Security Strategy please correct me or confirm.

A behaviour blocker is very good at keeping you malware-free. Putting a firewall with good performance against leaktests will cause overlap of functions, more pop-ups and less resources.
As for on-demand scanners: what are you going to do when they find something?
Your tools for cleanups should be clean images and/or a reboot-to-restore solution.

 

Wow! I just finish read about it on their site. And its free I download it already and sure it will be part odf my sucurity. Thank you and also thanks lucas1985.

But we are talking about clean system. If something is before I install Returnil than stays there correct? So on demand scanners may find their use too especially if they are free?

Or maybe better I install returnil first and learn before ask?

 

Understand more and more, keep going guys - dont resign on me please.

 

Keep in mind that I was talking about ON DEMAND scanners not MAIN scanners, because good MAIN scanners have a real-time shield and not using MAIN scanners is a subject of a long discussion.

On demand scanners are scanners that you run to find malware, what your main scanners didn't find and those are useless, if you have Returnil.
On demand scanners must run EVERY day, each day longer gives a malware more time to execute itself.

 

Correct.

On-demand scanners are only useful to check newly downloaded files/attachments. And having these new files saved to disk already implies that you think they're safe enough (brain-based heuristics )

That's why you need to know how malware works and how your chosen security software works to prevent "shoot in the foot" errors
A chain is as strong as its weakest link. You don't want to be the weakest link in your security chain, do you?

 

I see things here completely differently to Eric. I see most real time (Main for Eric) as pointless and On demand as having some value.

You say quite correctly "but we are talking about clean system" and this raises the question of how we know if a system is clean or not. With Returnil there will be occasions when you have to remove the protection and go online to update. Although it is very unlikely that a nastie will get in. If it gets in and is not spotted by real-time protection (a new unknown nastie) then it will be frozen into the system and still be there at every reboot. on demand scans using different programs will hopefully pick it up when the AV AS programmers get caught up.

So I see little point in running only one real time protection AV which only often slows down a machine and prefer to run a variety of on demand scanners on an ad hoc basis.

In any event the chances of getting infected are far less than is often claimed.

 

This is true for those practicing safe hex. I know some people who are specially good at finding malware

 

I know people who argue with their wives all the time. I have learned that it is preferable to keep quite than to have to wear body armor 24/7.

 

That was really good one my inteligence contra artificial inteligence.

Yes I understand now as I read some reviews on Returnil. It seems that for non technical person Returnil is the easiest way to keep security if will be used always before connecting with internet and restarted after you done and sure that attachments or whatever you download is OK and disconnect. Then after restart you can use everything what was OK without Returnil protection on. In this case seems like you do not need anything else but …

My only concern is if you are connected to Internet 24/7 anyway I need some protection. I can not have Returnil when install uninstall, install good programs, update etc.

Concerning security strategy I want to follow the guidance here as base to start from:

Securing Windows

And of course before I expect (using my brain heuristic) dangerous browsing, downloading, checking software, checking mails attachments - I can always engage Returnil. However maybe will be Sandoxie better as it allows to make the changes permanent?

Do I get it correct? Do you guys agree?

By the way I want to thank you everybody as I really learn a lot here at Wilders.

 

LOL, luckily I'm not married LOL

Do you speak Spanish?

Reboot-to-restore applications work best in static environments (i.e. the software base stays almost unchanged)
When you want to update your software, you discard your current session in Returnil and reboot in thawed mode (turning off protection). Then, you only do the required updated and engage the protection again. Also, you should have clean up-to-date images if the update causes some havok and/or it's infected.
Always try to get (if possible) standalone/offline installers/updates and check their hashes or digital signatures and use Virustotal/Jotti.

You can use both Sandboxie/another sandbox and a boot-to-restore solution. Returnil protects your entire system, Sandboxie only protects the sandboxed application. Be aware that some malware can steal data inside the sandbox, altough they're deleted when you empty the sandbox.

The more you use your brain, the quieter will be your security apps. In particular, you shouldn't see malware in mail and/or using P2P.

 

This multi-layer approach is working flawlessly on my XP system:
- DLink EBR-2310 Wired NAT Router hardware firewall protection
- Comodo Firewall Professional RC1 (both Network Monitor + HIPS active)
- NOD32 V3 resident antivirus protection
- Comodo BOClean 4.25 resident anti-spyware protection
- Spywareblaster innoculator protection
- SuperAntiSpyware (non-resident scanner-only) anti-spyware protection
- Acronis TrueImage 10.0 Backup/Restore utility.
- Using IE7 browser.

Regarding BOClean, it offers excellent resident protection to detect attempted startup of malware, but ignores trivia such as adware cookies. You need a manual AS scanner as well for adware cookie removal.

Hope this helps!

Hope