Expirement & question

Discussion in 'other anti-malware software' started by Kees1958, Jun 13, 2007.

Thread Status:
Not open for further replies.
  1. Kees1958
    Offline

    Kees1958 Registered Member

    Hi members,

    Old setup (we are behind a hardware firewall)
    - PC1: Antivir free (write only check, heuristics high), EQsecure (behavior blocker prompt + block as default) and GeSWall
    - PC2: A2 Malware paid, DefenseWall paid that is all

    I know PC1 is rock solid (yiou can swap EQS for SSM pro and GeSWall for DefenseWall), but I want to test an absolute user friendly setup (PC2).

    Could you PM some dodgy websites, because I want to test the effectiveness of the setup of PC2 for drive by infection. Do not worry I have an image backup at hand (on a not connected external drive).

    I will also try a few downloads. I will keep you posted on the results.

    Regards K
  2. Longboard
    Offline

    Longboard Registered Member

  3. Kees1958
    Offline

    Kees1958 Registered Member

    Hi members,

    I did some simpel tests:
    - regtest = pass
    - trojandemo = pass
    - trojan simulator = pass

    Now the disappointing news
    - AKLT = fail

    EDIT A2 Malware
    - Zapass = PASSED! :ouch:

    I will hold my horses and see how they react, let's wait their reaction.


    EDIT: OKAY GOOD TO WAIT, A2 MALWARE DOES STOP THE ZAPASS TEST WHEN THE
    INTELLIGENT FALSE POSITIVE REDUCTION IS OFF
    :blink:

    So A2 Malware managed to exceed my expectations on user friendliness in such a way, I thought it failed:oops:


    Reg K
    Last edited: Jun 13, 2007
  4. Blackcat
    Offline

    Blackcat Registered Member

    So DW needs additional protection?

    I assume SSM or Cyberhawk would be better options than A2?
  5. Kees1958
    Offline

    Kees1958 Registered Member

    No DW does not additional protection. An additional layer to protect the user from making mistakes. CyberHawk's messages are not as clear as A2. Only CH works as advertised. PC 2 is the user friendly implementation, PC1 is the rock solid one.
  6. Blackcat
    Offline

    Blackcat Registered Member

    But in the 2 failed tests it appears to need additional cover?
  7. tamdam
    Offline

    tamdam Registered Member

    re: AKLT -> the keylogger issue is something Ilya knows about and he says he will harden keylogger protection in DW version 2. Version 2 is already at RC1, so the final will probably be out soon.

    re: Zapass -> maybe the OP was testing A2, because DW most definitely passes Zapass.
  8. Ilya Rabinovich
    Offline

    Ilya Rabinovich Developer

    Zapass can inject its code only into untrusted process (this is normal).
    AKLT is competely covered with DW v2.0.
  9. Mrkvonic
    Offline

    Mrkvonic Linux Systems Expert

    Hello,
    Kees, testing sites / malware like that is not really effective. You need to test it when you do not expect it. Why don't you give me your IP, turn off the firewall and then I'll see how good your defense is??
    Mrk
  10. Kees1958
    Offline

    Kees1958 Registered Member

    Mrkvonic

    The reason I came to wilders was because we were hacked (my son hacked a hacker and he returned the favour), so that option is a NO

    I bought a hardware firewall and DefenseWall on the PC with the most digiliterate user (wife) and GeSWall pro on the power user (son). Next I bought SSM Pro and figured a block with no pop-ups (UI disconnected) setup featuring Antivir free, SSM Pro, SensiveGuard free and DefenseWall on wife's PC (PC1) and a Antivir, WinPooch, Samurai, CyberHawk free and GesWall on son's PC (PC2). After discovering that UI-disconnected was not workable for my wife (although she installed exactly 2 application in her whole digital life), I tried EQSecure in behavioral blocking mode. Found out that EQS was a great subsititution for WinPooch, Samurai and CyberHawk on my son's PC. Next step is a completely user friendly security setup for my wife's PC. That is the reason for trying A2 malware.

    Others:
    Sorry I was not clear. I tested AKLT and Zapass only with A2 Malware. A2 Malware should protect against dll injections.(EDIT IT DOES)

    Reg K
    Last edited: Jun 13, 2007
  11. Peter2150
    Offline

    Peter2150 Global Moderator

    Hi Reg

    Almost all of the security software is based on generic threats. If someone for whatever reason comes after your son, and they are good, it will be tough stopping them.. You might seriously want to consider isolating your son's internet connection. Then if he gets into trouble, let him cope. That way he will learn.

    Pete
  12. ThunderZ
    Offline

    ThunderZ Registered Member


    Hmmmm, hacking a hacker? :ninja: Sounds like he has already learned somethings. :eek: :rolleyes: :blink:
  13. Kees1958
    Offline

    Kees1958 Registered Member

    Thunder Z, yes only accidently.

    He is a gamer/script kiddy/amateur, making graphics for game clans with two of his friends. They just had fun leaving a message to innocent PC users with no firewall and open ports with the message "your friendly hacker was here" and some hints to close their security holes. They should have been warned when they tumbled upon a fat PC with loads of other IP-adresses. Off course a script kiddy is no match for a real hacker.

    This is the reason why he likes Antivir, EQSecure and GeSWall pro on his PC

    Regards K
  14. Kees1958
    Offline

    Kees1958 Registered Member

    Pete

    His intrest is now on designing graphics for the gaming community. As a matter of fact I have confiscated his PC for three weeks, because his school results suffered from his hobby. His lesson was that all his graphics work was destroyed also.

    regards Kees
  15. Mrkvonic
    Offline

    Mrkvonic Linux Systems Expert

    Hello,

    If you son hacked a hacker, then the hacker is not a hacker.
    And if your son got hacked back, then he's not a hacker either.

    I want to make you understand that you fear the unknown. Hacking is not something special. Not in the term often used to determine taking over one's computer and such.

    Real hacking is playing with bits and delving into kernel. Blasting ports with packets and looking for open ones is more of a game.

    In that regard, I warmly suggest you invest in learning more about how PCs work and what can and cannot be done.

    You will sleep better.
    You will save money on unneeded software.
    You will know when and what to do when confronted with a security issue.

    Mrk
  16. Kees1958
    Offline

    Kees1958 Registered Member

    Mrkvonic,

    Although it has been quite a while back:
    - I programmed mainframes in the late 70-ties in assembler, cobol, pascal and fortran
    - Designed the first real time on-line systems in the early 80-ties on unix systems (I still hate the caps and non-caps text based early interfaces) and worked my way through C
    - Hobbied my way into PC in the late 80-ties (with visual and object oriented programming languages)

    Yes I have not written code, designed data base, setup network architecture since 1989, but I will pass on your expert advice to get to know how a PC works, or how to set up militarised or demilitarised zones of a network security, thank you I have been there and think I got the T-shirt, because:

    - I sleep good,
    - I do not spend a lot of money on security software
    - I do not fear the unknown.

    And Yes my son is not a hacker, just a script kiddy. And for the so called hacker he encountered, may be the guy did not deserve the name hacker (we were a sitting duck with just windows firewall and norton AV) or may be it was arrogance of his side to leave his own defence open (and get hacked by a script kiddy). At least he noticed the entry and it was enough to upset his ego to return a favour.

    Regards Kees
    Last edited: Jun 13, 2007
  17. Blackcat
    Offline

    Blackcat Registered Member

    Kees, is A2 heavy or light in real-time?
  18. Kees1958
    Offline

    Kees1958 Registered Member

    Hi Blackcat

    On PC2 (athlon 3700, with a mild overclock to 2,6 Ghz, say comparable in business aps to a Pentium of 3,2 Ghz), startup of unchached Internet Explorer 7 is (relative)

    Antivir (write only, heuristics high) + A2 malware + Defense Wall = 100%

    Antivir (same) + EQSecurity + DW = 140%

    Antivir + SSM-free + Sensive Guard + DW = 175%

    Antivir + SSM Pro + DW = 200%

    So performance in terms of start up time of IE7 is great of A2, only it takes 30MB of ram (smallest footprint was Antivir + EQS +DW) by itself. I have 1,5 GB of Ram so I am not worried about 30 MB of Ram in XP. I am convinced that with A2 and DW I have a user friendly and sound security setup for my wife. In stead of testing all the user scripts and scenario's she is likely to perform to prevent unwanted pop-ups andquestion to which she always says yes when she does not understand the message, DW = absolutely quite, A2's option to prevent false positives in an intelligent way and the very clear pop-ups (which I have only gotten by testing with malware) make me feel confident I have finally found a user friendly and safe setup for a 'digilliterate'.

    On the new game PC1 of my Son (dual core at 3.2 Ghz) we will run Antivir (same) + EQS 3.3 (prompt + block) and GesWall Pro, because it is the cheapest (only one life time lisence of GW Pro) and 'best' choice to the power user
    (not an Anti Executable but behavioral blocker for my Son who tries out a lot of software).
    Regards K
    Last edited: Jun 13, 2007
  19. Blackcat
    Offline

    Blackcat Registered Member

    Kees, I have 2GB Ram here so memory usage is not a problem.

    I was more concerned with system drag as earlier versions of A2's Guard I tried, significantly affected system performance in real-time.

    I may give the new version a try if the Guard is light in performance terms.
  20. Kees1958
    Offline

    Kees1958 Registered Member

    Hi Blackcat,

    I am a freeware user, only buy software (like GeSWall and DefenseWall) when it suits my goals perfectly. I think A2 V3.0 is as exciting as DW and as good as freeware like PowerShadow or EQsecurity, difference of A2 and DW to others in their class, is that they are really user friendly and can be used by the average user (or the lazy power user, because freaks will tune SSM and EQS). I bought a lisence of A2 after one day of trial (only DW equalled this).

    SO powerfull and easy to use software on my list is
    1. DW
    2. A2 - Primary Response SafeConnect
    3. Online Armour with AV and FW - Anti Executable - - PrevX2 -

    I rate A2 over PRSC because PRSC uses expert based rules (which are more vulnarable than the blackist + plain behavior approach of A2) and OA over AE (because of the Av and FW) and AE over PrevX2 because of its strength and it is the obvious choice of First Defense owners.

    Out of the AV's I have a weakness for AV's with high heuristics rates (Nod32 and Avira). Rationally Norton also belongs in this row, but my experience with Norton in the past makes this hard to confess. My choice of all in one solution is KIS.


    Regards K
    Last edited: Jun 13, 2007
  21. Blackcat
    Offline

    Blackcat Registered Member

    Slightly off topic, I thought that GesWallPro was the same as DW; a 1 life-time license BUT annual updates which are not free?

    In the case of GW; 1-year of Safe Applications Updates, costing €14.95, which I presume would be a good choice particularly if protective methods are improved.
  22. Kees1958
    Offline

    Kees1958 Registered Member

    Ho blackcat,

    I can understand that developers can not life one lifetime lisences. So my understanding of GW is problably old. When DW daredto make the move GW must have followed soon afterwards.

    Still I think those aps are worth the money. DW gives the less troubles so if you should stick to XP the next two/three years I would buy DW. Due to its architecture, I think GW will have a Vista version earlier than DW. So when going to Vista soon (say within a year), my choice would be GW.

    Brian and Ilya (US versus Russia) are as user friendly and fanatic when it comes to user support (do these guys ever sleep?).

    Regards
  23. aigle
    Offline

    aigle Registered Member

    Hi Kees! BTW maker of GW is basically a Russian too!
  24. Ilya Rabinovich
    Offline

    Ilya Rabinovich Developer

    Yes, Andrey Kolischak is from Russia (right now he lives in Luxemburg). So- Russia versus Russia! Who wins :D ?
  25. Riverrun
    Offline

    Riverrun Registered Member

    The PC user who is wise enough to use one or other of these appliances!
Thread Status:
Not open for further replies.