my security setup: AV, Comodo, HIPS. I also use my Hosts File and eDexter, but I do that more to filter websites & advertisements than anything else. I also, much of the time, use VMWare and run Ubuntu Linux with Firefox, which runs separate from your actual machine. However, I do that more for fun and experiment than for the security aspect.

 

Welcome to Wilders Chris, very nice to see you here.