Please advise - I have Vista UAC, Avira. What else do I need?

I recently reinstalled Vista on my pc. I wanted to do a fresh install with an SP1 integrated image which I made with vLite, which had a lot of features removed so I have a lean 1gb iso.

I have taken a base image of the install and am now installing security software. This is also my first real try at running with UAC on (with a few tweaks to disable the elevation prompt for admins) and so far I am happy with it and IE7 protected mode.

I also installed Avira premium security suite with a free 3 month license offer (google search found it on comodo forums) and am happy with it - Avira IMO has always had great detection and a no-frills gui and runs light. I may buy it when the time is up.

At this point I do not have any sort of HIPS and I would like some advice about what I really need in addition. There are 2 things I want to try as well -

- adding an SRP on Vista
- run Firefox in protected mode (by setting its integrity level to low)

I don't know how successful these will be for daily use though.

With protected mode, why do we need SandboxIE for IE?
SandboxIE seems to have issues with FF3 from their forums.

There are so many HIPS I read about (Defense Wall, ThreatFire, SSM, DriveSentry, Online Armor etc etc), but since UAC already adds a layer of defense, which one can best complement it without bothering me?

 

even if you have UAC,lua what ever you still not fully protected so my advice
is to think twice cause windows vista has or will have some vulnerabilities
and still hips and sandboxes are still needed

 

also antiviruses are not keeping up to block unrecognize malwares,
i am not telling you to ditch your antivirus but add something to compliment you antivirus in this case a sandbox or policie base sandbox will do the job(patching the hole)without any need of signiture

 

I agree with you, thats exactly why I started this thread I was not trying to say that UAC+AV is sufficient defense but trying to find out what else is needed that would not overlap with what I already have.

 

i remenber one time i try to go alitle naked just with mcafee and spywareblaster only and i got infected even if i dont look for trouble,trouble came to me unexpected and i have to format my pc,after that i said forget it
i will get my self heavy dutty stuff and i got my self DefenseWall Hips
after that never been infected again.dont you fully trust UAC OR REALLY on their protection my 3 cents

 

I've had Vista HP for 1.5 years with UAC on, Windows Defender on, and antivir free. I'm now running with no antivirus, but do install one every week or so to scan, then remove it with FD-ISR. I still have WD on. I've yet to find any malware or virus. I guess what I mean is you can go along way in Vista with the basics and built in protections.

The question for me was whether to run as protected admin or run from behind an additional standard account. I've mostly run as protected admin. Here's a discussion that we had over the last couple of days about it.

https://www.wilderssecurity.com/showthread.php?t=215470

 

To be honest,

Vista with LUA, running IE in protected mode, a decent AV like AVira, WD or Anvir taskmanager to alarm on system changes and common sense is a reasonable protection.

One could invest in learning how to use the VIsta FW two way, but how many of us are really infected (not counting self inflicted pain when playing with malware)?

 

Approximately 27% of Vista ThreatFire users, probably a more security-conscious crowd than typical Vista users, had malware over a 6 month period - see http://www.computerworld.com.au/index.php/id;128348660;fp;16;fpid;1.

 

if this is the case threatfire is not to secure to use alone

 

If I read the PC Tools summary correctly, 27% is the number that ThreatFire detected by behavior and then confirmed with 3rd-party antivirus scanners.

 

You really need to take a closer look at the article.

 

I guess that means 73 percent of Vista users were not in that bad a shape.

 

i read the article but what about those people that only run threatfire alone

 

still 27% still bad well my paranoiya

 

may be my ignorance or lack of knowlodge but the % is kind of scary the way i understand it.so my apology if i misunderstood the article

 

Why didn't they reveal what %age of the 27% infected Vista pc's had UAC on? I am sure the ThreatFire logger was recording that, as well as other relevant details of the pc security setup.

ThreatFire seems like a nice app to have, I am just overwhelmed by all these HIPS which all claim to do the same, only better than the others! The thing I hate most is installing some program, having things break and then spending hours and days searching, posting in forums to figure out what went wrong.

 

Reports or stats like this are really pretty meaningless.... it all depends on what the user is doing. If you ask for it, you get it. The best defense is always your intelligent use of the machine....

 

i know but when you have familly or happy clicker friends that they click yes to all.

 

thats where virtualization apps are very important to have just in case everything fails you still get a back up to the original state .

 

The article states that Threatfire uses behavior based detection. So if the malware is on the computer but not doing anything, it is not yet a threat. When it attempts to do something Threatfire MAY possibly step in then. So those running Threatfire may or may not be fine depending on the outcome of the intervention.

 

my point is this threatfire is not 100% bullet proof rigth?is it?and to have it alone is not too secure.there are some dorman malwares too and if threatfire misses the behaviour of the malware then what?couple of times a tested threat fire(dont have any screenshoot sorry for that but threatfire fail)

 

I did see a quote somewhere from a PC Tools representative saying that a lot of those in the study who knew how to turn off UAC did so. It would have been interesting to see how the UAC-off folks did vs. the UAC-on folks.

 

I would agree that it's wrong to say that your Vista system has a 27% chance of being infected in the next 6 months, because your configuration and user patterns may vary from others. However, I do see value in seeing what is happening "in the large."

 

The ThreatFire folks recommend it as a supplement to your AV, not a replacement.

 

i know that already
maybe hammer miss understood me