Security that you use and its purpose - DISCUSSIONS

Try using Autoruns from Sysinternals to control what starts, they have several little freeware-tools.

 

Why are alot of you people using ewido instead of an active trojan blocking program. I see that ewido says it blocks trojans, but is it as good as TDS-3 or Trojan Guard? Do we even need an active trojan guard with all the other software we have protecting us. I mean can't we manually scan for trojans every so often?

dja2k

 

Hi,

I use UnHackme basically as a backup for ProcessGuard. It is probably unnecessary, but there is always a chance that I will make a mistake in answering a ProcessGuard alert message, so I like the idea of double protection. Anyways, I like Greatis as a company, so I want to support their efforts.

Ditto with Ewido. The combination of KAV 4.5, ProcessGuard, and RegDefend will probably protect me against trojan-like malware that Ewido protects my system against. However, I purchased Ewido a while ago, (as I did my other ATs), and it doesn't use that much resouces, so I run it for extra protection. I also scan with the other ATs from time to time (TDS-3, TrojanHunter, BOClean), but nothing has ever gotten through my first line of defense.

I use SpyBlaster and SpyBot protections.

Cya,
Rich

 

So Rich, would you say that running KAV 5.0 (extended database), Outpost Firewall 2.6l, Process Guard 1.150, Spyware Blaster 3.3 Enabled, Spybot 1.4 Immunized and Browser Helper Enabled (though I don't use IE as my defualt Browser) and Regdefend 1.150 would be initial line of defense. Cause now that I got my setup working fine, I am trying to get rid of programs that don't really need to be running. I know that trojan hunter is a good app, but I see most of you don't run trojan detection software as active, but mainly as a scanner. I mean if my first line of defense is as good as it gets, do I really need the extra trojan hunter running (which by the way takes up about 12 - 15 MB of memory to run as active. I mean if it has to run, then let it be, I have 1024 MB of ram, so its no biggy, but hey the more you got running, the slower things can be. I mean this programs are reading files constantly.

dja2k

 

dja2k, the setup you describe "KAV 5.0 (extended database), Outpost Firewall 2.6l, Process Guard 3.150, Spyware Blaster 3.3 Enabled, Spybot 1.4 Immunized and Browser Helper Enabled (though I don't use IE as my defualt Browser) and Regdefend 1.150" would be a better than probably 95% of users and it would be a very strong setup, i'd add MS-AntiSpyware as on-demand scanner only, i can tell you that while Kav has been installed, i have never had any of the AT's that i have used give an alert and with PG correctly configured, you would have to be unlucky to be infected by a trojan.

With 1024mb ram you don't have to be too concerned with memory, you should look at CPU-usage instead.

Btw. RegDefend 1.200 has been released some time ago.

 

Jeeze guys. Get out of your houses and go get some fresh air. You're all obsessed. All these apps you got installed and you probably don't go anywhere near a website that would infect you anyway. If you don't go to porn or warez sites then you pretty much eliminate 99.99% of your chance of infection anyway. It seems to me that it's more a hobby than a neccessity. You like the idea that your pc is running all these apps and that it's your own little fortress that can't be penetrated. There's more to life than sitting looking at a pc and saying "Just try to infect me and watch all my apps spring into action and KAPOW! got you, you little bugger". Now if you do frequent porn and warez sites then i can fully understand why you go this far. But i fear that you only have these apps running so you have bragging rights.

muf

 

Thanks for the insight Don. Yes Muf, some of us mght be braggers (cause we know how to use these apps) and others might just want to be protected, but isin't it better to have sex with a condom than to have sex without. Wouldn't you say sex is like the internet, you don't know what kind of stuff is out there. Better safe than sorry don't you think?

dja2k

 

Not that you're in much of a position to criticize, Muf, but then again, just like everyone else on the board, we don't really know your circumstances.

 

If we speak of every day users....those that don't visit Forums such as this....it would not matter if they use a condom if they don't know how to use it....or whether or not it has holes in it

 

One only needs to take a look at any site that helps out with HijackThis Logs to see that the tidal wave is increasing in speed, width and hight...

Prevention is far better than cure…

Cheers

 

Hi dja2k,

I agree with Don. I think you have an excellent first line of defense, and as long as you pay attention to the alert messages that you may get from your real-time security programs, I think you are extremely well protected.

Like Don, I run various programs on-demand from time to time. Mostly because I bought them previously, so I am always "testing" the strength of my real-time defense. So far, from time to time CounterSpy, Ewido, and Ad-aware may pick up a stray "tracking cookie" during a full scan, but nothing beyond that.

I do remember a while ago that somehow a "Java exploit" got past KAV real-time and ended upon in the Java cache folder. The exploit itself was harmless, since it was neutralized quite some time ago by the latest versions of Java. Possibly, because it was never executed, it was never detected since all of the ATs that I have would detect it ever tried to do something. However, I did find it while doing a full KAV scan, which I do about once every two weeks.

I personally think you are in very good shape and just keep tracking this forum for updates and other unusal things that might need your attention.

Cya around,
Rich

 

Oh my god! I didn't realise i used so much stuff myself. I suppose when you look at the list, it's not much different than what everyone else is saying. I take back what i said. I'm a certified fruit and nutcase like the rest of you!

Put the handcuffs on me now officer, i've been nicked!!!

muf

p.s I do frequent those undisireable places though. So at least i do have good reason for my level of protection.

 

LMAO, by the looks of it you had joined us long ago, and just hadn't realised you were already here

 

HI Muf,

I only wish what you say is true, but I just spent several hours of my time cleaning a machine of a friend who really just casually browses the Web and hardly uses her machine and had Trend Micros Suite on her system. Unfortuately, the current state of affairs is that probably more people are affected than probably even know about it.

The real problem is in Redmond. They can quickly shut down lots of "holes" in the software, but they themselves need the holes so they can do what they want to do (intrude on the usage of Windows) and thereby they leave "windows" open to other intruders. I think this underlying, over-arching problem will only be solved when large institutions start moving away from Windows because the risks/financial losses are too great for them to many any longer. Once large institutions start addressing these issues with a new OS, then their employees (and money) will follow. Until then, I don't know what can be done, except continue to harden defenses against MS allowed security holes.

Rich

 

Thanks rich for the reply and also to the rest of you for helping out. I will keep my current line of defense and see how it goes. Did start getting some blue screens \ crashes though something about restarted due to bugchecks, but I can live with it for a while until I find out what is causing them. I really think that it is outpost as I encountered them some time ago, but can't rule out the other apps just yet. The errors usually are interent related like for instance it happened when I was in Amazon.com and I noticed that it started getting slow to go to the next page, then suddenly it just happened. I am still waiting on people at the Outpost forum to address a question on their Component Control, Open Process Control and Hidden Process as some of them might conflict with what I got. For now I have Component Control DISABLED, Open Process Control DISABLED, and Hidden Process set to ALLOW ACCESS. I set Hidden Process to ALLOW ACCESS because Trojan Hunter would then be blocked and my interent connection would fail at windows startup. As far as Component Control and Open Process Control, well I will have to wait and see what the best options are. I will see what happens anyways.

dja2k

 

Muf has a point. But so what? It's a hobby that isn't hurting anyone. Still, knowign how to use an app is not cause for bragging I think. I rather brag I know how to program.

 

I have to concur here. I just spent the last 7 days and probably 5 hours on the telephone sorting out a mates pc that had got infected. He hadn't got around to fixing up his telephone line to his pc for two years. Eventually got up and running and was once again happily browsing the net. Then he phoned me to say he might have an infection. I then found out he uses NO PROTECTION AT ALL. Windows 98 with no firewall, no AV, no AT, no AS. NOTHING. Just bare bones windows and his 56k dial up. And he's one of those typical red-blooded males that visits 'THOSE' places. So for him to say he thinks he 'MIGHT' be infected was a bit funny.

Anyway, turns out he had Mirar, JS.Seeker, something called USBN.EXE and other stuff owning his pc. He went and purchased Norton AV(not by my recommendation - panick buy!). I did him a cd with Ad-Aware, Spybot, CWShredder to help remove his problems. And also provided copies of SpywareBlaster & ScriptSentry along with enabling Teatimer for resident protection. Norton found 3 infections. Spybot found 29 critical items, Ad-Aware found 39 critical items - All scanned in safe mode. Had to remove the USBN.EXE manually and it was resetting his dial-up and trying to phone a premium sex phone line.

He's just been given Norton Firewall 2003 by a workmate who got it as a freebee but never installed it. So he's installing that this weekend - BEFORE HE GOES BACK ONLINE! Seems to be good to go now.

Btw, It's not easy cleaning someone's pc on the phone when they are not pc literate. The disk i gave him i left at his place of work as it's just around the corner from where i live. But his house is just way too far away for me to travel so i had to remedy his pc on the phone. Hard work. But i got there in the end. And who knows, maybe he's learned a lesson or three.

muf

 

Okay now I have had it with outpost and their damn blue screen BSOD errors. I have been getting a blue screen daily while just on firefox surfing. What else do you guys, which you have helped me a lot, reccomend as a replacement. And yes I know zonealarm is good, but I can't understand make the rulesets on it and no one seemed to help out before. But besides zonealarm and outpost, any other good firewall. Also I am behind a linksys router. I gave outpost many chances since the 2.5 version and all builts til 2.6, but they all cause those blue screens. So what do you think about a firewall that will fit my needs on good security and I don't care about memory usage.

dja2k

 

I'm a fan of Look n Stop, I've had no problems with it. Sometimes the rules can seem daunting to the new user, but for the most part you just have to load up the enhanced ruleset. When you're more comfortable you can download Phant0m's ruleset for more, as well as use the beta drivers (completely stable.) I didn't know much of anything about firewalls when I first started using it, and had no trouble. Plus the support for it is right here at Wilders, and any additional rules you need can be downloaded.

 

So lock n stop is pure rule based. Does that mean that it doesn't have a pop-up to block or accept connections from the start?

dja2k

 

Look 'n' Stop has a FREE 30 day trial, I'm impressed with it, and it is very easy to set up for file sharing behind a router.

Hope this helps...

Cheers

 

But it leaves everything to allow access until you setup a rule right?

dja2k

 

Yes it has application control, which will prompt you to Authorize or Block an application that's trying to access the internet. Almost all firewalls are rules based, but most of them don't let you customize them, which leaves you with a configuration made for the lowest common denominator (security wise) to ensure compatibility for all users.

Like Blackspear says, it's got a 30 day trial, you might give it a spin. I've not heard of (or experienced) any stability issues. Should you decide to uninstall it, you can use the Phantastic Uninstaller to remove it completely (you would run it after uninstalling from Add/Remove Programs.) You can also take a look through the forum here for just about anything else you might want to know.

 

Think I tried it once before, not to sure, but it didn't lock anything. I would allow access to everything, browser and programs from start unless I had to turn on something. If I do use it, what is this about enhanced rules and something about an updated system file? Also is look n stop ever known to create blue screens due to BSOD's?

dja2k

 

I have recently purchased an XP PC, my first PC in over 12 years.

I can honestly say that I have spent more time in one day sat atop a chilling iceberg staring out at an ocean depth of security issues than I have ever needed to in over 15 years of Mac OS use.

It's a really sad state of affairs... A computer should be a compliant tool, not something one has to wrestle with at great expense of time/money/resources.

The level of PC paranoia I've encountered today more than suggests I should stick to using OSX when interfacing with the internet and all its scummy alleyways. The PC can sit in the corner and receive what it needs via OSX's built-in firewall.