Security Overkill? Experts opinion required!!

Discussion in 'other anti-malware software' started by Beat_Itokuzu, Feb 9, 2008.

Thread Status:
Not open for further replies.
  1. Beat_Itokuzu

    Beat_Itokuzu Registered Member

    Joined:
    Feb 9, 2008
    Posts:
    5
    Hi Security ,

    I'm running NOD32 version 3 (can this be configured using Blackspears?), along side Windows Defender, Spybot, Spyware Blaster & Online Armour on my new laptop.

    Is this overkill? Can I ditch something here? Is there a better configuration of the above without using all? Lastly, which is the best for providing realtime spyware/adware/malware protection?

    I know there's a lot of questions here, but I want to make sure I am as protected as possible.

    Just to note, I have seen no considerable slow down with the above all working apart from on start-up, and my surfing habits are fairly safe (with isohunt being as slippery as it gets).

    Many thanks in advance,
    Beat.
     
  2. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Overkill is a strange word. It literally means to kill more than once; which of course is not possible. So, yes, you are perhaps into overkill.
     
  3. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    Assuming you're using Vista you can disable Windows Defender and uninstall Spybot. Now you can install SAS and a-squared for more robust detection/removal capabilities.
     
  4. The_1337

    The_1337 Registered Member

    Joined:
    Aug 10, 2007
    Posts:
    112
    id get rid of windows defender and spybot, and add a hips and sandbox.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Actually I don't think what you're running is "over kill". The thing to be concerned about is resident programs, not "On demand" scanners. Spyware Blaster is not resident. Spybot has resident and non resident functions. I use Spybot for the immunize and SD helper functions (IE BHO) and disable teatimer. I think Online Armour is a strong app, but I would drop Windows Defender for different resident AntiSpyware. Spyware Terminator and Spyware Doctor SE (google pack) are free. There are a number of good "for pay" AS apps, such as SuperAntiSpyware and Spyware Doctor (full version). By the way, since you're using Online Armour don't forget the "Run Safer" option. This reduces the privileges of an application and is a good idea if you use an administrator account. Enable this option for all your online apps.
     
    Last edited: Feb 9, 2008
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I support The_1337's recommendation, a solid HIPS + a super sandbox would more than make up for potential gaps in coverage and should lock down control well enough for your PC safety.

    NOD32 On-Demand Only is the only AV i use and only to verify my malware collections as indeed risk capable, but i found it exceptional, especially after releasing like an idiot a file infector on my system that nearly cripple an entire 200GB HD if not for the excellent "cleaning" feature which afforded just enough recovery that i was able to fully reconstuct my Hard Drive back to normal again, that an FD-ISR archives saved months of research not to mention the system itself. So you'll never read me making light of NOD32.
     
  7. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    To tell you the truth, it depends on which version of Windows. XP? Pro, Home?
    Start with searching this forum for limited user account (LUA) or SuRun (by member tlu), DEP.

    LUA could be a pain to use depending on your programs. But you will only know that if you try it. And SuRun is a possible solution for those PITA programs that don't run in a LUA.

    Then AV, then firewall, then whatever. This is what i think at this point, concerning security.

    If you use XP Home, the main thing after LUA/SuRun/DEP, and before AV, is choose between a sandbox (to isolate infection vectors) or HIPS like SSM free to intercept executables (the premise is, all or most malware start by executing something).

    EDIT: Online Armor does the same job as anti-executable as SSM free above. You can just keep that one.
     
    Last edited: Feb 9, 2008
  8. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,289
    Location:
    Pennsylvania.
    Instead of Windows Defender I would recommend Spyware Terminator. It has a far better real time shield and has HIPS included in it. This program is free.
     
  9. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I would strongly reaffirm this suggestion. Particularly skim through SuRun: Easily running Windows XP as a limited user and try it out.
    Lots of personal preferences and usage style dependencies come into play here. It's difficult making an informed general suggestion, but I'm a strong believer in staying with solutions that you've developed a feel for and evolving slowly unless there's a cogent reason to quickly change things.

    With that and the suggestion above in mind, I'd minimize things at NOD32/Spyware Blaster/Online Armour/SuRun, LUA, or the Run Safer facility within OA mentioned above. My own preference is selective elevation vs selective reduction of rights, each approach involves tradeoffs.

    Blue
     
  10. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Agreed on wd and spybot, but with OA he has a hips application.,
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    I'm glad you commented, i see my wording was not good. What i meant by "Then AV, then firewall, then whatever. " was actually "Then whatever, AV, Firewall..".

    I meant to say - first a limited account and DEP on, then move on from there.

    Ultimately, seeing what the OP already has,
    i subscribe.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    As he has OA, he can't be using OA which doesn't yet have a vista version.
     
  13. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    It is rather humorous, though: A person with one post requiring expert opinions.:thumbd: :thumbd: :thumbd: :thumbd: :thumbd:
     
  14. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Yep - that puts your comments in context - and I agree.

    Blue
     
  15. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    Hello Beat!

    Yes you can dump all of those except Nod 32 and OA and you are covered real time given you have the settings optimized in the FW portion of OA and the best possible settings in NOD.

    Yes there may be a better config. I just don't know what it is. Use the older applications for on demand and maybe Spybot to immunize your host file.

    You could do some weekly on demand scanning from freeeweb sites like BD, KAV, McAfee to make yourself " cleaner". These don't need to be installed.


    No such thing as 100%!

    Then you don't need to worry about cpu footprint.


    Don't forget your image backups, which in many ways IMO are more NB than the security applications.

    See you!
     
  16. Beat_Itokuzu

    Beat_Itokuzu Registered Member

    Joined:
    Feb 9, 2008
    Posts:
    5
    Thanks a million for all your help. I know it's my first comment, I am new to this and this sight looked the best. Sorry if I offended anyone.

    I should have mentioned I am running Vista, with OA on and running ok, does this sound right Escalater? You also mentioned image backup... my Dell as a restore factory setting option, and I have set up good points on my system restore, is this what you mean? What is HIPS? I notice you mention the administrator account - what are the risks of that? I take it there are security pitfalls there? The vista security thing is still baffling me (asking for permissions to delete folders, etc).

    Thanks again to all for your excellent help everyone. Now to try and tweak NOD version 3...!
     
  17. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    Online Armor isn't Vista compatible (ATM). Yes you can isntall it, I have tried that. But it miss some important components or something...
     
  18. Beat_Itokuzu

    Beat_Itokuzu Registered Member

    Joined:
    Feb 9, 2008
    Posts:
    5
    Rightyo MikeNAS, it is getting uninstalled pronto!! :)
     
  19. Beat_Itokuzu

    Beat_Itokuzu Registered Member

    Joined:
    Feb 9, 2008
    Posts:
    5
    Can I just clarify with you all (sorry, I know I am labouring here) -

    My best approach is to have :

    - NOD32 maxed up

    - A decent Spyware Package

    - A decent Firewall

    And I should be ok?

    Lastly - does NOD32 version 3 come already maxed up or do I have to tweak? I have looked at Blackspears guide, but that seems to be for version 2.5.
     
  20. Coolio10

    Coolio10 Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    1,124
    You could go crazy and have just a HIPS :D.
     
  21. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    You didn't offend me, but your questions worry me.

    With respect, I suggest you just stop adding so many applications at once, read the manuals for each one before acting, ask questions in the vendor forums or the official forums here. For example on NOD go to that Official Forum for support here, where your NOD questions will get answered by the resident experts.

    No it is not alright to run OA with your vista! Where did you get the idea it was ok? What version of OA do you have? Did you get a license for it?
    What exe's show in your task manager for it? What is the bit level for your Dell? 32 or 64? What version of vista do you have?

    If you have a valid OA :doubt: go to OA program uninstall asap ie remove it. To do that you will have to be a vista administrator on your PC. Here is a skill testing vista question for you, how do you become a vista administrator for your PC? Since you installed OA you must have done it at least once.

    I say again OA does yet not have any vista versions.

    On the image point you do not yet understand. Dell's have a protected partition for restoring the original factory applications. This is very different than image backups of current system both programs and user data. But all that is in the Dell User Manual.

    Forget learning HIPS for now. Get the Vista system working well first and learn what it can do before rushing out to add applications that you don't yet grasp. I'm not trying to be hard on you but first understand what Dell gave you. New PC's usually come with SW. Did your come with an AV such as Norton or McAfee? If so which versions? They would be compatible with VISTA. Did you know for example that vista comes with a 2 way FW? You have to activate the outbound protection, but that as well is in the User Manuals or help. If you have the vista Norton for example you also have it's FW, ASW, and HIPS and it will have deactivated the vista FW.

    I will be glad to help you but please do be clear and complete about your applications and setup and do the reading and learning first.

    Sorry to be hard but it's been a busy day.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.