Why cure when you can protect?

I agree ErikAlbert. The damage is already done after the malware is run and exchanged signals with the system & whatever else it's capable of doing.

If theres any consolation in any of this AFTER-THE-FACT scenario it's that some Anti-Spyware's like SAS and i'm sure others, have gained more vital data into various structures of malwares enough to at least safely remove most of the more critical aspects of them (files/reg entries) including the elusive rootkits/hiders. Anything more severe or critically destructive and then RESTORE principle is the next alternative to recovery, thats understood.

Ok, so then thats of the CURE factor.
Prevention on the other hand though is supposed to provide the proper shielding and for that HIPS/AV/AS/Sandbox combinations in real-time seem like a lot to have to depend on and they are, but technology & study is risen to a higher degree then ever before with each following passage of time & experience and thats consolation for a BEFORE-THE-FACT approach and the one most popular with more experienced surfers/users of the internet.

I think most users here at Wilder's and also other security forums take into account all possibilities of forced intrusion and set up their configurations with a full Layered approach as those mentioned above as well as keeping readily restorable images to external or other alternative media.

So yes, why cure when you can protect and i expect most here do just that.

 

Since I have a 100% removal method by rolling back to a previous healthy state, including history cleaning and registry cleaning without needing a history/registry cleaner.

Now I have to solve TWO other problems :
1. Prevent the installation of malware.
2. Stop the execution of malware, if they pass through my security.

Which security softwares are able to do this, except realtime shields of main AV/AS/AT/AK-scanners
Keep in mind that these security softwares only have to save me during ONE session between two reboots. After reboot all infections during that session are gone.

A. Firewall (+ router)

B. Anti-Executable, which has a whitelist, based on the legitimate softwares, installed on my computer with a verification of File Size, File Type, File Location, Creation Date and Code Sample and AE detects more than 80 different executable file types (.exe .sys .drv., ...) and does NOT need an updating of definition files.
http://www.faronics.com/html/AntiExec.asp#Standard

C. Sandboxie : data flows in both directions between programs and the sandbox. During read operations, data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk.
http://www.sandboxie.com/

 

There are two ways, it seems to me, that malware installs:

1) By accident, either

• By intrusion via a port
• By remote code execution, aka, drive-by download
• By running an email attachment inadvertently

It seems to me that your A. and B. solutions take care of this.

2) By piggy-backing on a program, or a tainted program, which you install, while your security is disabled.

Nothing to say to this, since everyone has her/his own way of dealing with trusted sites/software. If you are confident enough in how you deal with this, it is a non-issue.

This is a non-issue if you are confident with how you deal with the above two scenarios. If you are not confident, then you will never feel secure and be aways worrying.

Your setup/methods (A., B., and rollback) seem more than adequate for secure protection.

I would just enjoy what you have, have fun computing and surfing, and not fret and worry!


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Rmus,
Thanks for the info.
If A and B fail, rollback will take care of it.
Emails aren't a problem, because I ignore and delete them without even opening them.

 

OK. I will try that one for awhile and see how it works.
And I will have an army of backup images and archived snapshots after re-installing my computer, to recover from any malware-attack.

 

You won't regret it. I think you will stick with it too. It's dead simple and effective.

Rmus: thank you. That's kind of what i'm thinking, but asked for confirmation.
Since joining Wilders, i've learned a lot, and among the things i've learned, is how to download. I don't think i'll be getting trojans just like that.
So i've cut back, and run Comodo, SandboxIE and Avast!.
WinPatrol is there for kicks, and trying out AnalogX Script Defender. Not sure how the latter will help, but i'm just taking a peak.

I still think Prevx1 is the best monitoring tool, but i think i can handle it
Once it matures, i'll recomend it as stand alone for me friends (those who are willing to pay, or give a damn). For the masses, i can't think of a better program. And for those who want some peace of mind.

 

I like that line of planning.

PREVENT!
SSM fills in the gaps for me in much the same way as showing you what is entering your blind spot while driving your vehicle down the road of a dual-lane one-way road.
Is intercepted potential intrusions with ease courtesy of the SUSPENDING command which offers you to first identify the source name, location, instruction, and targeted destination while awaiting your decision to allow it to proceed or not. Works for me to a tee!

Prevx1 does rank very high in PREVENT from the reviews i covered and i read much the same for BoClean although i believe they differ somewhat if not quite differently in methods, success rates.

 

In that case instead of a complete virtualization sandbox, I think a partial virtualization sandbox like GeSWall might be more appropriate as it will not allow anything to run like keyloggers etc due to stricter policy restrictions. And u will ofcourse clear them on reboot.
Finally it depends upon ur choice too.

 

SSM is also a possible, but I have troubles to understand it. Can you use it without being knowledgeable ?

I'm not sure about Prevx1 yet, I like it but I'm not sure if it fits in my frozen snapshot. Never liked its blacklist either and it has too many updates.

Keep in mind that a frozen snapshot can be replaced by refreshing a snapshot with an archived snapshot. The only difference is that a frozen snapshot is an automatic copy/update, the other methods have to be done manually.
Most manual work could have been avoided, if FDISR had schedules on demand, but they don't exist.

What is also interesting to think about, is this :
A frozen snapshot removes also the GOOD changes. Is this a problem are not ?
When a frozen snapshot restores my computer to a healthy state after EACH reboot, why do I need these GOOD changes ?