What is your security setup these days?

Discussion in 'other anti-malware software' started by dja2k, Dec 15, 2005.

  1. mekelek

    mekelek Registered Member

    Joined:
    May 5, 2017
    Posts:
    518
    Location:
    Hungary
    it's okay, some people think they can stop a 200km/h driving train with their sheer mind
     
  2. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,501
    Location:
    .
    Especially, here, on Wilders...:D :argh:
     
  3. guest

    guest Guest

    :rolleyes:
    :isay:
    :argh::thumb:

    only if you are Neo with code analyzing vision LOOOL
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    I seen that kind of luck (I call it that, but it's clever security coding) with Ransomoff and also Shadow Defender. Running ADMIN too, no SUA.

    Ransomoff blew me completely away how it stopped, rapidly reversed, and then sucked up all the remains of every LIVE ransomware I let go of on my machine. Didn't even have to use a backup image which I was totally prepared and expected I would have to do. Amazing!

    Ransomoff is not as safe as say a Shadow Defender as it didn't do a dump of session like virtualization does so easily and completely, so that was a very new development which took my nerves to the edge but was not needed to wonder what got in to stay or needed a Image Restore flush.
     
  5. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Is it friendly with Windows patch Tuesday update other security SW ?
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    @imuade- Honestly I cannot offer any answer. I haven't been updating or upgrading my Windows 10 systems to determine that, however there's a thread on Ransomoff here in the forums, and Dave the Developer can better address this.

    That being said, the Developer is very up-to-date where concerns the absolute latest releases of what Microsoft pushes out and I be willing to bet that it is very user friendly. I just can't confirm that myself right now. 8.1 has my undivided attention over all.

    Further- I've run everything you see in my siggy together along with Ransomoff with no issues and even run Ransomoff at one point with the famous malware trap, Comodo FW with no ill affects and on Windows 10.
     
  7. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    Gotcha, thanks :)
     
  8. enemyofarsenic

    enemyofarsenic Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    85
    @imuade does avast and k9 conflict in your setup? did you set any exclusions?
     
  9. imuade

    imuade Registered Member

    Joined:
    Aug 4, 2016
    Posts:
    751
    Location:
    Italy
    They don't conflict and I didn't set any exclusion.
    K9 kicks in first, but Avast webshield monitors even safe webpages in case, for exemple, they contains a malicious script
     
  10. enemyofarsenic

    enemyofarsenic Registered Member

    Joined:
    Jun 18, 2011
    Posts:
    85
    Thanks.
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Correct, I totally forgot that when you put AG in Install Mode it doesn't offer any protection, and that's exactly my point. Because there always comes a point you need to install stuff and who is going to save the day when apps are trojanized? Yes exactly, stuff like behavior blocker, next gen AV and EDR. They should also mention that on their website.
     
  12. guest

    guest Guest

    Because when you use SRPs, you aren't supposed to be a noob installing unknown stuff every day. You are supposed to know and double-check first what you are installing.
    SRPs aren't for noob home users, they are corporate environment tools meant for locked systems to keep them locked; the policy being set by the admin.
    All major corporate endpoint protection software possesses SRP mechanism because it is the most effective way to lock a system, not HIPS; not BB.
    When you lock, there is no point monitoring system behaviors then asking for a decision, which is where people get infected.
    if you can't execute, you cant get infected.

    And honestly if you manage to get a "trojanized" known program; it will be digitally signed; then allowed by all security apps anyway.
    Appguard set in Lockdown Mode = block all execution even signed application, unless the user specifically allows it to run. Which will not be AG fault.
     
    Last edited by a moderator: Jul 28, 2018
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Yes correct, but I'm talking about advanced attacks and behavior monitoring is a must to me. And not only from apps that are at risk from being exploited, protection against exploits only isn't good enough and that is exactly what AG is all about.

    And BTW, EDR will even monitor signed apps, the only problem is that malicious behavior may have already been executed. That's exactly why I like specialized tools who can spot rapid file modification and can encrypt keystrokes, for example. This will block most ransomware and keyloggers even if they somehow manage to execute.
     
  14. guest

    guest Guest

    i was a HIPS/BB fan in the past (especially Online Armor + EAM with Mamutu) then i shifted to SRPs + sandboxing apps , i prefer isolation + full restriction than monitoring + prompt.
     
  15. Nightwalker

    Nightwalker Registered Member

    Joined:
    Nov 7, 2008
    Posts:
    1,387
    This is the perfect setup for a business environment and for average home users because we simple cant expect than to make the right choices security wise ("Report.vbs" Do you want to open this file?).

    Personally I like BB more because it is there if I make a judgment error (double check fail).
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    Exactly. I admit this user lines up with that same previous dependency-then realized that isolation/default deny was more in line with tighter and safer computing-thereby your monitoring solution gauges any irregularity (Alerts) and fills in for a user for them to add an additional Rule (where is available) to act as a safety net.
     
  17. guest

    guest Guest

    Exactly, i admit i have a business mindset when it comes to security.

    And personally, i don't have time to lose, i want use my computer for normal stuff, not checking every alerts.
    Once my SRP and sandboxing app are set, then i enjoy my system.
    That was the reason i ditched HIPS/BB and shifted to SRPs, sandboxes and Anti-exe; with them when the setup/policy is done i put them on Lockdown Mode, then they block everything so i don't have to intervene.

    @EASTER
    using an analogy using a security guard in a company.

    1- AV = the guard has a list of unwanted people, he checks all the time if some managed to enter the building.
    2- HIPS/BB/anti-exe (alert mode) = the guard constantly checks if any customers are doing malicious things, and alert the security chief if some have suspicious behaviors.
    3- sandboxes = every customers are directed to a "guest" floor isolated from sensitive ones.
    4- SRPs/ anti-exe (on lockdown mode) = Only the vetted customers can enter the building, they have a pass; those who don't have one are rejected.

    so you can see, i prefer solution 3 & 4.
     
  18. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    :thumb:

    Av's will never be my cup of tea apparently. Had more issues with them then without so came to the obvious conclusion they weren't meant for the way this user fashions windows security. Signature AV's and even now cloud, is still not convincing enough on this end but each to our own satisfaction from real world results right? :)

    2, 3, and 4 has proven more than adequate here too if you also throw in Secure Folders that virtually lock out or apply read-only permissions to various section's folders with files. Pretty tight little app for ransomware as well.

    When anything listed fails, which is all but near impossible, Comodo FW w/Cruelsister's settings would be a fallback but then I highly doubt will even have to bring that one out of mothballs anymore for the life of windows, even as is. :D
     
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    :thumb:
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    As we all know nothing is 100% secure but I'd love to see if someone can hack my machine, just to decide whether I need to add VoodooShield back or not. Love VS Dan, but still a compatibility issue remains.

    Norton + HMP.A + OSA + BlackFog Privacy + system hardening, like NVT SysHardner, all behind a SPI + NAT firewall.

    Edit: Browsers and other web facing applications are also hardened.
     
  21. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    That was not what the discussion is about. In corporations, end users will never get to see any alerts. But do you agree with me that:

    1 AppGuard is an anti-exploit tool.
    2 It's not enough to secure corporations with anti-exploit only.
    3 Next gen AV can block malware that's delivered via exploits too.

    If you agree with me then we can end this discussion.
     
  22. guest

    guest Guest

    No, once again, it is an SRP, an anti-malware tool with post-exploit protection and using a particular memory containment mechanism.
    So either you just don't get it or you don't read/care about what i wrote...

    HMPA, MBAE, EMET/Exploit Guard are anti-exploits, anything else aren't.

    however, Post-exploit software (SRP, anti-exe, HIPS, BB ) prevent the already abused process to do further malicious actions.

    i won't continue this discussion, since you seems unable to understand what is Appguard despite all the explanations i gave.
     
    Last edited by a moderator: Jul 29, 2018
  23. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    Just to repeat Appguard IS NOT and anti exploit tool. Period.
     
  24. guest

    guest Guest

    yes, seems not complicated to understand...
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    Wrong, it doesn't matter how it tries to tackle exploits, the main purpose of SRP is to block malware getting onto the system via user install or exploit. But you don't need AG for simply blocking execution, you can also use AppLocker for this. What makes it interesting is Memory Guard, and this was solely designed to mitigate in-memory exploits. But anyway, I don't care about how you want to label AG, fact is that next gen AV's can also easily block most malware no matter how it's delivered.

    https://www.nsslabs.com/group-test/advanced-endpoint-protection-aep/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.