Security that you use and its purpose - DISCUSSIONS

Re: Security that you use and its purpose

No, but I know bad grammar when I see it.

 

Re: Security that you use and its purpose

go see a Mac... please. It's wonderful. You'll feel free of the Wintel domination.
Also true for Fedora.

 

Re: Security that you use and its purpose

thanx dude can't ever have to many programs helping. *hands you cookie*

 

Starlight, as you have asked the same question here, I have deleted this duplicate.

Cheers

Blackspear.

 

Re: Security that you use and its purpose

I have a paid for licence for ZoneAlarm Security Suite and untill the recent release I have found it to be ok although sometimes for unknown reasons it can hog my resources.

I have however begun to question how much they listen to either the beta testers or issues within the forums before releasing new versions or indeed making sure issues are corrected quickly and efficiently. IM secure is not that great nor is the ID Lock and as for their Spam removal again it works but is basic but overall it sucks which leaves just the Firewall.

I have been advised by them, ZA Tech Support, that until such time they can fix the issues with MSN 7 to return to ZA Pro. In the ZA Forums however it seems there are issues with the latest release of ZA Pro also.

What version of ZA Pro are you running?

I would like to know as I want to go for Nod 32 which you are also running. Which version?

If I know the versions that work together then that is one battle I wont have to fight.

I also want to run PG which version?

I have a paid for version of PE, TDS-3 and Wormguard but have not installed then for ages since my last windows install basically because I do not know how to use them properly.

I have a paid for version of TrojanHunter and TrojanGuard; I use SpyBot Search n Destroy (free); Ad-Aware SE Personal (free); SpyWare Blaster (free); Crap Cleaner.

Of the other software that you use I notice that you have Kaspersky 4.5; is this free or a paid for version?

I read alot about Kaspersky's and they seem to be streets ahead of Norton when it comes to updating their database.

You have RegDefend which I know nothing about nor where to get it from. Can you supply a link?

You have Firefox and Thunderbird. I have version 1.3 ready to install and to learn how to use. Thunderbird is for E-mails?

You have Ewido (licensed) and again I do not know much about this software apart fromwhat I have read and have yet to see a bad report.

You have UnHackMe: Rootkit installation prevention;this is new to me.

You have WormGuard: traps potentially malicious scripts; I did have issues with WG2 so have not installed it since.

You have SpywareGuard which I know of but I use TrojanHunter Guard which came with TrojanHunter.

You have TDS-3 and likewise I have paid for it but not installed.

You have Ad-aware and Spybot which I agree with you I would not be without.

You have HijackThis and likewise so do I. I run it after installing anything new just to keep account of what Active X is being assigned by software and if I should remove or not.

You have CounterSpy Anti-spyware(trial; I have not heard of this one and have been considering using the MS Beta.

You have Trojan Hunter; I also have this software. I have not heard of BOClean.

You have SpywareBlaster; I agree it works and is free.

You have DCS Port Explorer; I also have this software but again not installed.

You have System Internals Filemon. Again I have no knowledge of this software.

I use CCleaner all the time but have never used RegSeeker.

Overall you have a similar setup to me but obviously you use it to the best effect.

Do you get any clashes with any of the above? I am interested in respect of any of the software hogging your PC as I go online alot playing games. When I am in game only what do I need running and what can I switch off temporarily until I am back online surfing when I assume is the time my PC Security needs to be at its tightest.

Only answer if you have the time but I would appreciate any advice.

 

Re: Security that you use and its purpose

Hi Cyborg,

Much of the software that I have is due to the way my security system has evolved over the last few years. I believe that it is best to keep things simple, so that is what I will try to do.

1) I am running ZAP Pro 5.5. I have not had any problems running this version with any of the AVs I have tried out including NOD32 and KAV 4.5 (and 5.0). I have 4.5 paid and am extremely satisfied with its scanning and detection capabilities. Literally nothing has ever gotten through (this has not been my experiences with other AVs). However, its interface has much to be desired and it took a while for me to become comfortable with it.

2) Since you have chosen NOD32, I would recommend that you also install an anti-trojan program at this time to supplement NOD32's capabilites. I would recommend Ewido which is a very simple AT that has both real-time and on-demand AT capabilities. It is relatively easy to install and use and has daily updates. There is a free trial available and I do not think you will have any problems installing and running it. Others recommend BOClean. It is tough for me to say which has better real-time scanning and detection. I do know that Ewido on-demand will pick up some bits of tracking cookies and other types of malware on my machine from time to time. I have found that Trojan Hunter's real-time engine does conflict with many of my programs, which is why I initially went ahead and sought out a replacement.

3) Beyond these two products (NOD32 and Ewido), I would recommend focusing any "learning time" on products that pro-actively prevent malware from installing on your machine. The two products that I like at the moment are ProcessGuard and RegDefend. ProcessGuard prevents new programs (dlls) from executing on your system without your permissions. RegDefend prevents programs from changing the registry without your permission. In other works, they intercept potential malware before they can ever get started. The downside is that you, as a user, have to be comfortable making decisions when new alerts are presented to you. Depending upon your habits, the learning curve is manageable. If you are game, I would begin by installing PG, leave it in learning mode for a period of time as DiamondCS suggests, and then take it out of learning mode, at which time it will start intercepting. If you can learn to understand the messages, then you are home free. If not, then this type of guard is probably not for you. The PG forum on Wilders provides very active advise.

4) If you are comfortable with ProcessGuard, I would then recommend installing RegDefend with a similar type of approach.

If you can put these four programs (NOD32, Ewido, ProcessGuard, RegDefend) in place, I think you will be very well protected without the need to get involved with other programs that I mentioned on my list. The only other program that I have that actually has found malware, is Ad-aware which detects and deletes tracking cookies.

There is a learning curve with some of these programs, but as someone else pointed out, the learning curve is miniscule when compared with what one has to know when removing trojans.

Rich

 

Re: Security that you use and its purpose

Blue -

I see in your post above that you have two physical hard drives with each one having a XP Pro boot partition. I would appreciate any info you can provide as to the thinking behind that setup. Reason is I have the chance to add a new external HD which will supplement the original internal 60G drive and the 80G internal drive that I added last yearand is the boot drive with XP Home. The 60G still has the original ME setup and FAT files. and is used for backup & storage.

My BIOS doesn't allow boots from USB drive, so I would have to put the second boot partition on the 60G slave, rather than the external drive. Am I accomplishing anything by doing the foregoing?

Your thoughts/advice would be welcome.

 

Re: Security that you use and its purpose

What software is equal to ms antispyware. Any software and\or combination of softwares that make up the same thing. I can't find a reason to use it as an active scanner anymore and trying to find out if that is a good move. I mean I have KAV 5.0, Regdefend, Analog X Script Defender, Outpost Firewall, and Trojan Hunter as active. Just trying to find a way to save resources and just do manual scans. By the way, does anyone know what other extensions to add to script defender than the defualts.

dja2k

 

Hi dja2k,

With your setup, I think that realtime MS AS is superfluous. Especially with RegDefend in there backing up KAV. There may be some stray malware cookies that get through that you can catch with running Ad-aware or on-demand MS AS. The only thing that I would suggest is that you might want to add ProcessGuard (very little resource usage) to help protect against rootkits and keyloggers. Since you already have RegDefend, I think you will find PG a very nice addition. But PG would be, in my opinion, insurance protection. Your defenses seem to me to be already very strong.

Rich

 

Yeah I already have process guard, just don't have it active. It tends to screw up a lot of setups and exe runs. I might just add it again to my setup. So your saying that ms antispyware shouldn't be on all the time and just used as a scanner? Okay then, MS antispyware will be kept off (saves me memory) Oh , I forgot to mention I have xoftspy running as a scanner daily and also Bitdefender AV 7 Free Edition running a scan every other day as well. In addition, KAV running a scan daily as well. One thing, on the KAV, do you know if I should turn on riskware detection? I had it on before, but for some reason, I lost most of my uninstall entries from my ADD\REMOVE, being exe uninstall files. I have no other software that could have done that except when I thought about it, that option was on and it does make things slow when you read a folder full of exe install files. By the way, anyone know what other extensions to add to the analogx script defender entries; no one seems to answer me on this.

dja2k

 

Spend some time w/ ProcessGuard and I'm sure you can get it running pretty transparently (with the exception of the execution prevention.) The MSAS agents do add some very good protection, but being beta means you'd want to watch it some. If you don't want to run it resident, you might try SpywareGuard (http://www.javacoolsoftware.com/), it uses less resources.

If you want more scheduled scans, you should check out a-squared, it's very good for that. Spybot Search & Destroy, too.

Of course I have to mention the system hardening stuff. Not only will that give your security a signifigant boost, but it can speed up your system, sometimes enough to off-set your resident protection. See my sig for my suggestions. Many of the steps mentioned in the link are covered by the small apps, but it's still very worth going through, especially the suggestions for disabling services (if you haven't done this already.) If you don't mind spending $25, Qwik-Fix (http://www.pivx.com/) does quite a bit. Pivx has a team searching for vulnerabilities and releases workarounds for the vulnerabilities via Qwik-Fix (it auto-updates) when found. They also plan to add protection for 3rd party apps (like Firefox, etc) in the (near?) future, which you won't get from the free apps.

As far as Script Defender goes, I don't really have any suggestions for you. AFAIK it's pretty good by default, but I haven't looked at it in a while (might look again now thaty you mention it.) You can try checking out some other script blockers to see if they use any different extentions. ScripTrap is a good one to start with since it uninstalls 100% completely (http://keir.net/scriptrap.html) and attached is what RegRun covers, as ambiguous as it is. This might make a good subject for a new thread, though.

 

Re: Security that you use and its purpose

I went with that setup following an unfortunate beta test result that required a reinstallation of my OS and applications. I really didn't want to suffer the downtime again (~ 2 days to get fully up given other time committments), so this seemed reasonable insurance against that.

This basically provides a working system and a test system. After setting up this way I've had one other bad beta result, but this time I was fully back in the time it took to reboot the system - less than one minute - and could rebuild things at my leisure

I ended up configuring the remaining home systems this way also. I spend a few gigs of disk space to provide a rapid recovery avenue when needed.

Blue

 

Thanks for the response. I may try that approach also since I have ample storage and occasionally get into a bind that can take a while to fix when experimenting with programs.

 

Hi,

Yes, I think if you activate, and become comfortable with ProcessGuard, you will greatly increase your protection. If KAV is not running in real-time with extended databases, then you may want to keep MS AS, since on my system KAV is doing more than MS AS, but I am running KAV in real-time.

I use riskware, but I do not automatically delete when KAV gives me the "Not a Virus:XXXX" warning. In this case, KAV is alerting to a module that may be associated with a virus/trojan, but also is associated with legitimate uses. So I do some research on google or on the KAV forum before I delete anything with this kind of warning.

Basically, I find that running KAV 4.5, ProcessGuard, and RegDefend in real-time makes MS AS in real-time superfluous. I only run Giant AS on-demand nowadays, and it hasn't found anything in ages. CounterSpy on-demand will find some minor malware as will Ad-aware and Ewido now and then. But since you have KAV on-demand, then probably you should keep MA AS real-time. That is what I would do.

Rich

 

Personally the best thing I like about PG is not it's process monitor but rather it's ability to block global hooks and drivers from installation. So even if you dont like it popping warnings whenever you run something new, it can still be very useful.

 

Ok, carrying over from my list, is why:

Damn! I am a security freak I need help

What am I protecting? To be honest, nothing of any real value. I don't online bank and have no valuable files, other than my apps. I'm protecting my security apps, my themes, and other programs - my pretty desktop! - and trying to save myself from having to reformat if I get a virus - that's the bottom line. It's WAR! - and sometimes it's fun - especially when you win and and kill the intruder saving yourself from reformatting or True Image (my last resort)

Someone should make a board game - you go surf the internet and purchase programs and/or buy Antivirus, visit a pron site and get a nasty trojan, etc and you could land on a virus/trojan and it will cost you if you are not protected well enough. But then, maybe not - God knows I spend much too much time with the computer as it is.

 

What extended databases of KAV are you talking about?

When you say you use the riskware option, is there a way to make it prompt me before it deletes anything of that sort. Like I said before, I think that the scan removes my exe uninstall files thinking they are riskware. I have cleaned out my system twice because of that and have no other software that could have done it but KAV 5.0.

I run KAV 5.0, Trojan Hunter 4.2, Analogx Script Defender, and RegDefend in real time. Just added process guard again. So with that I don't run MS AS active anymore.

I have all other software mention here and there, but mainily as a manual scanner , I have xoftspy running daily, I have bitdefender scan running daily, Ad-aware daily, and I run MS AS every other day.

dja2k

 

This one:

http://img85.echo.cx/img85/2668/kav50configureupdater0zw.jpg

Set Kav to "Block access and promt user for action".

 

I don't show that option on my update tab. I have the KAV Personal Pro 5.0.20. What version are you using and illustrating in that picture.

dja2k

 

Ah, i see, in that case you simply checkmark "Detect riskware" in "Riskware detection" in the main GUI. "Detect hack tools" is the so called SuperSecure:

http://img15.echo.cx/img15/9758/kavprorisk5jl.jpg
You can read more about what these extra database option will add to the standard bases here:http://www.kaspersky.com/extraavupdates, you do not need to change the ending of all links from "updates" to "updates_ext". This is only for versions older than 5.0.

 

Thanks Don for clarifying.

Hi Dja2k,

" I run KAV 5.0, Trojan Hunter 4.2, Analogx Script Defender, and RegDefend in real time. Just added process guard again. So with that I don't run MS AS active anymore."

From my experiences, this would be a very secure real-time protection environment. Mine is very similar: KAV 4.5, ProcessGuard, RegDefend (with RegRun extensions), Ewido, UnHackMe.

I run Ad-aware, Spybot, Counterspy and GiantAS, NOD32 (the current beta), HijackThis, TrojanHunter, BOClean, Ewido, Rootkitrevealer, and TDS-3 on-demand from time to time. Only Ad-aware and Ewido will pick up some minor cookie malware from time to time. I do this just to continue to test my own hypothesis that the above configuration is very strong with a minimum amount of overhead. So far, the configuration is doing very well.

Rich

 

I already did the reading on the different virus definations and thanks. So with that, I see Don, I will just check the first riskware box, but not the hack tools for now and see how it goes

Is unhackme really neccessary with all your other protection? Don't you think that ewido takes up too much resources when active? I guess with me using Trojan Hunter Active would be the same as your Ewido Active software. One more thing, do you have Spybot Immunized with Spyware Blaster installed and if so, since you don't have Counterspy and MS Antispyware Active, do you have the Spybot Browser Helper Enabled?

Sorry for all the question guys, just want to be sure when I setup a secure and workable set up defense apps. Don't want to use something I don't need and don't want to use something that is useless. You know what I mean?

dja2k

 

I do, and would advise to do the same, this is prevention from installation.

Yes.

No problem at all, that is what this thread is for

I think that is the aim of each and everyone’s setup, not to have overlap, but to have a layered defence.

Hope this helps…

Cheers

 

Good choice, i personally use both ATM (running the Kav 6 prototype), but always recommend to use extra options with caution as they will flag programs as riskware (like mIRC) and some become uneasy when they see this "not-a-virus:Riskware." These are simply warnings and it's up to you whether you want to continue using the program/application. I normally recommend that you use the "Block access and prompt user for action" in the RTM-settings, this way you control, but of course it can be restore from "View backup"

If you ask me, then a run with unhackme before you install all you security related stuff should suffice, because once you have installed Kav, Trojan Hunter, Regdefend and Process Guard and have them properly configured! You pretty much got a fortress, but PG wont help if a rootkit is already installed, therefore it's a good thing to run Unhackme & Rootkitrevealer before installing these. If you have license for Trojan Hunter, then keep that, you can always take a look at Ewido when it runs out, i do use Ewido and like it a lot (no slowdowns here), but Trojan Hunter has been around for quite while and has regular updates.

 

Thanks for all the fast responses guys. This is really helping me find a good and strong defense setup. Wasn't too sure about my past setup, but it seems this one is turning out to be a keeper for now.

Does anyone know how to configure bitdefender 7 free edition not to use as many resources as it does, but yet being able to run a manual scanner without having to go manually and startup the services. I mean the it runs two startup files, 1st is bdmcom and 2nd is bdnagent. Services for that are 1st Bitdefender Communicator and 2nd Bitdefender Scan Server. When I take a look at the task Manager, I see bdmcom.exe taking as much as 30 MB and bdss.exe taking as much as 17 MB. Now for an Antivirus that is not active, that is pretty much in my books. So if anyone knows how to disable the startup, but being able to run it manually or by the internal scheduler, please let me know.

dja2k