Mamutu or ThreatFire or PrevXEdge with a free Antivirus?

Which combo would you prefer and why?

Mamutu + DefenseWall(or similar) + (which) free AV
PrevXEdge + DW(or similar) + (which) free AV
ThreatFire + DW(or similar) + (which) free AV

I ask because I think Antivir is good and DW handles 0 day threats from internet and then I want something that blocks when I do something stupid so that these two cant protect from 0-days threats or extra viscious threats.

Please tell me your choise and why,

Best Regards

 

Personally I'd go with option 1 Mamutu,DW and Avira,certainly over the TF option.PrevxEdge is promising though so my preference may well change.Having said that any of those combos would offer a good overall protection so it comes down to which suits your particular system and personal tailoring best.

 

id say Mamutu + DW + Avira free

or if u dont like the nag screens of avira and want something that has maybe more "complete" protection, u culd go with Avast AV free, but Avira wuld be my #1 choice.

 

Mamutu doesnt monitor SVCHOST.EXE. My old Outpost had rules for SVCHOST, but Mamutu doesnt monitor. So malware cannot use SVCHOST to hurt my PC?

I dont remember why, but I dont have the nag screen any longer.

 

Personally my choice would be Comodo Firewall + DW + Avira free (although you would need an additional spyware scanner, SAS and/or MBAM will be fine).
But from the three options, I'd chose Mamutu or PrevX.

 

I have replaced ThreatFire with Prevx Edge. Its much more++ lighter on my system and i think it monitors more or less the same malware activities.

 

PrevXEdge + DW(or similar) + NO (which) free AV (not needed with this setup)

 

Prevx Edge + DW (or Sandboxie) No Av needed.

 

Option 1 is grrrreat!

Also -- DriveSentry + DW is excellent.

Any & all such solutions will benefit from imaging software (Returnil, Image for Windows, etc).

Prevx Edge? Not until the proponents live down their deserved reputation for shabby tech support.

 

I got so bitten by their support for Prevx2, I won´t even dare touch it with a long pole. Sorry.

It was great in the early days, but when they start to ¨abandon¨ a certain product, be ready for it.

But its nice to see they get so hands-on with Edge. Reminds me of the good old days. Edge is still shiny and new, and the honeymoon period is still very much on.

Anyway, Mamutu + DW is good at the moment.

 

I landed with Dynamic Security Agent - fast and no hickups. Maybe not as good protection as some of the others but my sig will have to be enough for now.

Best Regards

 

Actually its one of the better ones around

 

A setup with ThreatFire + DefenseWall is sufficient. Just enable the outbound protection feature of TF. Ilya has implemented all my extra rules (which I used to add in TF or put in DW resource protection), so it is out of the box strong.

The flaw of TF taking down the parent process (non-critical only it has improved, but it will still quarantaine chrome for instance and winamp), won't bother you when using GeSWall Pro or DefenseWall in front of TF.

I have run that setup long enough to know.

When you would like a more classical defense, Avira free + Spyware terminator (HIPS disabled, only other shields on of ST) is also a nice combo to use behind DW.

I realise it is not an answer within the choices you put forward, but these are the best in my opinion.

 

if u dont mind the pop-ups then yes DSA is great, i used to use it but i prefer the quieter approach of Mamutu

 

I don't know if it still exists, but DSA used to have a memory leak.

Also, i think that it may give more pop ups once the "learning" period ends.

Anyway, i would go with 3, 1, 2. Actually i will be adding DefenseWall myseld in my arsenal soon.

But my choice is a bit weird. I 'd take Threatfire first because it works without online activation, is free and doesn't need at all costs to contact the online database in order to operate. But Mamutu is lighter on resources. PrevX Edge would be my last choice, because i simply hate the idea of having a program that has to phone home in order to work as it should. If at least could download locally the database on demand, as Drive Sentry does... If your connection fails because of DNS, ISPs failiure, malware cutting your internet etc, PrevX Edge is dead on the water. Same if the company closes or gets bought by another that discontinues it.

 

You would need a much larger harddrive and some incredible bandwidth to download our entire database on demand The fact is, most other AVs are moving into "the cloud" as well and the benefits far outweigh the non-benefits. If malware is already so deeply embedded in your system as to be able to sever your internet, then you are stuck anyway, regardless of your AV solution. An AV which downloads new definition updates every 15 minutes is basically identical to Edge as it would need a very consistent internet stream to function. Old threats are far less likely to affect users than new threats, and that is where the community database comes into play and there is absolutely no other way to do it than to centrally check new files.

 

Ah, yes, this would be a problem.

When they do, i will stop using AVs all together. I can't even stand the idea of the "in the cloud" security.

I guess all this is true. Specially if you consider PrevX Edge being in the category of antiviruses.

Don't get me wrong, i don't want to bash PrevX Edge, i haven't even tried it. It's just that i don't like the whole idea of "in the cloud". If this is the future, well, i can only hope that i will be able to make an alternative defense setup without antivirus... Or of course i will have to accept the reality. But as long as i will be able to avoid it, i will. But that's just me. It's also a psychological factor in it. After messing for years with HIPS, where you control everything, the idea alone of your security being in the hands of a centralized databank, sending and receiving data without me controlling anything (the sending being the worse part), is difficult to accept. Too paranoia grew up in me. All this "in the cloud" thing, has an aftertaste of big brother. I mean, what else will they centralize for our own good? Duh.

 

The problem is that while you are inclined enough to make decisions on whether a file is good or bad based on the HIPS prompts you receive, there is a very large percentage of users that haven't the slightest idea what "modifying process memory" or "querying for direct disk access" means. Our "big brother" approach allows our centralized heuristics to work like a team of AV researchers, analyzing every behavior that comes in and deciding what the file should be determined as.

In the same sense, why would you use an AV? Standard AVs have a very "big brother" and cut/dry approach to detecting files - you have to trust the AV researchers to analyze/write/test/upload a new definition and then you, the user, has to check for/download/and scan using the new definition.

If you actually do want to be prompted for every behavior that goes on, then fine - feel free to use Prevx2 in Expert mode or another HIPS but most users have no idea what the prompts mean and in our analysis, users choose the wrong answer more often than not

With the way threats are moving and how quickly they are spreading/mutating, users will either have to update their AVs dozens of times per minute to keep up with new definitions and antivirus companies will have to hire hundreds of thousands of new researchers, or, everything can just move into the cloud

 

I know. And your product is fine for the average Joe, exactly because he doesn't need to answer to cryptic pop ups. I myself from time to time am bored with classical hips (like nowdays) and replying to the pop ups. Not to mention that lately combo firewall-HIPs products, concentrate more on the HIPS part and less on the firewall (the perf tests in Matousec prove so). So, now i will go for something simple and light, based in sandboxes mainly.

Honestly, the only reason why i use an av, is for psychological reasons... and since Twister had lifetime license and run very light, i said "what the heck". Otherwise i consider AVs a waste of money in annual basis and resourse hogs.As for the AV researchers, well, if i had to trust every False positive i have seen flagged by Twister, i would be reinstalling Windows now.

Yes, i have Comodo for the days i feel paranoid. But then, since i don't get infected , i get bored and seek non classical hips solutions. Defensewall will be such a solution.

I understand. I have often written in this forum, that the av is the last thing that i would expect from to be saved, exactly because of the reasons you said. This is why i am in favor of prevention by non signature methods. And if things get so tough that i can't rely on sandboxes anymore, i guess i will revert to classical hips and live with the pop ups. But, since i don't get real malware without my knowledge (because sometimes i am pretty confident something i download is malware and take my measures), for now, i can rely on things like Sandboxie, Defensewall, Returnil etc.

Well, things do change of course. If one day i am too old to fight the malware with such tools and just want a "set and forget" thing, i guess i will have to proceed to the "clouds" too. But untill then...

I have no doubt that your solution can be of great easy of use for the average user (in fact classical hips will never be mainstream), don't take me wrong. But right now, it's not in my wish list.

 

I completely agree with all of your points and in your circumstance, I will happily say that you most likely do not need Edge at this point as you are able to intelligently respond and manage your own security.

However... my mother is a different story...

 

I am using ThreatFire right now. It only check the blacklist data base for know malware when an intrusion occurs.

I like the idea of in the cloud computing:

a) first priorities are set easily, just focus on the currently in the wild samples of malware when checking data trafiic from external sources of which all of them (besides USB stick) origin from the 'cloud' any way.

b) defense can be done by specialists in stead of noobs.
1. When strange behavior is detected, check the central and most actual data base.
2. When code is unknow submit the code for automated analysis and keep tracking (preferably virtualising) what this suspect does

cheers

 

I like to think my pc is protected ,but i don't want to be asked why media player classic wants to play a movie,even if the autolearn feature of classical Hips made things a little easier....,so an advanced product like Edge is always welcomed.
I'll go for PrevXEdge + DW + Avira free

 

Lucky you! My mother won't even come close to a pc.
Apart joking, for people that aren't willing to learn the basics about security, who btw are the majority, your approach, despite me not liking the idea, is much more preferable compared to a traditional antivirus. Specially after a few months , when your userbase will grow. Because as i understand, the bigger your userbase, the better the chance of receiving early new malware , analyzing it and putting it in your central databank. Most AVs are HEAVY (latest performance test by AVComparatives showed the best ones adding about 40% lag on the system) and cost almost double the money of the Prevx Edge. If Prevx Edge manages to be light (which i read it is) , it is a no brainer that it is a better solution compared to all traditional AVs, for both the resource usage and money...

I also use TF from time to time, but with community support disabled. Who knows, maybe i ll overcome the idea of not controlling locally what happens and follow the stream too at some point. It certainly is a solution that doesn't need much effort on the part of the user.


The fact is , that for now, i am not in high danger, although i do go to places that malware is supposed to happily exist. Opera seems to do all the job... The only malware that i have executed in the past 2 years, was on my own will, sandboxed. Otherwise, just false positives from Twister (which they do brake though the monotony ).

 

There are at least 3 Prevx threads going now, all of them exclusively dedicated to that one security app. I do hope that PrevxHelp is not going to turn OTHER threads (such as this one) into further opportunities to promote the Prevx concept.

It would be nice to discuss various apps without plugs from the various proponents. At present, Prevx is the only proponent I know of who is manifesting this behavior.

 

I use Prevx Edge with AVG (paid).