Renew or not, that is the question

Again, AVG AS + A2 + SAS. These are my main scanners/ artillery. None are paid/ real time.
fcukdat: which of these 3 has better real time protection? You're all for SAS, but is the shield that good too? And light? (curious)

 

Hi Somone, now u have posted a pretty healthy list of options here.

 

Thank you
One thing to compare: A-squared has a behaviour blocker. How are the other's shields? (coz, this looks better)
And is this behavior blocker good, regarding something like CH?

 

Hello,

fcukdat, you can always seek hidden trojans using live CD.
As to people being infected and not knowing it ... well ... what can I say. Regarding the exploits you mentioned, again this takes an effort - using the wrong browser to visit a wrong page, when your OS is full of holes.

Mrk

 

Apologies folks for strayin way OT but this is somewhat relevent to so called advanced detction software.

Hi Mrk my knowledgeble freind but lets not forget the fact that for example building your own Bart PE goes far beyond the remit of most folks and that includes a lot of the folks that visit/frequent the security forums for education etc.
Dont forget slaving in a second drive dose the trick too but again it is not a onestop solution that can be widely utilized.

FWIW i agree and disagree with your statement on patch's and exploits,yep Windoze takes effort to switch off automatic updates to stem the bandaids,WGA etc but there is such a thing as 0 day exploit in the wild,we've seen plenty and it's occurence will always clip some innoccent victim's when they occur

If you remember the storms email worm back in January07,when that campaign began quite a few AV's were caught sleeping although they reacted quickly by updating there sigs to target the worm.The trouble was the damage was already done for a lot of those victims(uneducated)that opened the executable attachment.The worm dropped the wincom32 rootkit trojan which opened up a backdoor and added the infected PC to the fast growing Nuwar botnet.

Guess what all those folks saying my AV has detected blah-blah(Peacomm,Pead) a few days later and then the worm is removed by the signature based software....Sorted

Shame about Mr Wincom32 still cloaked and the infected 'puter is still backdoored.Only a few of the AV's have the capability of seeing the loaded wincom32 trojan so all the rest have a clean bill of health since the worm has been removed

Now factor in that i busted wincom32 trojan which came imported with CWS infection 4 days before *the Storms* event and you might see which folks were behind the email/worm campaign.This was a targeted attack to harvest as many new zombies as possible using peoples lack of PC security awareness
to achieve its goal.No effort on the victims behalf literally to become infected.

Relevent to this topic i'm not sure if SWD can see loaded Wincom32 but hopefully at some point this weekend i will give it a run out and let y'all know

 

Hello,

My aim was not to disparage. It's just that when people here things like bodiless, undetected trojans and alternate data streams, it sounds like a coffee enema to most. A frightening prospect. We should calm them down.

I think that such threats should be taken in perspective. First, it's just computer software. Second, the worst thing that can happen is to reinstall the OS. Once people understand this, they can think logically.

Regarding live CDs, downloading + burn a Linux ISO takes very little effort, although using their tools to forensicate and enemaize Windows might take even more skills than making BartPE CD.

Keep on the good work, man. But remember. Every time you mention a terrible word, someone out there rubs their hands and thinks - another storm of dollars is coming my way ...

Rustock or Woodstock ... doesn't matter - just simple stupid software. Remember 1988? How things were simple then? There were no trojans then. And miraculously, we all got by well. So nothing dreadful will happen if a computer gets cankered.

Of course, you have the people who have never heard or will never care about potential consequences, whatever they are. But for those who do lurk and listen and have caught the whiff of rumor, the big titles and terrifying words that you see everywhere are in fact counterproductive. To learn, you must first let go of fear.

If they realize that, then perhaps their education will be so much more effective. And instead of running for one-in-all ultimate solutions that do not work but falsely assuage the buyer, perhaps the people will try to listen and actually think.

Mrk

 

very good points Mrkvonic
if you practice safe surfing and havent got infected in ages then chill.
sure there are threats out there but they are not targetting you and very likely never will.
with my new pc im gonna create an offline fresh image so if i screw windows up all i need to do is pop in the cd browse to the image and restore
lodore

 

Point taken again my freind but don't overplay the everything is rosey too much.

Folks have had their personal data removed and used with criminal intent.It dose happen and i don't expect those victims to have the no big deal spin on the event.

With reguards the storms worm event subsequent worm network traffic reports suggested ~250k+ worth of compromised machines within 3 days.Probaly lots of folks getting new/first time computers for xmas or UK netcitizens in a rush to see the storm pictures(.exe) attached to the campaign email.

Even you have to accept what a loaded backdoor potentially represents to the security of a computer=kiss goodbye to your base if the attacker so decides.

 

Looking at your safety aps (Pro FW, Good AV, Plus clasiscal HIPS), I would spend my money on a sandbox like GesWall or DefenseWall or just trust the three security aps you have got.

Regards K

 

Kees, I already re-newed my SWD subscription and I've got like one day left w/ AVG. I think I'm gonna stick w/ SWD in the active security group and retire AVG to my on-demand collection.

Just D/L'd Primary Response SafeConnect to give it a whirl.

...screamer

 

I have used the free versions of SD for some time, and one thing I don't like about them is that they take forever to load at startup. By watching CPU activity with Process Explorer I have found that SD version 4 consumes literally 90 -100% of cpu cycles for 6 minutes during startup. I can't get into the internet or do much of anything else until SD finishes doing its thing.

It also gets very active at other times, notably during scans with other AS applications. I would shut SD down to speed up the scans, but then when I restart it, it eats up another 6 minutes of cpu time.

I would be interested in hearing how SD 5 performs in this regard. My general impression is that others also feel SD does not run light at all.

 

The sluggish behaviour you mention was prevalent in ver. 4, that's why I canned it. SWD ver.5 runs lean on my box. I do realize that my situation is not the norm. (referring to complaints on SWD forum) Since I installed SWD beta 5, I couldn't be more pleased w/ this app. In fact AVG' guard.exe slowed things down much more than SWD ver.5


...screamer

 

Thanks for that post, which I guess includes a screen from What's Running.

One specific question: does SWD run lean at startup, while you are up and running, or (hopefully) both?

 

Absolutely both. No start-up issues like the prior version. It's like its not even there.
Then again, this -is one of the "major" complaints about SWD. Even this version, many ppl are complaining that their boxes slow to a crawl. Mine hasn't.
The only way to know for sure is to D/L a copy.

YMMV,

...screamer