Re: MBR infection protection help

Discussion in 'other anti-malware software' started by taleblou, May 20, 2010.

Thread Status:
Not open for further replies.
  1. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Excellent info regarding HDHacker and OA's capabilities. I would imagine that it is the HIPS feature that warns on such attempts.
     
  2. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    Yes, Prevx should block rootkits.
    Between OA, GeSWall, Prevx and even avast (with web shield and behavior shield) I'd say I have MBR adequately protected.
    Maybe too much overlapping protection... maybe just enough. :)
     
  3. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    You are correct. :thumb:
     
  4. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    Sorry cant help but post here. You have may be 4 program to do what my user limited can do without any program. Simple.
     
  5. jmonge

    jmonge Registered Member

    Joined:
    Mar 20, 2008
    Posts:
    13,744
    Location:
    Canada
    can the free version alert for rootkits?
     
  6. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    I can only say I'm happy for you.
     
  7. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    You might want to do a bit more checking before casting aspersions on other posters here at Wilders. For instance do a Google on "windows privilege escalation vulnerability" and read the bad news. Limited User (LUA) is NOT perfect protection.

    You might start by reading HERE. I quote in part (bold face added by me for emphasis)...
    A Google search will disclose hundreds of additional links on this exploit. Those links include but are by no means limited to the following...
    THIS, THAT, THE OTHER, AND YET ANOTHER.

    I just gotta quote you a small part of that last link (again, the bold face is added by me)...
    Bottom Line:

    1- Wilders has a number of people who are very experienced in the field of security (myself NOT included). Accordingly, a poster should carefully check his facts before ridiculing other posters.

    2- Wilders has a number of people (myself included) who are students of security matters, & who visit here to learn. We learn better when posters do not flaunt their knowledge (especially if they are dead wrong in what they are saying).

    3- Ridiculing other posters & flaunting one's (supposed) expertise tends to ignite flame wars. Those are not very welcome here.
     
  8. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    And I ask if you test any of those you link. Either user limited block or you give bad example. Like about Kon Boot, that require hacker to be able to touch your computer from outside. Did you read? You need boot up from CD or USB or floppy. Trust me hacker can do more than log into admin if can have access like that. None of program Page42 say will protect you from that also. Simple. If hacker can access and boot what stop him from format your drive. As I say bad example.
    Also when you give all this it like giving that Matousec exploit. Remember many program like online armor vulnerable. But fact is need take in context. If you want say can still exploit then I say user limited combine SRP or Applocker protect you still with no program. Page42 use 4 program. I use none still. Funny how you seem attack me when I on topic. Since I relate to how protect MBR. User limited is already very good protect for this and no program need. Then combine SRP or Applocker and even your theory go out window. Simpe.
     
    Last edited: May 22, 2010
  9. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    A Google search yields many hundreds of links concerning several weaknesses in LUA, over & above the one weakness I listed. If you wish to believe that LUA gives you *perfect* protection, then that's your choice. However, it is unnecessary to belittle other posters who choose different approaches than yours.

    He was listing all the layers of his security. He never said that he included all those layers for the sole purpose of protecting the MBR.

    Some folks prefer to always run as Admin. I am one of those. My security set-up is structured so that I can do that in relative safety. Page42's set-up no doubt is structured to suit his particular preferences. So also is your set-up, I assume.

    If one wishes to disagree with someone's approach to security, it is possible to do so without being disagreeable. That goes for me. And for you, too, I hope.
     
  10. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    Why point finger at me. Many here belittle all time and you never say any thing. And by way I no mean belittle. Just give info that can protect MBR just as well in reality by use user limited alone. And if you that scared and want to read up thing you no understand then use SRP or Applocker also and you get better protect than may be all program. And by way I can say you belittle me also. Simple. I notice Windchild and tlu will support me. I read a lot windchild how he say when some one get infect then first person on wilder will say install this and that. When in fact user limited would save them already. Simple. But yes I only say what I think. Sorry for put wrong way. I no no why you think I being belittle and disagreeable. Many other here post much worse like doktornotor. I no mean be like him. Sorry again. Thanks you.
     
  11. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    what part of OA protects the MBR? the firewall itself or the HIPS component?
     
  12. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  13. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    Thank you.
    I'd try OA HIPS... looks nice :)
     
  14. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    I've been using OA for years and it's a great program. My wife uses the free version and I use the "Premium". I think you'll be pleased with its functionality.
     
  15. wat0114

    wat0114 Guest

    The potential perils of always running as Administrator is nicely illustrated here. How about that for an escallation threat: user - running as administrator no less - finds the security apps cause a "drag" so he proceeds to summarily disable them. Welcome home malware! ;) The enormous security benefit offered by simply running as Limited user should never be overlooked. Even better is when it's combined with, if available, SRP or Applocker (already built into, as is LUA, to the O/S - how about that:) ). There are those who always run as admin who are also highly qualified to do so (Sully comes to mind, as does Franklin who throws tons of malware at his setup without incuring infection) but as the link I posted confirms, in the wrong hands it can be devastating. This is certainly not to suggest others here who run as admin are not capable, but avoiding the admin account for all but only necessary purposes, simplifies the process of keeping one's machine secure against malware threats. The threat that malware can instantly and easily "pwn" the machine is virtually a non-factor.
     
    Last edited by a moderator: May 22, 2010
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    6,941
    Location:
    USA
    What I have observed (and experienced) here at Wilders is a particular brand of enthusiasm and excitement on behalf of LUA afficionados. There is no sense in naming names, as we all can point to a handful of them quickly. As I say, they are quite enthralled with their brand of pc security, to the extent that they often appear (to me, at least) to be pushing what they have discovered and embraced upon everyone who will listen, willingly or not. This is evidenced by alot of posts like timestand's, wherein he wishes to tell me that his setup is superior to mine. Since I have not asked timestand to enlighten me, when he takes it upon himself to point out the differences between his set up and mine, I can only say... I'm happy for you, timestand.

    There are many really terrific and knowledgeable members here at Wilders, and I suppose if one wanted to, one could lump us all into different camps, predicated upon our security practices. The categories would be (and are) manyfold, for certain. I applaud these differences, and take no particular offense when I encounter them, whether by seeking the information myself, or by having it thrust upon me. Of all the varied roads one can choose from, I have observed what looks to be one common theme or understanding (belief?) that most Wilders members agree upon... and that is the best security approach and set up is the one that works best for you.

    I have close to zero desire to travel about the forums, bragging about the software I use (or don't use), trying to convince others to abide by my preferences. I am much better served around here by ASKING questions, and helping out on those rare occasions when I discover that I know something that another member needs assistance with. :) These forums, on a daily basis, give us all many opportunities to learn skills. From time to time, these lessons are not limited to matters of computer security.
     
  17. bellgamin

    bellgamin Registered Member

    Joined:
    Aug 1, 2002
    Posts:
    8,102
    Location:
    Hawaii
    Interesting link. Thanks!
    ~~~~~~~~~~~~~~~~~~~~~
    The HIPS part of QA does the job - as referenced by stapp.
    ~~~~~~~~~~~~~~~~~~~~

    OA is especially good for someone like me, who wants to run as Admin. I have OA set so that ALL threatgates will Run Safer.

    For folks who run as Admin but who do not use OA, a tiny free proggie call Drop My Rights will give you the same protection as Run Safer.
    ~~~~~~~~~~~~~~~~~~~~~~~~~

    Some of us are security hobbyists, or "new proggie junkies" -- whatever someone might want to call us. I am one of those.

    I give a trial to just about every security program that comes along. I also tend to buy unneeded licenses for security programs that I want to support. In consequence, I own dozens of licenses for security products.

    A tennis enthusiast may have several rackets. That doesn't mean he uses them all at once. A golf lover may have several sets of club, & a bunch of putters. But he doesn't use them all at one time.

    It's the same with some of us who are security enthusiasts. We often list many security programs in our posts, but that does NOT necessarily mean that we are using them all at one time.
    ~~~~~~~~~~~~~~~~~~

    Although I always run as Admin, the only 2 security apps I am presently running in real-time are OA & Prevx, plus I am behind an SPI-capable router.

    I believe someone can safely run as Admin with only ONE real-time security app; namely SBIE, configured to restrict outgoing connections. ( and make an on-demand image 1x/week)
     
    Last edited: May 22, 2010
  18. Konata Izumi

    Konata Izumi Registered Member

    Joined:
    Nov 23, 2008
    Posts:
    1,557
    tried it.. lol HIPS dont work good in my LUA/SRP :'(
    *click my siggie*
     
  19. Blues7

    Blues7 Registered Member

    Joined:
    May 11, 2009
    Posts:
    870
    Location:
    2500'
    I think your point of view makes a lot of sense imho.

    I run Sandboxie & OA Premium along with MSE.

    I had thought to try the Prevx SafeOnline browser protection but read of issues with both OA and Sandboxie so decided it probably wasn't worth the potential conflicts or loss of security since I am very comfortable with those two excellent programs.
     
  20. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    Again I no mean say my set up better. I only mean say it simpler. Ok? Only try help poster at start. He ask how to protect MBR. Every here say install this and that. Then poster also worry about conflict
    Ok? Then you name 4 program and say they may all protect MBR. That is nice for you also and I happy also you for. Then all I want say is why not try user limited. Why I do this? I no hear of user limited ever get infect MBR. Also I see many here alway change set up. May be it because they like trying program. Sure Ok. But many also try to look for best set up for them. So may be best set up for them is run user limited. I know many no try this so they never know. They give up easy and say user limited too restrict but yet and never take time. They take many time to try and learn program but never for user limited. That what I find sad. Just trying help. Thanks you.
     
  21. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    I think you for no need any program but your last comment is correct I feel. I know you never get infect any way since you smart man like many us here. But I also learn Sbie last few week and I use now. Very nice but I take time learn just like I take time learn user limited.
     
  22. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    I know one friend who dont use any thing but rollback rx. At end each day he just rollback. So at start day is like using new image. Smart man that friend.
     
  23. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @timestand

    Hi, i think you make some Very good points about LUA etc etc :thumb: The thing is, a lot of us on here just like testing/using stuff, and being in control :D

    :)
     
  24. wat0114

    wat0114 Guest

    It's currently the one and only 3rd party security app I place complete faith in. Great for family computers :)
     
  25. timestand

    timestand Former Poster

    Joined:
    May 7, 2010
    Posts:
    172
    Testing/using is Ok. That can be as many say hobby. But user limited can also be in control so no excuse there Ok? In fact more control with user limited! And I agree wat0114 also. Problem is many just think user limited is problem or break thing or too restrict. This is wrong for most persons. Very sad people think problem with user limited like this.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.