Just a few thoughts.....

not here to bash but i dont like evangelists praising products without showing equality to the other side, many other suites offer similar feature set, maybe with different names or modules but they all have some sort of proactive protection, and i hardly consider Norton's safeweb better than WOT, dont add bias when trying to show its features.

 

Not bashing either, but you could not pay me to put either Norton or McAffee on any of my machines. I even go so far as to tell people I help, if you put Norton on, you are on your own.

Why is that not bashing? Simply because for many years now any computer I work on that has Norton installed is more troublesome than a computer without Norton and only a virus. I personally believe Norton/McAffee to be garbage, and the only reason they exist still is because they have contracts with Dell, HP, etc.

That being said, I do know many in the corporate world who use Norton and like it, but perhaps for different reasons than a home owner would.

Different strokes for different folks as they say, but I will stay away from those two.

Sul.

 

I use WOT and NIS and I think NIS does a better job of protecting you from dangerous websites. If you disagree, fine, but does that mean you're biased? No.
I'm not an evangelist. I was just correcting some of the misinformation about NIS being dispensed in this thread. My own experience proves to me that NIS works.
Security snobs never use Norton. Do you think I care? No I don't.
I like it because it's cheap and feature rich.

 

all im asking is when namimg features, dont input ur personal feelings towards it. u can inform without adding personal thoughts.

 

Out of curiosity I've taken a quick look at NIS2010 on a XP SP3 Virtualbox clean snapshot. I'd say this is a far better effort than the 2003-2005 versions that turned me off of the product that time. This might be a decent, comprehensive all-in-one product for the set-and-forget crowd. It does look awfully resource intensive, but a lot of little "gimmicky" options can be switched off, which might help.

 

If you don't like the thouht of having "dead" malware files left on your system just use Defensewall with Returnil or something like that. Defensewall holds anything from taking root on your system and then with Returnil, just reboot and all traces are gone. Defensewall should prevent anything from surviving across a reboot. Simple and effective.

 

Whatever works for you and you feel safe with is what you should go with SSJ. Personally I found the LUA, SRP route a PITA for me....but that is just me and my situation. Defensewall just lets me have LUA like protection without having the LUA hassles.

 

Oh! As for the reboot to get rid of any malware traces, I usually shut my computer off at nite anyways so that's when the toilet gets flushed.

 

Agree. We all have different things that work for us. I also found LUA, SRP, SuRun a PITA. With Sandboxie though, I'm in agreement with ssj100

 

I'm gonna give it another go and will report back

 

Well that would be a complete PITA for starters! I'm gonna try it again converting an admin account to a LUA.

 

As a former software developer, I know that it is much more difficult to manage all the interfaces when applying Application Virtualisation (disk virtualisation has a much more clearer interface with the real world).

Policy management is a security scheme which is implemented in a lot of OS-ses and is one of the oldest security approaches available.

The complexity of interfaces tied to application virtualisation, personally unsettles me, also the fact that you have to know something is in or out of the sandbox (accidental deletion).

Its everybody's own decision

That is an incorrect thought

 

@ssj100 & scoobs72

If you are installing LUA, I do not see why you need to either convert the admin account to LUA or to completely reformat the hard disk etc.

Why not simply, from your existing admin account, create a fresh LUA account, and then start using it. A freshly created LUA account should then have the correct default read and write permissions..

 

I trust you have a deny execute policy in place for these download directories?

That is true, but DW applies a much stronger containment than LUA, that is why your thought is incorrect.

 

Both Windows products..!!

Office 2003 was the only software product that I had to do something extra with when I set up the Standard User (LUA equiv) in Vista.. If my memory is good, the EULA's kept nagging every time I loaded the software, say Excel or whatever.. If that is a problem at all, there is a documented solution (on googling), being temporarily switching off UAC whilst accepting the EULA's. Of course that is with Vista.. no idea about XP..

You are right, if the whole thing is too much hassle, then one pursues alternatives; but for me, that was the only set up problem I had.. All non MS software has worked fine..

 

This approach is not recommended since your admin account/host could already be compromised and a restricted user account would therefore do you nothing.

@Kees & ssj: somewhere in the policy-protected line you have to start trusting your downloaded stuff. If you don't trust your own judgement capability, then you have to let the expert besides you do it. If you don't have an expert besides you, a blacklist scanner will suit as well.

/C.

 

I bet arran would disagree
Im checking out this 'recommended thread' now:
https://www.wilderssecurity.com/showthread.php?t=252773

 

Yes, I see what you mean. I was referring to learning mode with default rule set.

 

Spot on. In order to run something that requires admin, you must run it as admin, which then without some HIPS or other tool to tell you that something potentially bad is about to happen, you are compromised.

It all boils down to either trusting or not. If you do not, you can install it in vm or SBIE. But I pose this question, how do YOU know, once you install it in vm or SBIE, that it is OK to use on the real system?

Sul.

 

Lets see why it is about running a process as admin..

First, this is a security forum, so ...

Second, this is the 'other anti-malware' area, so admin topics do apply ...

Third, this thread is talking of a bloated AV and thoughts on security, which include admin topics ...

Fourth, SOMEONE likes to talk about LUA and company, which also pertains to admin topics ...

Fifth, it was correctly pointed out that LUA means nothing when you must execute as admin, so ...

Sixth, it is THE issue. You can concoct the MOST SECURE scheme imaginable, and in the end you still have to trust the executable.

My QUESTION was, since (as you point out) we already know we have to trust the executable, (and yes, stupid decisions in admin can be fatal), is there a way to 'conveniently' monitor what happens. This refers to starting the executable in a controlled environment to monitor what it does, and then make our 'informed' ADMINISTRATIVE decision as to whether or not we CAN TRUST the executable or not. A solution to that question would help many who don't know enough of the internals of thier OS to MAYBE make wise choises.

And that pertains to everything this forum and this thread really is about. Don't you agree??

Sul.

 

I dont understand it but I do know that you know your stuff, so I agree.

 

lol, thanks.

But it is really easy to understand. This website is all about how to keep your computer secure, that is to not get virus/malware/spyware etc, or in general, problems. Simple enough.

There are many many knowledgable people here, and many more who like to 'experiment' to find different methods of security.

But in the end, when speaking of running a program on purpose or accident, some programs (firewalls, AV, etc) absolutely must install deeper into the OS than say a solitaire program. To do this requires you give the program access and rights to the core of the OS.

All the security in the world does not stop a malicous program from damaging your system once you give it the permissions of an admin. And you must do this for some programs, or you don't get to use/install that program.

So it boils down to a simple issue, how can you KNOW if you can trust a program?

This is what Rmus is always pointing out when he refers to 'social engineered exploits'. Basically, even on a secure system, if you THINK you can TRUST a program, and do so, that program gets to do basically whatever it wants, malicous or not.

What I am asking is, how can an average person test and KNOW that a program he/she wants to use/install is actually OK. It is simple, you can't. But it would be nice to have a way to find this out, conveniently.

See, not so hard lol.

Sul.

 

Correct, you can't. However, there are certain approaches that are much more reliable than others.

Ultimately, unless you trust your personal flip of the coin to always be correct, you end up trusting a third party. Among the various OS's around, the trust mechanism varies, but it's really always there.

In the Windows world, it is often trust in sites of known repute (which is one of the reasons we strongly encourage links to download software go back to the primary source only), or via trust we implicitly assign to, as one specific example, antimalware vendors as third party experts at evaluating malware. There are plenty of arguments here regarding the technical mechanisms employed by these third parties in rendering an assessment but, ultimately, everything goes back to the trust with which we view that evaluation.

It's just my opinion, but unless there is a fundamental shift in the mechanics of electronic software distribution, particularly in the Windows world, this is an overriding reason that blacklist technology (i.e. AV's in some form) will be with us for some time.

Blue

 

My perspective:

There is no 100 % security.

My own approach when dealing with software I want to download:

1) Use your brain. 'If it's too good to be true, it probably is'. Don't ever download rogue security software, make sure you know how to recognize it. Where and how did I get the information about the program that I want to download ?

2) It's usually safer to download it from the vendor's website than from download.com, majorgeeks etc.

3) do a search with Google to get more information. It doesn't have to take more than a few minutes. Don't forget to check the vendor and its past reputation.

4) Check the WHOIS information of the website you want to download from.
If it uses some kind of privacy protection service, it's a red flag.
Same for websites from certain countries, like Russia and third-world countries. (no offence intended)

5) Check a reputation based system to evaluate the website, like WOT. Or analyze the URL. Example: Finjan linkscanner.
I usually skip this step.

6) (Make sure your browser is secure!) Download the software to your desktop. Next, upload the file to Virustotal, Jotti or both. There may be a permalink, but you can choose to analyze the file again.
More complicated but not useless: Upload the file to anubis.iseclab.org.

7) If everything checks out, install the program, but use a customized installation, read the EULA and privacy policy (only relevant sections), make sure you know what you install and skip any toolbars.

That's more or less how I do it. The average user may have some trouble following the seven steps, but it's not that hard and they can learn how to do it if they want to.

 

I'd like to check the MD5 or SHA value of download files.It may be more secure.

Looking up the information of download files on Google is not very safe.Because sometimes Google provides too much information and we can't make a clear distinction.