What's the use of having security software?

Sorry for the typo!!!! The damn worms already invaded my mind!!!

Yes, I can run the trial. But, my wild guess is that the popular ones, lets say, like Adobe Photoshop, Norton 2009, etc, after the trial ends, even if you uninstall it, though you still can install it, you won't be able to run it, as information saying that it has already been used for the allowed trial period, stays behind. Thats how a software application "knows", by checking against either a registry key or file, or both, I guess.

I don't say its spyware. I called it "spying", because, well, information was still left behind, so that a new installation would know a previous one, which trial period ended, has been used already, hence, blocking a new use of it.

 

Okay, I see what you're saying. However, I would say that the software/manufacturer is just CYA-ing....Covering Your(or Their) Arse.

 

I am not talking about whether or not DW uninstalls. What I mean is this. Lets say you install DW and go about your life and start installing programs you like and you install them as untrusted. After a period of time you have installed quite a few programs - some stayed, some didn't. A few of them lets presuppose contained malware (otherwise there is no need for DW in the first place). So now you have malware that is mixed in with your files, but it is not able to do permanant damage because DW is there - guarding you. Now comes the day you decide to uninstall DW - and all this malware spings to life. You see things are acting strangly on the comp (or maybe you dont), and it could be from something you installed months ago. You would have no clue what was the problem - you would have to reformat and reinstall windows.

 

not really if you install files untrusted you can always rollback them delete them any time and if you want to trust them then that's when your second line of defense has to work hard for the trusted files itroduce to real systems,so have a 2 layer is a smart decicion

 

I can't see how the discussions about the failed Tests can be classed as msi information?

Here you have miss understood what I was saying because you took a sentence out of a paragraph and made up your own interpretation

Well this is the first I have heard or read any where that sandboxie was only designed to prevent certain types of actions. I would of thought that the "Drop My Rights" settings in sandboxie should be more affective.

No its not because it took place in a virtualised world the sandbox, there would be another reason. because how come Malware Defender can control the behavior of things running in Sandboxie??

What difference does it make what terminates the programs?? Fact remains
is that Reg Test was the "ROOT" cause of the terminations.

Mine and other peoples experience was that explorer was terminated.

HungJuri I have some questions for you.

Why would you want to Uninstall defense wall?? Normally most people decide what security programs they want and they keep it the same without changing. Unless you are a person like many people here who are always testing security products. But most Testers here have Image back ups anyway.

If you have unsafe, adware, or malware programs installed , why would you want to uninstall Defense Wall?

If you know that you are going to Uninstall Defense wall later on then why would you install dodgy unsafe programs in the first place??

You cauld also ask the same question about Sanboxie, because Sandboxie has a setting which Forces programs of your choosing to run in the Sandbox, So with Uninstalling Sandboxie you would have the same problem.

 

I wouldn't even know that I had to rollback anything until after it was too late with DW being uninstalled.

So then the comparison isn't Sandboxie vrs Defence Wall - it is Sandboxie vrs "Defence Wall plus other programs and/or actions". With Sandboxie, I can install most programs (if it needs a driver, it's going to be clean before I even consider it) into a sandbox and it is completely cleanly entirely away and seperate - IN A SANDBOX (not some Policy Sandbox play on words) - from my file system. I can find it - all of it - and see it, and delete all of it whenever I choose. So it is not "Oh just install it as untrusted, you'll be fine".

 

That is not the point and only proves what I say in that once you make the decision to go with DW, you are with it for life or reformat and reinstall Windows. DW is not a lifetime license is it? Well Sandboxie is. A one time fee.

 

So you have the same products installed as you did 1-2-3 years ago?

If you didn't have malware installed, why would you need DW?

I don't pre-know that I will be uninstalling it - what if something better comes along?

You've never used sandboxie by that comment.

 

Really? I never realized DW worked that way, thank you very much for that info ssj100. To me the choice is only more clear now. thanks again.

 

I was referring to this setting. Any dodgy programs you are not sure about you can make them run in the Sandbox when they execute.
And I have a registered version of Sandboxie and was using it for about 2 years. Cheers

Edit ok I made a mistake in the screenie, was meant to have selected Forced Programs, Not properly awake yet.

 

Of course I know about force folders and forced programs ; Your statement on uninstalling sandboxie -

If I did uninstall sandboxie I would of course delete any sandboxes created but even if I didn't any malware that was installed into a sandbox (or any programs for that matter) would not be workable from the sandbox folder they were in. But your statement is not about installing into a sandbox - it is about running existing programs that are already on the computer as forced programs. So whether sandboxie was installed or uninstalled, the situation on my comp would not change. You consistently do not answer direct comments and try to divert away attention with answers that do not address the point. This entire thread is pointless.

 

I've said it before and I'll say it again.

EDUCATION is your best weapon, not software!

I've surfed the net since the day it was born and only used a software or hardware firewall and a AV program, a few malware apps and that's it and I've done all this surfing the worst of the worst.

A Home box is one thing and a server needing protection is another.

Having Fort Knox on a Home box is silly, all you really need is a firewall, AV, a couple of malware apps like Malwarebytes and SAS, a HIPS like DefenseWall and that's more then enough security and protection and even the HIPS you don't need if you're education enough on how to deal with things. BUT you still need EDUCATION on how to deal with your software and your surfing habits.

All the toys in the world aren't going to mean spit if you don't know how to use them, how to stay out of trouble and spot trouble and know how to deal with it when you come across it and better yet, learn how to stay away from it!.

 

Personally I don't reply on any AV and malware apps like Malwarebytes and SAS to scan and clean out any malware which may be on my system, because I prevent the malware infection from happening in the first place.

With regards to surfing habits if you know what you are doing, you can go surf any where on the net with out getting infected. Why let infected websites prevent you from going there?

 

If you've installed 200 programs since your last system backup, your security policy needs serious adjustment.

The statement made by DasFox is accurate.
EDUCATION is your best weapon, not software!
Security software is only as good as the security policy it's enforcing and the user that's configuring it. When users install several security apps and still keep finding gaps in the protection, it's because they didn't start with an overall plan. A security policy is like a picture of a puzzle that you're trying to assemble. The available security software is the pieces of many puzzles all mixed together. Not all the pieces will fit your particular puzzle properly. Without a policy or picture as a guide, you don't have a proper standard or criteria to use when choosing your security software or where they best fit into your overall strategy. Polls, popularity, leaktest results, and Matousec's 2 cents are not the proper criteria for making your choices. Start with a plan that covers what your PC is used for, how it's used, who uses it, what software each will use, and what that software requires to function properly, and how different files, media, situations, etc will be handled. Then select the security apps that give you the specific control you need to accomplish those things.

 

Then tell me what commonsense really is.

Here my main use of this pc is going to and finding/downloading/running/testing any and all exploits from the worst of the worst sites to the worst of the worst sites.

Doesn't commonsense usually tell people to stay away from compromising sites?

I would state that most Wilders members don't need commonsense as their security setups are way superior to real world setups.

And why do I surf the dark side? So I can help "real worlders" in getting zero day or nonflagged malware into the siggys of real world setups.

And besides I reckon it's great fun when a rogue site thinks they've hooked another victim only to have the tables turned on themselves.

 

I Totally agree with this. that''s why I said before why let infected websites prevent you from going there. It gives me such a warm and fuzzy feeling on the inside, that I can go any where on and internet and never get infected.

 

Education is important, but security tools are important too. If you are going to build an airplane, knowledge/education/draft is very important, but without instruments and materials you won't make a flight.

 

The OP states,

No one has defined what 'security software' is. If it is something that can keep malware from passing by, then certainly the browser should be considered. Today's versions permit per site managing that gives the user a lot of control over what happens on a web site.

I have yet to find a web site with a remote code execution exploit which serves up malware that works when using Opera.

Add to that a firewall properly configured for inbound protection: what else do you need?

The only other way malware can enter is if the user chooses to open something or install something that is infected. So what are the remedies here?

You can rely on a scanner or other such thing, or you can rely on your own judgment about the source of the file or software you want to download. It seems pretty simple to me.

There is quite a fascination these days with letting malware run and seeing how it can be detected by this or that, and a rush by vendors to keep up with the latest test - now we have Ring-0 tests. Good grief! The unwary reader is left to bemoan the fact that she/he does not have one of the products listed that thwarts this attack, therefore concludes that her/his security is somehow lacking.

There should be a separate forum, "Malware Playground" for stuff like this.

The sandbox has quite a following. (Interesting name - it suggests a playground atmosphere: Let's play in the sandbox!). Its use seems to assume the premise that the user is bound to get malware on to the system, resulting in it being contained by the sandbox.

The danger I see here is that there is less focus on preventing malware from intruding in the first place, and just saying, Oh - it doesn't matter, the sandbox will take care of it.

Having been around computing since Win9x days (and I know there are those who began computing much earlier!) I've seen a change in approaching computer security -- from reliance on one's self to learn and understand how malware attacks work (nothing technical - just knowing the attack methods) and what procedures/policies/products will prevent the attacks from succeeding -- to a reliance on security products to take care of everything, so that if you just "keep your AV or whatever uptodate" you are fine.

Recently I stopped in a local computer shop where for many years I've sent people to have custom systems built. I asked the head Tech person what he's seeing these days when he cleans up infected systems.

"99% of all problems I see are caused by operator error."​

Think of that. Some other observations he had:

• he asks what was the last activity done before the computer showed signs of trouble: most of the time it's downloading free music, videos, cracks, opening e-cards... they admit it...
  
  
• Most victims have their AV up to date.

So what's the use of having security software? None what so ever, if it isn't complemented by an understanding of how to set up a strategy and define policies.

You don't even need a firewall if you know how to insure that Ports are closed. Not to be recommended, of course, but you get my point.

----
rich

 

You hit the nail on the head. Users no longer view security software as tools that help to secure their systems. Instead the software is supposed to do it for them and relieve them of the responsibility of their activities. No software can completely compensate for irresponsible activities on the part of the user.

I also started in the 3.1 and 9X days and have seen the shift in what is expected of security software. Instead of protecting users from external threats, present day software is expected to protect users from their own irresponsible behavior. Users want administrative powers over their systems but don't want the responsibility of learning to be their own administrator and then complain when the software doesn't protect them from their own actions. I've often wondered how many PCs I'd control if I disguised a new rootkit as a leaktest and posted a link to it in forums like this. I'm beginning to think that it would take something this extreme to get the point accross that users can't just let anything execute, then expect their security software to contain the damage.

Your statement regarding SandBoxie and a "playground atmosphere" is exactly right. It implies the PC is a toy, which is what many users regard it as. A toy that can steal users data and money, a toy that can bring down sites and networks, a toy that can hijack other toys, assemble them together into big toys that can take entire nations offline. If it wasn't for the fact that these "toys" are taken over by others who use them as weapons against innocent users, I'd let those who treat their PCs as toys get what they deserve.

 

There's an example of the proper use of SandBoxie, isolating the attack surface (Outlook in this case) from the operating system and other user software. I'd bet that your operating system is also defended by other software that will protect it even if SandBoxie failed to contain something opened in it.

 

Hi Pete,

I see your point about email.

What types of malware come as an email attachment these days?

If that is a concern, why use a product that lets the malware install and then be contained, rather than something that blocks the malware at its source?

----
rich

 

I agree the sandbox should be the second layer of defense not the first. everyone should have some inbound filtering.

I use Seconfig, and windows worms cleaner to disable those open ports.
admuncher and no script filtering
cslite to block global cookies.
activeX and java and all other plugins disabled.
LNS for packet filtering.
And Malware Defender Monitoring and blocking the creation of folders and files in Documents and Settings.
So 99.9 Percent of the crap is blocked before it even gets to Defense Walls area of protection.

The amount of Ignorance in this world still amazes me, most people on the internet just think that by having an updated AV and a firewall which normally isn't configured properly that they will be fine. Even computer repair
guys at computer shops can be just as Ignorant, From my experiences they only recommend and say, Oh just install AVG and Zone Alarm free and you will be fine. In same places I know of they will even install AVG and Zone alarm for you as part of their Wonderful services.

As a result of this continuous ignorance in todays computer world malware and hackers continue to have a field day.

 

I think the real problem is Microsoft's OS, which allows by default and blocks by exception. That's an inherently unsafe system.

The internet (WWW) is also an insecure system. It wasn't designed for issues where security and confidentiality are necessary.

Then there is the coding of applications, including browsers.
It's usually sloppy. I'm no IT PRO, but from what I understand there are no established standards for software engineering compared to engineering of, for example, cars, hospital equipment or aeroplanes. (By 'established standards' I don't mean things like .NET or XML). I'm not sure why. The pressure to bring a product to the market and make money fast probably has a lot to do with it. Seriously, in software reviews bugs (if there are not to serious) don't get much attention, and in the average PCMAG review most bugs don't turn up.

One can blame the user. But there are so many ways to decieve a user, most people can't keep up. The malware writers keep coming up with new tricks.
Because many people fall for the scams, there is money to develop new scam tactics/software.

Truth is, the internet as it exists today is not suited for matters where security and privacy are paramount. It was not designed for that. It's an open network.

I'm actually thinking about dropping things like online banking, Paypal, online purchases by credit card etc. Then security would become much less of a concern. Like in the 90s.

It's all supposed to be progress, but is it really ?