Completing protection

Hi,

Sorry for posting this here, if it is not the right thread, but I felt like since there are the most Nod users here it would be good to know their opinion. Feel free (moderators) to move it if needed.

My license comes to its end, and I seriously took time to test KIS to, but it caused errors on disk continuously, causig checkdisk to start and fix things, effectively preventing me from defragmenting, and being an annoyance in general.

So I think i'll be renewing with Nod32, but before I do so, I have a little question to you here : I'll use Nod+Outpost, both latest versions, as resident protection, and AdAware+SpybotSD+SpywareBlaster as an on-demand (i.e. weekly scan) protection.
But, a component I think is important is Rootkit detection / HIPS (host intrusion prevention system). So my question is indeed simple : what would be in your opinion the best hips out there (mainly based on detection/functionality but also on usage of system resources since i'll run this on my laptop) ?
Same for rootkit detection ?

Thanks in advance,

Ice.

 

I run Online Armor alongside NOD32 without any issues, I am also testing First Defence ISR in Frozen mode, very impressed with the concept, all run alongside NOD32 without issue.

Hope this helps...

Cheers

 

Thanks Blackspear for the quick reply, i'll give Online Armor a look (and if i see it's interesting, a try) to see what adavntages it has and if it doesn't have much impact (prevX was WAY too heavy on my system)

Thanks again

Ice

 

My pleasure, I haven't seen any noticeable impact using OA, or it wouldn't be on my system either

Cheers

 

For Rootkit detection I strongly recommend this free tool:

http://www.gmer.net/index.php

It has also many other options which you can find useful. (screens are in Polish, but they are from old version - new version is totally in English).

 

Hi,

I'm using Appdefend and Regdefend from Ghostsecurity. Really nice stuff, no problems with nod etc... highly recommended.
I also tried Process Guard with no problems either.


best regards,

tt

 

Hi all,

I had tried Ghost security and wasn't reaaly convinced, I'll take a look at the Gmer tool.

I installed Onine Armor, and it seems to run well except for two problems : It randomly resizes my start-up menu () and also slowed down my POP eMail reception (Edit : and web also, although less) like hell. Except from that, it seems a good product with interesting features, blocked two injectors (flagged as keyloggers, and perfectly legit -mouse/touchpad drivers).
Did you had such a problem Blackspear ? Maybe Nod and OA are interferring on the POP)/Web) scan ?

Edit : After a quick peak at OA forums, seems that is a known problem and will be resolved in next build. (speed problem)

 

With NOD32 and suitable firewall you are protected

http://www.eset.com/products/compare.php
http://www.eset.com/products/compare-NOD32-vs-competition.php
http://www.eset.com/products/windows.php
http://www.eset.com/threat-center/index.php


Special look :

http://www.eset.com/products/compare_heuristic_detection.php
https://www.wilderssecurity.com/showpost.php?p=760705&postcount=35

 

Lol

That would be great
For now OA hasn't detected anything but cookies, if it keeps like this i'll uninstall it, because i'm most likely not to encounter threats since I don't chance surfing habits more and don't go to "nasty" websites

 

Absolutely true

 

Uninstalled OA, because it kept messing with my Start Menu, and it was becoming pretty annoying (changing sizes, double icons, whatever...). However, I'll continue to test it from time to time (on a second machine, though) because the concept is good, especially the part about removiing all files/registry keys an application has created. I think this is promising software, but ths bug (messing with system and more than one time) is a "showstopper" for me.

Side-note : I find it quite amusing a security software injects itself into processes, thus acting like a malware (OA being detected injecting by Ouptost)

 

Hello,

NOD32 does detect rootkits using both traditional signatures to detect specific rootkits as well as heuristics which allow it to detect previously unseen rootkits.

Regards,

Aryeh Goretsky

 

It is not so amusing security software injects itself into processes. Gmer injects its gmer.dll into almost each and every process (if set by user to do so) and it is not detected by Outpost. It is one of the way to "watch" process behaviour.

I personally replaced Outpost with Gmer tool (I am behind a NAT and router), because it allows me to monitor 'outgoing TCP/IP connections' and many other system functions:

- processes creating
- drivers loading
- libraries loading
- file functions
- registry entries

Gmer tool has also many other unique options which I hope will be documented soon.

What I like Gmer for is:

- It is totally free
- You don't even notice its presence (very low footprint)
- Plenty of options and features
- Can be used to detect and remove nasties
- Allows you to log many system events to let you know what is going on on your system.
- Author of this tool is opened to any comments and suggestions to improve Gmer functionality

Things to be improved in Gmer:

- User-friendly configuration
- Documentation

 

Yep, I understand that, but it's kind of a paradox...

After taking a look at it, yes, it seems to have many nice functions, but I think I'll be keeping Outpost, because I can also BLOCK outgoing connections (and also UDP ones)

Indeed, the UI is pretty awful. Not per se because after all it shows information and allows actions, but it's well.... it needs polishing, i mean most of typical users will not run a program with so much information at once, no help, and little to no graphics.

Another thing I dislike with Gmer is, its silent install in the system32 folder. Installing into system folders il also a malware-like behaviour, and I think security software shouldn't do this, OR, it should warn it will do so. Distributing Gmer as an installer or waring it installs in Windows' folder seems important to me.
(I saw what it created using OA, if it wasn't installed I'd never know)

 

I agree with all your comments on Gmer tool, but take into consideration it is developed by only one guy during his free time. He works hard on delivering new and better versions as well as on creating better interface and documentation. But it needs some time and effort. At the begining he developed this tool for himself, and after some time decided to make it public for free. This is the main reason of ugly GUI and lack of good documentation. As far as I know it is priority now for Gmer developer to make it user-friendly and to elaborate much better documentation. The tool is still under development and will become better and better with more improvements, options and functions. Any user can comment and give advices on the future Gmer development. Currently beside NOD32 and Gmer and some on-demand adware scanners I do not have any other protection application. Simply I do not have a need for any, and like to keep my system clean and light.

But I think it is enough for NOD support forum to talk about other apps. Thanks for your interest in trying this tool.

 

Got this email back from GMER. Their response followed by my inquiring email. Quite an interesting response.

Private email removed. - Ron

> I don't understand. Is this product meant to replace
> NOD32 (AV), Sygate Personal Firewall, ProcessGuard
> Full & Trend Micro Anti-Spyware? Which are running
> resident on my computer. Or is GeSWall meant to run
> with these security programs? Your site doesn't
> clearly state either position. Please clarify. Thanks.

 

Well he did what you asked - stated and clarified thier position...wherever that is

 

Just my opinion. I use Gmer for some time and it serves me well.

For sure Gmer is not meant to replace NOD32, or any Anti-Spyware application nor advanced firewall. It runs well with NOD32, and in the past with Outpost Pro. It can detect and stop processes, drivers, dll's or outgoing TCP/IP connections, but it will not worn you that you are downloading a virus. It can be used as a combination of Process Explorer, ProcessGuard, RegDefend, Rootkit Revealer (with manual rootkits deletion capabilities), simple TCP/IP outgoing only FW, it also supports AVs and other anti-malware software to run in a clean environment ('kill all' option). It can be also used by advanced users to find and delete nasties that your AV can not.

The tool is under development and some future changes (i.e. simple inbound FW) are still to come. Some of the Gmer functions (rootkits detection) are simple and can bu used by non-advanced users, and some of them require a bit advanced knowlage. As I stated before in this thread, Gmer works on making this tool more user-friendly. Full documentation is not ready yet.

 

If inbound protection is all you need then the following won't interest you much.
Firewall Leak Tester independanlty tests and reviews firewalls for thier level of OUTBOUND protection -->HERE<--

A firewall does not replace AV software, nor remove the need for AV software. They perform two different jobs.

 

OK here's the response I got without name & email address.

Private email contents removed. - Bubba

So this is what I find interesting.

"So, however AV is not required with GeSWall, there is nothing wrong in using AV as a supplementary to GeSWall."

 

That's the writers stated position and I find it interesting too. IMO GeSWall sounds like it may be a nice addition to AV and firewall as part of a layered defence.

This is a general statement. NOD32 is capable of preventing many malicious files from running even before they attack and even if it has no previous knowledge of them.

 

about Gmer: i ticked all options after watching "gmer.avi"
im using blackbox(shell replacer) btw..

rebooted system and it hangs there..its showing 2 popups from gmer.exe something with explorer..im guessing the shell replacer > blackbox
theres notime in accepting the popup cuse it dissapears to fast

rebooted save mode
unticked all option
rebooted
all fine

nways looks like a good tool

 

You could try some HIPS software such as prevx1r (free for 1 year)

http://free.prevx.com/

I am using it more and more with my customers in conjunction with NOD and so far nothing has been able to get past that combination

 

@fred22

It will be fixed in the next version (as it can be an issue on some machines).

 

I only ever use Eset NOD32 Anti-Virus System with the hardened configuration settings provided by users on this forum. Infact i had my first alert from NOD32 Anti-Virus System lastnight via a pop-up which was detailed as containing a link to malicious content. Either way, apart from that, no issues. I'd also like to mention that NOD32 reported false positives within eEye Digital Security's Retina Scanner. I can't fault Eset NOD32 and i feel very confident using it. I'll be an Eset customer for many years to come.