My Security Setup

Hello All,

If you could be so kind, I would like to have my current security software suite analyzed. Any recommendations for improvement are greatly appreciated:

AVG Free 8.0.100
Comodo Firewall w/ Defense+ 3.0.22.349
SuperAntispyware Free (On-Demand Only)
Spywareblaster 4.0 (All protection enabled)
Dr.Web CureIt 4.44 (On-Demand Only)
Hardware Firewall

 

Keep the firewall, keep Cure-it, add returnil and dump the rest.

 

Hi,

AVG Free + Comodo 3 + Hardware Firewall should be enough.

Why SAS Free and Spywareblaster?
Is AVGs Anti-Spyware modul beastly bad or what? If so, maybe avast home would be an alternative.
Well, an every once in a while scan with CureIt doesn't hurt, so why not.

But in general you have a HIPS and two Firewalls (HW+SW), but four blacklist scanners in your setup.

As trjam said, consider to replace a few of your dump blacklist scanners with sandboxing, policy restriction or virtualisation programs like Sandboxie, GeSWall or Returnil.

But it's difficult to advise, if you don't tell your main goals, like surfing, p2p, gaming etc.

Cheers

 

Can't comment from an expert perspective, (because I don't have one), but I thought it looked quite solid.
IMO there is nothing wrong with having a demand AS of the caliber of SAS. I keep reading forum posts of how well it disinfected stuff that some others couldn't.
Likewise Cureit.
The others above have pointed out the limitations of blacklist-based scanners and indicated a preference for HIPS/image type protection, with which I won't argue. The HIPS should catch anything trying to run,the FW will prevent anything that slips through from phoning home, the image will wipe the slate clean. (If your responses to the alerts are correct.)What route you choose there depends on your preferences. D+ is a HIPS, which you already know, I guess.
Me, I'm not certain enough of my ability to always answer alerts correctly, so I prefer to have a resident scanner to watch my back. (In fact, I have two, which is almost certainly overkill, but it's not slowing the 'pooter down much.)
From what I've read, and from past experience with suites I'm not a fan of the latest AVG offering, but if it runs well on your PC I see no reason to dump it. Having the extra demand scanners is simply a bit of insurance in case AVG isn't up to the job, and/or can offer you reassurance that it is, in fact, up to the job.
If, however, you are finding malware using the demand scanners, that should be major cause for alarm.

 

What kind of advice is this without knowing more info like what subset asked?

It would also be nice to get an idea of the OP's level of knowledge. Without this info, it would be hard to advise or suggest anything.

Prototype0,

Your setup looks pretty good, but we need more info about you, your habits and others that may use the machine. What browser do you use? There are other new technologies that the others have mentioned that could help in some situations. Help us help you.

In any case, it's always important to keep your programs up to date. If you wish, you can follow the link in my signature and it can do a scan of some of the important programs (browsers, media players, Windows, Java, Flash, Instant Messaging etc.) you have installed to make sure there up to date. I usually do this at least once a month. Up to date programs like those I mentioned usually patch a vulnerability that malware can exploit.

 

If you use Returnil or any other ISR-software, you can keep your main scanner(s) because of the real-time shield, but on-demand scanners are completely useless with Returnil on board.

 

More redundant than useless, I'd think?
What about for scanning files prior to saving them?

 

How many scanners are you going to use to verify new objects ? Is one or two scanners really enough or do you assume it's enough ?

 

Me personally? Sometimes none. Depends on the file and download source. The rest of the time, one scanner (plus the AV is scanning realtime), so two, I guess. A balance between usability and caution.
Since I'm not prone to downloading from dodgy sites, nor anything cracked, this has so far worked for me.
I've hardly ever had an alert, either. Can lead to complacency, I guess.

 

To verify my new approach, I ran as many scanners I could get in the last two months and they didn't detect anything in my system partition.
I also have a frozen system, similar to Returnil and that is the main reason, why scanners couldn't find anything, not because of my security softwares.

Of course I scanned my data partition also, they didn't detect anything either, but the main reason for this was, that I don't download that much. I use internet more to look at stuff, rather than downloading and keeping it.
Most of my data files are created by me, my video editing is based on movies or documentaries, I recorded from TV.
My data partition is also locked by DefenseWall, while I'm surfing on the internet. Spam-emails and email-attachments are not a problem, I delete them immediately without even opening them.
So the risk of getting infected data is very small and when my system partition is malware-free, it won't infect my data either.

 

I've taken an extended absence from malware hunting but am beginning to get the fever again to see how they can fair with what we have as arsenal to discourage their efforts.

Virtualization & FD-ISR aside, i'm curious now how the latest HIPS and other security shields can meet and defeat their latest threats with more confidence then before.