Quietest 'safe pay' type protection?

@PrevxHelp
I tested WSA and SpyShelter test on Vm, i will re-test it real machine.

is WSA compatible with other AV's? Especially Bitdefender and Kaspersky? Can user run together them?

 

Maybe a silly question but if you run kaspersky or bitdefender why do you need WSA?

 

@Lucias;
Nope, very good question. Short answer; Actually no need, you are right.
Some users like to use 2-3 security product on their computer.

Also, When i look last test results, KIS and Bitdefender have very good score. WSA has lower score than both. Many people will select KIS/BD instead WSA. If it is compatible, More user can use it as complementary software.

Emsisoft example, We can use Emsisoft with other AV's, right?

So i ask @PrevxHelp.

 

With a few tweaks WSA is a solid solution, meaning it blocks every zero day I throw at it (getting them from a malware reverse engineer).

1. Set all internet facing software to monitored
= same protection as appguard guarded aps
2. Set community to high, meaning only applications are allowed to execute which have been seen by a large portion of the WSA community (two years after WSA , Avast 2014 will also offer this whitelisting feature) = same protection as AppGuard in user space, only instead of deny all, it uses a whitelist like AVAST 2014
3. Increase heuristics for drive by/drive in (internet, USB, mail etc). My wife has WSA since PrevX 4 beta, no falsepositive with these increased heuristics for two years
4. Increase HTTP default to protect browser from changes. No false positives, prevents installation of MITB attacks for normal webtraffic also
5. Set outbound firewall to alert for untrusted programs

It really beats me why WSA does not offer a simpler GUI, with normal and paranoid protection (paranoid being the changes I have mentioned).

I don't pay for software as a rule, because there is so much excellent freeware available and I have suffucient security knowledge, unless this is real excellent software (like DefenseWall, Sandboxie, AppGuard, EAM and WSA). Okay I have not tested all, but I have trailed Bitdefender IS and WSA with my paranoid settings beat Bitdefender against zero day malwares (also EAM with some tweaking stops most of them). I agree with Jeff (Trjam) that WSA should simplify its settings and apply a normal and paranoid policy. They should ask testing agencies to test their application in paranoid mode (which would make them top3 in all charts).

So to answer the question of Lucius (I don't know for Kapersky), because WSA blocks more zero days than Bitdefender IS using a few tweaks
On the other side: I do not have twaeked bitdefender IS, but BS IS seems to apply a good default with KIS (keep it simple policy, not the 100+ options of WSA). So on the plus side for BD IS: out of the box Bitdefender IS is a bettter solution as WSA in default settings.

Regards Kees

 

Yeah, after thinking it over, I went back to Avast Internet Security Safe Zone Browser. I do lots of banking, financial transactions on Amazon/eBay so just to be a bit safer, bid adieu to F-notsoSecure.

 

Yes, you can use them alongside each other with no problem. Let me know your results or if you run into any problems with a real machine - send me a PM if easier if I end up not checking this thread often enough as I'd definitely want to get to the bottom of anything not working correctly for you.

Thanks!

 

The 2014 product has a massive UI change coming, along with a considerable simplification of the heuristics options to better align with what you've discovered. Thanks!

 

A new simple settings scheme sounds good, but I hope you keep advanced settings for advanced users.

 

Great to hear that that heuristrics will be set to high for threatgates (internet mail USB) in 2014 version.

What about providing a preset "secure option" besides the "factory default" which raises protection for:
1. Monitors all internet facing software by default (browser, mail, mediaplayer). With this "monitor untrusted" tweak the build in HIPS/Behavioral Monitor will keep them in limited user environment. This limits damage of any zero day intrusions to ring3, keeping the core of the system clean and easy to remove using the advanced BB monitoring.

2. Increase firewall default from "after infection" to "new untrusted process". When you combine it with the "factory default untrusted list as suggested at 1", chrome or WMP connecting out for the first time will be recognised as a program from the "factory default untrusted list" and WSA can quietly allow outbound connection. This to reduce pop-ups for the end user.

3. Set community default to "Seen by a large portion of the WSA community". This whitelisting feature will automatically stop zero days from slipping through.

 

OK, the first thing I discovered is the wireless security feature of Safepay doesn't work in the trial version of BD IS 2014. After I activated my license the secure connection feature kicked in automatically when I started Safepay at Starbucks (open wifi). The secure connection only protects the Safepay browser though. That's unfortunate since I prefer that all of my internet facing apps be protected. Still, this is a real plus for anyone who wants to do secure transactions and doesn't have a separate VPN subscription.

 

Do we know what protection the toggle for 'Monitor Wi-Fi Connections' is doing in BD 2014? (Settings/Firewall/Advanced)



I have it 'on' just not sure what protection this is activating? Do I have to do the same for 'SafePay' browser or does this setting cover Wi-Fi whether user browser or safe pay browser is used?

ok, I see 'hotspot protection' toggle in SafePay browser settings. Is this protecting open WiFi eg in Starbucks? Obviously can't post a screenshot of that but is in Safe Pay/Settings

 

If you click on "?" (help and support) on the Firewall Advanced Settings screen it says "Activates Wireless Connection Monitoring" when you point at the Monitor WiFi Connections toggle. I haven't confirmed this yet, but my guess is when this is ON Safepay will automatically secure the wireless connection when the firewall detects unsecured wifi IF Hotspot Protection is also ON in the browser settings. Based on my test today it appears that the VPN protection only covers the Safepay browser.

 

Thanks, Vic.
Jerry

 

I have been hollering for this since it came out. I love WSA but if they simplified it to be more user friendly for the normal user, it would stay at the top of security products.

 

Yes I think you correct.

Bitdefender Safepay FAQ
http://www.bitdefender.co.uk/solutions/safepay.html

What is hotspot protection?
"If you connect to a random Wi-fi network (for example, an airport, an Internet Cafe or a pub) while using Bitdefender Safepay™, an extra layer of security is offered by the Hotspot protection feature. Hotspot protection is a premium feature which encrypts the Internet communication over secure and unsecure connections, helping you to maintain your privacy no matter what network you are connected to. The secure connection will be initialized and a message will be displayed in the Bitdefender Safepay™ window when the connection is established. The symbol appears in front of the URL in the address bar to help you easily identify secure connections."

....... and on the BD IS front:

Two-way Firewall
"The two-way firewall continuously monitors your Internet connections and prevents unauthorized access, even over a Wi-Fi network."
http://www.bitdefender.co.uk/solutions/internet-security.html

So BD claims protection for Wi-Fi connections in both BDIS and SafePay but only safe pay creates VPN so suitable for 'open' Wi-Fi connections, and BDIS firewall will detect 'unauthorised' attempts to access from a 'closed' or password protected Wi-Fi eg in the home?

That sound about right?......

 

It would be nice to know more specifically what kind of protection the firewall is providing "even over a (unsecured) wifi network". All software firewalls can close/stealth ports, etc, and I'm curious if the BD firewall is bringing something new to the table?

The typical home router protects wifi with WPA/WPA2 encryption. The connection is encrypted between the router and the PC as with a VPN. I believe the BD firewall provides the same protection regardless of whether the data is arriving over a wireless or wired connection.

 

re 'safe pay' type browser - Integrated vs separate?

I presume there are security vs convenience trade-offs here? Some vendors have developed their 'hardened' browser for banking/shopping as a separate browser, some have integrated their module to work in the open browser that the user has been working with.

I am guessing that the separate 'hardened' browser opened when required for banking should provide better security, than 'integrated' options?

 

Thanks, but I've never felt entirly comfortable with WSA's protection capabilities. Recently, for example:

AV-TEST Product Review and Certification Report – May-Jun/2013
Webroot: SecureAnywhere Complete
http://www.av-test.org/no_cache/en/tests/test-reports/?tx_avtestreports_pi1%5Breport_no%5D=132319

If i recall correctly from reading test results over the past year, FPs flare up and down from month to month, and 'events requiring a user interaction' (eg Allow/Block decisions) also appear much more often than i would find acceptable.

I acknowledge that WSA is a product well loved by some, has a loyal fan base and the best support in the business though!

 

Smaller attack surface.

 

Like all security apps there must be a fair amount of variability depending on the user's system. I've been running WSA on three machines for about a year and I can't remember either an FP or an "event requiring user interaction". It's been dead silent including upgrading without requiring a reboot.

 

AV-Test/AV-C don't test any of WSA's generic protection or generic remediation capabilities. We're working with them to improve the compatibility with how we operate, but none of the current tests truly reflect how WSA functions.

 

During my preparations for Virus Bulletin 2013 conference presentation I have made a kind of malware simulator (very primitive one, I must say!), just read your statement and made my mind to test it against WSA... Very disappointing (for WSA, surely).

 

IIRC WSA said previously that it work well against 'known' threats, not malware simulators. There was a MRG Effitas banking protection test using malware 'simulators' which WSA failed, but WSA say as it was a sim, they don't protect as WSA had never seen the sim before and didn't regard it as malware?

Having said that, if you look at the new MRG Effitas Online Banking /Browser Security Assessment Project Q2 2013 (published 12 August - specific Zeus MitB samples) WSA blocked 100% (along with several others) - so good result for WSA.

Replaced link to new dedicated thread on topic: https://www.wilderssecurity.com/showthread.php?t=351873

 

1) Agreed. Put monitored applications in very strong sandbox. Depending on how much the application is trusted, the limits for the process could be tighter or looser, i.e. given more or less access to critical areas.

2) This I already suggested, but got the answer from Joe that Windows 8 was built in this way and there was nothing to be done about it. "After infection" is not enough for me personally... but it's a Windows 8 problem, or so I hear. "New untrusted process" would be more logical for anyone who REALLY wants to control one's network and potential leaks. I for one don't want my the documents of my dissertation leaked just because WSA missed an infection and that infection steals my documents. It could be prevented if "unknown or untrusted processes" could not reach outside my home connection. Currently not possible with WSA and Windows 8, but is possible with WSA and Windows 7.

 

Yes, and 100% protection ITW samples.

Still, see my post above. I really want an option for Win 8 users to be prompted about unknown processes trying to connect to Internet. That's what I really miss.