Suite vs layered approach

For the last couple of years I've been running a layered approach to security. Before that I was an Avira Suite user and before that I recall using Avast Home, ESET Suite or even AVP / Kaspersky.

I realized that I was never ever getting malware at all and wanted to control more my security settings and have a leaner system. I tried many programs: antikeyloggers, firewalls, HIPS, SBie...

My current setup is: Windows 8 Pro x64 + Win FW + WSAC + WinPatrol + Ad Muncher + Norton DNS + some one demand apps such as Hitman Pro and MBAM. Plus I use FFX with NoScript + RequestPolicy + HTTPS Everywhere. Looking up for a new EMET that officially supports Win8 (current build is buggy in Win8 AFAIK).

My system feels light and secure.

 

Yeah my current setup is similar to yours. Windows 8 x64 + Windows Defender + Windows Firewall + WinPatrol + Zemana Antilogger Free + EMET. I haven't been infected while using this combo, but for some unknown reason I don't feel safe using Windows Defender as my AV. For some reason I feel safer with the free suite I get from Comcast (Norton Security Suite aka Norton 360 just repackaged). False sense of security? Maybe and that got me wondering if I really do need that suite. It's weird too that I even have those thoughts considering I've never been infected with the current setup I'm running.

 

I think that theoretically layered protection is better, because it uses softwares of different producers, differently developed, and it makes things harder for intruders. But actually security softwares are increasingly sophisticated, they basically work at a very low level of the system, so frequently they make conflict. Nevertheless I think that the best way is don't trust an only one solution, and test a combination that work fine.

p.s.: why here and not in " other anti-malware software " ?

 

prob same reason "suites" get discussed here!

 

Good points. If this post is in the wrong forum feel free to move it and I apologize for putting it in the wrong section. One other question, do you guys feel that if you go the suite route do you feel it necessary to keep other programs such as antikeyloggers, EMET and other HIPS programs or do most suites already have these in them and it would be repetitive to keep them around with a suite? Thanks.

 

Its depends on the suite chosen. Some of them have the anti-keylogger feature well developed and implemented (WSA, Kaspersky) others less. Do some reading and review tests. They can give some hints on best features out there. Then try them and decide based on how they behave on your PC.

 

Yeah I'd use the free version of Norton 360 that is offered by my ISP. I'm pretty sure it uses HIPS so don't think I would need to keep WinPatrol, not sure if it has antikeylogger so maybe keep Zemana around and keep EMET for hardening. Thanks again for everyone's replies this is a great community.

 

Another HIPS or similar would be not only repetitive, but also potential compromising the stability of the system and the effectiveness of security programs, just they work at low level.

 

whatever route you choose you still need to use a fair modicum of common sense

 

trouc dear, once you have joined this forum your fate is sealed. You will never be satisfied with a single suite taking over your machine. Your innate curiosity will drive you towards tinkering & modifying. And hopefully someday you will be a master at this. Long live the forum.

 

This is very true, i am one of the victim.

 

I'm a layered approach man myself (or is that bits and pieces?)

Very True! - the contagion is unstoppable! - And there is NO vaccination!

 

LOL I am finding this out rather quickly! I cannot stop testing different combinations and should stick with one that hasn't let me down, but the urge is just too great!

 

AV rehab is close!!!

 

If we rely only on one product, this can happen .

 

I made my set-up to be a light mixture of both.

G-Data IS + Zemana.

Bitdefender
Avast!
And Zemana as a final line BB.

It also requires no attention after its set-up.
I think layering is fine as long as you don't have to fiddle with it all the time.

 

Your current setup is good enough.
Windows Defender(/MSE) is a good AV(signature-based anti-virus part) and Windows 7/8 built in firewall is good enough too (TrendMicro, F-Scure, Webroots their AIO Suite rely on Windows firewall).

These days single anti-virus products already provide multi-layer approach protection. Anti-virus/anti-spyware, Cloud Based Scanning(usually for whitelisting), behavior blocker(or HIPS) Web protection(URL blocking), Network inspection(/Internet protection), ISP(ex: Norton antivirus)

What about web browsers? they have their own security features and you can add security add-ons like NoScript. If you use Firefox I recommend to use NoScript(add-on).

Don't get me wrong I'm not saying AIO suite(paid) is bad idea but even If you use one anti-virus product(Windows defender) there is multi-layer protection.

I just like to say it's not Suite vs Layered approach. It is your combo suite vs Comcast(Norton) security suite

It's complete up to you use your combo suite or Comcast(Norton) security suite. There is No False sense of security.

 

Not defending Symantec but they claim that NYT 'turned off' some of the suite protection modules, (possibly due to FPs in the enterprise environment?)

Symantec Statement Regarding New York Times Cyber Attack
http://www.symantec.com/connect/blogs/symantec-statement-regarding-new-york-times-cyber-attack

What is not clear is what Symantec product line and version was in use and what modules were active at the time of infection.

"Advanced attacks like the ones the New York Times described in the following article, (http://nyti.ms/TZtr5z), underscore how important it is for companies, countries and consumers to make sure they are using the full capability of security solutions. The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough."

So NYT have/had SAV (version unclear) which Symantec not longer sell as a sole AV, but still support whilst encouraging enterprise customers to migrate to Endpoint Solutions with multiple 'layers' of protection?

I guess if i installed NIS and then went through setting and disabled everything bar basic AV sigs, i would have to understand that i am reducing protection, possibly by a significant margin. If that's what NYT it tech did then on their heads really.........

 

I think you hit the nail on the head right there. I go back and forth on this quite a bit. Should I use the Norton Suite or just Windows Defender/MSE? Do I really need the protection of a full blown suite or will a stand alone AV be sufficient? Does the suite slow my computer down or not? Is Norton the way to go with all the reviews? etc etc. I would go another free route, but I don't care for avast and I would try the new Btidefender offering if it didn't auto delete FPs. Constant game of second guessing which all seems really dumb now that I think about what I am actually typing in this post. Arguing with myself over what AV to use when I can't even remember the last time I've seen an AV that I used actually pop up and tell me something was blocked. Ah the joy.

 

Just install Sandboxie, and the second guessing and arguing goes away.
AVs become supporting cast members.
If they show up or if they don't, it really doesn't make that much of a difference.
It's the ultimate in layered approach... SBIE and some other stuff.

 

@Page42
Couldn't agree more.

 

Very good explanation, imho

 

Briefs dude, im used to them.

Just get any reputable software on your system and be careful what you do in the web, that should probably avoid 99% of infections.

 

The advantage of a suite is that it will generally be easier to use and maintain. You'll get something closer to set-and-forget protection. It may also cost more if you use paid apps.

The advantage of a layered setup is that it's more likely to work the way you want, and malware counter-defenses are less likely to bypass your particular setup (depending, of course).

If you don't really want to mess around with learning and keeping track of the different apps, then the suite is the best way to go; those things are important because if you don't know what you're doing and how those things work then you probably won't be able to use them effectively and you'll be worse off.

As the others have pointed out, though: the fact that you're here and asking this question means that the damage is already done and you'll never be happy with your security setup ever again And you shouldn't worry about justifying the decision to switch software around, IMO (as long as you're within your budget); learning and trying things are good things

 

It's just the beginning....