Security Software Usage question for All

This is not directed at anyone, so no one take offense to this....

I see several people's signatures and postings listing a dozen or so different applications used to protect their pc. This is what I have:

• NOD32
• SpywareBlaster
• Spybot S&D
• Ad-Aware
• Built-in firewall in my Linksys router

And that is it.
I occassionally go to darker sides of the internet and test out various sites and I have never had an infection, never been hacked, and rarely get any more spyware than tracking cookies. I even use IE6 as my normal browser (occassionally switching to firefox just for the tabbing though)

What exactly is everyone doing on their machines that they need 2 different AV's, 2 different Port monitoring, several registry monitoring, monster firewalls, every spyware removal/prevention tool in existence, and process guard?

As stated above, this is not directed at anyone. I am just curious as to what people are doing that they need this much protection?

If you looked at the running processes and my system tray, you would say "How is it you aren't plagued with viruses/spyware?" I have only 1 icon in my sys tray (NOD) and don't run any monitoring software and still I have no problems.

Am I missing out on something?

 

I do understand the concept of using software just to get better ackwainted with it and I do the same thing. But, I do not continuously run a onslaught of security software.

 

One of these day lets hope that you don't get one of the new types of malware and end up doining a reformat that might have been prevented with the right security software. But the ultimate choice is yours to make. A good layered defense makes a lot of sense on the net these days with all of the potential threats that infect your computer.

bigc

 

I understand what you're saying. I used to have every type of security app on my system at one time, but now I cleaned it up a bit & use a lot less now. Here is my list that works for me.

Nod32 (used to use KAV)
Process Guard
Kerio 2.1.5 (to control phone home apps)
Proxomitron
Linksys Router (have more than one computer, so NAT is a nice bonus )
SpywareBlaster (update 2-4 weeks)
Adaware/Spybot ( Monthly scans)

This setup has worked well for me for over a year now with no noticable slowdowns, and no infections. I also think learning how to secure XP & IE helps a lot too.

I still trial security software all the time too. Most of it I don't keep. I do find that I recommend software to friends & family, and there happy with the results.

 

Hi bigC. I've read many of your posts in the past & found them very informative. I agree that layered security is an excellent thing to do, but I've been questioning myself on how much is good enough? It really boggles my mind when I look at all the apps out there that help secure windows boxes. I guess there is no good answer to that, but from all the good advice here i've been surfing safe.

Thanks,

Clowny

 

Capp,

Are missing out here? Probably not.

In looking at your list, the only thing possibly missing is a software firewall, and I wouldn't say that it's for protection per se, to me it's all about outbound communication control. I thought long and hard on that one.

Layering of protective measures is generally acknowledged as beneficial, but there is a measure of coherent design that must be applied to get the greatest effect. In many cases I believe that there is too much duplication in realtime coverage and too much anguish over whether on-demand applications overlap. For the on-demand applications, I'd get one of everything if they caught my eye and I had the cash. Disk real estate is cheap and it's really inconsequential if the applications overlap. However, I do I try to be miserly in the realtime coverage. Even so, to my mind, I'm armed to the hilt on my PC. Of the realtime protection, I could easily pull off Mailwasher since my ISP now has very decent spam screening, but I leave it on as a personal convenience.

As with you, my switch to Firefox was driven by the tabbed feature. The security aspect is nice, but IE can be adjusted to my needs.

As for the more esoteric tools, ProcessGuard for example, well, for me they're hedges against future developments. Although I'm sure there are individuals who can manage to develop a malware infestation on a daily basis, for the most part I try to account for the potential of very infrequent incidents with minimal system impact and generic solutions. PG offers a very generic solution to process integrity, which I position more for future prospects than current needs.

I've actively used computers for over 30 years, and personal computers since they appeared on the scene. In that time I've suffered a handful of viral incidents, most within the past 10 years. My global infection rate is ~ once every 6 years, although the more recent trend is once every 2-3 years. I'd think this is typical to slightly high given my usage volume. So the question is, given that infection rate, is my response measured or overkill? Well, that depends on how much effort you'd want to invest in dealing with a malware problem. After dealing with a few of nasty one's, I decided a couple of hundred dollars per PC up front and something less than a $100/yr per PC on a continuing basis is worth my while based on other time committments. I realize this a pricey for many people, but with an allowance for more manual solutions, the yearly cost can be much less for anyone willing to invest the time to learn. It is important to keep infection rates in mind when assessing the appropriateness of solutions. To me, a live infection once per year is a real plague, and one worth guarding against.

The other issue confronting everyone is the shift in the driving force behind malware. In the past it was petty vandalism of your computer, and that was about it. Now, as commerce is increasingly executed through personal computers, there is a growing criminal component to malware. Simply stated, the stakes are much higher these days and higher stakes are generally dealt with by imposing additional mitigating control systems. The tendency to treat infections after the fact of yesteryear has morphed into the need to pre-emptively address the vulnerability today.

Your question is a very valid one and undisciplined heaping of malware solutions on top of one another can be as crippling as the malware they are designed to thwart.

Those are just my personal thoughts on the matter...

Blue

 

I do agree with everyone on here and I do not mean to debate the matter.

I have my firewall on my router locked down pretty tight and it catches quite a bit. I have used trial versions of several different Trojan Scanners/BHO cleaners/Port monitors and they never found anything that NOD didn't already catch. Not that it is perfect...that's not what I'm saying.

Honostly, I'm not privey to what TDS and Ewido even does much less how to use them. I used to run ZoneAlarm on my system and it caught ALOT of inbound and outbound traffic, but I also use netstat -a in command prompt to show me what is running as well and all is well ZoneAlarm just didn't do enough for me to justify using it on top of another firewall.

I agree bigc73542 that it would suck royaly if I had to reformat and re-install. I thought I was going to have to a few times due to my jacking with the system and causing problems, but I have always managed to repair the damage with no data loss. I agree on a layered defense system, but I have to ask...How many layers before it is overkill.

As per my original question, what is everyone doing with their PC's that they are protecting against.

I spend a lot of time here at Wilders learning about new security methods and the latest threats, and I greatly appreciate all the knowledge being pumped through this url.

 

LOL ... I don't use too much either.

The main contributors:

Process Guard
SSM - System Safety Monitor
2 lic. AV's one resident & one on demand
1 AT TDS 3
Router w/NAT & Software Firewall
Proxomitron
Port Explorer

Anti-Spy apps - Spybot, Ad-aware, Bazooka, Giant (none running resident)

I will soon add RegDefend ... I just haven't got around to purchasing it yet. (I'm currently using MJ reg. watcher)

LOL ... plus I think I have just about every other tool available on board in case I ever run into that rainy day.

Steve

File-Sharing ... and of course testing out the darkside ... just to double check I'm well protected.

 

Let's all be honest here. I have a feeling that most, if not all of us use these programs for the sake of using them. Its all about testing out new technologies and feeling like you are a step ahead so to speak. I honestly dont feel that all of this is necessary either. Internet security is an interest we all share, otherwise we wouldnt be here. These software programs, and the technology behind them is fascinating....as an added bonus we surf in relative safety.

 

I can agree with Kegel. I enjoy learning the apps and technology, as well as just playing with software.. security or otherwise. I also like the amount of control security software allows me on my system. Things like qttask.exe were always a major battle before I got RegRun, which also gives a lot of other troubleshooting options and some general maintenance tools. It's so useful on a daily basis that I almost don't think of RegRun as being a security app as much as just a system monitor/tool. With my firewall and email filter, I can also enjoy HTML email again.. whoda thunk?

Of course I'm also called on whenever someone I know (or someone they know) decides that Norton isn't cutting it anymore. Having used many different apps and understanding what they do allows me to give each person a good solution, whether minimal or not. I enjoy the task of trying to create a maximum solution for the individual user's habits and skill level. It's gratifying to have someone come back to me in 6 mos saying "wow, my computer still works great, haven't had a single problem since you've set me up, and it's faster than it's ever been before, thanks!"

I also agree with Blue.. a lot of the generic protection I have I keep in anticipation of future threats. The stakes have risen and the consequences of an infection are much higher than a simple format. The importance of this was underscored when I lost some data to a backdoor that went undetected by my AV at the time for several months.

I do, however, feel that one really does need more security apps now than before. With money backing these malware to bypass your standard AV/FW combo, those solutions are becoming less and less solid. Something like PG can, at least, fortify your AV/FW so they can't be bypassed nearly as easily. An external firewall is great, but malware has become more of an issue than directed hacking attempts (why spend the time hacking a handful of computers, when a simple piece of well crafted malware can do all the work for you on many more computers, and give you greater control in a fraction of the time?), and an external firewall will do nothing to prevent something that's come in through legitimate channels and uses legitimate channels to connect out.

 

Capp,

The specific things I am protecting against are:

• Lost time. I use my PC as an adjunct to my work laptop, the kids use theirs for homework (yeh, like maybe the 1% of the time they aren't IM'ing or listening music..., but that's another topic and I realize I'd do the same at their age), and my wife teaches at a community college and uses it for class preparation and the like. There really are two approaches to a lost time target: pre-emptive protection as I have or aggressive imaging of the hard drives. I chose the former, the latter approach is equally viable.
• Preservation of personal information. It's the guard against events such as identity, credit card information, or other personal information theft. While aggressive disk imaging can replace many security measures by allowing you to immediately restore a pristine copy of your system, it does nothing to help you deal with the loss of personal information that can occur during a malware infection. This is why I don't view disk imaging as a replacement of security applications, but it is a very convenient add-on. Do I frequent sites where this is a likely outcome? No, but I'd rather not take chances here.
• Protection of records. I have financial and tax records on one PC. Copies are retained on CD/DVD, but some (such as banking) need to be on-line all the time. Given the importance of the integrity and protection of this information, I will go to significant lengths to assure its protected.

Those are my specific reasons for the applications. Kegel's comment is also a factor - I do like to feel as though I'm one step ahead of the curve in this area. Speaking objectively, staying ahead of the curve is the driver for my testing new options when they appear on the market. I don't try everything, but I do try a lot of the new applications as they appear.

Blue

 

for me it is a more like a hobby. I think I have all the antitrojans there are (at least the 4 good ones )

why? I don't know the first one was tds-3 cause it was so good and practically the only one. the second was trojan hunter cause it had a on access memory module scanner, the third was Ewido cause I like the program so much and the last one boclean: I received it for free.

processguard (still!!!) and regdefend are now my main important toys at the moment, spyblocker is allways good to me and allways worked, admuncher for scrambling my IP and blocking the rest spyblocker misses...

do you know the term: boys with toys? I think I am one of those

 

Hi Capp,

I think that add a Firewall and some Registry Checker, like WinPatrol, to your list completes your security...

Firewall to control the outbound connections, and Registry Checker to control the startup windows entries...

Regards

 

This is what I was hoping to get out of this thread.

I too have a large onslaught of utilities that I have tested and now keep them stored in case I need them.

I don't need a software firewall because I go through a switch with a firewall and my dsl router has a firewall. Although, I do have some downloaded in case I do.

Thanks everyone for giving me their input. As I had said, I don't use port monitoring software because I can do that through command prompt. I do full weekly backups to a secondary hard drive and keep a regular image on hand.

I firmly believe in the "boys with toys" saying, can't ever get enough!

 

You have a hardware firewall, but how do you control the applications that connect through the Internet?

 

netstat -a

I write a little program that I can run at any time and see exactly what is running (even hidden programs) and what port they are accessing with the ability to Kill them if needed.

 

But could be late and some information could be sent...

 

Agreed, but I also don't store any "personal information" such as credit card info, ssn, etc.. on my pc.

I am thinking of trying out Ewido. My thing is, I'm not paying much at all for software I'm rarely going to use. Which is why NOD32 is the only software I run that costs anything.

 

OK

Nice choise

It's a very good program with a great future...

 

I currently run pretty much the same setup as you except I always use FF and it has been working for me, but I am also a very safe surfer. Ad-Aware and Spybot never find anything so they are pretty pointless but I keep them just in case. I do plan on adding some programs to my defense, mainly a software firewall, anti trojan and process guard (also possibly RegDefend). Why? Because I like to feel safe and I have seen how bad some malware can mess up a system, I am usually the person all my friends call when they have a computer problem, so I have seen some messes and I don’t want that to happen to my computer. Like Blue said an infection may only happen once every 2-3 years, so while I may be going fine with the security I have now, that does not mean I am fully protected.

I also don’t want too many security programs running resident so I plan on limiting that to 5 (NOD, firewall, AT, PG and RegDefend). I figure with a setup like that my firewall, NOD and AT should prevent most infections, but if I do get infected the malware wont be able to do much with PG and RD. I don’t mind having multiple programs as on demand scanners and am probably going to get Ewido soon because it is free as an on demand scanner, I was also considering getting MS antispyware and disabling resident protection. Anyway that’s my view.

 

Last Fall, infections on my system forced me to do a clean Windows install. I really don't enjoy that - by the time I've re-configured the system for all of my preferential settings, it takes me a couple of days to fully recover. Even after full and complete system restoration - I've lost Favorites and saved email messages.

Since then, I've spent a good deal of time and money to configure my system to prevent another disaster.

I run:
- Software firewall
- Real-time scanning AV
- Real-time scanning AT
- Real-time scanning AS
- System is immunized
- Browser settings are hardened
- OS and DATA partitions are imaged to removable media weekly

Never again (I hope).

This is an excellent forum. Thanks to all contributors for the education I've gained from this forum.

 

Capp,

For your needs, I'd say Ewido is an excellent choice. Of the 5 PC's I have at home, I sprung for the pay version of Ewido on my machine only. On the others, the trial version reverted to the slightly disabled free version - which is a very nice package itself. I'd recommend running through the trial, let it expire, and "trial" the free version for a while. It might suit your needs as well as anything.

Blue

 

I like the interface of Ewido. I did a full scan and it found a couple of things....all of which were in quarantine somewhere (NOD, Spybot, Adaware, Hijackthis, regtuneup) so I didn't have anything running luckily.

Quick question...I am using the trial version (Special Christmas Edition) and it says it expires after 14 days. What exactly changes after the 14 days is up?

Thanks

 

What I use is in my sig, I am also testing the MS Antispyware, I am a firm believer that you need to run multiple antispyware apps.

I am also going to start using JAP -Tor or another other proxy service and I am even toying with the idea of full hard drive encryption or at least file/folder encryption for maximum protection.

I don't think you can ever be to safe or to paranoid about your PC's security or privacy.

 

Capp,

The trial version is the full Plus version. See here for the short feature comparison. As far as I know, those features listed under Additional features of the Plus-Version heading will become disabled at the end of the trial.

Blue